using NSubstitute;
using SIGCM2.Application.Abstractions.Persistence;
using SIGCM2.Application.Abstractions.Security;
using SIGCM2.Application.Audit;
using SIGCM2.Application.Usuarios.ResetPassword;
using SIGCM2.Domain.Entities;
using SIGCM2.Domain.Exceptions;

namespace SIGCM2.Application.Tests.Usuarios;

public class ResetUsuarioPasswordCommandHandlerTests
{
    private readonly IUsuarioRepository _repo = Substitute.For<IUsuarioRepository>();
    private readonly IPasswordHasher _hasher = Substitute.For<IPasswordHasher>();
    private readonly IRefreshTokenRepository _refreshRepo = Substitute.For<IRefreshTokenRepository>();
    private readonly IAuditLogger _audit = Substitute.For<IAuditLogger>();
    private readonly ResetUsuarioPasswordCommandHandler _handler;

    public ResetUsuarioPasswordCommandHandlerTests()
    {
        _handler = new ResetUsuarioPasswordCommandHandler(_repo, _hasher, _refreshRepo, _audit);
        _hasher.Hash(Arg.Any<string>()).Returns(args => "$2a$12$hashof_" + args[0]);
    }

    private static Usuario MakeUser(int id = 5)
        => new(id, "user" + id, "$2a$12$hash", "Test", "User", null, "cajero", "[]", true);

    [Fact]
    public async Task Handle_Returns_TempPassword_MinLength12_With_Diversity()
    {
        _repo.GetByIdAsync(5, Arg.Any<CancellationToken>()).Returns(MakeUser(5));

        var result = await _handler.Handle(new ResetUsuarioPasswordCommand(TargetId: 5, CallerId: 1));

        Assert.True(result.TempPassword.Length >= 12, $"TempPassword too short: {result.TempPassword.Length}");
        Assert.True(result.MustChangeOnLogin);
    }

    [Fact]
    public async Task Handle_Calls_UpdatePasswordAsync_With_MustChange_True()
    {
        _repo.GetByIdAsync(5, Arg.Any<CancellationToken>()).Returns(MakeUser(5));

        await _handler.Handle(new ResetUsuarioPasswordCommand(TargetId: 5, CallerId: 1));

        await _repo.Received(1).UpdatePasswordAsync(
            5,
            Arg.Any<string>(),
            mustChangePassword: true,
            Arg.Any<CancellationToken>());
    }

    [Fact]
    public async Task Handle_Revokes_All_Refresh_Tokens_Of_Target()
    {
        _repo.GetByIdAsync(5, Arg.Any<CancellationToken>()).Returns(MakeUser(5));

        await _handler.Handle(new ResetUsuarioPasswordCommand(TargetId: 5, CallerId: 1));

        await _refreshRepo.Received(1).RevokeAllActiveForUserAsync(5, Arg.Any<DateTime>(), Arg.Any<CancellationToken>());
    }

    [Fact]
    public async Task Handle_Throws_UsuarioNotFoundException_When_Target_Not_Found()
    {
        _repo.GetByIdAsync(9999, Arg.Any<CancellationToken>()).Returns((Usuario?)null);

        await Assert.ThrowsAsync<UsuarioNotFoundException>(
            () => _handler.Handle(new ResetUsuarioPasswordCommand(TargetId: 9999, CallerId: 1)));
    }

    [Fact]
    public async Task Handle_Throws_CannotSelfResetException_When_Caller_Equals_Target()
    {
        await Assert.ThrowsAsync<CannotSelfResetException>(
            () => _handler.Handle(new ResetUsuarioPasswordCommand(TargetId: 1, CallerId: 1)));
    }
}