//! UDP-focused authentication integration tests.

#[path = "../support/mod.rs"]
mod support;

mod helpers;

use crate::support::stun_builders::{build_allocate_request, extract_error_code, parse};
use helpers::*;
use niom_turn::alloc::AllocationManager;
use support::{default_test_credentials, init_tracing, test_auth_manager};
use tokio::net::UdpSocket;

#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
async fn udp_rejects_unknown_user_after_nonce() {
    init_tracing();
    let (username, password) = default_test_credentials();
    let auth = test_auth_manager(username, password);
    let allocs = AllocationManager::new();
    let server_addr = spawn_udp_server(auth.clone(), allocs.clone()).await;

    let client = UdpSocket::bind("127.0.0.1:0").await.expect("client bind");

    // Trigger initial challenge to receive nonce
    let request = build_allocate_request(None, None, None, None, None);
    client
        .send_to(&request, server_addr)
        .await
        .expect("send challenge");
    let mut buf = [0u8; 1500];
    let (len, _) = client.recv_from(&mut buf).await.expect("recv nonce");
    let resp = parse(&buf[..len]);
    let nonce = extract_nonce(&resp).expect("nonce attr");

    // Attempt to authenticate with an unknown username
    let intruder = "intruder";
    let key = niom_turn::auth::compute_a1_md5(intruder, auth.realm(), "wrongpass");
    let request = build_allocate_request(
        Some(intruder),
        Some(auth.realm()),
        Some(&nonce),
        Some(&key),
        Some(600),
    );
    client
        .send_to(&request, server_addr)
        .await
        .expect("send invalid auth allocate");
    let (len, _) = client.recv_from(&mut buf).await.expect("recv reject");
    let resp = parse(&buf[..len]);
    let code = extract_error_code(&resp).expect("error code attr");
    assert_eq!(code, 401);
}