"""Tests pinning production-config validation behavior."""

import os
import pytest

from shopdb.config import ProductionConfig, ConfigError


@pytest.fixture
def clean_env(monkeypatch):
    """Clear all env vars that ProductionConfig.validate looks at."""
    for key in ('SECRET_KEY', 'JWT_SECRET_KEY', 'DATABASE_URL', 'CORS_ORIGINS'):
        monkeypatch.delenv(key, raising=False)
    return monkeypatch


def test_production_validate_raises_on_missing_secret_key(clean_env):
    """Empty SECRET_KEY in production must fail loud at boot."""
    with pytest.raises(ConfigError, match='SECRET_KEY'):
        ProductionConfig.validate()


def test_production_validate_raises_on_dev_secret_key(clean_env):
    """The dev fallback must not be accepted in production."""
    clean_env.setenv('SECRET_KEY', 'dev-secret-key-change-in-production')
    with pytest.raises(ConfigError, match='SECRET_KEY'):
        ProductionConfig.validate()


def test_production_validate_raises_on_missing_jwt_secret(clean_env):
    """Empty JWT_SECRET_KEY in production must fail loud at boot."""
    clean_env.setenv('SECRET_KEY', 'a-real-strong-key')
    with pytest.raises(ConfigError, match='JWT_SECRET_KEY'):
        ProductionConfig.validate()


def test_production_validate_raises_on_missing_database_url(clean_env):
    """Production must not silently fall back to a localhost MySQL URL."""
    clean_env.setenv('SECRET_KEY', 'a-real-strong-key')
    clean_env.setenv('JWT_SECRET_KEY', 'another-strong-key')
    with pytest.raises(ConfigError, match='DATABASE_URL'):
        ProductionConfig.validate()


def test_production_validate_raises_on_wildcard_cors(clean_env):
    """CORS wildcard is rejected in production."""
    clean_env.setenv('SECRET_KEY', 'a-real-strong-key')
    clean_env.setenv('JWT_SECRET_KEY', 'another-strong-key')
    clean_env.setenv('DATABASE_URL', 'mysql+pymysql://u:p@db/shopdb')
    clean_env.setenv('CORS_ORIGINS', '*')
    with pytest.raises(ConfigError, match='CORS_ORIGINS'):
        ProductionConfig.validate()


def test_production_validate_raises_on_empty_cors(clean_env):
    """Empty CORS allowlist is rejected in production."""
    clean_env.setenv('SECRET_KEY', 'a-real-strong-key')
    clean_env.setenv('JWT_SECRET_KEY', 'another-strong-key')
    clean_env.setenv('DATABASE_URL', 'mysql+pymysql://u:p@db/shopdb')
    with pytest.raises(ConfigError, match='CORS_ORIGINS'):
        ProductionConfig.validate()


def test_production_validate_passes_with_complete_config(clean_env):
    """All required env vars set with non-default values: validate passes."""
    clean_env.setenv('SECRET_KEY', 'a-real-strong-key')
    clean_env.setenv('JWT_SECRET_KEY', 'another-strong-key')
    clean_env.setenv('DATABASE_URL', 'mysql+pymysql://u:p@db/shopdb')
    clean_env.setenv('CORS_ORIGINS', 'https://shopdb.example.com')
    ProductionConfig.validate()