"""Smoke-Tests fuer Auth-Flows: Register, Login, Logout, /me."""

import secrets


def test_register_creates_pending_user(client):
    """Frischer User -> pending_verification=True."""
    email = f"new-{secrets.token_hex(4)}@example.com"
    r = client.post("/api/auth/register", json={
        "email": email,
        "password": "TestPass123!",
        "name": f"user{secrets.token_hex(3)}",
    })
    assert r.status_code == 200, r.text
    assert r.json().get("pending_verification") is True


def test_login_with_wrong_password_returns_401(client, user):
    """Falsches Passwort -> 401."""
    r = client.post("/api/auth/login", json={
        "email": user["email"], "password": "WrongPass!!"
    })
    assert r.status_code == 401


def test_login_returns_token(client, user):
    """Korrekte Credentials -> JWT-Token."""
    r = client.post("/api/auth/login", json={
        "email": user["email"], "password": user["password"]
    })
    assert r.status_code == 200
    assert "token" in r.json()


def test_me_requires_auth(client):
    """/api/auth/me ohne Token -> 401."""
    r = client.get("/api/auth/me")
    assert r.status_code == 401


def test_me_returns_user_info(client, user):
    """/api/auth/me mit gueltigem Token -> User-Objekt."""
    r = client.get("/api/auth/me", headers=user["headers"])
    assert r.status_code == 200
    data = r.json()
    assert data["email"] == user["email"]
    assert data["name"]  == user["name"]
    # email_verified wurde im Fixture per DB-Update auf 1 gesetzt
    assert data["email_verified"] == 1


def test_logout_clears_cookie(client, user):
    """/api/auth/logout -> ok."""
    r = client.post("/api/auth/logout", headers=user["headers"])
    assert r.status_code == 200
    assert r.json()["ok"] is True