From 2ec50b4e4f2888ff9059f284f18c98ad5172f8d3 Mon Sep 17 00:00:00 2001
From: ZdenekSrotyr <zdenek.srotyr@keboola.com>
Date: Sun, 12 Apr 2026 14:12:28 +0200
Subject: [PATCH] test: add telegram API endpoint tests (verify, unlink,
 status)

---
 tests/test_telegram_api.py | 68 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 68 insertions(+)
 create mode 100644 tests/test_telegram_api.py

diff --git a/tests/test_telegram_api.py b/tests/test_telegram_api.py
new file mode 100644
index 0000000..8b941bf
--- /dev/null
+++ b/tests/test_telegram_api.py
@@ -0,0 +1,68 @@
+"""Tests for /api/telegram/* endpoints — verify, unlink, status."""
+
+import pytest
+
+
+class TestTelegramStatus:
+    """GET /api/telegram/status"""
+
+    def test_status_unlinked(self, seeded_app):
+        client = seeded_app["client"]
+        headers = {"Authorization": f"Bearer {seeded_app['analyst_token']}"}
+
+        resp = client.get("/api/telegram/status", headers=headers)
+
+        assert resp.status_code == 200
+        data = resp.json()
+        assert data["linked"] is False
+
+    def test_status_requires_auth(self, seeded_app):
+        resp = seeded_app["client"].get("/api/telegram/status")
+        assert resp.status_code == 401
+
+
+class TestTelegramVerify:
+    """POST /api/telegram/verify"""
+
+    def test_verify_invalid_code(self, seeded_app):
+        client = seeded_app["client"]
+        headers = {"Authorization": f"Bearer {seeded_app['analyst_token']}"}
+
+        resp = client.post(
+            "/api/telegram/verify",
+            json={"code": "000000"},
+            headers=headers,
+        )
+
+        assert resp.status_code == 400
+        assert "invalid" in resp.json()["detail"].lower() or "expired" in resp.json()["detail"].lower()
+
+    def test_verify_requires_auth(self, seeded_app):
+        resp = seeded_app["client"].post("/api/telegram/verify", json={"code": "123"})
+        assert resp.status_code == 401
+
+    def test_verify_missing_code(self, seeded_app):
+        client = seeded_app["client"]
+        headers = {"Authorization": f"Bearer {seeded_app['analyst_token']}"}
+
+        resp = client.post("/api/telegram/verify", json={}, headers=headers)
+
+        assert resp.status_code == 422
+
+
+class TestTelegramUnlink:
+    """POST /api/telegram/unlink"""
+
+    def test_unlink_when_not_linked(self, seeded_app):
+        client = seeded_app["client"]
+        headers = {"Authorization": f"Bearer {seeded_app['analyst_token']}"}
+
+        resp = client.post("/api/telegram/unlink", headers=headers)
+
+        # Should succeed even if not linked (idempotent)
+        assert resp.status_code == 200
+        assert resp.json()["status"] == "unlinked"
+
+    def test_unlink_requires_auth(self, seeded_app):
+        resp = seeded_app["client"].post("/api/telegram/unlink")
+        assert resp.status_code == 401