from app.core.auth import COOKIE_NAME, create_access_token, decode_token


def test_create_and_decode_token():
    token = create_access_token(username="alice", is_admin=False)
    payload = decode_token(token)
    assert payload is not None
    assert payload["sub"] == "alice"
    assert payload["is_admin"] is False


def test_admin_claim():
    token = create_access_token(username="admin", is_admin=True)
    assert decode_token(token)["is_admin"] is True


def test_decode_invalid_token():
    assert decode_token("not.a.valid.token") is None


def test_decode_tampered_token():
    token = create_access_token(username="alice", is_admin=False)
    assert decode_token(token[:-4] + "xxxx") is None


def test_cookie_name():
    assert COOKIE_NAME == "access_token"