from django.test import TestCase
from django.urls import reverse

from .models import ThreatScan
from .scanner import scan_content


class ThreatScanWorkflowTests(TestCase):
    def test_scanner_flags_suspicious_url(self):
        result = scan_content("url", "http://paypal-login-security.example.click/account/verify-password")
        self.assertGreaterEqual(result.risk_score, 35)
        self.assertTrue(result.indicators)

    def test_post_scan_creates_privacy_safe_record_and_redirects(self):
        response = self.client.post(reverse("create_scan"), {
            "scan_type": "message",
            "content": "Urgent: verify your password now or your bank account will be suspended. Click https://example.com",
            "store_metadata": "on",
        })
        self.assertEqual(response.status_code, 302)
        scan = ThreatScan.objects.get()
        self.assertNotIn("Urgent:", scan.content_hash)
        self.assertGreater(scan.risk_score, 0)
        self.assertTrue(scan.explanation)