# frozen_string_literal: true
RSpec.describe ContentSecurityPolicy::Builder do
  let(:builder) { described_class.new(base_url: Discourse.base_url) }

  describe "#<<" do
    it "normalizes directive name" do
      builder << {
        :script_src => ["'symbol_underscore'"],
        :"script-src" => ["'symbol_dash'"],
        "script_src" => ["'string_underscore'"],
        "script-src" => ["'string_dash'"],
      }

      script_srcs = parse(builder.build)["script-src"]

      expect(script_srcs).to include(
        *%w['symbol_underscore' 'symbol_dash' 'string_underscore' 'symbol_underscore'],
      )
    end

    it "rejects invalid directives and ones that are not allowed to be extended" do
      builder << { invalid_src: ["invalid"] }

      expect(builder.build).to_not include("invalid")
    end

    it "no-ops on invalid values" do
      previous = builder.build

      builder << nil
      builder << 123
      builder << "string"
      builder << []
      builder << {}

      expect(builder.build).to eq(previous)
    end
  end

  def parse(csp_string)
    csp_string
      .split(";")
      .map do |policy|
        directive, *sources = policy.split
        [directive, sources]
      end
      .to_h
  end
end