package confirmemailcode

import (
	"context"
	"testing"
	"time"

	stubuserservice "galaxy/authsession/internal/adapters/userservice"
	"galaxy/authsession/internal/domain/challenge"
	"galaxy/authsession/internal/domain/common"
	"galaxy/authsession/internal/domain/userresolution"
	"galaxy/authsession/internal/service/shared"

	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
)

func TestExecuteWithRuntimeStubUserDirectory(t *testing.T) {
	t.Parallel()

	t.Run("creates user through EnsureUserByEmail", func(t *testing.T) {
		t.Parallel()

		deps := newConfirmDeps(t)
		userDirectory := &stubuserservice.StubDirectory{}
		require.NoError(t, userDirectory.QueueCreatedUserIDs(common.UserID("user-created")))
		deps.userDirectory = nil
		require.NoError(t, deps.challengeStore.Create(context.Background(), sentChallengeFixture(
			t,
			deps.hasher,
			"challenge-1",
			"pilot@example.com",
			"654321",
			deps.now.Add(-time.Minute),
			deps.now.Add(time.Minute),
		)))

		service, err := New(
			deps.challengeStore,
			deps.sessionStore,
			userDirectory,
			deps.configProvider,
			deps.publisher,
			deps.idGenerator,
			deps.hasher,
			fixedClock(deps.now),
		)
		require.NoError(t, err)

		result, err := service.Execute(context.Background(), Input{
			ChallengeID:     "challenge-1",
			Code:            "654321",
			ClientPublicKey: publicKeyString(),
			TimeZone:        confirmEmailCodeTimeZone,
		})
		require.NoError(t, err)
		assert.Equal(t, "device-session-1", result.DeviceSessionID)

		sessionRecord, err := deps.sessionStore.Get(context.Background(), common.DeviceSessionID("device-session-1"))
		require.NoError(t, err)
		assert.Equal(t, common.UserID("user-created"), sessionRecord.UserID)
	})

	t.Run("blocked email returns blocked by policy", func(t *testing.T) {
		t.Parallel()

		deps := newConfirmDeps(t)
		userDirectory := &stubuserservice.StubDirectory{}
		require.NoError(t, userDirectory.SeedBlockedEmail(common.Email("pilot@example.com"), userresolution.BlockReasonCode("policy_block")))
		require.NoError(t, deps.challengeStore.Create(context.Background(), sentChallengeFixture(
			t,
			deps.hasher,
			"challenge-1",
			"pilot@example.com",
			"654321",
			deps.now.Add(-time.Minute),
			deps.now.Add(time.Minute),
		)))

		service, err := New(
			deps.challengeStore,
			deps.sessionStore,
			userDirectory,
			deps.configProvider,
			deps.publisher,
			deps.idGenerator,
			deps.hasher,
			fixedClock(deps.now),
		)
		require.NoError(t, err)

		_, err = service.Execute(context.Background(), Input{
			ChallengeID:     "challenge-1",
			Code:            "654321",
			ClientPublicKey: publicKeyString(),
			TimeZone:        confirmEmailCodeTimeZone,
		})
		require.Error(t, err)
		assert.Equal(t, shared.ErrorCodeBlockedByPolicy, shared.CodeOf(err))

		record, getErr := deps.challengeStore.Get(context.Background(), common.ChallengeID("challenge-1"))
		require.NoError(t, getErr)
		assert.Equal(t, challenge.StatusFailed, record.Status)
	})
}

type fixedClock time.Time

func (c fixedClock) Now() time.Time {
	return time.Time(c)
}