condado-newsletter/backend/src/test/kotlin/com/condado/newsletter/service/AuthServiceTest.kt

package com.condado.newsletter.service

import io.mockk.every
import io.mockk.mockk
import org.assertj.core.api.Assertions.assertThat
import org.junit.jupiter.api.BeforeEach
import org.junit.jupiter.api.Test
import org.junit.jupiter.api.assertThrows

class AuthServiceTest {

    private val jwtService: JwtService = mockk()
    private lateinit var authService: AuthService

    @BeforeEach
    fun setUp() {
        authService = AuthService(
            jwtService = jwtService,
            appPassword = "testpassword"
        )
    }

    @Test
    fun should_returnJwtToken_when_correctPasswordProvided() {
        every { jwtService.generateToken() } returns "jwt-token"

        val token = authService.login("testpassword")

        assertThat(token).isEqualTo("jwt-token")
    }

    @Test
    fun should_throwUnauthorizedException_when_wrongPasswordProvided() {
        assertThrows<UnauthorizedException> {
            authService.login("wrongpassword")
        }
    }

    @Test
    fun should_returnValidClaims_when_jwtTokenParsed() {
        val realJwtService = JwtService(
            secret = "test-secret-key-for-testing-only-must-be-at-least-32-characters",
            expirationMsRaw = "86400000"
        )
        val token = realJwtService.generateToken()

        assertThat(realJwtService.validateToken(token)).isTrue()
    }

    @Test
    fun should_returnFalse_when_expiredTokenValidated() {
        val realJwtService = JwtService(
            secret = "test-secret-key-for-testing-only-must-be-at-least-32-characters",
            expirationMsRaw = "1"
        )
        val token = realJwtService.generateToken()

        Thread.sleep(10) // wait for expiration

        assertThat(realJwtService.validateToken(token)).isFalse()
    }
}