"""lasuite-docs — Phase-2 P3 §4.3 prescribed create-a-doc + read-back test.

Plan §4.3 explicitly names this test for lasuite-docs: "create a doc, edit via the API, confirm
persistence". This is the canonical create-an-object + read-it-back for lasuite-docs.

Flow (uses an OIDC token from the dep keycloak):
1. Obtain a JWT via OIDC password grant against the dep keycloak (the test user is provisioned
   by the orchestrator's dep-provisioning step).
2. POST `/api/v1.0/documents/` with `Authorization: Bearer <jwt>` to create a new doc with a
   unique title; capture the returned `id`.
3. GET `/api/v1.0/documents/<id>/` with the same Bearer token; assert the returned title and
   id match.

Non-vacuous: a misconfigured OIDC, broken backend, or missing endpoint fails at the layer it's
broken. The marker-in-the-title + id round-trip proves the doc actually persisted in lasuite-
docs's database after going through the recipe's nginx → backend → postgres path.

Marked @pytest.mark.requires_deps — skips with `deps-not-ready` if dep provisioning failed.
"""

from __future__ import annotations

import os
import sys
import uuid

import pytest

sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "..", "..", "runner"))
from harness import http as harness_http  # noqa: E402
from harness import sso


@pytest.mark.requires_deps
def test_create_doc_and_read_back(live_app, deps):
    """Create a doc via the authenticated API; fetch it back; assert round-trip."""
    kc = deps["keycloak"]

    # Obtain a JWT via OIDC password grant
    access_token = sso.oidc_password_grant(
        {
            "client_id": kc["client_id"],
            "client_secret": kc["client_secret"],
            "user": kc["user"],
            "password": kc["password"],
            "token_url": kc["token_url"],
        }
    )
    auth = {"Authorization": f"Bearer {access_token}"}

    # Create a doc with a unique title
    title = f"ccci-doc-{uuid.uuid4().hex[:8]}"
    s, body = harness_http.http_post(
        f"https://{live_app}/api/v1.0/documents/",
        data={"title": title},
        headers=auth,
    )
    assert s in (200, 201), f"POST /api/v1.0/documents/ HTTP {s}: {body!r}"
    assert isinstance(body, dict), f"unexpected response shape: {body!r}"
    doc_id = body.get("id")
    assert doc_id, f"created doc has no id: {body!r}"
    assert (
        body.get("title") == title
    ), f"created doc title mismatch: created={title!r}, response={body.get('title')!r}"

    # Fetch it back via the dedicated GET endpoint
    s, fetched = harness_http.http_get(
        f"https://{live_app}/api/v1.0/documents/{doc_id}/", headers=auth
    )
    assert s == 200, f"GET /api/v1.0/documents/{doc_id}/ HTTP {s}: {fetched!r}"
    assert isinstance(fetched, dict), f"unexpected GET response: {fetched!r}"
    assert fetched.get("id") in (
        doc_id,
        str(doc_id),
    ), f"fetched id mismatch: created={doc_id!r}, fetched={fetched.get('id')!r}"
    assert (
        fetched.get("title") == title
    ), f"fetched title mismatch: created={title!r}, fetched={fetched.get('title')!r}"