# Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/

require 'rails_helper'

RSpec.describe TwoFactorDefaultAuthenticationMethod, db_strategy: :reset, type: :db_migration do
  let(:user_without_two_factor) { create(:user) }

  let(:user_with_two_factor) do
    user = create(:user)

    create(:user_two_factor_preference, :authenticator_app, user: user)

    user.reload
    user.preferences[:two_factor_authentication] ||= {}
    user.preferences[:two_factor_authentication].delete :default
    user.save!

    user
  end

  let(:user_with_two_factor_and_default_method) do
    user = create(:user)

    create(:user_two_factor_preference, :authenticator_app, user: user)
    security_key_pref = create(:user_two_factor_preference, :security_keys, user: user)

    Service::User::TwoFactor::SetDefaultMethod
      .new(user: user.reload, method_name: security_key_pref.method, force: true)
      .execute

    user
  end

  before do
    Setting.set('two_factor_authentication_method_security_keys', true)
    Setting.set('two_factor_authentication_method_authenticator_app', true)
  end

  context 'when there are no users with two-factor authentication' do
    it 'does not change anything' do
      user_without_two_factor

      expect { migrate }.not_to change { user_without_two_factor.reload.preferences.dig(:two_factor_authentication, :default) }
    end
  end

  context 'when there are users with two-factor authentication' do
    it 'sets the default authentication method to the first one' do
      user_with_two_factor

      expect { migrate }.to change { user_with_two_factor.reload.preferences.dig(:two_factor_authentication, :default) }.from(nil).to('authenticator_app')
    end
  end

  context 'when there are users with two-factor authentication and a default method' do
    it 'does not change the already stored default two-factor authentication method' do
      user_with_two_factor_and_default_method

      expect { migrate }.not_to change { user_with_two_factor_and_default_method.reload.preferences.dig(:two_factor_authentication, :default) }
    end
  end
end