import pytest
from django.test import Client
from core.models import AppUser

@pytest.fixture
def api_client():
    return Client()

@pytest.fixture
def test_user():
    return AppUser.objects.create_user(
        username="test_api_user",
        email="test@api.tv",
        password="testpassword123"
    )

@pytest.mark.django_db
def test_list_users(api_client, test_user):
    response = api_client.get("/api/user/")
    assert response.status_code == 200
    data = response.json()
    assert len(data) >= 1
    assert any(u["username"] == "test_api_user" for u in data)

@pytest.mark.django_db
def test_get_user(api_client, test_user):
    response = api_client.get(f"/api/user/{test_user.id}")
    assert response.status_code == 200
    data = response.json()
    assert data["username"] == "test_api_user"
    assert "password" not in data # Ensure we don't leak passwords

@pytest.mark.django_db
def test_create_user(api_client):
    payload = {
        "username": "new_viewer",
        "email": "viewer@api.tv",
        "password": "securepassword",
        "is_superuser": False
    }
    response = api_client.post("/api/user/", data=payload, content_type="application/json")
    assert response.status_code == 201
    data = response.json()
    assert data["username"] == "new_viewer"
    
    # Verify DB
    user = AppUser.objects.get(id=data["id"])
    assert user.username == "new_viewer"
    assert not user.is_superuser
    assert user.check_password("securepassword")

@pytest.mark.django_db
def test_update_user(api_client, test_user):
    payload = {
        "email": "updated@api.tv",
        "is_active": False
    }
    response = api_client.patch(f"/api/user/{test_user.id}", data=payload, content_type="application/json")
    assert response.status_code == 200
    data = response.json()
    assert data["email"] == "updated@api.tv"
    assert data["is_active"] is False

    # Verify DB
    test_user.refresh_from_db()
    assert test_user.email == "updated@api.tv"
    assert not test_user.is_active