"""
Simple test to validate MCP auth header priority behavior.

Validates that:
1. auth_value is not required in config.yaml
2. Server-specific headers (x-mcp-server-name-authorization) take precedence over config auth_value
"""

import pytest
from litellm.proxy._experimental.mcp_server.mcp_server_manager import MCPServerManager
from litellm.types.mcp import MCPAuth, MCPTransport, MCPSpecVersion
from litellm.types.mcp_server.mcp_server_manager import MCPServer


@pytest.mark.asyncio
async def test_mcp_server_works_without_config_auth_value():
    """
    Test that MCP servers work without auth_value in config when headers are provided.
    This validates that auth_value is truly optional in config.yaml.
    """
    # Create a server WITHOUT config auth_value
    server_without_config_auth = MCPServer(
        server_id="test-server-no-config",
        name="Test MCP Server No Config Auth",
        server_name="test_server_no_config",
        alias="test_no_config",
        url="https://api.example.com/mcp",
        transport=MCPTransport.http,
        auth_type=MCPAuth.authorization,
        authentication_token=None,  # No config auth
    )

    manager = MCPServerManager()

    # Test that it works with only header auth
    client = await manager._create_mcp_client(
        server=server_without_config_auth,
        mcp_auth_header="Bearer token_from_header_only",
    )

    # Verify header token is used
    assert client._mcp_auth_value == "Bearer token_from_header_only"
    assert client.auth_type == MCPAuth.authorization


@pytest.mark.parametrize("token_key", ["authentication_token", "auth_value"])
async def test_mcp_server_config_auth_value_header_used(token_key):
    """Ensure auth header is sent when auth token configured in config"""
    config = {
        "test_server": {
            "url": "https://api.example.com/mcp",
            "transport": "http",
            "auth_type": "bearer_token",
            token_key: "example_token",
        }
    }

    manager = MCPServerManager()
    await manager.load_servers_from_config(config)

    server = next(iter(manager.config_mcp_servers.values()))
    client = await manager._create_mcp_client(server)
    headers = client._get_auth_headers()

    assert headers["Authorization"] == "Bearer example_token"
    assert client.auth_type == MCPAuth.bearer_token