<?php

class UserCest
{
    public function _before(ApiTester $I)
    {
    }

    public function registerUser(ApiTester $I)
    {
        $userClass = \App\Entity\User::class;

        $registerUser = [
            'username' => 'codeception_username',
            'email' => 'codeception_email@jonnydevine.com',
            'password' => 'codeception',
            'name' => 'Codeception Name'
        ];

        $I->dontSeeInRepository($userClass, $registerUser);

        $I->haveHttpHeader('Content-Type', 'application/json');
        $I->sendPOST('/api/v1/user', $registerUser);

        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::OK);
        $I->seeResponseIsJson();
        $expectedResponse = [
            'username' => $registerUser['username']
        ];
        $I->seeResponseContainsJson($expectedResponse);
    }

    public function registerExistingUser(ApiTester $I)
    {
        $userClass = \App\Entity\User::class;

        $registerUser = [
            'username' => 'codeception_username',
            'email' => 'codeception_email@jonnydevine.com',
            'name' => 'Codeception Name'
        ];

        $I->seeInRepository($userClass, $registerUser);

        $I->haveHttpHeader('Content-Type', 'application/json');
        $I->sendPOST('/api/v1/user', $registerUser);

        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::BAD_REQUEST);
        $I->seeResponseIsJson();

        $I->seeResponseContains("USERNAME_IS_ALREADY_IN_USE");
        $I->seeResponseContains("EMAIL_IS_ALREADY_IN_USE");
    }

    public function registerButAlreadyLoggedIn(ApiTester $I)
    {
        $userClass = \App\Entity\User::class;
        $clientClass = \App\Entity\Client::class;

        $username = 'user2';
        $password = 'password';

        $I->seeInRepository($userClass, [
            'username' => $username,
            'enabled' => true
        ]);

        $I->seeInRepository($clientClass, [
            'randomId' => '5w8zrdasdafr4tregd454cw0c0kswcgs0oks40s'
        ]);

        $logInDetails = [
            'grant_type' => 'password',
            'client_id' => '1_5w8zrdasdafr4tregd454cw0c0kswcgs0oks40s',
            'client_secret' => 'sdgggskokererg4232404gc4csdgfdsgf8s8ck5s',
            'username' => $username,
            'password' => $password
        ];
        $I->sendPOST('/oauth/v2/token', $logInDetails);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::OK);
        $I->seeResponseIsJson();
        $I->seeResponseContains('access_token');
        $I->seeResponseContains('expires_in');
        $I->seeResponseContains('token_type');
        $I->seeResponseContains('scope');
        $I->seeResponseContains('refresh_token');

        $response = json_decode($I->grabResponse(), true);
        $accessToken = $response['access_token'];
        $I->amBearerAuthenticated($accessToken);

        $registerUser = [
            'username' => 'codeception_username',
            'email' => 'codeception_email@jonnydevine.com',
            'name' => 'Codeception Name'
        ];

        $I->sendPOST('/api/v1/user', $registerUser);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::BAD_REQUEST);
        $I->seeResponseIsJson();

        $I->seeResponseContains("Already Logged In");
    }

    public function registerInvalidEmail(ApiTester $I)
    {
        $userClass = \App\Entity\User::class;

        $registerUser = [
            'username' => 'codeception_username_2',
            'email' => 'codeception_email',
            'password' => 'codeception_2',
            'name' => 'Codeception Name 2'
        ];

        $I->dontSeeInRepository($userClass, $registerUser);

        $I->haveHttpHeader('Content-Type', 'application/json');
        $I->sendPOST('/api/v1/user', $registerUser);

        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::BAD_REQUEST);
        $I->seeResponseIsJson();

        $I->seeResponseContains("Not an email address");
    }

    public function meLoggedInDisabled(ApiTester $I)
    {
        $username = 'user4';
        $password = 'password';

        $I->seeInRepository(\App\Entity\User::class, [
            'username' => $username,
            'enabled' => false
        ]);

        $logInDetails = [
            'grant_type' => 'password',
            'client_id' => '1_5w8zrdasdafr4tregd454cw0c0kswcgs0oks40s',
            'client_secret' => 'sdgggskokererg4232404gc4csdgfdsgf8s8ck5s',
            'username' => $username,
            'password' => $password
        ];
        $I->sendPOST('oauth/v2/token', $logInDetails);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::OK);
        $I->seeResponseIsJson();
        $I->seeResponseContains('access_token');
        $I->seeResponseContains('expires_in');
        $I->seeResponseContains('token_type');
        $I->seeResponseContains('scope');
        $I->seeResponseContains('refresh_token');

        $resposne = json_decode($I->grabResponse(), true);
        $accessToken = $resposne['access_token'];
        $I->amBearerAuthenticated($accessToken);
        $I->sendGet('/api/v1/user/me');
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::UNAUTHORIZED);
        $I->seeResponseIsJson();
        $expectedResponse = [
            'error' => 'access_denied',
            'error_description' => 'User account is disabled.'
        ];
        $I->seeResponseContainsJson($expectedResponse);
    }

    public function meLoggedInEnabled(ApiTester $I)
    {
        $username = 'user19';
        $password = 'password';

        $I->seeInRepository(\App\Entity\User::class, [
            'username' => $username,
            'enabled' => true
        ]);

        $logInDetails = [
            'grant_type' => 'password',
            'client_id' => '1_5w8zrdasdafr4tregd454cw0c0kswcgs0oks40s',
            'client_secret' => 'sdgggskokererg4232404gc4csdgfdsgf8s8ck5s',
            'username' => $username,
            'password' => $password
        ];

        $I->sendPOST('oauth/v2/token', $logInDetails);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::OK);
        $I->seeResponseIsJson();
        $I->seeResponseContains('access_token');
        $I->seeResponseContains('expires_in');
        $I->seeResponseContains('token_type');
        $I->seeResponseContains('scope');
        $I->seeResponseContains('refresh_token');

        $response = json_decode($I->grabResponse(), true);
        $accessToken = $response['access_token'];
        $I->haveHttpHeader('Authorization', 'Bearer ' . $accessToken);
        $I->sendGet('api/v1/user/me?disableLastLogin=' . true);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::OK);
        $I->seeResponseIsJson();
    }

    public function meLoggedOut(ApiTester $I)
    {
        $logInDetails = [
            'grant_type' => 'password',
            'client_id' => '1_5w8zrdasdafr4tregd454cw0c0kswcgs0oks40s',
            'client_secret' => 'sdgggskokererg4232404gc4csdgfdsgf8s8ck5s',
            'username' => 'xxxxxxxx',
            'password' => 'xxxxxxxx'
        ];

        $I->sendPOST('oauth/v2/token', $logInDetails);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::BAD_REQUEST);
        $I->seeResponseIsJson();
        $expectedResponse = [
            'error' => 'invalid_grant',
            'error_description' => 'Invalid username and password combination'
        ];
        $I->seeResponseContainsJson($expectedResponse);

        $I->sendGET('/api/v1/user/me');
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::UNAUTHORIZED);
        $I->seeResponseIsJson();
        $expectedResponse = [
            'error' => 'access_denied',
            'error_description' => 'OAuth2 authentication required'
        ];
        $I->seeResponseContainsJson($expectedResponse);
    }

    public function confirmInvalidUsernameQueryParam(ApiTester $I)
    {
        $username = '';
        $confirmationToken = '123';
        $I->sendGet('api/v1/user/confirm?username='.$username.'&confirmation_token='.$confirmationToken);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::NOT_FOUND);
        $I->seeResponseIsJson();
        $I->seeResponseContains('Username not found');
    }

    public function confirmInvalidConfirmationTokenQueryParam(ApiTester $I)
    {
        $username = 'user1';
        $confirmationToken = '';
        $I->sendGet('api/v1/user/confirm?username='.$username.'&confirmation_token='.$confirmationToken);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::NOT_FOUND);
        $I->seeResponseIsJson();
        $I->seeResponseContains('Confirmation Token not found');
    }

    public function confirmUserNotInDatabase(ApiTester $I)
    {
        $username = 'xxxxx';
        $confirmationToken = 'xxxx';

        $I->dontSeeInRepository(\App\Entity\User::class, [
            'username' => $username
        ]);

        $I->sendGet('api/v1/user/confirm?username='.$username.'&confirmation_token='.$confirmationToken);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::NOT_FOUND);
        $I->seeResponseIsJson();
        $I->seeResponseContains('User not found');
    }

    public function confirmIsUserAlreadyActivated(ApiTester $I)
    {
        $username = 'user1';
        $confirmationToken = 'xxxx';

        $I->seeInRepository(\App\Entity\User::class, [
            'username'  => $username
        ]);

        $I->sendGet('api/v1/user/confirm?username='.$username.'&confirmation_token='.$confirmationToken);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::OK);
        $I->seeResponseIsJson();
        $I->seeResponseContains('Already confirmed');
    }

    public function confirmInvalidConfirmationToken(ApiTester $I)
    {
        $userClass = \App\Entity\User::class;

        $username = 'user4';
        $confirmationToken = 'xxxx';

        $I->seeInRepository($userClass, [
            'username'  => $username
        ]);

        $I->sendGet('api/v1/user/confirm?username='.$username.'&confirmation_token='.$confirmationToken);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::BAD_REQUEST);
        $I->seeResponseIsJson();
        $I->seeResponseContains('Confirmation Token cant be found');
    }

    public function confirmAlreadyLoggedIn(ApiTester $I)
    {
        $userClass = \App\Entity\User::class;

        $username = 'user1';
        $password = 'password';
        $confirmationToken = '4c3fb568d51feb12a0038033890efb5367585af3a';

        $I->seeInRepository($userClass, [
            'username'  => $username
        ]);

        $logInDetails = [
            'grant_type' => 'password',
            'client_id' => '1_5w8zrdasdafr4tregd454cw0c0kswcgs0oks40s',
            'client_secret' => 'sdgggskokererg4232404gc4csdgfdsgf8s8ck5s',
            'username' => $username,
            'password' => $password
        ];

        $I->sendPOST('oauth/v2/token', $logInDetails);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::OK);
        $I->seeResponseIsJson();
        $I->seeResponseContains('access_token');
        $I->seeResponseContains('expires_in');
        $I->seeResponseContains('token_type');
        $I->seeResponseContains('scope');
        $I->seeResponseContains('refresh_token');

        $response = json_decode($I->grabResponse(), true);
        $accessToken = $response['access_token'];
        $I->amBearerAuthenticated($accessToken);

        $I->sendGet('api/v1/user/confirm?username='.$username.'&confirmation_token='.$confirmationToken);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::OK);
        $I->seeResponseContains('Already confirmed');
    }

    public function confirmSuccessfully(ApiTester $I)
    {
        $userClass = App\Entity\User::class;

        $username = 'user5';
        $confirmationToken = '5c3fb568d51feb12a0038033890efb5367585af3a';

        $data = [
            'username' => $username,
            'confirmationToken' => $confirmationToken,
            'activatedAt' => null,
            'enabled' => false
        ];
        $I->seeInRepository($userClass, $data);

        $I->sendGet('api/v1/user/confirm?username='
            .$username.'&confirmation_token='.$confirmationToken.'&disableActivation=true');
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::OK);
        $I->seeResponseContains('Successfully confirmed');
    }

    public function resendNoEmail(ApiTester $I)
    {
        $email = null;

        $I->sendGet('api/v1/user/resend');
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::NOT_FOUND);
        $I->seeResponseContains('Email not entered');
    }

    public function resendNonExistingUser(ApiTester $I)
    {
        $email = 'xxxxxxxx';

        $I->sendGet('api/v1/user/resend?email='.$email);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::NOT_FOUND);
        $I->seeResponseContains('User not found');
    }

    public function resendValidEmailNotActivated(ApiTester $I)
    {
        $email = 'user6@email.com';

        $I->sendGet('api/v1/user/resend?email='.$email);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::OK);
        $I->seeResponseContains('We have resent a new confirmation email');
    }

    public function resendValidEmailActivated(ApiTester $I)
    {
        $email = 'user1@email.com';

        $I->sendGet('api/v1/user/resend?email='.$email);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::OK);
        $I->seeResponseContains('Already confirmed');
    }

    public function resetPasswordInvalidResetKeyParam(ApiTester $I)
    {
        $I->sendPOST('api/v1/user/reset-password', []);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::BAD_REQUEST);
        $I->seeResponseContains('Reset key not found');
    }

    public function resetPasswordInvalidUsernameParam(ApiTester $I)
    {
        $data = [
            "reset_key" => "xxxxxxxxxxx"
        ];

        $I->sendPOST('api/v1/user/reset-password', json_encode($data));
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::BAD_REQUEST);
        $I->seeResponseContains('Username not found');
    }

    public function resetPasswordInvalidPasswordParam(ApiTester $I)
    {
        $data = [
            "reset_key" => "xxxxxxxxxxx",
            "username" => "xxxxxxxxxx"
        ];

        $I->sendPOST('api/v1/user/reset-password', json_encode($data));
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::BAD_REQUEST);
        $I->seeResponseContains('Password not found');
    }

    public function resetPasswordUserDoesNotExist(ApiTester $I)
    {
        $data = [
            "reset_key" => "xxxxxxxxxxx",
            "username" => "xxxxxxxxxx",
            "password" => "xxxxxxxxxx"
        ];

        $I->sendPOST('api/v1/user/reset-password', json_encode($data));
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::FORBIDDEN);
        $I->seeResponseContains('User does not exist');
    }

    public function resetPasswordInvalidResetKey(ApiTester $I)
    {
        $data = [
            "reset_key" => "xxxxxxxxxxx",
            "username" => "user4",
            "password" => "xxxxxxxxxx"
        ];

        $I->sendPOST('api/v1/user/reset-password', json_encode($data));
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::FORBIDDEN);
        $I->seeResponseContains('Reset key does not exist');
    }

    public function resetPasswordIsRequestExpired(ApiTester $I)
    {
        $data = [
            "reset_key" => "4c3fb568d51feb12a0038033890efb5367585af3a",
            "username" => "user4",
            "password" => "xxxxxxxxxx"
        ];

        $I->sendPOST('api/v1/user/reset-password', json_encode($data));
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::FORBIDDEN);
        $I->seeResponseContains('Reset key expired');
    }

    public function resetPasswordSuccessfully(ApiTester $I)
    {
        $data = [
            "reset_key" => "5c3fb568d51feb12a0038033890efb5367585af3a",
            "username" => "user5",
            "password" => "xxxxxxxxxx"
        ];

        $I->sendPOST('api/v1/user/reset-password', json_encode($data));
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::OK);
        $I->seeResponseContains('New password set');
    }

    public function forgotUsernameNoEmailParam(ApiTester $I)
    {
        $I->sendPost('api/v1/user/forgot-username', []);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::BAD_REQUEST);
        $I->seeResponseContains('Email not found');
    }

    public function forgotUsernameUserNotFound(ApiTester $I)
    {
        $data = [
            'email' => 'xxxxxx'
        ];

        $I->sendPost('api/v1/user/forgot-username', json_encode($data));
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::BAD_REQUEST);
        $I->seeResponseContains('User not found');
    }

    public function forgotUsernameSuccessful(ApiTester $I)
    {
        $data = [
            'email' => 'user1@email.com'
        ];

        $I->sendPost('api/v1/user/forgot-username', json_encode($data));
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::OK);
        $I->seeResponseContains('Email has been sent');
    }

    public function getUserInvalidUsername(ApiTester $I)
    {
        $username = 'xxxxxxxxxx';

        $I->sendGET('api/v1/user/' . $username);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::NOT_FOUND);
        $I->seeResponseContains('User cannot be found');
    }

    public function getUserSuccessful(ApiTester $I)
    {
        $username = 'user1';

        $I->sendGET('api/v1/user/' . $username);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::OK);

        $expectedResponse = [
            "name" => "John Smith",
            "username" => "user1",
            "avatar" => "http://localhost:8000/uploads/avatar/0d91cca62a1a31a612b2a6366c7ef56b3e468ce8.jpg",
            "roles" => [
                "ROLE_ADMIN",
                "ROLE_USER"
            ],
        ];

        $I->seeResponseContainsJson($expectedResponse);

        /** @var \App\Service\UserService $userService */
        $userService = $I->grabService('App\Service\UserService');
        $user = $userService->getUserByUsername($username);
        $I->assertNotNull($user->getCreatedAt());
    }

    public function editUserNotLoggedIn(ApiTester $I)
    {
        $userId = 1;
        $data = [];

        $I->sendPATCH('api/v1/user/' . $userId, $data);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::UNAUTHORIZED);
        $I->seeResponseIsJson();
        $expectedResponse = [
            'error' => 'access_denied',
            'error_description' => 'OAuth2 authentication required'
        ];
        $I->seeResponseContainsJson($expectedResponse);
    }

    public function editUserLoggedInButInvalidUser(ApiTester $I)
    {
        $userId = 999999;
        $username = 'user2';
        $password = 'password';

        $logInDetails = [
            'grant_type' => 'password',
            'client_id' => '1_5w8zrdasdafr4tregd454cw0c0kswcgs0oks40s',
            'client_secret' => 'sdgggskokererg4232404gc4csdgfdsgf8s8ck5s',
            'username' => $username,
            'password' => $password
        ];
        $I->sendPOST('oauth/v2/token', $logInDetails);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::OK);
        $I->seeResponseIsJson();
        $I->seeResponseContains('access_token');
        $I->seeResponseContains('expires_in');
        $I->seeResponseContains('token_type');
        $I->seeResponseContains('scope');
        $I->seeResponseContains('refresh_token');

        $response = json_decode($I->grabResponse(), true);
        $accessToken = $response['access_token'];
        $I->amBearerAuthenticated($accessToken);

        $data = [];
        $I->sendPATCH('api/v1/user/' . $userId, json_encode($data));
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::FORBIDDEN);
        $I->seeResponseContains('User does not exist');
    }

    public function editUserButDifferentUser(ApiTester $I)
    {
        $username = 'user2';
        $password = 'password';

        $logInDetails = [
            'grant_type' => 'password',
            'client_id' => '1_5w8zrdasdafr4tregd454cw0c0kswcgs0oks40s',
            'client_secret' => 'sdgggskokererg4232404gc4csdgfdsgf8s8ck5s',
            'username' => $username,
            'password' => $password
        ];
        $I->sendPOST('oauth/v2/token', $logInDetails);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::OK);
        $I->seeResponseIsJson();
        $I->seeResponseContains('access_token');
        $I->seeResponseContains('expires_in');
        $I->seeResponseContains('token_type');
        $I->seeResponseContains('scope');
        $I->seeResponseContains('refresh_token');

        $response = json_decode($I->grabResponse(), true);
        $accessToken = $response['access_token'];
        $I->amBearerAuthenticated($accessToken);

        /** @var \App\Service\UserService $userService */
        $userService = $I->grabService('App\Service\UserService');
        $userId = $userService->getUserByUsername("user1")->getId();

        $data = [];
        $I->sendPATCH('api/v1/user/' . $userId, json_encode($data));
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::FORBIDDEN);
        $I->seeResponseContains('You are not allowed to edit a different user');
    }

    public function editUserButDifferentUsername(ApiTester $I)
    {
        $username = 'user2';
        $password = 'password';

        $logInDetails = [
            'grant_type' => 'password',
            'client_id' => '1_5w8zrdasdafr4tregd454cw0c0kswcgs0oks40s',
            'client_secret' => 'sdgggskokererg4232404gc4csdgfdsgf8s8ck5s',
            'username' => $username,
            'password' => $password
        ];
        $I->sendPOST('oauth/v2/token', $logInDetails);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::OK);
        $I->seeResponseIsJson();
        $I->seeResponseContains('access_token');
        $I->seeResponseContains('expires_in');
        $I->seeResponseContains('token_type');
        $I->seeResponseContains('scope');
        $I->seeResponseContains('refresh_token');

        $response = json_decode($I->grabResponse(), true);
        $accessToken = $response['access_token'];
        $I->amBearerAuthenticated($accessToken);

        /** @var \App\Service\UserService $userService */
        $userService = $I->grabService('App\Service\UserService');
        $existingUser = $userService->getUserByUsername($username);

        $data = [
            'name' => $existingUser->getName(),
            'username' => 'user1'
        ];
        $I->sendPATCH('api/v1/user/' . $existingUser->getId(), json_encode($data));
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::BAD_REQUEST);
        $I->seeResponseContains('USERNAME_IS_ALREADY_IN_USE');
    }

    public function editUserSuccessfully(ApiTester $I)
    {
        $username = 'user2';
        $password = 'password';

        $logInDetails = [
            'grant_type' => 'password',
            'client_id' => '1_5w8zrdasdafr4tregd454cw0c0kswcgs0oks40s',
            'client_secret' => 'sdgggskokererg4232404gc4csdgfdsgf8s8ck5s',
            'username' => $username,
            'password' => $password
        ];
        $I->sendPOST('oauth/v2/token', $logInDetails);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::OK);
        $I->seeResponseIsJson();
        $I->seeResponseContains('access_token');
        $I->seeResponseContains('expires_in');
        $I->seeResponseContains('token_type');
        $I->seeResponseContains('scope');
        $I->seeResponseContains('refresh_token');

        $response = json_decode($I->grabResponse(), true);
        $accessToken = $response['access_token'];
        $I->amBearerAuthenticated($accessToken);

        /** @var \App\Service\UserService $userService */
        $userService = $I->grabService('App\Service\UserService');
        $existingUser = $userService->getUserByUsername($username);

        $data = [
            'name' => $existingUser->getName(),
            'username' => 'user99999'
        ];
        $I->sendPATCH('api/v1/user/' . $existingUser->getId(), json_encode($data));
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::OK);
        $expectedResponse = [
            "name" => "Sarah McCarthy",
            "username" => "user99999"
        ];
        $I->seeResponseContainsJson($expectedResponse);

        $data = [
            'name' => $existingUser->getName(),
            'username' => $username
        ];
        $I->sendPatch('api/v1/user/' . $existingUser->getId(), json_encode($data));
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::OK);
        $expectedResponse = [
            "name" => "Sarah McCarthy",
            "username" => "user2"
        ];
        $I->seeResponseContainsJson($expectedResponse);
    }

    public function changePasswordNotLoggedIn(ApiTester $I)
    {
        $username = "user1";
        $data = [];

        /** @var \App\Service\UserService $userService */
        $userService = $I->grabService('App\Service\UserService');
        $user = $userService->getUserByUsername($username);

        $I->sendPOST('api/v1/user/' . $user->getId() . '/change-password', $data);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::UNAUTHORIZED);

        $expectedResponse = [
            'error' => 'access_denied',
            'error_description' => 'OAuth2 authentication required'
        ];
        $I->seeResponseContainsJson($expectedResponse);
    }

    public function changePasswordNotLoggedInUser(ApiTester $I)
    {
        $username = 'user3';
        $password = 'password';

        $otherUsername = 'user4';

        $data = [];

        $logInDetails = [
            'grant_type' => 'password',
            'client_id' => '1_5w8zrdasdafr4tregd454cw0c0kswcgs0oks40s',
            'client_secret' => 'sdgggskokererg4232404gc4csdgfdsgf8s8ck5s',
            'username' => $username,
            'password' => $password
        ];
        $I->sendPOST('oauth/v2/token', $logInDetails);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::OK);
        $I->seeResponseIsJson();
        $I->seeResponseContains('access_token');
        $I->seeResponseContains('expires_in');
        $I->seeResponseContains('token_type');
        $I->seeResponseContains('scope');
        $I->seeResponseContains('refresh_token');

        $response = json_decode($I->grabResponse(), true);
        $accessToken = $response['access_token'];
        $I->amBearerAuthenticated($accessToken);

        /** @var \App\Service\UserService $userService */
        $userService = $I->grabService('App\Service\UserService');
        $otherUser = $userService->getUserByUsername($otherUsername);

        $I->assertEquals($otherUsername, $otherUser->getUsername());

        $I->sendPOST('api/v1/user/' . $otherUser->getId() . '/change-password', $data);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::FORBIDDEN);
        $I->seeResponseContains('You cannot change password of someone else');
    }

    public function changePasswordNewPasswordMustBeBetween6And40Chars(ApiTester $I)
    {
        $username = 'user1';
        $currentPassword = 'xxxxx';
        $newPassword = 'xxxxx';
        $confirmPassword = 'xxxxx';

        $data = [
            'currentPassword' => $currentPassword,
            'newPassword' => $newPassword,
            'confirmPassword' => $confirmPassword
        ];

        $logInDetails = [
            'grant_type' => 'password',
            'client_id' => '1_5w8zrdasdafr4tregd454cw0c0kswcgs0oks40s',
            'client_secret' => 'sdgggskokererg4232404gc4csdgfdsgf8s8ck5s',
            'username' => $username,
            'password' => 'password'
        ];
        $I->sendPOST('oauth/v2/token', $logInDetails);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::OK);
        $I->seeResponseIsJson();
        $I->seeResponseContains('access_token');
        $I->seeResponseContains('expires_in');
        $I->seeResponseContains('token_type');
        $I->seeResponseContains('scope');
        $I->seeResponseContains('refresh_token');

        $response = json_decode($I->grabResponse(), true);
        $accessToken = $response['access_token'];
        $I->amBearerAuthenticated($accessToken);

        /** @var \App\Service\UserService $userService */
        $userService = $I->grabService('App\Service\UserService');
        $user = $userService->getUserByUsername($username);

        $I->sendPOST('api/v1/user/' . $user->getId() . '/change-password', $data);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::BAD_REQUEST);
        $I->seeResponseContains('New Password must be between 6 and 40 characters');
    }

    public function changePasswordWrongCurrentPassword(ApiTester $I)
    {
        $username = 'user1';
        $currentPassword = 'xxxxxxxx';
        $newPassword = 'xxxxxxxx';
        $confirmPassword = 'xxxxxxxx';

        $data = [
            'currentPassword' => $currentPassword,
            'newPassword' => $newPassword,
            'confirmPassword' => $confirmPassword
        ];

        $logInDetails = [
            'grant_type' => 'password',
            'client_id' => '1_5w8zrdasdafr4tregd454cw0c0kswcgs0oks40s',
            'client_secret' => 'sdgggskokererg4232404gc4csdgfdsgf8s8ck5s',
            'username' => $username,
            'password' => 'password'
        ];
        $I->sendPOST('oauth/v2/token', $logInDetails);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::OK);
        $I->seeResponseIsJson();
        $I->seeResponseContains('access_token');
        $I->seeResponseContains('expires_in');
        $I->seeResponseContains('token_type');
        $I->seeResponseContains('scope');
        $I->seeResponseContains('refresh_token');

        $response = json_decode($I->grabResponse(), true);
        $accessToken = $response['access_token'];
        $I->amBearerAuthenticated($accessToken);

        /** @var \App\Service\UserService $userService */
        $userService = $I->grabService('App\Service\UserService');
        $user = $userService->getUserByUsername($username);

        $I->sendPOST('api/v1/user/' . $user->getId() . '/change-password', $data);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::BAD_REQUEST);
        $I->seeResponseContains('Password does not match the one in your account');
    }

    public function changePasswordSuccessfully(ApiTester $I)
    {
        $username = 'user19';
        $currentPassword = 'password';
        $newPassword = 'newpassword';
        $confirmPassword = 'newpassword';

        $data = [
            'currentPassword' => $currentPassword,
            'newPassword' => $newPassword,
            'confirmPassword' => $confirmPassword
        ];

        $logInDetails = [
            'grant_type' => 'password',
            'client_id' => '1_5w8zrdasdafr4tregd454cw0c0kswcgs0oks40s',
            'client_secret' => 'sdgggskokererg4232404gc4csdgfdsgf8s8ck5s',
            'username' => $username,
            'password' => 'password'
        ];
        $I->sendPOST('oauth/v2/token', $logInDetails);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::OK);
        $I->seeResponseIsJson();
        $I->seeResponseContains('access_token');
        $I->seeResponseContains('expires_in');
        $I->seeResponseContains('token_type');
        $I->seeResponseContains('scope');
        $I->seeResponseContains('refresh_token');

        $response = json_decode($I->grabResponse(), true);
        $accessToken = $response['access_token'];
        $I->amBearerAuthenticated($accessToken);

        /** @var \App\Service\UserService $userService */
        $userService = $I->grabService('App\Service\UserService');
        $user = $userService->getUserByUsername($username);

        $I->sendPOST('api/v1/user/' . $user->getId() . '/change-password', $data);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::OK);

        $expectedResponse = [
            "name" => "Kathleen Sims",
            "username" => "user19"
        ];
        $I->seeResponseContainsJson($expectedResponse);

        $logInDetails = [
            'grant_type' => 'password',
            'client_id' => '1_5w8zrdasdafr4tregd454cw0c0kswcgs0oks40s',
            'client_secret' => 'sdgggskokererg4232404gc4csdgfdsgf8s8ck5s',
            'username' => $username,
            'password' => $newPassword
        ];
        $I->sendPOST('oauth/v2/token', $logInDetails);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::OK);
        $I->seeResponseIsJson();
        $I->seeResponseContains('access_token');
        $I->seeResponseContains('expires_in');
        $I->seeResponseContains('token_type');
        $I->seeResponseContains('scope');
        $I->seeResponseContains('refresh_token');
    }

    public function forgotPasswordNoUser(ApiTester $I)
    {
        $data = [
            'username' => 'xxxxxxxxxxxx'
        ];

        $I->sendPOST('api/v1/user/forgot-password', $data);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::BAD_REQUEST);
        $I->seeResponseContains('Username cannot be found.');
    }

    public function forgotPasswordSuccessful(ApiTester $I)
    {
        $data = [
            'username' => 'user3'
        ];

        $I->sendPOST('api/v1/user/forgot-password', $data);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::OK);
        $I->seeResponseContains('An email has been sent');
    }

    public function listUsersOrderByLastLogin(ApiTester $I)
    {
        $sort = \App\Enum\UserOrderBy::LAST_LOGIN . '-' . \App\Enum\Order::DESC;
        $I->sendGET('api/v1/user?sort=' . $sort);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::OK);
        $items = json_decode($I->grabResponse(), true)['items'];

        for ($i = 0; $i <= 2; $i++) {
            $item = $items[$i];
            if ($i == 0) {
                $I->assertEquals('user2', $item['username']);
            } else if ($i == 1) {
                $I->assertEquals('user3', $item['username']);
            } else if ($i == 2) {
                $I->assertEquals('user1', $item['username']);
            }
        }
    }

    public function listUsersAsAdminOrderByLastLogin(ApiTester $I)
    {
        $username = 'user1';
        $password = 'password';

        $logInDetails = [
            'grant_type' => 'password',
            'client_id' => '1_5w8zrdasdafr4tregd454cw0c0kswcgs0oks40s',
            'client_secret' => 'sdgggskokererg4232404gc4csdgfdsgf8s8ck5s',
            'username' => $username,
            'password' => $password
        ];
        $I->sendPOST('oauth/v2/token', $logInDetails);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::OK);
        $I->seeResponseIsJson();
        $I->seeResponseContains('access_token');
        $I->seeResponseContains('expires_in');
        $I->seeResponseContains('token_type');
        $I->seeResponseContains('scope');
        $I->seeResponseContains('refresh_token');

        $response = json_decode($I->grabResponse(), true);
        $accessToken = $response['access_token'];
        $I->amBearerAuthenticated($accessToken);

        $sort = \App\Enum\UserOrderBy::LAST_LOGIN . '-' . \App\Enum\Order::DESC;
        $I->sendGET('api/v1/user?sort=' . $sort);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::OK);
        $items = json_decode($I->grabResponse(), true)['items'];

        for ($i = 0; $i <= 4; $i++) {
            $item = $items[$i];
            if ($i == 0) {
                $I->assertEquals('user5', $item['username']);
            } else if ($i == 1) {
                $I->assertEquals('user2', $item['username']);
            } else if ($i == 2) {
                $I->assertEquals('user4', $item['username']);
            } else if ($i == 3) {
                $I->assertEquals('user3', $item['username']);
            } else if ($i == 4) {
                $I->assertEquals('user1', $item['username']);
            }
        }
    }

    public function listUsersAsAdminEnabledFalseOrderByLastLogin(ApiTester $I)
    {
        $username = 'user1';
        $password = 'password';

        $logInDetails = [
            'grant_type' => 'password',
            'client_id' => '1_5w8zrdasdafr4tregd454cw0c0kswcgs0oks40s',
            'client_secret' => 'sdgggskokererg4232404gc4csdgfdsgf8s8ck5s',
            'username' => $username,
            'password' => $password
        ];
        $I->sendPOST('oauth/v2/token', $logInDetails);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::OK);
        $I->seeResponseIsJson();
        $I->seeResponseContains('access_token');
        $I->seeResponseContains('expires_in');
        $I->seeResponseContains('token_type');
        $I->seeResponseContains('scope');
        $I->seeResponseContains('refresh_token');

        $response = json_decode($I->grabResponse(), true);
        $accessToken = $response['access_token'];
        $I->amBearerAuthenticated($accessToken);

        $sort = \App\Enum\UserOrderBy::LAST_LOGIN . '-' . \App\Enum\Order::DESC;
        $enabled = 'false';
        $I->sendGET('api/v1/user?sort=' . $sort . '&enabled=' . $enabled);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::OK);
        $items = json_decode($I->grabResponse(), true)['items'];

        for ($i = 0; $i <= 2; $i++) {
            $item = $items[$i];
            if ($i == 0) {
                $I->assertEquals('user2', $item['username']);
            } else if ($i == 1) {
                $I->assertEquals('user3', $item['username']);
            } else if ($i == 2) {
                $I->assertEquals('user1', $item['username']);
            }
        }
    }

    public function listUsersAsGuestOrderByEnabled(ApiTester $I)
    {
        $sort = \App\Enum\UserOrderBy::ENABLED . '-' . \App\Enum\Order::DESC;
        $enabled = 'false';
        $I->sendGET('api/v1/user?sort=' . $sort . '&enabled=' . $enabled);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::BAD_REQUEST);
        $I->seeResponseContains('Only admin can sort by enabled');
    }

    public function listUsersAsAdminEnabledFalseOrderByEnabled(ApiTester $I)
    {
        $username = 'user1';
        $password = 'password';

        $logInDetails = [
            'grant_type' => 'password',
            'client_id' => '1_5w8zrdasdafr4tregd454cw0c0kswcgs0oks40s',
            'client_secret' => 'sdgggskokererg4232404gc4csdgfdsgf8s8ck5s',
            'username' => $username,
            'password' => $password
        ];
        $I->sendPOST('oauth/v2/token', $logInDetails);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::OK);
        $I->seeResponseIsJson();
        $I->seeResponseContains('access_token');
        $I->seeResponseContains('expires_in');
        $I->seeResponseContains('token_type');
        $I->seeResponseContains('scope');
        $I->seeResponseContains('refresh_token');

        $response = json_decode($I->grabResponse(), true);
        $accessToken = $response['access_token'];
        $I->amBearerAuthenticated($accessToken);

        $sort = \App\Enum\UserOrderBy::ENABLED . '-' . \App\Enum\Order::DESC;
        $enabled = 'false';
        $I->sendGET('api/v1/user?sort=' . $sort . '&enabled=' . $enabled);
        $I->seeResponseCodeIs(\Codeception\Util\HttpCode::OK);
        $items = json_decode($I->grabResponse(), true)['items'];

        for ($i = 0; $i <= 2; $i++) {
            $item = $items[$i];
            if ($i == 0) {
                $I->assertEquals('user1', $item['username']);
                $I->assertEquals(true, $item['enabled']);
            } else if ($i == 1) {
                $I->assertEquals('user2', $item['username']);
                $I->assertEquals(true, $item['enabled']);
            } else if ($i == 2) {
                $I->assertEquals('user3', $item['username']);
                $I->assertEquals(true, $item['enabled']);
            } else if ($i == 3) {
                $I->assertEquals('user7', $item['username']);
                $I->assertEquals(true, $item['enabled']);
            } else if ($i == 4) {
                $I->assertEquals('user8', $item['username']);
                $I->assertEquals(true, $item['enabled']);
            } else if ($i == 5) {
                $I->assertEquals('user10', $item['username']);
                $I->assertEquals(true, $item['enabled']);
            } else if ($i == 6) {
                $I->assertEquals('user11', $item['username']);
                $I->assertEquals(true, $item['enabled']);
            } else if ($i == 7) {
                $I->assertEquals('user12', $item['username']);
                $I->assertEquals(true, $item['enabled']);
            } else if ($i == 8) {
                $I->assertEquals('user13', $item['username']);
                $I->assertEquals(true, $item['enabled']);
            } else if ($i == 9) {
                $I->assertEquals('user14', $item['username']);
                $I->assertEquals(true, $item['enabled']);
            } else if ($i == 10) {
                $I->assertEquals('user15', $item['username']);
                $I->assertEquals(true, $item['enabled']);
            } else if ($i == 11) {
                $I->assertEquals('user16', $item['username']);
                $I->assertEquals(true, $item['enabled']);
            } else if ($i == 12) {
                $I->assertEquals('user17', $item['username']);
                $I->assertEquals(true, $item['enabled']);
            } else if ($i == 13) {
                $I->assertEquals('user18', $item['username']);
                $I->assertEquals(true, $item['enabled']);
            } else if ($i == 14) {
                $I->assertEquals('user19', $item['username']);
                $I->assertEquals(true, $item['enabled']);
            } else if ($i == 15) {
                $I->assertEquals('user4', $item['username']);
                $I->assertEquals(false, $item['enabled']);
            }
        }
    }


}