<?php

use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;

uses(RefreshDatabase::class);

it('allows login with email and password', function () {
    $user = User::factory()->create([
        'email' => 'test@example.com',
        'password' => 'password123',
    ]);

    $this->post('/login', [
        'login' => 'test@example.com',
        'password' => 'password123',
    ])->assertRedirect('/dashboard');

    $this->assertAuthenticatedAs($user);
});

it('allows login with username and password', function () {
    $user = User::factory()->create([
        'username' => 'testuser',
        'password' => 'password123',
    ]);

    $this->post('/login', [
        'login' => 'testuser',
        'password' => 'password123',
    ])->assertRedirect('/dashboard');

    $this->assertAuthenticatedAs($user);
});

it('allows case-insensitive username login', function () {
    $user = User::factory()->create([
        'username' => 'TestUser',
        'password' => 'password123',
    ]);

    $this->post('/login', [
        'login' => 'testuser',
        'password' => 'password123',
    ])->assertRedirect('/dashboard');

    $this->assertAuthenticatedAs($user);
});

it('rejects login with wrong password', function () {
    User::factory()->create([
        'email' => 'test@example.com',
        'password' => 'password123',
    ]);

    $this->post('/login', [
        'login' => 'test@example.com',
        'password' => 'wrongpassword',
    ])->assertSessionHasErrors('login');

    $this->assertGuest();
});

it('rejects login with nonexistent user', function () {
    $this->post('/login', [
        'login' => 'nobody@example.com',
        'password' => 'password123',
    ])->assertSessionHasErrors('login');

    $this->assertGuest();
});

it('blocks password login for social-only users', function () {
    User::factory()->social()->create([
        'email' => 'social@example.com',
    ]);

    $this->post('/login', [
        'login' => 'social@example.com',
        'password' => 'anything',
    ])->assertSessionHasErrors('login');

    $this->assertGuest();
});

it('blocks password login for social-only users with any password attempt', function () {
    User::factory()->social()->create([
        'email' => 'social@example.com',
    ]);

    $passwords = ['', 'password', 'null', '0', 'false'];

    foreach ($passwords as $password) {
        $this->post('/login', [
            'login' => 'social@example.com',
            'password' => $password,
        ]);

        $this->assertGuest();
    }
});

it('blocks password login for social-only users via username', function () {
    User::factory()->social()->create([
        'username' => 'socialuser',
    ]);

    $this->post('/login', [
        'login' => 'socialuser',
        'password' => 'anything',
    ])->assertSessionHasErrors('login');

    $this->assertGuest();
});