import pyotp
from flask import url_for
from itsdangerous import Signer

from app.config import FLASK_SECRET
from tests.utils import create_new_user


def test_auth_mfa_success(flask_client):
    user = create_new_user()
    user.enable_otp = True
    user.otp_secret = "base32secret3232"

    totp = pyotp.TOTP(user.otp_secret)
    s = Signer(FLASK_SECRET)
    mfa_key = s.sign(str(user.id))

    r = flask_client.post(
        url_for("api.auth_mfa"),
        json={"mfa_token": totp.now(), "mfa_key": mfa_key, "device": "Test Device"},
    )

    assert r.status_code == 200
    assert r.json["api_key"]
    assert r.json["email"]
    assert r.json["name"] == "Test User"


def test_auth_wrong_mfa_key(flask_client):
    user = create_new_user()
    user.enable_otp = True
    user.otp_secret = "base32secret3232"

    totp = pyotp.TOTP(user.otp_secret)

    r = flask_client.post(
        url_for("api.auth_mfa"),
        json={
            "mfa_token": totp.now(),
            "mfa_key": "wrong mfa key",
            "device": "Test Device",
        },
    )

    assert r.status_code == 400
    assert r.json["error"]