benya/Messenger
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d069ff1121978f2202e5a418549143f4dce74b34
Messenger/tests/test_chat_message_flow.py
benya af1ce20640
All checks were successful
CI / test (push) Successful in 31s
Details
tests(privacy): cover group-invite and avatar visibility policies
2026-03-08 19:05:43 +03:00

188 lines
8.1 KiB
Python
Raw Blame History

from sqlalchemy import select
from app.auth.models import EmailVerificationToken
from app.chats.models import ChatType
async def _create_verified_user(client, db_session, email: str, username: str, password: str) -> dict:
await client.post(
"/api/v1/auth/register",
json={"email": email, "name": username, "username": username, "password": password},
)
token_row = await db_session.execute(select(EmailVerificationToken).order_by(EmailVerificationToken.id.desc()))
verify_token = token_row.scalar_one().token
await client.post("/api/v1/auth/verify-email", json={"token": verify_token})
login_response = await client.post("/api/v1/auth/login", json={"email": email, "password": password})
return login_response.json()
async def test_private_chat_message_lifecycle(client, db_session):
u1 = await _create_verified_user(client, db_session, "u1@example.com", "user_one", "strongpass123")
u2 = await _create_verified_user(client, db_session, "u2@example.com", "user_two", "strongpass123")
me_u2 = await client.get("/api/v1/auth/me", headers={"Authorization": f"Bearer {u2['access_token']}"})
u2_id = me_u2.json()["id"]
create_chat_response = await client.post(
"/api/v1/chats",
headers={"Authorization": f"Bearer {u1['access_token']}"},
json={"type": ChatType.PRIVATE.value, "title": None, "member_ids": [u2_id]},
)
assert create_chat_response.status_code == 200
chat_id = create_chat_response.json()["id"]
send_message_response = await client.post(
"/api/v1/messages",
headers={"Authorization": f"Bearer {u1['access_token']}"},
json={"chat_id": chat_id, "type": "text", "text": "hello @user_two"},
)
assert send_message_response.status_code == 201
message_id = send_message_response.json()["id"]
list_messages_response = await client.get(
f"/api/v1/messages/{chat_id}",
headers={"Authorization": f"Bearer {u2['access_token']}"},
)
assert list_messages_response.status_code == 200
assert len(list_messages_response.json()) == 1
edit_message_response = await client.put(
f"/api/v1/messages/{message_id}",
headers={"Authorization": f"Bearer {u1['access_token']}"},
json={"text": "edited text"},
)
assert edit_message_response.status_code == 200
assert edit_message_response.json()["text"] == "edited text"
delete_message_response = await client.delete(
f"/api/v1/messages/{message_id}",
headers={"Authorization": f"Bearer {u1['access_token']}"},
)
assert delete_message_response.status_code == 204
async def test_private_chat_respects_contacts_only_policy(client, db_session):
u1 = await _create_verified_user(client, db_session, "pm_u1@example.com", "pm_user_one", "strongpass123")
u2 = await _create_verified_user(client, db_session, "pm_u2@example.com", "pm_user_two", "strongpass123")
me_u1 = await client.get("/api/v1/auth/me", headers={"Authorization": f"Bearer {u1['access_token']}"})
me_u2 = await client.get("/api/v1/auth/me", headers={"Authorization": f"Bearer {u2['access_token']}"})
u1_id = me_u1.json()["id"]
u2_id = me_u2.json()["id"]
update_privacy = await client.put(
"/api/v1/users/profile",
headers={"Authorization": f"Bearer {u2['access_token']}"},
json={"privacy_private_messages": "contacts"},
)
assert update_privacy.status_code == 200
create_chat_blocked = await client.post(
"/api/v1/chats",
headers={"Authorization": f"Bearer {u1['access_token']}"},
json={"type": ChatType.PRIVATE.value, "title": None, "member_ids": [u2_id]},
)
assert create_chat_blocked.status_code == 403
add_contact = await client.post(
f"/api/v1/users/{u1_id}/contacts",
headers={"Authorization": f"Bearer {u2['access_token']}"},
)
assert add_contact.status_code == 204
create_chat_allowed = await client.post(
"/api/v1/chats",
headers={"Authorization": f"Bearer {u1['access_token']}"},
json={"type": ChatType.PRIVATE.value, "title": None, "member_ids": [u2_id]},
)
assert create_chat_allowed.status_code == 200
async def test_group_ban_blocks_rejoin(client, db_session):
owner = await _create_verified_user(client, db_session, "ban_owner@example.com", "ban_owner", "strongpass123")
member = await _create_verified_user(client, db_session, "ban_member@example.com", "ban_member", "strongpass123")
me_member = await client.get("/api/v1/auth/me", headers={"Authorization": f"Bearer {member['access_token']}"})
member_id = me_member.json()["id"]
create_group = await client.post(
"/api/v1/chats",
headers={"Authorization": f"Bearer {owner['access_token']}"},
json={"type": ChatType.GROUP.value, "title": "Test group", "member_ids": [member_id], "is_public": True, "handle": "ban_test_group"},
)
assert create_group.status_code == 200
chat_id = create_group.json()["id"]
ban_response = await client.post(
f"/api/v1/chats/{chat_id}/bans/{member_id}",
headers={"Authorization": f"Bearer {owner['access_token']}"},
)
assert ban_response.status_code == 204
rejoin_response = await client.post(
f"/api/v1/chats/{chat_id}/join",
headers={"Authorization": f"Bearer {member['access_token']}"},
)
assert rejoin_response.status_code == 403
async def test_group_invite_privacy_contacts_only(client, db_session):
inviter = await _create_verified_user(client, db_session, "invite_u1@example.com", "invite_u1", "strongpass123")
target = await _create_verified_user(client, db_session, "invite_u2@example.com", "invite_u2", "strongpass123")
me_inviter = await client.get("/api/v1/auth/me", headers={"Authorization": f"Bearer {inviter['access_token']}"})
me_target = await client.get("/api/v1/auth/me", headers={"Authorization": f"Bearer {target['access_token']}"})
inviter_id = me_inviter.json()["id"]
target_id = me_target.json()["id"]
set_contacts_only = await client.put(
"/api/v1/users/profile",
headers={"Authorization": f"Bearer {target['access_token']}"},
json={"privacy_group_invites": "contacts"},
)
assert set_contacts_only.status_code == 200
create_group_blocked = await client.post(
"/api/v1/chats",
headers={"Authorization": f"Bearer {inviter['access_token']}"},
json={"type": ChatType.GROUP.value, "title": "Blocked group", "member_ids": [target_id]},
)
assert create_group_blocked.status_code == 403
add_contact = await client.post(
f"/api/v1/users/{inviter_id}/contacts",
headers={"Authorization": f"Bearer {target['access_token']}"},
)
assert add_contact.status_code == 204
create_group_allowed = await client.post(
"/api/v1/chats",
headers={"Authorization": f"Bearer {inviter['access_token']}"},
json={"type": ChatType.GROUP.value, "title": "Allowed group", "member_ids": [target_id]},
)
assert create_group_allowed.status_code == 200
async def test_avatar_privacy_hidden_from_other_users_search(client, db_session):
owner = await _create_verified_user(client, db_session, "avatar_owner@example.com", "avatar_owner", "strongpass123")
viewer = await _create_verified_user(client, db_session, "avatar_viewer@example.com", "avatar_viewer", "strongpass123")
set_avatar_and_privacy = await client.put(
"/api/v1/users/profile",
headers={"Authorization": f"Bearer {owner['access_token']}"},
json={"avatar_url": "https://cdn.example.com/avatar-owner.png", "privacy_avatar": "nobody"},
)
assert set_avatar_and_privacy.status_code == 200
assert set_avatar_and_privacy.json()["avatar_url"] == "https://cdn.example.com/avatar-owner.png"
search_response = await client.get(
"/api/v1/users/search",
params={"query": "avatar_owner", "limit": 20},
headers={"Authorization": f"Bearer {viewer['access_token']}"},
)
assert search_response.status_code == 200
rows = search_response.json()
owner_row = next((item for item in rows if item["username"] == "avatar_owner"), None)
assert owner_row is not None
assert owner_row["avatar_url"] is None
Reference in New Issue View Git Blame Copy Permalink