# tests/integration/security/test_authentication.py
"""
Authentication tests for the API.

API Structure:
- /api/v1/admin/* - Admin endpoints (require admin token)
- /api/v1/vendor/* - Vendor endpoints (require vendor token with vendor_id claim)
"""

import pytest


@pytest.mark.integration
@pytest.mark.security
@pytest.mark.auth
class TestAuthentication:
    def test_protected_endpoint_without_auth(self, client):
        """Test that protected endpoints reject unauthenticated requests"""
        protected_endpoints = [
            "/api/v1/admin/users",
            "/api/v1/admin/vendors",
            "/api/v1/admin/marketplace-import-jobs",
            "/api/v1/admin/products",
            "/api/v1/vendor/products",
            "/api/v1/vendor/inventory",
        ]

        for endpoint in protected_endpoints:
            response = client.get(endpoint)
            assert response.status_code == 401, f"Expected 401 for {endpoint}"

    def test_protected_endpoint_with_invalid_token(self, client):
        """Test protected endpoints with invalid token"""
        headers = {"Authorization": "Bearer invalid_token_here"}

        response = client.get("/api/v1/admin/products", headers=headers)
        assert response.status_code == 401  # Token is not valid

    def test_valid_token_accepted(self, client, admin_headers):
        """Test that valid tokens are accepted"""
        response = client.get("/api/v1/admin/vendors", headers=admin_headers)
        assert response.status_code == 200