import Foundation
import Testing
@testable import ManaCore

@Suite("AuthClient getProfile")
@MainActor
struct AuthClientProfileTests {
    private func signedInAuth() async -> MockedAuth {
        let mocked = makeMockedAuth()
        let access = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ1MSIsImV4cCI6MjAwMDAwMDAwMH0.sig"
        mocked.setHandler { _ in
            (200, Data(#"{"accessToken":"\#(access)","refreshToken":"session-tok"}"#.utf8))
        }
        await mocked.auth.signIn(email: "u@x.de", password: "pw")
        return mocked
    }

    @Test("getProfile mit twoFactor on")
    func profileTwoFactorOn() async throws {
        let mocked = await signedInAuth()
        let captured = MockURLProtocol.Capture()
        mocked.setHandler { request in
            captured.store(request)
            return (200, Data(#"""
            {"user":{"id":"u1","email":"u@x.de","name":"Test","emailVerified":true,"twoFactorEnabled":true},
             "session":{"id":"s1"}}
            """#.utf8))
        }

        let profile = try await mocked.auth.getProfile()
        #expect(profile.id == "u1")
        #expect(profile.email == "u@x.de")
        #expect(profile.name == "Test")
        #expect(profile.emailVerified == true)
        #expect(profile.twoFactorEnabled == true)

        let request = try #require(captured.request)
        #expect(request.httpMethod == "GET")
        #expect(request.url?.path == "/api/v1/auth/profile")
        // Bearer-Header trägt den Session-Token
        #expect(request.value(forHTTPHeaderField: "Authorization") == "Bearer session-tok")
    }

    @Test("getProfile mit twoFactor off (Feld fehlt)")
    func profileTwoFactorOff() async throws {
        let mocked = await signedInAuth()
        mocked.setHandler { _ in
            (200, Data(#"""
            {"user":{"id":"u1","email":"u@x.de","name":null,"emailVerified":true}}
            """#.utf8))
        }

        let profile = try await mocked.auth.getProfile()
        #expect(profile.twoFactorEnabled == false)
        #expect(profile.name == nil)
    }

    @Test("getProfile ohne Session → notSignedIn")
    func profileNoSession() async {
        let mocked = makeMockedAuth()
        await #expect(throws: AuthError.notSignedIn) {
            try await mocked.auth.getProfile()
        }
    }

    @Test("getProfile mit abgelaufenem Token → unauthorized")
    func profileUnauthorized() async {
        let mocked = await signedInAuth()
        mocked.setHandler { _ in
            (401, Data(#"{"error":"UNAUTHORIZED","status":401}"#.utf8))
        }

        await #expect(throws: AuthError.unauthorized) {
            try await mocked.auth.getProfile()
        }
    }
}