SkinbaseNova/tests/Feature/Http/ConditionalPublicSessionsTest.php

<?php

declare(strict_types=1);

namespace Tests\Feature\Http;

use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Config;
use Tests\TestCase;

class ConditionalPublicSessionsTest extends TestCase
{
    use RefreshDatabase;

    protected function setUp(): void
    {
        parent::setUp();

        Config::set('skinbase-sessions.enabled', true);
        Config::set('skinbase-sessions.debug_header', true);
    }

    public function test_anonymous_public_get_does_not_receive_session_cookie(): void
    {
        $response = $this->get('/');

        $response->assertOk();
        $response->assertHeader('X-Skinbase-Session', 'skipped');

        $this->assertFalse($this->responseHasSessionCookie($response));
    }

    public function test_bot_public_get_does_not_receive_session_cookie(): void
    {
        $response = $this
            ->withHeader('User-Agent', 'Googlebot/2.1')
            ->get('/');

        $response->assertOk();
        $response->assertHeader('X-Skinbase-Session', 'skipped');

        $this->assertFalse($this->responseHasSessionCookie($response));
    }

    public function test_login_page_still_starts_session(): void
    {
        $response = $this->get('/login');

        $response->assertOk();
        $response->assertHeader('X-Skinbase-Session', 'started');
    }

    public function test_dashboard_request_still_starts_session(): void
    {
        $response = $this->get('/dashboard');

        $response->assertRedirect('/login');
        $response->assertHeader('X-Skinbase-Session', 'started');
    }

    public function test_studio_request_still_starts_session(): void
    {
        $response = $this->get('/studio');

        $response->assertRedirect('/login');
        $response->assertHeader('X-Skinbase-Session', 'started');
    }

    public function test_settings_request_still_starts_session(): void
    {
        $response = $this->get('/settings/profile');

        $response->assertRedirect('/login');
        $response->assertHeader('X-Skinbase-Session', 'started');
    }

    public function test_messages_request_still_starts_session(): void
    {
        $response = $this->get('/messages');

        $response->assertRedirect('/login');
        $response->assertHeader('X-Skinbase-Session', 'started');
    }

    public function test_login_post_keeps_normal_session_behavior(): void
    {
        $response = $this->post('/login', [
            'email' => 'missing@example.test',
            'password' => 'not-the-right-password',
        ]);

        $response->assertRedirect();
        $response->assertHeader('X-Skinbase-Session', 'started');
    }

    public function test_authenticated_user_keeps_session_on_public_page(): void
    {
        $user = User::factory()->create();
        $sessionCookieName = (string) config('session.cookie');

        $response = $this
            ->withCookie($sessionCookieName, 'existing-session-cookie')
            ->actingAs($user)
            ->get('/');

        $response->assertOk();
        $response->assertHeader('X-Skinbase-Session', 'started');
    }

    private function responseHasSessionCookie($response): bool
    {
        $sessionCookieName = (string) config('session.cookie');

        return collect($response->headers->getCookies())
            ->contains(fn ($cookie): bool => $cookie->getName() === $sessionCookieName);
    }
}