<?php

use App\Models\MailProfile;
use App\Models\User;
use App\Models\Role;
use App\Models\Permission;

function adminUser(): User {
    $user = User::factory()->create();
    // Ensure admin role & manage-settings permission exist
    $role = Role::firstOrCreate(['slug' => 'admin'], ['name' => 'Admin']);
    $permission = Permission::firstOrCreate(['slug' => 'manage-settings'], ['name' => 'Manage Settings']);
    $user->roles()->syncWithoutDetaching([$role->id]);
    // assign permission directly (mirrors other admin tests style)
    if (method_exists($user, 'givePermissionTo')) {
        $user->givePermissionTo('manage-settings');
    }
    return $user;
}

it('creates a mail profile and encrypts password', function () {
    $user = adminUser();
    test()->actingAs($user);

    $resp = test()->post(route('admin.mail-profiles.store'), [
        'name' => 'Primary',
        'host' => 'smtp.example.test',
        'port' => 587,
        'encryption' => 'tls',
        'username' => 'user@example.test',
        'password' => 'super-secret',
        'from_address' => 'noreply@example.test',
        'from_name' => 'App',
    ]);

    $resp->assertRedirect();
    $profile = MailProfile::first();
    expect($profile)->not->toBeNull();
    // encrypted_password should not equal raw
    expect($profile->getAttribute('encrypted_password'))->not->toBe('super-secret');
    // roundtrip decrypt
    expect($profile->decryptPassword())->toBe('super-secret');
});

it('updates without overriding password if omitted', function () {
    $user = adminUser();
    test()->actingAs($user);
    $profile = MailProfile::factory()->create();
    $originalCipher = $profile->getAttribute('encrypted_password');

    $resp = test()->put(route('admin.mail-profiles.update', $profile), [
        'name' => 'Renamed',
    ]);
    $resp->assertRedirect();
    $profile->refresh();
    expect($profile->name)->toBe('Renamed');
    expect($profile->getAttribute('encrypted_password'))->toBe($originalCipher);
});

it('updates password if provided', function () {
    $user = adminUser();
    test()->actingAs($user);
    $profile = MailProfile::factory()->create();
    $originalDec = $profile->decryptPassword();

    $resp = test()->put(route('admin.mail-profiles.update', $profile), [
        'password' => 'new-pass-123',
    ]);
    $resp->assertRedirect();
    $profile->refresh();
    expect($profile->decryptPassword())->toBe('new-pass-123');
    expect($profile->decryptPassword())->not->toBe($originalDec);
});

it('toggles active', function () {
    $user = adminUser();
    test()->actingAs($user);
    $profile = MailProfile::factory()->create(['active' => false]);
    test()->post(route('admin.mail-profiles.toggle', $profile))->assertRedirect();
    $profile->refresh();
    expect($profile->active)->toBeTrue();
});

it('deletes a profile', function () {
    $user = adminUser();
    test()->actingAs($user);
    $profile = MailProfile::factory()->create();
    test()->delete(route('admin.mail-profiles.destroy', $profile))->assertRedirect();
    expect(MailProfile::find($profile->id))->toBeNull();
});