from fastapi import HTTPException

from app import auth
from app.config import Settings


def test_student_cookie_signing_roundtrip():
    settings = Settings(secret_key="secret", public_url="http://testserver")
    token = auth.sign_student(settings, "ABC123", "s1", "Ada", "cookie-id")
    payload = auth.loads_cookie(settings, token)
    assert payload == {"sid": "ABC123", "student_id": "s1", "name": "Ada", "cookie_id": "cookie-id"}


def test_tampered_cookie_rejected():
    settings = Settings(secret_key="secret")
    token = auth.sign_admin(settings)
    assert auth.loads_cookie(settings, token + "tamper") is None


def test_admin_password_success_and_failure():
    settings = Settings(secret_key="secret", admin_password="pw")
    assert auth.verify_admin_password(settings, "pw")
    assert not auth.verify_admin_password(settings, "wrong")
    assert not auth.verify_admin_password(Settings(secret_key="secret"), "pw")


def test_serializer_requires_secret():
    try:
        auth.sign_admin(Settings(secret_key=None))
    except HTTPException as exc:
        assert exc.status_code == 500
    else:
        raise AssertionError("Expected missing secret to fail")