require "rails_helper"

RSpec.describe "Admin Panel" do
  let!(:admin) { FactoryBot.create(:admin_user) }
  let(:notify_client) { instance_double(Notifications::Client) }
  let(:mfa_template_id) { AdminUser::MFA_SMS_TEMPLATE_ID }
  let(:otp) { "999111" }

  before do
    allow(Sms).to receive(:notify_client).and_return(notify_client)
    allow(notify_client).to receive(:send_sms).and_return(true)
  end

  context "with a valid 2FA code" do
    before do
      allow(SecureRandom).to receive(:random_number).and_return(otp)
      visit("/admin")
      fill_in("admin_user[email]", with: admin.email)
      fill_in("admin_user[password]", with: admin.password)
    end

    it "authenticates successfully" do
      expect(notify_client).to receive(:send_sms).with(
        hash_including(phone_number: admin.phone, template_id: mfa_template_id),
      )
      click_button("Login")
      fill_in("code", with: otp)
      click_button("Submit")
      expect(page).to have_content("Dashboard")
      expect(page).to have_content("Two factor authentication successful.")
    end

    context "but it is more than 15 minutes old" do
      it "does not authenticate successfully" do
        click_button("Login")
        admin.update!(direct_otp_sent_at: 16.minutes.ago)
        fill_in("code", with: otp)
        click_button("Submit")
        expect(page).to have_content("Check your phone")
        expect(page).to have_http_status(:unprocessable_entity)
        expect(page).to have_title("Error")
        expect(page).to have_selector("#error-summary-title")
      end
    end
  end

  context "with an invalid 2FA code" do
    it "does not authenticate successfully" do
      visit("/admin")
      fill_in("admin_user[email]", with: admin.email)
      fill_in("admin_user[password]", with: admin.password)
      click_button("Login")
      fill_in("code", with: otp)
      click_button("Submit")
      expect(page).to have_content("Check your phone")
      expect(page).to have_http_status(:unprocessable_entity)
      expect(page).to have_title("Error")
      expect(page).to have_selector("#error-summary-title")
    end
  end

  context "when the 2FA code needs to be resent" do
    before do
      visit("/admin")
      fill_in("admin_user[email]", with: admin.email)
      fill_in("admin_user[password]", with: admin.password)
      click_button("Login")
    end

    it "displays the resend view" do
      click_link("Not received a text message?")
      expect(page).to have_button("Resend security code")
    end

    it "send a new OTP code and redirects back to the 2FA view" do
      click_link("Not received a text message?")
      expect { click_button("Resend security code") }.to(change { admin.reload.direct_otp })
      expect(page).to have_current_path("/admin/two-factor-authentication")
    end
  end

  context "when logging out and in again" do
    before do
      allow(SecureRandom).to receive(:random_number).and_return(otp)
    end

    it "requires the 2FA code on each login" do
      visit("/admin")
      fill_in("admin_user[email]", with: admin.email)
      fill_in("admin_user[password]", with: admin.password)
      click_button("Login")
      fill_in("code", with: otp)
      click_button("Submit")
      click_link("Logout")
      fill_in("admin_user[email]", with: admin.email)
      fill_in("admin_user[password]", with: admin.password)
      click_button("Login")
      expect(page).to have_content("Check your phone")
    end
  end
end