defmodule MvWeb.AuthControllerTest do
  use MvWeb.ConnCase, async: true

  test "GET /sign-in shows sign in form", %{conn: conn} do
    conn = get(conn, ~p"/sign-in")
    assert html_response(conn, 200) =~ "Sign in"
  end

  test "POST /sign-in with valid credentials redirects to home", %{conn: conn} do
    # Create a test user first
    conn = conn_with_oidc_user(conn)
    conn = get(conn, ~p"/sign-in")

    assert redirected_to(conn) == ~p"/"
  end

  test "POST /sign-in with invalid credentials shows error", %{conn: conn} do
    conn =
      post(conn, ~p"/auth/sign_in", %{
        "user" => %{
          "email" => "wrong@example.com",
          "password" => "wrongpassword"
        }
      })

    assert conn.status == 404
  end

  test "GET /sign-out redirects to home", %{conn: conn} do
    # First sign in a user
    conn = conn_with_oidc_user(conn)

    # Then sign out
    conn = get(conn, ~p"/sign-out")
    assert redirected_to(conn) == ~p"/"
  end

  test "unauthenticated user accessing protected route gets redirected to sign-in", %{conn: conn} do
    conn = get(conn, ~p"/members")
    assert redirected_to(conn) == ~p"/sign-in"
  end

  test "authenticated user can access protected route", %{conn: conn} do
    conn = conn_with_oidc_user(conn)
    conn = get(conn, ~p"/members")
    assert conn.status == 200
  end
end