package handlers

import (
	"net/http"
	"net/http/httptest"
	"testing"

	"custom-start-page/internal/auth"
	"custom-start-page/internal/middleware"
)

// TestRedirectFlow_UnauthenticatedToLogin tests that unauthenticated users are redirected to login
func TestRedirectFlow_UnauthenticatedToLogin(t *testing.T) {
	// Setup
	mockSessionStore := &MockSessionStore{shouldError: true}
	
	// Create middleware
	requireAuth := middleware.RequireAuth(mockSessionStore)
	
	// Create dashboard handler
	mockDashboardTemplate := createMockDashboardTemplate()
	dashboardHandler := &DashboardHandler{templates: mockDashboardTemplate}
	
	// Wrap dashboard handler with auth middleware
	protectedHandler := requireAuth(http.HandlerFunc(dashboardHandler.HandleDashboard))
	
	// Create request to dashboard
	req := httptest.NewRequest(http.MethodGet, "/dashboard", nil)
	w := httptest.NewRecorder()
	
	// Execute
	protectedHandler.ServeHTTP(w, req)
	
	// Assert - should redirect to login
	if w.Code != http.StatusSeeOther {
		t.Errorf("Expected status 303, got %d", w.Code)
	}
	
	location := w.Header().Get("Location")
	if location != "/login" {
		t.Errorf("Expected redirect to /login, got %s", location)
	}
}

// TestRedirectFlow_AuthenticatedToDashboard tests that authenticated users accessing login are redirected to dashboard
func TestRedirectFlow_AuthenticatedToDashboard(t *testing.T) {
	// Setup
	mockSessionStore := &MockSessionStore{userID: "test-user-123"}
	oauthService := auth.NewOAuthService("test-client-id", "test-secret", "http://localhost/callback", auth.NewMemoryStateStore())
	userService := auth.NewUserService(nil)
	mockTemplate := createMockTemplate()
	authHandler := NewAuthHandlerWithTemplates(oauthService, userService, mockSessionStore, mockTemplate)
	
	// Create request to login page
	req := httptest.NewRequest(http.MethodGet, "/login", nil)
	w := httptest.NewRecorder()
	
	// Execute
	authHandler.HandleLogin(w, req)
	
	// Assert - should redirect to dashboard
	if w.Code != http.StatusTemporaryRedirect {
		t.Errorf("Expected status 307, got %d", w.Code)
	}
	
	location := w.Header().Get("Location")
	if location != "/dashboard" {
		t.Errorf("Expected redirect to /dashboard, got %s", location)
	}
}

// TestRedirectFlow_LogoutToLogin tests that logout redirects to login
func TestRedirectFlow_LogoutToLogin(t *testing.T) {
	// Setup
	mockSessionStore := &MockSessionStore{userID: "test-user-123"}
	oauthService := auth.NewOAuthService("test-client-id", "test-secret", "http://localhost/callback", auth.NewMemoryStateStore())
	userService := auth.NewUserService(nil)
	mockTemplate := createMockTemplate()
	authHandler := NewAuthHandlerWithTemplates(oauthService, userService, mockSessionStore, mockTemplate)
	
	// Create logout request
	req := httptest.NewRequest(http.MethodPost, "/logout", nil)
	w := httptest.NewRecorder()
	
	// Execute
	authHandler.HandleLogout(w, req)
	
	// Assert - should redirect to login
	if w.Code != http.StatusTemporaryRedirect {
		t.Errorf("Expected status 307, got %d", w.Code)
	}
	
	location := w.Header().Get("Location")
	if location != "/login" {
		t.Errorf("Expected redirect to /login, got %s", location)
	}
	
	// Verify session was destroyed
	if mockSessionStore.userID != "" {
		t.Error("Expected session to be destroyed after logout")
	}
}