feat(web): self-service cheie/creds + admin web + email signup (PRD 3.3b)

US-007: rute web proprii /cont/roteste-cheie + /cont/rar-creds scoped pe sesiune (C13), sectiune "Contul meu" cu cheie afisata o data. US-010: rol admin (users.is_admin) + require_admin->403 + CLI set-admin + bootstrap primul cont=admin (count_admins in BEGIN IMMEDIATE, anti-race). US-011: panou /admin (activare/dezactivare conturi, CSRF + PRG), link admin + logout pe dashboard. US-012: app/email.py notify_signup best-effort degradat fara SMTP + config smtp_*. Fix: migrare defensiva users.is_admin/email_verified in _migrate. VERIFY x2 context curat (PASS) + /code-review high. 393 teste pass. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-18 17:19:06 +00:00
parent 504b490d3b
commit b92055eb01
21 changed files with 1766 additions and 10 deletions
--- a/tests/test_dashboard_admin_link.py
+++ b/tests/test_dashboard_admin_link.py
@@ -0,0 +1,55 @@
+"""Test US-011 (discoverability): linkul 'Panou admin' apare pe dashboard doar pentru admini.
+
+Completeaza intentia US-011 — adminul trebuie sa poata descoperi /admin din UI, nu doar
+prin URL direct.
+"""
+
+from __future__ import annotations
+
+import os
+import tempfile
+
+import pytest
+from fastapi.testclient import TestClient
+
+
+@pytest.fixture()
+def env(monkeypatch):
+    tmp = tempfile.mkdtemp()
+    monkeypatch.setenv("AUTOPASS_DB_PATH", os.path.join(tmp, "t.db"))
+    from app.config import get_settings
+    get_settings.cache_clear()
+    from app.main import app
+    with TestClient(app, follow_redirects=False) as c:
+        from app.db import get_connection
+        conn = get_connection()
+        yield c, conn
+        conn.close()
+    get_settings.cache_clear()
+
+
+def _account_with_user(conn, name, *, is_admin):
+    from app.accounts import create_account
+    from app.users import create_user
+    acct = create_account(conn, name)
+    email = f"{name.replace(' ', '').lower()}@test.ro"
+    create_user(conn, acct, email, "parolaSuperSecreta", is_admin=is_admin)
+    return acct
+
+
+def test_admin_vede_link_panou_admin(env, monkeypatch):
+    client, conn = env
+    acct = _account_with_user(conn, "Admin Co", is_admin=True)
+    monkeypatch.setattr("app.web.routes.require_login", lambda r: acct)
+    r = client.get("/")
+    assert r.status_code == 200
+    assert 'href="/admin"' in r.text
+
+
+def test_non_admin_nu_vede_link(env, monkeypatch):
+    client, conn = env
+    acct = _account_with_user(conn, "Service Normal", is_admin=False)
+    monkeypatch.setattr("app.web.routes.require_login", lambda r: acct)
+    r = client.get("/")
+    assert r.status_code == 200
+    assert 'href="/admin"' not in r.text