from fooder.utils.jwt import AccessToken, RefreshToken


async def test_create_token_returns_tokens(client, user, user_password):
    response = await client.post(
        "/api/token",
        data={"username": user.username, "password": user_password},
    )
    assert response.status_code == 200
    body = response.json()
    assert "access_token" in body
    assert "refresh_token" in body
    assert body["token_type"] == "bearer"


async def test_create_token_access_token_is_valid(client, user, user_password):
    response = await client.post(
        "/api/token",
        data={"username": user.username, "password": user_password},
    )
    token = AccessToken.decode(response.json()["access_token"])
    assert token.sub == user.id


async def test_create_token_refresh_token_is_valid(client, user, user_password):
    response = await client.post(
        "/api/token",
        data={"username": user.username, "password": user_password},
    )
    token = RefreshToken.decode(response.json()["refresh_token"])
    assert token.sub == user.id


async def test_create_token_wrong_password(client, user):
    response = await client.post(
        "/api/token",
        data={"username": user.username, "password": "wrong"},
    )
    assert response.status_code == 401


async def test_create_token_unknown_user(client):
    response = await client.post(
        "/api/token",
        data={"username": "nobody", "password": "x"},
    )
    assert response.status_code == 401


async def test_refresh_token_returns_new_tokens(client, user, user_password):
    response = await client.post(
        "/api/token",
        data={"username": user.username, "password": user_password},
    )
    refresh_token = response.json()["refresh_token"]

    response = await client.post("/api/token/refresh", params={"refresh_token": refresh_token})
    assert response.status_code == 200
    body = response.json()
    assert "access_token" in body
    assert "refresh_token" in body
    assert body["token_type"] == "bearer"


async def test_refresh_token_access_token_is_valid(client, user, user_password):
    response = await client.post(
        "/api/token",
        data={"username": user.username, "password": user_password},
    )
    refresh_token = response.json()["refresh_token"]

    response = await client.post("/api/token/refresh", params={"refresh_token": refresh_token})
    token = AccessToken.decode(response.json()["access_token"])
    assert token.sub == user.id


async def test_refresh_token_refresh_token_is_valid(client, user, user_password):
    response = await client.post(
        "/api/token",
        data={"username": user.username, "password": user_password},
    )
    refresh_token = response.json()["refresh_token"]

    response = await client.post("/api/token/refresh", params={"refresh_token": refresh_token})
    token = RefreshToken.decode(response.json()["refresh_token"])
    assert token.sub == user.id


async def test_refresh_token_invalid_returns_401(client):
    response = await client.post("/api/token/refresh", params={"refresh_token": "bad-token"})
    assert response.status_code == 401


async def test_refresh_token_access_token_as_refresh_returns_401(client, user, user_password):
    response = await client.post(
        "/api/token",
        data={"username": user.username, "password": user_password},
    )
    access_token = response.json()["access_token"]

    response = await client.post("/api/token/refresh", params={"refresh_token": access_token})
    assert response.status_code == 401