1782810000, 'expires' => 1782810030, 'correlation' => 'autologin-h4-mxtest-1782810000', 'id' => 'HASHURLMATCH', 'redirect_path' => '/', 'client_ip' => '198.51.100.10', 'ip_bound' => 1, 'status' => 'created', ]; $matching = [ 'id' => 'HASHURLMATCH', 'created' => '2026-06-30T10:00:00Z', 'expires' => '2026-06-30T10:00:30Z', 'redirectURL' => '/', 'allowNetworks' => ['198.51.100.10/32'], ]; $wrongRedirect = $matching; $wrongRedirect['id'] = 'HASHURLWRONG'; $wrongRedirect['redirectURL'] = '/admin'; $notExpired = $matching; $notExpired['id'] = 'HASHURLFRESH'; $notExpired['expires'] = '2099-06-30T10:00:30Z'; assert_true(mailLoginCleanupShouldDelete($matching, [$state], strtotime('2026-06-30T10:01:00Z'))); assert_false(mailLoginCleanupShouldDelete($wrongRedirect, [$state], strtotime('2026-06-30T10:01:00Z'))); assert_false(mailLoginCleanupShouldDelete($notExpired, [$state], strtotime('2026-06-30T10:01:00Z'))); $stateWithoutId = $state; unset($stateWithoutId['id']); assert_false(mailLoginCleanupShouldDelete($matching, [$stateWithoutId], strtotime('2026-06-30T10:01:00Z'))); }); test('cleanup rejects non-https directadmin api base url', function (): void { try { mailLoginCleanupValidateBaseUrl('http://127.0.0.1:2222'); throw new RuntimeException('Expected http base URL to fail'); } catch (InvalidArgumentException $e) { assert_contains('https', strtolower($e->getMessage())); } });