# -*- coding: utf-8 -*-
# type: ignore
from __future__ import annotations

from django.test import Client
from django.urls import reverse
import pytest
from pytest_django import asserts


@pytest.mark.django_db
def test_ok(authenticated_client: Client):
    # Given
    session = authenticated_client.session
    session['post_login_next_url'] = (
        reverse('ui.accounts.settings.settings')
    )
    session.save()

    # When
    result = authenticated_client.post(
        reverse('ui.accounts.post_login'),
    )

    asserts.assertRedirects(
        result,
        reverse('ui.accounts.settings.settings'),
        fetch_redirect_response=False,
    )


@pytest.mark.django_db
def test_ok_without_next_url(authenticated_client: Client):
    # When
    result = authenticated_client.post(
        reverse('ui.accounts.post_login'),
    )

    asserts.assertRedirects(
        result,
        reverse('ui.index.index'),
        fetch_redirect_response=False,
    )


@pytest.mark.django_db
def test_ok_absolute_url(authenticated_client: Client, settings):
    # Given
    settings.ALLOWED_HOSTS = ['testserver']

    session = authenticated_client.session
    session['post_login_next_url'] = (
        'http://testserver/'
    )
    session.save()

    # When
    result = authenticated_client.post(
        reverse('ui.accounts.post_login'),
    )

    asserts.assertRedirects(
        result,
        'http://testserver/',
        fetch_redirect_response=False,
    )


@pytest.mark.django_db
def test_allowed_hosts_asterisk(authenticated_client: Client, settings):
    # Given
    settings.ALLOWED_HOSTS = ['*']

    session = authenticated_client.session
    session['post_login_next_url'] = (
        'http://thisisinsecure/'
    )
    session.save()

    # When
    result = authenticated_client.post(
        reverse('ui.accounts.post_login'),
    )

    # `*` doesn't have effect here. Django requires hard matches on the
    # `next_url` netloc. IDC, really. Redirects to absolute URLs here shouldn't
    # happen unless somebody tries something funny. In wich case, NOPE.
    asserts.assertRedirects(
        result,
        '/',
        fetch_redirect_response=False,
    )


@pytest.mark.django_db
def test_allowed_hosts_mismatch(authenticated_client: Client, settings):
    # Given
    settings.ALLOWED_HOSTS = ['testserver']

    session = authenticated_client.session
    session['post_login_next_url'] = (
        'http://thisisinsecure/'
    )
    session.save()

    # When
    result = authenticated_client.post(
        reverse('ui.accounts.post_login'),
    )

    asserts.assertRedirects(
        result,
        '/',
        fetch_redirect_response=False,
    )


@pytest.mark.django_db
def test_inactive_account(inactive_account_client: Client):
    # When
    result = inactive_account_client.post(
        reverse('ui.accounts.post_login'),
    )

    # Then
    assert result.status_code == 403


@pytest.mark.django_db
def test_anonymous(client: Client):
    # When
    result = client.post(
        reverse('ui.accounts.post_login'),
    )

    # Then
    assert result.status_code == 403