feat(5.6): observabilitate + jurnal aplicatie + lifecycle trimiteri blocate
Implementeaza PRD 5.6 complet (14 stories, TDD). Doua axe:
Lifecycle trimiteri blocate (Val A):
- submissions_admin.py: sterge/repune scoped (404 cross-account inaintea lui 409 stare)
- reactivare dedup peste `error` cu CAS (WHERE id=? AND status='error'), creds noi in
submissions + accounts.rar_creds_enc; worker invalideaza sesiunea RAR la creds proaspete
(JWT 30h vechi nu mai trimite cu parola gresita); camp aditiv `reactivated:true`
- retentie randuri blocate 30z; purge_expired exclude queued/sending; purge_after curatat
la reactivare/requeue
- API DELETE /v1/prezentari/{id} + /repune (200+JSON); UI butoane + bulk + banner actionabil
Observabilitate:
- app/observ.py log_event: dublu canal app_events (DB) + RotatingFileHandler per-proces,
redactare creds/PII la scriere (redact_pii/vin_partial)
- request_id middleware + X-Request-ID pe toate raspunsurile
- handler global excepții -> 500 envelope 6-chei + request_id (traceback doar in jurnal)
- audit cerere API (api_prezentari/api_auth_esuat) + audit worker (rar_login/tranzitii)
- tab "Jurnal" filtrabil scoped (non-admin doar contul sau); retentie jurnal 90z
- rar_error expus in GET /v1/prezentari/{id} (recovery observabil)
pytest -q: 741 passed, 0 failed. Docs: PRD raport VERIFY, contract endpointuri noi, ROADMAP.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
121
tests/test_api_lifecycle.py
Normal file
121
tests/test_api_lifecycle.py
Normal file
@@ -0,0 +1,121 @@
|
||||
"""Teste US-010 (PRD 5.6): API DELETE + re-pune in coada, scoped + oracol scope/stare."""
|
||||
|
||||
from __future__ import annotations
|
||||
|
||||
import os
|
||||
import tempfile
|
||||
|
||||
import pytest
|
||||
from fastapi.testclient import TestClient
|
||||
|
||||
|
||||
@pytest.fixture()
|
||||
def client(monkeypatch):
|
||||
tmp = tempfile.mkdtemp()
|
||||
monkeypatch.setenv("AUTOPASS_DB_PATH", os.path.join(tmp, "life.db"))
|
||||
monkeypatch.setenv("AUTOPASS_LOG_DIR", os.path.join(tmp, "logs"))
|
||||
monkeypatch.setenv("AUTOPASS_REQUIRE_API_KEY", "true")
|
||||
from app.config import get_settings
|
||||
get_settings.cache_clear()
|
||||
from app.main import app
|
||||
with TestClient(app) as c:
|
||||
yield c
|
||||
get_settings.cache_clear()
|
||||
|
||||
|
||||
def _account_with_key(name="Cont"):
|
||||
from app.accounts import create_account
|
||||
from app.auth import create_api_key
|
||||
from app.db import get_connection
|
||||
conn = get_connection()
|
||||
try:
|
||||
aid = create_account(conn, name, active=True)
|
||||
key = create_api_key(conn, aid)
|
||||
conn.commit()
|
||||
return aid, key
|
||||
finally:
|
||||
conn.close()
|
||||
|
||||
|
||||
def _body(**over):
|
||||
prez = {"vin": "WVWZZZ1KZAW000123", "nr_inmatriculare": "B999TST",
|
||||
"data_prestatie": "2026-06-15", "odometru_final": "123456",
|
||||
"prestatii": [{"cod_prestatie": "OE-1"}]}
|
||||
prez.update(over)
|
||||
return {"rar_credentials": {"email": "x@y.ro", "password": "s"}, "prezentari": [prez]}
|
||||
|
||||
|
||||
def _enqueue(client, key, **over):
|
||||
r = client.post("/v1/prezentari", json=_body(**over), headers={"X-API-Key": key})
|
||||
assert r.status_code == 200, r.text
|
||||
return r.json()["results"][0]["submission_id"]
|
||||
|
||||
|
||||
def _force_status(sid, status):
|
||||
from app.db import get_connection
|
||||
conn = get_connection()
|
||||
try:
|
||||
conn.execute("UPDATE submissions SET status=? WHERE id=?", (status, sid))
|
||||
conn.commit()
|
||||
finally:
|
||||
conn.close()
|
||||
|
||||
|
||||
def test_delete_scoped_pe_cheie(client):
|
||||
_aid, key = _account_with_key()
|
||||
sid = _enqueue(client, key)
|
||||
_force_status(sid, "error")
|
||||
r = client.request("DELETE", f"/v1/prezentari/{sid}", headers={"X-API-Key": key})
|
||||
assert r.status_code == 200
|
||||
body = r.json()
|
||||
assert body["ok"] is True
|
||||
assert body["submission_id"] == sid
|
||||
assert body["status_anterior"] == "error"
|
||||
|
||||
|
||||
def test_delete_sent_409(client):
|
||||
_aid, key = _account_with_key()
|
||||
sid = _enqueue(client, key)
|
||||
_force_status(sid, "sent")
|
||||
r = client.request("DELETE", f"/v1/prezentari/{sid}", headers={"X-API-Key": key})
|
||||
assert r.status_code == 409
|
||||
|
||||
|
||||
def test_delete_inexistent_404(client):
|
||||
_aid, key = _account_with_key()
|
||||
r = client.request("DELETE", "/v1/prezentari/99999", headers={"X-API-Key": key})
|
||||
assert r.status_code == 404
|
||||
|
||||
|
||||
def test_delete_cross_account_sent_404(client):
|
||||
"""Scope INAINTEA starii: randul `sent` al ALTUI cont -> 404 (nu 409, nu confirmam existenta)."""
|
||||
aid_a, key_a = _account_with_key("A")
|
||||
aid_b, key_b = _account_with_key("B")
|
||||
sid = _enqueue(client, key_b)
|
||||
_force_status(sid, "sent")
|
||||
# contul A incearca sa stearga randul lui B (sent) -> 404, NU 409
|
||||
r = client.request("DELETE", f"/v1/prezentari/{sid}", headers={"X-API-Key": key_a})
|
||||
assert r.status_code == 404
|
||||
|
||||
|
||||
def test_repune_error_queued(client):
|
||||
_aid, key = _account_with_key()
|
||||
sid = _enqueue(client, key)
|
||||
_force_status(sid, "error")
|
||||
r = client.post(f"/v1/prezentari/{sid}/repune", headers={"X-API-Key": key})
|
||||
assert r.status_code == 200
|
||||
assert r.json()["status_nou"] == "queued"
|
||||
|
||||
|
||||
def test_repune_inexistent_404(client):
|
||||
_aid, key = _account_with_key()
|
||||
r = client.post("/v1/prezentari/99999/repune", headers={"X-API-Key": key})
|
||||
assert r.status_code == 404
|
||||
|
||||
|
||||
def test_repune_sending_409(client):
|
||||
_aid, key = _account_with_key()
|
||||
sid = _enqueue(client, key)
|
||||
_force_status(sid, "sending")
|
||||
r = client.post(f"/v1/prezentari/{sid}/repune", headers={"X-API-Key": key})
|
||||
assert r.status_code == 409
|
||||
Reference in New Issue
Block a user