// tests/e2e/test_password_auth.js
// Tests password login error states: wrong password, nonexistent user, form validation.
// Also tests successful login with seeded fixtures.

const { TARGET_URL, run } = require('./helpers');

run(async (page, assert) => {
  const fixtures = JSON.parse(process.env.E2E_FIXTURES || '{}');

  // ---- Test: Nonexistent user ----
  console.log('\n--- Login: nonexistent user ---');
  await page.goto(`${TARGET_URL}/login`);
  await page.fill('#username', 'nobody');
  await page.fill('#password', 'whatever');
  await page.click('form[hx-post="/login/password"] button[type="submit"]');

  await page.waitForSelector('[role="alert"]', { timeout: 5000 });
  const error1 = await page.locator('[role="alert"]').textContent();
  assert(
    error1.includes('Invalid username or password'),
    `Error shown for nonexistent user (got: "${error1}")`
  );

  // ---- Test: Wrong password for existing user ----
  console.log('\n--- Login: wrong password ---');
  await page.goto(`${TARGET_URL}/login`);
  await page.fill('#username', fixtures.login_username);
  await page.fill('#password', 'wrongpassword');
  await page.click('form[hx-post="/login/password"] button[type="submit"]');

  await page.waitForSelector('[role="alert"]', { timeout: 5000 });
  const error2 = await page.locator('[role="alert"]').textContent();
  assert(
    error2.includes('Invalid username or password'),
    `Error shown for wrong password (got: "${error2}")`
  );

  // ---- Test: Successful login ----
  console.log('\n--- Login: correct password ---');
  await page.goto(`${TARGET_URL}/login`);
  await page.fill('#username', fixtures.login_username);
  await page.fill('#password', fixtures.login_password);
  await page.click('form[hx-post="/login/password"] button[type="submit"]');

  await page.waitForURL('**/manage/credentials', { timeout: 5000 });
  assert(
    page.url().includes('/manage/credentials'),
    `Successful login redirects to credentials (url: ${page.url()})`
  );

  // ---- Test: Form validation attributes ----
  console.log('\n--- Form validation attributes ---');
  await page.goto(`${TARGET_URL}/login`);
  const usernameRequired = await page.locator('#username').getAttribute('required');
  assert(usernameRequired !== null, 'Username has required attribute');
  const passwordRequired = await page.locator('#password').getAttribute('required');
  assert(passwordRequired !== null, 'Password has required attribute');

  const usernameAutocomplete = await page.locator('#username').getAttribute('autocomplete');
  assert(usernameAutocomplete === 'username', 'Username autocomplete is "username"');
  const passwordAutocomplete = await page.locator('#password').getAttribute('autocomplete');
  assert(passwordAutocomplete === 'current-password', 'Password autocomplete is "current-password"');
});