import pytest
from fastapi.testclient import TestClient
from sqlalchemy import create_engine
from sqlalchemy.orm import sessionmaker
from sqlalchemy.pool import StaticPool

from app.core.database import Base, get_db
from app.main import app
from app.modules.auth.models import User
from app.modules.auth.service import hash_password


@pytest.fixture(autouse=True)
def override_db():
    engine = create_engine(
        "sqlite:///:memory:",
        connect_args={"check_same_thread": False},
        poolclass=StaticPool,
    )
    Base.metadata.create_all(bind=engine)
    Session = sessionmaker(bind=engine)
    session = Session()
    app.dependency_overrides[get_db] = lambda: session
    yield session
    app.dependency_overrides.clear()
    session.close()
    Base.metadata.drop_all(bind=engine)


@pytest.fixture
def client():
    return TestClient(app, follow_redirects=False)


@pytest.fixture
def alice(override_db):
    user = User(username="alice", full_name="Alice Smith", pw_hash=hash_password("secret123"))
    override_db.add(user)
    override_db.commit()
    return user


def test_get_login_page(client):
    response = client.get("/auth/login")
    assert response.status_code == 200
    assert "text/html" in response.headers["content-type"]
    assert "Anmelden" in response.text


def test_login_correct_credentials_redirects(client, alice):
    response = client.post("/auth/login", data={"username": "alice", "password": "secret123"})
    assert response.status_code in (302, 303, 307)
    assert "access_token" in response.cookies


def test_login_wrong_password_shows_error(client, alice):
    response = client.post("/auth/login", data={"username": "alice", "password": "wrong"})
    assert response.status_code == 200
    assert "Ungültige" in response.text


def test_login_unknown_user_shows_error(client):
    response = client.post("/auth/login", data={"username": "ghost", "password": "any"})
    assert response.status_code == 200
    assert "Ungültige" in response.text


def test_logout_clears_cookie_and_redirects_to_landing(client, alice):
    client.post("/auth/login", data={"username": "alice", "password": "secret123"})
    response = client.get("/auth/logout")
    assert response.status_code in (302, 303, 307)
    assert response.headers["location"] == "/"
    assert response.cookies.get("access_token", "") == ""