import pytest
from datetime import timedelta
from ea_chatbot.auth import OIDCSession
from ea_chatbot.config import Settings

@pytest.fixture
def settings():
    return Settings()

def test_oidc_session_encrypt_decrypt(settings):
    session_data = {
        "state": "test_state",
        "nonce": "test_nonce",
        "code_verifier": "test_verifier"
    }
    
    # Encrypt
    token = OIDCSession.encrypt(session_data, settings.secret_key)
    assert isinstance(token, str)
    assert token != ""
    
    # Decrypt
    decrypted_data = OIDCSession.decrypt(token, settings.secret_key)
    assert decrypted_data["state"] == "test_state"
    assert decrypted_data["nonce"] == "test_nonce"
    assert decrypted_data["code_verifier"] == "test_verifier"

def test_oidc_session_invalid_signature(settings):
    session_data = {"state": "test_state"}
    token = OIDCSession.encrypt(session_data, settings.secret_key)
    
    # Tamper with the token
    tampered_token = token[:-5] + "aaaaa"
    
    decrypted_data = OIDCSession.decrypt(tampered_token, settings.secret_key)
    assert decrypted_data is None

def test_oidc_session_expired(settings):
    session_data = {"state": "test_state"}
    # Encrypt with a very short expiration
    token = OIDCSession.encrypt(session_data, settings.secret_key, expires_delta=timedelta(seconds=-1))
    
    decrypted_data = OIDCSession.decrypt(token, settings.secret_key)
    assert decrypted_data is None