diff --git a/docs/core-checklist-status.md b/docs/core-checklist-status.md index 547fbea..73b4935 100644 --- a/docs/core-checklist-status.md +++ b/docs/core-checklist-status.md @@ -29,7 +29,7 @@ Legend: 20. GIF - `PARTIAL` (web GIF picker with Tenor search + preset fallback + favorites) 21. Message History/Search - `DONE` (history/pagination/chat+global search) 22. Text Formatting - `PARTIAL` (bold/italic/underline/spoiler/mono/links + strikethrough + quote/code block; toolbar still evolving) -23. Groups - `PARTIAL` (create/add/remove/invite link; advanced moderation partial) +23. Groups - `PARTIAL` (create/add/remove/invite link; join-by-invite and invite permissions covered by integration tests; advanced moderation partial) 24. Roles - `DONE` (owner/admin/member) 25. Admin Rights - `PARTIAL` (delete/pin/edit info + explicit ban API for groups/channels; integration tests cover channel member read-only, channel admin full-delete, channel message delete-for-all permissions, group profile edit permissions, and owner-only role management rules; remaining UX moderation tools limited) 26. Channels - `PARTIAL` (create/post/edit/delete/subscribe/unsubscribe; UX edge-cases still polishing) diff --git a/tests/test_chat_message_flow.py b/tests/test_chat_message_flow.py index b9181b5..3f7cd0b 100644 --- a/tests/test_chat_message_flow.py +++ b/tests/test_chat_message_flow.py @@ -454,6 +454,63 @@ async def test_group_owner_cannot_demote_self_from_owner_role(client, db_session assert owner_try_self_demote.status_code == 422 +async def test_group_invite_link_allows_join_by_token(client, db_session): + owner = await _create_verified_user(client, db_session, "invite_owner@example.com", "invite_owner", "strongpass123") + joiner = await _create_verified_user(client, db_session, "invite_joiner@example.com", "invite_joiner", "strongpass123") + + create_group = await client.post( + "/api/v1/chats", + headers={"Authorization": f"Bearer {owner['access_token']}"}, + json={"type": ChatType.GROUP.value, "title": "Invite group", "member_ids": []}, + ) + assert create_group.status_code == 200 + chat_id = create_group.json()["id"] + + invite_link = await client.post( + f"/api/v1/chats/{chat_id}/invite-link", + headers={"Authorization": f"Bearer {owner['access_token']}"}, + ) + assert invite_link.status_code == 200 + token = invite_link.json()["token"] + + join_response = await client.post( + "/api/v1/chats/join-by-invite", + headers={"Authorization": f"Bearer {joiner['access_token']}"}, + json={"token": token}, + ) + assert join_response.status_code == 200 + assert join_response.json()["id"] == chat_id + + joiner_chats = await client.get( + "/api/v1/chats", + headers={"Authorization": f"Bearer {joiner['access_token']}"}, + ) + assert joiner_chats.status_code == 200 + assert any(chat["id"] == chat_id for chat in joiner_chats.json()) + + +async def test_group_member_cannot_create_invite_link(client, db_session): + owner = await _create_verified_user(client, db_session, "invite_owner2@example.com", "invite_owner2", "strongpass123") + member = await _create_verified_user(client, db_session, "invite_member2@example.com", "invite_member2", "strongpass123") + + me_member = await client.get("/api/v1/auth/me", headers={"Authorization": f"Bearer {member['access_token']}"}) + member_id = me_member.json()["id"] + + create_group = await client.post( + "/api/v1/chats", + headers={"Authorization": f"Bearer {owner['access_token']}"}, + json={"type": ChatType.GROUP.value, "title": "Invite rights", "member_ids": [member_id]}, + ) + assert create_group.status_code == 200 + chat_id = create_group.json()["id"] + + member_invite_link = await client.post( + f"/api/v1/chats/{chat_id}/invite-link", + headers={"Authorization": f"Bearer {member['access_token']}"}, + ) + assert member_invite_link.status_code == 403 + + async def test_group_invite_privacy_contacts_only(client, db_session): inviter = await _create_verified_user(client, db_session, "invite_u1@example.com", "invite_u1", "strongpass123") target = await _create_verified_user(client, db_session, "invite_u2@example.com", "invite_u2", "strongpass123")