package auth

import "strings"
import "testing"
import "time"

import "codit/internal/config"

func TestHashAndComparePassword(t *testing.T) {
	var hash string
	var err error
	hash, err = HashPassword("pw-123")
	if err != nil {
		t.Fatalf("HashPassword() error: %v", err)
	}
	err = ComparePassword(hash, "pw-123")
	if err != nil {
		t.Fatalf("ComparePassword() failed for correct password: %v", err)
	}
	err = ComparePassword(hash, "wrong")
	if err == nil {
		t.Fatalf("ComparePassword() must fail for wrong password")
	}
}

func TestNewSessionToken(t *testing.T) {
	var a string
	var b string
	var err error
	a, err = NewSessionToken()
	if err != nil {
		t.Fatalf("NewSessionToken() error: %v", err)
	}
	b, err = NewSessionToken()
	if err != nil {
		t.Fatalf("NewSessionToken() error for second token: %v", err)
	}
	if a == b {
		t.Fatalf("session tokens must differ")
	}
	if strings.Contains(a, "=") {
		t.Fatalf("token must be raw base64 without padding: %s", a)
	}
}

func TestSessionExpiry(t *testing.T) {
	var cfg config.Config
	var before time.Time
	var after time.Time
	var exp time.Time
	before = time.Now().UTC()
	cfg.SessionTTL = config.Duration(2 * time.Hour)
	exp = SessionExpiry(cfg)
	after = time.Now().UTC()
	if exp.Before(before.Add(2*time.Hour-time.Second)) || exp.After(after.Add(2*time.Hour+time.Second)) {
		t.Fatalf("unexpected session expiry: %v", exp)
	}
}