<?php
/**
 * Copyright seit 2024 Webshop System
 *
 * Integration-Tests für Admin-Controller
 *
 * @author    Webshop System
 * @license   GPL v3
 */

namespace Tests\Integration;

use PHPUnit\Framework\TestCase;
use Doctrine\DBAL\DriverManager;
use Doctrine\DBAL\Exception;

class AdminControllerTest extends TestCase
{
    private $conn;
    private $adminSession;
    
    protected function setUp(): void
    {
        // Test-Datenbank-Verbindung
        $connectionParams = [
            'dbname' => getenv('DB_DATABASE') ?: 'freeshop_test',
            'user' => getenv('DB_USERNAME') ?: 'freeshop_user',
            'password' => getenv('DB_PASSWORD') ?: 'freeshop_password',
            'host' => getenv('DB_HOST') ?: 'db',
            'driver' => 'pdo_mysql',
            'port' => getenv('DB_PORT') ?: 3306,
            'charset' => 'utf8mb4',
        ];
        
        try {
            $this->conn = DriverManager::getConnection($connectionParams);
            $this->setupTestData();
            $this->adminSession = $this->createAdminSession();
        } catch (Exception $e) {
            $this->markTestSkipped('Datenbankverbindung nicht verfügbar: ' . $e->getMessage());
        }
    }
    
    protected function tearDown(): void
    {
        if ($this->conn) {
            $this->cleanupTestData();
        }
    }
    
    private function setupTestData()
    {
        // Admin-User erstellen
        $this->conn->executeStatement('
            INSERT INTO ws_user (username, email, password, role, active) 
            VALUES (?, ?, ?, ?, ?)
        ', ['admin_test', 'admin@test.com', password_hash('test123', PASSWORD_DEFAULT), 'admin', 1]);
        
        // Test-Kategorie erstellen
        $this->conn->executeStatement('
            INSERT INTO ws_category (name, description, active) 
            VALUES (?, ?, ?)
        ', ['Test Kategorie', 'Test Beschreibung', 1]);
        
        // Test-Produkte erstellen
        $this->conn->executeStatement('
            INSERT INTO ws_product (name, description, price, category_id, active) 
            VALUES (?, ?, ?, ?, ?)
        ', ['Test Produkt 1', 'Test Beschreibung 1', 19.99, 1, 1]);
    }
    
    private function cleanupTestData()
    {
        $this->conn->executeStatement('DELETE FROM ws_product WHERE name LIKE ?', ['Test Produkt%']);
        $this->conn->executeStatement('DELETE FROM ws_category WHERE name = ?', ['Test Kategorie']);
        $this->conn->executeStatement('DELETE FROM ws_user WHERE username = ?', ['admin_test']);
    }
    
    private function createAdminSession()
    {
        // Simuliere Admin-Session
        return [
            'user_id' => 1,
            'username' => 'admin_test',
            'role' => 'admin',
            'authenticated' => true
        ];
    }
    
    public function testAdminLoginSuccess()
    {
        // Simuliere POST-Request für Login
        $_POST['username'] = 'admin_test';
        $_POST['password'] = 'test123';
        
        // Login-Logik simulieren
        $stmt = $this->conn->prepare('SELECT * FROM ws_user WHERE username = ? AND active = 1');
        $stmt->execute(['admin_test']);
        $user = $stmt->fetchAssociative();
        
        $this->assertNotNull($user);
        $this->assertEquals('admin_test', $user['username']);
        $this->assertEquals('admin', $user['role']);
        $this->assertTrue(password_verify('test123', $user['password']));
    }
    
    public function testAdminLoginFailure()
    {
        // Simuliere POST-Request für Login mit falschem Passwort
        $_POST['username'] = 'admin_test';
        $_POST['password'] = 'wrong_password';
        
        // Login-Logik simulieren
        $stmt = $this->conn->prepare('SELECT * FROM ws_user WHERE username = ? AND active = 1');
        $stmt->execute(['admin_test']);
        $user = $stmt->fetchAssociative();
        
        $this->assertNotNull($user);
        $this->assertFalse(password_verify('wrong_password', $user['password']));
    }
    
    public function testAdminDashboardAccess()
    {
        // Simuliere Admin-Dashboard-Zugriff
        $this->assertTrue($this->adminSession['authenticated']);
        $this->assertEquals('admin', $this->adminSession['role']);
        
        // Dashboard-Daten laden
        $stmt = $this->conn->prepare('SELECT COUNT(*) as product_count FROM ws_product WHERE active = 1');
        $stmt->execute();
        $productCount = $stmt->fetchAssociative()['product_count'];
        
        $stmt = $this->conn->prepare('SELECT COUNT(*) as category_count FROM ws_category WHERE active = 1');
        $stmt->execute();
        $categoryCount = $stmt->fetchAssociative()['category_count'];
        
        $this->assertGreaterThan(0, $productCount);
        $this->assertGreaterThan(0, $categoryCount);
    }
    
    public function testProductCRUDOperations()
    {
        // CREATE - Produkt erstellen
        $productData = [
            'name' => 'Integration Test Produkt',
            'description' => 'Test Beschreibung',
            'price' => 25.99,
            'category_id' => 1,
            'active' => 1
        ];
        
        $stmt = $this->conn->prepare('
            INSERT INTO ws_product (name, description, price, category_id, active) 
            VALUES (?, ?, ?, ?, ?)
        ');
        
        $result = $stmt->execute([
            $productData['name'],
            $productData['description'],
            $productData['price'],
            $productData['category_id'],
            $productData['active']
        ]);
        
        $this->assertTrue($result);
        
        // READ - Produkt abrufen
        $stmt = $this->conn->prepare('SELECT * FROM ws_product WHERE name = ?');
        $stmt->execute([$productData['name']]);
        $product = $stmt->fetchAssociative();
        
        $this->assertNotNull($product);
        $this->assertEquals($productData['name'], $product['name']);
        $this->assertEquals($productData['price'], $product['price']);
        
        // UPDATE - Produkt aktualisieren
        $stmt = $this->conn->prepare('
            UPDATE ws_product 
            SET name = ?, price = ? 
            WHERE id = ?
        ');
        
        $result = $stmt->execute(['Aktualisiertes Test Produkt', 29.99, $product['id']]);
        $this->assertTrue($result);
        
        // Prüfen ob Update erfolgreich war
        $stmt = $this->conn->prepare('SELECT * FROM ws_product WHERE id = ?');
        $stmt->execute([$product['id']]);
        $updatedProduct = $stmt->fetchAssociative();
        
        $this->assertEquals('Aktualisiertes Test Produkt', $updatedProduct['name']);
        $this->assertEquals(29.99, $updatedProduct['price']);
        
        // DELETE - Produkt löschen
        $stmt = $this->conn->prepare('DELETE FROM ws_product WHERE id = ?');
        $result = $stmt->execute([$product['id']]);
        $this->assertTrue($result);
        
        // Prüfen ob Produkt gelöscht wurde
        $stmt = $this->conn->prepare('SELECT * FROM ws_product WHERE id = ?');
        $stmt->execute([$product['id']]);
        $deletedProduct = $stmt->fetchAssociative();
        
        $this->assertFalse($deletedProduct);
    }
    
    public function testCategoryCRUDOperations()
    {
        // CREATE - Kategorie erstellen
        $categoryData = [
            'name' => 'Integration Test Kategorie',
            'description' => 'Test Kategorie Beschreibung',
            'active' => 1
        ];
        
        $stmt = $this->conn->prepare('
            INSERT INTO ws_category (name, description, active) 
            VALUES (?, ?, ?)
        ');
        
        $result = $stmt->execute([
            $categoryData['name'],
            $categoryData['description'],
            $categoryData['active']
        ]);
        
        $this->assertTrue($result);
        
        // READ - Kategorie abrufen
        $stmt = $this->conn->prepare('SELECT * FROM ws_category WHERE name = ?');
        $stmt->execute([$categoryData['name']]);
        $category = $stmt->fetchAssociative();
        
        $this->assertNotNull($category);
        $this->assertEquals($categoryData['name'], $category['name']);
        
        // UPDATE - Kategorie aktualisieren
        $stmt = $this->conn->prepare('
            UPDATE ws_category 
            SET name = ?, description = ? 
            WHERE id = ?
        ');
        
        $result = $stmt->execute(['Aktualisierte Test Kategorie', 'Neue Beschreibung', $category['id']]);
        $this->assertTrue($result);
        
        // Prüfen ob Update erfolgreich war
        $stmt = $this->conn->prepare('SELECT * FROM ws_category WHERE id = ?');
        $stmt->execute([$category['id']]);
        $updatedCategory = $stmt->fetchAssociative();
        
        $this->assertEquals('Aktualisierte Test Kategorie', $updatedCategory['name']);
        $this->assertEquals('Neue Beschreibung', $updatedCategory['description']);
        
        // DELETE - Kategorie löschen
        $stmt = $this->conn->prepare('DELETE FROM ws_category WHERE id = ?');
        $result = $stmt->execute([$category['id']]);
        $this->assertTrue($result);
        
        // Prüfen ob Kategorie gelöscht wurde
        $stmt = $this->conn->prepare('SELECT * FROM ws_category WHERE id = ?');
        $stmt->execute([$category['id']]);
        $deletedCategory = $stmt->fetchAssociative();
        
        $this->assertFalse($deletedCategory);
    }
    
    public function testOrderManagement()
    {
        // Test-Bestellung erstellen
        $orderData = [
            'customer_name' => 'Test Kunde',
            'customer_email' => 'kunde@test.com',
            'total_amount' => 59.97,
            'status' => 'pending',
            'created_at' => date('Y-m-d H:i:s')
        ];
        
        $stmt = $this->conn->prepare('
            INSERT INTO ws_order (customer_name, customer_email, total_amount, status, created_at) 
            VALUES (?, ?, ?, ?, ?)
        ');
        
        $result = $stmt->execute([
            $orderData['customer_name'],
            $orderData['customer_email'],
            $orderData['total_amount'],
            $orderData['status'],
            $orderData['created_at']
        ]);
        
        $this->assertTrue($result);
        
        // Bestellung abrufen
        $stmt = $this->conn->prepare('SELECT * FROM ws_order WHERE customer_email = ?');
        $stmt->execute([$orderData['customer_email']]);
        $order = $stmt->fetchAssociative();
        
        $this->assertNotNull($order);
        $this->assertEquals($orderData['customer_name'], $order['customer_name']);
        $this->assertEquals($orderData['total_amount'], $order['total_amount']);
        
        // Bestellstatus aktualisieren
        $stmt = $this->conn->prepare('
            UPDATE ws_order 
            SET status = ? 
            WHERE id = ?
        ');
        
        $result = $stmt->execute(['shipped', $order['id']]);
        $this->assertTrue($result);
        
        // Prüfen ob Status-Update erfolgreich war
        $stmt = $this->conn->prepare('SELECT * FROM ws_order WHERE id = ?');
        $stmt->execute([$order['id']]);
        $updatedOrder = $stmt->fetchAssociative();
        
        $this->assertEquals('shipped', $updatedOrder['status']);
        
        // Bestellung löschen
        $stmt = $this->conn->prepare('DELETE FROM ws_order WHERE id = ?');
        $result = $stmt->execute([$order['id']]);
        $this->assertTrue($result);
    }
    
    public function testSettingsManagement()
    {
        // Einstellungen abrufen
        $stmt = $this->conn->prepare('SELECT * FROM ws_configuration');
        $stmt->execute();
        $configurations = $stmt->fetchAllAssociative();
        
        $this->assertGreaterThan(0, count($configurations));
        
        // Einstellung aktualisieren
        $stmt = $this->conn->prepare('
            UPDATE ws_configuration 
            SET value = ? 
            WHERE name = ?
        ');
        
        $result = $stmt->execute(['Test Shop Name', 'shop_name']);
        $this->assertTrue($result);
        
        // Prüfen ob Update erfolgreich war
        $stmt = $this->conn->prepare('SELECT * FROM ws_configuration WHERE name = ?');
        $stmt->execute(['shop_name']);
        $config = $stmt->fetchAssociative();
        
        if ($config) {
            $this->assertEquals('Test Shop Name', $config['value']);
        }
    }
    
    public function testSecurityValidation()
    {
        // Test SQL-Injection-Schutz
        $maliciousInput = "'; DROP TABLE ws_product; --";
        
        $stmt = $this->conn->prepare('SELECT * FROM ws_product WHERE name = ?');
        $stmt->execute([$maliciousInput]);
        $result = $stmt->fetchAssociative();
        
        // Sollte keine Exception werfen und sicher sein
        $this->assertFalse($result);
        
        // Test XSS-Schutz
        $xssInput = '<script>alert("XSS")</script>';
        
        $stmt = $this->conn->prepare('
            INSERT INTO ws_product (name, description, price, category_id, active) 
            VALUES (?, ?, ?, ?, ?)
        ');
        
        $result = $stmt->execute([$xssInput, 'Test', 19.99, 1, 1]);
        $this->assertTrue($result);
        
        // Prüfen ob Input sicher gespeichert wurde
        $stmt = $this->conn->prepare('SELECT * FROM ws_product WHERE name = ?');
        $stmt->execute([$xssInput]);
        $product = $stmt->fetchAssociative();
        
        $this->assertNotNull($product);
        $this->assertEquals($xssInput, $product['name']);
        
        // Test-Daten aufräumen
        $stmt = $this->conn->prepare('DELETE FROM ws_product WHERE name = ?');
        $stmt->execute([$xssInput]);
    }
}