use axum::extract::{Json, State};

use crate::{
    empty::Empty,
    test::{fixtures, verify},
    token::app,
};

#[tokio::test]
async fn correct_credentials() {
    // Set up the environment

    let app = fixtures::scratch_app().await;
    let (name, password) = fixtures::user::create_with_password(&app, &fixtures::now()).await;

    // Call the endpoint

    let identity = fixtures::cookie::not_logged_in();
    let logged_in_at = fixtures::now();
    let request = super::Request {
        name: name.clone(),
        password,
    };
    let (identity, Empty) =
        super::handler(State(app.clone()), logged_in_at, identity, Json(request))
            .await
            .expect("logged in with valid credentials");

    // Verify the return value's basic structure

    verify::identity::valid_for_name(&app, &identity, &name).await;
}

#[tokio::test]
async fn invalid_name() {
    // Set up the environment

    let app = fixtures::scratch_app().await;

    // Call the endpoint

    let identity = fixtures::cookie::not_logged_in();
    let logged_in_at = fixtures::now();
    let (name, password) = fixtures::user::propose();
    let request = super::Request {
        name: name.clone(),
        password,
    };
    let super::Error(error) =
        super::handler(State(app.clone()), logged_in_at, identity, Json(request))
            .await
            .expect_err("logged in with an incorrect password fails");

    // Verify the return value's basic structure

    assert!(matches!(error, app::LoginError::Rejected));
}

#[tokio::test]
async fn incorrect_password() {
    // Set up the environment

    let app = fixtures::scratch_app().await;
    let login = fixtures::user::create(&app, &fixtures::now()).await;

    // Call the endpoint

    let logged_in_at = fixtures::now();
    let identity = fixtures::cookie::not_logged_in();
    let request = super::Request {
        name: login.name,
        password: fixtures::user::propose_password(),
    };
    let super::Error(error) =
        super::handler(State(app.clone()), logged_in_at, identity, Json(request))
            .await
            .expect_err("logged in with an incorrect password");

    // Verify the return value's basic structure

    assert!(matches!(error, app::LoginError::Rejected));
}

#[tokio::test]
async fn token_expires() {
    // Set up the environment

    let app = fixtures::scratch_app().await;
    let (name, password) = fixtures::user::create_with_password(&app, &fixtures::now()).await;

    // Call the endpoint

    let logged_in_at = fixtures::ancient();
    let identity = fixtures::cookie::not_logged_in();
    let request = super::Request { name, password };
    let (identity, _) = super::handler(State(app.clone()), logged_in_at, identity, Json(request))
        .await
        .expect("logged in with valid credentials");
    let secret = identity.secret().expect("logged in with valid credentials");

    // Verify the semantics

    let expired_at = fixtures::now();
    app.tokens()
        .expire(&expired_at)
        .await
        .expect("expiring tokens never fails");

    verify::token::invalid(&app, &secret).await;
}