package blockuser

import (
	"context"
	"testing"
	"time"

	"galaxy/authsession/internal/domain/challenge"
	"galaxy/authsession/internal/domain/common"
	"galaxy/authsession/internal/service/confirmemailcode"
	"galaxy/authsession/internal/service/sendemailcode"
	"galaxy/authsession/internal/service/shared"
	"galaxy/authsession/internal/testkit"

	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
)

const blockFlowPublicKey = "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8="
const blockFlowTimeZone = "Europe/Kaliningrad"

func TestBlockUserAffectsLaterSendAndConfirmFlows(t *testing.T) {
	t.Parallel()

	challengeStore := &testkit.InMemoryChallengeStore{}
	sessionStore := &testkit.InMemorySessionStore{}
	userDirectory := &testkit.InMemoryUserDirectory{}
	publisher := &testkit.RecordingProjectionPublisher{}
	idGenerator := &testkit.SequenceIDGenerator{
		ChallengeIDs:     []common.ChallengeID{"challenge-1"},
		DeviceSessionIDs: []common.DeviceSessionID{"device-session-1"},
	}
	hasher := testkit.DeterministicCodeHasher{}
	mailSender := &testkit.RecordingMailSender{}
	now := time.Unix(20, 0).UTC()
	clock := testkit.FixedClock{Time: now}

	blockService, err := New(userDirectory, sessionStore, publisher, clock)
	require.NoError(t, err)

	_, err = blockService.Execute(context.Background(), Input{
		Email:      "pilot@example.com",
		ReasonCode: "policy_block",
		ActorType:  "admin",
	})
	require.NoError(t, err)

	sendService, err := sendemailcode.New(
		challengeStore,
		userDirectory,
		idGenerator,
		testkit.FixedCodeGenerator{Code: "654321"},
		hasher,
		mailSender,
		clock,
	)
	require.NoError(t, err)

	sendResult, err := sendService.Execute(context.Background(), sendemailcode.Input{Email: "pilot@example.com"})
	require.NoError(t, err)
	assert.Equal(t, "challenge-1", sendResult.ChallengeID)
	assert.Empty(t, mailSender.RecordedInputs())

	challengeRecord, err := challengeStore.Get(context.Background(), common.ChallengeID("challenge-1"))
	require.NoError(t, err)
	assert.Equal(t, challenge.StatusDeliverySuppressed, challengeRecord.Status)
	assert.Equal(t, challenge.DeliverySuppressed, challengeRecord.DeliveryState)

	confirmService, err := confirmemailcode.New(
		challengeStore,
		sessionStore,
		userDirectory,
		testkit.StaticConfigProvider{},
		publisher,
		idGenerator,
		hasher,
		clock,
	)
	require.NoError(t, err)

	_, err = confirmService.Execute(context.Background(), confirmemailcode.Input{
		ChallengeID:     "challenge-1",
		Code:            "654321",
		ClientPublicKey: blockFlowPublicKey,
		TimeZone:        blockFlowTimeZone,
	})
	require.Error(t, err)
	assert.Equal(t, shared.ErrorCodeBlockedByPolicy, shared.CodeOf(err))

	updatedChallenge, getErr := challengeStore.Get(context.Background(), common.ChallengeID("challenge-1"))
	require.NoError(t, getErr)
	assert.Equal(t, challenge.StatusFailed, updatedChallenge.Status)
}