use opaque_ke::rand::rngs::OsRng;
use nkode_protocol::client::opaque::{AuthenticationData, ClientAuthError, OpaqueAuth};
use nkode_protocol::server::app::{Key, ServerApp};
use nkode_protocol::server::repository::in_memory::in_memory_opaque_db::InMemoryOpaqueDB;
use nkode_protocol::server::repository::in_memory::in_memory_opaque_session::InMemoryOpaqueSession;
use nkode_protocol::shared::models::opaque::NKodeServerSetup;
use nkode_protocol::server::repository::in_memory::in_memory_transport::{InMemoryCodeServer, InMemoryKeyServer, InMemoryServer};
use nkode_protocol::server::repository::in_memory::in_memory_user_db::InMemoryUserDB;

#[tokio::test]
async fn opaque_key_registration_and_login_roundtrip() {
    let mut rng = OsRng;
    let server_setup = NKodeServerSetup::new(&mut rng);
    let server = ServerApp::new(
                server_setup,
                InMemoryOpaqueDB::new(),
                InMemoryOpaqueSession::new(),
                InMemoryUserDB::new()
            );
    let key_server: InMemoryKeyServer = InMemoryServer::new(&server);
    let auth = OpaqueAuth::new(&key_server);
    let auth_data = AuthenticationData::from_secret_key("a@b.com", b"supersecret16bytes");
    auth.register(&auth_data).await.expect("registration should succeed");
    let _ =auth.login(&auth_data)
        .await
        .expect("login should succeed");
}

#[tokio::test]
async fn opaque_login_fails_if_not_registered() {
    let mut rng = OsRng;
    let server_setup = NKodeServerSetup::new(&mut rng);
    let server = ServerApp::new(
        server_setup,
        InMemoryOpaqueDB::new(),
        InMemoryOpaqueSession::new(),
        InMemoryUserDB::new()
    );
    let key_server = InMemoryKeyServer::new(&server);
    let auth = AuthenticationData::from_secret_key("nope@nope.com", b"supersecret16bytes");
    let login_reg = OpaqueAuth::new(&key_server);
    let err = login_reg.login(&auth)
        .await
        .expect_err("login should fail if user not registered");
    match err {
        ClientAuthError::Transport(_) => {}
        other => panic!("unexpected error: {other:?}"),
    }
}

#[tokio::test]
async fn cannot_register_code_before_key() {
    let mut rng = OsRng;
    let server_setup = NKodeServerSetup::new(&mut rng);
    let server = ServerApp::new(
        server_setup,
        InMemoryOpaqueDB::new(),
        InMemoryOpaqueSession::new(),
        InMemoryUserDB::new()
    );
    let key_server: InMemoryCodeServer = InMemoryServer::new(&server);
    let auth = OpaqueAuth::new(&key_server);
    let auth_data = AuthenticationData::from_code("x@y.com", &[1u64,2,3,4]);
    let err = auth.register(&auth_data)
        .await
        .expect_err("should fail because key is not registered");
    match err {
        ClientAuthError::Transport(msg) => {
            assert!(msg.contains("KeyNotRegistered"), "msg was: {msg}");
        }
        other => panic!("unexpected error: {other:?}"),
    }
}