from app.config import Settings
from app.dmarc_parser import ParsedAuthResult, ParsedRecord
from app.known_senders import classify_record


def _record(source_ip: str, *, dkim_domain: str = "tukutoi.com", spf_domain: str = "tukutoi.com") -> ParsedRecord:
    return ParsedRecord(
        source_ip=source_ip,
        count=1,
        disposition="none",
        policy_dkim="pass",
        policy_spf="pass",
        dkim_aligned=True,
        spf_aligned=True,
        dmarc_pass=True,
        header_from="tukutoi.com",
        reason_type=None,
        reason_comment=None,
        auth_results=[
            ParsedAuthResult(auth_type="dkim", domain=dkim_domain, result="pass"),
            ParsedAuthResult(auth_type="spf", domain=spf_domain, result="pass"),
        ],
    )


def test_ip_allowlisted_sender_requires_ip_match_even_when_auth_domain_matches():
    settings = Settings.model_validate(
        {
            "known_senders": {
                "tukutoi.com": [
                    {
                        "id": "mailcow",
                        "name": "mailcow outbound",
                        "ip_allowlist": ["45.148.30.200/32"],
                        "dkim_domains": ["tukutoi.com"],
                        "spf_domains": ["tukutoi.com"],
                    }
                ]
            },
            "alerts": {"email": {"enabled": False}},
        }
    )

    match = classify_record(settings, "tukutoi.com", _record("50.31.205.203"))

    assert match.is_known is False
    assert match.id is None
    assert match.name is None


def test_ip_allowlisted_sender_matches_configured_ip():
    settings = Settings.model_validate(
        {
            "known_senders": {
                "tukutoi.com": [
                    {
                        "id": "mailcow",
                        "name": "mailcow outbound",
                        "ip_allowlist": ["45.148.30.200/32"],
                        "dkim_domains": ["tukutoi.com"],
                        "spf_domains": ["tukutoi.com"],
                    }
                ]
            },
            "alerts": {"email": {"enabled": False}},
        }
    )

    match = classify_record(settings, "tukutoi.com", _record("45.148.30.200"))

    assert match.is_known is True
    assert match.id == "mailcow"


def test_domain_only_sender_still_matches_auth_domain_when_no_ip_allowlist_exists():
    settings = Settings.model_validate(
        {
            "known_senders": {
                "tukutoi.com": [
                    {
                        "id": "domain-only",
                        "name": "domain-only sender",
                        "ip_allowlist": [],
                        "dkim_domains": ["tukutoi.com"],
                        "spf_domains": [],
                    }
                ]
            },
            "alerts": {"email": {"enabled": False}},
        }
    )

    match = classify_record(settings, "tukutoi.com", _record("50.31.205.203"))

    assert match.is_known is True
    assert match.id == "domain-only"


def test_aligned_dkim_without_configured_sender_is_not_known_sender():
    settings = Settings.model_validate({"known_senders": {}, "alerts": {"email": {"enabled": False}}})

    match = classify_record(settings, "tukutoi.com", _record("50.31.205.203"))

    assert match.is_known is False