test Logout use case

2 cases: existing token's session gets removed; unknown token
is a no-op (deleteByToken stays idempotent).

backend/tests/Unit/Auth/UseCases/LogoutTest.php

@@ -0,0 +1,58 @@
+<?php
+
+namespace Tests\Unit\Auth\UseCases;
+
+use App\Auth\CreateSessionDto;
+use App\Auth\UseCases\Logout\Logout;
+use App\Shared\ValueObject\EmailAddress;
+use App\User\User;
+use DateTimeImmutable;
+use DateTimeZone;
+use Tests\Fakes\FakeSessionRepository;
+use Tests\TestCase;
+
+class LogoutTest extends TestCase
+{
+    private FakeSessionRepository $sessionRepo;
+
+    private Logout $useCase;
+
+    private DateTimeImmutable $now;
+
+    protected function setUp(): void
+    {
+        $this->now = new DateTimeImmutable(
+            '2026-05-06T12:00:00',
+            new DateTimeZone('UTC')
+        );
+        $this->sessionRepo = new FakeSessionRepository;
+        $this->useCase = new Logout($this->sessionRepo);
+    }
+
+    public function test_existing_token_session_is_removed(): void
+    {
+        $user = new User(
+            id: 7,
+            email: new EmailAddress('user@example.com'),
+            passwordHash: 'hashed:irrelevant',
+            isAdmin: false,
+        );
+        $this->sessionRepo->create(new CreateSessionDto(
+            token: 'token-abc',
+            user: $user,
+            createdAt: $this->now,
+            expiresAt: $this->now->modify('+7 days'),
+        ));
+
+        $this->useCase->execute('token-abc');
+
+        $this->assertNull($this->sessionRepo->findByToken('token-abc'));
+    }
+
+    public function test_unknown_token_does_not_throw(): void
+    {
+        $this->useCase->execute('unknown-token');
+
+        $this->assertNull($this->sessionRepo->findByToken('unknown-token'));
+    }
+}