package apitokens

import "testing"

func TestHashSecretDeterministic(t *testing.T) {
	a := HashSecret("ulti_test_secret")
	b := HashSecret("ulti_test_secret")
	if len(a) != 32 {
		t.Fatalf("hash length = %d, want 32", len(a))
	}
	for i := range a {
		if a[i] != b[i] {
			t.Fatal("hash not deterministic")
		}
	}
}

func TestHasPermission(t *testing.T) {
	auth := &AuthContext{
		Permissions: []PermissionGrant{
			{Resource: "mail.messages", Read: true, Write: false},
			{Resource: "mail.send", Read: false, Write: true},
		},
	}
	if !HasPermission(auth, "mail.messages", false) {
		t.Fatal("expected read on mail.messages")
	}
	if HasPermission(auth, "mail.messages", true) {
		t.Fatal("did not expect write on mail.messages")
	}
	if !HasPermission(auth, "mail.send", true) {
		t.Fatal("expected write on mail.send")
	}
	if HasPermission(auth, "drive.files", false) {
		t.Fatal("did not expect drive.files")
	}
}