from app.crud.crud_user import user as crud_user
from app.models.ppr import UserRole
from app.schemas.ppr import UserCreate


def test_login_rejects_invalid_credentials(client):
    response = client.post(
        "/api/v1/auth/login",
        data={"username": "missing", "password": "wrong"},
    )

    assert response.status_code == 401
    assert response.json()["detail"] == "Incorrect username or password"


def test_login_returns_bearer_token_for_valid_user(client, db):
    crud_user.create(
        db,
        UserCreate(username="tower", password="secret-password", role=UserRole.OPERATOR),
        admin_user="test",
    )

    response = client.post(
        "/api/v1/auth/login",
        data={"username": "tower", "password": "secret-password"},
    )

    assert response.status_code == 200
    body = response.json()
    assert body["access_token"]
    assert body["token_type"] == "bearer"
    assert body["expires_in"] > 0


def test_admin_user_crud_endpoints(auth_client):
    create_response = auth_client.post(
        "/api/v1/auth/users",
        json={"username": "operator-one", "password": "secret-password", "role": "OPERATOR"},
    )

    assert create_response.status_code == 200
    created = create_response.json()
    assert created["username"] == "operator-one"
    assert created["role"] == "OPERATOR"

    duplicate_response = auth_client.post(
        "/api/v1/auth/users",
        json={"username": "operator-one", "password": "secret-password", "role": "OPERATOR"},
    )

    assert duplicate_response.status_code == 400

    list_response = auth_client.get("/api/v1/auth/users")
    assert list_response.status_code == 200
    assert [user["username"] for user in list_response.json()] == ["operator-one"]

    update_response = auth_client.put(
        f"/api/v1/auth/users/{created['id']}",
        json={"role": "READ_ONLY"},
    )
    assert update_response.status_code == 200
    assert update_response.json()["role"] == "READ_ONLY"

    password_response = auth_client.post(
        f"/api/v1/auth/users/{created['id']}/change-password",
        json={"password": "new-secret-password"},
    )
    assert password_response.status_code == 200


def test_admin_user_endpoints_return_not_found(auth_client):
    assert auth_client.get("/api/v1/auth/users/404").status_code == 404
    assert auth_client.put("/api/v1/auth/users/404", json={"role": "OPERATOR"}).status_code == 404
    assert (
        auth_client.post(
            "/api/v1/auth/users/404/change-password",
            json={"password": "new-secret-password"},
        ).status_code
        == 404
    )