test(contacts): cover add-by-email success and not-found

tests/test_chat_message_flow.py

@@ -633,6 +633,32 @@ async def test_group_invite_privacy_everyone_allows_invites_without_contacts(cli
     assert create_group_allowed.status_code == 200
 
 
+async def test_add_contact_by_email_success_and_not_found(client, db_session):
+    owner = await _create_verified_user(client, db_session, "contact_email_owner@example.com", "contact_email_owner", "strongpass123")
+    target = await _create_verified_user(client, db_session, "contact_email_target@example.com", "contact_email_target", "strongpass123")
+
+    add_contact = await client.post(
+        "/api/v1/users/contacts/by-email",
+        headers={"Authorization": f"Bearer {owner['access_token']}"},
+        json={"email": "contact_email_target@example.com"},
+    )
+    assert add_contact.status_code == 204
+
+    contacts = await client.get(
+        "/api/v1/users/contacts",
+        headers={"Authorization": f"Bearer {owner['access_token']}"},
+    )
+    assert contacts.status_code == 200
+    assert any(item["email"] == "contact_email_target@example.com" for item in contacts.json())
+
+    add_missing_contact = await client.post(
+        "/api/v1/users/contacts/by-email",
+        headers={"Authorization": f"Bearer {owner['access_token']}"},
+        json={"email": "unknown_contact@example.com"},
+    )
+    assert add_missing_contact.status_code == 404
+
+
 async def test_avatar_privacy_hidden_from_other_users_search(client, db_session):
     owner = await _create_verified_user(client, db_session, "avatar_owner@example.com", "avatar_owner", "strongpass123")
     viewer = await _create_verified_user(client, db_session, "avatar_viewer@example.com", "avatar_viewer", "strongpass123")