#!/bin/bash

echo "=== TEST SIMPLE KEYCLOAK ==="
echo "1. Test connectivité Keycloak..."

# Test de base
response=$(curl -s -w "%{http_code}" "http://192.168.1.145:8180/realms/unionflow/.well-known/openid-configuration")
http_code="${response: -3}"

if [ "$http_code" = "200" ]; then
    echo "✓ Keycloak accessible"
else
    echo "✗ Keycloak inaccessible (code: $http_code)"
    exit 1
fi

echo "2. Test token admin..."

# Obtenir token admin
token_response=$(curl -s -X POST \
    "http://192.168.1.145:8180/realms/master/protocol/openid-connect/token" \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -d "username=admin&password=admin&grant_type=password&client_id=admin-cli")

if echo "$token_response" | grep -q "access_token"; then
    echo "✓ Token admin obtenu"
    
    # Extraire le token
    token=$(echo "$token_response" | grep -o '"access_token":"[^"]*' | cut -d'"' -f4)
    echo "Token: ${token:0:50}..."
    
    echo "3. Test création d'un rôle..."
    
    # Créer un rôle de test
    role_response=$(curl -s -w "%{http_code}" -X POST \
        "http://192.168.1.145:8180/admin/realms/unionflow/roles" \
        -H "Authorization: Bearer $token" \
        -H "Content-Type: application/json" \
        -d '{"name":"TEST_ROLE","description":"Rôle de test","attributes":{"level":["99"]}}')
    
    role_http_code="${role_response: -3}"
    
    if [ "$role_http_code" = "201" ] || [ "$role_http_code" = "409" ]; then
        echo "✓ Rôle créé ou existe déjà"
        
        echo "4. Test création d'un utilisateur..."
        
        # Créer un utilisateur de test
        user_response=$(curl -s -w "%{http_code}" -X POST \
            "http://192.168.1.145:8180/admin/realms/unionflow/users" \
            -H "Authorization: Bearer $token" \
            -H "Content-Type: application/json" \
            -d '{"username":"testuser","email":"test@example.com","firstName":"Test","lastName":"User","enabled":true,"emailVerified":true,"credentials":[{"type":"password","value":"Test123!","temporary":false}]}')
        
        user_http_code="${user_response: -3}"
        
        if [ "$user_http_code" = "201" ] || [ "$user_http_code" = "409" ]; then
            echo "✓ Utilisateur créé ou existe déjà"
            
            echo "5. Test authentification utilisateur..."
            
            # Tester l'authentification
            auth_response=$(curl -s -X POST \
                "http://192.168.1.145:8180/realms/unionflow/protocol/openid-connect/token" \
                -H "Content-Type: application/x-www-form-urlencoded" \
                -d "username=testuser&password=Test123!&grant_type=password&client_id=unionflow-mobile")
            
            if echo "$auth_response" | grep -q "access_token"; then
                echo "✓ Authentification utilisateur réussie"
                echo ""
                echo "🎉 TOUS LES TESTS RÉUSSIS !"
                echo "Keycloak est prêt pour la configuration complète."
            else
                echo "✗ Échec authentification utilisateur"
                echo "Réponse: $auth_response"
            fi
        else
            echo "✗ Échec création utilisateur (code: $user_http_code)"
        fi
    else
        echo "✗ Échec création rôle (code: $role_http_code)"
    fi
else
    echo "✗ Échec obtention token admin"
    echo "Réponse: $token_response"
fi

echo "=== FIN TEST ==="