using System.Net;


using StellaOps.TestKit;
namespace StellaOps.Scanner.WebService.Tests;

public sealed class AuthorizationTests
{
    [Trait("Category", TestCategories.Unit)]
        [Fact]
    public async Task ApiRoutesRequireAuthenticationWhenAuthorityEnabled()
    {
        await using var factory = new ScannerApplicationFactory().WithOverrides(configuration =>
        {
            configuration["scanner:authority:enabled"] = "true";
            configuration["scanner:authority:allowAnonymousFallback"] = "false";
            configuration["scanner:authority:issuer"] = "https://authority.local";
            configuration["scanner:authority:audiences:0"] = "scanner-api";
            configuration["scanner:authority:clientId"] = "scanner-web";
            configuration["scanner:authority:clientSecret"] = "secret";
        });
        await factory.InitializeAsync();

        using var client = factory.CreateClient();
        var response = await client.GetAsync("/api/v1/__auth-probe");

        Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
    }
}