package session

import "testing"

// TestGenerateTokenUniqueAndHashed checks that tokens are unique, the stored
// value is the hash (not the plaintext), and the hash is a 64-char SHA-256 hex.
func TestGenerateTokenUniqueAndHashed(t *testing.T) {
	tok1, hash1, err := GenerateToken()
	if err != nil {
		t.Fatalf("GenerateToken: %v", err)
	}
	tok2, hash2, err := GenerateToken()
	if err != nil {
		t.Fatalf("GenerateToken: %v", err)
	}

	if tok1 == tok2 {
		t.Error("tokens must be unique")
	}
	if hash1 == hash2 {
		t.Error("hashes must differ for distinct tokens")
	}
	if hash1 != HashToken(tok1) {
		t.Error("stored hash must equal HashToken(token)")
	}
	if tok1 == hash1 {
		t.Error("stored hash must not equal the plaintext token")
	}
	if len(hash1) != 64 {
		t.Errorf("hash length = %d, want 64 (sha256 hex)", len(hash1))
	}
}

// TestHashTokenDeterministic checks that hashing is stable for a given token.
func TestHashTokenDeterministic(t *testing.T) {
	first := HashToken("alpha")
	second := HashToken("alpha")
	if first != second {
		t.Error("HashToken must be deterministic")
	}
	if first == HashToken("beta") {
		t.Error("distinct tokens must hash differently")
	}
}