import gql from 'graphql-tag';
import {
  execute as executeWithoutAuth,
  signIn,
  startSession,
} from 'test/graphql';

const email = 'test_user@example.com';
const username = 'test_user';
const password = 'K$D4@i$HbkNNDmm!'; // must use a secure password

afterEach(() => {
  jest.restoreAllMocks();
  jest.useRealTimers();
});
const changePasswordMutation = gql`
  mutation ($input: ChangePasswordInput!) {
    changePassword(input: $input) {
      success
    }
  }
`;
describe('Mutation:changePassword', () => {
  test('can change password', async () => {
    const newPassword = 'AllW3HeaRi#RaDi0GooG))';
    const { execute, user } = await startSession({ username, password, email });
    const { data, errors } = await execute({
      query: changePasswordMutation,
      variables: {
        input: {
          oldPassword: password,
          newPassword,
        },
      },
    });
    expect(errors).toBeFalsy();
    expect(data?.changePassword?.success).toBe(true);
    const { data: signInNewPassData, errors: signInNewPassErrors } =
      await signIn({
        username,
        password: newPassword,
      });
    expect(signInNewPassErrors).toBeFalsy();
    expect(signInNewPassData?.signIn?.user?.id).toBe(user.id);
  });
  it('when changing password, old password does not work', async () => {
    const newPassword = 'AllW3HeaRi#RaDi0GooG))';
    const { execute } = await startSession({ username, password, email });
    const { data, errors } = await execute({
      query: changePasswordMutation,
      variables: {
        input: {
          oldPassword: password,
          newPassword,
        },
      },
    });
    expect(errors).toBeFalsy();
    expect(data?.changePassword?.success).toBe(true);
    const { errors: signInNewPassErrors } = await signIn({
      username,
      password,
    });
    expect(signInNewPassErrors).toHaveLength(1);
    expect(signInNewPassErrors?.[0]?.message).toMatchInlineSnapshot(
      `"Invalid Username/Password"`
    );
  });

  it('cannot change password when signed out', async () => {
    const newPassword = 'AllW3HeaRi#RaDi0GooG))';
    const { data, errors } = await executeWithoutAuth({
      query: changePasswordMutation,
      variables: {
        input: {
          oldPassword: password,
          newPassword,
        },
      },
    });
    expect(data).toBeFalsy();
    expect(errors).toHaveLength(1);
    expect(errors?.[0]?.message).toMatchInlineSnapshot(
      `"You are not authorized to access this."`
    );
  });

  it('cannot change password to something insecure', async () => {
    const newPassword = 'hello';
    const { execute } = await startSession({ username, password, email });
    const { data, errors } = await execute({
      query: changePasswordMutation,
      variables: {
        input: {
          oldPassword: password,
          newPassword,
        },
      },
    });
    expect(data).toBeFalsy();
    expect(errors).toHaveLength(1);
    expect(errors?.[0]?.message).toMatchInlineSnapshot(`
      "Password is too easily guessable
      This is a top-100 common password"
    `);
  });
});