package user

import (
	"testing"
	"time"

	"github.com/stretchr/testify/assert"
)

func TestJWTSecretManager(t *testing.T) {
	// Create a new secret manager with initial secret
	manager := NewJWTSecretManager("primary-secret")

	// Test initial state
	assert.Equal(t, "primary-secret", manager.GetPrimarySecret())

	// Test GetAllValidSecrets initially
	secrets := manager.GetAllValidSecrets()
	assert.Len(t, secrets, 1)
	assert.Equal(t, "primary-secret", secrets[0].Secret)
	assert.True(t, secrets[0].IsPrimary)
	assert.Nil(t, secrets[0].ExpiresAt)

	// Add a secondary secret
	manager.AddSecret("secondary-secret", false, 0) // 0 means no expiration

	// Test after adding secondary secret
	assert.Equal(t, "primary-secret", manager.GetPrimarySecret()) // Primary should not change

	secrets = manager.GetAllValidSecrets()
	assert.Len(t, secrets, 2)

	// Find the secondary secret
	foundSecondary := false
	for _, secret := range secrets {
		if secret.Secret == "secondary-secret" {
			foundSecondary = true
			assert.False(t, secret.IsPrimary)
			assert.Nil(t, secret.ExpiresAt) // Should have no expiration
			break
		}
	}
	assert.True(t, foundSecondary, "Secondary secret should be found in valid secrets")

	// Test rotation
	manager.RotateToSecret("new-primary-secret")
	assert.Equal(t, "new-primary-secret", manager.GetPrimarySecret())

	secrets = manager.GetAllValidSecrets()
	assert.Len(t, secrets, 3) // Should have 3 secrets now

	// Find the new primary secret
	foundNewPrimary := false
	for _, secret := range secrets {
		if secret.Secret == "new-primary-secret" {
			foundNewPrimary = true
			assert.True(t, secret.IsPrimary)
			assert.Nil(t, secret.ExpiresAt) // Should have no expiration
			break
		}
	}
	assert.True(t, foundNewPrimary, "New primary secret should be found in valid secrets")
}

func TestJWTSecretExpiration(t *testing.T) {
	manager := NewJWTSecretManager("primary-secret")

	// Add a secret with expiration
	manager.AddSecret("expiring-secret", false, 1*time.Hour) // Expires in 1 hour

	// Should have 2 secrets initially
	secrets := manager.GetAllValidSecrets()
	assert.Len(t, secrets, 2)

	// Test expiration logic
	foundExpiring := false
	for _, secret := range secrets {
		if secret.Secret == "expiring-secret" {
			foundExpiring = true
			assert.NotNil(t, secret.ExpiresAt)
			assert.True(t, secret.ExpiresAt.After(time.Now()))
			break
		}
	}
	assert.True(t, foundExpiring)
}