package data_test

import (
	"testing"
	"time"

	"git.wntrmute.dev/kyle/mcias/data"
)

func TestPasswordSetAndCheck(t *testing.T) {
	var u data.User
	if err := u.SetPassword("s3cret!"); err != nil {
		t.Fatalf("SetPassword error: %v", err)
	}
	if !u.CheckPassword("s3cret!") {
		t.Fatal("expected password to verify")
	}
	if u.CheckPassword("wrong") {
		t.Fatal("expected wrong password to fail")
	}
	// Round-trip hash string
	hs := u.PasswordHash()
	if hs == "" {
		t.Fatal("expected non-empty password hash string")
	}
	var u2 data.User
	if err := u2.LoadPasswordHash(hs); err != nil {
		t.Fatalf("LoadPasswordHash error: %v", err)
	}
	if !u2.CheckPassword("s3cret!") {
		t.Fatal("expected password to verify after LoadPasswordHash")
	}
}

func TestTOTPValidationKnownVector(t *testing.T) {
	// From RFC 6238 test secret (base32): "GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ"
	// Using T0=0, step=30. For SHA1, at 59s, code should be 94287082 -> 6-digit 287082.
	u := data.User{TOTPSecret: "GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ"}
	ts := time.Unix(59, 0)
	if !u.VerifyTOTP("287082", ts, 0) {
		t.Fatal("expected TOTP code to verify for known vector")
	}
	if u.VerifyTOTP("287082", ts.Add(30*time.Second), 0) {
		t.Fatal("expected code to fail outside time step with zero window")
	}
	if !u.VerifyTOTP("287082", ts.Add(30*time.Second), 1) {
		t.Fatal("expected code to verify within window=1")
	}
}