<?php
$I = new ApiTester($scenario);

$I->wantTo('verify existing API token');

$I->comment('verifying existing API token and succeed');
$authToken = $I->login();
$I->sendGET('auth/verify');
$I->seeResponseJsonMatchesJsonPath('$.user');
$I->seeResponseJsonMatchesJsonPath('$.token');
$I->seeResponseContainsJson(['token' => $authToken->token]);

$I->comment('verifying without Bearer should return 401');
$I->haveHttpHeader('Authorization', $authToken->token);
$I->sendGET('auth/verify');
$I->seeResponseCodeIs(\Codeception\Util\HttpCode::UNAUTHORIZED);
$I->dontseeResponseJsonMatchesJsonPath('$.user');
$I->dontseeResponseJsonMatchesJsonPath('$.token');

$I->comment('verifying nonexistent API token and fail');
$I->haveHttpHeader('Authorization', 'Bearer QWERTYUIOP.ADFGHJKL.ZXCVBNM');
$I->sendGET('auth/verify');
$I->seeResponseCodeIs(\Codeception\Util\HttpCode::UNAUTHORIZED);
$I->dontseeResponseJsonMatchesJsonPath('$.user');
$I->dontseeResponseJsonMatchesJsonPath('$.token');

$I->comment('failing to verify an expired token');
$I->updateInDatabase('auth_token', ['expires_at' => '2000-01-01 01:00:00', 'issued_at' => '2000-01-01 00:00:00']);
$I->haveHttpHeader('Authorization', 'Bearer ' . $authToken->token);
$I->sendGET('auth/verify');
$I->seeResponseCodeIs(\Codeception\Util\HttpCode::UNAUTHORIZED);
$I->dontseeResponseJsonMatchesJsonPath('$.user');
$I->dontseeResponseJsonMatchesJsonPath('$.token');