/**
 * USER_JOURNEYS.md §11 — admin login. Tests the /admin/login route and
 * the redirect-while-already-logged-in shortcut.
 */
import { test, expect } from '../../fixtures/test';
import { AdminLoginPage } from '../../page-objects';
import { ADMIN_PASSWORD } from '../../fixtures/api-client';

test.describe('Auth — admin login', () => {
  test('correct password → /admin dashboard', async ({ page }) => {
    const login = new AdminLoginPage(page);
    await login.goto();
    await login.login(ADMIN_PASSWORD);
    await page.waitForURL('**/admin', { timeout: 10_000 });

    // Admin JWT should now be in localStorage (admin uses the same key, just with role=admin in the payload)
    const role = await page.evaluate(() => {
      const token = localStorage.getItem('eventsnap_jwt');
      if (!token) return null;
      try {
        return JSON.parse(atob(token.split('.')[1])).role;
      } catch {
        return null;
      }
    });
    expect(role).toBe('admin');
  });

  test('wrong password → error, no token written', async ({ page }) => {
    const login = new AdminLoginPage(page);
    await login.goto();
    await login.login('definitely-not-the-password');
    await expect(login.errorMessage).toContainText(/falsch|forbidden|password/i);
    const token = await page.evaluate(() => localStorage.getItem('eventsnap_jwt'));
    expect(token).toBeNull();
  });

  test('already logged in as admin → auto-redirect to /admin', async ({ page, api }) => {
    const adminJwt = await api.adminLogin();
    await page.goto('/');
    await page.evaluate((jwt) => localStorage.setItem('eventsnap_jwt', jwt), adminJwt);
    await page.goto('/admin/login');
    await page.waitForURL('**/admin', { timeout: 5_000 });
  });
});