import re

from fastapi.testclient import TestClient
from sqlalchemy import select
from sqlalchemy.orm import Session

from app.config import Settings
from app.database import get_engine
from app.main import create_app
from app.models import EmailServerConfig, User


def _extract_csrf(html: str) -> str:
    match = re.search(r'name="csrf_token" value="([^"]+)"', html)
    assert match is not None
    return match.group(1)


def _build_settings(db_url: str) -> Settings:
    return Settings(
        APP_ENV="test",
        DB_URL=db_url,
        SESSION_SECRET="test-secret",
        COOKIE_SECURE=False,
        COOKIE_SAMESITE="lax",
        LOGIN_RATE_LIMIT_ATTEMPTS=5,
        LOGIN_RATE_LIMIT_WINDOW_MINUTES=15,
        EMAIL_VERIFICATION_REQUIRED=True,
    )


def test_register_requires_email_verification_with_mail_server(tmp_path, monkeypatch):
    db_path = tmp_path / "verify.db"
    app = create_app(_build_settings(f"sqlite:///{db_path}"))

    sent_mails: list[dict[str, str]] = []

    def fake_send_email(*, settings, to_email: str, subject: str, text_body: str) -> None:
        sent_mails.append({"to": to_email, "subject": subject, "body": text_body})

    monkeypatch.setattr("app.main.send_email", fake_send_email)

    with Session(get_engine()) as db:
        db.add(
            EmailServerConfig(
                smtp_host="smtp.test.local",
                smtp_port=587,
                from_email="noreply@test.local",
                from_name="Stundentracker",
                use_starttls=True,
                use_ssl=False,
                verify_tls=False,
                registration_mails_enabled=True,
                password_reset_mails_enabled=True,
            )
        )
        db.commit()

    with TestClient(app) as client:
        register_page = client.get("/register")
        csrf = _extract_csrf(register_page.text)

        register_submit = client.post(
            "/register",
            data={
                "email": "verify-user@example.com",
                "password": "strongpasswordVerify1",
                "csrf_token": csrf,
            },
            follow_redirects=False,
        )
        assert register_submit.status_code == 303
        assert register_submit.headers["location"] == "/login?msg=email_verification_sent"
        assert len(sent_mails) == 1
        assert sent_mails[0]["to"] == "verify-user@example.com"

        login_page = client.get("/login")
        login_csrf = _extract_csrf(login_page.text)
        denied_login = client.post(
            "/login",
            data={
                "email": "verify-user@example.com",
                "password": "strongpasswordVerify1",
                "csrf_token": login_csrf,
            },
            follow_redirects=False,
        )
        assert denied_login.status_code == 403
        assert "Bitte zuerst deine E-Mail-Adresse bestätigen" in denied_login.text

        link_match = re.search(r"https?://[^\s]+/verify-email\?token=[^\s]+", sent_mails[0]["body"])
        assert link_match is not None
        verify_response = client.get(link_match.group(0), follow_redirects=False)
        assert verify_response.status_code == 303
        assert verify_response.headers["location"] == "/login?msg=email_verified"

        login_page_after_verify = client.get("/login")
        login_csrf_after_verify = _extract_csrf(login_page_after_verify.text)
        login_after_verify = client.post(
            "/login",
            data={
                "email": "verify-user@example.com",
                "password": "strongpasswordVerify1",
                "csrf_token": login_csrf_after_verify,
            },
            follow_redirects=False,
        )
        assert login_after_verify.status_code == 303
        assert login_after_verify.headers["location"].startswith("/dashboard")

    with Session(get_engine()) as db:
        verified_user = db.execute(select(User).where(User.email == "verify-user@example.com")).scalar_one()
        assert verified_user.email_verified is True