<?php

declare(strict_types=1);

namespace Tests\Feature\Api\V1;

use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Notification;
use Illuminate\Support\Facades\Password;
use Tests\TestCase;

class PasswordResetTest extends TestCase
{
    use RefreshDatabase;

    // ─── Forgot Password ────────────────────────────────────────────────

    public function test_forgot_password_returns_success_for_existing_email(): void
    {
        Notification::fake();

        User::factory()->create(['email' => 'jan@voorbeeld.nl']);

        $response = $this->postJson('/api/v1/auth/forgot-password', [
            'email' => 'jan@voorbeeld.nl',
        ]);

        $response->assertOk();
        $response->assertJsonPath('message', 'Als dit emailadres bij ons bekend is, ontvang je een link om je wachtwoord te resetten.');
    }

    public function test_forgot_password_returns_same_success_for_nonexisting_email(): void
    {
        $response = $this->postJson('/api/v1/auth/forgot-password', [
            'email' => 'onbekend@voorbeeld.nl',
        ]);

        $response->assertOk();
        $response->assertJsonPath('message', 'Als dit emailadres bij ons bekend is, ontvang je een link om je wachtwoord te resetten.');
    }

    public function test_forgot_password_validates_email_required(): void
    {
        $response = $this->postJson('/api/v1/auth/forgot-password', []);

        $response->assertStatus(422);
        $response->assertJsonValidationErrors('email');
    }

    public function test_forgot_password_validates_email_format(): void
    {
        $response = $this->postJson('/api/v1/auth/forgot-password', [
            'email' => 'not-an-email',
        ]);

        $response->assertStatus(422);
        $response->assertJsonValidationErrors('email');
    }

    public function test_forgot_password_is_rate_limited(): void
    {
        for ($i = 0; $i < 5; $i++) {
            $this->postJson('/api/v1/auth/forgot-password', [
                'email' => 'test@voorbeeld.nl',
            ]);
        }

        $response = $this->postJson('/api/v1/auth/forgot-password', [
            'email' => 'test@voorbeeld.nl',
        ]);

        $response->assertStatus(429);
    }

    // ─── Reset Password ─────────────────────────────────────────────────

    public function test_reset_password_with_valid_token(): void
    {
        $user = User::factory()->create(['email' => 'jan@voorbeeld.nl']);

        $token = Password::createToken($user);

        $response = $this->postJson('/api/v1/auth/reset-password', [
            'token' => $token,
            'email' => 'jan@voorbeeld.nl',
            'password' => 'NieuwWachtwoord1',
            'password_confirmation' => 'NieuwWachtwoord1',
        ]);

        $response->assertOk();
        $response->assertJsonPath('message', 'Wachtwoord succesvol gewijzigd.');

        // Verify password was actually changed
        $user->refresh();
        $this->assertTrue(Hash::check('NieuwWachtwoord1', $user->password));
    }

    public function test_reset_password_with_invalid_token_returns_422(): void
    {
        User::factory()->create(['email' => 'jan@voorbeeld.nl']);

        $response = $this->postJson('/api/v1/auth/reset-password', [
            'token' => 'invalid-token-here',
            'email' => 'jan@voorbeeld.nl',
            'password' => 'NieuwWachtwoord1',
            'password_confirmation' => 'NieuwWachtwoord1',
        ]);

        $response->assertStatus(422);
    }

    public function test_reset_password_requires_confirmation(): void
    {
        $user = User::factory()->create(['email' => 'jan@voorbeeld.nl']);

        $token = Password::createToken($user);

        $response = $this->postJson('/api/v1/auth/reset-password', [
            'token' => $token,
            'email' => 'jan@voorbeeld.nl',
            'password' => 'NieuwWachtwoord1',
        ]);

        $response->assertStatus(422);
        $response->assertJsonValidationErrors('password');
    }

    public function test_reset_password_requires_minimum_length(): void
    {
        $user = User::factory()->create(['email' => 'jan@voorbeeld.nl']);

        $token = Password::createToken($user);

        $response = $this->postJson('/api/v1/auth/reset-password', [
            'token' => $token,
            'email' => 'jan@voorbeeld.nl',
            'password' => 'short',
            'password_confirmation' => 'short',
        ]);

        $response->assertStatus(422);
        $response->assertJsonValidationErrors('password');
    }

    public function test_reset_password_validates_required_fields(): void
    {
        $response = $this->postJson('/api/v1/auth/reset-password', []);

        $response->assertStatus(422);
        $response->assertJsonValidationErrors(['token', 'email', 'password']);
    }
}