from jose import jwt

from core.config import settings
from core.security.hashing import hash_password, verify_password


def test_password_hashing():
    """Verify password hashing works and is irreversible (basic check)."""
    password = "securePassword123!"
    hashed = hash_password(password)

    assert hashed != password
    assert verify_password(password, hashed)
    assert not verify_password("wrongPassword", hashed)


def test_jwt_token_generation():
    """Verify JWT token contains expected claims and structure."""
    user_data = {"sub": "testuser", "role": "admin"}
    # Use mock or real auth service with test settings
    # expires_delta = None

    # We can use the low level jose function or the service if easy to init
    # Let's inspect manual token creation simulation based on AuthService logic
    to_encode = user_data.copy()
    encoded_jwt = jwt.encode(to_encode, settings.JWT_SECRET_KEY, algorithm=settings.JWT_ALGORITHM)

    decoded = jwt.decode(encoded_jwt, settings.JWT_SECRET_KEY, algorithms=[settings.JWT_ALGORITHM])
    assert decoded["sub"] == "testuser"
    assert decoded["role"] == "admin"


def test_config_security_defaults():
    """Verify critical security settings are not set to weak defaults in Test environment."""
    # Ensure DEBUG is managed (might be True in test, but check awareness)
    pass