require "rails_helper"
require_relative "../../support/devise"

RSpec.describe Auth::PasswordsController, type: :request do
  let(:params) { { user: { email: } } }
  let(:page) { Capybara::Node::Simple.new(response.body) }
  let(:notify_client) { instance_double(Notifications::Client) }
  let(:devise_notify_mailer) { DeviseNotifyMailer.new }

  before do
    allow(DeviseNotifyMailer).to receive(:new).and_return(devise_notify_mailer)
    allow(devise_notify_mailer).to receive(:notify_client).and_return(notify_client)
    allow(notify_client).to receive(:send_email).and_return(true)
  end

  context "when a password reset is requested for a valid email" do
    let(:user) { FactoryBot.create(:user) }
    let(:email) { user.email }

    it "redirects to the email sent page" do
      post "/users/password", params: params
      expect(response).to have_http_status(:redirect)
      follow_redirect!
      expect(response.body).to match(/Check your email/)
    end
  end

  context "when a password reset is requested with an email that doesn't exist in the system" do
    before do
      allow(Devise.navigational_formats).to receive(:include?).and_return(false)
    end

    let(:email) { "madeup_email@test.com" }

    it "redirects to the email sent page anyway" do
      post "/users/password", params: params
      expect(response).to have_http_status(:redirect)
      follow_redirect!
      expect(response.body).to match(/Check your email/)
    end
  end

  describe "#Update - reset password" do
    let(:user) { FactoryBot.create(:user) }
    let(:token) { user.send(:set_reset_password_token) }
    let(:updated_password) { "updated_password_280" }
    let(:update_password_params) do
      {
        user:
          {
            reset_password_token: token,
            password: updated_password,
            password_confirmation: updated_password,
          },
      }
    end
    let(:message) { "Your password has been changed successfully. You are now signed in" }

    it "changes the password" do
      expect { put "/users/password", params: update_password_params }
        .to(change { user.reload.encrypted_password })
    end

    it "after password change, the user is signed in" do
      put "/users/password", params: update_password_params
      # Devise redirects once after re-sign in with new password and then root redirects as well.
      follow_redirect!
      follow_redirect!
      expect(page).to have_css("div", class: "govuk-notification-banner__heading", text: message)
    end
  end
end