import unittest

from user_engine.domain import AuthorizationEffect, AuthorizationRequest
from user_engine.testing.fixtures import (
    FixtureIdentityClaimsAdapter,
    StaticAuthorizationCheckPort,
    human_actor_claims,
    sample_application_binding,
)


class PortFixtureTests(unittest.TestCase):
    def test_fixture_identity_claims_adapter_normalizes_actor(self):
        adapter = FixtureIdentityClaimsAdapter()
        actor = adapter.normalize(human_actor_claims())

        self.assertEqual(actor.identity_key, ("https://issuer.example.test", "user-123"))
        self.assertEqual(actor.tenant, "tenant:coulomb")
        self.assertIn("profile", actor.scopes)

    def test_static_authorization_check_records_requests(self):
        adapter = FixtureIdentityClaimsAdapter()
        actor = adapter.normalize(human_actor_claims())
        authz = StaticAuthorizationCheckPort(effect=AuthorizationEffect.ALLOW)
        request = AuthorizationRequest(
            actor=actor,
            resource_type="user-engine:profile",
            resource_id="usr_123",
            action="read",
            tenant="tenant:coulomb",
            correlation_id="corr-1",
            target_user_id="usr_123",
        )

        decision = authz.check(request)

        self.assertTrue(decision.allowed)
        self.assertEqual(authz.requests, [request])

    def test_sample_application_binding_keeps_external_ids_separate(self):
        binding = sample_application_binding()

        self.assertEqual(binding.application_id, "app.demo")
        self.assertEqual(binding.oidc_client_id, "demo-client")
        self.assertEqual(binding.protected_system_id, "user-engine.demo")


if __name__ == "__main__":
    unittest.main()