"""Tests for CSRF token generation and double-submit cookie pattern."""

from fusionagi.api.security import (
    CSRF_COOKIE_NAME,
    CSRF_HEADER_NAME,
    CSRF_TOKEN_LENGTH,
    generate_csrf_token,
)


def test_generate_csrf_token_length():
    """Token should be URL-safe and reasonable length."""
    token = generate_csrf_token()
    assert len(token) > 20
    assert all(c.isalnum() or c in "-_" for c in token)


def test_generate_csrf_token_uniqueness():
    """Each token should be unique."""
    tokens = {generate_csrf_token() for _ in range(100)}
    assert len(tokens) == 100


def test_csrf_constants():
    """CSRF constants should be set."""
    assert CSRF_COOKIE_NAME == "fusionagi_csrf"
    assert CSRF_HEADER_NAME == "x-csrf-token"
    assert CSRF_TOKEN_LENGTH == 32