use std::{collections::HashMap, sync::Arc};

use pacman_server::auth::{
    provider::{MockOAuthProvider, OAuthProvider},
    AuthRegistry,
};
use pretty_assertions::assert_eq;

mod common;
use crate::common::{test_context, TestContext};

/// Test OAuth authorization flows
#[tokio::test]
async fn test_oauth_authorization_flows() {
    let TestContext { server, .. } = test_context().use_database(false).call().await;

    // Test OAuth authorize endpoint (should redirect)
    let response = server.get("/auth/github").await;
    assert_eq!(response.status_code(), 303); // Redirect to GitHub OAuth

    // Test OAuth authorize endpoint for Discord
    let response = server.get("/auth/discord").await;
    assert_eq!(response.status_code(), 303); // Redirect to Discord OAuth

    // Test unknown provider
    let response = server.get("/auth/unknown").await;
    assert_eq!(response.status_code(), 400); // Bad request for unknown provider
}

/// Test OAuth callback handling
#[tokio::test]
async fn test_oauth_callback_handling() {
    let TestContext { server, .. } = test_context().use_database(false).call().await;

    // Test OAuth callback with missing parameters (should fail gracefully)
    let response = server.get("/auth/github/callback").await;
    assert_eq!(response.status_code(), 400); // Bad request for missing code/state
}

/// Test OAuth authorization flow
#[tokio::test]
async fn test_oauth_authorization_flow() {
    let mut mock = MockOAuthProvider::new();
    mock.expect_authorize().returning(|_| {
        Ok(pacman_server::auth::provider::AuthorizeInfo {
            authorize_url: "https://example.com".parse().unwrap(),
            session_token: "a_token".to_string(),
        })
    });

    let provider: Arc<dyn OAuthProvider> = Arc::new(mock);
    let mock_registry = AuthRegistry {
        providers: HashMap::from([("mock", provider)]),
    };

    let TestContext { server, .. } = test_context().use_database(false).auth_registry(mock_registry).call().await;

    // Test that valid handlers redirect
    let response = server.get("/auth/mock").await;
    assert_eq!(response.status_code(), 303); // Redirect to GitHub OAuth

    // Test that unknown handlers return an error
    let response = server.get("/auth/unknown").await;
    assert_eq!(response.status_code(), 400); // Bad request for unknown provider

    // Test that session cookie is set
    let response = server.get("/auth/mock").await;
    assert_eq!(response.status_code(), 303);
    let cookies = {
        let cookies = response.cookies();
        cookies.iter().cloned().collect::<Vec<_>>()
    };
    assert_eq!(cookies.len(), 1);
    assert_eq!(cookies[0].name(), "session");
    assert_eq!(cookies[0].value(), "a_token");

    // Test that link parameter redirects and sets a link cookie
    let response = server.get("/auth/mock?link=true").await;
    assert_eq!(response.status_code(), 303);
    assert_eq!(response.maybe_cookie("link").is_some(), true);
    assert_eq!(response.maybe_cookie("link").unwrap().value(), "1");
}

/// Test OAuth callback validation
#[tokio::test]
async fn test_oauth_callback_validation() {
    let TestContext { server: _server, .. } = test_context().use_database(false).call().await;

    // TODO: Test that the OAuth callback handler validates the provider exists before processing
    // TODO: Test that the OAuth callback handler returns an error when the provider returns an OAuth error
    // TODO: Test that the OAuth callback handler returns an error when the authorization code is missing
    // TODO: Test that the OAuth callback handler returns an error when the state parameter is missing
}

/// Test OAuth callback processing
#[tokio::test]
async fn test_oauth_callback_processing() {
    let TestContext { server: _server, .. } = test_context().use_database(false).call().await;

    // TODO: Test that the OAuth callback handler exchanges the authorization code for user information successfully
    // TODO: Test that the OAuth callback handler handles provider callback errors gracefully
    // TODO: Test that the OAuth callback handler creates a session token after successful authentication
    // TODO: Test that the OAuth callback handler sets a session cookie after successful authentication
    // TODO: Test that the OAuth callback handler redirects to the profile page after successful authentication
}

/// Test account linking flow
#[tokio::test]
async fn test_account_linking_flow() {
    let TestContext { server: _server, .. } = test_context().use_database(false).call().await;

    // TODO: Test that the OAuth callback handler links a new provider to an existing user when link intent is present and session is valid
    // TODO: Test that the OAuth callback handler redirects to profile after successful account linking
    // TODO: Test that the OAuth callback handler falls back to normal sign-in when link intent is present but no valid session exists
}

/// Test new user registration
#[tokio::test]
async fn test_new_user_registration() {
    let TestContext { server: _server, .. } = test_context().use_database(false).call().await;

    // TODO: Test that the OAuth callback handler creates a new user account when no existing user is found
    // TODO: Test that the OAuth callback handler requires an email address for all sign-ins
    // TODO: Test that the OAuth callback handler rejects sign-in attempts when no email is available
}

/// Test existing user sign-in
#[tokio::test]
async fn test_existing_user_sign_in() {
    let TestContext { server: _server, .. } = test_context().use_database(false).call().await;

    // TODO: Test that the OAuth callback handler allows sign-in when the provider is already linked to an existing user
    // TODO: Test that the OAuth callback handler requires explicit linking when a user with the same email exists and has other providers linked
    // TODO: Test that the OAuth callback handler auto-links a provider when a user exists but has no other providers linked
}

/// Test avatar processing
#[tokio::test]
async fn test_avatar_processing() {
    let TestContext { server: _server, .. } = test_context().use_database(false).call().await;

    // TODO: Test that the OAuth callback handler processes user avatars asynchronously without blocking the response
    // TODO: Test that the OAuth callback handler handles avatar processing errors gracefully
}

/// Test profile access
#[tokio::test]
async fn test_profile_access() {
    let TestContext { server: _server, .. } = test_context().use_database(false).call().await;

    // TODO: Test that the profile handler returns user information when a valid session exists
    // TODO: Test that the profile handler returns an error when no session cookie is present
    // TODO: Test that the profile handler returns an error when the session token is invalid
    // TODO: Test that the profile handler includes linked providers in the response
    // TODO: Test that the profile handler returns an error when the user is not found in the database
}

/// Test logout functionality
#[tokio::test]
async fn test_logout_functionality() {
    let TestContext { server: _server, .. } = test_context().use_database(false).call().await;

    // TODO: Test that the logout handler clears the session if a session was there
    // TODO: Test that the logout handler removes the session from memory storage
    // TODO: Test that the logout handler clears the session cookie
    // TODO: Test that the logout handler redirects to the home page after logout
}

/// Test provider configuration
#[tokio::test]
async fn test_provider_configuration() {
    let TestContext { server: _server, .. } = test_context().use_database(false).call().await;

    // TODO: Test that the providers list handler returns all configured OAuth providers
    // TODO: Test that the providers list handler includes provider status (active/inactive)
}