<?php

declare(strict_types=1);

use App\Models\ProviderConnection;
use App\Models\Tenant;
use App\Support\Providers\ProviderConnectionType;
use App\Support\Providers\ProviderConsentStatus;
use App\Support\Providers\ProviderReasonCodes;
use App\Support\Providers\ProviderVerificationStatus;
use Illuminate\Foundation\Testing\RefreshDatabase;

uses(RefreshDatabase::class);

it('stores a successful callback as a platform connection with separate consent and verification states', function (): void {
    $tenant = Tenant::factory()->create([
        'tenant_id' => 'tenant-platform-ok',
        'name' => 'Contoso Platform',
    ]);

    $this->get(route('admin.consent.callback', [
        'tenant' => $tenant->tenant_id,
        'admin_consent' => 'true',
    ]))->assertOk();

    $connection = ProviderConnection::query()
        ->where('tenant_id', (int) $tenant->getKey())
        ->where('provider', 'microsoft')
        ->where('entra_tenant_id', $tenant->graphTenantId())
        ->firstOrFail();

    expect($connection->connection_type)->toBe(ProviderConnectionType::Platform)
        ->and($connection->status)->toBe('connected')
        ->and($connection->consent_status)->toBe(ProviderConsentStatus::Granted)
        ->and($connection->verification_status)->toBe(ProviderVerificationStatus::Unknown)
        ->and($connection->credential()->exists())->toBeFalse()
        ->and($connection->last_error_reason_code)->toBeNull();
});

it('stores callback failures without promoting the platform connection to a verified state', function (): void {
    $tenant = Tenant::factory()->create([
        'tenant_id' => 'tenant-platform-error',
        'name' => 'Fabrikam Platform',
    ]);

    $this->get(route('admin.consent.callback', [
        'tenant' => $tenant->tenant_id,
        'error' => 'access_denied',
    ]))->assertOk();

    $connection = ProviderConnection::query()
        ->where('tenant_id', (int) $tenant->getKey())
        ->where('provider', 'microsoft')
        ->where('entra_tenant_id', $tenant->graphTenantId())
        ->firstOrFail();

    expect($connection->connection_type)->toBe(ProviderConnectionType::Platform)
        ->and($connection->status)->toBe('error')
        ->and($connection->consent_status)->toBe(ProviderConsentStatus::Failed)
        ->and($connection->verification_status)->toBe(ProviderVerificationStatus::Unknown)
        ->and($connection->last_error_reason_code)->toBe(ProviderReasonCodes::ProviderAuthFailed)
        ->and($connection->credential()->exists())->toBeFalse();
});