#!/usr/share/ucs-test/runner bash
# shellcheck shell=bash
## desc: Check if "http://localhost/univention/udm/openapi.json" is accessible without authentication
## tags: [udm,apptest,openapi]
## roles: [domaincontroller_master]
## exposure: dangerous
## packages:
##   - univention-directory-manager-rest

# shellcheck source=../../lib/base.sh
. "$TESTLIBPATH/base.sh" || exit 137
# shellcheck source=../../lib/ucr.sh
. "$TESTLIBPATH/ucr.sh" || exit 137
. /usr/share/univention-lib/ldap.sh || exit 137

set -x

echo "Test default"
ucr unset directory/manager/rest/require-auth
service univention-directory-manager-rest restart
sleep 3
if [[ $(curl -vvv http://localhost/univention/udm/openapi.json > /dev/zero) ]]; then
		fail_fast 1
fi
echo -e "\n\n\n\n\n\nTest with login"
if [[ $(curl -vvv http://"$(ucs_convertDN2UID ${tests_domainadmin_account}):${tests_domainadmin_pwd}"@localhost/univention/udm/openapi.json > /dev/zero) ]]; then
		fail_fast 0
fi
echo -e "\n\n\n\n\n\nTest with wrong login"
if [[ $(curl -vvv http://"$(ucs_convertDN2UID ${tests_domainadmin_account}):this_should_be_a_wrong_password"@localhost/univention/udm/openapi.json > /dev/zero) ]]; then
		fail_fast 1
fi

echo -e "\n\n\n\n\n\nTest explicit auth required"
ucr set directory/manager/rest/require-auth="True"
service univention-directory-manager-rest restart
sleep 3
if [[ $(curl -vvv http://localhost/univention/udm/openapi.json > /dev/zero) ]]; then
		fail_fast 1
fi

echo -e "\n\n\n\n\n\Test explicit auth not required"
ucr set directory/manager/rest/require-auth="False"
service univention-directory-manager-rest restart
sleep 3
if [[ ! $(curl -vvv http://localhost/univention/udm/openapi.json > /dev/zero) ]]; then
		fail_fast 0
fi

ucr_restore
service univention-directory-manager-rest restart
sleep 3
