<?php

namespace Tests\Feature\Auth;

use App\Models\Tenant;
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Hash;
use Tests\TestCase;

class TenantAdminTokenAuthTest extends TestCase
{
    use RefreshDatabase;

    public function test_tenant_admin_can_login_and_receive_token(): void
    {
        $tenant = Tenant::factory()->create();

        $user = User::factory()->create([
            'tenant_id' => $tenant->id,
            'role' => 'tenant_admin',
            'password' => Hash::make('secret-password'),
            'email_verified_at' => now(),
        ]);

        $response = $this->postJson(route('api.v1.tenant-auth.login'), [
            'login' => $user->email,
            'password' => 'secret-password',
        ]);

        $response->assertOk();
        $response->assertJsonStructure([
            'token',
            'token_type',
            'abilities',
            'user' => ['id', 'email', 'name', 'role', 'tenant_id'],
        ]);

        $this->assertDatabaseCount('personal_access_tokens', 1);
    }

    public function test_regular_user_cannot_login(): void
    {
        $user = User::factory()->create([
            'role' => 'user',
            'password' => Hash::make('secret-password'),
            'email_verified_at' => now(),
        ]);

        $response = $this->postJson(route('api.v1.tenant-auth.login'), [
            'login' => $user->email,
            'password' => 'secret-password',
        ]);

        $response->assertStatus(422);
        $response->assertJsonValidationErrors('login');
    }

    public function test_unverified_user_cannot_login(): void
    {
        $user = User::factory()->create([
            'role' => 'tenant_admin',
            'password' => Hash::make('secret-password'),
            'email_verified_at' => null,
        ]);

        $response = $this->postJson(route('api.v1.tenant-auth.login'), [
            'login' => $user->email,
            'password' => 'secret-password',
        ]);

        $response->assertStatus(422);
        $response->assertJsonValidationErrors('login');
    }

    public function test_me_endpoint_returns_user_details(): void
    {
        $tenant = Tenant::factory()->create();

        $user = User::factory()->create([
            'tenant_id' => $tenant->id,
            'role' => 'tenant_admin',
            'password' => Hash::make('secret-password'),
            'email_verified_at' => now(),
        ]);

        $token = $user->createToken('tenant-admin', ['tenant-admin']);

        $response = $this
            ->withToken($token->plainTextToken)
            ->getJson(route('api.v1.tenant-auth.me'));

        $response->assertOk();
        $response->assertJsonFragment([
            'id' => $user->id,
            'email' => $user->email,
            'role' => 'tenant_admin',
            'tenant_id' => $tenant->id,
        ]);
    }

    public function test_logout_revokes_current_token(): void
    {
        $tenant = Tenant::factory()->create();

        $user = User::factory()->create([
            'tenant_id' => $tenant->id,
            'role' => 'tenant_admin',
            'password' => Hash::make('secret-password'),
            'email_verified_at' => now(),
        ]);

        $token = $user->createToken('tenant-admin', ['tenant-admin']);

        $response = $this
            ->withToken($token->plainTextToken)
            ->postJson(route('api.v1.tenant-auth.logout'));

        $response->assertOk();

        $this->assertDatabaseMissing('personal_access_tokens', [
            'id' => $token->accessToken->id,
        ]);
    }
}