<?php

declare(strict_types=1);

use App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard;
use App\Models\ProviderConnection;
use App\Models\Tenant;
use App\Models\TenantOnboardingSession;
use App\Models\User;
use App\Models\Workspace;
use App\Models\WorkspaceMembership;
use App\Support\Providers\ProviderConnectionType;
use App\Support\Providers\ProviderConsentStatus;
use App\Support\Providers\ProviderVerificationStatus;
use App\Support\Workspaces\WorkspaceContext;
use Livewire\Livewire;

it('creates platform connections by default during onboarding without dedicated credentials', function (): void {
    config()->set('graph.client_id', 'platform-app-id');

    $workspace = Workspace::factory()->create();
    $user = User::factory()->create();

    WorkspaceMembership::factory()->create([
        'workspace_id' => (int) $workspace->getKey(),
        'user_id' => (int) $user->getKey(),
        'role' => 'owner',
    ]);

    session()->put(WorkspaceContext::SESSION_KEY, (int) $workspace->getKey());

    $this->actingAs($user);

    $entraTenantId = '77777777-7777-7777-7777-777777777777';

    $component = Livewire::actingAs($user)->test(ManagedTenantOnboardingWizard::class);

    $component->call('identifyManagedTenant', [
        'entra_tenant_id' => $entraTenantId,
        'environment' => 'prod',
        'name' => 'Acme Platform',
    ]);

    $component
        ->set('data.connection_mode', 'new')
        ->assertSee('Platform app ID')
        ->assertSee('Managed centrally by platform')
        ->assertSet('data.new_connection.platform_app_id', 'platform-app-id')
        ->assertDontSee('Client secret')
        ->call('createProviderConnection', [
            'display_name' => 'Platform connection',
            'is_default' => true,
        ]);

    $tenant = Tenant::query()->where('tenant_id', $entraTenantId)->firstOrFail();

    $connection = ProviderConnection::query()
        ->where('workspace_id', (int) $workspace->getKey())
        ->where('tenant_id', (int) $tenant->getKey())
        ->where('provider', 'microsoft')
        ->where('entra_tenant_id', $entraTenantId)
        ->firstOrFail();

    expect($connection->connection_type)->toBe(ProviderConnectionType::Platform)
        ->and($connection->consent_status)->toBe(ProviderConsentStatus::Required)
        ->and($connection->verification_status)->toBe(ProviderVerificationStatus::Unknown)
        ->and($connection->credential()->exists())->toBeFalse();

    $session = TenantOnboardingSession::query()
        ->where('workspace_id', (int) $workspace->getKey())
        ->where('tenant_id', (int) $tenant->getKey())
        ->whereNull('completed_at')
        ->firstOrFail();

    expect($session->state['provider_connection_id'] ?? null)->toBe((int) $connection->getKey())
        ->and($session->state)->not->toHaveKey('client_secret');
});