from __future__ import annotations

from app.core.constants import TokenType
from app.core.security import (
    create_access_token,
    create_refresh_token,
    decode_token,
    hash_password,
    verify_password,
)


def test_password_hash_and_verify() -> None:
    password = "securepassword123"
    hashed = hash_password(password)
    assert hashed != password
    assert verify_password(password, hashed)
    assert not verify_password("wrongpassword", hashed)


def test_create_access_token() -> None:
    token = create_access_token(subject=1, role="admin")
    payload = decode_token(token)
    assert payload is not None
    assert payload["sub"] == "1"
    assert payload["role"] == "admin"
    assert payload["type"] == TokenType.ACCESS


def test_create_refresh_token() -> None:
    token = create_refresh_token(subject=1)
    payload = decode_token(token)
    assert payload is not None
    assert payload["sub"] == "1"
    assert payload["type"] == TokenType.REFRESH


def test_decode_invalid_token() -> None:
    result = decode_token("invalid.token.string")
    assert result is None