#!/usr/bin/perl -w

use strict;
use warnings;
use CGI qw/escapeHTML/;;
use CGI::Auth::Flexible;
use URI;
use Data::Dumper;

#use Carp::Always;
$SIG{__DIE__} = sub { Carp::confess(@_) };

my $dump = "$ENV{'CAHTEST_HOME'}/dump";

my $verifier = CGI::Auth::Flexible->new_verifier(
    username_password_error => sub {
        my ($c,$r,$u,$p)=@_;
        return $p eq 'sesame' ? undef : 'wrong password'
    },
    encrypted_only => 0,
    promise_check_mutate => 1,
    dir => $dump,
);

END { $verifier->disconnect() if $verifier; }

my $q = CGI->new;

my $authreq = $verifier->new_request($q);

$authreq->check_ok() or exit;

my $cookie = $authreq->secret_cookie();
my $url = $q->url();
my $hiddenhtml = $authreq->secret_hidden_html();

print <<END;
Content-Type: text/html
Set-Cookie: $cookie

<html><head><title>TITLE</title></head>
<body><h1>H1</h1>
<h1>again</h1>

<h1>info<h1>
<pre>
END

my $newurl = $authreq->url_with_query_params($authreq->chain_params());
my $newurl_esc = escapeHTML($newurl);

my $txt = Data::Dumper->Dump([$authreq->get_username(), $authreq->mutate_ok(),
                              $q->path_info(),
                              $authreq->chain_params(),
                              scalar $q->Vars()],
                             [qw(username mutate_ok path
                                 authreq->chain_params() cgi->params())]);
foreach my $l (split /\n/, $txt) {
    print escapeHTML($l),"\n";
}

print <<END;
</pre>
<a href="$newurl_esc">$newurl_esc</a>
<form method="POST" action="$url">
$hiddenhtml
<input type="submit" name="test_cgi_sponges" value="Make sponges">
<input type="submit" name="test_cgi_worms" value="Make worms">
<input type="submit" name="caf_logout" value="Logout">
</form>
<form method="POST" action="$url/extra">
$hiddenhtml
<input type="submit" name="test_cgi_append" value="Append">
</form>
END