package authsessionuser_test

import (
	"net/http"
	"strings"
	"testing"

	"github.com/stretchr/testify/require"
)

func TestAuthsessionUserBlackBoxConfirmCreatesUserWithForwardedRegistrationContext(t *testing.T) {
	t.Parallel()

	h := newAuthsessionUserHarness(t)
	email := "created@example.com"

	challengeID := h.sendChallenge(t, email)
	code := lastMailCodeFor(t, h.mailStub, email)

	response := h.confirmCode(t, challengeID, code)
	var confirmBody struct {
		DeviceSessionID string `json:"device_session_id"`
	}
	requireJSONStatus(t, response, http.StatusOK, &confirmBody)
	require.True(t, strings.HasPrefix(confirmBody.DeviceSessionID, "device-session-"))

	lookupResponse, account := lookupUserByEmail(t, h.userServiceURL, email)
	require.Equalf(t, http.StatusOK, lookupResponse.StatusCode, formatStatusError(lookupResponse))
	require.Equal(t, email, account.User.Email)
	require.Equal(t, "en", account.User.PreferredLanguage)
	require.Equal(t, testTimeZone, account.User.TimeZone)
	require.True(t, strings.HasPrefix(account.User.UserID, "user-"))
	require.True(t, strings.HasPrefix(account.User.RaceName, "player-"))
	require.Equal(t, "free", account.User.Entitlement.PlanCode)
	require.False(t, account.User.Entitlement.IsPaid)
	require.Empty(t, account.User.ActiveSanctions)
	require.Empty(t, account.User.ActiveLimits)
}

func TestAuthsessionUserBlackBoxConfirmForExistingUserKeepsCreateOnlySettings(t *testing.T) {
	t.Parallel()

	h := newAuthsessionUserHarness(t)
	email := "existing@example.com"

	created := postEnsureUser(t, h.userServiceURL, email, "fr-FR", "Europe/Paris")
	require.Equal(t, "created", created.Outcome)
	sleepForDistinctCreatedAt()

	challengeID := h.sendChallenge(t, email)
	code := lastMailCodeFor(t, h.mailStub, email)

	response := h.confirmCode(t, challengeID, code)
	var confirmBody struct {
		DeviceSessionID string `json:"device_session_id"`
	}
	requireJSONStatus(t, response, http.StatusOK, &confirmBody)
	require.True(t, strings.HasPrefix(confirmBody.DeviceSessionID, "device-session-"))

	lookupResponse, account := lookupUserByEmail(t, h.userServiceURL, email)
	require.Equalf(t, http.StatusOK, lookupResponse.StatusCode, formatStatusError(lookupResponse))
	require.Equal(t, created.UserID, account.User.UserID)
	require.Equal(t, "fr-FR", account.User.PreferredLanguage)
	require.Equal(t, "Europe/Paris", account.User.TimeZone)
}

func TestAuthsessionUserBlackBoxAcceptLanguageSetsLocalizedPreferredLanguage(t *testing.T) {
	t.Parallel()

	h := newAuthsessionUserHarness(t)
	email := "localized@example.com"

	challengeID := h.sendChallengeWithAcceptLanguage(t, email, "fr-FR, en;q=0.8")
	deliveries := h.mailStub.RecordedDeliveries()
	require.NotEmpty(t, deliveries)
	require.Equal(t, "fr-FR", deliveries[len(deliveries)-1].Locale)

	code := lastMailCodeFor(t, h.mailStub, email)
	response := h.confirmCode(t, challengeID, code)
	var confirmBody struct {
		DeviceSessionID string `json:"device_session_id"`
	}
	requireJSONStatus(t, response, http.StatusOK, &confirmBody)
	require.True(t, strings.HasPrefix(confirmBody.DeviceSessionID, "device-session-"))

	lookupResponse, account := lookupUserByEmail(t, h.userServiceURL, email)
	require.Equalf(t, http.StatusOK, lookupResponse.StatusCode, formatStatusError(lookupResponse))
	require.Equal(t, "fr-FR", account.User.PreferredLanguage)
	require.Equal(t, testTimeZone, account.User.TimeZone)
}

func TestAuthsessionUserBlackBoxBlockedEmailSendIsSuccessShapedAndConfirmIsRejectedWithoutCreatingUser(t *testing.T) {
	t.Parallel()

	h := newAuthsessionUserHarness(t)

	blockedAtSendEmail := "blocked-send@example.com"
	postBlockByEmail(t, h.userServiceURL, blockedAtSendEmail)

	beforeBlockedSendDeliveries := len(h.mailStub.RecordedDeliveries())
	blockedChallengeID := h.sendChallenge(t, blockedAtSendEmail)
	require.NotEmpty(t, blockedChallengeID)
	require.Len(t, h.mailStub.RecordedDeliveries(), beforeBlockedSendDeliveries)

	blockedAtConfirmEmail := "blocked-confirm@example.com"
	challengeID := h.sendChallenge(t, blockedAtConfirmEmail)
	code := lastMailCodeFor(t, h.mailStub, blockedAtConfirmEmail)
	postBlockByEmail(t, h.userServiceURL, blockedAtConfirmEmail)

	confirmResponse := h.confirmCode(t, challengeID, code)
	requireJSONStatusRaw(t, confirmResponse, http.StatusForbidden, `{"error":{"code":"blocked_by_policy","message":"authentication is blocked by policy"}}`)

	lookupResponse, _ := lookupUserByEmail(t, h.userServiceURL, blockedAtConfirmEmail)
	requireLookupNotFound(t, lookupResponse)
}