From e35b50e5c240af2a9ebd3972d3c03bd6f41ae9ff Mon Sep 17 00:00:00 2001
From: AI Assistant <ai@architools.local>
Date: Mon, 23 Mar 2026 00:38:11 +0200
Subject: [PATCH] fix(ancpi): recognize AMAuthCookie as valid OpenAM session
 cookie

ANCPI's OpenAM uses AMAuthCookie instead of iPlanetDirectoryPro.
Accept AMAuthCookie, iPlanetDirectoryPro, or JSESSIONID as valid
session indicators. Navigate to ePay after auth to establish JSESSIONID.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .../parcel-sync/services/epay-client.ts       | 35 ++++++++++---------
 1 file changed, 18 insertions(+), 17 deletions(-)

diff --git a/src/modules/parcel-sync/services/epay-client.ts b/src/modules/parcel-sync/services/epay-client.ts
index 94003f2..0c832bf 100644
--- a/src/modules/parcel-sync/services/epay-client.ts
+++ b/src/modules/parcel-sync/services/epay-client.ts
@@ -202,29 +202,30 @@ export class EpayClient {
       JSON.stringify(allCookies),
     );
 
-    const hasSession = allCookies.some(
-      (c) => c.key === "iPlanetDirectoryPro" || c.key === "JSESSIONID",
+    // OpenAM at ANCPI uses AMAuthCookie (not iPlanetDirectoryPro)
+    const SESSION_COOKIE_NAMES = [
+      "AMAuthCookie",
+      "iPlanetDirectoryPro",
+      "JSESSIONID",
+    ];
+    const hasSession = allCookies.some((c) =>
+      SESSION_COOKIE_NAMES.includes(c.key),
     );
 
     if (!hasSession) {
-      // Last resort: try the full HTML for credit info — if we can see credits, we're logged in
-      const checkResponse = await this.client.get(
-        `${BASE_URL}/LogIn.action`,
-        {
-          timeout: DEFAULT_TIMEOUT_MS,
-          maxRedirects: 5,
-          validateStatus: () => true,
-        },
-      );
-      const checkHtml = String(checkResponse.data ?? "");
-      if (checkHtml.includes("puncte de credit")) {
-        console.log("[epay] Login successful (verified via credit check).");
-        return;
-      }
-
       throw new Error("ePay login failed (no session cookie)");
     }
 
+    // Navigate to ePay to establish JSESSIONID (if not already there)
+    const hasJsessionId = allCookies.some((c) => c.key === "JSESSIONID");
+    if (!hasJsessionId) {
+      await this.client.get(`${BASE_URL}/LogIn.action`, {
+        timeout: DEFAULT_TIMEOUT_MS,
+        maxRedirects: 5,
+        validateStatus: () => true,
+      });
+    }
+
     console.log("[epay] Login successful.");
   }