from __future__ import annotations

"""Tests for the Keycloak auth config route."""

from atlas_portal.app_factory import create_app
from atlas_portal import settings


def test_auth_config_disabled_by_default() -> None:
    app = create_app()
    client = app.test_client()

    resp = client.get("/api/auth/config")

    assert resp.status_code == 200
    assert resp.get_json() == {"enabled": False}


def test_auth_config_builds_urls_when_enabled(monkeypatch) -> None:
    monkeypatch.setattr(settings, "KEYCLOAK_ENABLED", True)
    monkeypatch.setattr(settings, "KEYCLOAK_URL", "https://sso.example.dev")
    monkeypatch.setattr(settings, "KEYCLOAK_REALM", "atlas")
    monkeypatch.setattr(settings, "KEYCLOAK_CLIENT_ID", "portal-client")
    monkeypatch.setattr(settings, "KEYCLOAK_ISSUER", "https://sso.example.dev/realms/atlas")

    app = create_app()
    client = app.test_client()

    resp = client.get("/api/auth/config", base_url="https://portal.example.dev")
    data = resp.get_json()

    assert resp.status_code == 200
    assert data["enabled"] is True
    assert data["login_url"].startswith("https://sso.example.dev/realms/atlas/protocol/openid-connect/auth")
    assert "client_id=portal-client" in data["login_url"]
    assert data["account_password_url"].endswith("#/security/signingin")