package auth

import (
	"ResendIt/internal/security"
	"ResendIt/internal/user"
	"testing"

	"gorm.io/driver/sqlite"
	"gorm.io/gorm"
)

func TestServiceLogin_InvalidUserDoesNotEnumerate(t *testing.T) {
	db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})
	if err != nil {
		t.Fatalf("open sqlite: %v", err)
	}
	if err := db.AutoMigrate(&user.User{}); err != nil {
		t.Fatalf("migrate: %v", err)
	}

	svc := NewService(NewRepository(db))

	_, err = svc.Login("does-not-exist", "whatever")
	if err != ErrInvalidCredentials {
		t.Fatalf("expected ErrInvalidCredentials for missing user, got %v", err)
	}
}

func TestServiceLogin_WrongPassword(t *testing.T) {
	db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})
	if err != nil {
		t.Fatalf("open sqlite: %v", err)
	}
	if err := db.AutoMigrate(&user.User{}); err != nil {
		t.Fatalf("migrate: %v", err)
	}

	hash, err := security.HashPassword("right")
	if err != nil {
		t.Fatalf("hash: %v", err)
	}

	u := user.User{Username: "alice", PasswordHash: hash, Role: "user"}
	if err := db.Create(&u).Error; err != nil {
		t.Fatalf("create user: %v", err)
	}

	svc := NewService(NewRepository(db))
	_, err = svc.Login("alice", "wrong")
	if err != ErrInvalidCredentials {
		t.Fatalf("expected ErrInvalidCredentials for wrong password, got %v", err)
	}
}

func TestServiceLogin_SuccessReturnsJWT(t *testing.T) {
	db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})
	if err != nil {
		t.Fatalf("open sqlite: %v", err)
	}
	if err := db.AutoMigrate(&user.User{}); err != nil {
		t.Fatalf("migrate: %v", err)
	}

	hash, err := security.HashPassword("right")
	if err != nil {
		t.Fatalf("hash: %v", err)
	}

	u := user.User{Username: "alice", PasswordHash: hash, Role: "user"}
	if err := db.Create(&u).Error; err != nil {
		t.Fatalf("create user: %v", err)
	}

	svc := NewService(NewRepository(db))
	token, err := svc.Login("alice", "right")
	if err != nil {
		t.Fatalf("expected success, got error: %v", err)
	}
	if token == "" {
		t.Fatalf("expected non-empty jwt token")
	}
}