using NATS.Server.Auth;
using NATS.Server.Protocol;

namespace NATS.Server.Tests;

public class TokenAuthenticatorTests
{
    [Fact]
    public void Returns_result_for_correct_token()
    {
        var auth = new TokenAuthenticator("secret-token");
        var ctx = new ClientAuthContext
        {
            Opts = new ClientOptions { Token = "secret-token" },
            Nonce = [],
        };

        var result = auth.Authenticate(ctx);

        result.ShouldNotBeNull();
        result.Identity.ShouldBe("token");
    }

    [Fact]
    public void Returns_null_for_wrong_token()
    {
        var auth = new TokenAuthenticator("secret-token");
        var ctx = new ClientAuthContext
        {
            Opts = new ClientOptions { Token = "wrong-token" },
            Nonce = [],
        };

        auth.Authenticate(ctx).ShouldBeNull();
    }

    [Fact]
    public void Returns_null_when_no_token_provided()
    {
        var auth = new TokenAuthenticator("secret-token");
        var ctx = new ClientAuthContext
        {
            Opts = new ClientOptions(),
            Nonce = [],
        };

        auth.Authenticate(ctx).ShouldBeNull();
    }

    [Fact]
    public void Returns_null_for_different_length_token()
    {
        var auth = new TokenAuthenticator("secret-token");
        var ctx = new ClientAuthContext
        {
            Opts = new ClientOptions { Token = "short" },
            Nonce = [],
        };

        auth.Authenticate(ctx).ShouldBeNull();
    }
}