feat(5.20): US-013 retragere accounts.rar_creds_enc -> per-env + DROP cu garda
Toate citirile pe coloana legacy accounts.rar_creds_enc mutate pe sloturile per-env (rar_creds_test_enc/rar_creds_prod_enc): worker fallback+keepalive, are_creds (web) si are_creds_rar (integrare, +are_creds_test/_prod), write-back API la reactivare, purjare la stergere cont, _get_acasa_context/_fetch_cont_env_state. Contract API (aditiv): POST /v1/conturi/rar-creds primeste rar_target optional (test/prod), scrie in slotul corect + activeaza mediul; DELETE primeste ?env (sterge un slot sau ambele). Documentat in docs/api-rar-contract.md. DROP cu garda in db.py (schema.sql fara coloana pe DB fresh): - 6a: eliminat ADD COLUMN rar_creds_enc (fara ping-pong re-ADD dupa DROP) - 6b: try/except fail-safe (nu crapa boot-ul) + garda sqlite_version >= 3.35 - 6c: re-backfill old->new imediat inainte de assert (ancora globala) - garda orfane: DROP anulat daca vreun creds legacy nu a aterizat in slot per-env - backup criptat accounts_rar_creds_enc_backup inainte de DROP - 6d: verificare prin PRAGMA table_info (NU grep — submissions are aceeasi coloana) Garda one-way, idempotenta la boot repetat (verificat). submissions.rar_creds_enc ramane neatinsa. tests/test_retragere_creds_enc.py: niciun read pe coloana veche, conturi rar-creds env-aware, are_creds per-env, DROP blocat de garda la lipsa copiere. 9 teste existente actualizate pe sloturi per-env. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -294,13 +294,13 @@ def _get_acasa_context(request: Request, conn, account_id: int) -> dict:
|
||||
acct = account_or_default(account_id)
|
||||
|
||||
# Pas 1: are credentiale RAR configurate? + metadate cont (pentru banner incomplet)
|
||||
# Verifica atat coloana legacy rar_creds_enc cat si sloturile per-env (US-008, PRD 5.20).
|
||||
# US-013: citim exclusiv sloturile per-env (legacy accounts.rar_creds_enc a fost dropat).
|
||||
row = conn.execute(
|
||||
"SELECT id, name, cui, email, rar_creds_enc, rar_creds_test_enc, rar_creds_prod_enc "
|
||||
"SELECT id, name, cui, email, rar_creds_test_enc, rar_creds_prod_enc "
|
||||
"FROM accounts WHERE id=?", (acct,)
|
||||
).fetchone()
|
||||
are_creds = bool(row and (
|
||||
row["rar_creds_enc"] or row["rar_creds_test_enc"] or row["rar_creds_prod_enc"]
|
||||
row["rar_creds_test_enc"] or row["rar_creds_prod_enc"]
|
||||
))
|
||||
# Banner cont incomplet (US-002): contul nu are companie + email + CUI complete
|
||||
cont_incomplet = not _acct_is_complete(row) if row else False
|
||||
@@ -438,9 +438,9 @@ def _render_integrare(request: Request, conn, account_id: int) -> str:
|
||||
|
||||
acct = account_or_default(account_id)
|
||||
row_creds = conn.execute(
|
||||
"SELECT rar_creds_enc FROM accounts WHERE id=?", (acct,)
|
||||
"SELECT rar_creds_test_enc, rar_creds_prod_enc FROM accounts WHERE id=?", (acct,)
|
||||
).fetchone()
|
||||
are_creds = bool(row_creds and row_creds["rar_creds_enc"])
|
||||
are_creds = bool(row_creds and (row_creds["rar_creds_test_enc"] or row_creds["rar_creds_prod_enc"]))
|
||||
|
||||
row_key = conn.execute(
|
||||
"SELECT 1 FROM api_keys WHERE account_id=? AND active=1 LIMIT 1", (acct,)
|
||||
@@ -4241,7 +4241,7 @@ def _fetch_cont_env_state(conn, acct: int) -> dict:
|
||||
"""
|
||||
row = conn.execute(
|
||||
"SELECT rar_test_enabled, rar_prod_enabled, "
|
||||
"rar_creds_test_enc, rar_creds_prod_enc, rar_env_default, rar_creds_enc "
|
||||
"rar_creds_test_enc, rar_creds_prod_enc, rar_env_default "
|
||||
"FROM accounts WHERE id=?", (acct,)
|
||||
).fetchone()
|
||||
if not row:
|
||||
@@ -4263,8 +4263,9 @@ def _fetch_cont_env_state(conn, acct: int) -> dict:
|
||||
medii.append("test")
|
||||
if prod_disponibil:
|
||||
medii.append("prod")
|
||||
# US-013: are_creds bazat EXCLUSIV pe sloturile per-env (legacy rar_creds_enc dropat).
|
||||
are_creds = bool(
|
||||
row["rar_creds_enc"] or row["rar_creds_test_enc"] or row["rar_creds_prod_enc"]
|
||||
row["rar_creds_test_enc"] or row["rar_creds_prod_enc"]
|
||||
)
|
||||
return {
|
||||
"are_creds": are_creds,
|
||||
@@ -4529,10 +4530,12 @@ def cont_rar_creds(
|
||||
)
|
||||
|
||||
enc = encrypt_creds({"email": email, "password": parola})
|
||||
# US-013: scrie in slotul per-env al ancorei globale (nu mai exista coloana legacy).
|
||||
_env_w = get_settings().rar_env if get_settings().rar_env in ("test", "prod") else "test"
|
||||
conn = get_connection()
|
||||
try:
|
||||
conn.execute(
|
||||
"UPDATE accounts SET rar_creds_enc=? WHERE id=?",
|
||||
f"UPDATE accounts SET rar_creds_{_env_w}_enc=?, rar_{_env_w}_enabled=1 WHERE id=?",
|
||||
(enc, acct),
|
||||
)
|
||||
account_meta = _fetch_account_meta(conn, acct)
|
||||
|
||||
Reference in New Issue
Block a user