using System.Net;
using System.Net.Http.Json;
using System.Security.Cryptography;
using System.Text;
using System.Text.Json;
using JdeScoping.Core.Models.Auth;
using JdeScoping.Ui.Tests.Support;
namespace JdeScoping.Ui.Tests;
///
/// API-level smoke tests for the authentication endpoint against the Docker host.
/// Validates the RSA public-key exchange, encrypted login, and session cookie flow.
/// Requires a running Docker host (Category: RequiresDockerHost).
///
public class AuthApiSmokeTests
{
///
/// Verifies the full login flow: fetch public key, encrypt credentials, POST login, and confirm session via /me.
///
///
/// Steps:
/// 1. Create an HttpClient with a CookieContainer for session tracking.
/// 2. GET /api/auth/public-key and verify the PEM response.
/// 3. RSA-encrypt a test login payload using the returned public key.
/// 4. POST /api/auth/login with the encrypted payload and assert HTTP 200.
/// 5. GET /api/auth/me and assert HTTP 200 (session is authenticated).
///
[Fact]
[Trait("Category", "RequiresDockerHost")]
public async Task AuthApi_Login_WorksAgainstDockerHost()
{
var cookies = new CookieContainer();
using var handler = new HttpClientHandler { CookieContainer = cookies };
using var client = new HttpClient(handler) { BaseAddress = new Uri(UiTestSettings.BaseUrl) };
var key = await client.GetFromJsonAsync("api/auth/public-key");
Assert.NotNull(key);
Assert.Contains("BEGIN PUBLIC KEY", key!.PublicKeyPem);
string payload = JsonSerializer.Serialize(new LoginModel { Username = "testuser", Password = "testpass" });
using var rsa = RSA.Create();
rsa.ImportFromPem(key.PublicKeyPem);
byte[] encrypted = rsa.Encrypt(Encoding.UTF8.GetBytes(payload), RSAEncryptionPadding.OaepSHA256);
var login = await client.PostAsJsonAsync("api/auth/login",
new EncryptedLoginRequest(Convert.ToBase64String(encrypted)));
Assert.Equal(HttpStatusCode.OK, login.StatusCode);
var me = await client.GetAsync("api/auth/me");
Assert.Equal(HttpStatusCode.OK, me.StatusCode);
}
}