mitgliederverwaltung/test/accounts/user_email_sync_test.exs

defmodule Mv.Accounts.UserEmailSyncTest do
  @moduledoc """
  Tests for email synchronization from User to Member.
  When a user and member are linked, email changes should sync bidirectionally.
  User.email is the source of truth when linking occurs.
  """
  use Mv.DataCase, async: false
  alias Mv.Accounts
  alias Mv.Membership

  describe "User email synchronization to linked Member" do
    @valid_user_attrs %{
      email: "user@example.com"
    }

    @valid_member_attrs %{
      first_name: "John",
      last_name: "Doe",
      email: "member@example.com"
    }

    test "updating user email syncs to linked member" do
      # Create a member
      {:ok, member} = Membership.create_member(@valid_member_attrs)
      assert member.email == "member@example.com"

      # Create a user linked to the member
      {:ok, user} =
        Accounts.create_user(Map.put(@valid_user_attrs, :member, %{id: member.id}))

      # Verify initial state - member email should be overridden by user email
      {:ok, member_after_link} = Ash.get(Mv.Membership.Member, member.id)
      assert member_after_link.email == "user@example.com"

      # Update user email
      {:ok, updated_user} = Accounts.update_user(user, %{email: "newemail@example.com"})
      assert to_string(updated_user.email) == "newemail@example.com"

      # Verify member email was also updated
      {:ok, synced_member} = Ash.get(Mv.Membership.Member, member.id)
      assert synced_member.email == "newemail@example.com"
    end

    test "creating user linked to member overrides member email" do
      # Create a member with their own email
      {:ok, member} = Membership.create_member(@valid_member_attrs)
      assert member.email == "member@example.com"

      # Create a user linked to this member
      {:ok, user} =
        Accounts.create_user(Map.put(@valid_user_attrs, :member, %{id: member.id}))

      assert to_string(user.email) == "user@example.com"
      assert user.member_id == member.id

      # Verify member email was overridden with user email
      {:ok, updated_member} = Ash.get(Mv.Membership.Member, member.id)
      assert updated_member.email == "user@example.com"
    end

    test "linking user to existing member syncs user email to member" do
      # Create a standalone member
      {:ok, member} = Membership.create_member(@valid_member_attrs)
      assert member.email == "member@example.com"

      # Create a standalone user
      {:ok, user} = Accounts.create_user(@valid_user_attrs)
      assert to_string(user.email) == "user@example.com"
      assert user.member_id == nil

      # Link the user to the member
      {:ok, linked_user} = Accounts.update_user(user, %{member: %{id: member.id}})
      assert linked_user.member_id == member.id

      # Verify member email was overridden with user email
      {:ok, synced_member} = Ash.get(Mv.Membership.Member, member.id)
      assert synced_member.email == "user@example.com"
    end

    test "updating user email when no member linked does not error" do
      # Create a standalone user without member link
      {:ok, user} = Accounts.create_user(@valid_user_attrs)
      assert to_string(user.email) == "user@example.com"
      assert user.member_id == nil

      # Update user email - should work fine without error
      {:ok, updated_user} = Accounts.update_user(user, %{email: "newemail@example.com"})
      assert to_string(updated_user.email) == "newemail@example.com"
      assert updated_user.member_id == nil
    end

    test "unlinking user from member does not sync email" do
      # Create member
      {:ok, member} = Membership.create_member(@valid_member_attrs)

      # Create user linked to member
      {:ok, user} =
        Accounts.create_user(Map.put(@valid_user_attrs, :member, %{id: member.id}))

      assert user.member_id == member.id

      # Verify member email was synced
      {:ok, synced_member} = Ash.get(Mv.Membership.Member, member.id)
      assert synced_member.email == "user@example.com"

      # Unlink user from member
      {:ok, unlinked_user} = Accounts.update_user(user, %{member: nil})
      assert unlinked_user.member_id == nil

      # Member email should remain unchanged after unlinking
      {:ok, member_after_unlink} = Ash.get(Mv.Membership.Member, member.id)
      assert member_after_unlink.email == "user@example.com"
    end
  end

  describe "AshAuthentication compatibility" do
    test "AshAuthentication password strategy still works with email" do
      # This test ensures that the email field remains accessible for password auth
      email = "test@example.com"
      password = "securepassword123"

      # Create user with password strategy (simulating registration)
      {:ok, user} =
        Mv.Accounts.User
        |> Ash.Changeset.for_create(:register_with_password, %{
          email: email,
          password: password
        })
        |> Ash.create()

      assert to_string(user.email) == email
      assert user.hashed_password != nil

      # Verify we can sign in with email
      {:ok, signed_in_user} =
        Mv.Accounts.User
        |> Ash.Query.for_read(:sign_in_with_password, %{
          email: email,
          password: password
        })
        |> Ash.read_one()

      assert signed_in_user.id == user.id
      assert to_string(signed_in_user.email) == email
    end

    test "AshAuthentication OIDC strategy still works with email" do
      # This test ensures the OIDC flow can still set email
      user_info = %{
        "preferred_username" => "oidc@example.com",
        "sub" => "oidc-user-123"
      }

      oauth_tokens = %{"access_token" => "mock_token"}

      # Simulate OIDC registration
      {:ok, user} =
        Mv.Accounts.User
        |> Ash.Changeset.for_create(:register_with_rauthy, %{
          user_info: user_info,
          oauth_tokens: oauth_tokens
        })
        |> Ash.create()

      assert to_string(user.email) == "oidc@example.com"
      assert user.oidc_id == "oidc-user-123"
    end
  end
end