from __future__ import annotations

import unittest

from app.routes.users import _sanitize_next_path


class LoginNextRedirectTest(unittest.TestCase):
    def test_accepts_local_path_with_query(self) -> None:
        self.assertEqual(
            _sanitize_next_path("/subir_lote?batch_id=123"),
            "/subir_lote?batch_id=123",
        )

    def test_rejects_external_url(self) -> None:
        self.assertEqual(
            _sanitize_next_path("https://evil.example/login"),
            "/dashboard",
        )

    def test_rejects_protocol_relative_url(self) -> None:
        self.assertEqual(_sanitize_next_path("//evil.example"), "/dashboard")

    def test_rejects_login_self_redirect(self) -> None:
        self.assertEqual(_sanitize_next_path("/login?next=%2Fdashboard"), "/dashboard")

    def test_rejects_non_absolute_path(self) -> None:
        self.assertEqual(_sanitize_next_path("dashboard"), "/dashboard")


if __name__ == "__main__":
    unittest.main()