"""Tests for authentication functionality."""
import pytest

from server.app import app


@pytest.fixture
def client():
    with app.test_client() as client:
        yield client


@pytest.fixture(autouse=True)
def setup_admin_creds(monkeypatch):
    monkeypatch.setattr("server.settings.ADMIN_USERNAME", "admin")
    monkeypatch.setattr("server.settings.ADMIN_PASSWORD", "admin")


def test_login_page_get(client):
    """Test login page renders."""
    resp = client.get("/auth/login")
    assert resp.status_code == 200
    assert b"Admin Login" in resp.data


def test_login_success(client):
    """Test successful login."""
    resp = client.post(
        "/auth/login", data={"username": "admin", "password": "admin"})
    assert resp.status_code == 302  # Redirect to admin dashboard
    assert resp.headers["Location"] == "/admin/"

    # Check session
    with client.session_transaction() as sess:
        assert sess["logged_in"] is True


def test_login_failure(client):
    """Test failed login."""
    resp = client.post(
        "/auth/login", data={"username": "wrong", "password": "wrong"})
    assert resp.status_code == 200
    assert b"Invalid credentials" in resp.data

    # Check session not set
    with client.session_transaction() as sess:
        assert "logged_in" not in sess


def test_logout(client):
    """Test logout."""
    # First login
    client.post("/auth/login", data={"username": "admin", "password": "admin"})

    # Then logout
    resp = client.get("/auth/logout")
    assert resp.status_code == 302
    assert resp.headers["Location"] == "/auth/login"

    # Check session cleared
    with client.session_transaction() as sess:
        assert "logged_in" not in sess


def test_protected_route_without_login(client):
    """Test accessing protected route without login redirects to login."""
    resp = client.get("/admin/settings")
    assert resp.status_code == 302
    assert resp.headers["Location"] == "/auth/login"