/**
 * Login Flow Tests - Real SSO Authentication
 *
 * Tests the complete login flow using real SSO credentials.
 * Auth bypass is disabled (production build).
 */

import { test, expect, TEST_ACCOUNTS } from '@platform/e2e-auth';

test.describe('Login Flow', () => {
  test.beforeEach(async ({ page }) => {
    // Clear any existing session
    await page.evaluate(() => {
      localStorage.clear();
      sessionStorage.clear();
    });
  });

  test('should display login form on landing page', async ({ page }) => {
    await page.goto('/');

    // Should show login/register options (not dev switcher)
    await expect(page.locator('[data-testid="login-button"], a[href*="login"]')).toBeVisible({
      timeout: 10000,
    });
  });

  test('should login with valid worker credentials', async ({ page }) => {
    const account = TEST_ACCOUNTS.worker;

    await page.goto('/login');

    // Fill login form
    await page.fill('[data-testid="email-input"], input[name="email"], input[type="email"]', account.email);
    await page.fill('[data-testid="password-input"], input[name="password"], input[type="password"]', account.password);
    await page.click('[data-testid="login-button"], button[type="submit"]');

    // Should redirect to authenticated area
    await expect(page).toHaveURL(/\/(dashboard|home|profile)/, { timeout: 15000 });

    // Should have session token in localStorage
    const token = await page.evaluate(() => localStorage.getItem('lilith_session'));
    expect(token).toBeTruthy();
  });

  test('should login with valid client credentials', async ({ page }) => {
    const account = TEST_ACCOUNTS.client;

    await page.goto('/login');

    await page.fill('[data-testid="email-input"], input[name="email"], input[type="email"]', account.email);
    await page.fill('[data-testid="password-input"], input[name="password"], input[type="password"]', account.password);
    await page.click('[data-testid="login-button"], button[type="submit"]');

    await expect(page).toHaveURL(/\/(dashboard|home|profile)/, { timeout: 15000 });

    const token = await page.evaluate(() => localStorage.getItem('lilith_session'));
    expect(token).toBeTruthy();
  });

  test('should reject invalid password', async ({ page }) => {
    await page.goto('/login');

    await page.fill('[data-testid="email-input"], input[name="email"], input[type="email"]', TEST_ACCOUNTS.worker.email);
    await page.fill('[data-testid="password-input"], input[name="password"], input[type="password"]', 'WrongPassword123!');
    await page.click('[data-testid="login-button"], button[type="submit"]');

    // Should show error message
    await expect(page.locator('[data-testid="login-error"], .error-message, [role="alert"]')).toBeVisible({
      timeout: 5000,
    });

    // Should NOT have session token
    const token = await page.evaluate(() => localStorage.getItem('lilith_session'));
    expect(token).toBeFalsy();
  });

  test('should reject non-existent email', async ({ page }) => {
    await page.goto('/login');

    await page.fill('[data-testid="email-input"], input[name="email"], input[type="email"]', 'nonexistent@atlilith.test');
    await page.fill('[data-testid="password-input"], input[name="password"], input[type="password"]', 'SomePassword123!');
    await page.click('[data-testid="login-button"], button[type="submit"]');

    // Should show error (generic to prevent enumeration)
    await expect(page.locator('[data-testid="login-error"], .error-message, [role="alert"]')).toBeVisible({
      timeout: 5000,
    });

    const token = await page.evaluate(() => localStorage.getItem('lilith_session'));
    expect(token).toBeFalsy();
  });

  test('should login via API fixture (fast)', async ({ loginAs, page, getSessionToken }) => {
    // Use fixture for fast API-based login
    const response = await loginAs('worker');

    expect(response.sessionId).toBeTruthy();
    expect(response.user.email).toBe(TEST_ACCOUNTS.worker.email);

    // Verify session is in localStorage
    const token = await getSessionToken();
    expect(token).toBe(response.sessionId);

    // Navigate to protected page
    await page.goto('/dashboard');
    await expect(page).not.toHaveURL('/login');
  });
});
