"""Tests for authentication endpoints."""
from fastapi.testclient import TestClient
from sqlalchemy.orm import Session

from app.models.user import User


def test_login_success(client: TestClient, test_user: User) -> None:
    """Test successful login."""
    response = client.post(
        "/api/auth/login",
        json={"email": "test@example.com", "password": "testpassword"},
    )
    assert response.status_code == 200
    data = response.json()
    assert "access_token" in data
    assert data["token_type"] == "bearer"


def test_login_wrong_password(client: TestClient, test_user: User) -> None:
    """Test login with wrong password."""
    response = client.post(
        "/api/auth/login",
        json={"email": "test@example.com", "password": "wrongpassword"},
    )
    assert response.status_code == 401
    assert "Incorrect email or password" in response.json()["detail"]


def test_login_nonexistent_user(client: TestClient) -> None:
    """Test login with non-existent user."""
    response = client.post(
        "/api/auth/login",
        json={"email": "nonexistent@example.com", "password": "password"},
    )
    assert response.status_code == 401


def test_login_inactive_user(client: TestClient, test_user: User, db: Session) -> None:
    """Test login with inactive user."""
    test_user.is_active = False
    db.commit()

    response = client.post(
        "/api/auth/login",
        json={"email": "test@example.com", "password": "testpassword"},
    )
    assert response.status_code == 403
    assert "disabled" in response.json()["detail"].lower()


def test_protected_endpoint_without_token(client: TestClient) -> None:
    """Test accessing protected endpoint without token."""
    # HTTPBearer returns 403 when no Authorization header is provided
    response = client.get("/api/bookings/my")
    assert response.status_code == 403