#####################################################
#
# Sample test script for testing a microservice that
# requires login. 
#
# Try running tests in the REPL first and examining the
# various responses in detail.
# Useful for quick diagnosis:
# print(response) - prints the return code
# response.text - the body of the response, often
# annoying to read
# response.cookies - useful to diagnose login problems
#
# Note that this is not a browser so we're bypassing any
# cookie domain restrictions. But we still need to get
# CSRF tokens to prevent django catching our naughtiness.
#
#####################################################

import requests

lms = "http://localhost:18000"
#lms = "https://courses.stage.edx.org"


#get a CSRF token so we can log in at all
login_get_response = requests.request("GET", lms + "/csrf/api/v1/token")
csrf_token = login_get_response.cookies['csrftoken']

#log in with CSRF token
headers = {
    'X-CSRFToken': csrf_token,
    'referer': 'https://authn.stage.edx.org/', #not needed locally but required on stage
    }
login = {
    'email_or_username': 'test_username_here',
    'password': 'o_hai_password',
}
login_post_response = requests.request(
    "POST", lms + "/api/user/v2/account/login_session/",
    headers=headers, data=login, cookies=login_get_response.cookies
)
print(login_post_response) #200 expected

# the program-intent-engagement service, put your service here instead
pie = "http://localhost:8000"
#pie = "https://program-intent-engagement.stage.edx.org"

#we need a service csrf cookie for the posts 
svc_csrf_response = requests.request(
    "GET", pie + "/csrf/api/v1/token",
    )

svc_csrf_token = svc_csrf_response.json()['csrfToken']

combined_cookies = login_post_response.cookies.copy()
combined_cookies.update(svc_csrf_response.cookies)

#call the thing we are actually interested in with login cookies and magic header
headers = {
    'X-CSRFToken': svc_csrf_token,
    'use-jwt-cookie': 'true', # without this we will not see the split jwt token
    # and will fail to stick it back together to identify the user
    'Content-Type': 'application/json',
    # your endpoint may not want this content type
    }

reason1 = requests.request(
    "POST", pie + "/api/v1/program_intents",
    headers=headers, cookies=combined_cookies,
    data="""
{
"program_uuid":"7069BF69-6C0A-4332-B978-C05347E9ACAF",
"reason":"TESTING_MAYBE",
"certainty":"MAYBE",
"effective_timestamp":"2022-01-01 01:01:01"
}
""",
    )
print(reason1)

reason2 = requests.request(
    "POST", pie + "/api/v1/program_intents",
    headers=headers, cookies=combined_cookies,
    data="""
{
"program_uuid":"8069BF69-6C0A-4332-B978-C05347E9ACAF",
"reason":"TESTING_MAYBE",
"certainty":"MAYBE",
"effective_timestamp":"2022-01-01 01:01:01"
}
""",
    )
print(reason2)

# like most GETS the pie GET request does not need the csrf token
# but it does need to know who is making the request, so use the login cookies
response = requests.request(
    "GET", pie + "/api/v1/program_intents/most_recent_and_certain",
    headers={'use-jwt-cookie': 'true'}, cookies=login_post_response.cookies
)
print(response.text)