import pytest
from flask import session, g

class TestAuth:
    """Test authentication functionality."""
    
    def test_login_page(self, client):
        """Test that login page loads correctly."""
        response = client.get('/auth/login')
        assert response.status_code == 200
        assert b'Iniciar sesi' in response.data  # 'Iniciar sesión' in Spanish
    
    def test_login_success(self, client):
        """Test successful login with correct credentials."""
        response = client.post(
            '/auth/login',
            data={'username': 'admin', 'password': 'admin123'},
            follow_redirects=True
        )
        assert response.status_code == 200
        # Check that we're redirected to the right page after login
        assert b'Panel' in response.data or b'Proyectos' in response.data
        
    def test_login_invalid_credentials(self, client):
        """Test login with invalid credentials."""
        response = client.post(
            '/auth/login',
            data={'username': 'admin', 'password': 'wrongpassword'},
            follow_redirects=True
        )
        assert response.status_code == 200
        assert b'credenciales' in response.data.lower()  # Error message about credentials
        
    def test_logout(self, auth, client):
        """Test logout functionality."""
        # First login
        auth.login()
        
        # Then logout
        response = auth.logout()
        assert response.status_code == 200
        
        # Check if logged out - try to access a protected page
        response = client.get('/users/', follow_redirects=True)
        assert b'iniciar sesi' in response.data.lower()  # Should see login page
        
    def test_access_protected_route(self, client):
        """Test accessing a protected route without login."""
        # Try to access users list without login
        response = client.get('/users/', follow_redirects=True)
        assert response.status_code == 200
        assert b'iniciar sesi' in response.data.lower()  # Should be redirected to login
        
    def test_access_protected_route_with_login(self, logged_in_client):
        """Test accessing a protected route with login."""
        # Admin should be able to access users list
        response = logged_in_client.get('/admin/dashboard')
        assert response.status_code == 200
        
    def test_permission_levels(self, client, auth):
        """Test different permission levels."""
        # Login as regular user
        auth.login(username='user1', password='admin123')
        
        # Try to access admin-only page
        response = client.get('/admin/dashboard', follow_redirects=True)
        assert response.status_code == 403 or b'acceso denegado' in response.data.lower()