"""SOC opaque token generation / verification."""

from __future__ import annotations

from mimic.auth.soc_token import generate_token, verify_token


def test_generated_token_verifies() -> None:
    material = generate_token(rounds=4)
    assert verify_token(material.plain, material.hashed) is True


def test_different_plain_does_not_verify() -> None:
    material = generate_token(rounds=4)
    assert verify_token("wrong-token", material.hashed) is False


def test_plain_is_url_safe_and_long() -> None:
    material = generate_token(rounds=4)
    # 32 random bytes → ~43 url-safe base64 chars.
    assert len(material.plain) >= 32
    assert all(c.isalnum() or c in "-_" for c in material.plain)


def test_verify_with_empty_values() -> None:
    assert verify_token("", "$2b$04$abc") is False
    assert verify_token("token", "") is False