using e_suite.API.Common.models;
using Microsoft.AspNetCore.Http;
using Moq;
using NUnit.Framework;

namespace eSuite.API.UnitTests.SingleSignOn.CookieManager;

[TestFixture]
public class CreateSessionCookieUnitTests : CookieManagerTestBase
{
    [SetUp]
    public override async Task Setup()
    {
        await base.Setup();
    }

    [Test]
    public async Task CreateSessionCookie_WhenCalled_AddsSessionCookieToResponseWithCorrectSettings()
    {
        //Arrange
        var cookies = new FakeResponseCookies();

        var httpResponseMock = new Mock<HttpResponse>();
        httpResponseMock.SetupGet(x => x.Cookies).Returns(cookies);

        var loginResponse = new LoginResponse
        {
            Result = LoginResult.Success,
            Token = "JSON Web Token"
        };

        //Act
        await _cookieManager.CreateSessionCookie(httpResponseMock.Object, loginResponse);

        //Assert
        Assert.That(cookies.CookieDictionary["eSuiteSession"], Is.Not.Null);
        Assert.That(cookies.CookieDictionary["eSuiteSession"].Value, Is.EqualTo(loginResponse.Token));
        var cookieOptions = cookies.CookieDictionary["eSuiteSession"].CookieOptions!;
        Assert.That(cookieOptions.Expires, Is.Null);
        Assert.That(cookieOptions.HttpOnly, Is.False); //Needs to be false to be readable by Javascript (React)
        Assert.That(cookieOptions.IsEssential, Is.True);
        Assert.That(cookieOptions.Secure, Is.True);
        Assert.That(cookieOptions.SameSite, Is.EqualTo(SameSiteMode.Strict)); //Don't allow cross site calls to include the cookie
        Assert.That(cookieOptions.Path, Is.EqualTo("/"));
    }
}