Messenger/tests/test_chat_message_flow.py

from sqlalchemy import select

from app.auth.models import EmailVerificationToken
from app.chats.models import ChatType


async def _create_verified_user(client, db_session, email: str, username: str, password: str) -> dict:
    await client.post(
        "/api/v1/auth/register",
        json={"email": email, "name": username, "username": username, "password": password},
    )
    token_row = await db_session.execute(select(EmailVerificationToken).order_by(EmailVerificationToken.id.desc()))
    verify_token = token_row.scalar_one().token
    await client.post("/api/v1/auth/verify-email", json={"token": verify_token})
    login_response = await client.post("/api/v1/auth/login", json={"email": email, "password": password})
    return login_response.json()


async def test_private_chat_message_lifecycle(client, db_session):
    u1 = await _create_verified_user(client, db_session, "u1@example.com", "user_one", "strongpass123")
    u2 = await _create_verified_user(client, db_session, "u2@example.com", "user_two", "strongpass123")

    me_u2 = await client.get("/api/v1/auth/me", headers={"Authorization": f"Bearer {u2['access_token']}"})
    u2_id = me_u2.json()["id"]

    create_chat_response = await client.post(
        "/api/v1/chats",
        headers={"Authorization": f"Bearer {u1['access_token']}"},
        json={"type": ChatType.PRIVATE.value, "title": None, "member_ids": [u2_id]},
    )
    assert create_chat_response.status_code == 200
    chat_id = create_chat_response.json()["id"]

    send_message_response = await client.post(
        "/api/v1/messages",
        headers={"Authorization": f"Bearer {u1['access_token']}"},
        json={"chat_id": chat_id, "type": "text", "text": "hello @user_two"},
    )
    assert send_message_response.status_code == 201
    message_id = send_message_response.json()["id"]

    list_messages_response = await client.get(
        f"/api/v1/messages/{chat_id}",
        headers={"Authorization": f"Bearer {u2['access_token']}"},
    )
    assert list_messages_response.status_code == 200
    assert len(list_messages_response.json()) == 1

    edit_message_response = await client.put(
        f"/api/v1/messages/{message_id}",
        headers={"Authorization": f"Bearer {u1['access_token']}"},
        json={"text": "edited text"},
    )
    assert edit_message_response.status_code == 200
    assert edit_message_response.json()["text"] == "edited text"

    delete_message_response = await client.delete(
        f"/api/v1/messages/{message_id}",
        headers={"Authorization": f"Bearer {u1['access_token']}"},
    )
    assert delete_message_response.status_code == 204


async def test_private_chat_respects_contacts_only_policy(client, db_session):
    u1 = await _create_verified_user(client, db_session, "pm_u1@example.com", "pm_user_one", "strongpass123")
    u2 = await _create_verified_user(client, db_session, "pm_u2@example.com", "pm_user_two", "strongpass123")

    me_u1 = await client.get("/api/v1/auth/me", headers={"Authorization": f"Bearer {u1['access_token']}"})
    me_u2 = await client.get("/api/v1/auth/me", headers={"Authorization": f"Bearer {u2['access_token']}"})
    u1_id = me_u1.json()["id"]
    u2_id = me_u2.json()["id"]

    update_privacy = await client.put(
        "/api/v1/users/profile",
        headers={"Authorization": f"Bearer {u2['access_token']}"},
        json={"privacy_private_messages": "contacts"},
    )
    assert update_privacy.status_code == 200

    create_chat_blocked = await client.post(
        "/api/v1/chats",
        headers={"Authorization": f"Bearer {u1['access_token']}"},
        json={"type": ChatType.PRIVATE.value, "title": None, "member_ids": [u2_id]},
    )
    assert create_chat_blocked.status_code == 403

    add_contact = await client.post(
        f"/api/v1/users/{u1_id}/contacts",
        headers={"Authorization": f"Bearer {u2['access_token']}"},
    )
    assert add_contact.status_code == 204

    create_chat_allowed = await client.post(
        "/api/v1/chats",
        headers={"Authorization": f"Bearer {u1['access_token']}"},
        json={"type": ChatType.PRIVATE.value, "title": None, "member_ids": [u2_id]},
    )
    assert create_chat_allowed.status_code == 200


async def test_group_ban_blocks_rejoin(client, db_session):
    owner = await _create_verified_user(client, db_session, "ban_owner@example.com", "ban_owner", "strongpass123")
    member = await _create_verified_user(client, db_session, "ban_member@example.com", "ban_member", "strongpass123")

    me_member = await client.get("/api/v1/auth/me", headers={"Authorization": f"Bearer {member['access_token']}"})
    member_id = me_member.json()["id"]

    create_group = await client.post(
        "/api/v1/chats",
        headers={"Authorization": f"Bearer {owner['access_token']}"},
        json={"type": ChatType.GROUP.value, "title": "Test group", "member_ids": [member_id], "is_public": True, "handle": "ban_test_group"},
    )
    assert create_group.status_code == 200
    chat_id = create_group.json()["id"]

    ban_response = await client.post(
        f"/api/v1/chats/{chat_id}/bans/{member_id}",
        headers={"Authorization": f"Bearer {owner['access_token']}"},
    )
    assert ban_response.status_code == 204

    rejoin_response = await client.post(
        f"/api/v1/chats/{chat_id}/join",
        headers={"Authorization": f"Bearer {member['access_token']}"},
    )
    assert rejoin_response.status_code == 403