"""
tests/test_api_auth.py
----------------------
Tests for /api/auth/* endpoints.
All external OAuth calls are mocked with respx.
"""

import pytest
import respx
import httpx
from fastapi.testclient import TestClient

from web.app import app

client = TestClient(app, raise_server_exceptions=True)


def test_status_unauthenticated():
    """Fresh session → both platforms disconnected."""
    resp = client.get("/api/auth/status", cookies={})
    assert resp.status_code == 200
    data = resp.json()
    assert data["adobe"] is False
    assert data["docusign"] is False


@respx.mock
def test_adobe_callback_stores_token():
    """Successful Adobe OAuth callback → session has adobe_access_token."""
    respx.post("https://api.eu2.adobesign.com/oauth/v2/token").mock(
        return_value=httpx.Response(200, json={
            "access_token": "adobe-test-token",
            "refresh_token": "adobe-refresh",
        })
    )

    resp = client.get("/api/auth/adobe/callback?code=authcode123", follow_redirects=False)
    # Should redirect to /
    assert resp.status_code in (302, 307)

    # Session cookie should now contain the token
    session_cookie = resp.cookies.get("migrator_session")
    assert session_cookie is not None

    # Follow up with status check using the same session cookie
    status_resp = client.get("/api/auth/status", cookies={"migrator_session": session_cookie})
    assert status_resp.json()["adobe"] is True


@respx.mock
def test_docusign_callback_stores_token():
    """Successful DocuSign OAuth callback → session has docusign_access_token."""
    from web.config import settings
    respx.post(f"https://{settings.docusign_auth_server}/oauth/token").mock(
        return_value=httpx.Response(200, json={
            "access_token": "ds-test-token",
            "refresh_token": "ds-refresh",
        })
    )

    resp = client.get("/api/auth/docusign/callback?code=dscode123", follow_redirects=False)
    assert resp.status_code in (302, 307)

    session_cookie = resp.cookies.get("migrator_session")
    assert session_cookie is not None

    status_resp = client.get("/api/auth/status", cookies={"migrator_session": session_cookie})
    assert status_resp.json()["docusign"] is True


@respx.mock
def test_disconnect_clears_token():
    """After disconnect, status shows platform as disconnected."""
    # First connect Adobe
    respx.post("https://api.eu2.adobesign.com/oauth/v2/token").mock(
        return_value=httpx.Response(200, json={"access_token": "tok", "refresh_token": "ref"})
    )
    connect_resp = client.get("/api/auth/adobe/callback?code=abc", follow_redirects=False)
    session_cookie = connect_resp.cookies["migrator_session"]

    # Verify connected
    status_resp = client.get("/api/auth/status", cookies={"migrator_session": session_cookie})
    assert status_resp.json()["adobe"] is True

    # Disconnect
    disc_resp = client.get("/api/auth/adobe/disconnect", cookies={"migrator_session": session_cookie})
    assert disc_resp.status_code == 200
    new_cookie = disc_resp.cookies.get("migrator_session", session_cookie)

    # Verify disconnected
    status_resp2 = client.get("/api/auth/status", cookies={"migrator_session": new_cookie})
    assert status_resp2.json()["adobe"] is False