using NATS.Server.Auth;
using NATS.Server.Protocol;

namespace NATS.Server.Auth.Tests;

public class UserPasswordAuthenticatorTests
{
    private static UserPasswordAuthenticator CreateAuth(params User[] users)
    {
        return new UserPasswordAuthenticator(users);
    }

    [Fact]
    public void Returns_result_for_correct_plain_password()
    {
        var auth = CreateAuth(new User { Username = "alice", Password = "secret" });
        var ctx = new ClientAuthContext
        {
            Opts = new ClientOptions { Username = "alice", Password = "secret" },
            Nonce = [],
        };

        var result = auth.Authenticate(ctx);

        result.ShouldNotBeNull();
        result.Identity.ShouldBe("alice");
    }

    [Fact]
    public void Returns_result_for_correct_bcrypt_password()
    {
        var hash = BCrypt.Net.BCrypt.HashPassword("secret");
        var auth = CreateAuth(new User { Username = "bob", Password = hash });
        var ctx = new ClientAuthContext
        {
            Opts = new ClientOptions { Username = "bob", Password = "secret" },
            Nonce = [],
        };

        var result = auth.Authenticate(ctx);

        result.ShouldNotBeNull();
        result.Identity.ShouldBe("bob");
    }

    [Fact]
    public void Returns_null_for_wrong_password()
    {
        var auth = CreateAuth(new User { Username = "alice", Password = "secret" });
        var ctx = new ClientAuthContext
        {
            Opts = new ClientOptions { Username = "alice", Password = "wrong" },
            Nonce = [],
        };

        auth.Authenticate(ctx).ShouldBeNull();
    }

    [Fact]
    public void Returns_null_for_unknown_user()
    {
        var auth = CreateAuth(new User { Username = "alice", Password = "secret" });
        var ctx = new ClientAuthContext
        {
            Opts = new ClientOptions { Username = "unknown", Password = "secret" },
            Nonce = [],
        };

        auth.Authenticate(ctx).ShouldBeNull();
    }

    [Fact]
    public void Returns_null_when_no_username_provided()
    {
        var auth = CreateAuth(new User { Username = "alice", Password = "secret" });
        var ctx = new ClientAuthContext
        {
            Opts = new ClientOptions(),
            Nonce = [],
        };

        auth.Authenticate(ctx).ShouldBeNull();
    }

    [Fact]
    public void Returns_permissions_from_user()
    {
        var perms = new Permissions
        {
            Publish = new SubjectPermission { Allow = ["foo.>"] },
        };
        var auth = CreateAuth(new User { Username = "alice", Password = "secret", Permissions = perms });
        var ctx = new ClientAuthContext
        {
            Opts = new ClientOptions { Username = "alice", Password = "secret" },
            Nonce = [],
        };

        var result = auth.Authenticate(ctx);

        result.ShouldNotBeNull();
        result.Permissions.ShouldBe(perms);
    }

    [Fact]
    public void Returns_account_name_from_user()
    {
        var auth = CreateAuth(new User { Username = "alice", Password = "secret", Account = "myaccount" });
        var ctx = new ClientAuthContext
        {
            Opts = new ClientOptions { Username = "alice", Password = "secret" },
            Nonce = [],
        };

        var result = auth.Authenticate(ctx);

        result.ShouldNotBeNull();
        result.AccountName.ShouldBe("myaccount");
    }
}