benya/Messenger
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

test(privacy): cover everyone group-invite policy
Some checks are pending
CI / test (push) Has started running
Details

Browse Source
This commit is contained in:
Alex
2026-03-08 20:21:41 +03:00
parent 4cd374e33e
commit 1337a7c10e
2 changed files with 23 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/core-checklist-status.md
View File

@@ -37,7 +37,7 @@ Legend:
28. Notifications - `PARTIAL` (browser notifications + mute/settings; no mobile push infra)
29. Archive - `DONE`
30. Blacklist - `DONE`
31. Privacy - `PARTIAL` (avatar/last-seen/group-invites + PM policy `everyone|contacts|nobody`; integration tests cover PM policy matrix (`everyone/contacts/nobody`), group-invite policy `contacts/nobody`, and private chat counterpart visibility for `nobody/contacts`, remaining UX/matrix hardening)
31. Privacy - `PARTIAL` (avatar/last-seen/group-invites + PM policy `everyone|contacts|nobody`; integration tests cover PM policy matrix (`everyone/contacts/nobody`), group-invite policy matrix (`everyone/contacts/nobody`), and private chat counterpart visibility for `nobody/contacts`, remaining UX/matrix hardening)
32. Security - `PARTIAL` (sessions + revoke + 2FA base + access-session visibility; integration tests cover single-session revoke and revoke-all invalidation/force-disconnect; 2FA setup now blocked after enable to prevent secret re-issuance; one-time recovery codes added; UX polish ongoing)
33. Realtime Events - `DONE` (connect/disconnect/send/receive/typing/read/delivered/online/offline + chat/message updates + chat_deleted)
34. Sync - `PARTIAL` (cross-device via backend state + realtime; reconciliation improved for loaded chats/messages, chat-info panel hot-refreshes on `chat_updated`, delete/leave updates realtime subscriptions, full-chat delete emits `chat_deleted`)

22
tests/test_chat_message_flow.py
View File

@@ -611,6 +611,28 @@ async def test_group_invite_privacy_nobody_blocks_invites_even_from_contacts(cli
assert create_group_blocked.status_code == 403
async def test_group_invite_privacy_everyone_allows_invites_without_contacts(client, db_session):
inviter = await _create_verified_user(client, db_session, "invite_everyone_u1@example.com", "invite_everyone_u1", "strongpass123")
target = await _create_verified_user(client, db_session, "invite_everyone_u2@example.com", "invite_everyone_u2", "strongpass123")
me_target = await client.get("/api/v1/auth/me", headers={"Authorization": f"Bearer {target['access_token']}"})
target_id = me_target.json()["id"]
set_everyone = await client.put(
"/api/v1/users/profile",
headers={"Authorization": f"Bearer {target['access_token']}"},
json={"privacy_group_invites": "everyone"},
)
assert set_everyone.status_code == 200
create_group_allowed = await client.post(
"/api/v1/chats",
headers={"Authorization": f"Bearer {inviter['access_token']}"},
json={"type": ChatType.GROUP.value, "title": "Everyone allowed group", "member_ids": [target_id]},
)
assert create_group_allowed.status_code == 200
async def test_avatar_privacy_hidden_from_other_users_search(client, db_session):
owner = await _create_verified_user(client, db_session, "avatar_owner@example.com", "avatar_owner", "strongpass123")
viewer = await _create_verified_user(client, db_session, "avatar_viewer@example.com", "avatar_viewer", "strongpass123")