feat(5.20): US-008 configurare medii RAR per cont (Testare/Productie)
Ruta noua POST /cont/rar-medii: doua sectiuni independente Testare/Productie,
fiecare cu bifa activare + email/parola. La salvare, mediu activat cu creds noi
e validat prin login pe env-ul respectiv (US-007); OK -> criptare Fernet in
rar_creds_{env}_enc + enabled=1; esec -> eroare per-env, creds nesalvate.
Prima activare Productie cere checkbox de confirmare (constientizare L.142).
Mediul implicit (rar_env_default) setabil DOAR pe un mediu disponibil, validat
server-side post-update. Parolele niciodata reflectate in pagina.
_fetch_cont_env_state deriva starea per-env pentru _cont.html; refactor al
handlerelor de cont sa foloseasca env_ctx in loc de are_creds legacy.
tests/test_cont_medii.py: 4 teste (salvare+creds criptate per env, default doar
dintre disponibile, confirmare prod obligatorie, fara echo parola).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
313
tests/test_cont_medii.py
Normal file
313
tests/test_cont_medii.py
Normal file
@@ -0,0 +1,313 @@
|
||||
"""Teste US-008 (PRD 5.20): configurare medii RAR per cont — Testare + Productie.
|
||||
|
||||
Ruta testata: POST /cont/rar-medii
|
||||
|
||||
Teste:
|
||||
test_activeaza_si_salveaza_creds_per_env -- creds salvate criptat, mediu marcat disponibil
|
||||
test_default_doar_dintre_disponibile -- mediu implicit validat contra disponibilelor
|
||||
test_activare_prod_cere_confirmare -- prima activare prod cere checkbox L.142
|
||||
test_creds_criptate_fara_echo -- parola niciodata in clar in DB sau HTML
|
||||
"""
|
||||
|
||||
from __future__ import annotations
|
||||
|
||||
import os
|
||||
import re
|
||||
import tempfile
|
||||
|
||||
import pytest
|
||||
from cryptography.fernet import Fernet
|
||||
from starlette.testclient import TestClient
|
||||
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# Fixture
|
||||
# ---------------------------------------------------------------------------
|
||||
|
||||
|
||||
@pytest.fixture()
|
||||
def client(monkeypatch):
|
||||
"""Client izolat cu DB temporara + cheie Fernet pentru criptare creds."""
|
||||
tmp = tempfile.mkdtemp()
|
||||
monkeypatch.setenv("AUTOPASS_DB_PATH", os.path.join(tmp, "t_medii.db"))
|
||||
monkeypatch.setenv("AUTOPASS_CREDS_KEY", Fernet.generate_key().decode())
|
||||
from app.config import get_settings
|
||||
from app import crypto
|
||||
|
||||
get_settings.cache_clear()
|
||||
crypto.reset_cache()
|
||||
from app.main import app
|
||||
|
||||
with TestClient(app, follow_redirects=False) as c:
|
||||
yield c
|
||||
|
||||
get_settings.cache_clear()
|
||||
crypto.reset_cache()
|
||||
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# Helpere
|
||||
# ---------------------------------------------------------------------------
|
||||
|
||||
|
||||
def _create_account_user(
|
||||
name: str = "Service Test SRL",
|
||||
email: str = "user@test.com",
|
||||
password: str = "parolasecreta10",
|
||||
):
|
||||
"""Creeaza cont + user. Returneaza (acct_id, user_id)."""
|
||||
from app.accounts import create_account
|
||||
from app.users import create_user
|
||||
from app.db import get_connection
|
||||
|
||||
conn = get_connection()
|
||||
try:
|
||||
acct_id = create_account(conn, name, active=True)
|
||||
user_id = create_user(conn, acct_id, email, password)
|
||||
return acct_id, user_id
|
||||
finally:
|
||||
conn.close()
|
||||
|
||||
|
||||
def _login(client, email: str, password: str) -> None:
|
||||
"""Face login real prin HTTP si seteaza cookie-ul de sesiune pe client."""
|
||||
resp = client.get("/login")
|
||||
assert resp.status_code == 200
|
||||
m = re.search(r'name="csrf_token"\s+value="([^"]+)"', resp.text)
|
||||
if not m:
|
||||
m = re.search(r'value="([^"]+)"\s+name="csrf_token"', resp.text)
|
||||
assert m, "csrf_token negasit pe /login"
|
||||
csrf = m.group(1)
|
||||
|
||||
resp = client.post("/login", data={
|
||||
"email": email,
|
||||
"parola": password,
|
||||
"csrf_token": csrf,
|
||||
})
|
||||
assert resp.status_code == 303, f"Login esuat: {resp.status_code} {resp.text[:200]}"
|
||||
|
||||
|
||||
def _get_csrf(client) -> str:
|
||||
"""Obtine CSRF token din fragmentul /_fragments/cont."""
|
||||
resp = client.get("/_fragments/cont")
|
||||
assert resp.status_code == 200, f"/_fragments/cont a returnat {resp.status_code}"
|
||||
m = re.search(r'name="csrf_token"\s+value="([^"]+)"', resp.text)
|
||||
if not m:
|
||||
m = re.search(r'value="([^"]+)"\s+name="csrf_token"', resp.text)
|
||||
assert m, f"csrf_token negasit in /_fragments/cont: {resp.text[:400]}"
|
||||
return m.group(1)
|
||||
|
||||
|
||||
def _mock_login_ok(monkeypatch) -> None:
|
||||
"""Monkeypatch _valideaza_login_rar sa returneze (True, None) fara RAR live."""
|
||||
import app.web.routes as routes_mod
|
||||
monkeypatch.setattr(routes_mod, "_valideaza_login_rar", lambda *a, **kw: (True, None))
|
||||
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# Teste
|
||||
# ---------------------------------------------------------------------------
|
||||
|
||||
|
||||
def test_activeaza_si_salveaza_creds_per_env(client, monkeypatch):
|
||||
"""Activez Testare cu creds valide (mock) -> DB: rar_test_enabled=1, rar_creds_test_enc non-null.
|
||||
medii_disponibile si test_disponibil reflecta starea noua.
|
||||
"""
|
||||
_mock_login_ok(monkeypatch)
|
||||
acct_id, _ = _create_account_user("Firma T1", "t1@test.com")
|
||||
_login(client, "t1@test.com", "parolasecreta10")
|
||||
|
||||
csrf = _get_csrf(client)
|
||||
resp = client.post("/cont/rar-medii", data={
|
||||
"csrf_token": csrf,
|
||||
"test_enabled": "1",
|
||||
"test_email": "rar_test@firma.ro",
|
||||
"test_parola": "parolaRARtest",
|
||||
# prod_enabled absent -> rar_prod_enabled setat la 0
|
||||
})
|
||||
assert resp.status_code == 200
|
||||
|
||||
from app.db import get_connection
|
||||
conn = get_connection()
|
||||
try:
|
||||
row = conn.execute(
|
||||
"SELECT rar_test_enabled, rar_creds_test_enc, rar_prod_enabled FROM accounts WHERE id=?",
|
||||
(acct_id,),
|
||||
).fetchone()
|
||||
finally:
|
||||
conn.close()
|
||||
|
||||
assert row["rar_test_enabled"] == 1, "rar_test_enabled trebuia setat la 1"
|
||||
assert row["rar_creds_test_enc"] is not None, "rar_creds_test_enc trebuia salvat"
|
||||
# Indicator test_disponibil sau mesaj succes in HTML
|
||||
assert "configurat" in resp.text or "salvate si validate" in resp.text, \
|
||||
f"Indicator 'configurat' sau mesaj succes lipsa: {resp.text[:600]}"
|
||||
|
||||
|
||||
def test_default_doar_dintre_disponibile(client, monkeypatch):
|
||||
"""Incerc sa setez rar_env_default pe un mediu indisponibil -> valoarea veche ramane + eroare.
|
||||
Setarea pe mediu disponibil reuseste.
|
||||
"""
|
||||
_mock_login_ok(monkeypatch)
|
||||
acct_id, _ = _create_account_user("Firma T2", "t2@test.com")
|
||||
_login(client, "t2@test.com", "parolasecreta10")
|
||||
|
||||
# Pasul 1: activeaza Testare cu creds + seteaza default=test (test va fi singurul disponibil)
|
||||
csrf = _get_csrf(client)
|
||||
resp1 = client.post("/cont/rar-medii", data={
|
||||
"csrf_token": csrf,
|
||||
"test_enabled": "1",
|
||||
"test_email": "rar_test@firma.ro",
|
||||
"test_parola": "parolaRAR123",
|
||||
"rar_env_default": "test",
|
||||
# prod_enabled absent -> rar_prod_enabled=0 (prod indisponibil)
|
||||
})
|
||||
assert resp1.status_code == 200
|
||||
assert "actualizat" in resp1.text.lower(), \
|
||||
f"Mesaj 'actualizat' asteptat pentru setarea default=test: {resp1.text[:500]}"
|
||||
|
||||
from app.db import get_connection
|
||||
conn = get_connection()
|
||||
try:
|
||||
row1 = conn.execute(
|
||||
"SELECT rar_env_default FROM accounts WHERE id=?", (acct_id,)
|
||||
).fetchone()
|
||||
finally:
|
||||
conn.close()
|
||||
assert row1["rar_env_default"] == "test", "rar_env_default trebuia setat la 'test'"
|
||||
|
||||
# Pasul 2: incerc sa setez default=prod (prod indisponibil: enabled=0, fara creds)
|
||||
csrf = _get_csrf(client)
|
||||
resp2 = client.post("/cont/rar-medii", data={
|
||||
"csrf_token": csrf,
|
||||
"test_enabled": "1", # re-trimit enabled fara creds noi (creds existente raman)
|
||||
"rar_env_default": "prod",
|
||||
})
|
||||
assert resp2.status_code == 200
|
||||
assert "disponibil" in resp2.text.lower(), \
|
||||
f"Eroare 'nu e disponibil' asteptata in raspuns: {resp2.text[:500]}"
|
||||
|
||||
conn = get_connection()
|
||||
try:
|
||||
row2 = conn.execute(
|
||||
"SELECT rar_env_default FROM accounts WHERE id=?", (acct_id,)
|
||||
).fetchone()
|
||||
finally:
|
||||
conn.close()
|
||||
assert row2["rar_env_default"] == "test", \
|
||||
"rar_env_default NU trebuia schimbat la 'prod' (mediu indisponibil)"
|
||||
|
||||
|
||||
def test_activare_prod_cere_confirmare(client, monkeypatch):
|
||||
"""Prima activare Productie (de la dezactivat) fara prod_confirmare -> NU se activeaza.
|
||||
Cu prod_confirmare=1 -> rar_prod_enabled devine 1.
|
||||
"""
|
||||
_mock_login_ok(monkeypatch)
|
||||
acct_id, _ = _create_account_user("Firma T3", "t3@test.com")
|
||||
_login(client, "t3@test.com", "parolasecreta10")
|
||||
|
||||
# Pasul 0: dezactiveaza prod (schema default=1, trebuie adus la 0 pt a testa confirmarea)
|
||||
csrf = _get_csrf(client)
|
||||
client.post("/cont/rar-medii", data={
|
||||
"csrf_token": csrf,
|
||||
# prod_enabled absent -> rar_prod_enabled setat la 0
|
||||
# test_enabled absent -> rar_test_enabled setat la 0
|
||||
})
|
||||
|
||||
from app.db import get_connection
|
||||
conn = get_connection()
|
||||
try:
|
||||
row0 = conn.execute(
|
||||
"SELECT rar_prod_enabled FROM accounts WHERE id=?", (acct_id,)
|
||||
).fetchone()
|
||||
finally:
|
||||
conn.close()
|
||||
assert row0["rar_prod_enabled"] == 0, "Prod trebuia dezactivat in pasul 0"
|
||||
|
||||
# Pasul 1: incerc sa activez prod FARA confirmare -> refuzat
|
||||
csrf = _get_csrf(client)
|
||||
resp1 = client.post("/cont/rar-medii", data={
|
||||
"csrf_token": csrf,
|
||||
"prod_enabled": "1",
|
||||
"prod_email": "rar_prod@firma.ro",
|
||||
"prod_parola": "parolaRARprod",
|
||||
# prod_confirmare absent
|
||||
})
|
||||
assert resp1.status_code == 200
|
||||
text1 = resp1.text.lower()
|
||||
assert "confirmare" in text1 or "l.142" in text1 or "inteleg" in text1, \
|
||||
f"Mesaj de confirmare asteptat in raspuns: {resp1.text[:600]}"
|
||||
|
||||
conn = get_connection()
|
||||
try:
|
||||
row1 = conn.execute(
|
||||
"SELECT rar_prod_enabled FROM accounts WHERE id=?", (acct_id,)
|
||||
).fetchone()
|
||||
finally:
|
||||
conn.close()
|
||||
assert row1["rar_prod_enabled"] == 0, "rar_prod_enabled NU trebuia activat fara confirmare"
|
||||
|
||||
# Pasul 2: activeaza cu confirmare -> reuseste
|
||||
csrf = _get_csrf(client)
|
||||
resp2 = client.post("/cont/rar-medii", data={
|
||||
"csrf_token": csrf,
|
||||
"prod_enabled": "1",
|
||||
"prod_email": "rar_prod@firma.ro",
|
||||
"prod_parola": "parolaRARprod",
|
||||
"prod_confirmare": "1",
|
||||
})
|
||||
assert resp2.status_code == 200
|
||||
|
||||
conn = get_connection()
|
||||
try:
|
||||
row2 = conn.execute(
|
||||
"SELECT rar_prod_enabled FROM accounts WHERE id=?", (acct_id,)
|
||||
).fetchone()
|
||||
finally:
|
||||
conn.close()
|
||||
assert row2["rar_prod_enabled"] == 1, "rar_prod_enabled trebuia activat cu confirmare"
|
||||
|
||||
|
||||
def test_creds_criptate_fara_echo(client, monkeypatch):
|
||||
"""Dupa salvare, rar_creds_test_enc e criptat (nu parola in clar) si
|
||||
parola NU apare in HTML-ul raspuns.
|
||||
"""
|
||||
_mock_login_ok(monkeypatch)
|
||||
acct_id, _ = _create_account_user("Firma T4", "t4@test.com")
|
||||
_login(client, "t4@test.com", "parolasecreta10")
|
||||
|
||||
parola_test = "SECRETPAROLATEST999"
|
||||
csrf = _get_csrf(client)
|
||||
resp = client.post("/cont/rar-medii", data={
|
||||
"csrf_token": csrf,
|
||||
"test_enabled": "1",
|
||||
"test_email": "rar_test@firma.ro",
|
||||
"test_parola": parola_test,
|
||||
})
|
||||
assert resp.status_code == 200
|
||||
|
||||
# Parola NU trebuie sa apara in HTML-ul raspuns
|
||||
assert parola_test not in resp.text, \
|
||||
f"Parola apare in raspunsul HTML (echo interzis): {resp.text[:500]}"
|
||||
|
||||
# In DB: rar_creds_test_enc e criptat (nu contine parola in clar)
|
||||
from app.db import get_connection
|
||||
from app.crypto import decrypt_creds
|
||||
|
||||
conn = get_connection()
|
||||
try:
|
||||
row = conn.execute(
|
||||
"SELECT rar_creds_test_enc FROM accounts WHERE id=?", (acct_id,)
|
||||
).fetchone()
|
||||
finally:
|
||||
conn.close()
|
||||
|
||||
enc = row["rar_creds_test_enc"]
|
||||
assert enc is not None, "rar_creds_test_enc trebuia salvat"
|
||||
assert parola_test not in enc, "Parola in clar gasita in rar_creds_test_enc (neacceptat)"
|
||||
|
||||
# Decriptarea trebuie sa recupereze parola originala
|
||||
creds = decrypt_creds(enc)
|
||||
assert creds is not None, "Decriptarea a returnat None"
|
||||
assert creds.get("password") == parola_test, \
|
||||
f"Parola decriptata nu corespunde: {creds!r}"
|
||||
Reference in New Issue
Block a user