Release v1.0.0

2025-08-20 21:00:50 +02:00
commit b4338e2769
401 changed files with 23576 additions and 0 deletions
--- a/services/backend/tests/init.py
+++ b/services/backend/tests/init.py
--- a/services/backend/tests/ui/init.py
+++ b/services/backend/tests/ui/init.py
--- a/services/backend/tests/ui/tasks/test_import_from_pocket.py
+++ b/services/backend/tests/ui/tasks/test_import_from_pocket.py
@@ -0,0 +1,116 @@
+# -*- coding: utf-8 -*-
+# type: ignore
+from __future__ import annotations
+
+import pathlib
+from unittest import mock
+
+import pytest
+import pytest_mock
+
+from hotpocket_backend.apps.ui import tasks as tasks_module
+from hotpocket_backend_testing.dto.ui import PocketImportSaveSpec
+from hotpocket_backend_testing.services.saves import (
+    AssociationsTestingService,
+    SaveProcessorTestingService,
+    SavesTestingService,
+)
+
+
+@pytest.fixture
+def mock_saves_process_save_task_apply_async(mocker: pytest_mock.MockerFixture,
+                                             async_result,
+                                             ) -> mock.Mock:
+    return SaveProcessorTestingService().mock_process_save_task_apply_async(
+        mocker=mocker, async_result=async_result,
+    )
+
+
+@pytest.fixture
+def pocket_csv_file_path(tmp_path, account, pocket_csv_content):
+    result = tmp_path / f'{account.pk}-part_000000.csv'
+
+    with open(result, 'wb') as result_f:
+        result_f.write(pocket_csv_content.encode('utf-8'))
+
+    return result
+
+
+@pytest.mark.django_db
+def test_ok(account,
+            pocket_csv_file_path: pathlib.Path,
+            pocket_import_created_save_spec: PocketImportSaveSpec,
+            save_out,
+            association_out,
+            other_account_save_out,
+            pocket_import_other_account_save_spec: PocketImportSaveSpec,
+            pocket_import_banned_netloc_save_spec: PocketImportSaveSpec,
+            mock_saves_process_save_task_apply_async: mock.Mock,
+            ):
+    # When
+    result = tasks_module.import_from_pocket(
+        account_uuid=account.pk,
+        csv_path=str(pocket_csv_file_path),
+    )
+
+    # Then
+    assert len(result) == 4
+
+    created_save_pk, created_save_association_pk = result[0]
+    SavesTestingService().assert_created(
+        pk=created_save_pk,
+        account_uuid=account.pk,
+        url=pocket_import_created_save_spec.url,
+        is_netloc_banned=False,
+        title=pocket_import_created_save_spec.title,
+    )
+    AssociationsTestingService().assert_imported(
+        pk=created_save_association_pk,
+        account_uuid=account.pk,
+        target_uuid=created_save_pk,
+        created_at=pocket_import_created_save_spec.time_added,
+    )
+
+    reused_save_and_association_save_pk, reused_save_and_association_association_pk = result[1]
+    assert reused_save_and_association_save_pk == save_out.pk
+    assert reused_save_and_association_association_pk == association_out.pk
+    SavesTestingService().assert_reused(
+        pk=reused_save_and_association_save_pk,
+        reference=save_out,
+    )
+    AssociationsTestingService().assert_reused(
+        pk=reused_save_and_association_association_pk,
+        reference=association_out,
+    )
+
+    reused_other_account_save_pk, reused_other_account_save_association_pk = result[2]
+    assert reused_other_account_save_pk == other_account_save_out.pk
+    SavesTestingService().assert_reused(
+        pk=reused_other_account_save_pk,
+        reference=other_account_save_out,
+    )
+    AssociationsTestingService().assert_imported(
+        pk=reused_other_account_save_association_pk,
+        account_uuid=account.pk,
+        target_uuid=reused_other_account_save_pk,
+        created_at=pocket_import_other_account_save_spec.time_added,
+    )
+
+    banned_netloc_save_pk, banned_netloc_save_association_pk = result[3]
+    SavesTestingService().assert_created(
+        pk=banned_netloc_save_pk,
+        account_uuid=account.pk,
+        url=pocket_import_banned_netloc_save_spec.url,
+        is_netloc_banned=True,
+        title=pocket_import_banned_netloc_save_spec.title,
+    )
+    AssociationsTestingService().assert_imported(
+        pk=banned_netloc_save_association_pk,
+        account_uuid=account.pk,
+        target_uuid=banned_netloc_save_pk,
+        created_at=pocket_import_banned_netloc_save_spec.time_added,
+    )
+
+    mock_saves_process_save_task_apply_async.assert_not_called()
+
+    assert pocket_csv_file_path.exists() is False
--- a/services/backend/tests/ui/views/accounts/init.py
+++ b/services/backend/tests/ui/views/accounts/init.py
--- a/services/backend/tests/ui/views/accounts/test_browse.py
+++ b/services/backend/tests/ui/views/accounts/test_browse.py
@@ -0,0 +1,57 @@
+# -*- coding: utf-8 -*-
+# type: ignore
+from __future__ import annotations
+
+import http
+
+from django.test import Client
+from django.urls import reverse
+import pytest
+from pytest_django import asserts
+
+
+@pytest.mark.django_db
+def test_ok(authenticated_client: Client):
+    # When
+    result = authenticated_client.get(
+        reverse('ui.accounts.browse'),
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.NOT_FOUND
+
+
+@pytest.mark.django_db
+def test_inactive_account(inactive_account_client: Client):
+    # When
+    result = inactive_account_client.get(
+        reverse('ui.accounts.browse'),
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse(
+            'ui.accounts.login',
+            query=[('next', reverse('ui.accounts.browse'))],
+        ),
+        fetch_redirect_response=False,
+    )
+
+
+@pytest.mark.django_db
+def test_anonymous(client: Client):
+    # When
+    result = client.get(
+        reverse('ui.accounts.browse'),
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse(
+            'ui.accounts.login',
+            query=[('next', reverse('ui.accounts.browse'))],
+        ),
+        fetch_redirect_response=False,
+    )
--- a/services/backend/tests/ui/views/accounts/test_index.py
+++ b/services/backend/tests/ui/views/accounts/test_index.py
@@ -0,0 +1,60 @@
+# -*- coding: utf-8 -*-
+# type: ignore
+from __future__ import annotations
+
+from django.test import Client
+from django.urls import reverse
+import pytest
+from pytest_django import asserts
+
+
+@pytest.mark.django_db
+def test_ok(authenticated_client: Client):
+    # When
+    result = authenticated_client.get(
+        reverse('ui.accounts.index'),
+        follow=False,
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse('ui.accounts.settings'),
+        fetch_redirect_response=False,
+    )
+
+
+@pytest.mark.django_db
+def test_inactive_account(inactive_account_client: Client):
+    # When
+    result = inactive_account_client.get(
+        reverse('ui.accounts.index'),
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse(
+            'ui.accounts.login',
+            query=[('next', reverse('ui.accounts.index'))],
+        ),
+        fetch_redirect_response=False,
+    )
+
+
+@pytest.mark.django_db
+def test_anonymous(client: Client):
+    # When
+    result = client.get(
+        reverse('ui.accounts.index'),
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse(
+            'ui.accounts.login',
+            query=[('next', reverse('ui.accounts.index'))],
+        ),
+        fetch_redirect_response=False,
+    )
--- a/services/backend/tests/ui/views/accounts/test_password.py
+++ b/services/backend/tests/ui/views/accounts/test_password.py
@@ -0,0 +1,203 @@
+# -*- coding: utf-8 -*-
+# type: ignore
+from __future__ import annotations
+
+import http
+
+from django.test import Client
+from django.urls import reverse
+import pytest
+from pytest_django import asserts
+
+from hotpocket_backend_testing.services.accounts import AccountsTestingService
+
+
+@pytest.fixture
+def payload(account_password):
+    return {
+        'old_password': account_password,
+        'new_password1': 'thisisnewpassword',
+        'new_password2': 'thisisnewpassword',
+    }
+
+
+@pytest.mark.django_db
+def test_ok(account_with_password_client: Client,
+            payload,
+            account_with_password,
+            ):
+    # When
+    result = account_with_password_client.post(
+        reverse('ui.accounts.settings.password'),
+        data=payload,
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse('ui.accounts.settings.password'),
+        fetch_redirect_response=False,
+    )
+
+    AccountsTestingService().assert_password_changed(
+        pk=account_with_password.pk,
+        reference=account_with_password,
+    )
+
+
+@pytest.mark.xfail(
+    reason="Apparently I'm too dumb to properly fix a federated account, LOL",
+)
+@pytest.mark.django_db
+def test_federated_account(federated_account_client: Client,
+                           payload,
+                           federated_account,
+                           ):
+    # When
+    result = federated_account_client.post(
+        reverse('ui.accounts.settings.password'),
+        data=payload,
+    )
+
+    # Then
+    assert result.status_code == 500
+
+
+@pytest.mark.django_db
+def test_invalid_all_empty(authenticated_client: Client,
+                           payload,
+                           ):
+    # Given
+    effective_payload = {
+        key: ''
+        for key
+        in payload.keys()
+    }
+
+    # When
+    result = authenticated_client.post(
+        reverse('ui.accounts.settings.password'),
+        data=effective_payload,
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+
+    assert 'old_password' in result.context['form'].errors
+    assert 'new_password1' in result.context['form'].errors
+    assert 'new_password2' in result.context['form'].errors
+
+
+@pytest.mark.django_db
+def test_invalid_all_missing(authenticated_client: Client):
+    # Given
+    effective_payload = {}
+
+    # When
+    result = authenticated_client.post(
+        reverse('ui.accounts.settings.password'),
+        data=effective_payload,
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+
+    assert 'old_password' in result.context['form'].errors
+    assert 'new_password1' in result.context['form'].errors
+    assert 'new_password2' in result.context['form'].errors
+
+
+@pytest.mark.django_db
+def test_invaliid_bad_old_password(account_with_password_client: Client,
+                                   payload,
+                                   account_with_password,
+                                   ):
+    # Given
+    payload['old_password'] = 'badpassword'
+
+    # When
+    result = account_with_password_client.post(
+        reverse('ui.accounts.settings.password'),
+        data=payload,
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+
+    assert 'old_password' in result.context['form'].errors
+
+
+@pytest.mark.django_db
+def test_invaliid_bad_new_password1(account_with_password_client: Client,
+                                    payload,
+                                    account_with_password,
+                                    ):
+    # Given
+    payload['new_password1'] = 'badpassword'
+
+    # When
+    result = account_with_password_client.post(
+        reverse('ui.accounts.settings.password'),
+        data=payload,
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+
+    assert 'new_password2' in result.context['form'].errors
+
+
+@pytest.mark.django_db
+def test_invaliid_bad_new_password2(account_with_password_client: Client,
+                                    payload,
+                                    account_with_password,
+                                    ):
+    # Given
+    payload['new_password2'] = 'badpassword'
+
+    # When
+    result = account_with_password_client.post(
+        reverse('ui.accounts.settings.password'),
+        data=payload,
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+
+    assert 'new_password2' in result.context['form'].errors
+
+
+@pytest.mark.django_db
+def test_inactive_account(inactive_account_client: Client):
+    # When
+    result = inactive_account_client.post(
+        reverse('ui.accounts.settings.password'),
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse(
+            'ui.accounts.login',
+            query=[('next', reverse('ui.accounts.settings.password'))],
+        ),
+        fetch_redirect_response=False,
+    )
+
+
+@pytest.mark.django_db
+def test_anonymous(client: Client):
+    # When
+    result = client.post(
+        reverse('ui.accounts.settings.password'),
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse(
+            'ui.accounts.login',
+            query=[('next', reverse('ui.accounts.settings.password'))],
+        ),
+        fetch_redirect_response=False,
+    )
--- a/services/backend/tests/ui/views/accounts/test_post_login.py
+++ b/services/backend/tests/ui/views/accounts/test_post_login.py
@@ -0,0 +1,137 @@
+# -*- coding: utf-8 -*-
+# type: ignore
+from __future__ import annotations
+
+from django.test import Client
+from django.urls import reverse
+import pytest
+from pytest_django import asserts
+
+
+@pytest.mark.django_db
+def test_ok(authenticated_client: Client):
+    # Given
+    session = authenticated_client.session
+    session['post_login_next_url'] = (
+        reverse('ui.accounts.settings.settings')
+    )
+    session.save()
+
+    # When
+    result = authenticated_client.post(
+        reverse('ui.accounts.post_login'),
+    )
+
+    asserts.assertRedirects(
+        result,
+        reverse('ui.accounts.settings.settings'),
+        fetch_redirect_response=False,
+    )
+
+
+@pytest.mark.django_db
+def test_ok_without_next_url(authenticated_client: Client):
+    # When
+    result = authenticated_client.post(
+        reverse('ui.accounts.post_login'),
+    )
+
+    asserts.assertRedirects(
+        result,
+        reverse('ui.index.index'),
+        fetch_redirect_response=False,
+    )
+
+
+@pytest.mark.django_db
+def test_ok_absolute_url(authenticated_client: Client, settings):
+    # Given
+    settings.ALLOWED_HOSTS = ['testserver']
+
+    session = authenticated_client.session
+    session['post_login_next_url'] = (
+        'http://testserver/'
+    )
+    session.save()
+
+    # When
+    result = authenticated_client.post(
+        reverse('ui.accounts.post_login'),
+    )
+
+    asserts.assertRedirects(
+        result,
+        'http://testserver/',
+        fetch_redirect_response=False,
+    )
+
+
+@pytest.mark.django_db
+def test_allowed_hosts_asterisk(authenticated_client: Client, settings):
+    # Given
+    settings.ALLOWED_HOSTS = ['*']
+
+    session = authenticated_client.session
+    session['post_login_next_url'] = (
+        'http://thisisinsecure/'
+    )
+    session.save()
+
+    # When
+    result = authenticated_client.post(
+        reverse('ui.accounts.post_login'),
+    )
+
+    # `*` doesn't have effect here. Django requires hard matches on the
+    # `next_url` netloc. IDC, really. Redirects to absolute URLs here shouldn't
+    # happen unless somebody tries something funny. In wich case, NOPE.
+    asserts.assertRedirects(
+        result,
+        '/',
+        fetch_redirect_response=False,
+    )
+
+
+@pytest.mark.django_db
+def test_allowed_hosts_mismatch(authenticated_client: Client, settings):
+    # Given
+    settings.ALLOWED_HOSTS = ['testserver']
+
+    session = authenticated_client.session
+    session['post_login_next_url'] = (
+        'http://thisisinsecure/'
+    )
+    session.save()
+
+    # When
+    result = authenticated_client.post(
+        reverse('ui.accounts.post_login'),
+    )
+
+    asserts.assertRedirects(
+        result,
+        '/',
+        fetch_redirect_response=False,
+    )
+
+
+@pytest.mark.django_db
+def test_inactive_account(inactive_account_client: Client):
+    # When
+    result = inactive_account_client.post(
+        reverse('ui.accounts.post_login'),
+    )
+
+    # Then
+    assert result.status_code == 403
+
+
+@pytest.mark.django_db
+def test_anonymous(client: Client):
+    # When
+    result = client.post(
+        reverse('ui.accounts.post_login'),
+    )
+
+    # Then
+    assert result.status_code == 403
--- a/services/backend/tests/ui/views/accounts/test_profile.py
+++ b/services/backend/tests/ui/views/accounts/test_profile.py
@@ -0,0 +1,144 @@
+# -*- coding: utf-8 -*-
+# type: ignore
+from __future__ import annotations
+
+import http
+
+from django.test import Client
+from django.urls import reverse
+import pytest
+from pytest_django import asserts
+
+from hotpocket_backend_testing.services.accounts import AccountsTestingService
+
+
+@pytest.fixture
+def payload():
+    return {
+        'first_name': 'Ziomek',
+        'last_name': 'Dog',
+        'email': 'woof@ziomek.dog',
+    }
+
+
+@pytest.mark.django_db
+def test_ok(authenticated_client: Client,
+            payload,
+            account,
+            ):
+    # When
+    result = authenticated_client.post(
+        reverse('ui.accounts.settings.profile'),
+        data=payload,
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse('ui.accounts.settings.profile'),
+        fetch_redirect_response=False,
+    )
+
+    AccountsTestingService().assert_edited(
+        pk=account.pk,
+        update=payload,
+        reference=account,
+    )
+
+
+@pytest.mark.xfail(
+    reason="Apparently I'm too dumb to properly fix a federated account, LOL",
+)
+@pytest.mark.django_db
+def test_federated_account(federated_account_client: Client,
+                           payload,
+                           federated_account,
+                           ):
+    # When
+    result = federated_account_client.post(
+        reverse('ui.accounts.settings.profile'),
+        data=payload,
+    )
+
+    # Then
+    assert result.status_code == 500
+
+
+@pytest.mark.django_db
+def test_invalid_all_empty(authenticated_client: Client,
+                           payload,
+                           ):
+    # Given
+    effective_payload = {
+        key: ''
+        for key
+        in payload.keys()
+    }
+
+    # When
+    result = authenticated_client.post(
+        reverse('ui.accounts.settings.profile'),
+        data=effective_payload,
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+
+    assert 'first_name' in result.context['form'].errors
+    assert 'last_name' in result.context['form'].errors
+    assert 'email' in result.context['form'].errors
+
+
+@pytest.mark.django_db
+def test_invalid_all_missing(authenticated_client: Client):
+    # Given
+    effective_payload = {}
+
+    # When
+    result = authenticated_client.post(
+        reverse('ui.accounts.settings.profile'),
+        data=effective_payload,
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+
+    assert 'first_name' in result.context['form'].errors
+    assert 'last_name' in result.context['form'].errors
+    assert 'email' in result.context['form'].errors
+
+
+@pytest.mark.django_db
+def test_inactive_account(inactive_account_client: Client):
+    # When
+    result = inactive_account_client.post(
+        reverse('ui.accounts.settings.profile'),
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse(
+            'ui.accounts.login',
+            query=[('next', reverse('ui.accounts.settings.profile'))],
+        ),
+        fetch_redirect_response=False,
+    )
+
+
+@pytest.mark.django_db
+def test_anonymous(client: Client):
+    # When
+    result = client.post(
+        reverse('ui.accounts.settings.profile'),
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse(
+            'ui.accounts.login',
+            query=[('next', reverse('ui.accounts.settings.profile'))],
+        ),
+        fetch_redirect_response=False,
+    )
--- a/services/backend/tests/ui/views/accounts/test_settings.py
+++ b/services/backend/tests/ui/views/accounts/test_settings.py
@@ -0,0 +1,59 @@
+# -*- coding: utf-8 -*-
+# type: ignore
+from __future__ import annotations
+
+from django.test import Client
+from django.urls import reverse
+import pytest
+from pytest_django import asserts
+
+
+@pytest.mark.django_db
+def test_ok(authenticated_client: Client):
+    # When
+    result = authenticated_client.get(
+        reverse('ui.accounts.settings'),
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse('ui.accounts.settings.profile'),
+        fetch_redirect_response=False,
+    )
+
+
+@pytest.mark.django_db
+def test_inactive_account(inactive_account_client: Client):
+    # When
+    result = inactive_account_client.get(
+        reverse('ui.accounts.settings'),
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse(
+            'ui.accounts.login',
+            query=[('next', reverse('ui.accounts.settings'))],
+        ),
+        fetch_redirect_response=False,
+    )
+
+
+@pytest.mark.django_db
+def test_anonymous(client: Client):
+    # When
+    result = client.get(
+        reverse('ui.accounts.settings'),
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse(
+            'ui.accounts.login',
+            query=[('next', reverse('ui.accounts.settings'))],
+        ),
+        fetch_redirect_response=False,
+    )
--- a/services/backend/tests/ui/views/accounts/test_settings_settings.py
+++ b/services/backend/tests/ui/views/accounts/test_settings_settings.py
@@ -0,0 +1,151 @@
+# -*- coding: utf-8 -*-
+# type: ignore
+from __future__ import annotations
+
+import http
+
+from django.test import Client
+from django.urls import reverse
+import pytest
+from pytest_django import asserts
+
+from hotpocket_backend_testing.services.accounts import AccountsTestingService
+
+
+@pytest.fixture
+def payload():
+    return {
+        'theme': 'cosmo',
+        'auto_load_embeds': 'True',
+    }
+
+
+@pytest.mark.django_db
+def test_ok(authenticated_client: Client,
+            payload,
+            account,
+            ):
+    # When
+    result = authenticated_client.post(
+        reverse('ui.accounts.settings.settings'),
+        data=payload,
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse('ui.accounts.settings.settings'),
+        fetch_redirect_response=False,
+    )
+
+    AccountsTestingService().assert_settings_edited(
+        pk=account.pk,
+        update={
+            'theme': None,  # TODO: Themes!
+            'auto_load_embeds': True,
+        },
+        reference=account,
+    )
+
+
+@pytest.mark.django_db
+def test_invalid_invalid_selects(authenticated_client: Client):
+    # Given
+    effective_payload = {
+        'auto_load_embeds': 'thisisntright',
+    }
+
+    # When
+    result = authenticated_client.post(
+        reverse('ui.accounts.settings.settings'),
+        data=effective_payload,
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+
+    assert 'auto_load_embeds' in result.context['form'].errors
+
+
+@pytest.mark.xfail(
+    reason='WIP',
+)
+@pytest.mark.django_db
+def test_invalid_all_empty(authenticated_client: Client,
+                           payload,
+                           ):
+    # Given
+    effective_payload = {
+        key: ''
+        for key
+        in payload.keys()
+    }
+
+    # When
+    result = authenticated_client.post(
+        reverse('ui.accounts.settings.settings'),
+        data=effective_payload,
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+
+    assert 'theme' in result.context['form'].errors
+    assert 'auto_load_embeds' not in result.context['form'].errors
+
+
+@pytest.mark.xfail(
+    reason='WIP',
+)
+@pytest.mark.django_db
+def test_invalid_all_missing(authenticated_client: Client):
+    # Given
+    effective_payload = {}
+
+    # When
+    result = authenticated_client.post(
+        reverse('ui.accounts.settings.settings'),
+        data=effective_payload,
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+
+    assert 'theme' in result.context['form'].errors
+    assert 'auto_load_embeds' not in result.context['form'].errors
+
+
+@pytest.mark.django_db
+def test_inactive_account(inactive_account_client: Client):
+    # When
+    result = inactive_account_client.post(
+        reverse('ui.accounts.settings.settings'),
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse(
+            'ui.accounts.login',
+            query=[('next', reverse('ui.accounts.settings.settings'))],
+        ),
+        fetch_redirect_response=False,
+    )
+
+
+@pytest.mark.django_db
+def test_anonymous(client: Client):
+    # When
+    result = client.post(
+        reverse('ui.accounts.settings.settings'),
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse(
+            'ui.accounts.login',
+            query=[('next', reverse('ui.accounts.settings.settings'))],
+        ),
+        fetch_redirect_response=False,
+    )
--- a/services/backend/tests/ui/views/associations/init.py
+++ b/services/backend/tests/ui/views/associations/init.py
--- a/services/backend/tests/ui/views/associations/test_archive.py
+++ b/services/backend/tests/ui/views/associations/test_archive.py
@@ -0,0 +1,166 @@
+# -*- coding: utf-8 -*-
+# type: ignore
+from __future__ import annotations
+
+import http
+
+from django.test import Client
+from django.urls import reverse
+import pytest
+from pytest_django import asserts
+
+from hotpocket_backend_testing.services.saves import AssociationsTestingService
+
+
+@pytest.mark.django_db
+def test_ok(authenticated_client: Client,
+            association_out,
+            ):
+    # When
+    result = authenticated_client.post(
+        reverse('ui.associations.archive', args=(association_out.pk,)),
+        data={
+            'canhazconfirm': 'hai',
+        },
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse('ui.associations.browse'),
+        fetch_redirect_response=False,
+    )
+
+    AssociationsTestingService().assert_archived(
+        pk=association_out.pk, reference=association_out,
+    )
+
+
+@pytest.mark.django_db
+def test_ok_htmx(authenticated_client: Client,
+                 association_out,
+                 ):
+    # When
+    result = authenticated_client.post(
+        reverse('ui.associations.archive', args=(association_out.pk,)),
+        headers={
+            'HX-Request': 'true',
+        },
+        data={
+            'canhazconfirm': 'hai',
+        },
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+
+    expected_payload = {
+        'status': 'ok',
+        'result': True,
+    }
+    assert result.json() == expected_payload
+
+
+@pytest.mark.django_db
+def test_invalid_all_missing(authenticated_client: Client,
+                             association_out,
+                             ):
+    # When
+    result = authenticated_client.post(
+        reverse('ui.associations.archive', args=(association_out.pk,)),
+        data={
+        },
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+
+    AssociationsTestingService().assert_not_archived(pk=association_out.pk)
+
+    assert 'canhazconfirm' in result.context['form'].errors
+
+
+@pytest.mark.django_db
+def test_invalid_all_empty(authenticated_client: Client,
+                           association_out,
+                           ):
+    # When
+    result = authenticated_client.post(
+        reverse('ui.associations.archive', args=(association_out.pk,)),
+        data={
+            'canhazconfirm': '',
+        },
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+
+    AssociationsTestingService().assert_not_archived(pk=association_out.pk)
+
+    assert 'canhazconfirm' in result.context['form'].errors
+
+
+@pytest.mark.django_db
+def test_other_account_association(authenticated_client: Client,
+                                   other_account_association_out,
+                                   ):
+    # When
+    result = authenticated_client.post(
+        reverse('ui.associations.archive', args=(other_account_association_out.pk,)),
+        data={
+            'canhazconfirm': 'hai',
+        },
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.FORBIDDEN
+
+
+@pytest.mark.django_db
+def test_inactive_account(inactive_account_client: Client,
+                          association_out,
+                          ):
+    # When
+    result = inactive_account_client.post(
+        reverse('ui.associations.archive', args=(association_out.pk,)),
+        data={
+            'canhazconfirm': 'hai',
+        },
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse(
+            'ui.accounts.login',
+            query=[
+                ('next', reverse('ui.associations.archive', args=(association_out.pk,))),
+            ],
+        ),
+        fetch_redirect_response=False,
+    )
+
+
+@pytest.mark.django_db
+def test_anonymous(client: Client,
+                   association_out,
+                   ):
+    # When
+    result = client.post(
+        reverse('ui.associations.archive', args=(association_out.pk,)),
+        data={
+            'canhazconfirm': 'hai',
+        },
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse(
+            'ui.accounts.login',
+            query=[
+                ('next', reverse('ui.associations.archive', args=(association_out.pk,))),
+            ],
+        ),
+        fetch_redirect_response=False,
+    )
--- a/services/backend/tests/ui/views/associations/test_browse.py
+++ b/services/backend/tests/ui/views/associations/test_browse.py
@@ -0,0 +1,201 @@
+# -*- coding: utf-8 -*-
+# type: ignore
+from __future__ import annotations
+
+import http
+
+from django.test import Client
+from django.urls import reverse
+import pytest
+from pytest_django import asserts
+
+from hotpocket_common.constants import AssociationsSearchMode
+
+
+def assert_default_mode_response_context(response, associations):
+    expected_association_ids = list(sorted(
+        [obj.pk for obj in associations],
+        reverse=True,
+    ))
+
+    assert len(response.context['associations']) == 2
+    assert response.context['associations'][0].pk == expected_association_ids[0]
+    assert response.context['associations'][1].pk == expected_association_ids[1]
+    assert response.context['params'].mode == AssociationsSearchMode.DEFAULT
+    assert response.context['before'] is None
+    assert response.context['next_url'] is None
+
+
+@pytest.mark.django_db
+def test_ok(browsable_association_outs,
+            authenticated_client: Client,
+            ):
+    # When
+    result = authenticated_client.get(
+        reverse('ui.associations.browse'),
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+
+    asserts.assertTemplateUsed(result, 'ui/associations/browse.html')
+
+    assert_default_mode_response_context(result, browsable_association_outs)
+
+
+@pytest.mark.django_db
+def test_ok_htmx(browsable_association_outs,
+                 authenticated_client: Client,
+                 ):
+    # When
+    result = authenticated_client.get(
+        reverse('ui.associations.browse'),
+        headers={
+            'HX-Request': 'true',
+        },
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+
+    asserts.assertTemplateNotUsed(result, 'ui/associations/browse.html')
+    asserts.assertTemplateUsed(result, 'ui/associations/partials/associations.html')
+
+    assert_default_mode_response_context(result, browsable_association_outs)
+
+
+@pytest.mark.django_db
+def test_starred_mode(browsable_association_outs,
+                      authenticated_client: Client,
+                      starred_association_out,
+                      ):
+    # When
+    result = authenticated_client.get(
+        reverse('ui.associations.browse'),
+        data={
+            'mode': AssociationsSearchMode.STARRED.value,
+        },
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+
+    assert len(result.context['associations']) == 1
+    assert result.context['associations'][0].pk == starred_association_out.pk
+    assert result.context['params'].mode == AssociationsSearchMode.STARRED
+
+
+@pytest.mark.django_db
+def test_archived_mode(browsable_association_outs,
+                       authenticated_client: Client,
+                       archived_association_out,
+                       ):
+    # When
+    result = authenticated_client.get(
+        reverse('ui.associations.browse'),
+        data={
+            'mode': AssociationsSearchMode.ARCHIVED.value,
+        },
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+
+    assert len(result.context['associations']) == 1
+    assert result.context['associations'][0].pk == archived_association_out.pk
+    assert result.context['params'].mode == AssociationsSearchMode.ARCHIVED
+
+
+@pytest.mark.parametrize(
+    'query_before_index,expected_before_index,expected_length,first_index,last_index',
+    [
+        (None, 11, 12, 0, 11),
+        (11, None, 2, 12, 13),
+    ],
+)
+@pytest.mark.django_db
+def test_pagination(query_before_index,
+                    expected_before_index,
+                    expected_length,
+                    first_index,
+                    last_index,
+                    paginatable_association_outs,
+                    authenticated_client: Client,
+                    ):
+    # Given
+    request_data = {}
+
+    if query_before_index is not None:
+        request_data['before'] = str(
+            paginatable_association_outs[query_before_index].pk,
+        )
+
+    # When
+    result = authenticated_client.get(
+        reverse('ui.associations.browse'),
+        data=request_data,
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+
+    expected_before = None
+    expected_next_url = None
+
+    if expected_before_index:
+        expected_before = paginatable_association_outs[expected_before_index].pk
+        expected_next_url = reverse(
+            'ui.associations.browse',
+            query=[
+                ('before', expected_before),
+                ('search', ''),
+                ('limit', 12),
+                ('mode', AssociationsSearchMode.DEFAULT.value),
+            ],
+        )
+
+    assert len(result.context['associations']) == expected_length
+    assert result.context['associations'][0].pk == paginatable_association_outs[first_index].pk
+    assert result.context['associations'][-1].pk == paginatable_association_outs[last_index].pk
+    assert result.context['before'] == expected_before
+    assert result.context['next_url'] == expected_next_url
+
+
+@pytest.mark.django_db
+def test_inactive_account(inactive_account_client: Client):
+    # When
+    result = inactive_account_client.get(
+        reverse('ui.associations.browse'),
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse(
+            'ui.accounts.login',
+            query=[
+                ('next', reverse('ui.associations.browse')),
+            ],
+        ),
+        fetch_redirect_response=False,
+    )
+
+
+@pytest.mark.django_db
+def test_anonymous(client: Client):
+    # When
+    result = client.get(
+        reverse('ui.associations.browse'),
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse(
+            'ui.accounts.login',
+            query=[
+                ('next', reverse('ui.associations.browse')),
+            ],
+        ),
+        fetch_redirect_response=False,
+    )
--- a/services/backend/tests/ui/views/associations/test_delete.py
+++ b/services/backend/tests/ui/views/associations/test_delete.py
@@ -0,0 +1,174 @@
+# -*- coding: utf-8 -*-
+# type: ignore
+from __future__ import annotations
+
+import http
+
+from django.test import Client
+from django.urls import reverse
+import pytest
+from pytest_django import asserts
+
+from hotpocket_backend.apps.saves.models import Association
+from hotpocket_common.constants import AssociationsSearchMode
+
+
+@pytest.mark.django_db
+def test_ok(authenticated_client: Client,
+            association_out,
+            ):
+    # When
+    result = authenticated_client.post(
+        reverse('ui.associations.delete', args=(association_out.pk,)),
+        data={
+            'canhazconfirm': 'hai',
+        },
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse(
+            'ui.associations.browse',
+            query=[('mode', AssociationsSearchMode.ARCHIVED.value)],
+        ),
+        fetch_redirect_response=False,
+    )
+
+    association_object = Association.objects.get(pk=association_out.pk)
+    assert association_object.updated_at > association_out.updated_at
+    assert association_object.deleted_at is not None
+
+
+@pytest.mark.django_db
+def test_ok_htmx(authenticated_client: Client,
+                 association_out,
+                 ):
+    # When
+    result = authenticated_client.post(
+        reverse('ui.associations.delete', args=(association_out.pk,)),
+        headers={
+            'HX-Request': 'true',
+        },
+        data={
+            'canhazconfirm': 'hai',
+        },
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+
+    expected_payload = {
+        'status': 'ok',
+        'result': True,
+    }
+    assert result.json() == expected_payload
+
+
+@pytest.mark.django_db
+def test_invalid_all_missing(authenticated_client: Client,
+                             association_out,
+                             ):
+    # When
+    result = authenticated_client.post(
+        reverse('ui.associations.delete', args=(association_out.pk,)),
+        data={
+        },
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+
+    association_object = Association.objects.get(pk=association_out.pk)
+    assert association_object.updated_at == association_out.updated_at
+    assert association_object.deleted_at is None
+
+    assert 'canhazconfirm' in result.context['form'].errors
+
+
+@pytest.mark.django_db
+def test_invalid_all_empty(authenticated_client: Client,
+                           association_out,
+                           ):
+    # When
+    result = authenticated_client.post(
+        reverse('ui.associations.delete', args=(association_out.pk,)),
+        data={
+            'canhazconfirm': '',
+        },
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+
+    association_object = Association.objects.get(pk=association_out.pk)
+    assert association_object.updated_at == association_out.updated_at
+    assert association_object.deleted_at is None
+
+    assert 'canhazconfirm' in result.context['form'].errors
+
+
+@pytest.mark.django_db
+def test_other_account_association(authenticated_client: Client,
+                                   other_account_association_out,
+                                   ):
+    # When
+    result = authenticated_client.post(
+        reverse('ui.associations.delete', args=(other_account_association_out.pk,)),
+        data={
+            'canhazconfirm': 'hai',
+        },
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.FORBIDDEN
+
+
+@pytest.mark.django_db
+def test_inactive_account(inactive_account_client: Client,
+                          association_out,
+                          ):
+    # When
+    result = inactive_account_client.post(
+        reverse('ui.associations.delete', args=(association_out.pk,)),
+        data={
+            'canhazconfirm': 'hai',
+        },
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse(
+            'ui.accounts.login',
+            query=[
+                ('next', reverse('ui.associations.delete', args=(association_out.pk,))),
+            ],
+        ),
+        fetch_redirect_response=False,
+    )
+
+
+@pytest.mark.django_db
+def test_anonymous(client: Client,
+                   association_out,
+                   ):
+    # When
+    result = client.post(
+        reverse('ui.associations.delete', args=(association_out.pk,)),
+        data={
+            'canhazconfirm': 'hai',
+        },
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse(
+            'ui.accounts.login',
+            query=[
+                ('next', reverse('ui.associations.delete', args=(association_out.pk,))),
+            ],
+        ),
+        fetch_redirect_response=False,
+    )
--- a/services/backend/tests/ui/views/associations/test_edit.py
+++ b/services/backend/tests/ui/views/associations/test_edit.py
@@ -0,0 +1,162 @@
+# -*- coding: utf-8 -*-
+# type: ignore
+from __future__ import annotations
+
+import http
+
+from django.test import Client
+from django.urls import reverse
+import pytest
+from pytest_django import asserts
+
+from hotpocket_backend_testing.services.saves import AssociationsTestingService
+
+
+@pytest.fixture
+def payload():
+    return {
+        'url': 'https://ziomek.dog/',
+        'target_title': 'New Target Title',
+        'target_description': 'New Target Description',
+    }
+
+
+@pytest.mark.django_db
+def test_ok(authenticated_client: Client,
+            association_out,
+            payload,
+            ):
+    # When
+    result = authenticated_client.post(
+        reverse('ui.associations.edit', args=(association_out.pk,)),
+        data=payload,
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse('ui.associations.view', args=(association_out.pk,)),
+        fetch_redirect_response=False,
+    )
+
+    AssociationsTestingService().assert_edited(
+        pk=association_out.pk,
+        update=payload,
+        reference=association_out,
+    )
+
+
+@pytest.mark.django_db
+def test_invalid_all_empty(authenticated_client: Client,
+                           association_out,
+                           payload,
+                           ):
+    # Given
+    effective_payload = {
+        key: ''
+        for key
+        in payload.keys()
+    }
+
+    # When
+    result = authenticated_client.post(
+        reverse('ui.associations.edit', args=(association_out.pk,)),
+        data=effective_payload,
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse('ui.associations.view', args=(association_out.pk,)),
+        fetch_redirect_response=False,
+    )
+
+    AssociationsTestingService().assert_edited(
+        pk=association_out.pk,
+        update=effective_payload,
+        reference=association_out,
+    )
+
+
+@pytest.mark.django_db
+def test_invalid_all_missing(authenticated_client: Client,
+                             association_out,
+                             ):
+    # Given
+    effective_payload = {}
+
+    # When
+    result = authenticated_client.post(
+        reverse('ui.associations.edit', args=(association_out.pk,)),
+        data=effective_payload,
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse('ui.associations.view', args=(association_out.pk,)),
+        fetch_redirect_response=False,
+    )
+
+    AssociationsTestingService().assert_edited(
+        pk=association_out.pk,
+        update=effective_payload,
+        reference=association_out,
+    )
+
+
+@pytest.mark.django_db
+def test_other_account_association(authenticated_client: Client,
+                                   other_account_association_out,
+                                   ):
+    # When
+    result = authenticated_client.post(
+        reverse('ui.associations.edit', args=(other_account_association_out.pk,)),
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.FORBIDDEN
+
+
+@pytest.mark.django_db
+def test_inactive_account(inactive_account_client: Client,
+                          association_out,
+                          ):
+    # When
+    result = inactive_account_client.post(
+        reverse('ui.associations.edit', args=(association_out.pk,)),
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse(
+            'ui.accounts.login',
+            query=[
+                ('next', reverse('ui.associations.edit', args=(association_out.pk,))),
+            ],
+        ),
+        fetch_redirect_response=False,
+    )
+
+
+@pytest.mark.django_db
+def test_anonymous(client: Client,
+                   association_out,
+                   ):
+    # When
+    result = client.post(
+        reverse('ui.associations.edit', args=(association_out.pk,)),
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse(
+            'ui.accounts.login',
+            query=[
+                ('next', reverse('ui.associations.edit', args=(association_out.pk,))),
+            ],
+        ),
+        fetch_redirect_response=False,
+    )
--- a/services/backend/tests/ui/views/associations/test_index.py
+++ b/services/backend/tests/ui/views/associations/test_index.py
@@ -0,0 +1,59 @@
+# -*- coding: utf-8 -*-
+# type: ignore
+from __future__ import annotations
+
+from django.test import Client
+from django.urls import reverse
+import pytest
+from pytest_django import asserts
+
+
+@pytest.mark.django_db
+def test_ok(authenticated_client: Client):
+    # When
+    result = authenticated_client.get(
+        reverse('ui.associations.index'),
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse('ui.associations.browse'),
+        fetch_redirect_response=False,
+    )
+
+
+@pytest.mark.django_db
+def test_inactive_account(inactive_account_client: Client):
+    # When
+    result = inactive_account_client.get(
+        reverse('ui.associations.index'),
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse(
+            'ui.accounts.login',
+            query=[('next', reverse('ui.associations.index'))],
+        ),
+        fetch_redirect_response=False,
+    )
+
+
+@pytest.mark.django_db
+def test_anonymous(client: Client):
+    # When
+    result = client.get(
+        reverse('ui.associations.index'),
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse(
+            'ui.accounts.login',
+            query=[('next', reverse('ui.associations.index'))],
+        ),
+        fetch_redirect_response=False,
+    )
--- a/services/backend/tests/ui/views/associations/test_post_save.py
+++ b/services/backend/tests/ui/views/associations/test_post_save.py
@@ -0,0 +1,124 @@
+# -*- coding: utf-8 -*-
+# type: ignore
+from __future__ import annotations
+
+import http
+
+from django.test import Client
+from django.urls import reverse
+import pytest
+from pytest_django import asserts
+
+
+@pytest.mark.django_db
+def test_ok(authenticated_client: Client,
+            association_out,
+            ):
+    # When
+    result = authenticated_client.get(
+        reverse('ui.associations.post_save', args=(association_out.pk,)),
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+
+    asserts.assertTemplateUsed('ui/associations/view.html')
+    assert result.context['association'].pk == association_out.pk
+    assert hasattr(result.context['association'], 'target') is True
+    assert result.context['association'].target.pk == association_out.target.pk
+
+
+@pytest.mark.django_db
+def test_archived(authenticated_client: Client,
+                  archived_association_out,
+                  ):
+    # When
+    result = authenticated_client.get(
+        reverse('ui.associations.post_save', args=(archived_association_out.pk,)),
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.NOT_FOUND
+
+
+@pytest.mark.django_db
+def test_deleted(authenticated_client: Client,
+                 deleted_association_out,
+                 ):
+    # When
+    result = authenticated_client.get(
+        reverse('ui.associations.post_save', args=(deleted_association_out.pk,)),
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.NOT_FOUND
+
+
+@pytest.mark.django_db
+def test_not_found(authenticated_client: Client,
+                   null_uuid,
+                   ):
+    # When
+    result = authenticated_client.get(
+        reverse('ui.associations.post_save', args=(null_uuid,)),
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.NOT_FOUND
+
+
+@pytest.mark.django_db
+def test_other_account_association(authenticated_client: Client,
+                                   other_account_association_out,
+                                   ):
+    # When
+    result = authenticated_client.get(
+        reverse('ui.associations.post_save', args=(other_account_association_out.pk,)),
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.FORBIDDEN
+
+
+@pytest.mark.django_db
+def test_inactive_account(inactive_account_client: Client,
+                          association_out,
+                          ):
+    # When
+    result = inactive_account_client.get(
+        reverse('ui.associations.post_save', args=(association_out.pk,)),
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse(
+            'ui.accounts.login',
+            query=[
+                ('next', reverse('ui.associations.post_save', args=(association_out.pk,))),
+            ],
+        ),
+        fetch_redirect_response=False,
+    )
+
+
+@pytest.mark.django_db
+def test_anonymous(client: Client,
+                   association_out,
+                   ):
+    # When
+    result = client.get(
+        reverse('ui.associations.post_save', args=(association_out.pk,)),
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse(
+            'ui.accounts.login',
+            query=[
+                ('next', reverse('ui.associations.post_save', args=(association_out.pk,))),
+            ],
+        ),
+        fetch_redirect_response=False,
+    )
--- a/services/backend/tests/ui/views/associations/test_refresh.py
+++ b/services/backend/tests/ui/views/associations/test_refresh.py
@@ -0,0 +1,194 @@
+# -*- coding: utf-8 -*-
+# type: ignore
+from __future__ import annotations
+
+import http
+from unittest import mock
+
+from celery.result import AsyncResult
+from django.test import Client
+from django.urls import reverse
+import pytest
+from pytest_django import asserts
+import pytest_mock
+
+from hotpocket_backend_testing.services.saves import SaveProcessorTestingService
+
+
+@pytest.fixture
+def async_result(null_uuid) -> mock.Mock:
+    result = mock.Mock(spec=AsyncResult)
+    result.id = str(null_uuid)
+
+    return result
+
+
+@pytest.fixture
+def mock_saves_process_save_task_apply_async(mocker: pytest_mock.MockerFixture,
+                                             async_result,
+                                             ) -> mock.Mock:
+    return SaveProcessorTestingService().mock_process_save_task_apply_async(
+        mocker=mocker, async_result=async_result,
+    )
+
+
+@pytest.mark.django_db
+def test_ok(authenticated_client: Client,
+            association_out,
+            mock_saves_process_save_task_apply_async: mock.Mock,
+            save_out,
+            ):
+    # When
+    result = authenticated_client.post(
+        reverse('ui.associations.refresh', args=(association_out.pk,)),
+        data={
+            'canhazconfirm': 'hai',
+        },
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse('ui.associations.browse'),
+        fetch_redirect_response=False,
+    )
+
+    mock_saves_process_save_task_apply_async.assert_called_once_with(
+        kwargs={
+            'pk': save_out.pk,
+        },
+    )
+
+
+@pytest.mark.django_db
+def test_ok_htmx(mock_saves_process_save_task_apply_async: mock.Mock,
+                 authenticated_client: Client,
+                 association_out,
+                 async_result,
+                 ):
+    # When
+    result = authenticated_client.post(
+        reverse('ui.associations.refresh', args=(association_out.pk,)),
+        headers={
+            'HX-Request': 'true',
+        },
+        data={
+            'canhazconfirm': 'hai',
+        },
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+
+    expected_payload = {
+        'status': 'ok',
+        'result': async_result.id,
+    }
+    assert result.json() == expected_payload
+
+
+@pytest.mark.django_db
+def test_invalid_all_missing(authenticated_client: Client,
+                             association_out,
+                             mock_saves_process_save_task_apply_async: mock.Mock,
+                             ):
+    # When
+    result = authenticated_client.post(
+        reverse('ui.associations.refresh', args=(association_out.pk,)),
+        data={
+        },
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+
+    mock_saves_process_save_task_apply_async.assert_not_called()
+
+    assert 'canhazconfirm' in result.context['form'].errors
+
+
+@pytest.mark.django_db
+def test_invalid_all_empty(authenticated_client: Client,
+                           association_out,
+                           mock_saves_process_save_task_apply_async: mock.Mock,
+                           ):
+    # When
+    result = authenticated_client.post(
+        reverse('ui.associations.refresh', args=(association_out.pk,)),
+        data={
+            'canhazconfirm': '',
+        },
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+
+    mock_saves_process_save_task_apply_async.assert_not_called()
+
+    assert 'canhazconfirm' in result.context['form'].errors
+
+
+@pytest.mark.django_db
+def test_other_account_association(authenticated_client: Client,
+                                   other_account_association_out,
+                                   ):
+    # When
+    result = authenticated_client.post(
+        reverse('ui.associations.refresh', args=(other_account_association_out.pk,)),
+        data={
+            'canhazconfirm': 'hai',
+        },
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.FORBIDDEN
+
+
+@pytest.mark.django_db
+def test_inactive_account(inactive_account_client: Client,
+                          association_out,
+                          ):
+    # When
+    result = inactive_account_client.post(
+        reverse('ui.associations.refresh', args=(association_out.pk,)),
+        data={
+            'canhazconfirm': 'hai',
+        },
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse(
+            'ui.accounts.login',
+            query=[
+                ('next', reverse('ui.associations.refresh', args=(association_out.pk,))),
+            ],
+        ),
+        fetch_redirect_response=False,
+    )
+
+
+@pytest.mark.django_db
+def test_anonymous(client: Client,
+                   association_out,
+                   ):
+    # When
+    result = client.post(
+        reverse('ui.associations.refresh', args=(association_out.pk,)),
+        data={
+            'canhazconfirm': 'hai',
+        },
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse(
+            'ui.accounts.login',
+            query=[
+                ('next', reverse('ui.associations.refresh', args=(association_out.pk,))),
+            ],
+        ),
+        fetch_redirect_response=False,
+    )
--- a/services/backend/tests/ui/views/associations/test_star.py
+++ b/services/backend/tests/ui/views/associations/test_star.py
@@ -0,0 +1,111 @@
+# -*- coding: utf-8 -*-
+# type: ignore
+from __future__ import annotations
+
+import http
+
+from django.test import Client
+from django.urls import reverse
+import pytest
+from pytest_django import asserts
+
+from hotpocket_backend_testing.services.saves import AssociationsTestingService
+
+
+@pytest.mark.django_db
+def test_ok(authenticated_client: Client,
+            association_out,
+            ):
+    # When
+    result = authenticated_client.get(
+        reverse('ui.associations.star', args=(association_out.pk,)),
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse('ui.associations.browse'),
+        fetch_redirect_response=False,
+    )
+
+    AssociationsTestingService().assert_starred(
+        pk=association_out.pk, reference=association_out,
+    )
+
+
+@pytest.mark.django_db
+def test_ok_htmx(authenticated_client: Client,
+                 association_out,
+                 ):
+    # When
+    result = authenticated_client.get(
+        reverse('ui.associations.star', args=(association_out.pk,)),
+        headers={
+            'HX-Request': 'true',
+        },
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+
+    asserts.assertTemplateUsed('ui/associations/association_card.html')
+    assert result.context['association'].pk == association_out.pk
+    assert hasattr(result.context['association'], 'target') is True
+    assert result.context['association'].target.pk == association_out.target.pk
+
+
+@pytest.mark.django_db
+def test_other_account_association(authenticated_client: Client,
+                                   other_account_association_out,
+                                   ):
+    # When
+    result = authenticated_client.get(
+        reverse('ui.associations.star', args=(other_account_association_out.pk,)),
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.FORBIDDEN
+
+
+@pytest.mark.django_db
+def test_inactive_account(inactive_account_client: Client,
+                          association_out,
+                          ):
+    # When
+    result = inactive_account_client.get(
+        reverse('ui.associations.star', args=(association_out.pk,)),
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse(
+            'ui.accounts.login',
+            query=[
+                ('next', reverse('ui.associations.star', args=(association_out.pk,))),
+            ],
+        ),
+        fetch_redirect_response=False,
+    )
+
+
+@pytest.mark.django_db
+def test_anonymous(client: Client,
+                   association_out,
+                   ):
+    # When
+    result = client.get(
+        reverse('ui.associations.star', args=(association_out.pk,)),
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse(
+            'ui.accounts.login',
+            query=[
+                ('next', reverse('ui.associations.star', args=(association_out.pk,))),
+            ],
+        ),
+        fetch_redirect_response=False,
+    )
--- a/services/backend/tests/ui/views/associations/test_unstar.py
+++ b/services/backend/tests/ui/views/associations/test_unstar.py
@@ -0,0 +1,111 @@
+# -*- coding: utf-8 -*-
+# type: ignore
+from __future__ import annotations
+
+import http
+
+from django.test import Client
+from django.urls import reverse
+import pytest
+from pytest_django import asserts
+
+from hotpocket_backend_testing.services.saves import AssociationsTestingService
+
+
+@pytest.mark.django_db
+def test_ok(authenticated_client: Client,
+            starred_association_out,
+            ):
+    # When
+    result = authenticated_client.get(
+        reverse('ui.associations.unstar', args=(starred_association_out.pk,)),
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse('ui.associations.browse'),
+        fetch_redirect_response=False,
+    )
+
+    AssociationsTestingService().assert_not_starred(
+        pk=starred_association_out.pk, reference=starred_association_out,
+    )
+
+
+@pytest.mark.django_db
+def test_ok_htmx(authenticated_client: Client,
+                 starred_association_out,
+                 ):
+    # When
+    result = authenticated_client.get(
+        reverse('ui.associations.unstar', args=(starred_association_out.pk,)),
+        headers={
+            'HX-Request': 'true',
+        },
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+
+    asserts.assertTemplateUsed('ui/associations/association_card.html')
+    assert result.context['association'].pk == starred_association_out.pk
+    assert hasattr(result.context['association'], 'target') is True
+    assert result.context['association'].target.pk == starred_association_out.target.pk
+
+
+@pytest.mark.django_db
+def test_other_account_association(authenticated_client: Client,
+                                   other_account_starred_association_out,
+                                   ):
+    # When
+    result = authenticated_client.get(
+        reverse('ui.associations.unstar', args=(other_account_starred_association_out.pk,)),
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.FORBIDDEN
+
+
+@pytest.mark.django_db
+def test_inactive_account(inactive_account_client: Client,
+                          association_out,
+                          ):
+    # When
+    result = inactive_account_client.get(
+        reverse('ui.associations.unstar', args=(association_out.pk,)),
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse(
+            'ui.accounts.login',
+            query=[
+                ('next', reverse('ui.associations.unstar', args=(association_out.pk,))),
+            ],
+        ),
+        fetch_redirect_response=False,
+    )
+
+
+@pytest.mark.django_db
+def test_anonymous(client: Client,
+                   association_out,
+                   ):
+    # When
+    result = client.get(
+        reverse('ui.associations.unstar', args=(association_out.pk,)),
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse(
+            'ui.accounts.login',
+            query=[
+                ('next', reverse('ui.associations.unstar', args=(association_out.pk,))),
+            ],
+        ),
+        fetch_redirect_response=False,
+    )
--- a/services/backend/tests/ui/views/associations/test_view.py
+++ b/services/backend/tests/ui/views/associations/test_view.py
@@ -0,0 +1,274 @@
+# -*- coding: utf-8 -*-
+# type: ignore
+from __future__ import annotations
+
+import http
+
+from django.test import Client
+from django.urls import reverse
+import pytest
+from pytest_django import asserts
+
+
+@pytest.mark.django_db
+def test_authenticated_ok(authenticated_client: Client,
+                          association_out,
+                          ):
+    # When
+    result = authenticated_client.get(
+        reverse('ui.associations.view', args=(association_out.pk,)),
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+
+    asserts.assertTemplateUsed('ui/associations/view.html')
+    assert result.context['association'].pk == association_out.pk
+    assert hasattr(result.context['association'], 'target') is True
+    assert result.context['association'].target.pk == association_out.target.pk
+    assert result.context['show_controls'] is True
+
+
+@pytest.mark.django_db
+def test_authenticated_archived(authenticated_client: Client,
+                                archived_association_out,
+                                ):
+    # When
+    result = authenticated_client.get(
+        reverse('ui.associations.view', args=(archived_association_out.pk,)),
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+
+    asserts.assertTemplateUsed('ui/associations/view.html')
+    assert result.context['show_controls'] is False
+
+
+@pytest.mark.django_db
+def test_authenticated_deleted(authenticated_client: Client,
+                               deleted_association_out,
+                               ):
+    # When
+    result = authenticated_client.get(
+        reverse('ui.associations.view', args=(deleted_association_out.pk,)),
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.NOT_FOUND
+
+
+@pytest.mark.django_db
+def test_authenticated_not_found(authenticated_client: Client,
+                                 null_uuid,
+                                 ):
+    # When
+    result = authenticated_client.get(
+        reverse('ui.associations.view', args=(null_uuid,)),
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.NOT_FOUND
+
+
+@pytest.mark.django_db
+def test_authenticated_other_account_association(authenticated_client: Client,
+                                                 other_account_association_out,
+                                                 ):
+    # When
+    result = authenticated_client.get(
+        reverse('ui.associations.view', args=(other_account_association_out.pk,)),
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.FORBIDDEN
+
+
+@pytest.mark.django_db
+def test_authenticated_share_ok(authenticated_client: Client,
+                                other_account_association_out,
+                                ):
+    # When
+    result = authenticated_client.get(
+        reverse(
+            'ui.associations.view',
+            args=(other_account_association_out.pk,),
+            query=[('share', 'true')],
+        ),
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+
+    asserts.assertTemplateUsed('ui/associations/view.html')
+    assert result.context['association'].pk == other_account_association_out.pk
+    assert hasattr(result.context['association'], 'target') is True
+    assert result.context['association'].target.pk == other_account_association_out.target.pk
+    assert result.context['show_controls'] is False
+
+
+@pytest.mark.django_db
+def test_authenticated_share_owner_ok(authenticated_client: Client,
+                                      association_out,
+                                      ):
+    # When
+    result = authenticated_client.get(
+        reverse(
+            'ui.associations.view',
+            args=(association_out.pk,),
+            query=[('share', 'true')],
+        ),
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+
+    asserts.assertTemplateUsed('ui/associations/view.html')
+    assert result.context['show_controls'] is False
+
+
+@pytest.mark.django_db
+def test_authenticated_share_archived(authenticated_client: Client,
+                                      other_account_archived_association_out,
+                                      ):
+    # When
+    result = authenticated_client.get(
+        reverse(
+            'ui.associations.view',
+            args=(other_account_archived_association_out.pk,),
+            query=[('share', 'true')],
+        ),
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.NOT_FOUND
+
+
+@pytest.mark.django_db
+def test_authenticated_share_deleted(authenticated_client: Client,
+                                     other_account_deleted_association_out,
+                                     ):
+    # When
+    result = authenticated_client.get(
+        reverse(
+            'ui.associations.view',
+            args=(other_account_deleted_association_out.pk,),
+            query=[('share', 'true')],
+        ),
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.NOT_FOUND
+
+
+@pytest.mark.django_db
+def test_authenticated_share_not_found(authenticated_client: Client,
+                                       null_uuid,
+                                       ):
+    # When
+    result = authenticated_client.get(
+        reverse(
+            'ui.associations.view', args=(null_uuid,),
+            query=[('share', 'true')],
+        ),
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.NOT_FOUND
+
+
+@pytest.mark.django_db
+def test_anonymous_share_ok(client: Client,
+                            association_out,
+                            ):
+    # When
+    result = client.get(
+        reverse(
+            'ui.associations.view',
+            args=(association_out.pk,),
+            query=[('share', 'true')],
+        ),
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+
+    asserts.assertTemplateUsed('ui/associations/view.html')
+    assert result.context['association'].pk == association_out.pk
+    assert result.context['show_controls'] is False
+
+
+@pytest.mark.django_db
+def test_anonymous_share_archived(client: Client,
+                                  archived_association_out,
+                                  ):
+    # When
+    result = client.get(
+        reverse(
+            'ui.associations.view',
+            args=(archived_association_out.pk,),
+            query=[('share', 'true')],
+        ),
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.NOT_FOUND
+
+
+@pytest.mark.django_db
+def test_anonymous_share_deleted(client: Client,
+                                 deleted_association_out,
+                                 ):
+    # When
+    result = client.get(
+        reverse(
+            'ui.associations.view',
+            args=(deleted_association_out.pk,),
+            query=[('share', 'true')],
+        ),
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.NOT_FOUND
+
+
+@pytest.mark.django_db
+def test_anonymous_share_not_found(client: Client,
+                                   null_uuid,
+                                   ):
+    # When
+    result = client.get(
+        reverse(
+            'ui.associations.view', args=(null_uuid,),
+            query=[('share', 'true')],
+        ),
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.NOT_FOUND
+
+
+@pytest.mark.django_db
+def test_inactive_account(inactive_account_client: Client,
+                          association_out,
+                          ):
+    # When
+    result = inactive_account_client.get(
+        reverse('ui.associations.view', args=(association_out.pk,)),
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.FORBIDDEN
+
+
+@pytest.mark.django_db
+def test_anonymous(client: Client,
+                   association_out,
+                   ):
+    # When
+    result = client.get(
+        reverse('ui.associations.view', args=(association_out.pk,)),
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.FORBIDDEN
--- a/services/backend/tests/ui/views/imports/init.py
+++ b/services/backend/tests/ui/views/imports/init.py
--- a/services/backend/tests/ui/views/imports/test_pocket.py
+++ b/services/backend/tests/ui/views/imports/test_pocket.py
@@ -0,0 +1,166 @@
+# -*- coding: utf-8 -*-
+# type: ignore
+from __future__ import annotations
+
+import http
+from unittest import mock
+
+from django.core.files.uploadedfile import SimpleUploadedFile
+from django.test import Client
+from django.urls import reverse
+import pytest
+from pytest_django import asserts
+import pytest_mock
+
+from hotpocket_backend_testing.services import UITestingService
+
+
+@pytest.fixture
+def pocket_csv_file(pocket_csv_content):
+    result = SimpleUploadedFile(
+        'part_000000.csv',
+        pocket_csv_content.encode('utf-8'),
+        content_type='application/csv;charset=utf-8',
+    )
+
+    yield result
+
+
+@pytest.fixture
+def payload(pocket_csv_file):
+    return {
+        'csv': pocket_csv_file,
+    }
+
+
+@pytest.fixture
+def override_settings_upload_path(settings, tmp_path):
+    settings.UPLOADS_PATH = tmp_path
+
+
+@pytest.fixture
+def mock_ui_import_from_pocket_task_apply_async(mocker: pytest_mock.MockerFixture,
+                                                async_result,
+                                                ) -> mock.Mock:
+    return UITestingService().mock_import_from_pocket_task_apply_async(
+        mocker=mocker, async_result=async_result,
+    )
+
+
+@pytest.mark.django_db
+def test_ok(override_settings_upload_path,
+            authenticated_client: Client,
+            payload,
+            tmp_path,
+            mock_ui_import_from_pocket_task_apply_async,
+            account,
+            pocket_csv_file,
+            pocket_csv_content,
+            ):
+    # When
+    result = authenticated_client.post(
+        reverse('ui.imports.pocket'),
+        data=payload,
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse('ui.associations.index'),
+        fetch_redirect_response=False,
+    )
+
+    uploaded_file_path = tmp_path / f'{account.pk}-{pocket_csv_file.name}'
+    assert uploaded_file_path.is_file() is True
+    assert uploaded_file_path.read_text() == pocket_csv_content.replace('\r\n', '\n')
+
+    mock_ui_import_from_pocket_task_apply_async.assert_called_once_with(
+        kwargs={
+            'account_uuid': account.pk,
+            'csv_path': str(uploaded_file_path),
+        },
+    )
+
+
+@pytest.mark.django_db
+def test_invalid_all_empty(override_settings_upload_path,
+                           authenticated_client: Client,
+                           payload,
+                           mock_ui_import_from_pocket_task_apply_async,
+                           ):
+    # Given
+    effective_payload = {
+        key: ''
+        for key
+        in payload.keys()
+    }
+
+    # When
+    result = authenticated_client.post(
+        reverse('ui.imports.pocket'),
+        data=effective_payload,
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+
+    assert 'csv' in result.context['form'].errors
+
+
+@pytest.mark.django_db
+def test_invalid_all_missing(override_settings_upload_path,
+                             authenticated_client: Client,
+                             payload,
+                             mock_ui_import_from_pocket_task_apply_async,
+                             ):
+    # Given
+    effective_payload = {}
+
+    # When
+    result = authenticated_client.post(
+        reverse('ui.imports.pocket'),
+        data=effective_payload,
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+
+    assert 'csv' in result.context['form'].errors
+
+
+@pytest.mark.django_db
+def test_inactive_account(inactive_account_client: Client, payload):
+    # When
+    result = inactive_account_client.post(
+        reverse('ui.imports.pocket'),
+        data=payload,
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse(
+            'ui.accounts.login',
+            query=[('next', reverse('ui.imports.pocket'))],
+        ),
+        fetch_redirect_response=False,
+    )
+
+
+@pytest.mark.django_db
+def test_anonymous(client: Client, payload):
+    # When
+    result = client.post(
+        reverse('ui.imports.pocket'),
+        data=payload,
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse(
+            'ui.accounts.login',
+            query=[('next', reverse('ui.imports.pocket'))],
+        ),
+        fetch_redirect_response=False,
+    )
--- a/services/backend/tests/ui/views/integrations/init.py
+++ b/services/backend/tests/ui/views/integrations/init.py
--- a/services/backend/tests/ui/views/integrations/android/init.py
+++ b/services/backend/tests/ui/views/integrations/android/init.py
--- a/services/backend/tests/ui/views/integrations/android/test_share_sheet.py
+++ b/services/backend/tests/ui/views/integrations/android/test_share_sheet.py
@@ -0,0 +1,341 @@
+# -*- coding: utf-8 -*-
+# type: ignore
+from __future__ import annotations
+
+import http
+from unittest import mock
+import uuid
+
+from django.test import Client
+from django.urls import reverse
+import pytest
+from pytest_django import asserts
+import pytest_mock
+
+from hotpocket_backend_testing.services.saves import (
+    AssociationsTestingService,
+    SaveProcessorTestingService,
+    SavesTestingService,
+)
+
+
+@pytest.fixture
+def mock_saves_process_save_task_apply_async(mocker: pytest_mock.MockerFixture,
+                                             async_result,
+                                             ) -> mock.Mock:
+    return SaveProcessorTestingService().mock_process_save_task_apply_async(
+        mocker=mocker, async_result=async_result,
+    )
+
+
+@pytest.fixture
+def payload():
+    return {
+        'text': 'https://www.ziomek.dog/',
+    }
+
+
+@pytest.mark.django_db
+def test_ok(authenticated_client: Client,
+            payload,
+            account,
+            mock_saves_process_save_task_apply_async: mock.Mock,
+            ):
+    # When
+    result = authenticated_client.post(
+        reverse('ui.integrations.android.share_sheet'),
+        data=payload,
+    )
+
+    # Then
+    assert 'X-HotPocket-Testing-Save-PK' in result.headers
+    assert 'X-HotPocket-Testing-Association-PK' in result.headers
+
+    save_pk = uuid.UUID(result.headers['X-HotPocket-Testing-Save-PK'])
+    association_pk = uuid.UUID(result.headers['X-HotPocket-Testing-Association-PK'])
+
+    asserts.assertRedirects(
+        result,
+        reverse('ui.associations.post_save', args=(association_pk,)),
+        fetch_redirect_response=False,
+    )
+
+    AssociationsTestingService().assert_created(
+        pk=association_pk,
+        account_uuid=account.pk,
+        target_uuid=save_pk,
+    )
+
+    SavesTestingService().assert_created(
+        pk=save_pk,
+        account_uuid=account.pk,
+        url=payload['text'],
+        is_netloc_banned=False,
+    )
+
+    mock_saves_process_save_task_apply_async.assert_called_once_with(
+        kwargs={
+            'pk': save_pk,
+        },
+    )
+
+
+@pytest.mark.django_db
+def test_ok_netloc_banned(authenticated_client: Client,
+                          payload,
+                          account,
+                          mock_saves_process_save_task_apply_async: mock.Mock,
+                          ):
+    # Given
+    payload['text'] = 'https://youtube.com/'
+
+    # When
+    result = authenticated_client.post(
+        reverse('ui.integrations.android.share_sheet'),
+        data=payload,
+    )
+
+    # Then
+    save_pk = uuid.UUID(result.headers['X-HotPocket-Testing-Save-PK'])
+    association_pk = uuid.UUID(result.headers['X-HotPocket-Testing-Association-PK'])
+
+    asserts.assertRedirects(
+        result,
+        reverse('ui.associations.post_save', args=(association_pk,)),
+        fetch_redirect_response=False,
+    )
+
+    SavesTestingService().assert_created(
+        pk=save_pk,
+        account_uuid=account.pk,
+        url=payload['text'],
+        is_netloc_banned=True,
+    )
+
+
+@pytest.mark.django_db
+def test_ok_reuse_save(authenticated_client: Client,
+                       payload,
+                       save_out,
+                       account,
+                       mock_saves_process_save_task_apply_async: mock.Mock,
+                       ):
+    # Given
+    payload['text'] = save_out.url
+
+    # When
+    result = authenticated_client.post(
+        reverse('ui.integrations.android.share_sheet'),
+        data=payload,
+    )
+
+    # Then
+    assert 'X-HotPocket-Testing-Save-PK' in result.headers
+    assert 'X-HotPocket-Testing-Association-PK' in result.headers
+
+    save_pk = uuid.UUID(result.headers['X-HotPocket-Testing-Save-PK'])
+    association_pk = uuid.UUID(result.headers['X-HotPocket-Testing-Association-PK'])
+
+    asserts.assertRedirects(
+        result,
+        reverse('ui.associations.post_save', args=(association_pk,)),
+        fetch_redirect_response=False,
+    )
+
+    AssociationsTestingService().assert_created(
+        pk=association_pk,
+        account_uuid=account.pk,
+        target_uuid=save_pk,
+    )
+
+    SavesTestingService().assert_reused(
+        pk=save_pk,
+        reference=save_out,
+    )
+
+
+@pytest.mark.django_db
+def test_ok_reuse_association(authenticated_client: Client,
+                              payload,
+                              save_out,
+                              account,
+                              association_out,
+                              mock_saves_process_save_task_apply_async: mock.Mock,
+                              ):
+    # Given
+    payload['text'] = save_out.url
+
+    # When
+    result = authenticated_client.post(
+        reverse('ui.integrations.android.share_sheet'),
+        data=payload,
+    )
+
+    # Then
+    association_pk = uuid.UUID(result.headers['X-HotPocket-Testing-Association-PK'])
+
+    AssociationsTestingService().assert_reused(
+        pk=association_pk,
+        reference=association_out,
+    )
+
+
+@pytest.mark.django_db
+def test_ok_reuse_other_account_save(authenticated_client: Client,
+                                     payload,
+                                     other_account_save_out,
+                                     account,
+                                     mock_saves_process_save_task_apply_async: mock.Mock,
+                                     ):
+    # Given
+    payload['text'] = other_account_save_out.url
+
+    # When
+    result = authenticated_client.post(
+        reverse('ui.integrations.android.share_sheet'),
+        data=payload,
+    )
+
+    # Then
+    save_pk = uuid.UUID(result.headers['X-HotPocket-Testing-Save-PK'])
+    association_pk = uuid.UUID(result.headers['X-HotPocket-Testing-Association-PK'])
+
+    AssociationsTestingService().assert_created(
+        pk=association_pk,
+        account_uuid=account.pk,
+        target_uuid=save_pk,
+    )
+
+    SavesTestingService().assert_reused(
+        pk=save_pk,
+        reference=other_account_save_out,
+    )
+
+
+@pytest.mark.django_db
+def test_ok_dont_process_reused_processed_save(authenticated_client: Client,
+                                               payload,
+                                               processed_save_out,
+                                               account,
+                                               mock_saves_process_save_task_apply_async: mock.Mock,
+                                               ):
+    # Given
+    payload['text'] = processed_save_out.url
+
+    # When
+    _ = authenticated_client.post(
+        reverse('ui.integrations.android.share_sheet'),
+        data=payload,
+    )
+
+    # Then
+    mock_saves_process_save_task_apply_async.assert_not_called()
+
+
+@pytest.mark.django_db
+def test_invalid_all_empty(authenticated_client: Client,
+                           payload,
+                           mock_saves_process_save_task_apply_async: mock.Mock,
+                           ):
+    # Given
+    effective_payload = {
+        key: ''
+        for key
+        in payload.keys()
+    }
+
+    # When
+    result = authenticated_client.post(
+        reverse('ui.integrations.android.share_sheet'),
+        data=effective_payload,
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+    assert 'X-HotPocket-Testing-Save-PK' not in result.headers
+    assert 'X-HotPocket-Testing-Association-PK' not in result.headers
+
+    mock_saves_process_save_task_apply_async.assert_not_called()
+
+    asserts.assertTemplateUsed(result, 'ui/errors/internal_server_error.html')
+
+
+@pytest.mark.django_db
+def test_invalid_all_missing(authenticated_client: Client,
+                             mock_saves_process_save_task_apply_async: mock.Mock,
+                             ):
+    # Given
+    effective_payload = {}
+
+    # When
+    result = authenticated_client.post(
+        reverse('ui.integrations.android.share_sheet'),
+        data=effective_payload,
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+    assert 'X-HotPocket-Testing-Save-PK' not in result.headers
+    assert 'X-HotPocket-Testing-Association-PK' not in result.headers
+
+    mock_saves_process_save_task_apply_async.assert_not_called()
+
+    asserts.assertTemplateUsed(result, 'ui/errors/internal_server_error.html')
+
+
+@pytest.mark.django_db
+def test_inactive_account(inactive_account_client: Client,
+                          payload,
+                          ):
+    # When
+    result = inactive_account_client.get(
+        reverse('ui.integrations.android.share_sheet'),
+        data=payload,
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse(
+            'ui.accounts.login',
+            query=[
+                (
+                    'next',
+                    reverse(
+                        'ui.integrations.android.share_sheet',
+                        query=payload,
+                    ),
+                ),
+            ],
+        ),
+        fetch_redirect_response=False,
+    )
+
+
+@pytest.mark.django_db
+def test_anonymous(client: Client,
+                   payload,
+                   ):
+    # When
+    result = client.get(
+        reverse('ui.integrations.android.share_sheet'),
+        data=payload,
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse(
+            'ui.accounts.login',
+            query=[
+                (
+                    'next',
+                    reverse(
+                        'ui.integrations.android.share_sheet',
+                        query=payload,
+                    ),
+                ),
+            ],
+        ),
+        fetch_redirect_response=False,
+    )
--- a/services/backend/tests/ui/views/integrations/ios/init.py
+++ b/services/backend/tests/ui/views/integrations/ios/init.py
--- a/services/backend/tests/ui/views/integrations/ios/test_shortcut.py
+++ b/services/backend/tests/ui/views/integrations/ios/test_shortcut.py
@@ -0,0 +1,341 @@
+# -*- coding: utf-8 -*-
+# type: ignore
+from __future__ import annotations
+
+import http
+from unittest import mock
+import uuid
+
+from django.test import Client
+from django.urls import reverse
+import pytest
+from pytest_django import asserts
+import pytest_mock
+
+from hotpocket_backend_testing.services.saves import (
+    AssociationsTestingService,
+    SaveProcessorTestingService,
+    SavesTestingService,
+)
+
+
+@pytest.fixture
+def mock_saves_process_save_task_apply_async(mocker: pytest_mock.MockerFixture,
+                                             async_result,
+                                             ) -> mock.Mock:
+    return SaveProcessorTestingService().mock_process_save_task_apply_async(
+        mocker=mocker, async_result=async_result,
+    )
+
+
+@pytest.fixture
+def query():
+    return {
+        'url': 'https://www.ziomek.dog/',
+    }
+
+
+@pytest.mark.django_db
+def test_ok(authenticated_client: Client,
+            query,
+            account,
+            mock_saves_process_save_task_apply_async: mock.Mock,
+            ):
+    # When
+    result = authenticated_client.get(
+        reverse('ui.integrations.ios.shortcut'),
+        data=query,
+    )
+
+    # Then
+    assert 'X-HotPocket-Testing-Save-PK' in result.headers
+    assert 'X-HotPocket-Testing-Association-PK' in result.headers
+
+    save_pk = uuid.UUID(result.headers['X-HotPocket-Testing-Save-PK'])
+    association_pk = uuid.UUID(result.headers['X-HotPocket-Testing-Association-PK'])
+
+    asserts.assertRedirects(
+        result,
+        reverse('ui.associations.post_save', args=(association_pk,)),
+        fetch_redirect_response=False,
+    )
+
+    AssociationsTestingService().assert_created(
+        pk=association_pk,
+        account_uuid=account.pk,
+        target_uuid=save_pk,
+    )
+
+    SavesTestingService().assert_created(
+        pk=save_pk,
+        account_uuid=account.pk,
+        url=query['url'],
+        is_netloc_banned=False,
+    )
+
+    mock_saves_process_save_task_apply_async.assert_called_once_with(
+        kwargs={
+            'pk': save_pk,
+        },
+    )
+
+
+@pytest.mark.django_db
+def test_ok_netloc_banned(authenticated_client: Client,
+                          query,
+                          account,
+                          mock_saves_process_save_task_apply_async: mock.Mock,
+                          ):
+    # Given
+    query['url'] = 'https://youtube.com/'
+
+    # When
+    result = authenticated_client.get(
+        reverse('ui.integrations.ios.shortcut'),
+        data=query,
+    )
+
+    # Then
+    save_pk = uuid.UUID(result.headers['X-HotPocket-Testing-Save-PK'])
+    association_pk = uuid.UUID(result.headers['X-HotPocket-Testing-Association-PK'])
+
+    asserts.assertRedirects(
+        result,
+        reverse('ui.associations.post_save', args=(association_pk,)),
+        fetch_redirect_response=False,
+    )
+
+    SavesTestingService().assert_created(
+        pk=save_pk,
+        account_uuid=account.pk,
+        url=query['url'],
+        is_netloc_banned=True,
+    )
+
+
+@pytest.mark.django_db
+def test_ok_reuse_save(authenticated_client: Client,
+                       query,
+                       save_out,
+                       account,
+                       mock_saves_process_save_task_apply_async: mock.Mock,
+                       ):
+    # Given
+    query['url'] = save_out.url
+
+    # When
+    result = authenticated_client.get(
+        reverse('ui.integrations.ios.shortcut'),
+        data=query,
+    )
+
+    # Then
+    assert 'X-HotPocket-Testing-Save-PK' in result.headers
+    assert 'X-HotPocket-Testing-Association-PK' in result.headers
+
+    save_pk = uuid.UUID(result.headers['X-HotPocket-Testing-Save-PK'])
+    association_pk = uuid.UUID(result.headers['X-HotPocket-Testing-Association-PK'])
+
+    asserts.assertRedirects(
+        result,
+        reverse('ui.associations.post_save', args=(association_pk,)),
+        fetch_redirect_response=False,
+    )
+
+    AssociationsTestingService().assert_created(
+        pk=association_pk,
+        account_uuid=account.pk,
+        target_uuid=save_pk,
+    )
+
+    SavesTestingService().assert_reused(
+        pk=save_pk,
+        reference=save_out,
+    )
+
+
+@pytest.mark.django_db
+def test_ok_reuse_association(authenticated_client: Client,
+                              query,
+                              save_out,
+                              account,
+                              association_out,
+                              mock_saves_process_save_task_apply_async: mock.Mock,
+                              ):
+    # Given
+    query['url'] = save_out.url
+
+    # When
+    result = authenticated_client.get(
+        reverse('ui.integrations.ios.shortcut'),
+        data=query,
+    )
+
+    # Then
+    association_pk = uuid.UUID(result.headers['X-HotPocket-Testing-Association-PK'])
+
+    AssociationsTestingService().assert_reused(
+        pk=association_pk,
+        reference=association_out,
+    )
+
+
+@pytest.mark.django_db
+def test_ok_reuse_other_account_save(authenticated_client: Client,
+                                     query,
+                                     other_account_save_out,
+                                     account,
+                                     mock_saves_process_save_task_apply_async: mock.Mock,
+                                     ):
+    # Given
+    query['url'] = other_account_save_out.url
+
+    # When
+    result = authenticated_client.get(
+        reverse('ui.integrations.ios.shortcut'),
+        data=query,
+    )
+
+    # Then
+    save_pk = uuid.UUID(result.headers['X-HotPocket-Testing-Save-PK'])
+    association_pk = uuid.UUID(result.headers['X-HotPocket-Testing-Association-PK'])
+
+    AssociationsTestingService().assert_created(
+        pk=association_pk,
+        account_uuid=account.pk,
+        target_uuid=save_pk,
+    )
+
+    SavesTestingService().assert_reused(
+        pk=save_pk,
+        reference=other_account_save_out,
+    )
+
+
+@pytest.mark.django_db
+def test_ok_dont_process_reused_processed_save(authenticated_client: Client,
+                                               query,
+                                               processed_save_out,
+                                               account,
+                                               mock_saves_process_save_task_apply_async: mock.Mock,
+                                               ):
+    # Given
+    query['url'] = processed_save_out.url
+
+    # When
+    _ = authenticated_client.get(
+        reverse('ui.integrations.ios.shortcut'),
+        data=query,
+    )
+
+    # Then
+    mock_saves_process_save_task_apply_async.assert_not_called()
+
+
+@pytest.mark.django_db
+def test_invalid_all_empty(authenticated_client: Client,
+                           query,
+                           mock_saves_process_save_task_apply_async: mock.Mock,
+                           ):
+    # Given
+    effective_query = {
+        key: ''
+        for key
+        in query.keys()
+    }
+
+    # When
+    result = authenticated_client.get(
+        reverse('ui.integrations.ios.shortcut'),
+        data=effective_query,
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+    assert 'X-HotPocket-Testing-Save-PK' not in result.headers
+    assert 'X-HotPocket-Testing-Association-PK' not in result.headers
+
+    mock_saves_process_save_task_apply_async.assert_not_called()
+
+    asserts.assertTemplateUsed(result, 'ui/errors/internal_server_error.html')
+
+
+@pytest.mark.django_db
+def test_invalid_all_missing(authenticated_client: Client,
+                             mock_saves_process_save_task_apply_async: mock.Mock,
+                             ):
+    # Given
+    effective_query = {}
+
+    # When
+    result = authenticated_client.get(
+        reverse('ui.integrations.ios.shortcut'),
+        data=effective_query,
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+    assert 'X-HotPocket-Testing-Save-PK' not in result.headers
+    assert 'X-HotPocket-Testing-Association-PK' not in result.headers
+
+    mock_saves_process_save_task_apply_async.assert_not_called()
+
+    asserts.assertTemplateUsed(result, 'ui/errors/internal_server_error.html')
+
+
+@pytest.mark.django_db
+def test_inactive_account(inactive_account_client: Client,
+                          query,
+                          ):
+    # When
+    result = inactive_account_client.get(
+        reverse('ui.integrations.ios.shortcut'),
+        data=query,
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse(
+            'ui.accounts.login',
+            query=[
+                (
+                    'next',
+                    reverse(
+                        'ui.integrations.ios.shortcut',
+                        query=query,
+                    ),
+                ),
+            ],
+        ),
+        fetch_redirect_response=False,
+    )
+
+
+@pytest.mark.django_db
+def test_anonymous(client: Client,
+                   query,
+                   ):
+    # When
+    result = client.get(
+        reverse('ui.integrations.ios.shortcut'),
+        data=query,
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse(
+            'ui.accounts.login',
+            query=[
+                (
+                    'next',
+                    reverse(
+                        'ui.integrations.ios.shortcut',
+                        query=query,
+                    ),
+                ),
+            ],
+        ),
+        fetch_redirect_response=False,
+    )
--- a/services/backend/tests/ui/views/saves/init.py
+++ b/services/backend/tests/ui/views/saves/init.py
--- a/services/backend/tests/ui/views/saves/test_create.py
+++ b/services/backend/tests/ui/views/saves/test_create.py
@@ -0,0 +1,327 @@
+# -*- coding: utf-8 -*-
+# type: ignore
+from __future__ import annotations
+
+import http
+from unittest import mock
+import uuid
+
+from django.test import Client
+from django.urls import reverse
+import pytest
+from pytest_django import asserts
+import pytest_mock
+
+from hotpocket_backend_testing.services.saves import (
+    AssociationsTestingService,
+    SaveProcessorTestingService,
+    SavesTestingService,
+)
+
+
+@pytest.fixture
+def mock_saves_process_save_task_apply_async(mocker: pytest_mock.MockerFixture,
+                                             async_result,
+                                             ) -> mock.Mock:
+    return SaveProcessorTestingService().mock_process_save_task_apply_async(
+        mocker=mocker, async_result=async_result,
+    )
+
+
+@pytest.fixture
+def payload():
+    return {
+        'url': 'https://www.ziomek.dog/',
+    }
+
+
+@pytest.mark.django_db
+def test_ok(authenticated_client: Client,
+            payload,
+            account,
+            mock_saves_process_save_task_apply_async: mock.Mock,
+            ):
+    # When
+    result = authenticated_client.post(
+        reverse('ui.saves.create'),
+        data=payload,
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse('ui.associations.browse'),
+        fetch_redirect_response=False,
+    )
+    assert 'X-HotPocket-Testing-Save-PK' in result.headers
+    assert 'X-HotPocket-Testing-Association-PK' in result.headers
+
+    save_pk = uuid.UUID(result.headers['X-HotPocket-Testing-Save-PK'])
+    association_pk = uuid.UUID(result.headers['X-HotPocket-Testing-Association-PK'])
+
+    AssociationsTestingService().assert_created(
+        pk=association_pk,
+        account_uuid=account.pk,
+        target_uuid=save_pk,
+    )
+
+    SavesTestingService().assert_created(
+        pk=save_pk,
+        account_uuid=account.pk,
+        url=payload['url'],
+        is_netloc_banned=False,
+    )
+
+    mock_saves_process_save_task_apply_async.assert_called_once_with(
+        kwargs={
+            'pk': save_pk,
+        },
+    )
+
+
+@pytest.mark.django_db
+def test_ok_netloc_banned(authenticated_client: Client,
+                          payload,
+                          account,
+                          mock_saves_process_save_task_apply_async: mock.Mock,
+                          ):
+    # Given
+    payload['url'] = 'https://youtube.com/'
+
+    # When
+    result = authenticated_client.post(
+        reverse('ui.saves.create'),
+        data=payload,
+    )
+
+    # Then
+    save_pk = uuid.UUID(result.headers['X-HotPocket-Testing-Save-PK'])
+    association_pk = uuid.UUID(result.headers['X-HotPocket-Testing-Association-PK'])
+
+    asserts.assertRedirects(
+        result,
+        reverse('ui.associations.post_save', args=(association_pk,)),
+        fetch_redirect_response=False,
+    )
+
+    SavesTestingService().assert_created(
+        pk=save_pk,
+        account_uuid=account.pk,
+        url=payload['url'],
+        is_netloc_banned=True,
+    )
+
+
+@pytest.mark.django_db
+def test_ok_reuse_save(authenticated_client: Client,
+                       payload,
+                       save_out,
+                       account,
+                       mock_saves_process_save_task_apply_async: mock.Mock,
+                       ):
+    # Given
+    payload['url'] = save_out.url
+
+    # When
+    result = authenticated_client.post(
+        reverse('ui.saves.create'),
+        data=payload,
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse('ui.associations.browse'),
+        fetch_redirect_response=False,
+    )
+    assert 'X-HotPocket-Testing-Save-PK' in result.headers
+    assert 'X-HotPocket-Testing-Association-PK' in result.headers
+
+    save_pk = uuid.UUID(result.headers['X-HotPocket-Testing-Save-PK'])
+    association_pk = uuid.UUID(result.headers['X-HotPocket-Testing-Association-PK'])
+
+    AssociationsTestingService().assert_created(
+        pk=association_pk,
+        account_uuid=account.pk,
+        target_uuid=save_pk,
+    )
+
+    SavesTestingService().assert_reused(
+        pk=save_pk,
+        reference=save_out,
+    )
+
+
+@pytest.mark.django_db
+def test_ok_reuse_association(authenticated_client: Client,
+                              payload,
+                              save_out,
+                              account,
+                              association_out,
+                              mock_saves_process_save_task_apply_async: mock.Mock,
+                              ):
+    # Given
+    payload['url'] = save_out.url
+
+    # When
+    result = authenticated_client.post(
+        reverse('ui.saves.create'),
+        data=payload,
+    )
+
+    # Then
+    association_pk = uuid.UUID(result.headers['X-HotPocket-Testing-Association-PK'])
+
+    AssociationsTestingService().assert_reused(
+        pk=association_pk,
+        reference=association_out,
+    )
+
+
+@pytest.mark.django_db
+def test_ok_reuse_other_account_save(authenticated_client: Client,
+                                     payload,
+                                     other_account_save_out,
+                                     account,
+                                     mock_saves_process_save_task_apply_async: mock.Mock,
+                                     ):
+    # Given
+    payload['url'] = other_account_save_out.url
+
+    # When
+    result = authenticated_client.post(
+        reverse('ui.saves.create'),
+        data=payload,
+    )
+
+    # Then
+    save_pk = uuid.UUID(result.headers['X-HotPocket-Testing-Save-PK'])
+    association_pk = uuid.UUID(result.headers['X-HotPocket-Testing-Association-PK'])
+
+    AssociationsTestingService().assert_created(
+        pk=association_pk,
+        account_uuid=account.pk,
+        target_uuid=save_pk,
+    )
+
+    SavesTestingService().assert_reused(
+        pk=save_pk,
+        reference=other_account_save_out,
+    )
+
+
+@pytest.mark.django_db
+def test_ok_dont_process_reused_processed_save(authenticated_client: Client,
+                                               payload,
+                                               processed_save_out,
+                                               account,
+                                               mock_saves_process_save_task_apply_async: mock.Mock,
+                                               ):
+    # Given
+    payload['url'] = processed_save_out.url
+
+    # When
+    _ = authenticated_client.post(
+        reverse('ui.saves.create'),
+        data=payload,
+    )
+
+    # Then
+    mock_saves_process_save_task_apply_async.assert_not_called()
+
+
+@pytest.mark.django_db
+def test_invalid_all_empty(authenticated_client: Client,
+                           payload,
+                           mock_saves_process_save_task_apply_async: mock.Mock,
+                           ):
+    # Given
+    effective_payload = {
+        key: ''
+        for key
+        in payload.keys()
+    }
+
+    # When
+    result = authenticated_client.post(
+        reverse('ui.saves.create'),
+        data=effective_payload,
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+    assert 'X-HotPocket-Testing-Save-PK' not in result.headers
+    assert 'X-HotPocket-Testing-Association-PK' not in result.headers
+
+    mock_saves_process_save_task_apply_async.assert_not_called()
+
+    assert 'url' in result.context['form'].errors
+
+
+@pytest.mark.django_db
+def test_invalid_all_missing(authenticated_client: Client,
+                             mock_saves_process_save_task_apply_async: mock.Mock,
+                             ):
+    # Given
+    effective_payload = {}
+
+    # When
+    result = authenticated_client.post(
+        reverse('ui.saves.create'),
+        data=effective_payload,
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+    assert 'X-HotPocket-Testing-Save-PK' not in result.headers
+    assert 'X-HotPocket-Testing-Association-PK' not in result.headers
+
+    mock_saves_process_save_task_apply_async.assert_not_called()
+
+    assert 'url' in result.context['form'].errors
+
+
+@pytest.mark.django_db
+def test_inactive_account(inactive_account_client: Client,
+                          payload,
+                          ):
+    # When
+    result = inactive_account_client.post(
+        reverse('ui.saves.create'),
+        data=payload,
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse(
+            'ui.accounts.login',
+            query=[
+                ('next', reverse('ui.saves.create')),
+            ],
+        ),
+        fetch_redirect_response=False,
+    )
+
+
+@pytest.mark.django_db
+def test_anonymous(client: Client,
+                   payload,
+                   ):
+    # When
+    result = client.post(
+        reverse('ui.saves.create'),
+        data=payload,
+    )
+
+    # Then
+    asserts.assertRedirects(
+        result,
+        reverse(
+            'ui.accounts.login',
+            query=[
+                ('next', reverse('ui.saves.create')),
+            ],
+        ),
+        fetch_redirect_response=False,
+    )
--- a/services/backend/tests/ui/views/saves/test_embed.py
+++ b/services/backend/tests/ui/views/saves/test_embed.py
@@ -0,0 +1,111 @@
+# -*- coding: utf-8 -*-
+# type: ignore
+from __future__ import annotations
+
+import http
+
+from django.test import Client
+from django.urls import reverse
+import pytest
+from pytest_django import asserts
+
+
+@pytest.fixture
+def payload(save_out):
+    return {
+        'pk': str(save_out.pk),
+    }
+
+
+@pytest.mark.django_db
+def test_ok(client: Client, payload, save_out):
+    # When
+    result = client.post(
+        reverse('ui.saves.embed'),
+        headers={
+            'HX-Request': 'true',
+        },
+        data=payload,
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+
+    asserts.assertTemplateUsed(result, 'ui/saves/partials/embed.html')
+    assert result.context['save'] == save_out
+
+
+@pytest.mark.django_db
+def test_bad_request_get(client: Client, payload):
+    # When
+    result = client.get(
+        reverse('ui.saves.embed'),
+        headers={
+            'HX-Request': 'true',
+        },
+        data=payload,
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.BAD_REQUEST
+
+
+@pytest.mark.django_db
+def test_bad_request_missing_pk(client: Client):
+    # When
+    result = client.post(
+        reverse('ui.saves.embed'),
+        headers={
+            'HX-Request': 'true',
+        },
+        data={},
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.BAD_REQUEST
+
+
+@pytest.mark.django_db
+def test_bad_request_not_htmx(client: Client, payload):
+    # When
+    result = client.post(
+        reverse('ui.saves.embed'),
+        data=payload,
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.BAD_REQUEST
+
+
+@pytest.mark.django_db
+def test_not_found(client: Client, null_uuid):
+    # When
+    result = client.post(
+        reverse('ui.saves.embed'),
+        headers={
+            'HX-Request': 'true',
+        },
+        data={
+            'pk': str(null_uuid),
+        },
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.NOT_FOUND
+
+
+@pytest.mark.django_db
+def test_deleted(client: Client, deleted_save_out):
+    # When
+    result = client.post(
+        reverse('ui.saves.embed'),
+        headers={
+            'HX-Request': 'true',
+        },
+        data={
+            'pk': str(deleted_save_out.pk),
+        },
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.NOT_FOUND