"""Teste PRD 5.7 — mapare inline din panoul de detaliu trimitere.

needs_mapping cu operatie nemapata -> panoul arata selectorul de cod RAR + sugestii;
POST /trimitere/{id}/mapeaza salveaza maparea (save_mapping) si re-rezolva submission-ul
(reresolve_account) pe loc. Scoped pe sesiune (404 cross-account), CSRF obligatoriu,
respinge cod absent din nomenclator, respecta batch_id-ul randului.
"""

from __future__ import annotations

import json
import os
import re
import tempfile

import pytest
from starlette.testclient import TestClient


def _create_account_user(email: str, name: str = "Service", password: str = "parolasecreta10"):
    from app.accounts import create_account
    from app.users import create_user
    from app.db import get_connection

    conn = get_connection()
    try:
        acct_id = create_account(conn, name, active=True)
        create_user(conn, acct_id, email, password)
        return acct_id
    finally:
        conn.close()


def _login(client, email: str, password: str = "parolasecreta10") -> None:
    resp = client.get("/login")
    m = re.search(r'name="csrf_token"\s+value="([^"]+)"', resp.text)
    assert m
    resp = client.post("/login", data={"email": email, "parola": password, "csrf_token": m.group(1)})
    assert resp.status_code == 303


def _csrf(client) -> str:
    resp = client.get("/?tab=acasa")
    m = re.search(r'name="csrf_token"\s+value="([^"]+)"', resp.text)
    assert m
    return m.group(1)


def _insert_needs_mapping(acct: int, *, op: str = "DIVERSE VERIFICARI 159004",
                          denumire: str | None = None, batch_id: int | None = None,
                          vin: str = "WVWZZZ1JZXW0NM001") -> int:
    """Insereaza un submission needs_mapping cu o prestatie nemapata (cod_prestatie null)."""
    from app.db import get_connection
    payload = {
        "vin": vin, "nr_inmatriculare": "B123ABC", "data_prestatie": "2026-06-10",
        "odometru_final": "159004",
        "prestatii": [{"cod_prestatie": None, "cod_op_service": op, "denumire": denumire or op}],
    }
    conn = get_connection()
    try:
        k = f"k-{os.urandom(6).hex()}"
        cur = conn.execute(
            "INSERT INTO submissions (idempotency_key, account_id, status, payload_json, rar_error, batch_id) "
            "VALUES (?, ?, 'needs_mapping', ?, ?, ?)",
            (k, acct, json.dumps(payload), json.dumps({"unmapped": [{"cod_op_service": op}]}), batch_id),
        )
        conn.commit()
        return int(cur.lastrowid)
    finally:
        conn.close()


def _row(sid: int):
    from app.db import get_connection
    conn = get_connection()
    try:
        return conn.execute("SELECT * FROM submissions WHERE id=?", (sid,)).fetchone()
    finally:
        conn.close()


def _mapping_count(acct: int) -> int:
    from app.db import get_connection
    conn = get_connection()
    try:
        return conn.execute(
            "SELECT COUNT(*) AS n FROM operations_mapping WHERE account_id=?", (acct,)
        ).fetchone()["n"]
    finally:
        conn.close()


@pytest.fixture()
def client(monkeypatch):
    tmp = tempfile.mkdtemp()
    monkeypatch.setenv("AUTOPASS_DB_PATH", os.path.join(tmp, "inline.db"))
    monkeypatch.setenv("AUTOPASS_WEB_AUTH_REQUIRED", "true")
    from app.config import get_settings
    get_settings.cache_clear()
    from app.web import ratelimit
    ratelimit._hits.clear()
    from app.main import app
    with TestClient(app, follow_redirects=False) as c:
        yield c
    ratelimit._hits.clear()
    get_settings.cache_clear()


def test_detaliu_needs_mapping_arata_operatii_nemapate(client):
    """GET detaliu pe needs_mapping -> HTML cu selectorul de cod RAR + operatia + actiunea inline."""
    acct = _create_account_user("nm@test.com")
    sid = _insert_needs_mapping(acct, op="REPARATIE MOTOR X")
    _login(client, "nm@test.com")
    resp = client.get(f"/_fragments/trimitere/{sid}")
    assert resp.status_code == 200
    assert "Mapeaza codul operatiei" in resp.text
    assert "REPARATIE MOTOR X" in resp.text
    assert f"/trimitere/{sid}/mapeaza" in resp.text
    # nomenclatorul seed e in selector
    assert "OE-1" in resp.text


def test_mapeaza_inline_deblocheaza_randul(client):
    """POST mapeaza cu cod valid -> submission queued + mapare salvata."""
    acct = _create_account_user("mi@test.com")
    sid = _insert_needs_mapping(acct, op="VERIF SPECIALA 1")
    _login(client, "mi@test.com")
    csrf = _csrf(client)
    resp = client.post(f"/trimitere/{sid}/mapeaza", data={
        "cod_op_service": "VERIF SPECIALA 1", "cod_prestatie": "OE-1",
        "auto_send": "true", "csrf_token": csrf,
    })
    assert resp.status_code == 200
    assert resp.headers.get("HX-Trigger") == "trimiteriChanged"
    r = _row(sid)
    assert r["status"] == "queued"
    # codul s-a umplut in payload
    pres = json.loads(r["payload_json"])["prestatii"][0]
    assert pres["cod_prestatie"] == "OE-1"
    assert _mapping_count(acct) == 1


def test_mapeaza_inline_cod_necunoscut_respins(client):
    """Cod inexistent in nomenclator -> mesaj eroare, ramane needs_mapping, fara mapare."""
    acct = _create_account_user("cn@test.com")
    sid = _insert_needs_mapping(acct, op="VERIF SPECIALA 2")
    _login(client, "cn@test.com")
    csrf = _csrf(client)
    resp = client.post(f"/trimitere/{sid}/mapeaza", data={
        "cod_op_service": "VERIF SPECIALA 2", "cod_prestatie": "COD-INEXISTENT",
        "csrf_token": csrf,
    })
    assert resp.status_code == 200
    assert "necunoscut" in resp.text.lower()
    assert _row(sid)["status"] == "needs_mapping"
    assert _mapping_count(acct) == 0


def test_mapeaza_inline_scoped_pe_sesiune(client):
    """POST pe submission al altui cont -> 404, fara mapare salvata."""
    acct_a = _create_account_user("a@test.com")
    acct_b = _create_account_user("b@test.com")
    sid = _insert_needs_mapping(acct_a, op="VERIF A")
    _login(client, "b@test.com")
    csrf = _csrf(client)
    resp = client.post(f"/trimitere/{sid}/mapeaza", data={
        "cod_op_service": "VERIF A", "cod_prestatie": "OE-1", "csrf_token": csrf,
    })
    assert resp.status_code == 404
    assert _row(sid)["status"] == "needs_mapping"
    assert _mapping_count(acct_b) == 0


def test_mapeaza_inline_csrf_obligatoriu(client):
    """Fara token CSRF valid -> 403, fara efect."""
    acct = _create_account_user("cf@test.com")
    sid = _insert_needs_mapping(acct, op="VERIF CSRF")
    _login(client, "cf@test.com")
    resp = client.post(f"/trimitere/{sid}/mapeaza", data={
        "cod_op_service": "VERIF CSRF", "cod_prestatie": "OE-1", "csrf_token": "gresit",
    })
    assert resp.status_code == 403
    assert _row(sid)["status"] == "needs_mapping"


def test_mapeaza_inline_respecta_batch(client):
    """Submission din import (batch_id setat) -> re-rezolvarea il atinge (queued)."""
    acct = _create_account_user("ba@test.com")
    from app.db import get_connection
    conn = get_connection()
    try:
        cur = conn.execute(
            "INSERT INTO import_batches (account_id, filename, status) VALUES (?, 'f.xlsx', 'committed')",
            (acct,),
        )
        conn.commit()
        batch_id = int(cur.lastrowid)
    finally:
        conn.close()
    sid = _insert_needs_mapping(acct, op="VERIF BATCH", batch_id=batch_id)
    _login(client, "ba@test.com")
    csrf = _csrf(client)
    resp = client.post(f"/trimitere/{sid}/mapeaza", data={
        "cod_op_service": "VERIF BATCH", "cod_prestatie": "OE-2",
        "auto_send": "true", "csrf_token": csrf,
    })
    assert resp.status_code == 200
    assert _row(sid)["status"] == "queued"