feat(config): web_auth_required ON implicit (login obligatoriu pe rutele web)

Inverseaza default-ul C12: rutele web cer sesiune + CSRF implicit (sigur pentru
prod). Dev rapid pe contul 1 = opt-out explicit AUTOPASS_WEB_AUTH_REQUIRED=false.
Testele de comportament import/dashboard marcate explicit dev-mode; test nou
blocheaza default-ul. 394 teste pass.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Claude Agent
2026-06-18 18:27:09 +00:00
parent b92055eb01
commit 958b182e8e
5 changed files with 25 additions and 3 deletions

View File

@@ -46,6 +46,9 @@ def _csrf_from(html: str) -> str:
def env(monkeypatch):
tmp = tempfile.mkdtemp()
monkeypatch.setenv("AUTOPASS_DB_PATH", os.path.join(tmp, "scope.db"))
# Scoping testat prin monkeypatch require_login pe acct_a/acct_b; rulam in mod
# dev (CSRF skip fara sesiune) — auth web e default ON in prod, testat in test_web_*.
monkeypatch.setenv("AUTOPASS_WEB_AUTH_REQUIRED", "false")
from app.config import get_settings
get_settings.cache_clear()
from app.main import app