From a78d429f0b091265bab14249b4f9bc4d1ffa7030 Mon Sep 17 00:00:00 2001
From: Yisroel Baum <yisroel.d.baum@gmail.com>
Date: Sat, 16 May 2026 21:30:40 +0300
Subject: [PATCH] test: add failing create session test

Red phase: CreateSessionTest covers token, user, createdAt, 7-day expiry, persistence, and fresh instance.
---
 .../Unit/Auth/UseCases/CreateSessionTest.php  | 102 ++++++++++++++++++
 1 file changed, 102 insertions(+)
 create mode 100644 backend/tests/Unit/Auth/UseCases/CreateSessionTest.php

diff --git a/backend/tests/Unit/Auth/UseCases/CreateSessionTest.php b/backend/tests/Unit/Auth/UseCases/CreateSessionTest.php
new file mode 100644
index 0000000..d08c05c
--- /dev/null
+++ b/backend/tests/Unit/Auth/UseCases/CreateSessionTest.php
@@ -0,0 +1,102 @@
+<?php
+
+namespace Tests\Unit\Auth\UseCases;
+
+use App\Auth\UseCases\CreateSession\CreateSession;
+use App\Shared\ValueObject\EmailAddress;
+use App\User\CreateUserDto;
+use App\User\User;
+use DateTimeImmutable;
+use PHPUnit\Framework\TestCase;
+use Tests\Fakes\FakeClock;
+use Tests\Fakes\FakeSessionRepository;
+use Tests\Fakes\FakeTokenGenerator;
+use Tests\Fakes\FakeUserRepository;
+
+class CreateSessionTest extends TestCase
+{
+    private FakeSessionRepository $sessionRepo;
+    private FakeTokenGenerator $tokenGenerator;
+    private FakeClock $clock;
+    private CreateSession $useCase;
+    private User $user;
+
+    protected function setUp(): void
+    {
+        $this->sessionRepo = new FakeSessionRepository();
+        $this->tokenGenerator = new FakeTokenGenerator([
+            'token-1',
+        ]);
+        $this->clock = new FakeClock(
+            new DateTimeImmutable('2026-05-16 12:00:00'),
+        );
+        $this->useCase = new CreateSession(
+            $this->sessionRepo,
+            $this->tokenGenerator,
+            $this->clock,
+        );
+
+        $userRepo = new FakeUserRepository();
+        $this->user = $userRepo->create(new CreateUserDto(
+            email: new EmailAddress('user@example.com'),
+            passwordHash: 'hashed:password',
+        ));
+    }
+
+    public function testCreatesSessionWithGivenToken(): void
+    {
+        $session = $this->useCase->execute($this->user);
+
+        $this->assertSame('token-1', $session->getToken());
+    }
+
+    public function testCreatesSessionWithUser(): void
+    {
+        $session = $this->useCase->execute($this->user);
+
+        $this->assertSame(
+            $this->user->getId(),
+            $session->getUser()->getId(),
+        );
+    }
+
+    public function testCreatesSessionWithCreatedAtFromClock(): void
+    {
+        $session = $this->useCase->execute($this->user);
+
+        $this->assertEquals(
+            new DateTimeImmutable('2026-05-16 12:00:00'),
+            $session->getCreatedAt(),
+        );
+    }
+
+    public function testCreatesSessionWithExpirySevenDaysLater(): void
+    {
+        $session = $this->useCase->execute($this->user);
+
+        $this->assertEquals(
+            new DateTimeImmutable('2026-05-23 12:00:00'),
+            $session->getExpiresAt(),
+        );
+    }
+
+    public function testPersistsSessionInRepository(): void
+    {
+        $session = $this->useCase->execute($this->user);
+
+        $found = $this->sessionRepo->findByToken('token-1');
+
+        $this->assertNotNull($found);
+        $this->assertSame($session->getToken(), $found->getToken());
+    }
+
+    public function testFreshInstanceReturnedOnEachCall(): void
+    {
+        $session = $this->useCase->execute($this->user);
+
+        $this->assertNotSame(
+            $session,
+            $this->sessionRepo->findByToken('token-1'),
+        );
+    }
+}