package tests

import (
	"database/sql"
	"fmt"
	"testing"

	_ "github.com/lib/pq"
	"golang.org/x/crypto/bcrypt"
)

func TestVerifyLogin(t *testing.T) {
	// 1. Config
	dbURL := "postgres://yuki:xl1zfmr6e9bb@db-60059.dc-sp-1.absamcloud.com:26868/gohorsejobs_dev?sslmode=require"
	pepper := "gohorse-pepper" // Using the simple pepper user agreed to
	// Alternative: try the old one if needed, but let's stick to the latest instruction.
	// If the user hasn't updated the seeder to 'gohorse-pepper' yet, this might fail unless I check what they actually used.
	// The user claimed "variables are equal".
	password := "Admin@2025!"

	// 2. Connect DB
	db, err := sql.Open("postgres", dbURL)
	if err != nil {
		t.Fatalf("Failed to connect: %v", err)
	}
	defer db.Close()

	if err := db.Ping(); err != nil {
		t.Fatalf("Failed to ping: %v", err)
	}

	// 3. Fetch User
	var hash string
	err = db.QueryRow("SELECT password_hash FROM users WHERE identifier = 'superadmin'").Scan(&hash)
	if err != nil {
		t.Fatalf("Failed to find user: %v", err)
	}

	fmt.Printf("found hash in DB: %s\n", hash)

	// 4. Verify
	passWithPepper := password + pepper
	err = bcrypt.CompareHashAndPassword([]byte(hash), []byte(passWithPepper))
	if err != nil {
		t.Errorf("FAILED to verify with pepper '%s': %v", pepper, err)

		// Try with the "old" random string pepper just in case
		oldPepper := "some-random-string-for-password-hashing"
		passWithOld := password + oldPepper
		err2 := bcrypt.CompareHashAndPassword([]byte(hash), []byte(passWithOld))
		if err2 == nil {
			t.Logf("SUCCESS with OLD pepper: '%s'", oldPepper)
		} else {
			t.Logf("Failed with old pepper as well.")
		}

	} else {
		t.Logf("SUCCESS! Password verifies with pepper '%s'", pepper)
	}
}

func TestVerifyLoginNoPepper(t *testing.T) {
	dbURL := "postgres://yuki:xl1zfmr6e9bb@db-60059.dc-sp-1.absamcloud.com:26868/gohorsejobs_dev?sslmode=require"
	password := "Admin@2025!"

	db, err := sql.Open("postgres", dbURL)
	if err != nil {
		t.Fatalf("Failed to connect: %v", err)
	}
	defer db.Close()

	var hash string
	err = db.QueryRow("SELECT password_hash FROM users WHERE identifier = 'superadmin'").Scan(&hash)
	if err != nil {
		t.Fatalf("Failed to find user: %v", err)
	}

	// Try WITHOUT pepper
	err = bcrypt.CompareHashAndPassword([]byte(hash), []byte(password))
	if err == nil {
		t.Log("✅ MATCH: Hash was created WITHOUT pepper")
	} else {
		t.Errorf("❌ No match without pepper either: %v", err)
	}
}