using System;
using System.Collections.Generic;
using ZB.MOM.WW.OtOpcUa.Host.Domain;

namespace ZB.MOM.WW.OtOpcUa.Tests.Helpers
{
    /// <summary>
    ///     Deterministic authentication provider for integration tests.
    ///     Validates credentials against hardcoded username/password pairs
    ///     and returns configured role sets per user.
    /// </summary>
    internal class FakeAuthenticationProvider : IUserAuthenticationProvider, IRoleProvider
    {
        private readonly Dictionary<string, string> _credentials = new(StringComparer.OrdinalIgnoreCase);

        private readonly Dictionary<string, IReadOnlyList<string>> _roles = new(StringComparer.OrdinalIgnoreCase);

        public IReadOnlyList<string> GetUserRoles(string username)
        {
            return _roles.TryGetValue(username, out var roles) ? roles : new[] { AppRoles.ReadOnly };
        }

        public bool ValidateCredentials(string username, string password)
        {
            return _credentials.TryGetValue(username, out var expected) && expected == password;
        }

        public FakeAuthenticationProvider AddUser(string username, string password, params string[] roles)
        {
            _credentials[username] = password;
            _roles[username] = roles;
            return this;
        }
    }
}