From 6fbb98cf2faf6c87bb4a67f3fbd99503cecf326a Mon Sep 17 00:00:00 2001
From: benya <benya@daemonlord.ru>
Date: Sun, 8 Mar 2026 20:19:53 +0300
Subject: [PATCH] test(invites): return 404 for invalid join token

---
 tests/test_chat_message_flow.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/tests/test_chat_message_flow.py b/tests/test_chat_message_flow.py
index 3f7cd0b..d778d99 100644
--- a/tests/test_chat_message_flow.py
+++ b/tests/test_chat_message_flow.py
@@ -511,6 +511,17 @@ async def test_group_member_cannot_create_invite_link(client, db_session):
     assert member_invite_link.status_code == 403
 
 
+async def test_join_by_invite_with_invalid_token_returns_not_found(client, db_session):
+    user = await _create_verified_user(client, db_session, "invite_invalid_user@example.com", "invite_invalid_user", "strongpass123")
+
+    join_response = await client.post(
+        "/api/v1/chats/join-by-invite",
+        headers={"Authorization": f"Bearer {user['access_token']}"},
+        json={"token": "invalid-token-value"},
+    )
+    assert join_response.status_code == 404
+
+
 async def test_group_invite_privacy_contacts_only(client, db_session):
     inviter = await _create_verified_user(client, db_session, "invite_u1@example.com", "invite_u1", "strongpass123")
     target = await _create_verified_user(client, db_session, "invite_u2@example.com", "invite_u2", "strongpass123")