"""Tests for JWT_SECRET_KEY validation"""

import pytest
import os
import sys


class TestJWTSecretValidation:
    """Test JWT secret key validation in config"""

    def test_default_secret_rejected(self):
        """Test that default secret is rejected"""
        # Need to test Settings validator
        # Since Settings is already instantiated at import, we test differently
        from pydantic import ValidationError
        from app.config import Settings

        # This should fail because the default is used
        # But we can't easily override the default for testing
        # Instead, test that the validator exists and works

        # Create a settings instance with invalid secret to test validator
        with pytest.raises(ValidationError) as exc_info:
            Settings(jwt_secret_key="dev-secret-change-in-production")

        assert "JWT_SECRET_KEY cannot be the default value" in str(exc_info.value)

    def test_short_secret_rejected(self):
        """Test that secrets shorter than 32 chars are rejected"""
        from pydantic import ValidationError
        from app.config import Settings

        with pytest.raises(ValidationError) as exc_info:
            Settings(jwt_secret_key="short")

        assert "at least 32 characters long" in str(exc_info.value)

    def test_valid_secret_accepted(self):
        """Test that valid 32+ char secrets are accepted"""
        from app.config import Settings

        # This should work
        settings = Settings(jwt_secret_key="a" * 32)
        assert settings.jwt_secret_key == "a" * 32

    def test_generate_secret(self):
        """Test that generate_secret creates valid secrets"""
        from app.config import Settings

        secret = Settings.generate_secret()

        # Should be at least 32 chars (urlsafe encoding makes it longer)
        assert len(secret) >= 32

        # Should be URL-safe
        import re

        assert re.match(r"^[A-Za-z0-9_-]+$", secret)