From 44e2f97cb7c454c077437caa7e4ae58eef432f82 Mon Sep 17 00:00:00 2001
From: Kharec <sandro@cazzaniga.fr>
Date: Thu, 8 Jan 2026 06:16:44 +0100
Subject: [PATCH] test: assert refresh token rotation and old-token
 invalidation

---
 internal/services/session_service_test.go | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/internal/services/session_service_test.go b/internal/services/session_service_test.go
index 3b19de3..ec7314c 100644
--- a/internal/services/session_service_test.go
+++ b/internal/services/session_service_test.go
@@ -398,12 +398,23 @@ func TestSessionService_RefreshAccessToken(t *testing.T) {
 		if result.AccessToken == "" {
 			t.Error("expected non-empty access token")
 		}
-		if result.RefreshToken != refreshToken {
-			t.Errorf("expected refresh token to remain unchanged")
+		if result.RefreshToken == "" {
+			t.Error("expected non-empty refresh token")
+		}
+		if result.RefreshToken == refreshToken {
+			t.Errorf("expected refresh token to rotate")
 		}
 		if result.User == nil {
 			t.Fatal("expected non-nil user")
 		}
+
+		_, err = service.RefreshAccessToken(refreshToken)
+		if err == nil {
+			t.Fatal("expected error when using rotated refresh token")
+		}
+		if !errors.Is(err, ErrRefreshTokenInvalid) {
+			t.Errorf("expected ErrRefreshTokenInvalid, got %v", err)
+		}
 	})
 
 	t.Run("invalid refresh token", func(t *testing.T) {