feat(5.6): observabilitate + jurnal aplicatie + lifecycle trimiteri blocate

Implementeaza PRD 5.6 complet (14 stories, TDD). Doua axe: Lifecycle trimiteri blocate (Val A): - submissions_admin.py: sterge/repune scoped (404 cross-account inaintea lui 409 stare) - reactivare dedup peste `error` cu CAS (WHERE id=? AND status='error'), creds noi in submissions + accounts.rar_creds_enc; worker invalideaza sesiunea RAR la creds proaspete (JWT 30h vechi nu mai trimite cu parola gresita); camp aditiv `reactivated:true` - retentie randuri blocate 30z; purge_expired exclude queued/sending; purge_after curatat la reactivare/requeue - API DELETE /v1/prezentari/{id} + /repune (200+JSON); UI butoane + bulk + banner actionabil Observabilitate: - app/observ.py log_event: dublu canal app_events (DB) + RotatingFileHandler per-proces, redactare creds/PII la scriere (redact_pii/vin_partial) - request_id middleware + X-Request-ID pe toate raspunsurile - handler global excepții -> 500 envelope 6-chei + request_id (traceback doar in jurnal) - audit cerere API (api_prezentari/api_auth_esuat) + audit worker (rar_login/tranzitii) - tab "Jurnal" filtrabil scoped (non-admin doar contul sau); retentie jurnal 90z - rar_error expus in GET /v1/prezentari/{id} (recovery observabil) pytest -q: 741 passed, 0 failed. Docs: PRD raport VERIFY, contract endpointuri noi, ROADMAP. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-23 18:45:39 +00:00
parent f48346de5c
commit c842e3352a
40 changed files with 2851 additions and 64 deletions
--- a/tests/test_observ.py
+++ b/tests/test_observ.py
@@ -0,0 +1,105 @@
+"""Teste US-003 (PRD 5.6): logger structurat central observ.log_event.
+
+TDD: scrie in app_events SI in log text, redacteaza creds/PII, filtreaza pe nivel.
+"""
+
+from __future__ import annotations
+
+import os
+import tempfile
+
+import pytest
+
+
+@pytest.fixture()
+def env(monkeypatch):
+    tmp = tempfile.mkdtemp()
+    monkeypatch.setenv("AUTOPASS_DB_PATH", os.path.join(tmp, "observ.db"))
+    monkeypatch.setenv("AUTOPASS_LOG_DIR", os.path.join(tmp, "logs"))
+    from app.config import get_settings
+    get_settings.cache_clear()
+    from app.db import init_db
+    init_db()
+    yield tmp
+    get_settings.cache_clear()
+
+
+def _events(tip=None):
+    from app.db import get_connection
+    conn = get_connection()
+    try:
+        if tip:
+            return conn.execute("SELECT * FROM app_events WHERE tip=?", (tip,)).fetchall()
+        return conn.execute("SELECT * FROM app_events").fetchall()
+    finally:
+        conn.close()
+
+
+def test_log_event_scrie_in_db_si_fisier(env):
+    from app import observ
+    observ.log_event("test_eveniment", nivel="INFO", account_id=2, cod="X", mesaj="salut")
+
+    rows = _events("test_eveniment")
+    assert len(rows) == 1
+    assert rows[0]["account_id"] == 2
+    assert rows[0]["cod"] == "X"
+    assert rows[0]["mesaj"] == "salut"
+    assert rows[0]["sursa"] == "api"
+
+    # Log text scris
+    log_path = os.path.join(env, "logs", "app-api.log")
+    assert os.path.exists(log_path)
+    with open(log_path, encoding="utf-8") as f:
+        content = f.read()
+    assert "test_eveniment" in content
+
+
+def test_log_event_redacteaza_pii_si_creds(env):
+    from app import observ
+    observ.log_event(
+        "cu_secrete",
+        context={
+            "password": "parolaSuperSecreta",
+            "rar_credentials": {"email": "a@b.ro", "password": "x"},
+            "vin": "WVWZZZ1KZAW000123",
+            "token": "eyJhbGciOi",
+            "count": 3,
+        },
+    )
+    rows = _events("cu_secrete")
+    assert len(rows) == 1
+    ctx = rows[0]["context_json"]
+    assert "parolaSuperSecreta" not in ctx
+    assert "***REDACTED***" in ctx
+    # VIN doar partial
+    assert "WVWZZZ1KZAW000123" not in ctx
+    assert "0123" in ctx
+    # campuri benigne raman
+    assert "count" in ctx
+    # fisierul text nu contine parola
+    log_path = os.path.join(env, "logs", "app-api.log")
+    with open(log_path, encoding="utf-8") as f:
+        content = f.read()
+    assert "parolaSuperSecreta" not in content
+
+
+def test_nivel_filtrat_din_env(env, monkeypatch):
+    monkeypatch.setenv("AUTOPASS_LOG_LEVEL", "WARNING")
+    from app.config import get_settings
+    get_settings.cache_clear()
+    from app import observ
+    observ.log_event("sub_nivel", nivel="INFO")
+    observ.log_event("peste_nivel", nivel="ERROR")
+    assert len(_events("sub_nivel")) == 0
+    assert len(_events("peste_nivel")) == 1
+
+
+def test_log_event_best_effort_nu_propaga(env, monkeypatch):
+    """O eroare interna de scriere nu propaga (jurnal best-effort)."""
+    from app import observ
+    # Forteaza o eroare in insert pasand o conexiune invalida
+    class Boom:
+        def execute(self, *a, **k):
+            raise RuntimeError("boom")
+    # nu trebuie sa ridice
+    observ.log_event("nepasator", conn=Boom())