using Microsoft.AspNetCore.Authentication;
using ScadaLink.CentralUI.Auth;

namespace ScadaLink.CentralUI.Tests.Auth;

/// <summary>
/// Regression tests for CentralUI-005. <c>AuthEndpoints</c> previously stamped a
/// fixed <c>expires_at = UtcNow + 30 min</c> claim and a 30-minute absolute cookie
/// <c>ExpiresUtc</c> with no sliding refresh, contradicting the documented
/// "sliding refresh, 30-minute idle timeout" policy. The login handler must now
/// build <see cref="AuthenticationProperties"/> that let the cookie middleware
/// own expiry (sliding window) rather than imposing a contradictory fixed
/// absolute cap.
/// </summary>
public class SessionExpiryPolicyTests
{
    [Fact]
    public void BuildSignInProperties_DoesNotSetFixedAbsoluteExpiry()
    {
        var props = AuthEndpoints.BuildSignInProperties();

        // A fixed ExpiresUtc would re-introduce the hard 30-minute cap that
        // overrides the middleware's sliding window. Expiry must be owned by
        // the cookie middleware (ExpireTimeSpan + SlidingExpiration).
        Assert.Null(props.ExpiresUtc);
    }

    [Fact]
    public void BuildSignInProperties_IsPersistent()
    {
        var props = AuthEndpoints.BuildSignInProperties();

        Assert.True(props.IsPersistent);
    }

    [Fact]
    public void BuildSignInProperties_AllowsSlidingRefresh()
    {
        var props = AuthEndpoints.BuildSignInProperties();

        // AllowRefresh left null/true lets the cookie middleware slide the
        // expiry on activity. A false value would freeze the session to an
        // absolute cap — the bug this finding pins.
        Assert.NotEqual(false, props.AllowRefresh);
    }
}