from __future__ import annotations

import pytest

from pre_commit_hooks.detect_azure_credentials import main
from testing.util import get_resource_path


@pytest.mark.parametrize(
    ("filename", "expected_retval"),
    (
        ("azure_credentials.txt", 1),
        ("azure_no_credentials.txt", 0),
        ("nonsense.txt", 0),
        ("ok_json.json", 0),
    ),
)
def test_detect_azure_credentials(filename, expected_retval):
    """Test detection of Azure credentials in various files."""
    ret = main((get_resource_path(filename),))
    assert ret == expected_retval


def test_detect_multiple_files():
    """Test scanning multiple files at once."""
    ret = main(
        (
            get_resource_path("azure_credentials.txt"),
            get_resource_path("azure_no_credentials.txt"),
        )
    )
    # Should return 1 because at least one file has credentials
    assert ret == 1


def test_detect_multiple_credentials_in_single_file():
    """Test that multiple credentials in one file are all detected."""
    ret = main((get_resource_path("azure_credentials.txt"),))
    assert ret == 1


def test_no_credentials_in_multiple_files():
    """Test scanning multiple clean files."""
    ret = main(
        (
            get_resource_path("azure_no_credentials.txt"),
            get_resource_path("nonsense.txt"),
            get_resource_path("ok_json.json"),
        )
    )
    assert ret == 0


def test_datafactory_shir_key_detection():
    """Test specific detection of Azure Data Factory SHIR keys."""
    ret = main((get_resource_path("azure_credentials.txt"),))
    assert ret == 1


def test_storage_credential_86char_detection():
    """Test detection of 86 character storage credentials."""
    ret = main((get_resource_path("azure_credentials.txt"),))
    assert ret == 1


def test_storage_credential_43char_detection():
    """Test detection of 43 character storage credentials."""
    ret = main((get_resource_path("azure_credentials.txt"),))
    assert ret == 1


def test_blob_url_with_sas_detection():
    """Test detection of blob URLs with SAS tokens."""
    ret = main((get_resource_path("azure_credentials.txt"),))
    assert ret == 1


def test_userid_password_detection():
    """Test detection of userid/password pairs."""
    ret = main((get_resource_path("azure_credentials.txt"),))
    assert ret == 1


def test_machinekey_detection():
    """Test detection of machine keys."""
    ret = main((get_resource_path("azure_credentials.txt"),))
    assert ret == 1


def test_connection_string_password_detection():
    """Test detection of passwords in connection strings."""
    ret = main((get_resource_path("azure_credentials.txt"),))
    assert ret == 1


def test_network_credential_detection():
    """Test detection of network credentials with domains."""
    ret = main((get_resource_path("azure_credentials.txt"),))
    assert ret == 1


def test_devops_pat_detection():
    """Test detection of DevOps Personal Access Tokens."""
    ret = main((get_resource_path("azure_credentials.txt"),))
    assert ret == 1


def test_app_service_deployment_detection():
    """Test detection of App Service deployment secrets."""
    ret = main((get_resource_path("azure_credentials.txt"),))
    assert ret == 1


def test_allows_arbitrarily_encoded_files(tmpdir):
    """Test that binary/arbitrarily encoded files don't cause crashes."""
    arbitrary_encoding = tmpdir.join("binary_file")
    arbitrary_encoding.write_binary(b"\x12\x9a\xe2\xf2\xff\xfe")
    ret = main((str(arbitrary_encoding),))
    assert ret == 0


def test_obfuscation_in_output(capsys):
    """Test that credentials are obfuscated in output."""
    ret = main((get_resource_path("azure_credentials.txt"),))
    assert ret == 1

    out, _ = capsys.readouterr()
    # Verify output contains filename and pattern name
    assert "azure_credentials.txt" in out
    assert "datafactory-shir" in out
    # Verify the actual credential is obfuscated (contains ***)
    assert "***" in out
    # Verify the full credential is NOT in output
    assert "uUY/w9WdKTdAWWPDMrEEWdAEZIgeXlrO51GtVUR1/BE=" not in out


def test_output_format_with_pattern_name(capsys):
    """Test that output includes pattern name for easier debugging."""
    ret = main((get_resource_path("azure_credentials.txt"),))
    assert ret == 1

    out, _ = capsys.readouterr()
    # Should mention the file
    assert "azure_credentials.txt" in out
    # Should include pattern names in parentheses
    assert "(" in out and ")" in out


def test_empty_file(tmpdir):
    """Test scanning an empty file."""
    empty_file = tmpdir.join("empty.txt")
    empty_file.write("")
    ret = main((str(empty_file),))
    assert ret == 0


def test_file_with_partial_patterns(tmpdir):
    """Test that partial/incomplete patterns don't trigger false positives."""
    partial = tmpdir.join("partial.txt")
    partial.write(
        "# These are incomplete patterns that should NOT match\n"
        "IR@incomplete\n"
        "AccountKey=short\n"
        "password=\n"
        "sig=toolittledata\n",
    )
    ret = main((str(partial),))
    assert ret == 0