# apps/aroflo_connector_app/ui_automation/auth/session.py
from playwright.sync_api import Page

from ..core.artifacts import shot
from ..core.log import log_step, pause
from .detect import (
    has_visible_password_input,
    is_mfa_screen,
    is_authenticated,
    is_office_field_selector,
    click_office_tile,
)
from .login import fill_login
from .mfa import handle_mfa
from .post_login import handle_terminate_sessions


def ensure_logged_in(
    page: Page,
    cfg,
    run_dir,
    mfa_code: str,
    allow_mfa: bool,
) -> None:
    # 1) Open base URL
    page.goto(cfg.base_url, wait_until="domcontentloaded")
    page.wait_for_timeout(400)

    shot(page, run_dir, "step1-open")
    log_step("step1-open", page)
    pause(cfg, "Opened base URL")

    # 2) Office / Field selector
    if is_office_field_selector(page):
        shot(page, run_dir, "office-field-selector")
        click_office_tile(page)
        page.wait_for_timeout(500)

    # 3) Login form
    if has_visible_password_input(page):
        fill_login(page, cfg, run_dir)

    # 4) MFA (only allowed in bootstrap)
    if is_mfa_screen(page):
        if not allow_mfa:
            raise RuntimeError("Unexpected MFA during smoke/navigation")
        handle_mfa(page, cfg, run_dir, mfa_code)

    # Después de MFA o login normal
    handled = handle_terminate_sessions(page, run_dir)

    if handled:
        # A veces AroFlo necesita un pequeño respiro
        page.wait_for_timeout(600)

    # 5) Final auth validation
    if not is_authenticated(page):
        shot(page, run_dir, "auth-not-reached")
        raise RuntimeError("Authentication not reached")