from tests.unit.app.app_route_helpers import *


def test_rotate_mailu_password(monkeypatch) -> None:
    ctx = AuthContext(username="alice", email="", groups=["dev"], claims={})
    client = _client(monkeypatch, ctx)

    monkeypatch.setattr(app_module.keycloak_admin, "ready", lambda: True)
    monkeypatch.setattr(app_module.keycloak_admin, "set_user_attribute", lambda *args, **kwargs: None)
    monkeypatch.setattr(app_module.mailu, "ready", lambda: True)
    monkeypatch.setattr(app_module.mailu, "sync", lambda *args, **kwargs: None)
    monkeypatch.setattr(app_module.nextcloud, "sync_mail", lambda *args, **kwargs: {"status": "ok"})

    resp = client.post(
        "/api/account/mailu/rotate",
        headers={"Authorization": "Bearer token"},
    )
    assert resp.status_code == 200
    payload = resp.json()
    assert payload["sync_ok"] is True
    assert payload["password"]

def test_rotate_mailu_password_missing_config(monkeypatch) -> None:
    ctx = AuthContext(username="alice", email="", groups=["dev"], claims={})
    client = _client(monkeypatch, ctx)

    monkeypatch.setattr(app_module.keycloak_admin, "ready", lambda: False)

    resp = client.post(
        "/api/account/mailu/rotate",
        headers={"Authorization": "Bearer token"},
    )
    assert resp.status_code == 503

def test_require_account_access_allows_when_disabled(monkeypatch) -> None:
    ctx = AuthContext(username="alice", email="", groups=[], claims={})
    dummy_settings = type("S", (), {"account_allowed_groups": []})()
    monkeypatch.setattr(app_module, "settings", dummy_settings)
    app_module._require_account_access(ctx)

def test_rotate_mailu_password_missing_username(monkeypatch) -> None:
    ctx = AuthContext(username="", email="", groups=["dev"], claims={})
    client = _client(monkeypatch, ctx)
    monkeypatch.setattr(app_module.keycloak_admin, "ready", lambda: True)

    resp = client.post(
        "/api/account/mailu/rotate",
        headers={"Authorization": "Bearer token"},
    )
    assert resp.status_code == 400

def test_rotate_mailu_password_sync_error(monkeypatch) -> None:
    ctx = AuthContext(username="alice", email="", groups=["dev"], claims={})
    client = _client(monkeypatch, ctx)

    monkeypatch.setattr(app_module.keycloak_admin, "ready", lambda: True)
    monkeypatch.setattr(app_module.keycloak_admin, "set_user_attribute", lambda *args, **kwargs: None)
    monkeypatch.setattr(app_module.mailu, "ready", lambda: True)
    monkeypatch.setattr(app_module.mailu, "sync", lambda *args, **kwargs: (_ for _ in ()).throw(RuntimeError("fail")))
    monkeypatch.setattr(app_module.nextcloud, "sync_mail", lambda *args, **kwargs: (_ for _ in ()).throw(RuntimeError("fail")))

    resp = client.post(
        "/api/account/mailu/rotate",
        headers={"Authorization": "Bearer token"},
    )
    assert resp.status_code == 200
    payload = resp.json()
    assert payload["sync_ok"] is False
    assert payload["nextcloud_sync"]["status"] == "error"

def test_rotate_mailu_password_handles_storage_error(monkeypatch) -> None:
    ctx = AuthContext(username="alice", email="", groups=["dev"], claims={})
    client = _client(monkeypatch, ctx)

    monkeypatch.setattr(app_module.keycloak_admin, "ready", lambda: True)
    monkeypatch.setattr(app_module.keycloak_admin, "set_user_attribute", lambda *args, **kwargs: None)
    monkeypatch.setattr(app_module.storage, "record_task_run", lambda *args, **kwargs: (_ for _ in ()).throw(RuntimeError("fail")))

    resp = client.post(
        "/api/account/mailu/rotate",
        headers={"Authorization": "Bearer token"},
    )
    assert resp.status_code == 200

def test_rotate_mailu_password_failure(monkeypatch) -> None:
    ctx = AuthContext(username="alice", email="", groups=["dev"], claims={})
    client = _client(monkeypatch, ctx)

    monkeypatch.setattr(app_module.keycloak_admin, "ready", lambda: True)
    monkeypatch.setattr(app_module.keycloak_admin, "set_user_attribute", lambda *args, **kwargs: (_ for _ in ()).throw(RuntimeError("fail")))

    resp = client.post(
        "/api/account/mailu/rotate",
        headers={"Authorization": "Bearer token"},
    )
    assert resp.status_code == 502

def test_rotate_mailu_password_http_exception(monkeypatch) -> None:
    ctx = AuthContext(username="alice", email="", groups=["dev"], claims={})
    client = _client(monkeypatch, ctx)

    monkeypatch.setattr(app_module.keycloak_admin, "ready", lambda: True)
    monkeypatch.setattr(
        app_module.keycloak_admin,
        "set_user_attribute",
        lambda *args, **kwargs: (_ for _ in ()).throw(HTTPException(status_code=409, detail="conflict")),
    )

    resp = client.post(
        "/api/account/mailu/rotate",
        headers={"Authorization": "Bearer token"},
    )
    assert resp.status_code == 409