#!/usr/bin/env python3
import requests
import urllib3

# Disable SSL warnings for self-signed certificate
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

# Test configuration
base_url = "https://localhost:443"
admin_users = [
    {"username": "rac00n", "password": "1248163264"},
    {"username": "w@rh@mm3r", "password": "Warhammer123!"}
]

def test_login(username, password):
    """Test login functionality for admin user"""
    session = requests.Session()
    
    # Get login page
    response = session.get(f"{base_url}/login", verify=False)
    if response.status_code != 200:
        return f"Failed to access login page: {response.status_code}"
    
    # Attempt login
    login_data = {
        "username": username,
        "password": password
    }
    
    response = session.post(f"{base_url}/login", data=login_data, verify=False, allow_redirects=False)
    
    # Check if login was successful (redirect to dashboard)
    if response.status_code == 302 and response.headers.get('Location') == '/':
        # Try to access dashboard
        dashboard_response = session.get(f"{base_url}/", verify=False)
        if dashboard_response.status_code == 200 and username in dashboard_response.text:
            return f"✓ Login successful for {username}"
        else:
            return f"✗ Login succeeded but dashboard access failed for {username}"
    else:
        return f"✗ Login failed for {username}"

# Test both admin users
print("Testing Admin Panel Login Functionality")
print("=" * 40)

for user in admin_users:
    result = test_login(user["username"], user["password"])
    print(result)

print("\nTesting invalid credentials...")
result = test_login("invalid_user", "wrong_password")
print(result)