feat(5.20): US-013 retragere accounts.rar_creds_enc -> per-env + DROP cu garda
Toate citirile pe coloana legacy accounts.rar_creds_enc mutate pe sloturile per-env (rar_creds_test_enc/rar_creds_prod_enc): worker fallback+keepalive, are_creds (web) si are_creds_rar (integrare, +are_creds_test/_prod), write-back API la reactivare, purjare la stergere cont, _get_acasa_context/_fetch_cont_env_state. Contract API (aditiv): POST /v1/conturi/rar-creds primeste rar_target optional (test/prod), scrie in slotul corect + activeaza mediul; DELETE primeste ?env (sterge un slot sau ambele). Documentat in docs/api-rar-contract.md. DROP cu garda in db.py (schema.sql fara coloana pe DB fresh): - 6a: eliminat ADD COLUMN rar_creds_enc (fara ping-pong re-ADD dupa DROP) - 6b: try/except fail-safe (nu crapa boot-ul) + garda sqlite_version >= 3.35 - 6c: re-backfill old->new imediat inainte de assert (ancora globala) - garda orfane: DROP anulat daca vreun creds legacy nu a aterizat in slot per-env - backup criptat accounts_rar_creds_enc_backup inainte de DROP - 6d: verificare prin PRAGMA table_info (NU grep — submissions are aceeasi coloana) Garda one-way, idempotenta la boot repetat (verificat). submissions.rar_creds_enc ramane neatinsa. tests/test_retragere_creds_enc.py: niciun read pe coloana veche, conturi rar-creds env-aware, are_creds per-env, DROP blocat de garda la lipsa copiere. 9 teste existente actualizate pe sloturi per-env. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -5,9 +5,9 @@ Acopera (plan T15, sect.12):
|
||||
-> worker process_one (MockRar) -> submission FINALIZATA cu id_prezentare.
|
||||
- Scenariul 2: re-upload acelasi continut -> preview marcheaza already_sent
|
||||
(NU al doilea FINALIZATA dupa commit).
|
||||
- Scenariul 3: coada MIXTA API(creds efemere)+web(creds durabile accounts.rar_creds_enc):
|
||||
- Scenariul 3: coada MIXTA API(creds efemere)+web(creds durabile per-env, US-013):
|
||||
dupa login + purjare creds efemere, submission-urile web tot se trimit
|
||||
prin fallback accounts.rar_creds_enc (T1/Voce#5).
|
||||
prin fallback accounts.rar_creds_{env}_enc (T1/Voce#5).
|
||||
- Masina de stari (sect. 6): tranzitii queued->sending->sent/requeued/error.
|
||||
- Failure registry (sect. 8): 400/403/503+reconciliere.
|
||||
- T16: purge_expired + purge_after setat la commit.
|
||||
@@ -454,7 +454,7 @@ class TestE2EMixedQueue:
|
||||
"""Scenariul 3 (T1/Voce#5): API (creds efemere) + web (canal import, fara creds pe submission).
|
||||
|
||||
Dupa purjarea creds efemere ale canalului API (la primul login), submission-urile
|
||||
import (web) tot se trimit prin fallback accounts.rar_creds_enc.
|
||||
import (web) tot se trimit prin fallback accounts.rar_creds_{env}_enc (US-013, per-env).
|
||||
Verificam ca ambele submission-uri ajung la status='sent'.
|
||||
"""
|
||||
import app.worker.__main__ as w
|
||||
@@ -486,11 +486,15 @@ class TestE2EMixedQueue:
|
||||
assert r_api.status_code == 200, r_api.text
|
||||
sub_api_id = r_api.json()["results"][0]["submission_id"]
|
||||
|
||||
# 3. Seteaza creds durabile in accounts (canal web fallback)
|
||||
# 3. Seteaza creds durabile in accounts per-env (US-013, canal web fallback)
|
||||
conn = get_connection()
|
||||
try:
|
||||
web_creds_enc = encrypt_creds({"email": "web@test.ro", "password": "pass_web"})
|
||||
conn.execute("UPDATE accounts SET rar_creds_enc=? WHERE id=1", (web_creds_enc,))
|
||||
# US-013: scrie in slotul per-env test (rar_env default = 'test')
|
||||
conn.execute(
|
||||
"UPDATE accounts SET rar_creds_test_enc=?, rar_test_enabled=1 WHERE id=1",
|
||||
(web_creds_enc,),
|
||||
)
|
||||
conn.commit()
|
||||
|
||||
# Verifica precondita: sub_web (import) NU are creds pe submission
|
||||
@@ -518,7 +522,7 @@ class TestE2EMixedQueue:
|
||||
try:
|
||||
processed = 0
|
||||
|
||||
# Drena coada simuland bucla worker completa (T1/D4: creds efemere + fallback durabil)
|
||||
# Drena coada simuland bucla worker completa (T1/D4: creds efemere + fallback per-env)
|
||||
for _ in range(10): # limita de siguranta
|
||||
claimed = w.claim_one(conn)
|
||||
if claimed is None:
|
||||
@@ -526,9 +530,10 @@ class TestE2EMixedQueue:
|
||||
|
||||
sid = claimed["id"]
|
||||
account_id = claimed["account_id"]
|
||||
rar_env = claimed.get("rar_env", "test")
|
||||
|
||||
# T1/D4: creds din submission (API efemer) OR fallback accounts.rar_creds_enc (web)
|
||||
creds = w._creds_for(claimed, settings) or w._creds_from_account(conn, account_id)
|
||||
# T1/D4: creds din submission (API efemer) OR fallback per-env (US-013)
|
||||
creds = w._creds_for(claimed, settings) or w._creds_from_account(conn, account_id, rar_env=rar_env)
|
||||
assert creds is not None, \
|
||||
f"Creds None pentru submission {sid} — fallback durabil trebuie sa existe"
|
||||
|
||||
@@ -561,9 +566,9 @@ class TestE2EMixedQueue:
|
||||
assert mock_rar.post_calls == 2
|
||||
|
||||
def test_purjare_creds_efemere_nu_sterge_durabile(self, env, monkeypatch):
|
||||
"""T1/Gate purjare (OV-5): dupa login, submissions.rar_creds_enc sterse DAR accounts.rar_creds_enc INTACT.
|
||||
"""T1/Gate purjare (OV-5): dupa login, submissions.rar_creds_enc sterse DAR per-env INTACT.
|
||||
|
||||
Worker sterge DOAR submissions.rar_creds_enc (efemere), NU accounts.rar_creds_enc (durabile).
|
||||
Worker sterge DOAR submissions.rar_creds_enc (efemere), NU accounts.rar_creds_{env}_enc (durabile, US-013).
|
||||
"""
|
||||
import app.worker.__main__ as w
|
||||
from app.crypto import encrypt_creds
|
||||
@@ -585,11 +590,14 @@ class TestE2EMixedQueue:
|
||||
assert r_api.status_code == 200
|
||||
sub_id = r_api.json()["results"][0]["submission_id"]
|
||||
|
||||
# Seteaza creds durabile pe cont
|
||||
# Seteaza creds durabile pe cont (slotul per-env, US-013)
|
||||
conn = get_connection()
|
||||
try:
|
||||
web_creds_enc = encrypt_creds({"email": "web@test.ro", "password": "pass_web"})
|
||||
conn.execute("UPDATE accounts SET rar_creds_enc=? WHERE id=1", (web_creds_enc,))
|
||||
conn.execute(
|
||||
"UPDATE accounts SET rar_creds_test_enc=?, rar_test_enabled=1 WHERE id=1",
|
||||
(web_creds_enc,),
|
||||
)
|
||||
conn.commit()
|
||||
finally:
|
||||
conn.close()
|
||||
@@ -602,8 +610,9 @@ class TestE2EMixedQueue:
|
||||
try:
|
||||
claimed = w.claim_one(conn)
|
||||
assert claimed is not None
|
||||
rar_env = claimed.get("rar_env", "test")
|
||||
|
||||
creds = w._creds_for(claimed, settings) or w._creds_from_account(conn, claimed["account_id"])
|
||||
creds = w._creds_for(claimed, settings) or w._creds_from_account(conn, claimed["account_id"], rar_env=rar_env)
|
||||
sessions.get_token(conn, claimed["account_id"], creds)
|
||||
|
||||
# Dupa login: submissions.rar_creds_enc sterse (creds efemere purjate)
|
||||
@@ -613,12 +622,12 @@ class TestE2EMixedQueue:
|
||||
assert row["rar_creds_enc"] is None, \
|
||||
"submissions.rar_creds_enc trebuie sterse dupa login (efemere)"
|
||||
|
||||
# accounts.rar_creds_enc TREBUIE sa ramana (durabile, nu se sterg)
|
||||
# accounts.rar_creds_test_enc TREBUIE sa ramana (durabile per-env, nu se sterg)
|
||||
acc_row = conn.execute(
|
||||
"SELECT rar_creds_enc FROM accounts WHERE id=1"
|
||||
"SELECT rar_creds_test_enc FROM accounts WHERE id=1"
|
||||
).fetchone()
|
||||
assert acc_row["rar_creds_enc"] is not None, \
|
||||
"accounts.rar_creds_enc trebuie sa RAMANA intact dupa purjarea creds efemere"
|
||||
assert acc_row["rar_creds_test_enc"] is not None, \
|
||||
"accounts.rar_creds_test_enc trebuie sa RAMANA intact dupa purjarea creds efemere"
|
||||
finally:
|
||||
conn.close()
|
||||
sessions.close_all()
|
||||
|
||||
Reference in New Issue
Block a user