// Copyright (C) 2021  Aravinth Manivannan <realaravinth@batsense.net>
// SPDX-FileCopyrightText: 2023 Aravinth Manivannan <realaravinth@batsense.net>
//
// SPDX-License-Identifier: AGPL-3.0-or-later

use actix_web::http::StatusCode;
use actix_web::test;

use crate::*;

use crate::tests::*;

#[actix_rt::test]
async fn protected_routes_work() {
    const NAME: &str = "testuser619";
    const PASSWORD: &str = "longpassword2";
    const EMAIL: &str = "testuser119@a.com2";

    let get_protected_urls = [V1_API_ROUTES.admin.auth.logout];
    let data = get_test_data().await;

    {
        delete_user(NAME, &data).await;
    }

    let (_, signin_resp) = register_and_signin(&data, NAME, EMAIL, PASSWORD).await;
    let cookies = get_cookie!(signin_resp);
    let app = get_app!(data).await;

    for url in get_protected_urls.iter() {
        let resp =
            test::call_service(&app, test::TestRequest::get().uri(url).to_request())
                .await;
        assert_eq!(resp.status(), StatusCode::FOUND);

        let authenticated_resp = test::call_service(
            &app,
            test::TestRequest::get()
                .uri(url)
                .cookie(cookies.clone())
                .to_request(),
        )
        .await;

        if url == &V1_API_ROUTES.admin.auth.logout {
            assert_eq!(authenticated_resp.status(), StatusCode::FOUND);
        } else {
            assert_eq!(authenticated_resp.status(), StatusCode::OK);
        }
    }
}