using System.Net;
using System.Net.Http.Json;
using System.Text.Json;
using GameList.Tests.Support;

namespace GameList.Tests;

public class AuthTests
{
    [Fact]
    public async Task Register_with_admin_key_sets_admin_flag()
    {
        using var factory = new TestWebApplicationFactory();
        var client = factory.CreateClientWithCookies();

        var response = await client.RegisterAsync("adminuser", admin: true);

        response.EnsureSuccessStatusCode();
        var json = await response.Content.ReadFromJsonAsync<JsonElement>();
        Assert.True(json.GetProperty("isAdmin").GetBoolean());
    }

    [Fact]
    public async Task Register_duplicate_username_returns_conflict()
    {
        using var factory = new TestWebApplicationFactory();
        var client = factory.CreateClientWithCookies();

        var first = await client.RegisterAsync("duplicate");
        first.EnsureSuccessStatusCode();

        var second = await client.RegisterAsync("duplicate");

        Assert.Equal(HttpStatusCode.Conflict, second.StatusCode);
    }

    [Fact]
    public async Task Login_with_wrong_password_returns_unauthorized()
    {
        using var factory = new TestWebApplicationFactory();
        var client = factory.CreateClientWithCookies();

        await client.RegisterAsync("player1");

        var login = await client.LoginAsync("player1", "wrongpass");

        Assert.Equal(HttpStatusCode.Unauthorized, login.StatusCode);
    }

    [Fact]
    public async Task Register_validates_required_fields()
    {
        using var factory = new TestWebApplicationFactory();
        var client = factory.CreateClientWithCookies();

        var missing = await client.PostAsJsonAsync("/api/auth/register", new { Username = "", Password = "", DisplayName = "" });
        Assert.Equal(HttpStatusCode.BadRequest, missing.StatusCode);

        var badKey = await client.PostAsJsonAsync("/api/auth/register", new { Username = "u", Password = "p", DisplayName = "d", AdminKey = "wrong" });
        Assert.Equal(HttpStatusCode.BadRequest, badKey.StatusCode);
    }

    [Fact]
    public async Task Logout_clears_cookie()
    {
        using var factory = new TestWebApplicationFactory();
        var client = factory.CreateClientWithCookies();
        await client.RegisterAsync("logoutme");

        var resp = await client.PostAsync("/api/auth/logout", null);
        resp.EnsureSuccessStatusCode();
        Assert.True(resp.Headers.TryGetValues("Set-Cookie", out var cookies) && cookies.Any(c => c.Contains("player")));
    }
}