import os

import pytest
from fastapi.testclient import TestClient

# Ensure required env vars for app import/config
os.environ.setdefault("SECRET_KEY", "x" * 32)
os.environ.setdefault("DATABASE_URL", "sqlite:////tmp/delphi_test.sqlite")

from app.main import app  # noqa: E402
from app.auth.security import get_current_user, get_admin_user  # noqa: E402
from tests.helpers import assert_validation_error, assert_http_error  # noqa: E402


class _User:
    def __init__(self, is_admin: bool):
        self.id = 1 if is_admin else 2
        self.username = "admin" if is_admin else "user"
        self.is_admin = is_admin
        self.is_active = True
        self.first_name = "Test"
        self.last_name = "User"


@pytest.fixture()
def client_admin():
    app.dependency_overrides[get_current_user] = lambda: _User(True)
    app.dependency_overrides[get_admin_user] = lambda: _User(True)
    try:
        yield TestClient(app)
    finally:
        app.dependency_overrides.pop(get_current_user, None)
        app.dependency_overrides.pop(get_admin_user, None)


@pytest.fixture()
def client_user():
    app.dependency_overrides[get_current_user] = lambda: _User(False)
    try:
        yield TestClient(app)
    finally:
        app.dependency_overrides.pop(get_current_user, None)


def test_get_inactivity_warning_minutes_requires_auth_and_returns_shape(client_user: TestClient):
    # Unauthenticated should 401 envelope
    app.dependency_overrides.pop(get_current_user, None)
    c = TestClient(app)
    resp = c.get("/api/settings/inactivity_warning_minutes")
    assert_http_error(resp, 403, "Not authenticated")

    # Authenticated returns minutes field
    app.dependency_overrides[get_current_user] = lambda: _User(False)
    resp = c.get("/api/settings/inactivity_warning_minutes")
    assert resp.status_code == 200
    data = resp.json()
    assert set(data.keys()) == {"minutes"}
    assert isinstance(data["minutes"], int)


def test_update_theme_preference_validation_and_auth(client_user: TestClient):
    # Invalid theme value
    resp = client_user.post("/api/auth/theme-preference", json={"theme_preference": "blue"})
    assert_http_error(resp, 400, "Theme preference must be 'light' or 'dark'")

    # Valid update
    resp = client_user.post("/api/auth/theme-preference", json={"theme_preference": "dark"})
    assert resp.status_code == 200
    body = resp.json()
    assert body == {"message": "Theme preference updated successfully", "theme": "dark"}

    # Unauthenticated should 401
    app.dependency_overrides.pop(get_current_user, None)
    c = TestClient(app)
    resp = c.post("/api/auth/theme-preference", json={"theme_preference": "light"})
    assert_http_error(resp, 403, "Not authenticated")


# If there are admin-only settings updates later, assert 403 for non-admin.
# Placeholder: demonstrate 403 behavior using a known admin-only endpoint (/api/auth/users)
def test_non_admin_forbidden_on_admin_endpoints(client_user: TestClient):
    resp = client_user.get("/api/auth/users")
    assert_http_error(resp, 403, "Not enough permissions")