115 lines
3.7 KiB
Python
115 lines
3.7 KiB
Python
"""
|
|
Tests for POST /api/webhook/telegram.
|
|
"""
|
|
from __future__ import annotations
|
|
|
|
import os
|
|
|
|
os.environ.setdefault("BOT_TOKEN", "test-bot-token")
|
|
os.environ.setdefault("CHAT_ID", "-1001234567890")
|
|
os.environ.setdefault("WEBHOOK_SECRET", "test-webhook-secret")
|
|
os.environ.setdefault("WEBHOOK_URL", "https://example.com/api/webhook/telegram")
|
|
os.environ.setdefault("FRONTEND_ORIGIN", "http://localhost:3000")
|
|
|
|
import pytest
|
|
from tests.conftest import make_app_client
|
|
|
|
CORRECT_SECRET = "test-webhook-secret"
|
|
|
|
_SAMPLE_UPDATE = {
|
|
"update_id": 100,
|
|
"message": {
|
|
"message_id": 1,
|
|
"from": {"id": 12345678, "first_name": "Test", "last_name": "User"},
|
|
"chat": {"id": 12345678, "type": "private"},
|
|
"text": "/start",
|
|
},
|
|
}
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_webhook_valid_secret_returns_200():
|
|
"""Correct X-Telegram-Bot-Api-Secret-Token → 200."""
|
|
async with make_app_client() as client:
|
|
resp = await client.post(
|
|
"/api/webhook/telegram",
|
|
json=_SAMPLE_UPDATE,
|
|
headers={"X-Telegram-Bot-Api-Secret-Token": CORRECT_SECRET},
|
|
)
|
|
assert resp.status_code == 200
|
|
assert resp.json() == {"ok": True}
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_webhook_missing_secret_returns_403():
|
|
"""Request without the secret header must return 403."""
|
|
async with make_app_client() as client:
|
|
resp = await client.post(
|
|
"/api/webhook/telegram",
|
|
json=_SAMPLE_UPDATE,
|
|
)
|
|
assert resp.status_code == 403
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_webhook_wrong_secret_returns_403():
|
|
"""Request with a wrong secret header must return 403."""
|
|
async with make_app_client() as client:
|
|
resp = await client.post(
|
|
"/api/webhook/telegram",
|
|
json=_SAMPLE_UPDATE,
|
|
headers={"X-Telegram-Bot-Api-Secret-Token": "wrong-secret"},
|
|
)
|
|
assert resp.status_code == 403
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_webhook_start_command_registers_user():
|
|
"""A /start command in the update should not raise and must return 200."""
|
|
async with make_app_client() as client:
|
|
resp = await client.post(
|
|
"/api/webhook/telegram",
|
|
json={
|
|
"update_id": 101,
|
|
"message": {
|
|
"message_id": 2,
|
|
"from": {"id": 99887766, "first_name": "Frank", "last_name": ""},
|
|
"chat": {"id": 99887766, "type": "private"},
|
|
"text": "/start",
|
|
},
|
|
},
|
|
headers={"X-Telegram-Bot-Api-Secret-Token": CORRECT_SECRET},
|
|
)
|
|
assert resp.status_code == 200
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_webhook_non_start_command_returns_200():
|
|
"""Any update without /start should still return 200."""
|
|
async with make_app_client() as client:
|
|
resp = await client.post(
|
|
"/api/webhook/telegram",
|
|
json={
|
|
"update_id": 102,
|
|
"message": {
|
|
"message_id": 3,
|
|
"from": {"id": 11111111, "first_name": "Anon"},
|
|
"chat": {"id": 11111111, "type": "private"},
|
|
"text": "hello",
|
|
},
|
|
},
|
|
headers={"X-Telegram-Bot-Api-Secret-Token": CORRECT_SECRET},
|
|
)
|
|
assert resp.status_code == 200
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_webhook_empty_body_with_valid_secret_returns_200():
|
|
"""An update with no message field should still return 200."""
|
|
async with make_app_client() as client:
|
|
resp = await client.post(
|
|
"/api/webhook/telegram",
|
|
json={"update_id": 103},
|
|
headers={"X-Telegram-Bot-Api-Secret-Token": CORRECT_SECRET},
|
|
)
|
|
assert resp.status_code == 200
|