<?php

use App\Models\User;
use App\Providers\RouteServiceProvider;
use RyanChandler\LaravelCloudflareTurnstile\Facades\Turnstile;

test('new users can register', function () {
    installHotel();

    // Fake the Cloudflare Turnstile validation
    Turnstile::fake();

    // Get CSRF token from register page
    $registerPage = $this->get('/register');
    $token = session('_token');

    // Verify register page loads
    $registerPage->assertStatus(200);
    expect($token)->not->toBeNull();
    expect($token)->toBeString();
    expect(strlen($token))->toBe(40);

    // Initial state
    expect(User::count())->toBe(0);
    expect(auth()->guest())->toBeTrue();

    // Attempt registration
    $response = $this->post('/register', [
        '_token' => $token,
        'username' => 'Test_User',
        'mail' => 'test@example.com',
        'password' => 'password',
        'password_confirmation' => 'password',
        'terms' => true,
        'cf-turnstile-response' => 'fake-test-response',
    ]);

    // Response checks
    expect($response->status())->toBe(302);
    expect($response->isRedirect())->toBeTrue();
    expect(auth()->check())->toBeTrue();
    expect(auth()->user()->username)->toBe('Test_User');
    expect(auth()->user()->mail)->toBe('test@example.com');

    // Location check
    $location = parse_url($response->headers->get('Location'), PHP_URL_PATH);
    expect($location)->toBe(parse_url(RouteServiceProvider::HOME, PHP_URL_PATH));

    // Database verification
    $this->assertDatabaseHas('users', [
        'username' => 'Test_User',
        'mail' => 'test@example.com',
    ]);

    // User count check
    expect(User::count())->toBe(1);

    // Retrieve and verify user
    $user = User::where('username', 'Test_User')->first();
    expect($user)->not->toBeNull();
    expect($user->mail)->toBe('test@example.com');
    expect($user->password)->not->toBe('password'); // Should be hashed
    expect($user->id)->toBeInt();
    expect($user->id)->toBeGreaterThan(0);

    // Follow redirect and verify user is logged in
    $dashboardResponse = $this->get('/user/me');
    $dashboardResponse->assertStatus(200);
    $dashboardResponse->assertSee('Test_User');
});

test('registration requires username', function () {
    installHotel();

    // Fake the Cloudflare Turnstile validation
    Turnstile::fake();

    // Get CSRF token
    $this->get('/register');
    $token = session('_token');

    // Attempt registration without username
    $response = $this->post('/register', [
        '_token' => $token,
        'mail' => 'test@example.com',
        'password' => 'password',
        'password_confirmation' => 'password',
        'terms' => true,
        'cf-turnstile-response' => 'fake-test-response',
    ]);

    expect($response->status())->toBe(302);
    expect(auth()->guest())->toBeTrue();
    expect(User::count())->toBe(0);
    expect(session('errors'))->not->toBeNull();
});

test('registration requires email', function () {
    installHotel();

    // Fake the Cloudflare Turnstile validation
    Turnstile::fake();

    // Get CSRF token
    $this->get('/register');
    $token = session('_token');

    // Attempt registration without email
    $response = $this->post('/register', [
        '_token' => $token,
        'username' => 'Test_User',
        'password' => 'password',
        'password_confirmation' => 'password',
        'terms' => true,
        'cf-turnstile-response' => 'fake-test-response',
    ]);

    expect($response->status())->toBe(302);
    expect(auth()->guest())->toBeTrue();
    expect(User::count())->toBe(0);
    expect(session('errors'))->not->toBeNull();
});

test('registration requires password', function () {
    installHotel();

    // Fake the Cloudflare Turnstile validation
    Turnstile::fake();

    // Get CSRF token
    $this->get('/register');
    $token = session('_token');

    // Attempt registration without password
    $response = $this->post('/register', [
        '_token' => $token,
        'username' => 'Test_User',
        'mail' => 'test@example.com',
        'password_confirmation' => 'password',
        'terms' => true,
        'cf-turnstile-response' => 'fake-test-response',
    ]);

    expect($response->status())->toBe(302);
    expect(auth()->guest())->toBeTrue();
    expect(User::count())->toBe(0);
    expect(session('errors'))->not->toBeNull();
});

test('registration requires password confirmation', function () {
    installHotel();

    // Fake the Cloudflare Turnstile validation
    Turnstile::fake();

    // Get CSRF token
    $this->get('/register');
    $token = session('_token');

    // Attempt registration without password confirmation
    $response = $this->post('/register', [
        '_token' => $token,
        'username' => 'Test_User',
        'mail' => 'test@example.com',
        'password' => 'password',
        'terms' => true,
        'cf-turnstile-response' => 'fake-test-response',
    ]);

    expect($response->status())->toBe(302);
    expect(auth()->guest())->toBeTrue();
    expect(User::count())->toBe(0);
    expect(session('errors'))->not->toBeNull();
});

test('registration requires terms acceptance', function () {
    installHotel();

    // Fake the Cloudflare Turnstile validation
    Turnstile::fake();

    // Get CSRF token
    $this->get('/register');
    $token = session('_token');

    // Attempt registration without terms
    $response = $this->post('/register', [
        '_token' => $token,
        'username' => 'Test_User',
        'mail' => 'test@example.com',
        'password' => 'password',
        'password_confirmation' => 'password',
        'cf-turnstile-response' => 'fake-test-response',
    ]);

    expect($response->status())->toBe(302);
    expect(auth()->guest())->toBeTrue();
    expect(User::count())->toBe(0);
    expect(session('errors'))->not->toBeNull();
});

test('registration requires matching passwords', function () {
    installHotel();

    // Fake the Cloudflare Turnstile validation
    Turnstile::fake();

    // Get CSRF token
    $this->get('/register');
    $token = session('_token');

    // Attempt registration with mismatched passwords
    $response = $this->post('/register', [
        '_token' => $token,
        'username' => 'Test_User',
        'mail' => 'test@example.com',
        'password' => 'password',
        'password_confirmation' => 'different_password',
        'terms' => true,
        'cf-turnstile-response' => 'fake-test-response',
    ]);

    expect($response->status())->toBe(302);
    expect(auth()->guest())->toBeTrue();
    expect(User::count())->toBe(0);
    expect(session('errors'))->not->toBeNull();
});

test('registration requires unique username', function () {
    installHotel();

    // Create existing user
    User::factory()->create([
        'username' => 'ExistingUser',
        'mail' => 'existing@example.com',
    ]);

    // Fake the Cloudflare Turnstile validation
    Turnstile::fake();

    // Get CSRF token
    $this->get('/register');
    $token = session('_token');

    // Attempt registration with existing username
    $response = $this->post('/register', [
        '_token' => $token,
        'username' => 'ExistingUser',
        'mail' => 'new@example.com',
        'password' => 'password',
        'password_confirmation' => 'password',
        'terms' => true,
        'cf-turnstile-response' => 'fake-test-response',
    ]);

    expect($response->status())->toBe(302);
    expect(auth()->guest())->toBeTrue();
    expect(User::count())->toBe(1); // Still only 1 user
    expect(session('errors'))->not->toBeNull();
});

test('registration requires unique email', function () {
    installHotel();

    // Create existing user
    User::factory()->create([
        'username' => 'ExistingUser',
        'mail' => 'existing@example.com',
    ]);

    // Fake the Cloudflare Turnstile validation
    Turnstile::fake();

    // Get CSRF token
    $this->get('/register');
    $token = session('_token');

    // Attempt registration with existing email
    $response = $this->post('/register', [
        '_token' => $token,
        'username' => 'NewUser',
        'mail' => 'existing@example.com',
        'password' => 'password',
        'password_confirmation' => 'password',
        'terms' => true,
        'cf-turnstile-response' => 'fake-test-response',
    ]);

    expect($response->status())->toBe(302);
    expect(auth()->guest())->toBeTrue();
    expect(User::count())->toBe(1); // Still only 1 user
    expect(session('errors'))->not->toBeNull();
});

test('registration requires valid email format', function () {
    installHotel();

    // Fake the Cloudflare Turnstile validation
    Turnstile::fake();

    // Get CSRF token
    $this->get('/register');
    $token = session('_token');

    // Attempt registration with invalid email
    $response = $this->post('/register', [
        '_token' => $token,
        'username' => 'Test_User',
        'mail' => 'invalid-email',
        'password' => 'password',
        'password_confirmation' => 'password',
        'terms' => true,
        'cf-turnstile-response' => 'fake-test-response',
    ]);

    expect($response->status())->toBe(302);
    expect(auth()->guest())->toBeTrue();
    expect(User::count())->toBe(0);
    expect(session('errors'))->not->toBeNull();
});

test('registration requires csrf token', function () {
    installHotel();

    // Fake the Cloudflare Turnstile validation
    Turnstile::fake();

    // Attempt registration without CSRF token
    $response = $this->post('/register', [
        'username' => 'Test_User',
        'mail' => 'test@example.com',
        'password' => 'password',
        'password_confirmation' => 'password',
        'terms' => true,
        'cf-turnstile-response' => 'fake-test-response',
    ]);

    expect($response->status())->toBe(419);
    expect(auth()->guest())->toBeTrue();
    expect(User::count())->toBe(0);
});