import { afterEach, describe, expect, it, vi } from 'vitest' import { clearSessionCookie, setSessionCookie } from './sessionCookies' const originalEnv = { ...process.env } function mockResponse() { return { cookie: vi.fn(), clearCookie: vi.fn(), } } afterEach(() => { process.env = { ...originalEnv } }) describe('session cookies', () => { it('sets employee session cookies for the configured parent domain', () => { process.env.NODE_ENV = 'production' process.env.SESSION_COOKIE_DOMAIN = '.rentaldrivego.ma' const res = mockResponse() setSessionCookie(res as never, 'employee', 'token-123', 1000) expect(res.cookie).toHaveBeenCalledWith('employee_session', 'token-123', { httpOnly: true, secure: true, sameSite: 'lax', path: '/', domain: '.rentaldrivego.ma', maxAge: 1000, }) }) it('clears cookies with the same domain attributes used when setting them', () => { process.env.NODE_ENV = 'production' process.env.SESSION_COOKIE_DOMAIN = '.rentaldrivego.ma' const res = mockResponse() clearSessionCookie(res as never, 'employee') expect(res.clearCookie).toHaveBeenCalledWith('employee_session', { httpOnly: true, secure: true, sameSite: 'lax', path: '/', domain: '.rentaldrivego.ma', }) }) it('omits the domain option when no shared cookie domain is configured', () => { delete process.env.SESSION_COOKIE_DOMAIN const res = mockResponse() setSessionCookie(res as never, 'employee', 'token-123') expect(res.cookie).toHaveBeenCalledWith('employee_session', 'token-123', { httpOnly: true, secure: false, sameSite: 'lax', path: '/', }) }) })