# frozen_string_literal: true

require 'spec_helper'

RSpec.describe 'safe_session_store_patch', feature_category: :shared do
  shared_examples 'safe session store' do
    it 'allows storing a String' do
      session[:good_data] = 'hello world'

      expect(session[:good_data]).to eq('hello world')
    end

    it 'raises error when session attempts to store an unsafe object' do
      expect { session[:test] = Struct.new(:test) }
        .to raise_error(/Serializing novel Ruby objects can cause uninitialized constants in mixed deployments/)
    end

    it 'allows instance double of OneLogin::RubySaml::Response' do
      response_double = instance_double(OneLogin::RubySaml::Response)

      session[:response_double] = response_double

      expect(session[:response_double]).to eq(response_double)
    end

    it 'raises an error for instance double of REXML::Document' do
      response_double = instance_double(REXML::Document)

      expect { session[:response_double] = response_double }
        .to raise_error(/Serializing novel Ruby objects can cause uninitialized constants in mixed deployments/)
    end
  end

  context 'with ActionController::TestSession' do
    let(:session) { ActionController::TestSession.new }

    it_behaves_like 'safe session store'
  end

  context 'with ActionDispatch::Request::Session' do
    let(:dummy_store) do
      Class.new do
        def load_session(_env)
          [1, {}]
        end

        def session_exists?(_env)
          true
        end

        def delete_session(_env, _id, _options)
          123
        end
      end.new
    end

    let(:request) { ActionDispatch::Request.new({}) }
    let(:session) { ActionDispatch::Request::Session.create(dummy_store, request, {}) }

    it_behaves_like 'safe session store'
  end
end