import pytest
from fastapi.testclient import TestClient
from unittest.mock import patch
from ea_chatbot.api.main import app
from ea_chatbot.history.models import User

@pytest.fixture
def client():
    """Provides a fresh TestClient for each test."""
    return TestClient(app)

@pytest.fixture
def mock_auth_data():
    return {
        "url": "https://example.com/auth?state=test_state",
        "state": "test_state",
        "nonce": "test_nonce",
        "code_verifier": "test_verifier"
    }

def test_oidc_login_sets_cookie(client, mock_auth_data):
    """Test that OIDC login initiation sets the temporary session cookie."""
    with patch("ea_chatbot.api.routers.auth.oidc_client") as mock_oidc:
        mock_oidc.get_auth_data.return_value = mock_auth_data
        
        response = client.get("/api/v1/auth/oidc/login")
        
        assert response.status_code == 200
        assert response.json()["url"] == mock_auth_data["url"]
        assert "oidc_session" in response.cookies

def test_oidc_callback_missing_cookie(client):
    """Test that OIDC callback fails if the temporary session cookie is missing."""
    with patch("ea_chatbot.api.routers.auth.oidc_client"):
        # Ensure no cookies are set
        client.cookies.clear()
        response = client.get("/api/v1/auth/oidc/callback?code=test_code&state=test_state", follow_redirects=False)
        
        # Should redirect to frontend with error
        assert response.status_code == 302
        assert "error=oidc_failed" in response.headers["location"]

def test_oidc_callback_invalid_state(client, mock_auth_data):
    """Test that OIDC callback fails if the state in the URL doesn't match the cookie."""
    with patch("ea_chatbot.api.routers.auth.oidc_client"), \
         patch("ea_chatbot.api.routers.auth.OIDCSession.decrypt") as mock_decrypt:
        
        # Mock valid cookie content
        mock_decrypt.return_value = mock_auth_data
        
        # Send different state in URL
        client.cookies.set("oidc_session", "fake_token")
        response = client.get("/api/v1/auth/oidc/callback?code=test_code&state=wrong_state", follow_redirects=False)
        
        assert response.status_code == 302
        assert "error=oidc_failed" in response.headers["location"]

def test_oidc_callback_success(client, mock_auth_data):
    """Test successful OIDC callback and session establishment."""
    with patch("ea_chatbot.api.routers.auth.oidc_client") as mock_oidc, \
         patch("ea_chatbot.api.routers.auth.OIDCSession.decrypt") as mock_decrypt, \
         patch("ea_chatbot.api.routers.auth.history_manager") as mock_hm, \
         patch("ea_chatbot.api.routers.auth.create_access_token") as mock_create_token:
        
        mock_decrypt.return_value = mock_auth_data
        mock_oidc.exchange_code_for_token.return_value = {"id_token": "fake_id_token"}
        mock_oidc.validate_id_token.return_value = {"email": "user@test.com", "name": "Test User"}
        mock_hm.sync_user_from_oidc.return_value = User(id="user-123", username="user@test.com")
        mock_create_token.return_value = "fake_access_token"
        
        client.cookies.set("oidc_session", "fake_token")
        response = client.get("/api/v1/auth/oidc/callback?code=test_code&state=test_state", follow_redirects=False)
        
        assert response.status_code == 302
        # Redirect to FRONTEND_URL (default localhost:5173)
        assert "http://localhost:5173" in response.headers["location"]
        assert "access_token" in response.cookies
        
        # Verify oidc_session was cleaned up (deleted)
        # In RedirectResponse, delete_cookie works by setting the cookie with empty value and past expiry
        cookie_header = response.headers.get("set-cookie", "")
        assert "oidc_session=;" in cookie_header or 'oidc_session=""' in cookie_header