feat(5.7): raspuns API onest la blocaje + mapare inline din detaliu

Raportat din client VFP: POST /v1/prezentari raspundea submission_id+status
fara motiv pe randuri blocate (erori se popula doar pe on_unmapped_error=True),
deci un needs_data/needs_mapping parea succes.

API (aditiv): SubmissionResult += nemapate + motiv. create_prezentari
populeaza erori (validare continut, 3 niveluri) / nemapate (coduri fara
mapare, COD_NEMAPAT) / motiv (rezumat uman) pe TOATE caile non-queued —
enqueue, respins (on_unmapped_error=True) si reactivare dedup peste error,
prin helperele _rezultat_enqueue / _rezultat_respins / _motiv_clasificare.
on_unmapped_error=True pastreaza erori=COD_NEMAPAT (compat clienti vechi).

Web: mapare inline in panoul de detaliu trimitere — ruta
POST /trimitere/{id}/mapeaza (reuse save_mapping + reresolve_account, scoped
sesiune + CSRF, re-rezolva pe batch_id-ul randului), helper
_nemapate_pentru_submission + context in _detaliu_ctx, sectiune in
_trimitere_detaliu.html (selector cod RAR cu sugestie fuzzy preselectata).
Apare doar pe operatii nemapate reale (nu pe auto_send=0).

/code-review high: reparat raspuns neonest la reactivare + dublu
load_nomenclator in _detaliu_ctx.

Teste: pytest -q 765 passed. Backend trimitere (worker/masina stari/
idempotenta) si schema NEATINSE. PRD: docs/prd/prd-5.7-*.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

tests/test_web_mapare_inline.py

@@ -0,0 +1,208 @@
+"""Teste PRD 5.7 — mapare inline din panoul de detaliu trimitere.
+
+needs_mapping cu operatie nemapata -> panoul arata selectorul de cod RAR + sugestii;
+POST /trimitere/{id}/mapeaza salveaza maparea (save_mapping) si re-rezolva submission-ul
+(reresolve_account) pe loc. Scoped pe sesiune (404 cross-account), CSRF obligatoriu,
+respinge cod absent din nomenclator, respecta batch_id-ul randului.
+"""
+
+from __future__ import annotations
+
+import json
+import os
+import re
+import tempfile
+
+import pytest
+from starlette.testclient import TestClient
+
+
+def _create_account_user(email: str, name: str = "Service", password: str = "parolasecreta10"):
+    from app.accounts import create_account
+    from app.users import create_user
+    from app.db import get_connection
+
+    conn = get_connection()
+    try:
+        acct_id = create_account(conn, name, active=True)
+        create_user(conn, acct_id, email, password)
+        return acct_id
+    finally:
+        conn.close()
+
+
+def _login(client, email: str, password: str = "parolasecreta10") -> None:
+    resp = client.get("/login")
+    m = re.search(r'name="csrf_token"\s+value="([^"]+)"', resp.text)
+    assert m
+    resp = client.post("/login", data={"email": email, "parola": password, "csrf_token": m.group(1)})
+    assert resp.status_code == 303
+
+
+def _csrf(client) -> str:
+    resp = client.get("/?tab=acasa")
+    m = re.search(r'name="csrf_token"\s+value="([^"]+)"', resp.text)
+    assert m
+    return m.group(1)
+
+
+def _insert_needs_mapping(acct: int, *, op: str = "DIVERSE VERIFICARI 159004",
+                          denumire: str | None = None, batch_id: int | None = None,
+                          vin: str = "WVWZZZ1JZXW0NM001") -> int:
+    """Insereaza un submission needs_mapping cu o prestatie nemapata (cod_prestatie null)."""
+    from app.db import get_connection
+    payload = {
+        "vin": vin, "nr_inmatriculare": "B123ABC", "data_prestatie": "2026-06-10",
+        "odometru_final": "159004",
+        "prestatii": [{"cod_prestatie": None, "cod_op_service": op, "denumire": denumire or op}],
+    }
+    conn = get_connection()
+    try:
+        k = f"k-{os.urandom(6).hex()}"
+        cur = conn.execute(
+            "INSERT INTO submissions (idempotency_key, account_id, status, payload_json, rar_error, batch_id) "
+            "VALUES (?, ?, 'needs_mapping', ?, ?, ?)",
+            (k, acct, json.dumps(payload), json.dumps({"unmapped": [{"cod_op_service": op}]}), batch_id),
+        )
+        conn.commit()
+        return int(cur.lastrowid)
+    finally:
+        conn.close()
+
+
+def _row(sid: int):
+    from app.db import get_connection
+    conn = get_connection()
+    try:
+        return conn.execute("SELECT * FROM submissions WHERE id=?", (sid,)).fetchone()
+    finally:
+        conn.close()
+
+
+def _mapping_count(acct: int) -> int:
+    from app.db import get_connection
+    conn = get_connection()
+    try:
+        return conn.execute(
+            "SELECT COUNT(*) AS n FROM operations_mapping WHERE account_id=?", (acct,)
+        ).fetchone()["n"]
+    finally:
+        conn.close()
+
+
+@pytest.fixture()
+def client(monkeypatch):
+    tmp = tempfile.mkdtemp()
+    monkeypatch.setenv("AUTOPASS_DB_PATH", os.path.join(tmp, "inline.db"))
+    monkeypatch.setenv("AUTOPASS_WEB_AUTH_REQUIRED", "true")
+    from app.config import get_settings
+    get_settings.cache_clear()
+    from app.web import ratelimit
+    ratelimit._hits.clear()
+    from app.main import app
+    with TestClient(app, follow_redirects=False) as c:
+        yield c
+    ratelimit._hits.clear()
+    get_settings.cache_clear()
+
+
+def test_detaliu_needs_mapping_arata_operatii_nemapate(client):
+    """GET detaliu pe needs_mapping -> HTML cu selectorul de cod RAR + operatia + actiunea inline."""
+    acct = _create_account_user("nm@test.com")
+    sid = _insert_needs_mapping(acct, op="REPARATIE MOTOR X")
+    _login(client, "nm@test.com")
+    resp = client.get(f"/_fragments/trimitere/{sid}")
+    assert resp.status_code == 200
+    assert "Mapeaza codul operatiei" in resp.text
+    assert "REPARATIE MOTOR X" in resp.text
+    assert f"/trimitere/{sid}/mapeaza" in resp.text
+    # nomenclatorul seed e in selector
+    assert "OE-1" in resp.text
+
+
+def test_mapeaza_inline_deblocheaza_randul(client):
+    """POST mapeaza cu cod valid -> submission queued + mapare salvata."""
+    acct = _create_account_user("mi@test.com")
+    sid = _insert_needs_mapping(acct, op="VERIF SPECIALA 1")
+    _login(client, "mi@test.com")
+    csrf = _csrf(client)
+    resp = client.post(f"/trimitere/{sid}/mapeaza", data={
+        "cod_op_service": "VERIF SPECIALA 1", "cod_prestatie": "OE-1",
+        "auto_send": "true", "csrf_token": csrf,
+    })
+    assert resp.status_code == 200
+    assert resp.headers.get("HX-Trigger") == "trimiteriChanged"
+    r = _row(sid)
+    assert r["status"] == "queued"
+    # codul s-a umplut in payload
+    pres = json.loads(r["payload_json"])["prestatii"][0]
+    assert pres["cod_prestatie"] == "OE-1"
+    assert _mapping_count(acct) == 1
+
+
+def test_mapeaza_inline_cod_necunoscut_respins(client):
+    """Cod inexistent in nomenclator -> mesaj eroare, ramane needs_mapping, fara mapare."""
+    acct = _create_account_user("cn@test.com")
+    sid = _insert_needs_mapping(acct, op="VERIF SPECIALA 2")
+    _login(client, "cn@test.com")
+    csrf = _csrf(client)
+    resp = client.post(f"/trimitere/{sid}/mapeaza", data={
+        "cod_op_service": "VERIF SPECIALA 2", "cod_prestatie": "COD-INEXISTENT",
+        "csrf_token": csrf,
+    })
+    assert resp.status_code == 200
+    assert "necunoscut" in resp.text.lower()
+    assert _row(sid)["status"] == "needs_mapping"
+    assert _mapping_count(acct) == 0
+
+
+def test_mapeaza_inline_scoped_pe_sesiune(client):
+    """POST pe submission al altui cont -> 404, fara mapare salvata."""
+    acct_a = _create_account_user("a@test.com")
+    acct_b = _create_account_user("b@test.com")
+    sid = _insert_needs_mapping(acct_a, op="VERIF A")
+    _login(client, "b@test.com")
+    csrf = _csrf(client)
+    resp = client.post(f"/trimitere/{sid}/mapeaza", data={
+        "cod_op_service": "VERIF A", "cod_prestatie": "OE-1", "csrf_token": csrf,
+    })
+    assert resp.status_code == 404
+    assert _row(sid)["status"] == "needs_mapping"
+    assert _mapping_count(acct_b) == 0
+
+
+def test_mapeaza_inline_csrf_obligatoriu(client):
+    """Fara token CSRF valid -> 403, fara efect."""
+    acct = _create_account_user("cf@test.com")
+    sid = _insert_needs_mapping(acct, op="VERIF CSRF")
+    _login(client, "cf@test.com")
+    resp = client.post(f"/trimitere/{sid}/mapeaza", data={
+        "cod_op_service": "VERIF CSRF", "cod_prestatie": "OE-1", "csrf_token": "gresit",
+    })
+    assert resp.status_code == 403
+    assert _row(sid)["status"] == "needs_mapping"
+
+
+def test_mapeaza_inline_respecta_batch(client):
+    """Submission din import (batch_id setat) -> re-rezolvarea il atinge (queued)."""
+    acct = _create_account_user("ba@test.com")
+    from app.db import get_connection
+    conn = get_connection()
+    try:
+        cur = conn.execute(
+            "INSERT INTO import_batches (account_id, filename, status) VALUES (?, 'f.xlsx', 'committed')",
+            (acct,),
+        )
+        conn.commit()
+        batch_id = int(cur.lastrowid)
+    finally:
+        conn.close()
+    sid = _insert_needs_mapping(acct, op="VERIF BATCH", batch_id=batch_id)
+    _login(client, "ba@test.com")
+    csrf = _csrf(client)
+    resp = client.post(f"/trimitere/{sid}/mapeaza", data={
+        "cod_op_service": "VERIF BATCH", "cod_prestatie": "OE-2",
+        "auto_send": "true", "csrf_token": csrf,
+    })
+    assert resp.status_code == 200
+    assert _row(sid)["status"] == "queued"