Compare commits

...

13 Commits

Author SHA1 Message Date
Claude Agent
3eaf1ca6cd test: actualizeaza asertia coloane list_accounts (requested_plan, consent_at)
Testul verifica setul exact de chei returnat de list_accounts; ramasese in urma
dupa ce coloanele requested_plan si consent_at au fost adaugate (5.17/consent).
Fara legatura cu 5.20 — esec pre-existent semnalat in checkpoint.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-02 19:55:48 +00:00
Claude Agent
1648960b13 feat(5.20): US-008 configurare medii RAR per cont (Testare/Productie)
Ruta noua POST /cont/rar-medii: doua sectiuni independente Testare/Productie,
fiecare cu bifa activare + email/parola. La salvare, mediu activat cu creds noi
e validat prin login pe env-ul respectiv (US-007); OK -> criptare Fernet in
rar_creds_{env}_enc + enabled=1; esec -> eroare per-env, creds nesalvate.

Prima activare Productie cere checkbox de confirmare (constientizare L.142).
Mediul implicit (rar_env_default) setabil DOAR pe un mediu disponibil, validat
server-side post-update. Parolele niciodata reflectate in pagina.

_fetch_cont_env_state deriva starea per-env pentru _cont.html; refactor al
handlerelor de cont sa foloseasca env_ctx in loc de are_creds legacy.

tests/test_cont_medii.py: 4 teste (salvare+creds criptate per env, default doar
dintre disponibile, confirmare prod obligatorie, fara echo parola).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-02 19:53:50 +00:00
Claude Agent
3579a15363 feat(5.20): US-007 validare login RAR pe env-ul setului de credentiale
Login de validare loveste base_url_pentru_env(env) (NU ancora globala); endpoint
POST /cont/test-rar-creds + card in _integrare.html; mesaj distinct TESTARE vs
PRODUCTIE la 401 incrucisat (confirmat live).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-29 20:46:50 +00:00
Claude Agent
19d8aaa7aa feat(5.20): US-004/005/006/009 ingestie+API+worker+import pe mediu RAR
US-004: rezolva_rar_env (cerere>default cont>ancora globala) + MediuIndisponibil
+ cod RAR_MEDIU_INDISPONIBIL.
US-005: camp rar_env pe POST /v1/prezentari + /valideaza (Literal), echo in
SubmissionResult/ValidareResult/GET, build_key + INSERT env-aware.
US-006: AccountSessions re-cheiat (account_id, rar_env); RarClient base_url per
env; creds din slotul env; purge + recover_orphans scoped pe env (E1/1a, 1b/E6);
claim_one propaga rar_env (1c/E8); keepalive pe ancora globala (M2).
US-009: selector mediu la import (>=2 medii), eticheta la 1, banner la 0; commit
seteaza rar_env pe submissions.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-29 20:30:11 +00:00
Claude Agent
d5ce0e2e2b feat(branding): redenumire ROMFAST AUTOPASS -> ROA AUTOPASS in UI
Titlu pagina, antet brand si /login afiseaza acum 'ROA AUTOPASS'.
Include redesignul sectiunii Problem+Calculator combinata din landing.
Teste de antet/nav aliniate la noul nume.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-29 19:42:31 +00:00
Claude Agent
deb6afff3e feat(5.20): US-001/002/003 schema medii per cont + disponibilitate + idempotenta env-aware
US-001: coloane accounts (rar_test/prod_enabled, rar_creds_test/prod_enc,
rar_env_default) + submissions.rar_env; migrare cu backfill din ancora globala
AUTOPASS_RAR_ENV (creds->slot, enabled doar pe mediul cu creds) + recompute
idempotency_key env-aware (AUTO-FIX G + E4/3).
US-002: app/rar_env.py — medii_disponibile + rar_env_efectiv (REQ-DISP/DEFAULT).
US-003: build_key(account_id, canon, rar_env) — test vs prod = trimiteri distincte.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-29 19:42:28 +00:00
Claude Agent
b4818349be docs(5.20): PRD medii RAR per cont (Testare/Productie) aprobat + roadmap
Doua medii RAR configurabile per cont, fiecare cu bifa de activare si set
propriu de credentiale. medii_disponibile=enabled AND creds deriva tot UX-ul.
13 stories / 6 valuri. Premisa verificata live: test/prod = sisteme separate.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-29 19:27:50 +00:00
Claude Agent
ff9d0f41d1 feat(landing): titlu ROMFAST AUTOPASS, calculator pe trimiteri, grila preturi uniforma
- header cu titlu ROMFAST AUTOPASS + subtitlu Gateway RAR, nav la dreapta
- title/meta description aliniate pe mesajul "incarci fisierul, coduri o data"
- hero: subtext rescris + linie beneficiu "Gratuit pana la 60 de trimiteri/luna"
- scoase toate referintele la card bancar
- calculator: slider pe Trimiteri/luna (default 100), cifre uniforme grid 2x2,
  rotunjite fara zecimale
- preturi: carduri egale cu aceleasi componente (bifa/minus), Standard 49 lei +
  badge Popular + buton verde, Gratuit fara badge, "* fara TVA" la preturi
- sectiune separata beneficiu "30 de zile Pro gratuit"; FINAL CTA eliminat
- suport: Standard maxim 24h, Pro maxim 8h
- signup: pret Standard aliniat la 49 lei

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-29 18:56:49 +00:00
Claude Agent
7371c3703d chore(compose): parametrizeaza RAR_ENV si WORKER_SEND_ENABLED pentru staging
Permite override din Dokploy environment fara a schimba comportamentul prod
(default-uri pastrate: api RAR_ENV=prod, worker RAR_ENV=test, SEND_ENABLED=true).
Necesar pentru serviciul de staging autopass-test.roa.romfast.ro, care forteaza
RAR_ENV=test si WORKER_SEND_ENABLED=false ca sa NU trimita declaratii reale la RAR.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-29 16:39:35 +00:00
Claude Agent
851f76ca16 feat(signup+admin): aliniere formular signup la landing + plan cerut, GDPR, control tier/trial in panou
Signup:
- /signup aliniat ca format la formularul din landing (campuri, etichete,
  placeholder-uri, select plan, checkbox GDPR, buton). Eticheta `name` = "Companie"
  (corecta: backendul salveaza nume de firma), uniform si in landing.
- Consimtamant GDPR validat server-side (functional, nu doar client-side) + salvat
  cu marca temporala (accounts.consent_at).
- Plan ales la signup salvat in accounts.requested_plan (intentie, NU drept): tier
  ramane sursa de adevar pentru gate-ul API; coloana pregateste integrarea platilor.
- landing: valorile `plan` = coduri tier (free/standard/pro/premium), data-plan
  sincronizat pe butoanele de pret; checkbox consimtamant primeste name.

Schema/DB:
- accounts: coloane noi requested_plan + consent_at (cu migrare aditiva in db.py).

Panou admin:
- Coloane noi: Plan curent (plan EFECTIV acum + zile trial ramase) si Plan cerut.
- Buton "Aplica" (POST /admin/set-tier): aloca plan real si INCHEIE trial-ul
  (efect imediat; altfel trial-ul Pro universal de 30z masca alegerea).
- Control "Trial Pro N zile" (POST /admin/set-trial via accounts.set_trial):
  acorda/prelungeste trial fara a schimba tier-ul de baza.

Teste: signup (consent obligatoriu, requested_plan persistat, tier ramane free),
panou admin (set-tier incheie trial, free opreste Pro imediat, set-trial, validari
+ CSRF). Call-site-urile existente POST /signup actualizate cu consent.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-29 16:02:37 +00:00
Claude Agent
a29896a790 docs(5.19): PRD bifa "Trimite automat la RAR" + coada tinuta/eliberare manuala
PRD prin /prd + /autoplan (CEO/Design/Eng/DX, voce unica - Codex la plafon).
Per-cont accounts.auto_send_enabled (default OFF time-boxed) + per-rand
submissions.held; snapshot la TOATE ~8 situri queued via held_for_account()
(Eng a prins bug reactivare router:237 ce ocolea Auto OFF); claim_one AND held=0.
Crescut 6->10 stories: US-007 banner/metrics coada imbatranita, US-008 retentie
held (GDPR/L.142), US-009 fixturi teste + audit, US-010 onestitate API (invariant
5.7). 26 taskuri. Eticheta redenumita; testare sigura (rar_env/valideaza) -> TODOS.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-29 15:46:23 +00:00
Claude Agent
3f513f6c12 fix(landing): elimina announce bar, actualizeaza badge hero, ancoreaza nav, simplifica login
- Scoate announce bar-ul de deasupra header-ului
- Badge hero reformulat: "Este gratuit pentru service-urile mici — pana la 60 de trimiteri RAR/luna" + link "Creeaza cont in 2 minute"
- Nav links "Cum functioneaza", "API", "Pret" devin <a href="#..."> cu id-uri pe sectiunile corespunzatoare
- Pagina /login: scoate <aside> cu logo/tagline/trust, layout trece la o singura coloana centrata

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-29 15:04:40 +00:00
Claude Agent
8f39dfbc1e feat(5.16): aliniere lista/preview la mockup + fix lock seed la boot
Implementeaza planul aprobat din docs/raport-comparatie-mockup-5.16.md (T-1..T-9):

- T-1/T-8: rand lista 4->2 linii (placuta primar + cod RAR · operatie · data + pill),
  fallback placuta, eticheta-problema 10px->--fs-xs (_submissions.html, base.html)
- T-2: pill slim restilat fill-tint + dot 7px + text colorat per stare (base.html)
- T-3: bug 4a coliziune pill/vehicul in preview — col-stare 104->140px (base.html)
- T-4: preview 8->5 coloane (scos #, KM, Note; motivul -> title pe pill)
- T-5: titlu sectiune "Trimiterile tale" -> sr-only (a11y) + badge/export discret
- T-6: linia plan N/60 in corp doar pe avertizare; consum normal in badge+burger
- T-7: guard chenar gol chips extra (_chips_prestatii.html)
- T-9: "Anuleaza"->"Renunta"; nume operatie emfatic bold

Fix boot: init_db reincarca seedul de ~17k operatii (5.18) pe FIECARE pornire, pe
API + worker concurent -> "database is locked" la al doilea proces. Guard "_if_empty"
pe mapping_suggestions (ca seed_nomenclator_if_empty) -> boot rapid, fara cursa.

Teste actualizate (slim 2-linii, fallback placuta, plan in burger). TODOS.md:
defer trackuit (eroare HTMX lista, retokenizare px, diacritice).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-29 14:44:10 +00:00
61 changed files with 4772 additions and 564 deletions

View File

@@ -53,3 +53,26 @@ Elemente deferate din review-uri. Negrupte de un PRD curent; de promovat cand de
- [ ] **US-009/US-010 ca PRD separat daca propagarea design e urgenta** — salvarea mapare-din-chip si - [ ] **US-009/US-010 ca PRD separat daca propagarea design e urgenta** — salvarea mapare-din-chip si
bulk-fix sunt adiacente FUNCTIONALE (acceptate via SELECTIVE EXPANSION), dincolo de obiectivul pur de bulk-fix sunt adiacente FUNCTIONALE (acceptate via SELECTIVE EXPANSION), dincolo de obiectivul pur de
propagare design. Daca vrei sa livrezi designul rapid, pot fi scoase intr-un PRD propriu. (CEO, low.) propagare design. Daca vrei sa livrezi designul rapid, pot fi scoase intr-un PRD propriu. (CEO, low.)
## Din raport comparatie mockup 5.16 (2026-06-29)
> Restul task-urilor din `docs/raport-comparatie-mockup-5.16.md` au fost livrate (T-1..T-9).
> Cele de mai jos raman explicit in coada la cererea userului.
- [ ] **Stare de eroare HTMX la incarcarea listei (D-4)** — cand `/_fragments/submissions`
da 500 sau pica reteaua, `#submissions-wrap` ramane blocat pe spinner ("se incarca…") fara
mesaj. De adaugat un partial de eroare / `hx-on::response-error` cu "nu s-a putut incarca,
reincearca". Robustete pre-existenta (nu introdusa de 5.16), impact functional real —
**candidatul cu cea mai mare valoare** din lista. (Design D-4, medium.)
- [ ] **Retokenizare px completa in template-uri**`_submissions.html` / `_preview_*` folosesc
literali `font-size:13px/12px/11px` in loc de token-urile `--fs-*`. 5.16 a corectat doar
instanta sub-12px (incalca pragul PRD). Restul ramane debt: schimbarea in masa (13px→`--fs-sm`
=13.5px) misca layout-ul, deci necesita o baza de regresie vizuala inainte. (Eng, bounded —
amanat ca scope creep fara baza AC.)
- [ ] **Diacritice in textul vizibil pentru user** — mockup-urile folosesc diacritice complete
("Observații", "Salvează", "Adaugă"); aplicatia le omite in majoritatea label-urilor. Fontul
le randeaza corect (US-001 confirmat). De aplicat pe label-uri/butoane/titluri, pastrand
cod/comentariile fara diacritice. Decizie initiala (poarta de gust T3): nu se aplica acum —
reintrodus in coada la cererea userului (2026-06-29) ca finisaj viitor. (Transversal, low.)

View File

@@ -44,6 +44,8 @@ def create_account(
cui: str | None = None, cui: str | None = None,
email: str | None = None, email: str | None = None,
active: bool = True, active: bool = True,
requested_plan: str | None = None,
consent_at: str | None = None,
) -> int: ) -> int:
"""Insereaza un cont si intoarce id-ul nou (AUTOINCREMENT, deci >=2 — nu atinge default id=1). """Insereaza un cont si intoarce id-ul nou (AUTOINCREMENT, deci >=2 — nu atinge default id=1).
@@ -51,12 +53,19 @@ def create_account(
`email` se normalizeaza (trim+lower); sir gol -> ValueError. `email` se normalizeaza (trim+lower); sir gol -> ValueError.
Un CUI deja folosit -> ValueError cu cauza+fix. Unicitatea e impusa de indexul partial Un CUI deja folosit -> ValueError cu cauza+fix. Unicitatea e impusa de indexul partial
`ux_accounts_cui` (nu de un check separat), deci e sigura la concurenta. `ux_accounts_cui` (nu de un check separat), deci e sigura la concurenta.
`requested_plan`: planul CERUT la signup (separat de `tier`). NU acorda drepturi — `tier`
ramane mereu 'free' la creare; planul cerut e doar o intentie pentru integrarea platilor.
Valoare invalida (nu e in VALID_TIERS) -> ignorata (stocata NULL), nu arunca.
`consent_at`: marca temporala consimtamant Termeni+GDPR (proba); None = fara flux consimtamant.
""" """
name = (name or "").strip() name = (name or "").strip()
if not name: if not name:
raise ValueError("name gol (un cont are nevoie de nume)") raise ValueError("name gol (un cont are nevoie de nume)")
cui = _norm_cui(cui) cui = _norm_cui(cui)
email = _norm_email(email) email = _norm_email(email)
# Planul cerut: pastram doar valori valide; orice altceva -> NULL (defensiv).
req_plan = requested_plan if requested_plan in VALID_TIERS else None
try: try:
# Trial Pro automat la creare (PRD 5.17 US-001): tier='free' + trial_until=now+30z. # Trial Pro automat la creare (PRD 5.17 US-001): tier='free' + trial_until=now+30z.
trial_until = ( trial_until = (
@@ -64,10 +73,11 @@ def create_account(
) )
# Invariant (5.5): active=1 <=> status='active'; cont creat inactiv = 'pending'. # Invariant (5.5): active=1 <=> status='active'; cont creat inactiv = 'pending'.
cur = conn.execute( cur = conn.execute(
"INSERT INTO accounts (name, cui, email, active, status, tier, trial_until) " "INSERT INTO accounts (name, cui, email, active, status, tier, trial_until, "
"VALUES (?, ?, ?, ?, ?, ?, ?)", "requested_plan, consent_at) "
"VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)",
(name, cui, email, 1 if active else 0, "active" if active else "pending", (name, cui, email, 1 if active else 0, "active" if active else "pending",
"free", trial_until), "free", trial_until, req_plan, consent_at),
) )
except sqlite3.IntegrityError: except sqlite3.IntegrityError:
existing = conn.execute("SELECT id FROM accounts WHERE cui=?", (cui,)).fetchone() existing = conn.execute("SELECT id FROM accounts WHERE cui=?", (cui,)).fetchone()
@@ -185,6 +195,38 @@ def set_tier(
pass pass
def set_trial(conn: sqlite3.Connection, account_id: int, trial_until: str | None) -> None:
"""Seteaza DOAR `trial_until` (acorda/prelungeste/sterge trial Pro), fara a atinge `tier`.
Trial Pro activ (trial_until in viitor) ridica planul efectiv la 'pro' (vezi
plans.effective_tier), indiferent de tier-ul de baza. Folosit din panoul admin ca sa
acorzi un trial fara a schimba tier-ul de baza (post-trial).
Contul de sistem id=1 e protejat. Cont inexistent -> ValueError.
trial_until: string ISO UTC ("YYYY-MM-DD HH:MM:SS") sau None (sterge trial-ul).
"""
row = conn.execute("SELECT 1 FROM accounts WHERE id=?", (account_id,)).fetchone()
if not row:
raise ValueError(f"cont inexistent: {account_id}")
if account_id == _PROTECTED_ACCOUNT_ID:
raise ValueError("Contul default (id=1) nu poate primi trial (cont de sistem).")
conn.execute(
"UPDATE accounts SET trial_until=? WHERE id=?", (trial_until, account_id)
)
# Audit in app_events (best-effort, fara PII nou — ca set_tier).
try:
from .observ import log_event
log_event(
"plan_trial_setat",
account_id=account_id,
mesaj=f"trial_until -> {trial_until or 'NULL'}",
context={"trial_until": trial_until},
conn=conn,
)
except Exception: # noqa: BLE001 — jurnal best-effort (ca observ.log_event)
pass
def delete_account(conn: sqlite3.Connection, account_id: int) -> None: def delete_account(conn: sqlite3.Connection, account_id: int) -> None:
"""Stergere SOFT: randul ramane ca tombstone (status='deleted', scos din liste), DAR datele """Stergere SOFT: randul ramane ca tombstone (status='deleted', scos din liste), DAR datele
sensibile se purjeaza IMEDIAT (GDPR/L.142): credentialele RAR criptate sterse, cheile API sensibile se purjeaza IMEDIAT (GDPR/L.142): credentialele RAR criptate sterse, cheile API
@@ -208,7 +250,8 @@ def list_accounts(conn: sqlite3.Connection) -> list[dict]:
"""Metadate conturi (FARA `rar_creds_enc`), ordonate dupa id. Exclude conturile 'deleted' """Metadate conturi (FARA `rar_creds_enc`), ordonate dupa id. Exclude conturile 'deleted'
(stergere soft -> invizibile in panou).""" (stergere soft -> invizibile in panou)."""
rows = conn.execute( rows = conn.execute(
"SELECT id, name, cui, email, active, status, tier, trial_until, created_at FROM accounts " "SELECT id, name, cui, email, active, status, tier, trial_until, "
"requested_plan, consent_at, created_at FROM accounts "
"WHERE status != 'deleted' ORDER BY id" "WHERE status != 'deleted' ORDER BY id"
).fetchall() ).fetchall()
return [dict(r) for r in rows] return [dict(r) for r in rows]

View File

@@ -55,6 +55,7 @@ from ...mapping import (
resolve_prestatii, resolve_prestatii,
) )
from ...validation import validate_prezentare from ...validation import validate_prezentare
from ...rar_env import MediuIndisponibil, rar_env_efectiv_cont, rezolva_rar_env
router = APIRouter(prefix="/v1/import", tags=["import"]) router = APIRouter(prefix="/v1/import", tags=["import"])
@@ -260,10 +261,10 @@ def _resolve_row_for_preview(
} }
def _build_idempotency_key(account_id: int | None, resolved: dict[str, Any]) -> str: def _build_idempotency_key(account_id: int | None, resolved: dict[str, Any], rar_env: str = "test") -> str:
"""Construieste cheia de idempotenta pentru un rand rezolvat.""" """Construieste cheia de idempotenta pentru un rand rezolvat."""
canon = canonicalize_row(resolved) canon = canonicalize_row(resolved)
return build_key(account_id, canon) return build_key(account_id, canon, rar_env)
# Campuri de continut editabile in preview. Operatia/codul RAR NU se editeaza # Campuri de continut editabile in preview. Operatia/codul RAR NU se editeaza
@@ -767,6 +768,11 @@ def preview_import(
valid_codes = load_nomenclator_codes(conn) or None valid_codes = load_nomenclator_codes(conn) or None
text_rules = load_text_rules(conn, acct) text_rules = load_text_rules(conn, acct)
# Mediul RAR efectiv al contului — folosit la calculul cheii de idempotenta
# la preview (trebuie sa coincida cu ce va folosi commit-ul fara rar_env explicit).
from ...config import get_settings as _get_settings_env
preview_env = rar_env_efectiv_cont(conn, account_id) or _get_settings_env().rar_env or "test"
# Recalculam coercion_flags din valorile stocate (nu sunt persistate separat): # Recalculam coercion_flags din valorile stocate (nu sunt persistate separat):
# detectie simpla de VIN numeric. # detectie simpla de VIN numeric.
coercion_flags_map: dict[int, list[str]] = {} coercion_flags_map: dict[int, list[str]] = {}
@@ -822,7 +828,7 @@ def preview_import(
key = None key = None
if resolved_info["resolved_status"] in ("ok", "needs_review", "needs_data"): if resolved_info["resolved_status"] in ("ok", "needs_review", "needs_data"):
try: try:
key = _build_idempotency_key(account_id, resolved_info["resolved"]) key = _build_idempotency_key(account_id, resolved_info["resolved"], preview_env)
keys_for_lookup.append(key) keys_for_lookup.append(key)
if key not in key_to_index: if key not in key_to_index:
key_to_index[key] = [] key_to_index[key] = []
@@ -930,6 +936,7 @@ class CommitIn(BaseModel):
description="Indecsi de rand needs_review bifate explicit de utilizator", description="Indecsi de rand needs_review bifate explicit de utilizator",
) )
confirmed_by: str | None = Field(None, description="Email/identifier utilizator (log atestare)") confirmed_by: str | None = Field(None, description="Email/identifier utilizator (log atestare)")
rar_env: str | None = Field(None, description="Mediu RAR tinta ('test'|'prod'). None = default cont.")
@router.post("/{import_id}/commit") @router.post("/{import_id}/commit")
@@ -1024,6 +1031,18 @@ def commit_import(
if n_total_ok == 0: if n_total_ok == 0:
raise HTTPException(status_code=422, detail="Niciun rand ok de confirmat.") raise HTTPException(status_code=422, detail="Niciun rand ok de confirmat.")
# Rezolva mediul RAR tinta al lotului (US-009): cerut > default cont > ancora globala.
try:
env = rezolva_rar_env(conn, account_id, req.rar_env)
except ValueError as e:
raise HTTPException(status_code=422, detail={"error": "mediu_invalid", "message": str(e)})
except MediuIndisponibil as e:
raise HTTPException(status_code=422, detail={
"error": "mediu_indisponibil",
"message": str(e),
"disponibile": e.disponibile,
})
# T3 (PRD 5.17): enforce volum plan — INAINTE de enqueue (invariant idempotenta). # T3 (PRD 5.17): enforce volum plan — INAINTE de enqueue (invariant idempotenta).
# Decizie #21: respingere TOTALA a lotului (nu enqueue partial tacut). # Decizie #21: respingere TOTALA a lotului (nu enqueue partial tacut).
from ...config import get_settings as _get_settings from ...config import get_settings as _get_settings
@@ -1172,8 +1191,8 @@ def commit_import(
"odometru_final": canon["odometru_final"], "odometru_final": canon["odometru_final"],
}) })
# Cheia de idempotenta (identica cu cheia din preview — aceeasi ordine) # Cheia de idempotenta (identica cu cheia din preview — aceeasi ordine + env)
key = build_key(account_id, canon) key = build_key(account_id, canon, env)
# Hash row pentru atestare (valori rezolvate) # Hash row pentru atestare (valori rezolvate)
rows_for_hash.append(json.dumps({ rows_for_hash.append(json.dumps({
@@ -1189,9 +1208,9 @@ def commit_import(
# INSERT ON CONFLICT DO NOTHING (TOCTOU) # INSERT ON CONFLICT DO NOTHING (TOCTOU)
cur = conn.execute( cur = conn.execute(
"INSERT OR IGNORE INTO submissions " "INSERT OR IGNORE INTO submissions "
"(idempotency_key, account_id, status, payload_json, batch_id, row_index, purge_after) " "(idempotency_key, account_id, status, payload_json, batch_id, row_index, purge_after, rar_env) "
"VALUES (?, ?, 'queued', ?, ?, ?, " + purge_after_sql + ")", "VALUES (?, ?, 'queued', ?, ?, ?, " + purge_after_sql + ", ?)",
(key, acct, payload_json, import_id, row_index), (key, acct, payload_json, import_id, row_index, env),
) )
if cur.rowcount == 0: if cur.rowcount == 0:

View File

@@ -24,6 +24,7 @@ from ...crypto import encrypt_creds
from ...db import get_connection from ...db import get_connection
from ...errors import eroare as err_eroare from ...errors import eroare as err_eroare
from ...idempotency import build_key, canonicalize_row from ...idempotency import build_key, canonicalize_row
from ...rar_env import MediuIndisponibil, rezolva_rar_env
from ...mapping import ( from ...mapping import (
_emite_text_rule_hits, _emite_text_rule_hits,
account_or_default, account_or_default,
@@ -122,7 +123,7 @@ def _rezultat_enqueue(submission_id: int | None, cl: dict, **extra) -> Submissio
) )
def _rezultat_respins(submission_id: int | None, cl: dict) -> SubmissionResult: def _rezultat_respins(submission_id: int | None, cl: dict, rar_env: str = "test") -> SubmissionResult:
"""Rezultat pentru on_unmapped_error=True: status='error', fara enqueue/reactivare. """Rezultat pentru on_unmapped_error=True: status='error', fara enqueue/reactivare.
`erori` pastreaza COD_NEMAPAT (compat clienti vechi); `nemapate` + `motiv` adaugate. `erori` pastreaza COD_NEMAPAT (compat clienti vechi); `nemapate` + `motiv` adaugate.
@@ -131,6 +132,7 @@ def _rezultat_respins(submission_id: int | None, cl: dict) -> SubmissionResult:
return SubmissionResult( return SubmissionResult(
submission_id=submission_id, status="error", submission_id=submission_id, status="error",
erori=nem, nemapate=nem, motiv=_motiv_clasificare(cl), erori=nem, nemapate=nem, motiv=_motiv_clasificare(cl),
rar_env=rar_env,
) )
@@ -168,6 +170,29 @@ def create_prezentari(
text_rules = load_text_rules(conn, acct) text_rules = load_text_rules(conn, acct)
error_mode = _effective_on_unmapped_error(conn, acct, req.on_unmapped_error) error_mode = _effective_on_unmapped_error(conn, acct, req.on_unmapped_error)
# US-005: rezolva mediul RAR tinta (cerut > default cont > ancora globala).
# MediuIndisponibil -> 422 inainte de orice enqueue (respinge tot lotul).
try:
env = rezolva_rar_env(conn, acct, req.rar_env)
except MediuIndisponibil as e:
raise HTTPException(
status_code=422,
detail=err_eroare(
"RAR_MEDIU_INDISPONIBIL",
cauza=(
f"mediu cerut: {e.env}; disponibile: "
f"{', '.join(e.disponibile) or 'niciunul'}"
),
),
)
except ValueError:
# Pydantic Literal prinde valorile invalide inainte sa ajunga aici;
# ramura e defensiva pentru apeluri directe fara model Pydantic.
raise HTTPException(
status_code=422,
detail=err_eroare("RAR_MEDIU_INDISPONIBIL", cauza="valoare invalida pentru rar_env"),
)
# T3 (PRD 5.17): enforce volum plan — INAINTE de build_key/enqueue (invariant idempotenta). # T3 (PRD 5.17): enforce volum plan — INAINTE de build_key/enqueue (invariant idempotenta).
# Decizie #21: respingere TOTALA a lotului (nu enqueue partial tacut). # Decizie #21: respingere TOTALA a lotului (nu enqueue partial tacut).
from ...config import get_settings as _get_settings from ...config import get_settings as _get_settings
@@ -213,7 +238,7 @@ def create_prezentari(
# build_key aplica account_or_default(account_id) inainte de hash: # build_key aplica account_or_default(account_id) inainte de hash:
# None si 1 colapseaza la aceeasi cheie (canal API + canal import). # None si 1 colapseaza la aceeasi cheie (canal API + canal import).
canon = canonicalize_row(content) canon = canonicalize_row(content)
key = build_key(account_id, canon) key = build_key(account_id, canon, env)
# Aplica normalizarea si in content (odometru canonicalizat inainte de validare) # Aplica normalizarea si in content (odometru canonicalizat inainte de validare)
content.update({ content.update({
"vin": canon["vin"], "vin": canon["vin"],
@@ -232,19 +257,20 @@ def create_prezentari(
cl = _classify_modal(content, mapping, mapping_meta, valid_codes, error_mode, text_rules) cl = _classify_modal(content, mapping, mapping_meta, valid_codes, error_mode, text_rules)
if cl["blocked_error"]: if cl["blocked_error"]:
# on_unmapped_error=True: nu reactivam; randul ramane 'error'. # on_unmapped_error=True: nu reactivam; randul ramane 'error'.
results.append(_rezultat_respins(existing["id"], cl)) results.append(_rezultat_respins(existing["id"], cl, rar_env=env))
continue continue
cur = conn.execute( cur = conn.execute(
"UPDATE submissions SET status=?, payload_json=?, rar_error=?, " "UPDATE submissions SET status=?, payload_json=?, rar_error=?, "
"rar_creds_enc=COALESCE(?, rar_creds_enc), retry_count=0, " "rar_creds_enc=COALESCE(?, rar_creds_enc), retry_count=0, "
"next_attempt_at=NULL, sending_since=NULL, purge_after=NULL, " "next_attempt_at=NULL, sending_since=NULL, purge_after=NULL, "
"updated_at=datetime('now') WHERE id=? AND status='error'", "rar_env=?, updated_at=datetime('now') WHERE id=? AND status='error'",
(cl["status"], json.dumps(cl["content"], ensure_ascii=False), (cl["status"], json.dumps(cl["content"], ensure_ascii=False),
cl["rar_error"], creds_enc, existing["id"]), cl["rar_error"], creds_enc, env, existing["id"]),
) )
if cur.rowcount == 1: if cur.rowcount == 1:
# Creds noi se propaga si in canalul durabil (accounts.rar_creds_enc) # Creds noi se propaga si in canalul durabil (accounts.rar_creds_enc)
# — ambele canale converg pe parola corectata. # — ambele canale converg pe parola corectata.
# US-013: muta pe slot env dupa login (write-back conservator).
if req.rar_credentials is not None: if req.rar_credentials is not None:
conn.execute( conn.execute(
"UPDATE accounts SET rar_creds_enc=? WHERE id=?", "UPDATE accounts SET rar_creds_enc=? WHERE id=?",
@@ -253,7 +279,7 @@ def create_prezentari(
_emite_text_rule_hits(conn, acct, existing["id"], cl["resolved"]) _emite_text_rule_hits(conn, acct, existing["id"], cl["resolved"])
# Raspuns onest si la reactivare: daca re-clasificarea cade pe # Raspuns onest si la reactivare: daca re-clasificarea cade pe
# needs_data/needs_mapping, expune motivul (nu doar status). # needs_data/needs_mapping, expune motivul (nu doar status).
results.append(_rezultat_enqueue(existing["id"], cl, reactivated=True)) results.append(_rezultat_enqueue(existing["id"], cl, reactivated=True, rar_env=env))
continue continue
# Cursa: alt POST/requeue a schimbat starea intre SELECT si UPDATE # Cursa: alt POST/requeue a schimbat starea intre SELECT si UPDATE
# (rowcount==0) -> raspuns dedup pe starea CURENTA. # (rowcount==0) -> raspuns dedup pe starea CURENTA.
@@ -267,6 +293,7 @@ def create_prezentari(
status=existing["status"], status=existing["status"],
id_prezentare=existing["id_prezentare"], id_prezentare=existing["id_prezentare"],
deduped=True, deduped=True,
rar_env=env,
) )
) )
continue continue
@@ -276,17 +303,17 @@ def create_prezentari(
cl = _classify_modal(content, mapping, mapping_meta, valid_codes, error_mode, text_rules) cl = _classify_modal(content, mapping, mapping_meta, valid_codes, error_mode, text_rules)
if cl["blocked_error"]: if cl["blocked_error"]:
# on_unmapped_error=True: respinge fara enqueue (cod necunoscut/nemapat). # on_unmapped_error=True: respinge fara enqueue (cod necunoscut/nemapat).
results.append(_rezultat_respins(None, cl)) results.append(_rezultat_respins(None, cl, rar_env=env))
continue continue
cur = conn.execute( cur = conn.execute(
"INSERT INTO submissions (idempotency_key, account_id, status, payload_json, rar_error, rar_creds_enc) " "INSERT INTO submissions (idempotency_key, account_id, status, payload_json, rar_error, rar_creds_enc, rar_env) "
"VALUES (?, ?, ?, ?, ?, ?)", "VALUES (?, ?, ?, ?, ?, ?, ?)",
(key, acct, cl["status"], json.dumps(cl["content"], ensure_ascii=False), cl["rar_error"], creds_enc), (key, acct, cl["status"], json.dumps(cl["content"], ensure_ascii=False), cl["rar_error"], creds_enc, env),
) )
sub_id = int(cur.lastrowid) sub_id = int(cur.lastrowid)
_emite_text_rule_hits(conn, acct, sub_id, cl["resolved"]) _emite_text_rule_hits(conn, acct, sub_id, cl["resolved"])
# Raspuns onest: pe needs_data/needs_mapping expune erori/nemapate/motiv. # Raspuns onest: pe needs_data/needs_mapping expune erori/nemapate/motiv.
results.append(_rezultat_enqueue(sub_id, cl)) results.append(_rezultat_enqueue(sub_id, cl, rar_env=env))
# Audit cerere API per cont. Doar metadate (count + distributie status), # Audit cerere API per cont. Doar metadate (count + distributie status),
# NICIUN camp de payload PII integral. Reuse conn (fara contentie WAL). # NICIUN camp de payload PII integral. Reuse conn (fara contentie WAL).
@@ -332,6 +359,27 @@ def valideaza_prezentari(
# Acelasi seam ca trimiterea reala: dry-run trebuie sa vada aceleasi reguli text. # Acelasi seam ca trimiterea reala: dry-run trebuie sa vada aceleasi reguli text.
text_rules = load_text_rules(conn, acct) text_rules = load_text_rules(conn, acct)
error_mode = _effective_on_unmapped_error(conn, acct, req.on_unmapped_error) error_mode = _effective_on_unmapped_error(conn, acct, req.on_unmapped_error)
# US-005 (DX F5): rezolva env identic ca trimiterea reala si ecou-ieste in raspuns.
try:
env = rezolva_rar_env(conn, acct, req.rar_env)
except MediuIndisponibil as e:
raise HTTPException(
status_code=422,
detail=err_eroare(
"RAR_MEDIU_INDISPONIBIL",
cauza=(
f"mediu cerut: {e.env}; disponibile: "
f"{', '.join(e.disponibile) or 'niciunul'}"
),
),
)
except ValueError:
raise HTTPException(
status_code=422,
detail=err_eroare("RAR_MEDIU_INDISPONIBIL", cauza="valoare invalida pentru rar_env"),
)
for i, prez in enumerate(req.prezentari): for i, prez in enumerate(req.prezentari):
content = prez.model_dump() content = prez.model_dump()
res = _classify_modal(content, mapping, mapping_meta, valid_codes, error_mode, text_rules) res = _classify_modal(content, mapping, mapping_meta, valid_codes, error_mode, text_rules)
@@ -346,6 +394,7 @@ def valideaza_prezentari(
index=i, index=i,
valid=(res["status"] == "queued"), valid=(res["status"] == "queued"),
status_estimat=res["status"], status_estimat=res["status"],
rar_env=env,
erori=res["errors"], erori=res["errors"],
nemapate=nemapate, nemapate=nemapate,
prestatii_rezolvate=res["resolved"], prestatii_rezolvate=res["resolved"],
@@ -366,9 +415,10 @@ def list_prezentari(
scope_sql, scope_params = account_scope_clause(account_id) scope_sql, scope_params = account_scope_clause(account_id)
# payload_json e plaintext (vezi submissions.payload_json); il citim doar ca # payload_json e plaintext (vezi submissions.payload_json); il citim doar ca
# sa derivam campurile afisabile prin helper-ul partajat, nu il expunem. # sa derivam campurile afisabile prin helper-ul partajat, nu il expunem.
# rar_env inclus (US-005): badge mediu in lista.
cols = ( cols = (
"id, status, id_prezentare, rar_status_code, retry_count, " "id, status, id_prezentare, rar_status_code, retry_count, "
"created_at, updated_at, payload_json" "created_at, updated_at, payload_json, rar_env"
) )
if status: if status:
rows = conn.execute( rows = conn.execute(
@@ -403,6 +453,8 @@ _PREZENTARE_FIELDS = frozenset({
# erori din catalog (niciodata creds, ex. RAR_CREDS_INVALIDE poarta doar cauza # erori din catalog (niciodata creds, ex. RAR_CREDS_INVALIDE poarta doar cauza
# "credentiale RAR invalide", fara parola). Face recovery-ul observabil prin API. # "credentiale RAR invalide", fara parola). Face recovery-ul observabil prin API.
"rar_error", "rar_error",
# US-005: mediul RAR tinta (Test/Productie) — necesar pentru badge + ecou API.
"rar_env",
}) })

131
app/db.py
View File

@@ -39,10 +39,19 @@ def init_db() -> None:
seed_nomenclator_if_empty(conn) seed_nomenclator_if_empty(conn)
# Seed corpus operatii etichetate -> mapping_suggestions (SILVER, PRD 5.18 US-004). # Seed corpus operatii etichetate -> mapping_suggestions (SILVER, PRD 5.18 US-004).
# Gated: OFF in teste (conftest), ON in productie. INSERT OR IGNORE -> idempotent. # Gated: OFF in teste (conftest), ON in productie. INSERT OR IGNORE -> idempotent.
# DOAR daca mapping_suggestions e gol: seedul are ~17k randuri; re-rularea lui pe
# FIECARE boot (API + worker concurent) tinea write-lock-ul indelung -> al doilea
# proces primea "database is locked" la pornire. Guard "_if_empty" (ca nomenclatorul)
# -> boot rapid cand e deja seeded. Re-seed dupa actualizarea fisierului = manual
# (goleste tabela), consistent cu semantica v1 ignore-not-upsert a seederului.
if get_settings().seed_operatii_enabled: if get_settings().seed_operatii_enabled:
from .operatii_seed import seed_operatii_etichetate already = conn.execute(
"SELECT 1 FROM mapping_suggestions LIMIT 1"
).fetchone()
if not already:
from .operatii_seed import seed_operatii_etichetate
seed_operatii_etichetate(conn) seed_operatii_etichetate(conn)
conn.commit() conn.commit()
finally: finally:
conn.close() conn.close()
@@ -62,11 +71,26 @@ def _migrate(conn: sqlite3.Connection) -> None:
conn.execute("ALTER TABLE submissions ADD COLUMN batch_id INTEGER") conn.execute("ALTER TABLE submissions ADD COLUMN batch_id INTEGER")
if "row_index" not in sub_cols: if "row_index" not in sub_cols:
conn.execute("ALTER TABLE submissions ADD COLUMN row_index INTEGER") conn.execute("ALTER TABLE submissions ADD COLUMN row_index INTEGER")
if "rar_env" not in sub_cols:
# PRD 5.20 US-001. Mediul RAR tinta pe submission. Pe DB existent NU lasam
# randurile pe DEFAULT 'test': un rand prod pre-migrare etichetat 'test' ar fi
# reconciliat de worker (US-006) contra endpoint TEST -> no-match -> re-send prod
# = DUPLICAT REAL IREVERSIBIL. Backfill din AUTOPASS_RAR_ENV global (ancora de
# migrare) + recompute idempotency_key env-aware. Ruleaza O SINGURA DATA (in
# blocul de adaugare a coloanei); pe DB fresh coloana vine din schema.sql (fara rows).
conn.execute(
"ALTER TABLE submissions ADD COLUMN rar_env TEXT NOT NULL DEFAULT 'test' "
"CHECK (rar_env IN ('test', 'prod'))"
)
_backfill_submissions_rar_env(conn)
# Coloane accounts # Coloane accounts
acc_cols = {r["name"] for r in conn.execute("PRAGMA table_info(accounts)").fetchall()} acc_cols = {r["name"] for r in conn.execute("PRAGMA table_info(accounts)").fetchall()}
if "rar_creds_enc" not in acc_cols: if "rar_creds_enc" not in acc_cols:
conn.execute("ALTER TABLE accounts ADD COLUMN rar_creds_enc TEXT") conn.execute("ALTER TABLE accounts ADD COLUMN rar_creds_enc TEXT")
acc_cols.add("rar_creds_enc")
# Medii RAR per cont (PRD 5.20 US-001): activare + slot creds + default, per mediu.
_migrate_accounts_medii(conn, acc_cols)
if "active" not in acc_cols: if "active" not in acc_cols:
# Conturi existente raman active (default 1). # Conturi existente raman active (default 1).
conn.execute("ALTER TABLE accounts ADD COLUMN active INTEGER NOT NULL DEFAULT 1") conn.execute("ALTER TABLE accounts ADD COLUMN active INTEGER NOT NULL DEFAULT 1")
@@ -100,6 +124,14 @@ def _migrate(conn: sqlite3.Connection) -> None:
if "trial_until" not in acc_cols: if "trial_until" not in acc_cols:
# Trial Pro activ daca != NULL si > now. Nullable (NULL = fara trial). # Trial Pro activ daca != NULL si > now. Nullable (NULL = fara trial).
conn.execute("ALTER TABLE accounts ADD COLUMN trial_until TEXT") conn.execute("ALTER TABLE accounts ADD COLUMN trial_until TEXT")
if "requested_plan" not in acc_cols:
# Planul cerut la signup (integrare plati). NU acorda drepturi; `tier` ramane sursa
# de adevar pt API/volum. Nullable. ALTER nu poate adauga CHECK pe coloana noua in
# SQLite -> validarea valorilor se face in cod (signup, fata de VALID_TIERS).
conn.execute("ALTER TABLE accounts ADD COLUMN requested_plan TEXT")
if "consent_at" not in acc_cols:
# Marca temporala consimtamant Termeni+GDPR (proba). Nullable (NULL = CLI/legacy).
conn.execute("ALTER TABLE accounts ADD COLUMN consent_at TEXT")
# Unicitate CUI (un CUI = un cont); NULL distinct nativ -> conturi fara CUI multiplu. # Unicitate CUI (un CUI = un cont); NULL distinct nativ -> conturi fara CUI multiplu.
conn.execute( conn.execute(
"CREATE UNIQUE INDEX IF NOT EXISTS ux_accounts_cui ON accounts(cui) WHERE cui IS NOT NULL" "CREATE UNIQUE INDEX IF NOT EXISTS ux_accounts_cui ON accounts(cui) WHERE cui IS NOT NULL"
@@ -147,6 +179,101 @@ def _migrate(conn: sqlite3.Connection) -> None:
) )
def _migrate_accounts_medii(conn: sqlite3.Connection, acc_cols: set[str]) -> None:
"""PRD 5.20 US-001: coloane medii RAR per cont + backfill din ancora globala.
Adauga (idempotent): rar_test_enabled/rar_prod_enabled (bife activare),
rar_creds_test_enc/rar_creds_prod_enc (sloturi creds), rar_env_default.
Backfill (O SINGURA DATA, cand coloanele tocmai au fost adaugate pe DB existent):
creds-ul legacy `rar_creds_enc` apartine mediului `AUTOPASS_RAR_ENV` global de la
momentul migrarii (ancora) — il copiem in slotul acelui mediu, activam DOAR acel
mediu (celalalt dezactivat) si fixam default-ul pe el. Conturile fara creds raman
pe default-urile coloanei (prod on / test off). Migrarea NU presupune env-ul; se
bazeaza pe ancora globala, exact cum opera contul inainte de 5.20.
"""
newly_added = "rar_env_default" not in acc_cols
if "rar_test_enabled" not in acc_cols:
conn.execute(
"ALTER TABLE accounts ADD COLUMN rar_test_enabled INTEGER NOT NULL DEFAULT 0 "
"CHECK (rar_test_enabled IN (0, 1))"
)
if "rar_prod_enabled" not in acc_cols:
conn.execute(
"ALTER TABLE accounts ADD COLUMN rar_prod_enabled INTEGER NOT NULL DEFAULT 1 "
"CHECK (rar_prod_enabled IN (0, 1))"
)
if "rar_creds_test_enc" not in acc_cols:
conn.execute("ALTER TABLE accounts ADD COLUMN rar_creds_test_enc TEXT")
if "rar_creds_prod_enc" not in acc_cols:
conn.execute("ALTER TABLE accounts ADD COLUMN rar_creds_prod_enc TEXT")
if "rar_env_default" not in acc_cols:
# ALTER nu poate adauga CHECK pe coloana noua in SQLite -> validarea ('test'/'prod')
# se face in cod (rar_env.py / rutele de cont). DEFAULT 'prod' (cont client nou).
conn.execute("ALTER TABLE accounts ADD COLUMN rar_env_default TEXT NOT NULL DEFAULT 'prod'")
if not newly_added:
return # coloanele existau deja -> backfill-ul a rulat la o pornire anterioara
# Are coloana legacy rar_creds_enc randuri de migrat? (Pe DB foarte nou, e absenta.)
if "rar_creds_enc" not in acc_cols:
return
env = get_settings().rar_env if get_settings().rar_env in ("test", "prod") else "test"
other = "prod" if env == "test" else "test"
slot = f"rar_creds_{env}_enc"
conn.execute(
f"UPDATE accounts SET {slot} = rar_creds_enc, "
f"rar_{env}_enabled = 1, rar_{other}_enabled = 0, rar_env_default = ? "
f"WHERE rar_creds_enc IS NOT NULL AND TRIM(rar_creds_enc) <> '' AND {slot} IS NULL",
(env,),
)
def _backfill_submissions_rar_env(conn: sqlite3.Connection) -> None:
"""PRD 5.20 US-001 (AUTO-FIX G + E4/3): backfill rar_env + recompute idempotency_key.
Ruleaza O SINGURA DATA, imediat dupa ce coloana `submissions.rar_env` a fost adaugata
pe un DB existent. Toate randurile pre-migrare au fost trimise (sau urmeaza) catre
mediul `AUTOPASS_RAR_ENV` global — le etichetam cu acel env (NU DEFAULT 'test'), altfel
reconcilierea worker-ului ar lovi endpoint-ul gresit -> duplicat ireversibil.
Recompute `idempotency_key` la forma env-aware (`build_key(account_id, canon, rar_env)`):
altfel un re-POST al unui rand legacy (cheie env-less) ar rata randul existent ->
duplicat. Recompute-ul e consistent (acelasi env pe toate randurile pre-migrare) deci
nu poate crea coliziuni intre randuri care erau deja distincte.
"""
import json as _json
from .idempotency import build_key, canonicalize_row
env = get_settings().rar_env if get_settings().rar_env in ("test", "prod") else "test"
conn.execute("UPDATE submissions SET rar_env = ?", (env,))
rows = conn.execute(
"SELECT id, account_id, idempotency_key, payload_json FROM submissions"
).fetchall()
for r in rows:
try:
content = _json.loads(r["payload_json"])
except (ValueError, TypeError):
continue
canon = canonicalize_row(content)
# Pastreaza prestatiile rezolvate (cod_prestatie/cod_op_service) pentru _op_identity.
canon["prestatii"] = content.get("prestatii") or []
new_key = build_key(r["account_id"], canon, env)
if new_key == r["idempotency_key"]:
continue
try:
conn.execute(
"UPDATE submissions SET idempotency_key = ? WHERE id = ?",
(new_key, r["id"]),
)
except sqlite3.IntegrityError:
# Coliziune improbabila pe UNIQUE(idempotency_key): lasa cheia veche (no-op),
# randul ramane gasibil prin dual-lookup legacy.
continue
def _now_iso() -> str: def _now_iso() -> str:
return datetime.now(timezone.utc).isoformat(timespec="seconds") return datetime.now(timezone.utc).isoformat(timespec="seconds")

View File

@@ -194,6 +194,13 @@ CATALOG: dict[str, dict[str, str]] = {
" Contacteaza-ne pentru a face upgrade la planul Pro." " Contacteaza-ne pentru a face upgrade la planul Pro."
), ),
}, },
"RAR_MEDIU_INDISPONIBIL": {
"problema": "Mediul RAR cerut nu e disponibil",
"fix": (
"Activeaza mediul si introdu credentialele RAR in tab-ul Cont."
" Mediile disponibile acum sunt in campul cauza."
),
},
} }

View File

@@ -70,17 +70,23 @@ def canonicalize_row(raw: dict[str, Any]) -> dict[str, Any]:
} }
def build_key(account_id: int | None, canon: dict[str, Any]) -> str: def build_key(account_id: int | None, canon: dict[str, Any], rar_env: str = "test") -> str:
"""SHA-256 partajat canal-API + canal-import. """SHA-256 partajat canal-API + canal-import, env-aware (PRD 5.20 US-003).
Aplica account_or_default inainte de hash: None si 1 colapseaza la aceeasi Aplica account_or_default inainte de hash: None si 1 colapseaza la aceeasi
cheie => acelasi rand logic din canale diferite nu se trimite de doua ori. cheie => acelasi rand logic din canale diferite nu se trimite de doua ori.
`rar_env` ('test'|'prod') intra in cheie: aceeasi prezentare la test si apoi la
prod sunt DOUA trimiteri reale distincte (sisteme RAR separate), nu un duplicat.
Default 'test' = back-compat cu apelantii care nu paseaza inca env-ul; toate
rutele de ingestie paseaza env-ul rezolvat explicit.
""" """
# Import local ca sa evitam import circular (mapping importa din idempotency via validator) # Import local ca sa evitam import circular (mapping importa din idempotency via validator)
from .mapping import account_or_default from .mapping import account_or_default
acct = account_or_default(account_id) acct = account_or_default(account_id)
canonic = { canonic = {
"account_id": acct, "account_id": acct,
"rar_env": rar_env,
"vin": canon.get("vin", ""), "vin": canon.get("vin", ""),
"nr_inmatriculare": canon.get("nr_inmatriculare", ""), "nr_inmatriculare": canon.get("nr_inmatriculare", ""),
"data_prestatie": canon.get("data_prestatie"), "data_prestatie": canon.get("data_prestatie"),
@@ -91,8 +97,8 @@ def build_key(account_id: int | None, canon: dict[str, Any]) -> str:
return hashlib.sha256(blob.encode("utf-8")).hexdigest() return hashlib.sha256(blob.encode("utf-8")).hexdigest()
def idempotency_key(account_id: int | None, prezentare: dict[str, Any]) -> str: def idempotency_key(account_id: int | None, prezentare: dict[str, Any], rar_env: str = "test") -> str:
"""SHA-256 peste (account_id + campurile semnificative ale prezentarii). """SHA-256 peste (account_id + rar_env + campurile semnificative ale prezentarii).
Wrapper backward-compat peste canonicalize_row + build_key. Wrapper backward-compat peste canonicalize_row + build_key.
Exclude obs si b64Image (cosmetice, nu definesc unicitatea declaratiei). Exclude obs si b64Image (cosmetice, nu definesc unicitatea declaratiei).
@@ -102,7 +108,7 @@ def idempotency_key(account_id: int | None, prezentare: dict[str, Any]) -> str:
acoperite automat — dual-lookup sau recompute-keys la migrare productie. acoperite automat — dual-lookup sau recompute-keys la migrare productie.
""" """
canon = canonicalize_row(prezentare) canon = canonicalize_row(prezentare)
return build_key(account_id, canon) return build_key(account_id, canon, rar_env)
def build_key_legacy(account_id: int | None, prezentare: dict[str, Any]) -> str: def build_key_legacy(account_id: int | None, prezentare: dict[str, Any]) -> str:

View File

@@ -7,6 +7,8 @@ odometru) este in app.validation.
from __future__ import annotations from __future__ import annotations
from typing import Literal
from pydantic import BaseModel, Field, field_validator, model_validator from pydantic import BaseModel, Field, field_validator, model_validator
@@ -93,6 +95,8 @@ class PrezentareRequest(BaseModel):
# False -> submission 'needs_mapping' (intra in editorul de mapare); # False -> submission 'needs_mapping' (intra in editorul de mapare);
# None -> se foloseste accounts.on_unmapped_error_default (implicit False). # None -> se foloseste accounts.on_unmapped_error_default (implicit False).
on_unmapped_error: bool | None = None on_unmapped_error: bool | None = None
# Mediul RAR tinta: 'test' | 'prod'. Absent -> default-ul contului (REQ-DEFAULT).
rar_env: Literal["test", "prod"] | None = None
class SubmissionResult(BaseModel): class SubmissionResult(BaseModel):
@@ -105,6 +109,8 @@ class SubmissionResult(BaseModel):
# RE-ACTIVAT (re-clasificat + creds actualizate) la resubmit. `deduped` pastreaza # RE-ACTIVAT (re-clasificat + creds actualizate) la resubmit. `deduped` pastreaza
# semantica actuala (clientii vechi care testeaza `deduped` nu se sparg). # semantica actuala (clientii vechi care testeaza `deduped` nu se sparg).
reactivated: bool = False reactivated: bool = False
# Mediul RAR tinta efectiv (ecou din DB / rezolvat la ingestie).
rar_env: str = "test"
# Raspuns ONEST pentru randuri blocate: orice status != 'queued' isi expune # Raspuns ONEST pentru randuri blocate: orice status != 'queued' isi expune
# motivul, ca integratorul sa nu trateze un needs_data/needs_mapping drept succes. # motivul, ca integratorul sa nu trateze un needs_data/needs_mapping drept succes.
# erori = validare de continut (needs_data), 3 niveluri [{field, cod, problema, cauza, fix, message}]. # erori = validare de continut (needs_data), 3 niveluri [{field, cod, problema, cauza, fix, message}].
@@ -126,6 +132,8 @@ class ValidarePrezentariRequest(BaseModel):
rar_credentials: RarCredentials | None = None rar_credentials: RarCredentials | None = None
prezentari: list[PrezentareIn] = Field(..., min_length=1) prezentari: list[PrezentareIn] = Field(..., min_length=1)
on_unmapped_error: bool | None = None on_unmapped_error: bool | None = None
# Mediul RAR tinta: 'test' | 'prod'. Absent -> default-ul contului.
rar_env: Literal["test", "prod"] | None = None
class ValidareResult(BaseModel): class ValidareResult(BaseModel):
@@ -134,6 +142,7 @@ class ValidareResult(BaseModel):
index: int index: int
valid: bool valid: bool
status_estimat: str # "queued" | "needs_data" | "needs_mapping" status_estimat: str # "queued" | "needs_data" | "needs_mapping"
rar_env: str = "test" # mediul RAR tinta efectiv (ecou din rezolvare)
erori: list[dict] = [] erori: list[dict] = []
nemapate: list[dict] = [] nemapate: list[dict] = []
prestatii_rezolvate: list[dict] = [] prestatii_rezolvate: list[dict] = []

View File

@@ -44,6 +44,11 @@ class RarAuthError(RarError):
"""Login esuat (401 / credentiale invalide). NU se face retry.""" """Login esuat (401 / credentiale invalide). NU se face retry."""
def base_url_pentru_env(settings: "Settings", env: str) -> str:
"""URL de baza al mediului RAR: 'prod' -> rar_base_url_prod, altfel rar_base_url_test."""
return settings.rar_base_url_prod if env == "prod" else settings.rar_base_url_test
class RarClient: class RarClient:
"""Client sincron httpx. Folosit din worker (proces separat). """Client sincron httpx. Folosit din worker (proces separat).
@@ -53,10 +58,10 @@ class RarClient:
data = rar.post_prezentare(token, payload) data = rar.post_prezentare(token, payload)
""" """
def __init__(self, settings: Settings | None = None): def __init__(self, settings: Settings | None = None, *, base_url: str | None = None):
self.settings = settings or get_settings() self.settings = settings or get_settings()
self._client = httpx.Client( self._client = httpx.Client(
base_url=self.settings.rar_base_url, base_url=base_url if base_url is not None else self.settings.rar_base_url,
timeout=self.settings.http_timeout_s, timeout=self.settings.http_timeout_s,
headers={"User-Agent": self.settings.http_user_agent}, # fix WAF 403 headers={"User-Agent": self.settings.http_user_agent}, # fix WAF 403
) )

156
app/rar_env.py Normal file
View File

@@ -0,0 +1,156 @@
"""Medii RAR per cont (PRD 5.20): disponibilitate + default efectiv.
Sursa UNICA de adevar pentru REQ-DISP / REQ-DEFAULT: vizibilitatea selector/toggle
in UI, validarea tintei in API si decizia worker-ului citesc TOATE de aici, ca sa
decida identic.
Un mediu ('test'|'prod') e *disponibil* pentru un cont daca e activat (bifa) SI are
credentiale (slot per-mediu non-gol). Din disponibilitate decurge tot UX-ul:
- 0 medii -> nicio tinta; trimiterea web e blocata, API cade pe ancora globala.
- 1 mediu -> tinta implicita (acel mediu), fara selector.
- 2 medii -> selector la import + toggle in statusbar + alegere in API.
Functii PURE (fara DB) peste un rand de cont (sqlite3.Row sau dict). Helperele cu
`conn` incarca randul si deleaga.
"""
from __future__ import annotations
import sqlite3
from typing import Any
VALID_ENVS: tuple[str, str] = ("test", "prod")
def _field(account: Any, key: str, default: Any = None) -> Any:
"""Citire toleranta a unui camp de cont (dict sau sqlite3.Row, camp posibil absent)."""
if account is None:
return default
if isinstance(account, dict):
return account.get(key, default)
try:
return account[key] # sqlite3.Row
except (IndexError, KeyError):
return default
def _are_creds(account: Any, env: str) -> bool:
creds = _field(account, f"rar_creds_{env}_enc", None)
return bool(creds and str(creds).strip())
def _enabled(account: Any, env: str) -> bool:
return int(_field(account, f"rar_{env}_enabled", 0) or 0) == 1
def medii_disponibile(account: Any) -> list[str]:
"""Subset din ('test','prod') = activat AND creds prezente. Ordine stabila test<prod."""
return [env for env in VALID_ENVS if _enabled(account, env) and _are_creds(account, env)]
def rar_env_efectiv(account: Any) -> str | None:
"""Mediul tinta implicit al contului (REQ-DEFAULT).
Mereu unul din mediile disponibile: default-ul contului daca inca e disponibil,
altfel singurul disponibil; daca 0 disponibile -> None (nicio tinta).
"""
disp = medii_disponibile(account)
if not disp:
return None
default = _field(account, "rar_env_default", "prod")
if default in disp:
return default
return disp[0]
# --------------------------------------------------------------------------- #
# Helpere cu conexiune #
# --------------------------------------------------------------------------- #
_ACCOUNT_ENV_COLS = (
"id, rar_test_enabled, rar_prod_enabled, "
"rar_creds_test_enc, rar_creds_prod_enc, rar_env_default"
)
def load_account_env(conn: sqlite3.Connection, account_id: int) -> sqlite3.Row | None:
"""Randul de cont cu exact coloanele de mediu (pentru medii_disponibile/rar_env_efectiv)."""
from .mapping import account_or_default
return conn.execute(
f"SELECT {_ACCOUNT_ENV_COLS} FROM accounts WHERE id=?",
(account_or_default(account_id),),
).fetchone()
def medii_disponibile_cont(conn: sqlite3.Connection, account_id: int) -> list[str]:
return medii_disponibile(load_account_env(conn, account_id))
def rar_env_efectiv_cont(conn: sqlite3.Connection, account_id: int) -> str | None:
return rar_env_efectiv(load_account_env(conn, account_id))
# --------------------------------------------------------------------------- #
# Exceptie si rezolvator de mediu tinta (US-004, dependent de US-002) #
# --------------------------------------------------------------------------- #
class MediuIndisponibil(Exception):
"""Mediul RAR cerut e valid dar nu e disponibil pentru contul dat.
Atribute
--------
env: mediul cerut (ex. 'test')
disponibile: lista mediilor disponibile pentru cont in momentul erorii
"""
def __init__(self, env: str, disponibile: list[str]) -> None:
self.env = env
self.disponibile = disponibile
super().__init__(
f"mediu indisponibil: {env!r} (disponibile: {disponibile!r})"
)
def rezolva_rar_env(
conn: sqlite3.Connection,
account_id: int,
cerut: str | None = None,
) -> str:
"""Determina mediul RAR tinta pentru un submission la ingestie.
Precedenta stricta (de la cea mai mare la cea mai mica):
1. `cerut` explicit si disponibil -> intoarce `cerut`.
2. `cerut` explicit dar indisponibil -> ridica MediuIndisponibil.
3. `cerut` invalid (nu in VALID_ENVS) -> ridica ValueError (fara fallback silentios).
4. `cerut` None -> incearca rar_env_efectiv_cont (default-ul contului).
5. Daca contul nu are niciun mediu disponibil (rar_env_efectiv_cont == None)
-> cade pe ancora globala get_settings().rar_env, normalizata la VALID_ENVS.
Acest fallback e intentionat (PRD 5.20 §2 Non-Goals): AUTOPASS_RAR_ENV ramane
ancora de migrare si fallback pentru actiuni fara cont (keepalive, canal API cu
creds efemere pe conturi nou-create fara medii configurate).
Ridica
------
ValueError -- `cerut` nu e in VALID_ENVS
MediuIndisponibil -- `cerut` e valid dar nu e disponibil pentru cont
"""
if cerut is not None:
if cerut not in VALID_ENVS:
raise ValueError(f"mediu invalid: {cerut!r}")
disp = medii_disponibile_cont(conn, account_id)
if cerut not in disp:
raise MediuIndisponibil(cerut, disp)
return cerut
# cerut e None: incearca default-ul contului
efectiv = rar_env_efectiv_cont(conn, account_id)
if efectiv is not None:
return efectiv
# Ancora globala: 0 medii disponibile pe cont -> fallback la AUTOPASS_RAR_ENV.
from .config import get_settings
global_env = get_settings().rar_env
if global_env in VALID_ENVS:
return global_env
return "test" # rar_env invalid in config -> cel mai sigur default

View File

@@ -19,7 +19,15 @@ CREATE TABLE IF NOT EXISTS accounts (
-- vezi accounts.delete_account — randul ramane doar pentru audit). -- vezi accounts.delete_account — randul ramane doar pentru audit).
status TEXT NOT NULL DEFAULT 'active' status TEXT NOT NULL DEFAULT 'active'
CHECK (status IN ('pending','active','blocked','archived','deleted')), CHECK (status IN ('pending','active','blocked','archived','deleted')),
rar_creds_enc TEXT, -- creds RAR criptate (Fernet) durabile per-cont (D4/Eng#1) rar_creds_enc TEXT, -- LEGACY (PRD 5.20 US-013 dropeaza coloana): creds RAR durabile env-less
-- Medii RAR per cont (PRD 5.20 US-001). Fiecare mediu = bifa de activare + slot creds.
-- medii_disponibile = enabled AND creds prezente (app/rar_env.py). Cont client nou =
-- Productie on / Testare off (clientii declara real); contul operator se pune manual pe Testare.
rar_test_enabled INTEGER NOT NULL DEFAULT 0 CHECK (rar_test_enabled IN (0, 1)),
rar_prod_enabled INTEGER NOT NULL DEFAULT 1 CHECK (rar_prod_enabled IN (0, 1)),
rar_creds_test_enc TEXT, -- creds RAR criptate (Fernet) pentru mediul Testare
rar_creds_prod_enc TEXT, -- creds RAR criptate (Fernet) pentru mediul Productie
rar_env_default TEXT NOT NULL DEFAULT 'prod' CHECK (rar_env_default IN ('test', 'prod')),
-- Comportament implicit la cod prestatie necunoscut/nemapat pe canalul API: -- Comportament implicit la cod prestatie necunoscut/nemapat pe canalul API:
-- 0 (default, non-distructiv: submission 'needs_mapping', intra in editorul de mapare) sau -- 0 (default, non-distructiv: submission 'needs_mapping', intra in editorul de mapare) sau
-- 1 (respinge cererea fara enqueue). Override per-cerere via PrezentareRequest.on_unmapped_error. -- 1 (respinge cererea fara enqueue). Override per-cerere via PrezentareRequest.on_unmapped_error.
@@ -32,6 +40,15 @@ CREATE TABLE IF NOT EXISTS accounts (
tier TEXT NOT NULL DEFAULT 'free' tier TEXT NOT NULL DEFAULT 'free'
CHECK (tier IN ('free','standard','pro','premium')), CHECK (tier IN ('free','standard','pro','premium')),
trial_until TEXT, -- ISO datetime UTC sau NULL; nullable trial_until TEXT, -- ISO datetime UTC sau NULL; nullable
-- Planul CERUT de client la signup (separat de `tier`). NU acorda drepturi:
-- `tier` ramane sursa unica de adevar pentru gate-ul API (require_api_access) si volum.
-- Folosit la integrarea platilor: client cere plan -> plateste -> admin/webhook urca `tier`
-- -> API se deblocheaza. NULL = necunoscut (cont creat via CLI / inainte de coloana).
requested_plan TEXT
CHECK (requested_plan IS NULL OR requested_plan IN ('free','standard','pro','premium')),
-- Marca temporala a acceptarii Termenilor + politicii de confidentialitate (GDPR, L.142).
-- Setata la signup (proba de consimtamant). NULL = cont fara flux de consimtamant (CLI/legacy).
consent_at TEXT,
created_at TEXT NOT NULL DEFAULT (datetime('now')) created_at TEXT NOT NULL DEFAULT (datetime('now'))
); );
-- Un CUI = un cont (cand e prezent). NULL ramane distinct nativ in SQLite -> conturi -- Un CUI = un cont (cand e prezent). NULL ramane distinct nativ in SQLite -> conturi
@@ -79,6 +96,10 @@ CREATE TABLE IF NOT EXISTS submissions (
status TEXT NOT NULL DEFAULT 'queued' status TEXT NOT NULL DEFAULT 'queued'
CHECK (status IN ('queued','sending','sent','needs_mapping','needs_data','error')), CHECK (status IN ('queued','sending','sent','needs_mapping','needs_data','error')),
payload_json TEXT NOT NULL, payload_json TEXT NOT NULL,
-- Mediul RAR tinta al acestei trimiteri (PRD 5.20 US-001). DEFAULT 'test' e doar plasa
-- pentru randuri net-noi care nu seteaza explicit; fiecare INSERT (API/import/web) seteaza
-- rar_env explicit. Backfill din AUTOPASS_RAR_ENV global la migrare (NU lasa pe DEFAULT).
rar_env TEXT NOT NULL DEFAULT 'test' CHECK (rar_env IN ('test', 'prod')),
rar_creds_enc TEXT, -- creds RAR criptate (Fernet), sterse dupa primul login reusit rar_creds_enc TEXT, -- creds RAR criptate (Fernet), sterse dupa primul login reusit
rar_status_code INTEGER, rar_status_code INTEGER,
rar_error TEXT, rar_error TEXT,

View File

@@ -8,6 +8,7 @@ Rute:
from __future__ import annotations from __future__ import annotations
from datetime import datetime, timedelta, timezone
from pathlib import Path from pathlib import Path
from fastapi import APIRouter, Form, Request from fastapi import APIRouter, Form, Request
@@ -15,12 +16,42 @@ from fastapi.responses import HTMLResponse, RedirectResponse
from fastapi.templating import Jinja2Templates from fastapi.templating import Jinja2Templates
from .. import __version__ from .. import __version__
from ..accounts import account_is_complete, list_accounts, set_active, set_status, delete_account from ..accounts import account_is_complete, list_accounts, set_active, set_status, set_tier, set_trial, delete_account
from ..config import get_settings from ..config import get_settings
from ..db import get_connection from ..db import get_connection
from ..plans import PLANS, effective_tier
from ..web.csrf import get_csrf_token, verify_csrf from ..web.csrf import get_csrf_token, verify_csrf
from ..web.session import require_admin from ..web.session import require_admin
def _plan_label(code: str | None) -> str:
"""Eticheta RO a unui cod de plan (din PLANS). None/necunoscut -> ''."""
if not code:
return ""
plan = PLANS.get(code)
return plan["label"] if plan else code
def _trial_zile_ramase(trial_until_str: str | None, now: datetime) -> int | None:
"""Zile ramase din trial (rotunjit in sus), sau None daca nu e trial activ/malformat.
Acelasi parsing tolerant ca plans.effective_tier (UTC implicit pe valori naive).
"""
if not trial_until_str:
return None
try:
tu = datetime.fromisoformat(trial_until_str.strip().replace(" ", "T"))
if tu.tzinfo is None:
tu = tu.replace(tzinfo=timezone.utc)
now_cmp = now if now.tzinfo else now.replace(tzinfo=timezone.utc)
secunde = (tu - now_cmp).total_seconds()
if secunde <= 0:
return None
# Rotunjire in sus la zile (o fractie de zi ramasa = inca 1 zi afisata).
return int(secunde // 86400) + (1 if secunde % 86400 else 0)
except (ValueError, AttributeError, TypeError):
return None
router = APIRouter() router = APIRouter()
_TMPL = Jinja2Templates(directory=str(Path(__file__).resolve().parent / "templates")) _TMPL = Jinja2Templates(directory=str(Path(__file__).resolve().parent / "templates"))
@@ -47,10 +78,19 @@ def _render_admin(request: Request, conn, *, error: str | None = None, status_co
"""Randeaza pagina admin.html cu lista de conturi si optional un mesaj de eroare.""" """Randeaza pagina admin.html cu lista de conturi si optional un mesaj de eroare."""
accounts = list_accounts(conn) accounts = list_accounts(conn)
emails = _emails_by_account(conn) emails = _emails_by_account(conn)
now = datetime.now(timezone.utc)
for acct in accounts: for acct in accounts:
# Computa is_complete INAINTE de a suprascrie accounts.email cu emailul de login al userului # Computa is_complete INAINTE de a suprascrie accounts.email cu emailul de login al userului
acct["is_complete"] = account_is_complete(acct) acct["is_complete"] = account_is_complete(acct)
acct["email"] = emails.get(acct["id"]) acct["email"] = emails.get(acct["id"])
# Plan EFECTIV (ce are contul acum): trial Pro activ ridica `free` la `pro`.
# `tier` ramane sursa de adevar pentru drepturi; `requested_plan` e doar intentia de la signup.
eff = effective_tier(acct, now)
acct["tier_label"] = _plan_label(acct.get("tier")) # tier de baza (post-trial)
acct["tier_efectiv_label"] = _plan_label(eff) # plan efectiv ACUM
acct["trial_activ"] = eff != (acct.get("tier") or "free")
acct["trial_zile"] = _trial_zile_ramase(acct.get("trial_until"), now)
acct["requested_plan_label"] = _plan_label(acct.get("requested_plan"))
# Grupare pe STARE, nu pe `active`: altfel conturile arhivate/blocate (active=0) # Grupare pe STARE, nu pe `active`: altfel conturile arhivate/blocate (active=0)
# ar cadea gresit sub "in asteptare". 'deleted' e deja exclus din list_accounts. # ar cadea gresit sub "in asteptare". 'deleted' e deja exclus din list_accounts.
pending = [a for a in accounts if a["status"] == "pending" and a["id"] != 1] pending = [a for a in accounts if a["status"] == "pending" and a["id"] != 1]
@@ -146,6 +186,73 @@ async def admin_delete(request: Request, account_id: list[int] = Form(...),
return _lifecycle_route(request, account_id, csrf_token, "delete") return _lifecycle_route(request, account_id, csrf_token, "delete")
@router.post("/admin/set-tier", response_class=HTMLResponse)
async def admin_set_tier(
request: Request,
account_id: int = Form(...),
tier: str = Form(...),
csrf_token: str = Form(default=""),
):
"""Schimba planul (tier) unui cont din panou. require_admin + CSRF, PRG 303.
Reuseaza accounts.set_tier (valideaza tier-ul, protejeaza id=1, logheaza schimbarea).
INCHEIE trial-ul (trial_until=NULL): alocarea manuala = plan real de-acum, cu efect
imediat — altfel trial-ul Pro universal (30z la signup) ar masca alegerea pana la
expirare (decizie user 2026-06-29). Tier invalid / cont protejat -> re-randare cu eroare.
"""
require_admin(request)
verify_csrf(request, csrf_token)
conn = get_connection()
try:
try:
# trial_until=None: alocarea manuala incheie trial-ul si aplica tier-ul ales acum.
set_tier(conn, account_id, tier, trial_until=None)
conn.commit()
except ValueError as exc:
return _render_admin(request, conn, error=str(exc), status_code=422)
finally:
conn.close()
return RedirectResponse("/admin", status_code=303)
@router.post("/admin/set-trial", response_class=HTMLResponse)
async def admin_set_trial(
request: Request,
account_id: int = Form(...),
trial_days: int = Form(...),
csrf_token: str = Form(default=""),
):
"""Acorda/prelungeste un trial Pro de N zile (de la acum), fara a schimba tier-ul de baza.
require_admin + CSRF, PRG 303. Reuseaza accounts.set_trial (protejeaza id=1, logheaza).
trial_days <= 0 sau peste plafon -> re-randare panou cu eroare (422). Plafon defensiv 3650z.
"""
require_admin(request)
verify_csrf(request, csrf_token)
conn = get_connection()
try:
if trial_days <= 0 or trial_days > 3650:
return _render_admin(
request, conn,
error="Numarul de zile pentru trial trebuie sa fie intre 1 si 3650.",
status_code=422,
)
try:
now = datetime.now(timezone.utc)
trial_until = (now + timedelta(days=trial_days)).strftime("%Y-%m-%d %H:%M:%S")
set_trial(conn, account_id, trial_until)
conn.commit()
except ValueError as exc:
return _render_admin(request, conn, error=str(exc), status_code=422)
finally:
conn.close()
return RedirectResponse("/admin", status_code=303)
@router.post("/admin/deactivate", response_class=HTMLResponse) @router.post("/admin/deactivate", response_class=HTMLResponse)
async def admin_deactivate( async def admin_deactivate(
request: Request, request: Request,

View File

@@ -2,6 +2,7 @@
from __future__ import annotations from __future__ import annotations
from datetime import datetime, timezone
from pathlib import Path from pathlib import Path
from fastapi import APIRouter, Form, Request from fastapi import APIRouter, Form, Request
@@ -9,7 +10,7 @@ from fastapi.responses import HTMLResponse, RedirectResponse
from fastapi.templating import Jinja2Templates from fastapi.templating import Jinja2Templates
from .. import __version__ from .. import __version__
from ..accounts import create_account from ..accounts import VALID_TIERS, create_account
from ..auth import create_api_key from ..auth import create_api_key
from ..config import get_settings from ..config import get_settings
from ..db import get_connection from ..db import get_connection
@@ -47,10 +48,18 @@ async def signup_post(
cui: str = Form(default=""), cui: str = Form(default=""),
email: str = Form(default=""), email: str = Form(default=""),
parola: str = Form(default=""), parola: str = Form(default=""),
plan: str = Form(default=""),
consent: str = Form(default=""),
csrf_token: str = Form(default=""), csrf_token: str = Form(default=""),
): ):
verify_csrf(request, csrf_token) verify_csrf(request, csrf_token)
# Planul CERUT (intentie, nu drept): pastram doar valori valide; orice altceva -> 'free'.
# `tier`-ul real ramane 'free' la creare; planul ales se onoreaza dupa plata (admin/webhook).
requested_plan = plan.strip().lower() if plan else ""
if requested_plan not in VALID_TIERS:
requested_plan = "free"
settings = get_settings() settings = get_settings()
ip = request.client.host if request.client else "unknown" ip = request.client.host if request.client else "unknown"
if not check_rate_limit(ip, settings.signup_rate_max, settings.signup_rate_window_s): if not check_rate_limit(ip, settings.signup_rate_max, settings.signup_rate_window_s):
@@ -58,7 +67,7 @@ async def signup_post(
request, request,
csrf_token=get_csrf_token(request), csrf_token=get_csrf_token(request),
error=_RATE_MSG, error=_RATE_MSG,
name=name, cui=cui, email=email, name=name, cui=cui, email=email, plan=requested_plan,
), status_code=429) ), status_code=429)
if len(parola) < _PASSWORD_MIN: if len(parola) < _PASSWORD_MIN:
@@ -66,7 +75,7 @@ async def signup_post(
request, request,
csrf_token=get_csrf_token(request), csrf_token=get_csrf_token(request),
error=f"Parola trebuie sa aiba cel putin {_PASSWORD_MIN} caractere.", error=f"Parola trebuie sa aiba cel putin {_PASSWORD_MIN} caractere.",
name=name, cui=cui, email=email, name=name, cui=cui, email=email, plan=requested_plan,
), status_code=422) ), status_code=422)
# CUI obligatoriu la signup (US-001, PRD 5.12) # CUI obligatoriu la signup (US-001, PRD 5.12)
@@ -76,9 +85,19 @@ async def signup_post(
request, request,
csrf_token=get_csrf_token(request), csrf_token=get_csrf_token(request),
error="CUI-ul firmei este obligatoriu.", error="CUI-ul firmei este obligatoriu.",
name=name, cui=cui, email=email, name=name, cui=cui, email=email, plan=requested_plan,
), status_code=422) ), status_code=422)
# Consimtamant Termeni + GDPR obligatoriu (proba). Checkbox bifat -> valoare ne-goala.
if not (consent and consent.strip()):
return _TMPL.TemplateResponse(request, "signup.html", _ctx(
request,
csrf_token=get_csrf_token(request),
error="Trebuie sa accepti Termenii si prelucrarea datelor (GDPR) pentru a crea cont.",
name=name, cui=cui, email=email, plan=requested_plan,
), status_code=422)
consent_at = datetime.now(timezone.utc).strftime("%Y-%m-%d %H:%M:%S")
# Bootstrap admin: count_admins se citeste INAUNTRUL tranzactiei BEGIN IMMEDIATE, # Bootstrap admin: count_admins se citeste INAUNTRUL tranzactiei BEGIN IMMEDIATE,
# astfel lock-ul RESERVED serializeaza scriitorii si al doilea signup vede count==1. # astfel lock-ul RESERVED serializeaza scriitorii si al doilea signup vede count==1.
conn = get_connection() conn = get_connection()
@@ -86,7 +105,10 @@ async def signup_post(
conn.execute("BEGIN IMMEDIATE") conn.execute("BEGIN IMMEDIATE")
try: try:
is_first = count_admins(conn) == 0 is_first = count_admins(conn) == 0
account_id = create_account(conn, name, cui=cui_norm, email=email, active=False) account_id = create_account(
conn, name, cui=cui_norm, email=email, active=False,
requested_plan=requested_plan, consent_at=consent_at,
)
user_id = create_user(conn, account_id, email, parola, is_admin=is_first) user_id = create_user(conn, account_id, email, parola, is_admin=is_first)
api_key = create_api_key(conn, account_id) api_key = create_api_key(conn, account_id)
conn.execute("COMMIT") conn.execute("COMMIT")
@@ -121,7 +143,7 @@ async def signup_post(
request, request,
csrf_token=get_csrf_token(request), csrf_token=get_csrf_token(request),
error=error_msg, error=error_msg,
name=name, cui=cui, email=email, name=name, cui=cui, email=email, plan=requested_plan,
), status_code=422) ), status_code=422)
except Exception as exc: except Exception as exc:
conn.execute("ROLLBACK") conn.execute("ROLLBACK")
@@ -129,7 +151,7 @@ async def signup_post(
request, request,
csrf_token=get_csrf_token(request), csrf_token=get_csrf_token(request),
error=str(exc), error=str(exc),
name=name, cui=cui, email=email, name=name, cui=cui, email=email, plan=requested_plan,
), status_code=422) ), status_code=422)
finally: finally:
conn.close() conn.close()

View File

@@ -89,10 +89,25 @@ from ..mapping import (
text_rules_overlap, text_rules_overlap,
) )
from ..shared_store import record_human_validation from ..shared_store import record_human_validation
from ..rar_env import MediuIndisponibil, medii_disponibile_cont, rar_env_efectiv_cont, rezolva_rar_env
from ..rar_client import RarAuthError, RarClient, RarError, base_url_pentru_env
# Campuri canonice cu eticheta umana pentru dropdown mapare coloane # Campuri canonice cu eticheta umana pentru dropdown mapare coloane
_CANONICAL_FIELDS = [(k, v[0]) for k, v in _CANONICAL_SYNONYMS.items()] _CANONICAL_FIELDS = [(k, v[0]) for k, v in _CANONICAL_SYNONYMS.items()]
def _import_env_ctx(conn, account_id: int) -> dict:
"""Contextul de mediu RAR pentru paginile de import (US-009, PRD 5.20).
Intoarce {'medii': list[str], 'env_default': str} pentru template-ul _upload.html.
Un mediu e disponibil = activat SI are credentiale. La 0 medii template afiseaza
un banner non-blocant; la 1 eticheta statica; la >=2 selector.
"""
medii = medii_disponibile_cont(conn, account_id)
env_default = rar_env_efectiv_cont(conn, account_id) or "prod"
return {"medii": medii, "env_default": env_default}
router = APIRouter(tags=["web"]) router = APIRouter(tags=["web"])
templates = Jinja2Templates(directory=str(Path(__file__).resolve().parent / "templates")) templates = Jinja2Templates(directory=str(Path(__file__).resolve().parent / "templates"))
# Expune parse_erori in toate template-urile # Expune parse_erori in toate template-urile
@@ -277,10 +292,14 @@ def _get_acasa_context(request: Request, conn, account_id: int) -> dict:
acct = account_or_default(account_id) acct = account_or_default(account_id)
# Pas 1: are credentiale RAR configurate? + metadate cont (pentru banner incomplet) # Pas 1: are credentiale RAR configurate? + metadate cont (pentru banner incomplet)
# Verifica atat coloana legacy rar_creds_enc cat si sloturile per-env (US-008, PRD 5.20).
row = conn.execute( row = conn.execute(
"SELECT id, name, cui, email, rar_creds_enc FROM accounts WHERE id=?", (acct,) "SELECT id, name, cui, email, rar_creds_enc, rar_creds_test_enc, rar_creds_prod_enc "
"FROM accounts WHERE id=?", (acct,)
).fetchone() ).fetchone()
are_creds = bool(row and row["rar_creds_enc"]) are_creds = bool(row and (
row["rar_creds_enc"] or row["rar_creds_test_enc"] or row["rar_creds_prod_enc"]
))
# Banner cont incomplet (US-002): contul nu are companie + email + CUI complete # Banner cont incomplet (US-002): contul nu are companie + email + CUI complete
cont_incomplet = not _acct_is_complete(row) if row else False cont_incomplet = not _acct_is_complete(row) if row else False
@@ -370,22 +389,25 @@ def _render_panel_cont(request: Request, conn, account_id: int) -> str:
"""Randeaza panoul Cont ca string HTML.""" """Randeaza panoul Cont ca string HTML."""
from ..mapping import account_or_default from ..mapping import account_or_default
acct = account_or_default(account_id) acct = account_or_default(account_id)
row = conn.execute(
"SELECT id, name, cui, email, rar_creds_enc FROM accounts WHERE id=?", (acct,)
).fetchone()
are_creds = bool(row and row["rar_creds_enc"])
account_meta = _fetch_account_meta(conn, acct) account_meta = _fetch_account_meta(conn, acct)
env_ctx = _fetch_cont_env_state(conn, acct)
cont_ctx = { cont_ctx = {
"request": request, "request": request,
"csrf_token": get_csrf_token(request), "csrf_token": get_csrf_token(request),
"api_key": None, "api_key": None,
"are_creds": are_creds,
"creds_mesaj": None, "creds_mesaj": None,
"creds_eroare": None, "creds_eroare": None,
"rot_eroare": None, "rot_eroare": None,
"account_meta": account_meta, "account_meta": account_meta,
"date_firma_mesaj": None, "date_firma_mesaj": None,
"date_firma_eroare": None, "date_firma_eroare": None,
"creds_test_mesaj": None,
"creds_test_eroare": None,
"creds_prod_mesaj": None,
"creds_prod_eroare": None,
"creds_default_eroare": None,
"creds_default_mesaj": None,
**env_ctx,
} }
# US-006 (5.17): context plan pentru sectiunea Plan din _cont.html. # US-006 (5.17): context plan pentru sectiunea Plan din _cont.html.
cont_ctx.update(_plan_ctx(conn, account_id)) cont_ctx.update(_plan_ctx(conn, account_id))
@@ -738,8 +760,13 @@ def fragment_acasa(request: Request) -> HTMLResponse:
@router.get("/_fragments/import", response_class=HTMLResponse) @router.get("/_fragments/import", response_class=HTMLResponse)
def fragment_import(request: Request) -> HTMLResponse: def fragment_import(request: Request) -> HTMLResponse:
"""Fragment HTMX pentru tab-ul Import — include zona de upload.""" """Fragment HTMX pentru tab-ul Import — include zona de upload."""
require_login(request) account_id = require_login(request)
return templates.TemplateResponse("_upload.html", _ctx(request)) conn = get_connection()
try:
env_ctx = _import_env_ctx(conn, account_id)
finally:
conn.close()
return templates.TemplateResponse("_upload.html", _ctx(request, **env_ctx))
@router.get("/_fragments/coada", response_class=HTMLResponse) @router.get("/_fragments/coada", response_class=HTMLResponse)
@@ -2684,13 +2711,20 @@ def _web_compute_preview(
conn, conn,
import_id: int, import_id: int,
account_id: int, account_id: int,
rar_env: str | None = None,
) -> dict[str, Any] | str: ) -> dict[str, Any] | str:
"""Calculeaza preview pentru un batch; intoarce date sau str cu mesaj de eroare. """Calculeaza preview pentru un batch; intoarce date sau str cu mesaj de eroare.
Reutilizeaza _resolve_row_for_preview, _already_sent_lookup, _signature Reutilizeaza _resolve_row_for_preview, _already_sent_lookup, _signature
din import_router. Nu repeta logica de rezolvare — only orchestrare. din import_router. Nu repeta logica de rezolvare — only orchestrare.
`rar_env`: mediul RAR ales de operator; None = default efectiv al contului
(sau ancora globala daca contul nu are medii configurate). Folosit la calculul
cheii de idempotenta la preview — trebuie sa coincida cu env-ul de la commit.
""" """
acct = account_or_default(account_id) acct = account_or_default(account_id)
# Mediul folosit la calculul cheii de idempotenta (preview == commit).
preview_env = rar_env or rar_env_efectiv_cont(conn, account_id) or get_settings().rar_env or "test"
batch = conn.execute( batch = conn.execute(
"SELECT id, account_id, filename FROM import_batches WHERE id=? AND account_id=?", "SELECT id, account_id, filename FROM import_batches WHERE id=? AND account_id=?",
@@ -2796,7 +2830,7 @@ def _web_compute_preview(
key: str | None = None key: str | None = None
if info["resolved_status"] in ("ok", "needs_review", "needs_data"): if info["resolved_status"] in ("ok", "needs_review", "needs_data"):
try: try:
key = _build_idempotency_key(account_id, info["resolved"]) key = _build_idempotency_key(account_id, info["resolved"], preview_env)
keys_for_lookup.append(key) keys_for_lookup.append(key)
key_to_indices.setdefault(key, []).append(i) key_to_indices.setdefault(key, []).append(i)
except Exception: except Exception:
@@ -2901,6 +2935,7 @@ async def web_upload_import(
file: UploadFile = File(...), file: UploadFile = File(...),
sheet_name: str | None = Form(None), sheet_name: str | None = Form(None),
csrf_token: str | None = Form(None), csrf_token: str | None = Form(None),
rar_env: str | None = Form(None),
) -> HTMLResponse: ) -> HTMLResponse:
"""Upload fisier xlsx/csv → staging; intoarce fragment HTML. """Upload fisier xlsx/csv → staging; intoarce fragment HTML.
@@ -2919,31 +2954,64 @@ async def web_upload_import(
try: try:
parsed = parse_file(data, filename, sheet_name=sheet_name) parsed = parse_file(data, filename, sheet_name=sheet_name)
except MultipleSheets as ms: except MultipleSheets as ms:
return templates.TemplateResponse("_upload.html", _ctx(request, sheets=ms.sheet_names)) conn = get_connection()
try:
env_ctx = _import_env_ctx(conn, account_id)
finally:
conn.close()
return templates.TemplateResponse("_upload.html", _ctx(request, sheets=ms.sheet_names, **env_ctx))
except FileTooLarge as e: except FileTooLarge as e:
eroare_upload = _errors.eroare("IMPORT_FISIER_PREA_MARE", cauza=str(e)) eroare_upload = _errors.eroare("IMPORT_FISIER_PREA_MARE", cauza=str(e))
conn = get_connection()
try:
env_ctx = _import_env_ctx(conn, account_id)
finally:
conn.close()
return templates.TemplateResponse("_upload.html", _ctx( return templates.TemplateResponse("_upload.html", _ctx(
request, error=str(e), eroare_upload=eroare_upload request, error=str(e), eroare_upload=eroare_upload, **env_ctx
)) ))
except HeaderError as e: except HeaderError as e:
eroare_upload = _errors.eroare("IMPORT_ANTET_NECLAR", cauza=f"Antet neclar: {e}") eroare_upload = _errors.eroare("IMPORT_ANTET_NECLAR", cauza=f"Antet neclar: {e}")
conn = get_connection()
try:
env_ctx = _import_env_ctx(conn, account_id)
finally:
conn.close()
return templates.TemplateResponse("_upload.html", _ctx( return templates.TemplateResponse("_upload.html", _ctx(
request, error=f"Antet neclar: {e}", eroare_upload=eroare_upload request, error=f"Antet neclar: {e}", eroare_upload=eroare_upload, **env_ctx
)) ))
except UnicodeDecodeError as e: except UnicodeDecodeError as e:
eroare_upload = _errors.eroare("IMPORT_ENCODING", cauza=f"Encoding nesuportat: {e.reason}") eroare_upload = _errors.eroare("IMPORT_ENCODING", cauza=f"Encoding nesuportat: {e.reason}")
conn = get_connection()
try:
env_ctx = _import_env_ctx(conn, account_id)
finally:
conn.close()
return templates.TemplateResponse("_upload.html", _ctx( return templates.TemplateResponse("_upload.html", _ctx(
request, error=f"Encoding nesuportat: {e.reason}", eroare_upload=eroare_upload request, error=f"Encoding nesuportat: {e.reason}", eroare_upload=eroare_upload, **env_ctx
)) ))
except Exception as e: except Exception as e:
eroare_upload = _errors.eroare("IMPORT_FISIER_NERECUNOSCUT", cauza=f"Fisier nerecunoscut (xlsx/csv): {type(e).__name__}") eroare_upload = _errors.eroare("IMPORT_FISIER_NERECUNOSCUT", cauza=f"Fisier nerecunoscut (xlsx/csv): {type(e).__name__}")
conn = get_connection()
try:
env_ctx = _import_env_ctx(conn, account_id)
finally:
conn.close()
return templates.TemplateResponse("_upload.html", _ctx( return templates.TemplateResponse("_upload.html", _ctx(
request, error=f"Fisier nerecunoscut (xlsx/csv): {type(e).__name__}", eroare_upload=eroare_upload request, error=f"Fisier nerecunoscut (xlsx/csv): {type(e).__name__}", eroare_upload=eroare_upload, **env_ctx
)) ))
conn = get_connection() conn = get_connection()
try: try:
sig = _signature(parsed.columns) sig = _signature(parsed.columns)
env_ctx = _import_env_ctx(conn, account_id)
# Rezolva mediul RAR ales — cerut din form sau default cont (fallback ancora globala).
# La 0 medii: rezolva_rar_env cade pe ancora globala (rar_env config), non-blocant.
try:
upload_env = rezolva_rar_env(conn, account_id, rar_env or None)
except (ValueError, MediuIndisponibil):
upload_env = rar_env_efectiv_cont(conn, account_id) or get_settings().rar_env or "test"
# Stagingul in DB (tranzactie explicita) # Stagingul in DB (tranzactie explicita)
conn.execute("BEGIN IMMEDIATE") conn.execute("BEGIN IMMEDIATE")
@@ -2978,18 +3046,17 @@ async def web_upload_import(
if existing: if existing:
# Mapare retinuta → computa preview imediat # Mapare retinuta → computa preview imediat
result = _web_compute_preview(conn, batch_id_int, account_id) result = _web_compute_preview(conn, batch_id_int, account_id, rar_env=upload_env)
if isinstance(result, str): if isinstance(result, str):
return templates.TemplateResponse("_upload.html", { return templates.TemplateResponse("_upload.html", _ctx(
"request": request, request, error=result, **env_ctx
"error": result, ))
"csrf_token": get_csrf_token(request),
})
return templates.TemplateResponse("_preview_import.html", { return templates.TemplateResponse("_preview_import.html", {
"request": request, "request": request,
"import_id": batch_id_int, "import_id": batch_id_int,
"message": "Mapare retinuta aplicata automat.", "message": "Mapare retinuta aplicata automat.",
"csrf_token": get_csrf_token(request), "csrf_token": get_csrf_token(request),
"rar_env": upload_env,
**result, **result,
}) })
@@ -3012,6 +3079,7 @@ async def web_upload_import(
"canonical_fields": _CANONICAL_FIELDS, "canonical_fields": _CANONICAL_FIELDS,
"format_data": None, "format_data": None,
"csrf_token": get_csrf_token(request), "csrf_token": get_csrf_token(request),
"rar_env": upload_env,
}) })
finally: finally:
conn.close() conn.close()
@@ -3129,8 +3197,9 @@ async def web_save_mapare_coloane(
(import_id, acct), (import_id, acct),
).fetchone() ).fetchone()
if not batch: if not batch:
env_ctx = _import_env_ctx(conn, account_id)
return templates.TemplateResponse("_upload.html", _ctx( return templates.TemplateResponse("_upload.html", _ctx(
request, error="Batch de import inexistent sau expirat." request, error="Batch de import inexistent sau expirat.", **env_ctx
)) ))
# Semnatura = antetul COMPLET al fisierului (toate coloanele, inclusiv cele # Semnatura = antetul COMPLET al fisierului (toate coloanele, inclusiv cele
@@ -3148,12 +3217,20 @@ async def web_save_mapare_coloane(
(acct, sig, json.dumps(json_mapare, ensure_ascii=False), format_data_val), (acct, sig, json.dumps(json_mapare, ensure_ascii=False), format_data_val),
) )
# Mediu RAR transmis din form-ul de mapare (daca exista) sau default cont
form_rar_env = str(form.get("rar_env") or "").strip() or None
try:
mapare_env = rezolva_rar_env(conn, account_id, form_rar_env)
except (ValueError, MediuIndisponibil):
mapare_env = rar_env_efectiv_cont(conn, account_id) or get_settings().rar_env or "test"
# Computa preview # Computa preview
result = _web_compute_preview(conn, import_id, account_id) result = _web_compute_preview(conn, import_id, account_id, rar_env=mapare_env)
if isinstance(result, str): if isinstance(result, str):
return templates.TemplateResponse("_upload.html", _ctx(request, error=result)) env_ctx = _import_env_ctx(conn, account_id)
return templates.TemplateResponse("_upload.html", _ctx(request, error=result, **env_ctx))
return templates.TemplateResponse("_preview_import.html", _ctx( return templates.TemplateResponse("_preview_import.html", _ctx(
request, import_id=import_id, **result request, import_id=import_id, rar_env=mapare_env, **result
)) ))
finally: finally:
conn.close() conn.close()
@@ -3163,22 +3240,31 @@ async def web_save_mapare_coloane(
def web_preview_import( def web_preview_import(
request: Request, request: Request,
import_id: int, import_id: int,
rar_env: str | None = None,
) -> HTMLResponse: ) -> HTMLResponse:
"""Preview 6 stari per rand. Tinta HTMX dupa mapare retinuta sau navigare directa.""" """Preview 6 stari per rand. Tinta HTMX dupa mapare retinuta sau navigare directa."""
account_id = require_login(request) account_id = require_login(request)
conn = get_connection() conn = get_connection()
try: try:
result = _web_compute_preview(conn, import_id, account_id) # Rezolva mediul pentru preview (din query param sau default cont)
try:
preview_env = rezolva_rar_env(conn, account_id, rar_env)
except (ValueError, MediuIndisponibil):
preview_env = rar_env_efectiv_cont(conn, account_id) or get_settings().rar_env or "test"
result = _web_compute_preview(conn, import_id, account_id, rar_env=preview_env)
if isinstance(result, str): if isinstance(result, str):
env_ctx = _import_env_ctx(conn, account_id)
return templates.TemplateResponse("_upload.html", { return templates.TemplateResponse("_upload.html", {
"request": request, "request": request,
"error": result, "error": result,
"csrf_token": get_csrf_token(request), "csrf_token": get_csrf_token(request),
**env_ctx,
}) })
return templates.TemplateResponse("_preview_import.html", { return templates.TemplateResponse("_preview_import.html", {
"request": request, "request": request,
"import_id": import_id, "import_id": import_id,
"csrf_token": get_csrf_token(request), "csrf_token": get_csrf_token(request),
"rar_env": preview_env,
**result, **result,
}) })
finally: finally:
@@ -3601,10 +3687,13 @@ async def web_mapare_operatii(
@router.get("/_import/reset", response_class=HTMLResponse) @router.get("/_import/reset", response_class=HTMLResponse)
def web_import_reset(request: Request) -> HTMLResponse: def web_import_reset(request: Request) -> HTMLResponse:
"""Reseteaza sectiunea de import la starea initiala (drop zone gol).""" """Reseteaza sectiunea de import la starea initiala (drop zone gol)."""
return templates.TemplateResponse("_upload.html", { account_id = require_login(request)
"request": request, conn = get_connection()
"csrf_token": get_csrf_token(request), try:
}) env_ctx = _import_env_ctx(conn, account_id)
finally:
conn.close()
return templates.TemplateResponse("_upload.html", _ctx(request, **env_ctx))
@router.post("/_import/{import_id}/confirma", response_class=HTMLResponse) @router.post("/_import/{import_id}/confirma", response_class=HTMLResponse)
@@ -3631,6 +3720,9 @@ async def web_confirma_import(
except (ValueError, TypeError): except (ValueError, TypeError):
n_confirmat = 0 n_confirmat = 0
# Mediu RAR din form (selectat in preview); None = default cont (fallback ancora globala)
rar_env_cerut = str(form.get("rar_env") or "").strip() or None
# US-007: reviewed_rows (checkboxe vechi) NU mai este sursa de adevar pentru gate-ul # US-007: reviewed_rows (checkboxe vechi) NU mai este sursa de adevar pentru gate-ul
# de commit pe canalul web. Gate-ul este derivat din DB import_rows.reviewed (D#8). # de commit pe canalul web. Gate-ul este derivat din DB import_rows.reviewed (D#8).
# Randurile needs_review confirmate de operator via /confirma-review au resolved_status='ok' # Randurile needs_review confirmate de operator via /confirma-review au resolved_status='ok'
@@ -3798,6 +3890,12 @@ async def web_confirma_import(
valid_codes = load_nomenclator_codes(conn) or None valid_codes = load_nomenclator_codes(conn) or None
text_rules = load_text_rules(conn, acct) text_rules = load_text_rules(conn, acct)
# Rezolva mediul RAR tinta al lotului (US-009): form > default cont > ancora globala.
try:
env = rezolva_rar_env(conn, account_id, rar_env_cerut)
except (ValueError, MediuIndisponibil):
env = rar_env_efectiv_cont(conn, account_id) or get_settings().rar_env or "test"
# Enqueue in tranzactie explicita — INSERT ON CONFLICT DO NOTHING (TOCTOU) # Enqueue in tranzactie explicita — INSERT ON CONFLICT DO NOTHING (TOCTOU)
enqueued: list[dict] = [] enqueued: list[dict] = []
toctou: list[int] = [] toctou: list[int] = []
@@ -3857,7 +3955,7 @@ async def web_confirma_import(
"odometru_final": canon["odometru_final"], "odometru_final": canon["odometru_final"],
}) })
key = build_key(account_id, canon) key = build_key(account_id, canon, env)
rows_for_hash.append(json.dumps({ rows_for_hash.append(json.dumps({
"row_index": row_index, "row_index": row_index,
@@ -3872,9 +3970,9 @@ async def web_confirma_import(
cur = conn.execute( cur = conn.execute(
"INSERT OR IGNORE INTO submissions " "INSERT OR IGNORE INTO submissions "
"(idempotency_key, account_id, status, payload_json, batch_id, row_index, purge_after) " "(idempotency_key, account_id, status, payload_json, batch_id, row_index, purge_after, rar_env) "
"VALUES (?, ?, 'queued', ?, ?, ?, datetime('now', '+90 days'))", "VALUES (?, ?, 'queued', ?, ?, ?, datetime('now', '+90 days'), ?)",
(key, acct, json.dumps(mapped, ensure_ascii=False), import_id, row_index), (key, acct, json.dumps(mapped, ensure_ascii=False), import_id, row_index, env),
) )
if cur.rowcount == 0: if cur.rowcount == 0:
toctou.append(row_index) toctou.append(row_index)
@@ -3922,8 +4020,9 @@ async def web_confirma_import(
status_ctx = _build_status_ctx(request, conn, account_id, oob=True) status_ctx = _build_status_ctx(request, conn, account_id, oob=True)
# Randeaza imediat (conn inca deschis — query-urile s-au facut mai sus). # Randeaza imediat (conn inca deschis — query-urile s-au facut mai sus).
env_ctx_success = _import_env_ctx(conn, account_id)
upload_html = templates.get_template("_upload.html").render( upload_html = templates.get_template("_upload.html").render(
_ctx(request, are_trimiteri=True, message=succes_msg) _ctx(request, are_trimiteri=True, message=succes_msg, **env_ctx_success)
) )
coada_html = templates.get_template("_coada.html").render(acasa_ctx) coada_html = templates.get_template("_coada.html").render(acasa_ctx)
status_html = templates.get_template("_status.html").render(status_ctx) status_html = templates.get_template("_status.html").render(status_ctx)
@@ -3943,6 +4042,66 @@ async def web_confirma_import(
# care cere cheie API; sesiunea web e suficienta ca identitate). # # care cere cheie API; sesiunea web e suficienta ca identitate). #
# =========================================================================== # # =========================================================================== #
# ---------------------------------------------------------------------------
# US-007 (PRD 5.20): Validare credentiale RAR env-aware
#
# Premisa confirmata live (2026-06-29): creds de productie NU se valideaza pe RAR
# test si invers (401 incrucisat). Deci login-ul de proba TREBUIE sa loveasca
# endpoint-ul mediului caruia ii apartin credentialele.
#
# Puncte de validare existente:
# - /cont/test-rar-creds (testeaza integrarea RAR, fara efecte secundare)
# Puncte non-aplicabile (nu colecteaza/valideaza creds RAR):
# - signup (/signup): nu colecteaza credentiale RAR — creare cont platforma, nu RAR
# - preview import: nu valideaza credentiale RAR
# Puncte viitoare (US-008):
# - /cont/rar-creds la salvare creds per-mediu (va apela _valideaza_login_rar)
# ---------------------------------------------------------------------------
def _eticheta_mediu_rar(env: str) -> str:
"""Eticheta umana a mediului RAR pentru mesaje de eroare/succes.
'test' -> 'TESTARE', 'prod' -> 'PRODUCTIE'.
"""
return "PRODUCTIE" if env == "prod" else "TESTARE"
def _valideaza_login_rar(
settings,
email: str,
password: str,
env: str,
) -> tuple[bool, str | None]:
"""Valideaza credentialele RAR prin login pe mediul specificat (US-007, PRD 5.20).
Creeaza un RarClient cu base_url-ul mediului `env` (NU base_url-ul global),
deoarece RAR test si RAR prod sunt sisteme separate cu credentiale separate.
Parametri
---------
settings: configuratia aplicatiei (pentru base_url_test/prod si timeout)
email: email-ul contului RAR
password: parola contului RAR
env: mediul tinta: 'test' sau 'prod'
Returneaza
----------
(True, None) la succes (login reusit)
(False, mesaj) la esec; `mesaj` include eticheta mediului ('TESTARE'/'PRODUCTIE'),
ex. 'Credentiale RAR invalide pe TESTARE.'
"""
env_label = _eticheta_mediu_rar(env)
try:
with RarClient(settings, base_url=base_url_pentru_env(settings, env)) as rar:
rar.login(email, password)
return True, None
except RarAuthError:
return False, f"Credentiale RAR invalide pe {env_label}."
except RarError as exc:
return False, f"Eroare la conectare RAR ({env_label}): {exc}"
def _render_cont( def _render_cont(
request: Request, request: Request,
*, *,
@@ -3954,6 +4113,19 @@ def _render_cont(
account_meta: dict | None = None, account_meta: dict | None = None,
date_firma_mesaj: str | None = None, date_firma_mesaj: str | None = None,
date_firma_eroare: str | None = None, date_firma_eroare: str | None = None,
# Per-env (US-008, PRD 5.20): starea mediilor RAR Testare + Productie.
test_enabled: bool = False,
prod_enabled: bool = True,
test_disponibil: bool = False,
prod_disponibil: bool = False,
rar_env_default: str = "prod",
medii_disponibile: list | None = None,
creds_test_mesaj: str | None = None,
creds_test_eroare: str | None = None,
creds_prod_mesaj: str | None = None,
creds_prod_eroare: str | None = None,
creds_default_eroare: str | None = None,
creds_default_mesaj: str | None = None,
) -> HTMLResponse: ) -> HTMLResponse:
"""Randeaza cardul 'Contul meu'. Parola niciodata in value=.""" """Randeaza cardul 'Contul meu'. Parola niciodata in value=."""
return templates.TemplateResponse( return templates.TemplateResponse(
@@ -3968,6 +4140,18 @@ def _render_cont(
account_meta=account_meta or {}, account_meta=account_meta or {},
date_firma_mesaj=date_firma_mesaj, date_firma_mesaj=date_firma_mesaj,
date_firma_eroare=date_firma_eroare, date_firma_eroare=date_firma_eroare,
test_enabled=test_enabled,
prod_enabled=prod_enabled,
test_disponibil=test_disponibil,
prod_disponibil=prod_disponibil,
rar_env_default=rar_env_default,
medii_disponibile=medii_disponibile or [],
creds_test_mesaj=creds_test_mesaj,
creds_test_eroare=creds_test_eroare,
creds_prod_mesaj=creds_prod_mesaj,
creds_prod_eroare=creds_prod_eroare,
creds_default_eroare=creds_default_eroare,
creds_default_mesaj=creds_default_mesaj,
), ),
) )
@@ -3987,6 +4171,56 @@ def _fetch_account_meta(conn, acct: int) -> dict:
} }
def _fetch_cont_env_state(conn, acct: int) -> dict:
"""Starea mediilor RAR per env pentru sectiunea 'Credentiale RAR' din _cont.html (US-008).
Returneaza un dict compatibil cu parametrii per-env ai _render_cont:
are_creds -- True daca ORICE credentiale RAR sunt configurate (legacy SAU per-env)
test_enabled -- bifa activare Testare
prod_enabled -- bifa activare Productie
test_disponibil -- Testare activata SI cu creds (poate trimite)
prod_disponibil -- Productie activata SI cu creds (poate trimite)
rar_env_default -- mediul implicit al contului
medii_disponibile -- lista mediilor disponibile (subset din ['test','prod'])
"""
row = conn.execute(
"SELECT rar_test_enabled, rar_prod_enabled, "
"rar_creds_test_enc, rar_creds_prod_enc, rar_env_default, rar_creds_enc "
"FROM accounts WHERE id=?", (acct,)
).fetchone()
if not row:
return {
"are_creds": False,
"test_enabled": False,
"prod_enabled": True,
"test_disponibil": False,
"prod_disponibil": False,
"rar_env_default": "prod",
"medii_disponibile": [],
}
test_enabled = bool(row["rar_test_enabled"])
prod_enabled = bool(row["rar_prod_enabled"])
test_disponibil = test_enabled and bool(row["rar_creds_test_enc"])
prod_disponibil = prod_enabled and bool(row["rar_creds_prod_enc"])
medii: list[str] = []
if test_disponibil:
medii.append("test")
if prod_disponibil:
medii.append("prod")
are_creds = bool(
row["rar_creds_enc"] or row["rar_creds_test_enc"] or row["rar_creds_prod_enc"]
)
return {
"are_creds": are_creds,
"test_enabled": test_enabled,
"prod_enabled": prod_enabled,
"test_disponibil": test_disponibil,
"prod_disponibil": prod_disponibil,
"rar_env_default": row["rar_env_default"] or "prod",
"medii_disponibile": medii,
}
@router.get("/_fragments/cont", response_class=HTMLResponse) @router.get("/_fragments/cont", response_class=HTMLResponse)
def fragment_cont(request: Request) -> HTMLResponse: def fragment_cont(request: Request) -> HTMLResponse:
"""Fragment HTMX card 'Contul meu': stare cheie + creds RAR + date firma.""" """Fragment HTMX card 'Contul meu': stare cheie + creds RAR + date firma."""
@@ -3994,12 +4228,9 @@ def fragment_cont(request: Request) -> HTMLResponse:
acct = account_or_default(account_id) acct = account_or_default(account_id)
conn = get_connection() conn = get_connection()
try: try:
row = conn.execute(
"SELECT id, name, cui, email, rar_creds_enc FROM accounts WHERE id=?", (acct,)
).fetchone()
are_creds = bool(row and row["rar_creds_enc"])
account_meta = _fetch_account_meta(conn, acct) account_meta = _fetch_account_meta(conn, acct)
return _render_cont(request, are_creds=are_creds, account_meta=account_meta) env_ctx = _fetch_cont_env_state(conn, acct)
return _render_cont(request, account_meta=account_meta, **env_ctx)
finally: finally:
conn.close() conn.close()
@@ -4016,12 +4247,9 @@ def cont_roteste_cheie(
conn = get_connection() conn = get_connection()
try: try:
new_key = rotate_api_key(conn, acct) new_key = rotate_api_key(conn, acct)
row = conn.execute(
"SELECT rar_creds_enc FROM accounts WHERE id=?", (acct,)
).fetchone()
are_creds = bool(row and row["rar_creds_enc"])
account_meta = _fetch_account_meta(conn, acct) account_meta = _fetch_account_meta(conn, acct)
return _render_cont(request, api_key=new_key, are_creds=are_creds, account_meta=account_meta) env_ctx = _fetch_cont_env_state(conn, acct)
return _render_cont(request, api_key=new_key, account_meta=account_meta, **env_ctx)
finally: finally:
conn.close() conn.close()
@@ -4050,15 +4278,14 @@ async def cont_date_firma(request: Request) -> HTMLResponse:
conn = get_connection() conn = get_connection()
try: try:
account_meta = _fetch_account_meta(conn, acct) account_meta = _fetch_account_meta(conn, acct)
row_cr = conn.execute("SELECT rar_creds_enc FROM accounts WHERE id=?", (acct,)).fetchone() env_ctx = _fetch_cont_env_state(conn, acct)
are_creds = bool(row_cr and row_cr["rar_creds_enc"])
finally: finally:
conn.close() conn.close()
return _render_cont( return _render_cont(
request, request,
are_creds=are_creds,
account_meta=account_meta, account_meta=account_meta,
date_firma_eroare="Compania (numele firmei) este obligatorie.", date_firma_eroare="Compania (numele firmei) este obligatorie.",
**env_ctx,
) )
# Normalizare si validare email # Normalizare si validare email
@@ -4067,31 +4294,27 @@ async def cont_date_firma(request: Request) -> HTMLResponse:
except ValueError as exc: except ValueError as exc:
conn = get_connection() conn = get_connection()
try: try:
account_meta = _fetch_account_meta(conn, acct) env_ctx = _fetch_cont_env_state(conn, acct)
row_cr = conn.execute("SELECT rar_creds_enc FROM accounts WHERE id=?", (acct,)).fetchone()
are_creds = bool(row_cr and row_cr["rar_creds_enc"])
finally: finally:
conn.close() conn.close()
return _render_cont( return _render_cont(
request, request,
are_creds=are_creds,
account_meta={"name": companie_raw, "email": email_raw, "cui": cui_raw}, account_meta={"name": companie_raw, "email": email_raw, "cui": cui_raw},
date_firma_eroare=f"Email invalid: {exc}", date_firma_eroare=f"Email invalid: {exc}",
**env_ctx,
) )
if not email_norm: if not email_norm:
conn = get_connection() conn = get_connection()
try: try:
account_meta = _fetch_account_meta(conn, acct) env_ctx = _fetch_cont_env_state(conn, acct)
row_cr = conn.execute("SELECT rar_creds_enc FROM accounts WHERE id=?", (acct,)).fetchone()
are_creds = bool(row_cr and row_cr["rar_creds_enc"])
finally: finally:
conn.close() conn.close()
return _render_cont( return _render_cont(
request, request,
are_creds=are_creds,
account_meta={"name": companie_raw, "email": email_raw, "cui": cui_raw}, account_meta={"name": companie_raw, "email": email_raw, "cui": cui_raw},
date_firma_eroare="Email-ul de contact este obligatoriu.", date_firma_eroare="Email-ul de contact este obligatoriu.",
**env_ctx,
) )
# Normalizare si validare CUI # Normalizare si validare CUI
@@ -4100,31 +4323,27 @@ async def cont_date_firma(request: Request) -> HTMLResponse:
except ValueError as exc: except ValueError as exc:
conn = get_connection() conn = get_connection()
try: try:
account_meta = _fetch_account_meta(conn, acct) env_ctx = _fetch_cont_env_state(conn, acct)
row_cr = conn.execute("SELECT rar_creds_enc FROM accounts WHERE id=?", (acct,)).fetchone()
are_creds = bool(row_cr and row_cr["rar_creds_enc"])
finally: finally:
conn.close() conn.close()
return _render_cont( return _render_cont(
request, request,
are_creds=are_creds,
account_meta={"name": companie_raw, "email": email_norm, "cui": cui_raw}, account_meta={"name": companie_raw, "email": email_norm, "cui": cui_raw},
date_firma_eroare=f"CUI invalid: {exc}", date_firma_eroare=f"CUI invalid: {exc}",
**env_ctx,
) )
if not cui_norm: if not cui_norm:
conn = get_connection() conn = get_connection()
try: try:
account_meta = _fetch_account_meta(conn, acct) env_ctx = _fetch_cont_env_state(conn, acct)
row_cr = conn.execute("SELECT rar_creds_enc FROM accounts WHERE id=?", (acct,)).fetchone()
are_creds = bool(row_cr and row_cr["rar_creds_enc"])
finally: finally:
conn.close() conn.close()
return _render_cont( return _render_cont(
request, request,
are_creds=are_creds,
account_meta={"name": companie_raw, "email": email_norm, "cui": cui_raw}, account_meta={"name": companie_raw, "email": email_norm, "cui": cui_raw},
date_firma_eroare="CUI-ul firmei este obligatoriu.", date_firma_eroare="CUI-ul firmei este obligatoriu.",
**env_ctx,
) )
# Actualizare in DB # Actualizare in DB
@@ -4142,26 +4361,24 @@ async def cont_date_firma(request: Request) -> HTMLResponse:
).fetchone() ).fetchone()
owner = existing["id"] if existing else "?" owner = existing["id"] if existing else "?"
account_meta = _fetch_account_meta(conn, acct) account_meta = _fetch_account_meta(conn, acct)
row_cr = conn.execute("SELECT rar_creds_enc FROM accounts WHERE id=?", (acct,)).fetchone() env_ctx = _fetch_cont_env_state(conn, acct)
are_creds = bool(row_cr and row_cr["rar_creds_enc"])
return _render_cont( return _render_cont(
request, request,
are_creds=are_creds,
account_meta={"name": companie_raw, "email": email_norm, "cui": cui_norm}, account_meta={"name": companie_raw, "email": email_norm, "cui": cui_norm},
date_firma_eroare=( date_firma_eroare=(
f"CUI-ul {cui_norm} este deja folosit de alt cont (id={owner}). " f"CUI-ul {cui_norm} este deja folosit de alt cont (id={owner}). "
"Foloseste un CUI diferit sau contacteaza administratorul." "Foloseste un CUI diferit sau contacteaza administratorul."
), ),
**env_ctx,
) )
account_meta = _fetch_account_meta(conn, acct) account_meta = _fetch_account_meta(conn, acct)
row_cr = conn.execute("SELECT rar_creds_enc FROM accounts WHERE id=?", (acct,)).fetchone() env_ctx = _fetch_cont_env_state(conn, acct)
are_creds = bool(row_cr and row_cr["rar_creds_enc"])
return _render_cont( return _render_cont(
request, request,
are_creds=are_creds,
account_meta=account_meta, account_meta=account_meta,
date_firma_mesaj="Datele firmei au fost salvate.", date_firma_mesaj="Datele firmei au fost salvate.",
**env_ctx,
) )
finally: finally:
conn.close() conn.close()
@@ -4244,18 +4461,15 @@ def cont_rar_creds(
if not email or not parola: if not email or not parola:
conn = get_connection() conn = get_connection()
try: try:
row = conn.execute(
"SELECT rar_creds_enc FROM accounts WHERE id=?", (acct,)
).fetchone()
are_creds = bool(row and row["rar_creds_enc"])
account_meta = _fetch_account_meta(conn, acct) account_meta = _fetch_account_meta(conn, acct)
env_ctx = _fetch_cont_env_state(conn, acct)
finally: finally:
conn.close() conn.close()
return _render_cont( return _render_cont(
request, request,
are_creds=are_creds,
creds_eroare="Email si parola sunt obligatorii.", creds_eroare="Email si parola sunt obligatorii.",
account_meta=account_meta, account_meta=account_meta,
**env_ctx,
) )
enc = encrypt_creds({"email": email, "password": parola}) enc = encrypt_creds({"email": email, "password": parola})
@@ -4266,11 +4480,222 @@ def cont_rar_creds(
(enc, acct), (enc, acct),
) )
account_meta = _fetch_account_meta(conn, acct) account_meta = _fetch_account_meta(conn, acct)
env_ctx = _fetch_cont_env_state(conn, acct)
return _render_cont( return _render_cont(
request, request,
are_creds=True,
creds_mesaj="Credentialele RAR au fost salvate cu succes.", creds_mesaj="Credentialele RAR au fost salvate cu succes.",
account_meta=account_meta, account_meta=account_meta,
**env_ctx,
)
finally:
conn.close()
@router.post("/cont/test-rar-creds", response_class=HTMLResponse)
def cont_test_rar_creds(
request: Request,
rar_email: str = Form(""),
rar_parola: str = Form(""),
rar_env: str = Form(default=""),
csrf_token: str | None = Form(None),
) -> HTMLResponse:
"""Testeaza credentialele RAR prin login real pe mediul specificat (US-007, PRD 5.20).
Fara efecte secundare: nu salveaza nimic, nu creeaza submission. Pur validare.
Camp parola NICIODATA re-pus in raspuns.
Decizie env (documentata US-007):
- param `rar_env` explicit ('test'/'prod') -> folosit direct
- altfel -> rar_env_efectiv_cont (default-ul contului) sau ancora globala settings.rar_env
- signup nu colecteaza creds RAR, deci nu apeleaza aceasta functie
"""
account_id = require_login(request)
verify_csrf(request, csrf_token)
email = rar_email.strip()
parola = rar_parola.strip()
if not email or not parola:
return templates.TemplateResponse(
"_integrare_test_rezultat.html",
{"request": request, "succes": False,
"mesaj": "Email si parola sunt obligatorii."},
)
# Determina env-ul de validare
settings = get_settings()
env_cerut = (rar_env or "").strip().lower()
if env_cerut in ("test", "prod"):
env = env_cerut
else:
# Fallback: env-ul efectiv al contului (default) sau ancora globala
conn = get_connection()
try:
env = rar_env_efectiv_cont(conn, account_id) or settings.rar_env or "test"
finally:
conn.close()
ok, mesaj_eroare = _valideaza_login_rar(settings, email, parola, env)
if ok:
env_label = _eticheta_mediu_rar(env)
return templates.TemplateResponse(
"_integrare_test_rezultat.html",
{"request": request, "succes": True,
"mesaj": f"Credentiale RAR valide pe {env_label}."},
)
return templates.TemplateResponse(
"_integrare_test_rezultat.html",
{"request": request, "succes": False, "mesaj": mesaj_eroare},
)
# =========================================================================== #
# US-008 (PRD 5.20): Configurare medii RAR per cont — Testare + Productie. #
# Ruta noua /cont/rar-medii: gestioneaza bifa activare, credentiale si #
# mediul implicit separat pentru fiecare din cele doua medii RAR. #
# =========================================================================== #
@router.post("/cont/rar-medii", response_class=HTMLResponse)
async def cont_rar_medii(request: Request) -> HTMLResponse:
"""Salveaza configuratia mediilor RAR per cont (US-008, PRD 5.20).
Doua sectiuni independente (Testare / Productie): fiecare cu bifa de activare
si campuri email/parola. La salvare, pentru fiecare mediu activat cu creds noi:
- valideaza prin login pe acel env (US-007) — RAR test si prod sunt sisteme separate;
- OK -> cripteaza cu Fernet si scrie in rar_creds_{env}_enc + enabled=1;
- esec login -> eroare per-env, mediul NU devine disponibil (creds nesalvate).
Activarea Productie pentru prima oara necesita checkbox-ul de confirmare
(constientizare L.142 — trimiterile sunt declaratii oficiale, finale si fara anulare).
Mediul implicit (rar_env_default) poate fi setat DOAR pe un mediu disponibil
(validat server-side post-update; altfel eroare, valoarea veche ramane).
Parolele NICIODATA reflectate inapoi in pagina (camp gol cu placeholder).
"""
account_id = require_login(request)
form = await request.form()
verify_csrf(request, str(form.get("csrf_token") or ""))
acct = account_or_default(account_id)
test_enabled_form = form.get("test_enabled") == "1"
prod_enabled_form = form.get("prod_enabled") == "1"
prod_confirmare = form.get("prod_confirmare") == "1"
test_email = str(form.get("test_email") or "").strip()
test_parola = str(form.get("test_parola") or "").strip()
prod_email = str(form.get("prod_email") or "").strip()
prod_parola = str(form.get("prod_parola") or "").strip()
rar_env_default_form = str(form.get("rar_env_default") or "").strip()
settings = get_settings()
creds_test_eroare: str | None = None
creds_test_mesaj: str | None = None
creds_prod_eroare: str | None = None
creds_prod_mesaj: str | None = None
creds_default_eroare: str | None = None
creds_default_mesaj: str | None = None
conn = get_connection()
try:
# Starea curenta din DB (inainte de update) — necesara pt logica de confirmare prod.
row_before = conn.execute(
"SELECT rar_prod_enabled FROM accounts WHERE id=?", (acct,)
).fetchone()
was_prod_enabled = bool(row_before["rar_prod_enabled"]) if row_before else False
# Confirmare obligatorie la PRIMA activare Productie (constientizare L.142).
# Nu se cere daca Productie era deja activata (confirmare unica per-activare).
if prod_enabled_form and not was_prod_enabled and not prod_confirmare:
creds_prod_eroare = (
"Bifati confirmarea de mai jos pentru a activa mediul Productie: "
"\"Inteleg ca trimiterile pe Productie sunt declaratii reale (L.142)\"."
)
account_meta = _fetch_account_meta(conn, acct)
env_ctx = _fetch_cont_env_state(conn, acct)
return _render_cont(
request,
account_meta=account_meta,
creds_prod_eroare=creds_prod_eroare,
**env_ctx,
)
# --- Procesare Testare ---
if test_enabled_form:
if test_email and test_parola:
# Ambele campuri completate -> valideaza prin login pe RAR Testare.
ok, mesaj = _valideaza_login_rar(settings, test_email, test_parola, "test")
if ok:
enc = encrypt_creds({"email": test_email, "password": test_parola})
conn.execute(
"UPDATE accounts SET rar_test_enabled=1, rar_creds_test_enc=? WHERE id=?",
(enc, acct),
)
creds_test_mesaj = "Credentiale Testare salvate si validate."
else:
# Login esuat: nu schimbam creds sau enabled; eroare per-env.
creds_test_eroare = mesaj
elif test_email or test_parola:
# Doar unul din campuri completat -> eroare (nu pot fi partial).
creds_test_eroare = "Email si parola Testare trebuie completate impreuna."
else:
# Activat fara creds noi -> marcheaza enabled (creds existente, daca sunt, raman).
conn.execute("UPDATE accounts SET rar_test_enabled=1 WHERE id=?", (acct,))
else:
# Dezactivat -> disabled=0; creds raman pentru posibila re-activare ulterioara.
conn.execute("UPDATE accounts SET rar_test_enabled=0 WHERE id=?", (acct,))
# --- Procesare Productie ---
if prod_enabled_form:
if prod_email and prod_parola:
ok, mesaj = _valideaza_login_rar(settings, prod_email, prod_parola, "prod")
if ok:
enc = encrypt_creds({"email": prod_email, "password": prod_parola})
conn.execute(
"UPDATE accounts SET rar_prod_enabled=1, rar_creds_prod_enc=? WHERE id=?",
(enc, acct),
)
creds_prod_mesaj = "Credentiale Productie salvate si validate."
else:
creds_prod_eroare = mesaj
elif prod_email or prod_parola:
creds_prod_eroare = "Email si parola Productie trebuie completate impreuna."
else:
conn.execute("UPDATE accounts SET rar_prod_enabled=1 WHERE id=?", (acct,))
else:
conn.execute("UPDATE accounts SET rar_prod_enabled=0 WHERE id=?", (acct,))
# --- Mediu implicit (validat post-update contra mediilor disponibile) ---
if rar_env_default_form and rar_env_default_form in ("test", "prod"):
from ..rar_env import medii_disponibile as _medii_disponibile_fn
row_after = conn.execute(
"SELECT rar_test_enabled, rar_prod_enabled, "
"rar_creds_test_enc, rar_creds_prod_enc "
"FROM accounts WHERE id=?", (acct,)
).fetchone()
medii_post = _medii_disponibile_fn(row_after)
if rar_env_default_form in medii_post:
conn.execute(
"UPDATE accounts SET rar_env_default=? WHERE id=?",
(rar_env_default_form, acct),
)
creds_default_mesaj = "Mediu implicit actualizat."
else:
creds_default_eroare = (
"Mediul ales nu e disponibil — activeaza-l si adauga credentiale valide intai."
)
account_meta = _fetch_account_meta(conn, acct)
env_ctx = _fetch_cont_env_state(conn, acct)
return _render_cont(
request,
account_meta=account_meta,
creds_test_mesaj=creds_test_mesaj,
creds_test_eroare=creds_test_eroare,
creds_prod_mesaj=creds_prod_mesaj,
creds_prod_eroare=creds_prod_eroare,
creds_default_eroare=creds_default_eroare,
creds_default_mesaj=creds_default_mesaj,
**env_ctx,
) )
finally: finally:
conn.close() conn.close()

View File

@@ -118,10 +118,13 @@
{% endfor %} {% endfor %}
{# ===== US-005 (5.16): Chips extra + picker '+ Adauga alta operatie / cod RAR' in mod operatii ===== #} {# ===== US-005 (5.16): Chips extra + picker '+ Adauga alta operatie / cod RAR' in mod operatii ===== #}
{# Chips extra: cod_op_service gol, cod_prestatie setat — afisate flat cu × (reuse remove_flat) #} {# Chips extra: cod_op_service gol, cod_prestatie setat — afisate flat cu × (reuse remove_flat).
T-7 (5.16): containerul .chips se randeaza DOAR cand exista chips extra — altfel ramanea
un chenar gol nefinisat sub randurile de operatie. #}
{% set _extra_chips = _chips | rejectattr('cod_op_service') | selectattr('cod_prestatie') | list %}
{% if _extra_chips %}
<div class="chips" role="group" aria-label="Coduri RAR suplimentare" style="margin-top:4px;"> <div class="chips" role="group" aria-label="Coduri RAR suplimentare" style="margin-top:4px;">
{% for chip in _chips %} {% for chip in _extra_chips %}
{% if not chip.cod_op_service and chip.cod_prestatie %}
{% set _is_warn_extra = chip.cod_prestatie in ('R-ODO', 'I-ODO') %} {% set _is_warn_extra = chip.cod_prestatie in ('R-ODO', 'I-ODO') %}
<span class="chip {% if _is_warn_extra %}chip-warn{% endif %}" <span class="chip {% if _is_warn_extra %}chip-warn{% endif %}"
aria-label="Cod RAR suplimentar {{ chip.cod_prestatie }}"> aria-label="Cod RAR suplimentar {{ chip.cod_prestatie }}">
@@ -134,9 +137,9 @@
hx-vals='{"chips_action":"remove_flat","chips_remove_cod":"{{ chip.cod_prestatie }}"}' hx-vals='{"chips_action":"remove_flat","chips_remove_cod":"{{ chip.cod_prestatie }}"}'
aria-label="Sterge codul suplimentar {{ chip.cod_prestatie }}">&times;</button> aria-label="Sterge codul suplimentar {{ chip.cod_prestatie }}">&times;</button>
</span> </span>
{% endif %}
{% endfor %} {% endfor %}
</div> </div>
{% endif %}
{% if nomenclator_rar %} {% if nomenclator_rar %}
<span style="display:inline-flex;align-items:center;gap:4px;margin-top:4px;"> <span style="display:inline-flex;align-items:center;gap:4px;margin-top:4px;">
<select name="chips_add_cod_flat" <select name="chips_add_cod_flat"

View File

@@ -6,19 +6,26 @@
style="margin-top:22px; padding-top:18px; border-top:2px solid var(--line);" style="margin-top:22px; padding-top:18px; border-top:2px solid var(--line);"
{% if oob %}hx-swap-oob="outerHTML"{% endif %}> {% if oob %}hx-swap-oob="outerHTML"{% endif %}>
<div class="card"> <div class="card">
<div style="display:flex; align-items:center; gap:8px; flex-wrap:wrap; margin:0 0 12px;"> {# US-002 (5.16): titlul de sectiune vizibil ("Trimiterile tale") a fost eliminat —
<h2 id="trimiteri-heading" style="font-size:15px; margin:0;"> lista incepe direct sub filtre. Heading pastrat sr-only pentru a11y (section
Trimiterile tale aria-labelledby). Badge-ul de atentie + export CSV stau intr-un rand discret. #}
{% if blocate_total %} <h2 id="trimiteri-heading" class="sr-only">Trimiterile tale</h2>
<span class="tab-badge" title="{{ blocate_total }} necesita atentie" {% if blocate_total %}
style="display:inline-flex; align-items:center; justify-content:center; min-width:18px; height:18px; margin-left:6px; padding:0 5px; border-radius:99px; background:var(--err); color:#fff; font-size:11px; font-weight:700;">{{ blocate_total }}</span> <div style="display:flex; align-items:center; gap:6px; flex-wrap:wrap; margin:0 0 10px;">
{% endif %} <span class="tab-badge" title="{{ blocate_total }} necesita atentie"
</h2> style="display:inline-flex; align-items:center; justify-content:center; min-width:18px; height:18px; padding:0 5px; border-radius:99px; background:var(--err); color:#fff; font-size:11px; font-weight:700;">{{ blocate_total }}</span>
<span class="muted" style="font-size:var(--fs-sm);">de rezolvat</span>
<span style="margin-left:auto; display:flex; gap:8px; flex-wrap:wrap;"> <span style="margin-left:auto; display:flex; gap:8px; flex-wrap:wrap;">
<a class="cardlink" href="/v1/audit/export?status=sent" download>export CSV: trimise</a> <a class="cardlink" href="/v1/audit/export?status=sent" download>export CSV: trimise</a>
<a class="cardlink" href="/v1/audit/export?status=all" download>toate</a> <a class="cardlink" href="/v1/audit/export?status=all" download>toate</a>
</span> </span>
</div> </div>
{% else %}
<div style="display:flex; justify-content:flex-end; gap:8px; flex-wrap:wrap; margin:0 0 10px;">
<a class="cardlink" href="/v1/audit/export?status=sent" download>export CSV: trimise</a>
<a class="cardlink" href="/v1/audit/export?status=all" download>toate</a>
</div>
{% endif %}
<!-- Bara de filtre: [quick-pills data STANGA] [cautare vehicul MIJLOC] [pills stare DREAPTA]. <!-- Bara de filtre: [quick-pills data STANGA] [cautare vehicul MIJLOC] [pills stare DREAPTA].
Pill-urile de stare scriu campul hidden status si re-trimit form-ul (filtreazaStare). Pill-urile de stare scriu campul hidden status si re-trimit form-ul (filtreazaStare).

View File

@@ -114,36 +114,106 @@
<!-- Sectiunea: Credentiale RAR --> <!-- Sectiunea: Credentiale RAR -->
<div> <div>
<h3 style="font-size:13px; color:var(--muted); font-weight:500; margin:0 0 8px; text-transform:uppercase; letter-spacing:.04em;">Credentiale RAR (portal AUTOPASS)</h3> <h3 style="font-size:13px; color:var(--muted); font-weight:500; margin:0 0 12px; text-transform:uppercase; letter-spacing:.04em;">Credentiale RAR (portal AUTOPASS)</h3>
{% if are_creds %}
<div class="flash" style="margin-bottom:12px;">Credentiale RAR configurate.</div>
{% endif %}
{% if creds_mesaj %} {% if creds_mesaj %}
<div class="flash" style="margin-bottom:12px;">{{ creds_mesaj }}</div> <div class="flash" style="margin-bottom:12px;">{{ creds_mesaj }}</div>
{% endif %} {% endif %}
{% if creds_eroare %} {% if creds_eroare %}
<div class="banner" style="margin-bottom:12px; padding:8px 12px;">{{ creds_eroare }}</div> <div class="banner" style="margin-bottom:12px; padding:8px 12px;">{{ creds_eroare }}</div>
{% endif %} {% endif %}
<form hx-post="/cont/rar-creds" <form hx-post="/cont/rar-medii"
hx-target="#card-cont" hx-target="#card-cont"
hx-swap="outerHTML"> hx-swap="outerHTML">
<input type="hidden" name="csrf_token" value="{{ csrf_token }}"> <input type="hidden" name="csrf_token" value="{{ csrf_token }}">
<p style="margin:0 0 8px;">
<label style="font-size:13px; color:var(--muted);">Email RAR</label><br> <!-- Subsectiunea: Testare -->
<input type="email" name="rar_email" required style="width:100%; max-width:340px;" <div style="margin-bottom:16px; padding-bottom:16px; border-bottom:1px solid var(--line);">
placeholder="email@service.ro"> <p style="margin:0 0 6px;">
</p> <label style="font-size:13px; color:var(--muted); display:flex; align-items:center; gap:6px;">
<p style="margin:0 0 12px;"> <input type="checkbox" name="test_enabled" value="1" {% if test_enabled %}checked{% endif %}>
<label style="font-size:13px; color:var(--muted);">Parola RAR</label><br> Activare Testare
<input type="password" name="rar_parola" required style="width:100%; max-width:340px;" </label>
autocomplete="new-password"> {% if test_disponibil %}
</p> <span style="font-size:12px; color:var(--ok);">configurat</span>
<button type="submit">Salveaza credentiale RAR</button> {% endif %}
<span style="font-size:12px; color:var(--muted); margin-left:8px;">Parola stocata criptat, niciodata in clar.</span> </p>
<p style="margin:0 0 8px;">
<label style="font-size:13px; color:var(--muted);">Email RAR Testare</label><br>
<input type="email" name="test_email" style="width:100%; max-width:340px;"
placeholder="email@service.ro">
</p>
<p style="margin:0 0 8px;">
<label style="font-size:13px; color:var(--muted);">Parola RAR Testare</label><br>
<input type="password" name="test_parola" style="width:100%; max-width:340px;"
autocomplete="new-password">
</p>
{% if creds_test_mesaj %}
<div class="flash" style="margin-top:6px;">{{ creds_test_mesaj }}</div>
{% endif %}
{% if creds_test_eroare %}
<div class="banner" style="margin-top:6px; padding:8px 12px;">{{ creds_test_eroare }}</div>
{% endif %}
</div>
<!-- Subsectiunea: Productie -->
<div style="margin-bottom:16px; padding-bottom:16px; border-bottom:1px solid var(--line);">
<p style="margin:0 0 6px;">
<label style="font-size:13px; color:var(--muted); display:flex; align-items:center; gap:6px;">
<input type="checkbox" name="prod_enabled" value="1" {% if prod_enabled %}checked{% endif %}>
Activare Productie
</label>
{% if prod_disponibil %}
<span style="font-size:12px; color:var(--ok);">configurat</span>
{% endif %}
</p>
<p style="margin:0 0 8px;">
<label style="font-size:13px; color:var(--muted);">Email RAR Productie</label><br>
<input type="email" name="prod_email" style="width:100%; max-width:340px;"
placeholder="email@service.ro">
</p>
<p style="margin:0 0 8px;">
<label style="font-size:13px; color:var(--muted);">Parola RAR Productie</label><br>
<input type="password" name="prod_parola" style="width:100%; max-width:340px;"
autocomplete="new-password">
</p>
<p style="margin:0 0 8px;">
<label style="font-size:13px; color:var(--muted); display:flex; align-items:flex-start; gap:6px;">
<input type="checkbox" name="prod_confirmare" value="1" style="margin-top:2px; flex-shrink:0;">
Inteleg ca trimiterile pe Productie sunt declaratii reale (L.142), finale si fara anulare.
</label>
</p>
{% if creds_prod_mesaj %}
<div class="flash" style="margin-top:6px;">{{ creds_prod_mesaj }}</div>
{% endif %}
{% if creds_prod_eroare %}
<div class="banner" style="margin-top:6px; padding:8px 12px;">{{ creds_prod_eroare }}</div>
{% endif %}
</div>
<!-- Selector mediu implicit -->
<div style="margin-bottom:16px;">
<label style="font-size:13px; color:var(--muted);">Mediu implicit pentru trimiteri</label><br>
{% if medii_disponibile %}
<select name="rar_env_default" style="width:100%; max-width:340px; margin-top:4px;">
{% for env in medii_disponibile %}
<option value="{{ env }}"{% if env == rar_env_default %} selected{% endif %}>{{ "Testare" if env == "test" else "Productie" }}</option>
{% endfor %}
</select>
{% else %}
<p style="font-size:13px; color:var(--muted); margin:4px 0 0;">Activeaza si valideaza un mediu intai.</p>
{% endif %}
{% if creds_default_mesaj %}
<div class="flash" style="margin-top:6px;">{{ creds_default_mesaj }}</div>
{% endif %}
{% if creds_default_eroare %}
<div class="banner" style="margin-top:6px; padding:8px 12px;">{{ creds_default_eroare }}</div>
{% endif %}
</div>
<button type="submit">Salveaza mediile RAR</button>
<span style="font-size:12px; color:var(--muted); margin-left:8px;">Parolele stocate criptat, niciodata in clar.</span>
</form> </form>
</div> </div>
</div> </div>

View File

@@ -103,8 +103,8 @@
<div class="act-group" style="margin-top:14px;"> <div class="act-group" style="margin-top:14px;">
<button type="submit" class="act act-primary" aria-label="{{ btn_label or 'Salveaza' }}"> <button type="submit" class="act act-primary" aria-label="{{ btn_label or 'Salveaza' }}">
<span class="act-tx">{{ btn_label or 'Salveaza' }}</span>{{ icon('save') }}</button> <span class="act-tx">{{ btn_label or 'Salveaza' }}</span>{{ icon('save') }}</button>
<button type="button" class="act" aria-label="{{ cancel_label or 'Anuleaza' }}" data-modal-close> <button type="button" class="act" aria-label="{{ cancel_label or 'Renunta' }}" data-modal-close>
<span class="act-tx">{{ cancel_label or 'Anuleaza' }}</span>{{ icon('x') }}</button> <span class="act-tx">{{ cancel_label or 'Renunta' }}</span>{{ icon('x') }}</button>
</div> </div>
{% else %} {% else %}
<div style="margin-top:14px;"> <div style="margin-top:14px;">

View File

@@ -226,7 +226,7 @@
</div> </div>
</div> </div>
{# Formular test conexiune #} {# Formular test conexiune cheie API #}
<div class="card" style="margin-bottom:16px;"> <div class="card" style="margin-bottom:16px;">
<h3 style="margin:0 0 12px; font-size:15px;">Testeaza conexiunea</h3> <h3 style="margin:0 0 12px; font-size:15px;">Testeaza conexiunea</h3>
<form id="form-test-cheie" <form id="form-test-cheie"
@@ -246,6 +246,42 @@
<div id="integrare-test-rezultat" style="margin-top:8px;"></div> <div id="integrare-test-rezultat" style="margin-top:8px;"></div>
</div> </div>
{# Formular test credentiale RAR (US-007, PRD 5.20) #}
{# Login de proba pe mediul ales — fara efecte secundare, nu salveaza nimic. #}
{# Banner-ul de rezultat include eticheta mediului ("pe TESTARE" / "pe PRODUCTIE"). #}
<div class="card" style="margin-bottom:16px;">
<h3 style="margin:0 0 6px; font-size:15px;">Testeaza credentiale RAR</h3>
<p class="muted" style="font-size:12px; margin:0 0 10px;">
Verifica daca credentialele RAR sunt corecte pe mediul ales. Nu se salveaza nimic.
</p>
<form id="form-test-rar-creds"
hx-post="/cont/test-rar-creds"
hx-target="#rar-test-rezultat"
hx-swap="innerHTML"
style="display:flex; gap:8px; flex-wrap:wrap; align-items:flex-end;">
<input type="hidden" name="csrf_token" value="{{ csrf_token }}">
<div>
<label for="test-rar-email" style="display:block; font-size:13px; color:var(--muted); margin-bottom:4px;">Email RAR</label>
<input type="email" id="test-rar-email" name="rar_email" placeholder="email@service.ro"
style="width:220px;" autocomplete="off">
</div>
<div>
<label for="test-rar-parola" style="display:block; font-size:13px; color:var(--muted); margin-bottom:4px;">Parola RAR</label>
<input type="password" id="test-rar-parola" name="rar_parola"
style="width:160px;" autocomplete="new-password">
</div>
<div>
<label for="test-rar-env" style="display:block; font-size:13px; color:var(--muted); margin-bottom:4px;">Mediu</label>
<select id="test-rar-env" name="rar_env" style="height:36px; padding:0 8px;">
<option value="prod">Productie</option>
<option value="test">Testare</option>
</select>
</div>
<button type="submit">Testeaza RAR</button>
</form>
<div id="rar-test-rezultat" style="margin-top:8px;"></div>
</div>
</div> </div>
<script> <script>

View File

@@ -14,6 +14,14 @@
Preview — Preview —
<span class="muted" style="font-weight:400;">{{ filename or ("import #" ~ import_id) }}</span> <span class="muted" style="font-weight:400;">{{ filename or ("import #" ~ import_id) }}</span>
</h2> </h2>
{# Badge mediu RAR (US-009): vizibil intotdeauna in preview (claritate tinta) #}
{% if rar_env %}
<span class="pill" style="font-size:var(--fs-xs);
{% if rar_env == 'prod' %}background:color-mix(in srgb,#B4452F 15%,var(--card)); border-color:#B4452F; color:#B4452F; font-weight:700;
{% else %}background:color-mix(in srgb,var(--accent) 12%,var(--card)); border-color:var(--accent); color:var(--accent);{% endif %}">
{{ "PRODUCTIE" if rar_env == "prod" else "Testare" }}
</span>
{% endif %}
<span class="muted" style="margin-left:auto; font-size:var(--fs-sm);">{{ total }} randuri</span> <span class="muted" style="margin-left:auto; font-size:var(--fs-sm);">{{ total }} randuri</span>
</div> </div>
@@ -144,19 +152,18 @@
{% endif %} {% endif %}
<!-- Tabel preview in format identic cu tabelul Trimiteri (.tabel-trimiteri). <!-- Tabel preview in format identic cu tabelul Trimiteri (.tabel-trimiteri).
US-007: 8 coloane (coloana de verificare eliminata). 5.16 (T-4): densitate redusa la coloanele esentiale — Stare / Vehicul /
Randurile au FORM PROPRIU pentru editare (NU sunt in #confirm-form). --> Operatie / Data + Actiuni. KM final + mesajul de validare (Note) au iesit
din tabel: KM se editeaza in modal, motivul apare ca tooltip pe pill-ul de
Stare. Randurile au FORM PROPRIU pentru editare (NU sunt in #confirm-form). -->
<div id="preview-tabel" class="tablewrap tabel-trimiteri"> <div id="preview-tabel" class="tablewrap tabel-trimiteri">
<table> <table>
<thead> <thead>
<tr> <tr>
<th class="col-id">#</th>
<th class="col-stare">Stare</th> <th class="col-stare">Stare</th>
<th class="col-vehicul">Vehicul</th> <th class="col-vehicul">Vehicul</th>
<th class="col-operatie">Operatie</th> <th class="col-operatie">Operatie</th>
<th class="col-data">Data</th> <th class="col-data">Data</th>
<th class="col-km">KM final</th>
<th class="col-note">Note</th>
<th class="col-actiuni">Actiuni</th> <th class="col-actiuni">Actiuni</th>
</tr> </tr>
</thead> </thead>
@@ -179,6 +186,8 @@
hx-target="#import-section" hx-target="#import-section"
hx-swap="outerHTML"> hx-swap="outerHTML">
<input type="hidden" name="csrf_token" value="{{ csrf_token or '' }}"> <input type="hidden" name="csrf_token" value="{{ csrf_token or '' }}">
{# Mediu RAR ales la upload — propagar la commit (US-009) #}
<input type="hidden" name="rar_env" value="{{ rar_env or '' }}">
<div class="sticky-bar"> <div class="sticky-bar">
<div style="flex:1; min-width:280px;"> <div style="flex:1; min-width:280px;">
<!-- Banner declarant — direct deasupra input-ului N --> <!-- Banner declarant — direct deasupra input-ului N -->

View File

@@ -23,9 +23,21 @@
{% if _sent_dup %}class="preview-sent-row"{% endif %} {% if _sent_dup %}class="preview-sent-row"{% endif %}
{% if oob_tr %}hx-swap-oob="outerHTML:#preview-row-{{ row.row_index }}"{% endif %} {% if oob_tr %}hx-swap-oob="outerHTML:#preview-row-{{ row.row_index }}"{% endif %}
style="{% if status == 'needs_review' %}background:rgba(230,179,74,.04);{% elif _sent_dup %}opacity:.6;{% endif %}"> style="{% if status == 'needs_review' %}background:rgba(230,179,74,.04);{% elif _sent_dup %}opacity:.6;{% endif %}">
<td class="col-id muted" data-eticheta="#">{{ row.row_index + 1 }}</td> {#- Motivul (validare / deja-trimis / duplicat) — fost coloana Note, acum tooltip pe pill.
KM final iese din tabel (se editeaza in modal). -#}
{%- if status == 'already_sent' and row.get('already_sent_info') -%}
{%- set ai = row.already_sent_info -%}
{%- set _nota = 'deja trimis ' ~ ((ai.get('created_at') or '')[:10]) ~ ((' (#' ~ ai.id_prezentare ~ ')') if ai.get('id_prezentare') else '') -%}
{%- elif status == 'duplicate_in_file' and row.get('duplicate_with') -%}
{%- set _dwith = [] -%}
{%- for idx in row.duplicate_with -%}{{ _dwith.append(idx + 1) or '' }}{%- endfor -%}
{%- set _nota = 'dubla cu randul ' ~ (_dwith | join(', ')) -%}
{%- else -%}
{%- set _nota = row.nota_umana or '' -%}
{%- endif -%}
<td class="col-stare" data-eticheta="Stare"> <td class="col-stare" data-eticheta="Stare">
<span class="pill {{ row.stare_css }}" style="display:inline-flex; align-items:center; gap:5px;"> <span class="pill {{ row.stare_css }}" style="display:inline-flex; align-items:center; gap:5px;"
{% if _nota %}title="{{ _nota }}"{% endif %}>
<span aria-hidden="true" style="display:inline-block; width:7px; height:7px; border-radius:99px; background:currentColor; flex-shrink:0;"></span>{{ row.stare_eticheta }}</span> <span aria-hidden="true" style="display:inline-block; width:7px; height:7px; border-radius:99px; background:currentColor; flex-shrink:0;"></span>{{ row.stare_eticheta }}</span>
</td> </td>
<td class="col-vehicul" data-eticheta="Vehicul"> <td class="col-vehicul" data-eticheta="Vehicul">
@@ -43,20 +55,6 @@
{% endif %} {% endif %}
</td> </td>
<td class="col-data" data-eticheta="Data prestatie">{{ row.prez.data_prestatie }}</td> <td class="col-data" data-eticheta="Data prestatie">{{ row.prez.data_prestatie }}</td>
<td class="col-km" data-eticheta="KM final">{{ row.prez.odometru }}</td>
<td class="col-note" data-eticheta="Note"
style="font-size:var(--fs-xs); white-space:normal;">
{% if status == 'already_sent' and row.get('already_sent_info') %}
{% set ai = row.already_sent_info %}
deja trimis {{ (ai.get('created_at') or '')[:10] }}
{% if ai.get('id_prezentare') %}(#{{ ai.id_prezentare }}){% endif %}
{% elif status == 'duplicate_in_file' and row.get('duplicate_with') %}
dubla cu randul
{% for idx in row.duplicate_with %}{{ idx + 1 }}{% if not loop.last %}, {% endif %}{% endfor %}
{% else %}
{{ row.nota_umana or '' }}
{% endif %}
</td>
<td class="col-actiuni" data-eticheta="Actiuni" style="text-align:center;"> <td class="col-actiuni" data-eticheta="Actiuni" style="text-align:center;">
{% if status not in ('already_sent', 'duplicate_in_file') %} {% if status not in ('already_sent', 'duplicate_in_file') %}
<button type="button" class="btn-editeaza" <button type="button" class="btn-editeaza"

View File

@@ -137,10 +137,11 @@
class="status-nav-link{% if _tab == 'mapari' %} status-nav-activ{% endif %}">Mapari{% if mapari_badge %}<span class="tab-badge" aria-hidden="true" style="display:inline-flex; align-items:center; justify-content:center; min-width:16px; height:16px; margin-left:4px; padding:0 4px; border-radius:99px; background:var(--err); color:#fff; font-size:11px; font-weight:700;">{{ mapari_badge }}</span>{% endif %}</a> class="status-nav-link{% if _tab == 'mapari' %} status-nav-activ{% endif %}">Mapari{% if mapari_badge %}<span class="tab-badge" aria-hidden="true" style="display:inline-flex; align-items:center; justify-content:center; min-width:16px; height:16px; margin-left:4px; padding:0 4px; border-radius:99px; background:var(--err); color:#fff; font-size:11px; font-weight:700;">{{ mapari_badge }}</span>{% endif %}</a>
</nav> </nav>
{# US-006 (5.17): linia de plan — consum/trial (secundar, sub navigatie, non-blocant). {# US-006 (5.17) + T-6 (5.16): linia de plan in CORP apare DOAR in starea de avertizare
Warn=culoare+text (accesibilitate): >=80% -> --warn; limita atinsa -> --err. (>=80% -> --warn; limita atinsa -> --err). Consumul normal (N/60) traieste in badge-ul
Ierarhie: nu concureaza cu stripul de sanatate (E zero-silent-failures pastrat). #} din antet + linia din meniul burger, nu ca rand permanent in corp (densitate redusa).
{% if plan_linie is defined and plan_linie %} Ierarhie: nu concureaza cu stripul de sanatate (zero-silent-failures pastrat). #}
{% if plan_linie and (plan_warn|default(false) or plan_limita_atinsa|default(false)) %}
<div class="plan-status-line" <div class="plan-status-line"
style="font-size:var(--fs-sm); margin-top:6px; padding-top:6px; style="font-size:var(--fs-sm); margin-top:6px; padding-top:6px;
border-top:1px solid var(--line2); border-top:1px solid var(--line2);

View File

@@ -96,41 +96,43 @@
{% endif %} {% endif %}
</div> </div>
{# Bloc text principal — stanga, ocupa spatiul ramas #} {# Bloc text principal — stanga, ocupa spatiul ramas. Rand de 2 linii (spec 5.16):
L1 = placuta (identificator primar); L2 = cod RAR · operatie · data prestatie. #}
<div style="flex:1 1 auto; min-width:0;"> <div style="flex:1 1 auto; min-width:0;">
{# Linia 1: VIN mono scurt (slim-vin). {# Linia 1: nr. inmatriculare (placuta) — identificatorul primar pe care il
Guard: vin_scurt='—' inseamna VIN lipsa; fallback la vehicul_nr. #} scaneaza operatorul. .slim-vin reumplut (acelasi nume de clasa, churn minim).
{% if r.prez.vin_scurt and r.prez.vin_scurt != '—' %} Fallback cand placuta lipseste ('—'): VIN scurt, apoi mesaj neutru
<div class="slim-vin">{{ r.prez.vin_scurt }}</div> (nu randa em-dash izolat ca identificator). #}
{% if r.prez.vehicul_nr and r.prez.vehicul_nr != '—' %}
<div class="slim-vin">{{ r.prez.vehicul_nr }}</div>
{% elif r.prez.vin_scurt and r.prez.vin_scurt != '—' %}
<div class="slim-vin muted">{{ r.prez.vin_scurt }}</div>
{% else %} {% else %}
<div class="slim-vin muted">{{ r.prez.vehicul_nr }}</div> <div class="slim-vin muted">fara numar</div>
{% endif %} {% endif %}
{# Linia 2: Operatie · ora/data (slim-meta muted) #} {# Linia 2: cod RAR (sau 'nemapat') · operatie (ink, ellipsis) · data prestatie.
<div class="slim-meta">{{ r.prez.operatie }} · {{ r.updated_at }}</div> Separatorul "·" e injectat prin CSS intre celule. Operatia primeste ellipsis
ca randul sa NU treaca pe a 3-a linie nici la 390px.
{# Cod RAR sau indicatorul 'nemapat': discret sub operatie. VIN integral, #id_prezentare si secundele traiesc in modalul de detaliu. #}
Mentine compatibilitatea cu testele cod_rar: OE-2 vizibil, fara prefix 'cod RAR:'. #} <div class="slim-meta slim-rand2">
{% if r.prez.cod_rar and r.prez.cod_rar != '—' %} {% if r.prez.cod_rar and r.prez.cod_rar != '—' %}
<div class="slim-meta"><span class="cod-rar-cod">{{ r.prez.cod_rar }}</span></div> <span class="cod-rar-cod">{{ r.prez.cod_rar }}</span>
{% else %} {% else %}
<div class="slim-meta muted cod-rar-sub">nemapat</div> <span class="cod-rar-cod cod-rar-sub muted">nemapat</span>
{% endif %} {% endif %}
<span class="slim-op">{{ r.prez.operatie }}</span>
{# Linia meta discreta: nr inmatriculare · data prestatie · nr prezentare RAR. {% if r.prez.data_prestatie and r.prez.data_prestatie != '—' %}
Accesibila pe rand; informatia completa e in modalul de detaliu. #} <span class="slim-data muted">{{ r.prez.data_prestatie }}</span>
<div class="slim-meta" style="opacity:0.7;"> {% endif %}
{{ r.prez.vehicul_nr -}}
{%- if r.prez.data_prestatie and r.prez.data_prestatie != '—' %} · {{ r.prez.data_prestatie }}{% endif -%}
{%- if r.id_prezentare %} · #{{ r.id_prezentare }}{% endif %}
</div> </div>
{# Eticheta umana scurta sub pill — text mic, s-error pe error/needs_*. {# Micro-linie umana a problemei — text mic s-error, DOAR pe stari de problema
Afisata DOAR pe randuri cu problema (eticheta_problema ne-goala). (loud-on-exception D6). Randul normal/finalizat ramane strict 2 linii.
Starea transmisa prin TEXT, nu doar culoare. #} Token tipografic --fs-xs (>=12px, scala 5.16). #}
{% if r.eticheta_problema and r.eticheta_problema != r.stare_scurt and r.eticheta_problema != r.stare_text %} {% if r.eticheta_problema and r.eticheta_problema != r.stare_scurt and r.eticheta_problema != r.stare_text %}
<div class="eticheta-problema s-error" style="font-size:10px; margin-top:2px;">{{ r.eticheta_problema }}</div> <div class="eticheta-problema s-error">{{ r.eticheta_problema }}</div>
{% endif %} {% endif %}
</div> </div>

View File

@@ -32,6 +32,38 @@
hx-indicator="#upload-spinner"> hx-indicator="#upload-spinner">
<input type="hidden" name="csrf_token" value="{{ csrf_token or '' }}"> <input type="hidden" name="csrf_token" value="{{ csrf_token or '' }}">
{# Indicator mediu RAR (US-009, PRD 5.20): vizibil inainte de drop-zone #}
{% set medii_rar = medii | default([]) %}
{% if medii_rar | length == 0 %}
{# Banner avertisment — non-blocant (upload continua; commit foloseste ancora globala) #}
<div style="margin-bottom:10px; padding:8px 14px; border-radius:6px;
background:color-mix(in srgb, var(--warn, #e6b34a) 12%, var(--card));
border:1px solid var(--warn, #e6b34a); font-size:13px;" role="note">
<strong>Niciun mediu RAR configurat.</strong>
Trimiterea va folosi configuratia globala. Pentru a activa Testare sau Productie,
<a href="?tab=cont" style="color:var(--accent);">configureaza credentialele RAR</a>.
</div>
{% elif medii_rar | length == 1 %}
{# Eticheta statica (un singur mediu disponibil) #}
<input type="hidden" name="rar_env" value="{{ medii_rar[0] }}">
<div style="margin-bottom:10px; font-size:var(--fs-sm); color:var(--muted);">
Mediu RAR:
<strong>{{ "Testare" if medii_rar[0] == "test" else "Productie" }}</strong>
</div>
{% else %}
{# Selector (doua medii disponibile) #}
<div style="margin-bottom:10px; display:flex; align-items:center; gap:10px;">
<label for="rar-env-select"
style="font-size:var(--fs-sm); color:var(--muted); white-space:nowrap;">
Mediu RAR:
</label>
<select id="rar-env-select" name="rar_env">
<option value="test" {% if env_default == "test" %}selected{% endif %}>Testare</option>
<option value="prod" {% if env_default == "prod" %}selected{% endif %}>Productie</option>
</select>
</div>
{% endif %}
{% if sheets %} {% if sheets %}
<div style="margin-bottom:12px;"> <div style="margin-bottom:12px;">
<label for="sheet-select" <label for="sheet-select"

View File

@@ -10,6 +10,9 @@
'delete': ('Sterge', '/admin/delete', 'danger') 'delete': ('Sterge', '/admin/delete', 'danger')
} %} } %}
{# Tier-uri selectabile in panou (cod, eticheta). Aliniat cu app/plans.py#PLANS. #}
{% set TIERS = [('free', 'Gratuit'), ('standard', 'Standard'), ('pro', 'Pro'), ('premium', 'Premium')] %}
{% macro lifecycle_block(title, rows, block_id, bulk_verbs, row_verbs) %} {% macro lifecycle_block(title, rows, block_id, bulk_verbs, row_verbs) %}
<div class="card"> <div class="card">
<h3 style="margin-top:0;">{{ title }} ({{ rows|length }})</h3> <h3 style="margin-top:0;">{{ title }} ({{ rows|length }})</h3>
@@ -34,7 +37,7 @@
<thead><tr> <thead><tr>
<th style="width:28px;"><input type="checkbox" class="master-check" data-block="{{ block_id }}" <th style="width:28px;"><input type="checkbox" class="master-check" data-block="{{ block_id }}"
aria-label="Selecteaza tot"></th> aria-label="Selecteaza tot"></th>
<th>ID</th><th>Companie</th><th>CUI</th><th>Email</th><th>Stare</th><th>Inregistrat</th><th>Actiuni</th> <th>ID</th><th>Companie</th><th>CUI</th><th>Email</th><th>Plan curent</th><th>Plan cerut</th><th>Stare</th><th>Inregistrat</th><th>Actiuni</th>
</tr></thead> </tr></thead>
<tbody> <tbody>
{% for acct in rows %} {% for acct in rows %}
@@ -46,6 +49,45 @@
<td>{{ acct.name }}</td> <td>{{ acct.name }}</td>
<td class="muted">{{ acct.cui or "—" }}</td> <td class="muted">{{ acct.cui or "—" }}</td>
<td>{{ acct.email or "—" }}</td> <td>{{ acct.email or "—" }}</td>
<td style="white-space:nowrap;">
{# Plan EFECTIV acum (prominent): trial Pro activ ridica free->pro. #}
<div style="margin-bottom:5px;">
<span class="pill" style="font-weight:600;">{{ acct.tier_efectiv_label }}</span>
{% if acct.trial_activ %}
<span class="muted" style="font-size:11px;">
trial{% if acct.trial_zile %} · {{ acct.trial_zile }} {{ 'zi' if acct.trial_zile == 1 else 'zile' }} ramase{% endif %}
→ apoi {{ acct.tier_label }}
</span>
{% endif %}
</div>
{# Schimbare plan inline: select tier de baza + Aplica. Form propriu (nu imbricat in bulk-form).
Aplica INCHEIE trial-ul si seteaza planul ales ca real, cu efect imediat. #}
<form method="post" action="/admin/set-tier" class="tier-form"
style="display:flex;align-items:center;gap:6px;">
<input type="hidden" name="csrf_token" value="{{ csrf_token }}">
<input type="hidden" name="account_id" value="{{ acct.id }}">
<select name="tier" aria-label="Plan pentru {{ acct.name }}"
style="padding:4px 8px;min-height:32px;max-width:130px;">
{% for code, label in TIERS %}
<option value="{{ code }}"{% if acct.tier == code %} selected{% endif %}>{{ label }}</option>
{% endfor %}
</select>
<button type="submit" class="btn-sm"
title="Aplica planul ales ca plan real (incheie trial-ul daca e activ)">Aplica</button>
</form>
{# Acorda/prelungeste trial Pro de N zile, fara a schimba tier-ul de baza. #}
<form method="post" action="/admin/set-trial" class="trial-form"
style="display:flex;align-items:center;gap:6px;margin-top:5px;">
<input type="hidden" name="csrf_token" value="{{ csrf_token }}">
<input type="hidden" name="account_id" value="{{ acct.id }}">
<input type="number" name="trial_days" value="30" min="1" max="3650"
aria-label="Zile trial Pro pentru {{ acct.name }}"
style="padding:4px 8px;min-height:32px;width:64px;">
<button type="submit" class="btn-sm"
title="Acorda/prelungeste trial Pro de la acum (nu schimba tier-ul de baza)">Trial Pro</button>
</form>
</td>
<td class="muted">{{ acct.requested_plan_label }}</td>
<td><span class="pill">{{ acct.status }}</span></td> <td><span class="pill">{{ acct.status }}</span></td>
<td class="muted">{{ acct.created_at or "—" }}</td> <td class="muted">{{ acct.created_at or "—" }}</td>
<td style="white-space:nowrap;"> <td style="white-space:nowrap;">

View File

@@ -3,7 +3,7 @@
<head> <head>
<meta charset="utf-8"> <meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="viewport" content="width=device-width, initial-scale=1">
<title>{% block title %}ROMFAST AUTOPASS{% endblock %}</title> <title>{% block title %}ROA AUTOPASS{% endblock %}</title>
<script src="/static/htmx.min.js"></script> <script src="/static/htmx.min.js"></script>
<script> <script>
// Raspunsurile de editare-rand contin un <tr> (swap pe rand) PLUS // Raspunsurile de editare-rand contin un <tr> (swap pe rand) PLUS
@@ -143,6 +143,9 @@
.s-needs_review{color:var(--warn);} .s-needs_review{color:var(--warn);}
.s-already_sent,.s-duplicate_in_file{color:var(--muted);} .s-already_sent,.s-duplicate_in_file{color:var(--muted);}
.muted { color:var(--muted); } .muted { color:var(--muted); }
/* Heading/eticheta accesibila doar pentru cititoare de ecran (vizual ascunsa). */
.sr-only { position:absolute; width:1px; height:1px; padding:0; margin:-1px; overflow:hidden;
clip:rect(0 0 0 0); white-space:nowrap; border:0; }
a { color:var(--accent); } a { color:var(--accent); }
/* Drop zone upload fisier */ /* Drop zone upload fisier */
.drop-zone { border:2px dashed var(--line); border-radius:8px; padding:32px 20px; .drop-zone { border:2px dashed var(--line); border-radius:8px; padding:32px 20px;
@@ -410,7 +413,9 @@
.tabel-trimiteri th, .tabel-trimiteri td { white-space:normal; word-break:break-word; vertical-align:top; } .tabel-trimiteri th, .tabel-trimiteri td { white-space:normal; word-break:break-word; vertical-align:top; }
.tabel-trimiteri .col-chk { width:30px; } .tabel-trimiteri .col-chk { width:30px; }
.tabel-trimiteri .col-id { width:48px; } .tabel-trimiteri .col-id { width:48px; }
.tabel-trimiteri .col-stare { width:104px; } /* col-stare largita (bug 4a 5.16): cu table-layout:fixed + pill nowrap, 104px era
prea ingusta -> pill-ul de stare se revarsa peste col-vehicul. 140px o contine. */
.tabel-trimiteri .col-stare { width:140px; }
.tabel-trimiteri .col-data { width:104px; } .tabel-trimiteri .col-data { width:104px; }
.tabel-trimiteri .col-rar { width:96px; } .tabel-trimiteri .col-rar { width:96px; }
.tabel-trimiteri .col-actualizat { width:128px; } .tabel-trimiteri .col-actualizat { width:128px; }
@@ -722,8 +727,27 @@
.trimitere-slim:last-child { border-bottom:none; } .trimitere-slim:last-child { border-bottom:none; }
.trimitere-slim:hover { background:color-mix(in srgb, var(--accent) 6%, transparent); } .trimitere-slim:hover { background:color-mix(in srgb, var(--accent) 6%, transparent); }
.trimitere-slim:focus, .trimitere-slim:focus-visible { outline:2px solid var(--accent); outline-offset:-2px; } .trimitere-slim:focus, .trimitere-slim:focus-visible { outline:2px solid var(--accent); outline-offset:-2px; }
.slim-vin { font-family:var(--font-mono); font-size:var(--fs-md); font-weight:500; color:var(--ink); } .slim-vin { font-family:var(--font-mono); font-size:var(--fs-md); font-weight:600; color:var(--ink); }
.slim-meta { font-size:var(--fs-sm); color:var(--muted); margin-top:3px; } .slim-meta { font-size:var(--fs-sm); color:var(--muted); margin-top:3px; }
/* Linia 2 a randului slim (5.16): cod RAR · operatie (ellipsis) · data, pe UN rand.
Ellipsis-ul pe operatie garanteaza 2 linii MAX si la 390px. */
.slim-rand2 { display:flex; align-items:baseline; gap:6px; min-width:0; }
.slim-rand2 .cod-rar-cod { flex:0 0 auto; font-family:var(--font-mono); font-weight:600;
color:var(--accent); }
.slim-rand2 .cod-rar-cod.muted { color:var(--muted); font-weight:500; }
.slim-rand2 .slim-op { flex:1 1 auto; min-width:0; white-space:nowrap; overflow:hidden;
text-overflow:ellipsis; color:var(--ink); }
.slim-rand2 .slim-data { flex:0 0 auto; }
.slim-rand2 .slim-op::before, .slim-rand2 .slim-data::before {
content:"·"; color:var(--muted); margin-right:6px; }
.lista-trimiteri-slim .eticheta-problema { font-size:var(--fs-xs); line-height:1.3; margin-top:2px; }
/* Pill slim (5.16): fill-tint + dot 7px + text colorat per stare (currentColor din .s-*).
Pastrat pe FIECARE rand inclusiv Finalizat (linistit dar prezent). */
.lista-trimiteri-slim .pill { display:inline-flex; align-items:center; gap:5px; font-weight:600;
background:color-mix(in srgb, currentColor 14%, transparent);
border-color:color-mix(in srgb, currentColor 35%, transparent); }
.lista-trimiteri-slim .pill::before { content:""; width:7px; height:7px; border-radius:99px;
background:currentColor; flex-shrink:0; }
/* .camp-slim — varianta compacta camp formular: label --fs-sm muted deasupra, input --fs-md, fundal --card2. /* .camp-slim — varianta compacta camp formular: label --fs-sm muted deasupra, input --fs-md, fundal --card2.
Mono pentru campuri VIN/odometru/nr: adauga clasa .camp-mono pe input. */ Mono pentru campuri VIN/odometru/nr: adauga clasa .camp-mono pe input. */
.camp-slim { margin-bottom:8px; } .camp-slim { margin-bottom:8px; }
@@ -756,7 +780,9 @@
.op-row { display:flex; align-items:center; justify-content:space-between; gap:10px; .op-row { display:flex; align-items:center; justify-content:space-between; gap:10px;
padding:8px 10px; border:1px solid var(--line); border-radius:6px; padding:8px 10px; border:1px solid var(--line); border-radius:6px;
background:var(--card2); margin-bottom:8px; } background:var(--card2); margin-bottom:8px; }
.op-row-name { font-size:var(--fs-xs); font-weight:500; color:var(--ink); } /* Nume operatie emfatic (T-9 5.16): proeminent (bold) ca in mockup — e ancora
vizuala a randului de mapare op<->cod. */
.op-row-name { font-size:var(--fs-sm); font-weight:700; color:var(--ink); }
.op-row-warn { border-color:color-mix(in srgb, var(--warn) 45%, var(--line)); } .op-row-warn { border-color:color-mix(in srgb, var(--warn) 45%, var(--line)); }
/* Mobil: tinta touch pentru trimitere-slim (deja garantata prin min-height:44px in regula de baza) */ /* Mobil: tinta touch pentru trimitere-slim (deja garantata prin min-height:44px in regula de baza) */
@media (max-width:767px) { @media (max-width:767px) {
@@ -792,7 +818,7 @@
</style> </style>
</head> </head>
<body> <body>
{# US-010 (PRD 5.16): antet branduit ROMFAST AUTOPASS. {# US-010 (PRD 5.16): antet branduit ROA AUTOPASS.
Grila 3 coloane — stanga (logo) | centru (titlu+env+tier+account_name) | dreapta (RAR dot + tema + burger). Grila 3 coloane — stanga (logo) | centru (titlu+env+tier+account_name) | dreapta (RAR dot + tema + burger).
Antet MINIMAL pe /login: nu afiseaza RAR dot, meniu burger sau account_name (nelogat). #} Antet MINIMAL pe /login: nu afiseaza RAR dot, meniu burger sau account_name (nelogat). #}
<header> <header>
@@ -804,11 +830,11 @@
<img src="/static/romfast_logo.png" alt="ROMFAST" class="brand-logo"> <img src="/static/romfast_logo.png" alt="ROMFAST" class="brand-logo">
</a> </a>
</div> </div>
{# Celula centru: titlu ROMFAST AUTOPASS + badge env + badge tier + sub-titlu account_name. {# Celula centru: titlu ROA AUTOPASS + badge env + badge tier + sub-titlu account_name.
Titlul linkeaza la / (Trimiteri) ca si logo-ul. #} Titlul linkeaza la / (Trimiteri) ca si logo-ul. #}
<div class="header-center"> <div class="header-center">
<a href="/" style="text-decoration:none; color:inherit;"> <a href="/" style="text-decoration:none; color:inherit;">
<h1>ROMFAST AUTOPASS<span class="badge-env">{{ rar_env }}</span>{% if is_authenticated|default(false) and tier_label|default('') %}<span class="badge-tier">{{ tier_label }}</span>{% endif %}</h1> <h1>ROA AUTOPASS<span class="badge-env">{{ rar_env }}</span>{% if is_authenticated|default(false) and tier_label|default('') %}<span class="badge-tier">{{ tier_label }}</span>{% endif %}</h1>
</a> </a>
{% if is_authenticated|default(false) and account_name|default('') %} {% if is_authenticated|default(false) and account_name|default('') %}
<div class="h-sub">Service auto: <span class="svc">{{ account_name }}</span></div> <div class="h-sub">Service auto: <span class="svc">{{ account_name }}</span></div>

View File

@@ -3,8 +3,8 @@
<head> <head>
<meta charset="utf-8"> <meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="viewport" content="width=device-width, initial-scale=1">
<title>Gateway RAR AUTOPASS — declară automat la RAR | ROMFAST</title> <title>ROA AUTOPASS — declari prestațiile la RAR din câteva click-uri</title>
<meta name="description" content="Gateway web care declară prestațiile de service-auto la RAR AUTOPASS, automat. Conform Legii 142/2023. Gratuit până la 60 de prestații/lună, fără card bancar."> <meta name="description" content="Încarci fișierul tău cu operațiile service-ului, completezi o dată codurile RAR și le salvezi. ROMFAST trimite prestațiile la RAR AUTOPASS în locul tău, fără tastat manual. Conform Legii 142/2023.">
<style> <style>
/* US-001/US-008 (PRD 5.16): IBM Plex eliminat complet — stive font sistem standard web. /* US-001/US-008 (PRD 5.16): IBM Plex eliminat complet — stive font sistem standard web.
@@ -32,6 +32,7 @@
.page [style*="grid-template-columns"]{grid-template-columns:1fr!important;} .page [style*="grid-template-columns"]{grid-template-columns:1fr!important;}
.page [style*="padding:80px 40px"]{padding:48px 20px!important;} .page [style*="padding:80px 40px"]{padding:48px 20px!important;}
.page [style*="padding:0 40px 80px"]{padding:0 20px 48px!important;} .page [style*="padding:0 40px 80px"]{padding:0 20px 48px!important;}
.page [style*="padding:56px 40px 80px"]{padding:36px 20px 48px!important;}
.page [style*="padding:44px"]{padding:28px!important;} .page [style*="padding:44px"]{padding:28px!important;}
.page [style*="padding:56px 40px"]{padding:40px 22px!important;} .page [style*="padding:56px 40px"]{padding:40px 22px!important;}
.page [style*="height:68px"]{height:60px!important;} .page [style*="height:68px"]{height:60px!important;}
@@ -54,20 +55,19 @@
<body data-theme="grafit"> <body data-theme="grafit">
<script>try{var _t=localStorage.getItem('lp-theme');if(_t&&['grafit','cobalt','cupru','hartie'].indexOf(_t)>=0)document.body.setAttribute('data-theme',_t);}catch(e){}</script> <script>try{var _t=localStorage.getItem('lp-theme');if(_t&&['grafit','cobalt','cupru','hartie'].indexOf(_t)>=0)document.body.setAttribute('data-theme',_t);}catch(e){}</script>
<main class="page"> <main class="page">
<!-- ANNOUNCE BAR --> <!-- HEADER -->
<div style="display:flex;align-items:center;justify-content:center;gap:16px;padding:10px 40px;background:var(--card,#181c24);border-bottom:1px solid var(--line,#262b36);font:500 13px var(--font-ui);color:var(--text,#e6e9ef);flex-wrap:wrap;">
<span style="display:inline-flex;align-items:center;gap:8px;"><svg width="15" height="15" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;"><path d="M20 6L9 17l-5-5"/></svg>Vrei să testezi sau ai un service mic? Este <strong style="font-weight:700;color:#1F9D5C;">gratuit</strong> — până la 60 de prestații/lună, fără card bancar.</span>
<a data-act="auth" data-tab="register" style="display:inline-flex;align-items:center;gap:5px;color:var(--accent,#2E74D6);font-weight:700;cursor:pointer;text-decoration:none;transition:color .18s ease, transform .18s ease;" style-hover="color:#17a96e;transform:translateX(2px)">Creează cont în 2 minute <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M5 12h14M13 6l6 6-6 6"/></svg></a>
</div>
<!-- HEADER -->
<div class="lp-header" style="position:sticky;top:0;display:flex;align-items:center;justify-content:space-between;padding:0 40px;height:68px;background:var(--hbg,rgba(15,18,24,.88));backdrop-filter:blur(8px);border-bottom:1px solid var(--line,#262b36);z-index:5;"> <div class="lp-header" style="position:sticky;top:0;display:flex;align-items:center;justify-content:space-between;padding:0 40px;height:68px;background:var(--hbg,rgba(15,18,24,.88));backdrop-filter:blur(8px);border-bottom:1px solid var(--line,#262b36);z-index:5;">
<div style="display:flex;align-items:center;gap:48px;"> <div style="display:flex;align-items:center;gap:14px;">
<img src="/static/romfast_logo.png" alt="ROMFAST" style="height:38px;width:auto;display:block;" /> <img src="/static/romfast_logo.png" alt="ROMFAST" style="height:38px;width:auto;display:block;" />
<div class="lp-nav" style="display:flex;gap:28px;font:500 14px var(--font-ui);color:var(--sub,#8b93a7);"> <div style="display:flex;flex-direction:column;line-height:1.05;">
<span>Cum funcționează</span><span>API</span><span>Preț</span> <span style="font:700 17px var(--font-ui);letter-spacing:-.01em;color:var(--text,#e6e9ef);">ROA AUTOPASS</span>
<span style="font:500 11px var(--font-ui);letter-spacing:.04em;color:var(--sub,#8b93a7);">Gateway RAR</span>
</div> </div>
</div> </div>
<div style="display:flex;align-items:center;gap:28px;">
<div class="lp-nav" style="display:flex;gap:28px;font:500 14px var(--font-ui);color:var(--sub,#8b93a7);">
<a href="#cum-functioneaza" style="color:inherit;text-decoration:none;">Cum funcționează</a><a href="#api" style="color:inherit;text-decoration:none;">API</a><a href="#pret" style="color:inherit;text-decoration:none;">Preț</a>
</div>
<div class="lp-hactions" style="display:flex;align-items:center;gap:12px;"> <div class="lp-hactions" style="display:flex;align-items:center;gap:12px;">
<button data-act="theme" style="display:flex;align-items:center;gap:8px;height:40px;padding:0 13px;border-radius:6px;background:transparent;border:1px solid var(--line,#262b36);color:var(--sub,#8b93a7);font:500 13px var(--font-ui);cursor:pointer;"> <button data-act="theme" style="display:flex;align-items:center;gap:8px;height:40px;padding:0 13px;border-radius:6px;background:transparent;border:1px solid var(--line,#262b36);color:var(--sub,#8b93a7);font:500 13px var(--font-ui);cursor:pointer;">
<svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.6"><circle cx="12" cy="12" r="9"/><path d="M12 3a9 9 0 0 0 0 18z" fill="currentColor" stroke="none"/></svg> <svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.6"><circle cx="12" cy="12" r="9"/><path d="M12 3a9 9 0 0 0 0 18z" fill="currentColor" stroke="none"/></svg>
@@ -76,17 +76,17 @@
<a href="/login" class="auth-login-link" style="display:inline-flex;align-items:center;height:44px;padding:0 18px;border-radius:6px;background:transparent;border:1px solid var(--line,#262b36);color:var(--text,#e6e9ef);font:500 14px var(--font-ui);cursor:pointer;transition:transform .18s ease, background .18s ease, border-color .18s ease;text-decoration:none;" style-hover="background:#1F9D5C;border-color:#1F9D5C;color:#fff;transform:translateY(-1px)">Autentificare</a> <a href="/login" class="auth-login-link" style="display:inline-flex;align-items:center;height:44px;padding:0 18px;border-radius:6px;background:transparent;border:1px solid var(--line,#262b36);color:var(--text,#e6e9ef);font:500 14px var(--font-ui);cursor:pointer;transition:transform .18s ease, background .18s ease, border-color .18s ease;text-decoration:none;" style-hover="background:#1F9D5C;border-color:#1F9D5C;color:#fff;transform:translateY(-1px)">Autentificare</a>
<button data-act="auth" data-tab="register" style="height:44px;padding:0 18px;border-radius:6px;background:#1F9D5C;border:1px solid #1F9D5C;color:#fff;font:700 14px var(--font-ui);cursor:pointer;transition:transform .2s cubic-bezier(.2,.8,.2,1), background .2s ease, box-shadow .2s ease;" style-hover="background:#16864a;border-color:#16864a;transform:translateY(-1px)">Creează cont</button> <button data-act="auth" data-tab="register" style="height:44px;padding:0 18px;border-radius:6px;background:#1F9D5C;border:1px solid #1F9D5C;color:#fff;font:700 14px var(--font-ui);cursor:pointer;transition:transform .2s cubic-bezier(.2,.8,.2,1), background .2s ease, box-shadow .2s ease;" style-hover="background:#16864a;border-color:#16864a;transform:translateY(-1px)">Creează cont</button>
</div> </div>
</div>
</div> </div>
<!-- HERO --> <!-- HERO -->
<div style="display:grid;grid-template-columns:1fr 1fr;gap:56px;align-items:center;padding:80px 40px 72px;"> <div style="display:grid;grid-template-columns:1fr 1fr;gap:56px;align-items:center;padding:80px 40px 72px;">
<div> <div>
<div style="display:inline-flex;align-items:center;gap:8px;padding:7px 14px;border-radius:99px;background:transparent;border:1px solid var(--line,#262b36);color:var(--text,#e6e9ef);font:500 13px var(--font-ui);margin-bottom:24px;">
<svg width="15" height="15" viewBox="0 0 24 24" fill="none" stroke="#1F9D5C" stroke-width="2.6" style="flex-shrink:0;"><path d="M20 6L9 17l-5-5"/></svg>
<span><strong style="font-weight:700;color:#1F9D5C;">Gratuit</strong> pentru testare și service-uri mici · 60 prestații/lună</span>
</div>
<h1 class="lp-h1" style="font:700 50px/1.06 var(--font-ui);letter-spacing:-.025em;margin:0 0 20px;color:var(--text,#e6e9ef);">Declară prestațiile la RAR AUTOPASS, automat</h1> <h1 class="lp-h1" style="font:700 50px/1.06 var(--font-ui);letter-spacing:-.025em;margin:0 0 20px;color:var(--text,#e6e9ef);">Declară prestațiile la RAR AUTOPASS, automat</h1>
<p style="font:400 17px/1.6 var(--font-ui);color:var(--sub,#8b93a7);margin:0 0 32px;max-width:480px;">Conformitate RAR fără bătaie de cap. Încarci un fișier sau conectezi softul de service — noi trimitem prezentările la RAR în siguranță, conform Legii 142/2023.</p> <p style="font:400 17px/1.6 var(--font-ui);color:var(--sub,#8b93a7);margin:0 0 24px;max-width:480px;">Încarci fișierul tău așa cum îl ai, potrivești o dată operațiile cu codurile RAR, și trimitem prestațiile la RAR AUTOPASS în locul tău. Fără tastat câmp cu câmp.</p>
<div style="margin-bottom:32px;">
<p style="display:flex;align-items:center;gap:8px;font:700 16px var(--font-ui);color:var(--text,#e6e9ef);margin:0;"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="#1F9D5C" stroke-width="2.6" style="flex-shrink:0;"><path d="M20 6L9 17l-5-5"/></svg><span><span style="color:#1F9D5C;">Gratuit</span> până la 60 de trimiteri/lună</span></p>
</div>
<div style="display:flex;gap:12px;margin-bottom:22px;"> <div style="display:flex;gap:12px;margin-bottom:22px;">
<button data-act="auth" data-tab="register" style="height:50px;padding:0 26px;border-radius:6px;background:#1F9D5C;border:1px solid #1F9D5C;color:#fff;font:700 15px var(--font-ui);cursor:pointer;transition:transform .2s cubic-bezier(.2,.8,.2,1), background .2s ease, box-shadow .2s ease;" style-hover="background:#16864a;border-color:#16864a;transform:translateY(-1px)">Creează cont gratuit</button> <button data-act="auth" data-tab="register" style="height:50px;padding:0 26px;border-radius:6px;background:#1F9D5C;border:1px solid #1F9D5C;color:#fff;font:700 15px var(--font-ui);cursor:pointer;transition:transform .2s cubic-bezier(.2,.8,.2,1), background .2s ease, box-shadow .2s ease;" style-hover="background:#16864a;border-color:#16864a;transform:translateY(-1px)">Creează cont gratuit</button>
<button style="height:50px;padding:0 24px;border-radius:6px;background:transparent;border:1px solid var(--line,#262b36);color:var(--text,#e6e9ef);font:500 15px var(--font-ui);cursor:pointer;transition:transform .18s ease, background .18s ease, border-color .18s ease;" style-hover="background:#1F9D5C;border-color:#1F9D5C;color:#fff;transform:translateY(-1px)">Vezi cum funcționează</button> <button style="height:50px;padding:0 24px;border-radius:6px;background:transparent;border:1px solid var(--line,#262b36);color:var(--text,#e6e9ef);font:500 15px var(--font-ui);cursor:pointer;transition:transform .18s ease, background .18s ease, border-color .18s ease;" style-hover="background:#1F9D5C;border-color:#1F9D5C;color:#fff;transform:translateY(-1px)">Vezi cum funcționează</button>
@@ -95,8 +95,6 @@
<span style="display:flex;align-items:center;gap:6px;"><svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2"><path d="M20 6L9 17l-5-5"/></svg>Conform Legii 142/2023</span> <span style="display:flex;align-items:center;gap:6px;"><svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2"><path d="M20 6L9 17l-5-5"/></svg>Conform Legii 142/2023</span>
<span style="color:var(--line,#262b36);">·</span> <span style="color:var(--line,#262b36);">·</span>
<span style="display:flex;align-items:center;gap:6px;"><svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="1.7"><rect x="5" y="11" width="14" height="9" rx="1.5"/><path d="M8 11V8a4 4 0 0 1 8 0v3"/></svg>Datele tale criptate</span> <span style="display:flex;align-items:center;gap:6px;"><svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="1.7"><rect x="5" y="11" width="14" height="9" rx="1.5"/><path d="M8 11V8a4 4 0 0 1 8 0v3"/></svg>Datele tale criptate</span>
<span style="color:var(--line,#262b36);">·</span>
<span>Fără card bancar</span>
</div> </div>
</div> </div>
@@ -137,65 +135,67 @@
</div> </div>
</div> </div>
<!-- PROBLEM --> <!-- PROBLEM + CALCULATOR (combinat) -->
<div style="padding:80px 40px;background:color-mix(in srgb,#E05D5D 6%,var(--bg,#0f1218));"> <div style="padding:80px 40px 40px;background:color-mix(in srgb,#E05D5D 6%,var(--bg,#0f1218));">
<div style="display:grid;grid-template-columns:1.05fr .95fr;gap:48px;align-items:start;margin:0 auto;"> <div style="text-align:center;max-width:760px;margin:0 auto 40px;">
<div> <h2 style="font:700 38px/1.14 var(--font-ui);letter-spacing:-.02em;margin:0 0 14px;color:var(--text,#e6e9ef);">Pentru fiecare comandă stai 23 minute pe RAR AUTOPASS.<br><span style="color:var(--errt,#E05D5D);">Minutele acelea sunt bani.</span></h2>
<h2 style="font:700 38px/1.14 var(--font-ui);letter-spacing:-.02em;margin:0 0 18px;color:var(--text,#e6e9ef);">Pentru fiecare comandă stai 23 minute și tastezi pe rar-autopass.ro</h2> <p style="font:400 16px/1.65 var(--font-ui);color:var(--sub,#8b93a7);margin:0;">VIN, cod prestație, kilometraj, dată, tip operație — câmp cu câmp, comandă cu comandă. La 20 de mașini pe zi pierzi aproape o oră. În fiecare zi. Mută cursorul la volumul service-ului tău și vezi cât te costă.</p>
<p style="font:400 16px/1.65 var(--font-ui);color:var(--sub,#8b93a7);margin:0 0 16px;">VIN, cod prestație, kilometraj, dată, tip operație — câmp cu câmp, comandă cu comandă. La 20 de mașini pe zi pierzi aproape o oră. În fiecare zi.</p> </div>
<p style="font:400 16px/1.65 var(--font-ui);color:var(--sub,#8b93a7);margin:0;">Iar dacă greșești o cifră din VIN, prestația e respinsă și o iei de la capăt — cu risc de amendă pentru raportare incompletă sau întârziată.</p>
</div> <div style="display:grid;grid-template-columns:1fr 1fr;gap:24px;align-items:stretch;">
<div style="background:var(--card,#181c24);border:1px solid var(--line,#262b36);border-radius:12px;padding:20px;"> <!-- STANGA: formularul RAR AUTOPASS -->
<div style="display:flex;align-items:center;justify-content:space-between;margin-bottom:16px;"><span style="font:500 12px var(--font-mono);color:var(--sub,#8b93a7);">rar-autopass.ro · prestație nouă</span><span style="display:inline-flex;align-items:center;gap:6px;padding:4px 10px;border-radius:99px;background:color-mix(in srgb,#E05D5D 14%,transparent);color:var(--errt,#E05D5D);font:600 12px var(--font-mono);"><svg width="13" height="13" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><circle cx="12" cy="13" r="8"/><path d="M12 9v4l2.5 2.5M9 2h6"/></svg>02:34</span></div> <div style="background:var(--card,#181c24);border:1px solid var(--line,#262b36);border-radius:14px;padding:24px;display:flex;flex-direction:column;">
<div style="display:flex;align-items:center;justify-content:space-between;margin-bottom:16px;"><span style="font:500 12px var(--font-mono);color:var(--sub,#8b93a7);">RAR AUTOPASS · prestație nouă</span><span style="display:inline-flex;align-items:center;gap:6px;padding:4px 10px;border-radius:99px;background:color-mix(in srgb,#E05D5D 14%,transparent);color:var(--errt,#E05D5D);font:600 12px var(--font-mono);"><svg width="13" height="13" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><circle cx="12" cy="13" r="8"/><path d="M12 9v4l2.5 2.5M9 2h6"/></svg>02:34</span></div>
<div style="display:flex;flex-direction:column;gap:10px;"> <div style="display:flex;flex-direction:column;gap:10px;">
<div style="display:grid;grid-template-columns:1fr 1fr;gap:10px;"> <div style="display:grid;grid-template-columns:1fr 1fr;gap:10px;">
<div><div style="font:400 11px var(--font-ui);color:var(--sub,#8b93a7);margin-bottom:4px;">VIN</div><div style="height:30px;display:flex;align-items:center;padding:0 10px;border:1px solid var(--line,#262b36);border-radius:6px;background:var(--card2,#0f1218);font:400 12px var(--font-mono);color:var(--text,#e6e9ef);overflow:hidden;white-space:nowrap;">U1234567890123456</div></div> <div><div style="font:400 11px var(--font-ui);color:var(--sub,#8b93a7);margin-bottom:4px;">VIN</div><div style="height:30px;display:flex;align-items:center;padding:0 10px;border:1px solid var(--line,#262b36);border-radius:6px;background:var(--card2,#0f1218);font:400 12px var(--font-mono);color:var(--text,#e6e9ef);overflow:hidden;white-space:nowrap;">U1234567890123456</div></div>
<div><div style="font:400 11px var(--font-ui);color:var(--sub,#8b93a7);margin-bottom:4px;">Confirmă Vin</div><div style="height:30px;display:flex;align-items:center;padding:0 10px;border:1px solid var(--line,#262b36);border-radius:6px;background:var(--card2,#0f1218);font:400 12px var(--font-mono);color:var(--text,#e6e9ef);overflow:hidden;white-space:nowrap;">U1234567890123456</div></div> <div><div style="font:400 11px var(--font-ui);color:var(--sub,#8b93a7);margin-bottom:4px;">Confirmă VIN</div><div style="height:30px;display:flex;align-items:center;padding:0 10px;border:1px solid var(--line,#262b36);border-radius:6px;background:var(--card2,#0f1218);font:400 12px var(--font-mono);color:var(--text,#e6e9ef);overflow:hidden;white-space:nowrap;">U1234567890123456</div></div>
</div> </div>
<div style="display:grid;grid-template-columns:1fr 1fr;gap:10px;"> <div style="display:grid;grid-template-columns:1fr 1fr;gap:10px;">
<div><div style="font:400 11px var(--font-ui);color:var(--sub,#8b93a7);margin-bottom:4px;">Data prestației</div><div style="height:30px;display:flex;align-items:center;padding:0 10px;border:1px solid var(--line,#262b36);border-radius:6px;background:var(--card2,#0f1218);font:400 12px var(--font-mono);color:var(--text,#e6e9ef);">2026-06-22</div></div> <div><div style="font:400 11px var(--font-ui);color:var(--sub,#8b93a7);margin-bottom:4px;">Data prestației</div><div style="height:30px;display:flex;align-items:center;padding:0 10px;border:1px solid var(--line,#262b36);border-radius:6px;background:var(--card2,#0f1218);font:400 12px var(--font-mono);color:var(--text,#e6e9ef);">2026-06-22</div></div>
<div><div style="font:400 11px var(--font-ui);color:var(--sub,#8b93a7);margin-bottom:4px;">Număr Înmatriculare</div><div style="height:30px;display:flex;align-items:center;padding:0 10px;border:1px solid var(--line,#262b36);border-radius:6px;background:var(--card2,#0f1218);font:400 12px var(--font-mono);color:var(--text,#e6e9ef);">CT88NOE</div></div> <div><div style="font:400 11px var(--font-ui);color:var(--sub,#8b93a7);margin-bottom:4px;">Număr înmatriculare</div><div style="height:30px;display:flex;align-items:center;padding:0 10px;border:1px solid var(--line,#262b36);border-radius:6px;background:var(--card2,#0f1218);font:400 12px var(--font-mono);color:var(--text,#e6e9ef);">CT88NOE</div></div>
</div> </div>
<div><div style="font:400 11px var(--font-ui);color:var(--sub,#8b93a7);margin-bottom:4px;">Observații</div><div style="height:30px;display:flex;align-items:center;padding:0 10px;border:1px solid var(--line,#262b36);border-radius:6px;background:var(--card2,#0f1218);font:400 12px var(--font-ui);color:var(--text,#e6e9ef);overflow:hidden;white-space:nowrap;">REVIZIE; SCHIMBARE PLĂCUȚE FRÂNĂ</div></div> <div><div style="font:400 11px var(--font-ui);color:var(--sub,#8b93a7);margin-bottom:4px;">Observații</div><div style="height:30px;display:flex;align-items:center;padding:0 10px;border:1px solid var(--line,#262b36);border-radius:6px;background:var(--card2,#0f1218);font:400 12px var(--font-ui);color:var(--text,#e6e9ef);overflow:hidden;white-space:nowrap;">REVIZIE; SCHIMBARE PLĂCUȚE FRÂNĂ</div></div>
<div><div style="font:400 11px var(--font-ui);color:var(--sub,#8b93a7);margin-bottom:4px;">Prestații</div><div style="min-height:30px;display:flex;align-items:center;gap:6px;flex-wrap:wrap;padding:3px 6px;border:1px solid var(--line,#262b36);border-radius:6px;background:var(--card2,#0f1218);"><span style="display:inline-flex;align-items:center;gap:4px;padding:3px 8px;border-radius:5px;background:color-mix(in srgb,var(--accent,#2E74D6) 18%,transparent);color:var(--accent,#2E74D6);font:500 10px var(--font-ui);"><span style="opacity:.7;">×</span>REVIZIE PERIODICĂ</span><span style="display:inline-flex;align-items:center;gap:4px;padding:3px 8px;border-radius:5px;background:color-mix(in srgb,var(--accent,#2E74D6) 18%,transparent);color:var(--accent,#2E74D6);font:500 10px var(--font-ui);"><span style="opacity:.7;">×</span>ÎNTREȚINERE</span></div></div> <div><div style="font:400 11px var(--font-ui);color:var(--sub,#8b93a7);margin-bottom:4px;">Prestații</div><div style="min-height:30px;display:flex;align-items:center;gap:6px;flex-wrap:wrap;padding:3px 6px;border:1px solid var(--line,#262b36);border-radius:6px;background:var(--card2,#0f1218);"><span style="display:inline-flex;align-items:center;gap:4px;padding:3px 8px;border-radius:5px;background:color-mix(in srgb,var(--accent,#2E74D6) 18%,transparent);color:var(--accent,#2E74D6);font:500 10px var(--font-ui);"><span style="opacity:.7;">×</span>REVIZIE PERIODICĂ</span><span style="display:inline-flex;align-items:center;gap:4px;padding:3px 8px;border-radius:5px;background:color-mix(in srgb,var(--accent,#2E74D6) 18%,transparent);color:var(--accent,#2E74D6);font:500 10px var(--font-ui);"><span style="opacity:.7;">×</span>ÎNTREȚINERE</span></div></div>
<div><div style="font:400 11px var(--font-ui);color:var(--sub,#8b93a7);margin-bottom:4px;">Valoarea citită a odometrului</div><div style="height:30px;display:flex;align-items:center;padding:0 10px;border:1px solid var(--line,#262b36);border-radius:6px;background:var(--card2,#0f1218);font:400 12px var(--font-mono);color:var(--text,#e6e9ef);">39000</div></div> <div><div style="font:400 11px var(--font-ui);color:var(--sub,#8b93a7);margin-bottom:4px;">Valoarea citită a odometrului</div><div style="height:30px;display:flex;align-items:center;padding:0 10px;border:1px solid var(--line,#262b36);border-radius:6px;background:var(--card2,#0f1218);font:400 12px var(--font-mono);color:var(--text,#e6e9ef);">39000</div></div>
</div> </div>
<button style="margin-top:14px;height:34px;padding:0 14px;border-radius:6px;background:color-mix(in srgb,var(--accent,#2E74D6) 40%,var(--card2,#0f1218));border:none;color:#fff;opacity:.55;font:600 12px var(--font-ui);cursor:not-allowed;align-self:flex-start;">Salvează Prezentarea</button> <button style="margin-top:14px;height:34px;padding:0 14px;border-radius:6px;background:color-mix(in srgb,var(--accent,#2E74D6) 40%,var(--card2,#0f1218));border:none;color:#fff;opacity:.55;font:600 12px var(--font-ui);cursor:not-allowed;align-self:flex-start;">Salvează Prezentarea</button>
<div style="margin-top:12px;font:400 12px var(--font-ui);color:var(--sub,#8b93a7);text-align:center;">se repetă pentru fiecare comandă · zi de zi</div> <div style="margin-top:auto;padding-top:12px;font:400 12px var(--font-ui);color:var(--sub,#8b93a7);text-align:center;">se repetă pentru fiecare comandă · zi de zi</div>
</div>
<!-- DREAPTA: calculatorul (slidere + cifre) -->
<div style="background:var(--card,#181c24);border:1px solid var(--line,#262b36);border-radius:14px;padding:34px;display:flex;flex-direction:column;">
<div style="display:grid;grid-template-columns:1fr 1fr;gap:28px;margin-bottom:28px;">
<div>
<div style="display:flex;align-items:baseline;justify-content:space-between;margin-bottom:10px;"><span style="font:500 13px var(--font-ui);color:var(--text,#e6e9ef);">Trimiteri/lună</span><span style="font:700 24px var(--font-ui);letter-spacing:-.02em;color:var(--accent,#2E74D6);" id="out-pres">100</span></div>
<input type="range" min="50" max="1500" step="10" value="100" id="calc-pres" data-act="calc" style="width:100%;height:6px;accent-color:var(--accent,#2E74D6);cursor:pointer;" />
</div>
<div>
<div style="display:flex;align-items:baseline;justify-content:space-between;margin-bottom:10px;"><span style="font:500 13px var(--font-ui);color:var(--text,#e6e9ef);">Manoperă</span><span style="font:700 24px var(--font-ui);letter-spacing:-.02em;color:var(--accent,#2E74D6);"><span id="out-rate">60</span><span style="font:500 12px var(--font-ui);color:var(--sub,#8b93a7);"> lei/h</span></span></div>
<input type="range" min="30" max="200" step="5" value="60" id="calc-rate" data-act="calc" style="width:100%;height:6px;accent-color:var(--accent,#2E74D6);cursor:pointer;" />
</div>
</div>
<div style="background:color-mix(in srgb,#E05D5D 9%,var(--card2,#0f1218));border:1px solid color-mix(in srgb,#E05D5D 28%,var(--line,#262b36));border-radius:10px;padding:22px 24px;">
<div style="font:600 11px var(--font-ui);color:var(--errt,#E05D5D);letter-spacing:.08em;text-transform:uppercase;margin-bottom:14px;">Pierdut pe raportare manuală</div>
<div style="display:grid;grid-template-columns:repeat(4,1fr);gap:14px;">
<div><div style="font:700 30px var(--font-ui);letter-spacing:-.02em;color:var(--errt,#E05D5D);"><span data-calc="leiMonth">0</span></div><div style="font:400 12px var(--font-ui);color:var(--sub,#8b93a7);margin-top:2px;">lei/lună</div></div>
<div><div style="font:700 30px var(--font-ui);letter-spacing:-.02em;color:var(--errt,#E05D5D);"><span data-calc="hMonth">0</span></div><div style="font:400 12px var(--font-ui);color:var(--sub,#8b93a7);margin-top:2px;">ore/lună</div></div>
<div><div style="font:700 30px var(--font-ui);letter-spacing:-.02em;color:var(--errt,#E05D5D);"><span data-calc="leiYear">0</span></div><div style="font:400 12px var(--font-ui);color:var(--sub,#8b93a7);margin-top:2px;">lei/an</div></div>
<div><div style="font:700 30px var(--font-ui);letter-spacing:-.02em;color:var(--errt,#E05D5D);"><span data-calc="days">0</span></div><div style="font:400 12px var(--font-ui);color:var(--sub,#8b93a7);margin-top:2px;">zile/an</div></div>
</div>
</div>
<div style="margin-top:20px;padding-top:18px;border-top:1px solid var(--line,#262b36);">
<div style="display:flex;align-items:center;gap:9px;font:600 14px var(--font-ui);color:var(--okt,#2FBF8F);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.2" style="flex-shrink:0;"><path d="M20 6L9 17l-5-5"/></svg>Cu ROA AUTOPASS: câteva secunde pentru tot lotul</div>
<div style="font:400 13px/1.55 var(--font-ui);color:var(--sub,#8b93a7);margin-top:6px;">Recuperezi ~<span data-calc="leiMonth">0</span> lei/lună și timpul îl pui pe mașini, nu pe formulare.</div>
</div>
<div style="margin-top:14px;display:flex;align-items:center;gap:8px;font:400 12px var(--font-ui);color:var(--mut,#5c6473);"><svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.7"><circle cx="12" cy="13" r="8"/><path d="M12 9v4l2.5 2.5M9 2h6"/></svg>Estimat la ~2,5 minute de tastat manual pentru fiecare trimitere.</div>
</div> </div>
</div> </div>
</div> </div>
<!-- AGITATE / CALCULATOR --> <!-- LEGE / AMENZI -->
<div style="padding:80px 40px;"> <div style="padding:56px 40px 80px;">
<div style="text-align:center;max-width:720px;margin:0 auto 40px;"> <div style="display:flex;gap:20px;align-items:flex-start;background:color-mix(in srgb,#E0A93B 9%,var(--card,#181c24));border:1px solid color-mix(in srgb,#E0A93B 34%,var(--line,#262b36));border-radius:12px;padding:26px 28px;">
<div style="font:500 13px var(--font-ui);color:var(--accent,#2E74D6);letter-spacing:.1em;text-transform:uppercase;margin-bottom:14px;">Cât te costă de fapt</div>
<h2 style="font:700 36px var(--font-ui);letter-spacing:-.02em;margin:0 0 12px;color:var(--text,#e6e9ef);">Fă socoteala. Minutele acelea sunt bani.</h2>
<p style="font:400 16px/1.6 var(--font-ui);color:var(--sub,#8b93a7);margin:0;">Mută cursorul la volumul service-ului tău și vezi cât timp și câți bani pleacă pe raportarea manuală.</p>
</div>
<div style="display:grid;grid-template-columns:1fr 1fr;gap:20px;margin:0 auto;align-items:stretch;">
<div style="background:var(--card,#181c24);border:1px solid var(--line,#262b36);border-radius:12px;padding:32px;">
<div style="margin-bottom:28px;">
<div style="display:flex;align-items:baseline;justify-content:space-between;margin-bottom:12px;"><span style="font:500 14px var(--font-ui);color:var(--text,#e6e9ef);">Prestații pe lună</span><span style="font:700 20px var(--font-mono);color:var(--accent,#2E74D6);" id="out-pres">300</span></div>
<input type="range" min="50" max="1500" step="10" value="300" id="calc-pres" data-act="calc" style="width:100%;height:6px;accent-color:var(--accent,#2E74D6);cursor:pointer;" />
</div>
<div style="margin-bottom:24px;">
<div style="display:flex;align-items:baseline;justify-content:space-between;margin-bottom:12px;"><span style="font:500 14px var(--font-ui);color:var(--text,#e6e9ef);">Cost manoperă</span><span style="font:700 20px var(--font-mono);color:var(--accent,#2E74D6);"><span id="out-rate">60</span> lei/h</span></div>
<input type="range" min="30" max="200" step="5" value="60" id="calc-rate" data-act="calc" style="width:100%;height:6px;accent-color:var(--accent,#2E74D6);cursor:pointer;" />
</div>
<div style="display:flex;align-items:center;gap:9px;padding-top:18px;border-top:1px solid var(--line,#262b36);font:400 13px/1.5 var(--font-ui);color:var(--sub,#8b93a7);"><svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.7" style="flex-shrink:0;"><circle cx="12" cy="13" r="8"/><path d="M12 9v4l2.5 2.5M9 2h6"/></svg>Estimat la ~2,5 minute de introdus manual pentru fiecare prestație.</div>
</div>
<div style="background:color-mix(in srgb,#E05D5D 9%,var(--card,#181c24));border:1px solid color-mix(in srgb,#E05D5D 32%,var(--line,#262b36));border-radius:12px;padding:32px;display:flex;flex-direction:column;justify-content:center;">
<div style="font:600 12px var(--font-ui);color:var(--errt,#E05D5D);letter-spacing:.08em;text-transform:uppercase;margin-bottom:8px;">Pierdut pe raportare manuală</div>
<div style="display:flex;align-items:baseline;gap:8px;"><span style="font:700 52px/1 var(--font-ui);letter-spacing:-.02em;color:var(--errt,#E05D5D);"><span data-calc="leiMonth">0</span></span><span style="font:500 15px var(--font-ui);color:var(--sub,#8b93a7);">lei / lună</span></div>
<div style="font:400 14px/1.6 var(--font-ui);color:var(--sub,#8b93a7);margin-top:8px;"><span data-calc="hMonth">0</span> ore pe lună &middot; <span data-calc="leiYear">0</span> lei pe an &middot;<span data-calc="days">0</span> zile lucrătoare/an doar cu raportarea.</div>
<div style="margin-top:20px;padding-top:18px;border-top:1px solid color-mix(in srgb,#E05D5D 24%,var(--line,#262b36));">
<div style="display:flex;align-items:center;gap:9px;font:600 14px var(--font-ui);color:var(--okt,#2FBF8F);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.2" style="flex-shrink:0;"><path d="M20 6L9 17l-5-5"/></svg>Cu ROMFAST: câteva secunde pentru tot lotul</div>
<div style="font:400 13px/1.55 var(--font-ui);color:var(--sub,#8b93a7);margin-top:6px;">Recuperezi ~<span data-calc="leiMonth">0</span> lei/lună și timpul îl pui pe mașini, nu pe formulare.</div>
</div>
</div>
</div>
<div style="margin:24px auto 0;display:flex;gap:20px;align-items:flex-start;background:color-mix(in srgb,#E0A93B 9%,var(--card,#181c24));border:1px solid color-mix(in srgb,#E0A93B 34%,var(--line,#262b36));border-radius:12px;padding:26px 28px;">
<div style="width:44px;height:44px;flex-shrink:0;border-radius:8px;background:color-mix(in srgb,#E0A93B 16%,transparent);display:flex;align-items:center;justify-content:center;color:#E0A93B;"><svg width="22" height="22" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.6"><path d="M12 3l8 4v5c0 4.4-3.1 8.3-8 9.5C7.1 20.3 4 16.4 4 12V7l8-4z"/><path d="M9.5 12l1.8 1.8L15 10"/></svg></div> <div style="width:44px;height:44px;flex-shrink:0;border-radius:8px;background:color-mix(in srgb,#E0A93B 16%,transparent);display:flex;align-items:center;justify-content:center;color:#E0A93B;"><svg width="22" height="22" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.6"><path d="M12 3l8 4v5c0 4.4-3.1 8.3-8 9.5C7.1 20.3 4 16.4 4 12V7l8-4z"/><path d="M9.5 12l1.8 1.8L15 10"/></svg></div>
<div> <div>
<div style="font:700 16px var(--font-ui);color:var(--text,#e6e9ef);margin-bottom:7px;">Evită riscul amenzilor — transmite automat la RAR Auto-Pass</div> <div style="font:700 16px var(--font-ui);color:var(--text,#e6e9ef);margin-bottom:7px;">Evită riscul amenzilor — transmite automat la RAR Auto-Pass</div>
@@ -205,10 +205,10 @@
</div> </div>
<!-- SOLVE --> <!-- SOLVE -->
<div style="padding:80px 40px;background:color-mix(in srgb,var(--accent,#2E74D6) 8%,var(--bg,#0f1218));border-top:1px solid var(--line,#262b36);border-bottom:1px solid var(--line,#262b36);"> <div id="cum-functioneaza" style="padding:80px 40px 40px;background:color-mix(in srgb,var(--accent,#2E74D6) 8%,var(--bg,#0f1218));border-top:1px solid var(--line,#262b36);border-bottom:1px solid var(--line,#262b36);">
<div style="max-width:780px;margin:0 auto;text-align:center;"> <div style="max-width:780px;margin:0 auto;text-align:center;">
<h2 style="font:700 36px var(--font-ui);letter-spacing:-.02em;margin:0 0 18px;color:var(--text,#e6e9ef);">Nu trebuie să fii bun cu calculatorul</h2> <h2 style="font:700 36px var(--font-ui);letter-spacing:-.02em;margin:0 0 18px;color:var(--text,#e6e9ef);">Nu trebuie să fii bun cu calculatorul</h2>
<p style="font:400 19px/1.75 var(--font-ui);color:var(--sub,#8b93a7);margin:0 auto;max-width:660px;"><span style="color:var(--accent,#2E74D6);font-weight:700;text-decoration:underline;text-underline-offset:3px;">Încarci</span> fișierul CSV/XLSX (sau trimiți direct prin API). ROA Auto-Pass îți propune asocierile — tu le <span style="color:var(--accent,#2E74D6);font-weight:700;text-decoration:underline;text-underline-offset:3px;">confirmi sau corectezi</span> o singură dată — apoi le <span style="color:var(--accent,#2E74D6);font-weight:700;text-decoration:underline;text-underline-offset:3px;">trimitem</span> la RAR, iar tu doar <span style="color:var(--accent,#2E74D6);font-weight:700;text-decoration:underline;text-underline-offset:3px;">urmărești</span> pe ecran.</p> <p style="font:400 19px/1.75 var(--font-ui);color:var(--sub,#8b93a7);margin:0 auto;max-width:660px;"><span style="color:var(--accent,#2E74D6);font-weight:700;text-decoration:underline;text-underline-offset:3px;">Încarci</span> fișierul CSV/XLSX (sau trimiți direct prin API). ROA AUTOPASS îți propune asocierile — tu le <span style="color:var(--accent,#2E74D6);font-weight:700;text-decoration:underline;text-underline-offset:3px;">confirmi sau corectezi</span> o singură dată — apoi le <span style="color:var(--accent,#2E74D6);font-weight:700;text-decoration:underline;text-underline-offset:3px;">trimitem</span> la RAR, iar tu doar <span style="color:var(--accent,#2E74D6);font-weight:700;text-decoration:underline;text-underline-offset:3px;">urmărești</span> pe ecran.</p>
</div> </div>
<div style="text-align:center;max-width:880px;margin:38px auto 0;font:400 20px/1.6 var(--font-ui);color:var(--sub,#8b93a7);"> <div style="text-align:center;max-width:880px;margin:38px auto 0;font:400 20px/1.6 var(--font-ui);color:var(--sub,#8b93a7);">
<span style="text-decoration:line-through;text-decoration-color:var(--errt,#E05D5D);text-decoration-thickness:2px;">23 minute de tastat pentru fiecare comandă</span><span style="color:var(--text,#e6e9ef);font-weight:700;">&nbsp;&nbsp; câteva secunde pentru tot lotul.</span> <span style="text-decoration:line-through;text-decoration-color:var(--errt,#E05D5D);text-decoration-thickness:2px;">23 minute de tastat pentru fiecare comandă</span><span style="color:var(--text,#e6e9ef);font-weight:700;">&nbsp;&nbsp; câteva secunde pentru tot lotul.</span>
@@ -216,10 +216,10 @@
</div> </div>
<!-- API INTEGRATION --> <!-- API INTEGRATION -->
<div style="padding:0 40px 80px;"> <div id="api" style="padding:56px 40px 80px;">
<div style="background:var(--card,#181c24);border:1px solid var(--line,#262b36);border-radius:14px;display:grid;grid-template-columns:1fr 1fr;gap:40px;padding:44px;align-items:center;"> <div style="background:var(--card,#181c24);border:1px solid var(--line,#262b36);border-radius:14px;display:grid;grid-template-columns:1fr 1fr;gap:40px;padding:44px;align-items:center;">
<div> <div>
<div style="display:inline-flex;align-items:center;gap:8px;padding:5px 11px;border-radius:99px;border:1px solid var(--line,#262b36);color:var(--sub,#8b93a7);font:500 12px var(--font-ui);margin-bottom:18px;">Pentru service-uri cu soft propriu · ROAAUTO</div> <div style="display:inline-flex;align-items:center;gap:8px;padding:5px 11px;border-radius:99px;border:1px solid var(--line,#262b36);color:var(--sub,#8b93a7);font:500 12px var(--font-ui);margin-bottom:18px;">Pentru service-uri cu soft propriu</div>
<h2 style="font:700 30px/1.15 var(--font-ui);letter-spacing:-.02em;margin:0 0 14px;color:var(--text,#e6e9ef);">Ai deja un soft de service? Conectează-l automat</h2> <h2 style="font:700 30px/1.15 var(--font-ui);letter-spacing:-.02em;margin:0 0 14px;color:var(--text,#e6e9ef);">Ai deja un soft de service? Conectează-l automat</h2>
<p style="font:400 15px/1.65 var(--font-ui);color:var(--sub,#8b93a7);margin:0 0 24px;">Softul tău se poate conecta și direct la API-ul RAR Auto-Pass. Cu ROMFAST primești în plus asistență la maparea automată a operațiilor tale (prin mai multe metode) și salvarea mapărilor pentru trimiterile viitoare — totul printr-un singur apel, cu cheie API per cont.</p> <p style="font:400 15px/1.65 var(--font-ui);color:var(--sub,#8b93a7);margin:0 0 24px;">Softul tău se poate conecta și direct la API-ul RAR Auto-Pass. Cu ROMFAST primești în plus asistență la maparea automată a operațiilor tale (prin mai multe metode) și salvarea mapărilor pentru trimiterile viitoare — totul printr-un singur apel, cu cheie API per cont.</p>
<button style="height:44px;padding:0 20px;border-radius:6px;background:transparent;border:1px solid var(--line,#262b36);color:var(--text,#e6e9ef);font:500 14px var(--font-ui);cursor:pointer;display:inline-flex;align-items:center;gap:8px;transition:transform .18s ease, background .18s ease, border-color .18s ease;" style-hover="background:#1F9D5C;border-color:#1F9D5C;color:#fff;transform:translateY(-1px)">Vezi documentația API <svg width="15" height="15" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.8"><path d="M5 12h14M13 6l6 6-6 6"/></svg></button> <button style="height:44px;padding:0 20px;border-radius:6px;background:transparent;border:1px solid var(--line,#262b36);color:var(--text,#e6e9ef);font:500 14px var(--font-ui);cursor:pointer;display:inline-flex;align-items:center;gap:8px;transition:transform .18s ease, background .18s ease, border-color .18s ease;" style-hover="background:#1F9D5C;border-color:#1F9D5C;color:#fff;transform:translateY(-1px)">Vezi documentația API <svg width="15" height="15" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.8"><path d="M5 12h14M13 6l6 6-6 6"/></svg></button>
@@ -242,72 +242,93 @@
</div> </div>
</div> </div>
<!-- PRICING --> <!-- TRIAL BENEFIT -->
<div style="padding:0 40px 80px;"> <div style="padding:0 40px 80px;">
<div style="text-align:center;margin-bottom:44px;"> <div style="display:flex;align-items:center;gap:22px;background:color-mix(in srgb,#2FBF8F 9%,var(--card,#181c24));border:1px solid color-mix(in srgb,#2FBF8F 32%,var(--line,#262b36));border-radius:14px;padding:30px 34px;flex-wrap:wrap;">
<div style="font:500 13px var(--font-ui);color:var(--accent,#2E74D6);letter-spacing:.08em;text-transform:uppercase;margin-bottom:12px;">Preț</div> <div style="width:48px;height:48px;flex-shrink:0;border-radius:10px;background:color-mix(in srgb,#2FBF8F 16%,transparent);display:flex;align-items:center;justify-content:center;color:var(--okt,#2FBF8F);"><svg width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.7"><path d="M12 2v4M12 18v4M2 12h4M18 12h4"/><circle cx="12" cy="12" r="4.5"/></svg></div>
<h2 style="font:700 34px var(--font-ui);letter-spacing:-.02em;margin:0 0 10px;color:var(--text,#e6e9ef);">Pentru un service mic, nu costă nimic</h2> <div style="flex:1;min-width:240px;">
<p style="font:400 15px var(--font-ui);color:var(--sub,#8b93a7);margin:0;">Fiecare cont începe cu <strong style="color:var(--text,#e6e9ef);font-weight:600;">Pro gratuit 30 de zile</strong>. Apoi trece automat pe Gratuit — fără plată, dacă nu alegi alt plan. Fără card bancar.</p> <div style="font:700 19px var(--font-ui);letter-spacing:-.01em;color:var(--text,#e6e9ef);margin-bottom:5px;"><span style="color:var(--okt,#2FBF8F);">30 de zile Pro gratuit</span> la fiecare cont nou</div>
<p style="font:400 14px/1.6 var(--font-ui);color:var(--sub,#8b93a7);margin:0;">Începi direct cu tot ce are planul Pro — import API, categorisire automată și suport rapid. După 30 de zile treci automat pe Gratuit, fără plată și fără întreruperi.</p>
</div>
<button data-act="auth" data-tab="register" data-plan="pro" style="height:48px;padding:0 24px;border-radius:6px;background:#1F9D5C;border:1px solid #1F9D5C;color:#fff;font:700 14px var(--font-ui);cursor:pointer;white-space:nowrap;transition:transform .2s cubic-bezier(.2,.8,.2,1), background .2s ease, box-shadow .2s ease;" style-hover="background:#16864a;border-color:#16864a;transform:translateY(-1px)">Începe gratuit</button>
</div> </div>
<div style="display:grid;grid-template-columns:repeat(4,1fr);gap:16px;margin:0 auto;align-items:start;"> </div>
<!-- PRICING -->
<div id="pret" style="padding:0 40px 80px;">
<div style="text-align:center;margin-bottom:44px;">
<h2 style="font:700 34px var(--font-ui);letter-spacing:-.02em;margin:0 0 10px;color:var(--text,#e6e9ef);">Pentru un service mic, nu costă nimic</h2>
<p style="font:400 15px var(--font-ui);color:var(--sub,#8b93a7);margin:0;">Alege planul potrivit volumului tău. Poți schimba sau anula oricând.</p>
</div>
<div style="display:grid;grid-template-columns:repeat(4,1fr);gap:16px;margin:0 auto;align-items:stretch;">
<!-- Gratuit --> <!-- Gratuit -->
<div style="background:var(--card,#181c24);border:1.5px solid var(--accent,#2E74D6);border-radius:12px;padding:26px 24px;position:relative;"> <div style="background:var(--card,#181c24);border:1px solid var(--line,#262b36);border-radius:12px;padding:26px 24px;display:flex;flex-direction:column;">
<div style="position:absolute;top:-12px;left:20px;padding:4px 11px;border-radius:99px;background:var(--accent,#2E74D6);color:#fff;font:700 10px var(--font-ui);letter-spacing:.04em;text-transform:uppercase;">Testare și firme mici</div>
<div style="font:700 17px var(--font-ui);color:var(--text,#e6e9ef);margin-bottom:8px;">Gratuit</div> <div style="font:700 17px var(--font-ui);color:var(--text,#e6e9ef);margin-bottom:8px;">Gratuit</div>
<div style="display:flex;align-items:baseline;gap:5px;margin-bottom:4px;"><span style="font:700 32px var(--font-ui);letter-spacing:-.02em;color:var(--text,#e6e9ef);">0 lei</span><span style="font:400 13px var(--font-ui);color:var(--sub,#8b93a7);">/lună</span></div> <div style="display:flex;align-items:baseline;gap:5px;margin-bottom:4px;"><span style="font:700 32px var(--font-ui);letter-spacing:-.02em;color:var(--text,#e6e9ef);">0 lei</span><span style="font:400 13px var(--font-ui);color:var(--sub,#8b93a7);">/lună</span></div>
<div style="font:400 13px var(--font-ui);color:var(--sub,#8b93a7);margin-bottom:20px;">Fără card bancar</div> <div style="font:400 13px var(--font-ui);color:var(--sub,#8b93a7);margin-bottom:20px;">Până la 60 de trimiteri/lună</div>
<div style="display:flex;flex-direction:column;gap:10px;margin-bottom:22px;"> <div style="display:flex;flex-direction:column;gap:10px;margin-bottom:22px;flex:1;">
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Până la 60 de prestații/lună</div> <div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Sugestii automate de operații RAR</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Sugestii automate de prestații RAR (din mii)</div> <div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Mapare coloane cu salvare</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Mapare manuală coloane, cu salvare</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Validare și anti-duplicat</div> <div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Validare și anti-duplicat</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Suport contact/email în 48h</div> <div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--mut,#5c6473);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="var(--mut,#5c6473)" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M5 12h14"/></svg>Trimiteri nelimitate</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--sub,#8b93a7);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="var(--sub,#8b93a7)" stroke-width="1.8" style="flex-shrink:0;margin-top:1px;"><path d="M4 12h16"/></svg>Fără import API</div> <div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--mut,#5c6473);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="var(--mut,#5c6473)" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M5 12h14"/></svg>Import prin API</div>
<span style="display:none;"></span> <div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--mut,#5c6473);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="var(--mut,#5c6473)" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M5 12h14"/></svg>Categorisire automată, cu confirmare</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--mut,#5c6473);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="var(--mut,#5c6473)" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M5 12h14"/></svg>Integrare în softul tău</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Suport email, în 48h</div>
</div> </div>
<button data-act="auth" data-tab="register" data-plan="Gratuit" style="width:100%;height:46px;border-radius:6px;background:#1F9D5C;border:1px solid #1F9D5C;color:#fff;font:700 14px var(--font-ui);cursor:pointer;transition:transform .2s cubic-bezier(.2,.8,.2,1), background .2s ease, box-shadow .2s ease;" style-hover="background:#16864a;border-color:#16864a;transform:translateY(-1px)">Creează cont gratuit</button> <button data-act="auth" data-tab="register" data-plan="free" style="width:100%;height:46px;border-radius:6px;background:transparent;border:1px solid var(--line,#262b36);color:var(--text,#e6e9ef);font:500 14px var(--font-ui);cursor:pointer;transition:transform .18s ease, background .18s ease, border-color .18s ease;" style-hover="background:#1F9D5C;border-color:#1F9D5C;color:#fff;transform:translateY(-1px)">Creează cont gratuit</button>
</div> </div>
<!-- Standard --> <!-- Standard -->
<div style="background:var(--card,#181c24);border:1px solid var(--line,#262b36);border-radius:12px;padding:26px 24px;"> <div style="background:var(--card,#181c24);border:1.5px solid var(--accent,#2E74D6);border-radius:12px;padding:26px 24px;position:relative;display:flex;flex-direction:column;">
<div style="position:absolute;top:-12px;left:20px;padding:4px 11px;border-radius:99px;background:var(--accent,#2E74D6);color:#fff;font:700 10px var(--font-ui);letter-spacing:.04em;text-transform:uppercase;">Popular</div>
<div style="font:700 17px var(--font-ui);color:var(--text,#e6e9ef);margin-bottom:8px;">Standard</div> <div style="font:700 17px var(--font-ui);color:var(--text,#e6e9ef);margin-bottom:8px;">Standard</div>
<div style="display:flex;align-items:baseline;gap:5px;margin-bottom:4px;"><span style="font:700 32px var(--font-ui);letter-spacing:-.02em;color:var(--text,#e6e9ef);">39 lei</span><span style="font:400 13px var(--font-ui);color:var(--sub,#8b93a7);">/lună</span></div> <div style="display:flex;align-items:baseline;gap:5px;margin-bottom:4px;"><span style="font:700 32px var(--font-ui);letter-spacing:-.02em;color:var(--text,#e6e9ef);">49 lei</span><span style="font:400 13px var(--font-ui);color:var(--sub,#8b93a7);">/lună</span><span style="font:400 12px var(--font-ui);color:var(--mut,#5c6473);">* fără TVA</span></div>
<div style="font:400 13px var(--font-ui);color:var(--sub,#8b93a7);margin-bottom:20px;">Volum nelimitat, fără API</div> <div style="font:400 13px var(--font-ui);color:var(--sub,#8b93a7);margin-bottom:20px;">Trimiteri nelimitate</div>
<div style="display:flex;flex-direction:column;gap:10px;margin-bottom:22px;"> <div style="display:flex;flex-direction:column;gap:10px;margin-bottom:22px;flex:1;">
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Tot din Gratuit</div> <div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Sugestii automate de operații RAR</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Prestații nelimitate</div> <div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Mapare coloane cu salvare</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Suport contact/email în 48h</div> <div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Validare și anti-duplicat</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--sub,#8b93a7);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="var(--sub,#8b93a7)" stroke-width="1.8" style="flex-shrink:0;margin-top:1px;"><path d="M4 12h16"/></svg>Fără import API</div> <div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Trimiteri nelimitate</div>
<span style="display:none;"></span> <div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--mut,#5c6473);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="var(--mut,#5c6473)" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M5 12h14"/></svg>Import prin API</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--mut,#5c6473);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="var(--mut,#5c6473)" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M5 12h14"/></svg>Categorisire automată, cu confirmare</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--mut,#5c6473);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="var(--mut,#5c6473)" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M5 12h14"/></svg>Integrare în softul tău</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Suport email, maxim 24h</div>
</div> </div>
<button style="width:100%;height:46px;border-radius:6px;background:transparent;border:1px solid var(--line,#262b36);color:var(--text,#e6e9ef);font:500 14px var(--font-ui);cursor:pointer;transition:transform .18s ease, background .18s ease, border-color .18s ease;" style-hover="background:#1F9D5C;border-color:#1F9D5C;color:#fff;transform:translateY(-1px)" data-act="auth" data-tab="register" data-plan="Standard">Creează cont gratuit</button> <button style="width:100%;height:46px;border-radius:6px;background:#1F9D5C;border:1px solid #1F9D5C;color:#fff;font:700 14px var(--font-ui);cursor:pointer;transition:transform .2s cubic-bezier(.2,.8,.2,1), background .2s ease, box-shadow .2s ease;" style-hover="background:#16864a;border-color:#16864a;transform:translateY(-1px)" data-act="auth" data-tab="register" data-plan="standard">Creează cont gratuit</button>
</div> </div>
<!-- Pro --> <!-- Pro -->
<div style="background:var(--card,#181c24);border:1px solid var(--line,#262b36);border-radius:12px;padding:26px 24px;position:relative;"> <div style="background:var(--card,#181c24);border:1px solid var(--line,#262b36);border-radius:12px;padding:26px 24px;display:flex;flex-direction:column;">
<div style="position:absolute;top:-12px;left:20px;padding:4px 11px;border-radius:99px;background:color-mix(in srgb,#2FBF8F 90%,#000);color:#fff;font:700 10px var(--font-ui);letter-spacing:.04em;text-transform:uppercase;">Cel mai ales</div>
<div style="font:700 17px var(--font-ui);color:var(--text,#e6e9ef);margin-bottom:8px;">Pro</div> <div style="font:700 17px var(--font-ui);color:var(--text,#e6e9ef);margin-bottom:8px;">Pro</div>
<div style="display:flex;align-items:baseline;gap:5px;margin-bottom:4px;"><span style="font:700 32px var(--font-ui);letter-spacing:-.02em;color:var(--text,#e6e9ef);">59 lei</span><span style="font:400 13px var(--font-ui);color:var(--sub,#8b93a7);">/lună</span></div> <div style="display:flex;align-items:baseline;gap:5px;margin-bottom:4px;"><span style="font:700 32px var(--font-ui);letter-spacing:-.02em;color:var(--text,#e6e9ef);">59 lei</span><span style="font:400 13px var(--font-ui);color:var(--sub,#8b93a7);">/lună</span><span style="font:400 12px var(--font-ui);color:var(--mut,#5c6473);">* fără TVA</span></div>
<div style="font:400 13px var(--font-ui);color:var(--sub,#8b93a7);margin-bottom:20px;">Cu acces API</div> <div style="font:400 13px var(--font-ui);color:var(--sub,#8b93a7);margin-bottom:20px;">Nelimitat + acces API</div>
<div style="display:flex;flex-direction:column;gap:10px;margin-bottom:22px;"> <div style="display:flex;flex-direction:column;gap:10px;margin-bottom:22px;flex:1;">
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Tot din Standard</div> <div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Sugestii automate de operații RAR</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Import prin API + cheie API per cont</div> <div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Mapare coloane cu salvare</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Suport pe email în 24h</div> <div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Validare și anti-duplicat</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Categorisire automată, cu confirmare la operațiile incerte</div> <div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Trimiteri nelimitate</div>
<span style="display:none;"></span> <div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Import prin API</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Categorisire automată, cu confirmare</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--mut,#5c6473);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="var(--mut,#5c6473)" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M5 12h14"/></svg>Integrare în softul tău</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Suport email, maxim 8h</div>
</div> </div>
<button style="width:100%;height:46px;border-radius:6px;background:transparent;border:1px solid var(--line,#262b36);color:var(--text,#e6e9ef);font:500 14px var(--font-ui);cursor:pointer;transition:transform .18s ease, background .18s ease, border-color .18s ease;" style-hover="background:#1F9D5C;border-color:#1F9D5C;color:#fff;transform:translateY(-1px)" data-act="auth" data-tab="register" data-plan="Pro">Creează cont gratuit</button> <button style="width:100%;height:46px;border-radius:6px;background:transparent;border:1px solid var(--line,#262b36);color:var(--text,#e6e9ef);font:500 14px var(--font-ui);cursor:pointer;transition:transform .18s ease, background .18s ease, border-color .18s ease;" style-hover="background:#1F9D5C;border-color:#1F9D5C;color:#fff;transform:translateY(-1px)" data-act="auth" data-tab="register" data-plan="pro">Creează cont gratuit</button>
</div> </div>
<!-- Premium --> <!-- Premium -->
<div style="background:var(--card,#181c24);border:1px solid var(--line,#262b36);border-radius:12px;padding:26px 24px;"> <div style="background:var(--card,#181c24);border:1px solid var(--line,#262b36);border-radius:12px;padding:26px 24px;display:flex;flex-direction:column;">
<div style="font:700 17px var(--font-ui);color:var(--text,#e6e9ef);margin-bottom:8px;">Premium</div> <div style="font:700 17px var(--font-ui);color:var(--text,#e6e9ef);margin-bottom:8px;">Premium</div>
<div style="display:flex;align-items:baseline;gap:5px;margin-bottom:4px;"><span style="font:700 30px var(--font-ui);letter-spacing:-.02em;color:var(--text,#e6e9ef);">La cerere</span></div> <div style="display:flex;align-items:baseline;gap:5px;margin-bottom:4px;"><span style="font:700 32px var(--font-ui);letter-spacing:-.02em;color:var(--text,#e6e9ef);">La cerere</span></div>
<div style="font:400 13px var(--font-ui);color:var(--sub,#8b93a7);margin-bottom:20px;">Soluție personalizată</div> <div style="font:400 13px var(--font-ui);color:var(--sub,#8b93a7);margin-bottom:20px;">Soluție personalizată</div>
<div style="display:flex;flex-direction:column;gap:10px;margin-bottom:22px;"> <div style="display:flex;flex-direction:column;gap:10px;margin-bottom:22px;flex:1;">
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Tot din Pro</div> <div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Sugestii automate de operații RAR</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Opțiune de integrare în softul tău</div> <div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Mapare coloane cu salvare</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Suport telefonic și online</div> <div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Validare și anti-duplicat</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Asistență și onboarding dedicate</div> <div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Trimiteri nelimitate</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Import prin API</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Categorisire automată, cu confirmare</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Integrare în softul tău</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Suport telefonic + onboarding dedicat</div>
</div> </div>
<button style="width:100%;height:46px;border-radius:6px;background:transparent;border:1px solid var(--line,#262b36);color:var(--text,#e6e9ef);font:500 14px var(--font-ui);cursor:pointer;transition:transform .18s ease, background .18s ease, border-color .18s ease;" style-hover="background:#1F9D5C;border-color:#1F9D5C;color:#fff;transform:translateY(-1px)" data-act="auth" data-tab="register" data-plan="Premium">Creează cont gratuit</button> <button style="width:100%;height:46px;border-radius:6px;background:transparent;border:1px solid var(--line,#262b36);color:var(--text,#e6e9ef);font:500 14px var(--font-ui);cursor:pointer;transition:transform .18s ease, background .18s ease, border-color .18s ease;" style-hover="background:#1F9D5C;border-color:#1F9D5C;color:#fff;transform:translateY(-1px)" data-act="auth" data-tab="register" data-plan="premium">Creează cont gratuit</button>
</div> </div>
</div> </div>
</div> </div>
@@ -339,10 +360,9 @@
<div> <div>
<div style="font:500 13px var(--font-ui);color:var(--accent,#2E74D6);letter-spacing:.1em;text-transform:uppercase;margin-bottom:14px;">Creează cont</div> <div style="font:500 13px var(--font-ui);color:var(--accent,#2E74D6);letter-spacing:.1em;text-transform:uppercase;margin-bottom:14px;">Creează cont</div>
<h2 style="font:700 34px/1.15 var(--font-ui);letter-spacing:-.02em;margin:0 0 14px;color:var(--text,#e6e9ef);">Creează cont în 2 minute și declară azi la RAR</h2> <h2 style="font:700 34px/1.15 var(--font-ui);letter-spacing:-.02em;margin:0 0 14px;color:var(--text,#e6e9ef);">Creează cont în 2 minute și declară azi la RAR</h2>
<p style="font:400 16px/1.6 var(--font-ui);color:var(--sub,#8b93a7);margin:0 0 24px;">Te înregistrezi gratuit, fără card bancar. Imediat poți încărca primul fișier sau conecta softul de service.</p> <p style="font:400 16px/1.6 var(--font-ui);color:var(--sub,#8b93a7);margin:0 0 24px;">Te înregistrezi gratuit. Imediat poți încărca primul fișier sau conecta softul de service.</p>
<div style="display:flex;flex-direction:column;gap:12px;"> <div style="display:flex;flex-direction:column;gap:12px;">
<div style="display:flex;gap:10px;align-items:center;font:400 15px var(--font-ui);color:var(--text,#e6e9ef);"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;"><path d="M20 6L9 17l-5-5"/></svg>Pro gratuit 30 de zile, apoi automat pe Gratuit</div> <div style="display:flex;gap:10px;align-items:center;font:400 15px var(--font-ui);color:var(--text,#e6e9ef);"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;"><path d="M20 6L9 17l-5-5"/></svg>Pro gratuit 30 de zile, apoi automat pe Gratuit</div>
<div style="display:flex;gap:10px;align-items:center;font:400 15px var(--font-ui);color:var(--text,#e6e9ef);"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;"><path d="M20 6L9 17l-5-5"/></svg>Fără card bancar la înscriere</div>
<div style="display:flex;gap:10px;align-items:center;font:400 15px var(--font-ui);color:var(--text,#e6e9ef);"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;"><path d="M20 6L9 17l-5-5"/></svg>Conform Legii 142/2023 și OMTI 210/2024</div> <div style="display:flex;gap:10px;align-items:center;font:400 15px var(--font-ui);color:var(--text,#e6e9ef);"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;"><path d="M20 6L9 17l-5-5"/></svg>Conform Legii 142/2023 și OMTI 210/2024</div>
<div style="display:flex;gap:10px;align-items:center;font:400 15px var(--font-ui);color:var(--text,#e6e9ef);"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;"><path d="M20 6L9 17l-5-5"/></svg>Datele cu caracter personal criptate (GDPR)</div> <div style="display:flex;gap:10px;align-items:center;font:400 15px var(--font-ui);color:var(--text,#e6e9ef);"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;"><path d="M20 6L9 17l-5-5"/></svg>Datele cu caracter personal criptate (GDPR)</div>
</div> </div>
@@ -354,12 +374,12 @@
</div> </div>
<form method="post" action="/signup" data-pane="register"> <form method="post" action="/signup" data-pane="register">
<input type="hidden" name="csrf_token" value="{{ csrf_token }}"> <input type="hidden" name="csrf_token" value="{{ csrf_token }}">
<label style="display:block;margin-bottom:14px;"><span style="display:block;margin-bottom:6px;font:500 13px var(--font-ui);color:var(--sub,#8b93a7);">Nume contact</span><input type="text" name="name" required placeholder="Ion Popescu" style="width:100%;height:44px;padding:0 12px;border:1px solid var(--line,#262b36);border-radius:6px;background:var(--card2,#0f1218);color:var(--text,#e6e9ef);font:400 14px var(--font-ui);outline:none;" /></label> <label style="display:block;margin-bottom:14px;"><span style="display:block;margin-bottom:6px;font:500 13px var(--font-ui);color:var(--sub,#8b93a7);">Companie</span><input type="text" name="name" required placeholder="SC Service Auto SRL" style="width:100%;height:44px;padding:0 12px;border:1px solid var(--line,#262b36);border-radius:6px;background:var(--card2,#0f1218);color:var(--text,#e6e9ef);font:400 14px var(--font-ui);outline:none;" /></label>
<label style="display:block;margin-bottom:14px;"><span style="display:block;margin-bottom:6px;font:500 13px var(--font-ui);color:var(--sub,#8b93a7);">CUI</span><input type="text" name="cui" required placeholder="RO12345678" style="width:100%;height:44px;padding:0 12px;border:1px solid var(--line,#262b36);border-radius:6px;background:var(--card2,#0f1218);color:var(--text,#e6e9ef);font:400 14px var(--font-mono);outline:none;" /></label> <label style="display:block;margin-bottom:14px;"><span style="display:block;margin-bottom:6px;font:500 13px var(--font-ui);color:var(--sub,#8b93a7);">CUI</span><input type="text" name="cui" required placeholder="RO12345678" style="width:100%;height:44px;padding:0 12px;border:1px solid var(--line,#262b36);border-radius:6px;background:var(--card2,#0f1218);color:var(--text,#e6e9ef);font:400 14px var(--font-mono);outline:none;" /></label>
<label style="display:block;margin-bottom:14px;"><span style="display:block;margin-bottom:6px;font:500 13px var(--font-ui);color:var(--sub,#8b93a7);">Email</span><input type="email" name="email" required placeholder="nume@service.ro" style="width:100%;height:44px;padding:0 12px;border:1px solid var(--line,#262b36);border-radius:6px;background:var(--card2,#0f1218);color:var(--text,#e6e9ef);font:400 14px var(--font-ui);outline:none;" /></label> <label style="display:block;margin-bottom:14px;"><span style="display:block;margin-bottom:6px;font:500 13px var(--font-ui);color:var(--sub,#8b93a7);">Email</span><input type="email" name="email" required placeholder="nume@service.ro" style="width:100%;height:44px;padding:0 12px;border:1px solid var(--line,#262b36);border-radius:6px;background:var(--card2,#0f1218);color:var(--text,#e6e9ef);font:400 14px var(--font-ui);outline:none;" /></label>
<label style="display:block;margin-bottom:14px;"><span style="display:block;margin-bottom:6px;font:500 13px var(--font-ui);color:var(--sub,#8b93a7);">Parolă</span><input type="password" name="parola" required minlength="10" placeholder="Minim 10 caractere" style="width:100%;height:44px;padding:0 12px;border:1px solid var(--line,#262b36);border-radius:6px;background:var(--card2,#0f1218);color:var(--text,#e6e9ef);font:400 14px var(--font-ui);outline:none;" /></label> <label style="display:block;margin-bottom:14px;"><span style="display:block;margin-bottom:6px;font:500 13px var(--font-ui);color:var(--sub,#8b93a7);">Parolă</span><input type="password" name="parola" required minlength="10" placeholder="Minim 10 caractere" style="width:100%;height:44px;padding:0 12px;border:1px solid var(--line,#262b36);border-radius:6px;background:var(--card2,#0f1218);color:var(--text,#e6e9ef);font:400 14px var(--font-ui);outline:none;" /></label>
<label style="display:block;margin-bottom:16px;"><span style="display:block;margin-bottom:6px;font:500 13px var(--font-ui);color:var(--sub,#8b93a7);">Pachet ales</span><select id="plan-select" name="plan" style="width:100%;height:44px;padding:0 10px;border:1px solid var(--line,#262b36);border-radius:6px;background:var(--card2,#0f1218);color:var(--text,#e6e9ef);font:400 14px var(--font-ui);outline:none;cursor:pointer;"><option value="Gratuit" selected>Gratuit — 0 lei/lună</option><option value="Standard">Standard — 39 lei/lună</option><option value="Pro">Pro — 59 lei/lună</option><option value="Premium">Premium — la cerere</option></select></label> <label style="display:block;margin-bottom:16px;"><span style="display:block;margin-bottom:6px;font:500 13px var(--font-ui);color:var(--sub,#8b93a7);">Pachet ales</span><select id="plan-select" name="plan" style="width:100%;height:44px;padding:0 10px;border:1px solid var(--line,#262b36);border-radius:6px;background:var(--card2,#0f1218);color:var(--text,#e6e9ef);font:400 14px var(--font-ui);outline:none;cursor:pointer;"><option value="free" selected>Gratuit — 0 lei/lună</option><option value="standard">Standard — 49 lei/lună</option><option value="pro">Pro — 59 lei/lună</option><option value="premium">Premium — la cerere</option></select></label>
<label style="display:flex;gap:9px;align-items:flex-start;margin-bottom:18px;font:400 13px/1.5 var(--font-ui);color:var(--sub,#8b93a7);cursor:pointer;"><input type="checkbox" required style="margin-top:2px;accent-color:var(--accent,#2E74D6);width:16px;height:16px;flex-shrink:0;" />Sunt de acord cu Termenii și cu prelucrarea datelor conform politicii de confidențialitate (GDPR).</label> <label style="display:flex;gap:9px;align-items:flex-start;margin-bottom:18px;font:400 13px/1.5 var(--font-ui);color:var(--sub,#8b93a7);cursor:pointer;"><input type="checkbox" name="consent" value="1" required style="margin-top:2px;accent-color:var(--accent,#2E74D6);width:16px;height:16px;flex-shrink:0;" />Sunt de acord cu Termenii și cu prelucrarea datelor conform politicii de confidențialitate (GDPR).</label>
<button type="submit" class="btn-green" style="width:100%;height:48px;border-radius:6px;background:#1F9D5C;border:1px solid #1F9D5C;color:#fff;font:700 15px var(--font-ui);cursor:pointer;transition:transform .2s cubic-bezier(.2,.8,.2,1), background .2s ease, box-shadow .2s ease;">Creează cont gratuit</button> <button type="submit" class="btn-green" style="width:100%;height:48px;border-radius:6px;background:#1F9D5C;border:1px solid #1F9D5C;color:#fff;font:700 15px var(--font-ui);cursor:pointer;transition:transform .2s cubic-bezier(.2,.8,.2,1), background .2s ease, box-shadow .2s ease;">Creează cont gratuit</button>
<div style="text-align:center;margin-top:14px;font:400 13px var(--font-ui);color:var(--sub,#8b93a7);">Ai deja cont? <a data-act="tab" data-tab="login" style="color:var(--accent,#2E74D6);font-weight:500;cursor:pointer;">Autentifică-te</a></div> <div style="text-align:center;margin-top:14px;font:400 13px var(--font-ui);color:var(--sub,#8b93a7);">Ai deja cont? <a data-act="tab" data-tab="login" style="color:var(--accent,#2E74D6);font-weight:500;cursor:pointer;">Autentifică-te</a></div>
</form> </form>
@@ -375,18 +395,6 @@
</div> </div>
</div> </div>
<!-- FINAL CTA -->
<div style="padding:0 40px 80px;">
<div style="background:var(--card,#181c24);border:1px solid var(--line,#262b36);border-radius:16px;padding:56px 40px;text-align:center;">
<h2 style="font:700 36px var(--font-ui);letter-spacing:-.02em;margin:0 0 14px;color:var(--text,#e6e9ef);">Începe să declari la RAR în câteva minute</h2>
<p style="font:400 16px var(--font-ui);color:var(--sub,#8b93a7);margin:0 0 28px;">Gratuit până la 60 de prezentări pe lună. Fără card bancar.</p>
<div style="display:flex;gap:12px;justify-content:center;">
<button data-act="auth" data-tab="register" style="height:50px;padding:0 28px;border-radius:6px;background:#1F9D5C;border:1px solid #1F9D5C;color:#fff;font:700 15px var(--font-ui);cursor:pointer;transition:transform .2s cubic-bezier(.2,.8,.2,1), background .2s ease, box-shadow .2s ease;" style-hover="background:#16864a;border-color:#16864a;transform:translateY(-1px)">Creează cont gratuit</button>
<button data-act="auth" data-tab="login" style="height:50px;padding:0 24px;border-radius:6px;background:transparent;border:1px solid var(--line,#262b36);color:var(--text,#e6e9ef);font:500 15px var(--font-ui);cursor:pointer;transition:transform .18s ease, background .18s ease, border-color .18s ease;" style-hover="background:#1F9D5C;border-color:#1F9D5C;color:#fff;transform:translateY(-1px)">Autentificare</button>
</div>
</div>
</div>
<!-- FOOTER --> <!-- FOOTER -->
<div style="border-top:1px solid var(--line,#262b36);padding:36px 40px;display:flex;align-items:center;justify-content:space-between;flex-wrap:wrap;gap:16px;"> <div style="border-top:1px solid var(--line,#262b36);padding:36px 40px;display:flex;align-items:center;justify-content:space-between;flex-wrap:wrap;gap:16px;">
<div style="font:700 18px var(--font-ui);letter-spacing:-.02em;color:var(--text,#e6e9ef);">ROM<span style="color:var(--accent,#2E74D6);">FAST</span></div> <div style="font:700 18px var(--font-ui);letter-spacing:-.02em;color:var(--text,#e6e9ef);">ROM<span style="color:var(--accent,#2E74D6);">FAST</span></div>
@@ -421,7 +429,7 @@
var hMonth=(p*minPer)/60,leiMonth=hMonth*r; var hMonth=(p*minPer)/60,leiMonth=hMonth*r;
document.getElementById('out-pres').textContent=p; document.getElementById('out-pres').textContent=p;
document.getElementById('out-rate').textContent=r; document.getElementById('out-rate').textContent=r;
var map={leiMonth:nf.format(Math.round(leiMonth)),hMonth:nf1.format(hMonth),leiYear:nf.format(Math.round(leiMonth*12)),days:nf1.format((hMonth*12)/8)}; var map={leiMonth:nf.format(Math.round(leiMonth)),hMonth:nf.format(Math.round(hMonth)),leiYear:nf.format(Math.round(leiMonth*12)),days:nf.format(Math.round((hMonth*12)/8))};
Object.keys(map).forEach(function(k){document.querySelectorAll('[data-calc="'+k+'"]').forEach(function(n){n.textContent=map[k];});}); Object.keys(map).forEach(function(k){document.querySelectorAll('[data-calc="'+k+'"]').forEach(function(n){n.textContent=map[k];});});
} }
if(pres&&rate){pres.addEventListener('input',recalc);rate.addEventListener('input',recalc);recalc();} if(pres&&rate){pres.addEventListener('input',recalc);rate.addEventListener('input',recalc);recalc();}

View File

@@ -1,5 +1,5 @@
{% extends "base.html" %} {% extends "base.html" %}
{% block title %}Autentificare — ROMFAST AUTOPASS{% endblock %} {% block title %}Autentificare — ROA AUTOPASS{% endblock %}
{% block content %} {% block content %}
{# US-010 (PRD 5.16): /login — layout 2 coloane branduit. {# US-010 (PRD 5.16): /login — layout 2 coloane branduit.
Stanga: logo + tagline + puncte de incredere. Stanga: logo + tagline + puncte de incredere.
@@ -8,31 +8,7 @@
<div class="login-2col" style="max-width:860px; margin:32px auto;"> <div class="login-2col" style="max-width:860px; margin:32px auto;">
{# Antet minimal deja randat in base.html (fara RAR dot, fara burger, fara account_name) #} {# Antet minimal deja randat in base.html (fara RAR dot, fara burger, fara account_name) #}
<div class="login-shell"> <div class="login-shell">
{# === Coloana stanga: brand + trust === #} {# === Formular autentificare === #}
<aside class="login-aside" aria-label="Despre ROMFAST AUTOPASS">
<div class="login-brand-row">
<img src="/static/romfast_logo.png" alt="ROMFAST" style="height:36px; width:auto;">
</div>
<h2 class="login-headline">ROMFAST <span style="color:var(--accent);">AUTOPASS</span></h2>
<p class="login-tagline">Declara prestatiile de service-auto la RAR AUTOPASS, automat.
Conform Legii 142/2023 si OMTI 210/2024.</p>
<ul class="login-trust">
<li>
<svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.2" aria-hidden="true"><path d="M20 6L9 17l-5-5"/></svg>
Conform Legii 142/2023 si OMTI 210/2024
</li>
<li>
<svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.8" aria-hidden="true"><rect x="5" y="11" width="14" height="9" rx="1.5"/><path d="M8 11V8a4 4 0 0 1 8 0v3"/></svg>
Datele criptate, sterse la 3 luni
</li>
<li>
<svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" aria-hidden="true"><path d="M20 6L9 17l-5-5"/></svg>
Parte din familia ROA — Romfast Applications
</li>
</ul>
</aside>
{# === Coloana dreapta: formular (NESCHIMBAT — CSRF, POST /login, link signup) === #}
<div class="login-form-col"> <div class="login-form-col">
<h3 style="font-size:var(--fs-xl); margin:0 0 4px;">Autentificare</h3> <h3 style="font-size:var(--fs-xl); margin:0 0 4px;">Autentificare</h3>
<p style="font-size:var(--fs-sm); color:var(--muted); margin:0 0 22px;"> <p style="font-size:var(--fs-sm); color:var(--muted); margin:0 0 22px;">
@@ -66,33 +42,18 @@
<style> <style>
/* US-010 PRD 5.16: layout /login profesional 2 coloane. */ /* US-010 PRD 5.16: layout /login profesional 2 coloane. */
.login-shell { .login-shell {
display:grid; grid-template-columns:1.1fr 0.9fr; display:grid; grid-template-columns:1fr;
border:1px solid var(--line); border-radius:16px; overflow:hidden; border:1px solid var(--line); border-radius:16px; overflow:hidden;
background:var(--card); min-height:480px; background:var(--card); max-width:460px; margin:0 auto;
} }
.login-aside {
padding:40px 38px;
background:linear-gradient(160deg, color-mix(in srgb,var(--accent) 12%,var(--card)), var(--card));
border-right:1px solid var(--line);
display:flex; flex-direction:column; justify-content:center;
}
.login-brand-row { display:flex; align-items:center; gap:10px; margin-bottom:24px; }
.login-headline { font-size:var(--fs-2xl); line-height:var(--lh-tight); margin:0 0 12px; letter-spacing:-.02em; }
.login-tagline { font-size:var(--fs-md); color:var(--muted); line-height:1.6; margin:0 0 20px; max-width:340px; }
.login-trust { list-style:none; margin:0; padding:0; display:flex; flex-direction:column; gap:10px; }
.login-trust li { display:flex; align-items:center; gap:9px; font-size:var(--fs-sm); color:var(--ink); }
.login-trust svg { flex-shrink:0; color:var(--ok); }
.login-form-col { padding:40px 38px; display:flex; flex-direction:column; justify-content:center; } .login-form-col { padding:40px 38px; display:flex; flex-direction:column; justify-content:center; }
.btn-primary-full { width:100%; min-height:46px; font-family:var(--font-ui); font-size:var(--fs-md); .btn-primary-full { width:100%; min-height:46px; font-family:var(--font-ui); font-size:var(--fs-md);
font-weight:600; background:var(--accent); color:#fff; border:none; font-weight:600; background:var(--accent); color:#fff; border:none;
border-radius:8px; cursor:pointer; margin-top:4px; } border-radius:8px; cursor:pointer; margin-top:4px; }
.btn-primary-full:hover { filter:brightness(1.08); } .btn-primary-full:hover { filter:brightness(1.08); }
.login-foot { text-align:center; font-size:var(--fs-sm); color:var(--muted); margin-top:18px; } .login-foot { text-align:center; font-size:var(--fs-sm); color:var(--muted); margin-top:18px; }
/* Mobil: stivuire verticala, formular sus */
@media (max-width:640px) { @media (max-width:640px) {
.login-shell { grid-template-columns:1fr; grid-template-rows:auto auto; } .login-form-col { padding:28px 22px; }
.login-aside { order:2; border-right:none; border-top:1px solid var(--line); padding:28px 22px; }
.login-form-col { order:1; padding:28px 22px; }
} }
</style> </style>
{% endblock %} {% endblock %}

View File

@@ -37,33 +37,53 @@
}); });
</script> </script>
{% else %} {% else %}
<h2 style="margin-top:0;">Inregistrare cont nou</h2> <h2 style="margin-top:0;">Creează cont nou</h2>
{% if error %} {% if error %}
<div class="banner" style="margin-bottom:12px;padding:8px 12px;">{{ error }}</div> <div class="banner" style="margin-bottom:12px;padding:8px 12px;">{{ error }}</div>
{% endif %} {% endif %}
{# Format aliniat la formularul de inregistrare din landing (#inregistrare): aceleasi campuri,
etichete, placeholder-uri si stil. Valorile `plan` = coduri tier (free/standard/pro/premium),
normalizate server-side. #}
<form method="post" action="/signup"> <form method="post" action="/signup">
<input type="hidden" name="csrf_token" value="{{ csrf_token }}"> <input type="hidden" name="csrf_token" value="{{ csrf_token }}">
<p> <label style="display:block;margin-bottom:14px;">
<label>Companie <span style="color:var(--err)">*</span></label><br> <span style="display:block;margin-bottom:6px;font:500 13px var(--font-ui);color:var(--muted);">Companie</span>
<input type="text" name="name" value="{{ name or '' }}" required style="width:100%;"> <input type="text" name="name" value="{{ name or '' }}" required placeholder="SC Service Auto SRL"
</p> style="width:100%;height:44px;padding:0 12px;border:1px solid var(--line);border-radius:6px;background:var(--card2);color:var(--ink);font:400 14px var(--font-ui);outline:none;">
<p> </label>
<label>CUI <span style="color:var(--err)">*</span></label><br> <label style="display:block;margin-bottom:14px;">
<input type="text" name="cui" value="{{ cui or '' }}" required style="width:100%;"> <span style="display:block;margin-bottom:6px;font:500 13px var(--font-ui);color:var(--muted);">CUI</span>
</p> <input type="text" name="cui" value="{{ cui or '' }}" required placeholder="RO12345678"
<p> style="width:100%;height:44px;padding:0 12px;border:1px solid var(--line);border-radius:6px;background:var(--card2);color:var(--ink);font:400 14px var(--font-mono);outline:none;">
<label>Email <span style="color:var(--err)">*</span></label><br> </label>
<input type="email" name="email" value="{{ email or '' }}" required style="width:100%;"> <label style="display:block;margin-bottom:14px;">
</p> <span style="display:block;margin-bottom:6px;font:500 13px var(--font-ui);color:var(--muted);">Email</span>
<p> <input type="email" name="email" value="{{ email or '' }}" required placeholder="nume@service.ro"
<label>Parola <span style="color:var(--err)">*</span> style="width:100%;height:44px;padding:0 12px;border:1px solid var(--line);border-radius:6px;background:var(--card2);color:var(--ink);font:400 14px var(--font-ui);outline:none;">
<span style="color:var(--muted);font-size:12px;">(minim 10 caractere)</span> </label>
</label><br> <label style="display:block;margin-bottom:14px;">
<input type="password" name="parola" required style="width:100%;"> <span style="display:block;margin-bottom:6px;font:500 13px var(--font-ui);color:var(--muted);">Parolă</span>
</p> <input type="password" name="parola" required minlength="10" placeholder="Minim 10 caractere"
<button type="submit" style="width:100%;margin-top:8px;">Creeaza cont</button> style="width:100%;height:44px;padding:0 12px;border:1px solid var(--line);border-radius:6px;background:var(--card2);color:var(--ink);font:400 14px var(--font-ui);outline:none;">
</label>
<label style="display:block;margin-bottom:16px;">
<span style="display:block;margin-bottom:6px;font:500 13px var(--font-ui);color:var(--muted);">Pachet ales</span>
<select name="plan"
style="width:100%;height:44px;padding:0 10px;border:1px solid var(--line);border-radius:6px;background:var(--card2);color:var(--ink);font:400 14px var(--font-ui);outline:none;cursor:pointer;">
<option value="free"{% if not plan or plan == 'free' %} selected{% endif %}>Gratuit — 0 lei/lună</option>
<option value="standard"{% if plan == 'standard' %} selected{% endif %}>Standard — 49 lei/lună</option>
<option value="pro"{% if plan == 'pro' %} selected{% endif %}>Pro — 59 lei/lună</option>
<option value="premium"{% if plan == 'premium' %} selected{% endif %}>Premium — la cerere</option>
</select>
</label>
<label style="display:flex;gap:9px;align-items:flex-start;margin-bottom:18px;font:400 13px/1.5 var(--font-ui);color:var(--muted);cursor:pointer;">
<input type="checkbox" name="consent" value="1" required style="margin-top:2px;accent-color:var(--accent);width:16px;height:16px;flex-shrink:0;">
Sunt de acord cu Termenii și cu prelucrarea datelor conform politicii de confidențialitate (GDPR).
</label>
<button type="submit"
style="width:100%;height:48px;border-radius:6px;background:#1F9D5C;border:1px solid #1F9D5C;color:#fff;font:700 15px var(--font-ui);cursor:pointer;">Creează cont gratuit</button>
</form> </form>
<p style="text-align:center;font-size:13px;margin-top:16px;"> <p style="text-align:center;font-size:13px;margin-top:16px;">
Ai deja cont? <a href="/login">Autentificare</a> Ai deja cont? <a href="/login">Autentificare</a>

View File

@@ -39,7 +39,7 @@ from ..observ import log_event, set_source
from ..mapping import DEFAULT_ACCOUNT_ID, upsert_nomenclator from ..mapping import DEFAULT_ACCOUNT_ID, upsert_nomenclator
from ..payload import build_rar_payload from ..payload import build_rar_payload
from ..reconcile import match_finalizata from ..reconcile import match_finalizata
from ..rar_client import RarAuthError, RarClient, RarError from ..rar_client import RarAuthError, RarClient, RarError, base_url_pentru_env
_running = True _running = True
@@ -167,7 +167,7 @@ def claim_one(conn) -> dict | None:
conn.execute("BEGIN IMMEDIATE") conn.execute("BEGIN IMMEDIATE")
try: try:
row = conn.execute( row = conn.execute(
"SELECT s.id, s.account_id, s.payload_json, s.rar_creds_enc " "SELECT s.id, s.account_id, s.payload_json, s.rar_creds_enc, s.rar_env "
"FROM submissions s LEFT JOIN accounts a ON a.id = s.account_id " "FROM submissions s LEFT JOIN accounts a ON a.id = s.account_id "
"WHERE s.status='queued' " "WHERE s.status='queued' "
"AND (s.next_attempt_at IS NULL OR s.next_attempt_at <= ?) " "AND (s.next_attempt_at IS NULL OR s.next_attempt_at <= ?) "
@@ -189,6 +189,7 @@ def claim_one(conn) -> dict | None:
return { return {
"id": row["id"], "id": row["id"],
"account_id": row["account_id"] if row["account_id"] is not None else DEFAULT_ACCOUNT_ID, "account_id": row["account_id"] if row["account_id"] is not None else DEFAULT_ACCOUNT_ID,
"rar_env": row["rar_env"],
"creds_enc": row["rar_creds_enc"], "creds_enc": row["rar_creds_enc"],
"content": json.loads(row["payload_json"]), "content": json.loads(row["payload_json"]),
} }
@@ -281,11 +282,13 @@ def _handle_transient(conn, settings: Settings, rar: RarClient, token: str, sid:
return "requeued" return "requeued"
def recover_orphans(conn, settings: Settings, rar: RarClient, token: str, account_id: int | None = None) -> int: def recover_orphans(conn, settings: Settings, rar: RarClient, token: str,
account_id: int | None = None, rar_env: str | None = None) -> int:
"""Randuri 'sending' mai vechi de lease (worker mort mid-POST). Reconciliaza; altfel requeue. """Randuri 'sending' mai vechi de lease (worker mort mid-POST). Reconciliaza; altfel requeue.
`account_id` filtreaza la orfanii unui cont (login-ul e per-cont); None = toti `account_id` filtreaza la orfanii unui cont (login-ul e per-cont); None = toti.
(compat teste / single-account). `rar_env` filtreaza la orfanii unui mediu (1b/E6): orfanii prod contra endpoint prod,
NU contra test — altfel no-match -> re-POST prod = DUPLICAT real ireversibil.
""" """
# Cutoff calculat SQLite-side, in ACELASI format ca sending_since (scris cu # Cutoff calculat SQLite-side, in ACELASI format ca sending_since (scris cu
# datetime('now') in claim_one -> 'YYYY-MM-DD HH:MM:SS', cu spatiu). Daca am # datetime('now') in claim_one -> 'YYYY-MM-DD HH:MM:SS', cu spatiu). Daca am
@@ -293,18 +296,18 @@ def recover_orphans(conn, settings: Settings, rar: RarClient, token: str, accoun
# orice rand 'sending' sa para mereu <= cutoff -> lease-ul de 120s ignorat, # orice rand 'sending' sa para mereu <= cutoff -> lease-ul de 120s ignorat,
# iar fiecare rand proaspat revendicat ar fi tratat instant ca orfan. # iar fiecare rand proaspat revendicat ar fi tratat instant ca orfan.
lease = f"-{int(settings.worker_sending_lease_s)} seconds" lease = f"-{int(settings.worker_sending_lease_s)} seconds"
base_sql = (
"SELECT id, payload_json FROM submissions WHERE status='sending' "
"AND (sending_since IS NULL OR sending_since <= datetime('now', ?))"
)
params: list = [lease]
if account_id is not None: if account_id is not None:
orphans = conn.execute( base_sql += " AND account_id=?"
"SELECT id, payload_json FROM submissions WHERE status='sending' " params.append(account_id)
"AND (sending_since IS NULL OR sending_since <= datetime('now', ?)) AND account_id=?", if rar_env is not None:
(lease, account_id), base_sql += " AND rar_env=?"
).fetchall() params.append(rar_env)
else: orphans = conn.execute(base_sql, params).fetchall()
orphans = conn.execute(
"SELECT id, payload_json FROM submissions WHERE status='sending' "
"AND (sending_since IS NULL OR sending_since <= datetime('now', ?))",
(lease,),
).fetchall()
recovered = 0 recovered = 0
for row in orphans: for row in orphans:
sid = row["id"] sid = row["id"]
@@ -337,25 +340,26 @@ def _refresh_nomenclator(conn, rar: RarClient, token: str) -> None:
class AccountSessions: class AccountSessions:
"""Sesiuni RAR per cont: login lazy cu creds din submission + cache JWT (30h). """Sesiuni RAR per (cont, env): login lazy cu creds din submission + cache JWT (30h).
La primul login reusit pentru un cont sterge creds-urile criptate ale contului Cheia = (account_id, rar_env): test si prod sunt sisteme RAR separate cu JWT separate.
(token-ul in memorie acopera restul). Pe 401 mid-sesiune se invalideaza sesiunea La primul login reusit pentru (cont, env) sterge creds-urile efemere scoped pe acel env.
-> re-login la urmatorul submission cu creds. Pe 401 mid-sesiune se invalideaza sesiunea -> re-login la urmatorul submission cu creds.
""" """
def __init__(self, settings: Settings): def __init__(self, settings: Settings):
self.settings = settings self.settings = settings
self._sessions: dict[int, tuple[RarClient, str]] = {} self._sessions: dict[tuple[int, str], tuple[RarClient, str]] = {}
def get_token(self, conn, account_id: int, creds: dict | None) -> str | None: def get_token(self, conn, account_id: int, creds: dict | None, rar_env: str = "test") -> str | None:
"""Token valid pentru cont. Login daca lipseste din cache si avem creds; altfel None.""" """Token valid pentru (cont, env). Login daca lipseste din cache si avem creds; altfel None."""
sess = self._sessions.get(account_id) key = (account_id, rar_env)
sess = self._sessions.get(key)
if sess is not None: if sess is not None:
return sess[1] return sess[1]
if not creds or not creds.get("email") or not creds.get("password"): if not creds or not creds.get("email") or not creds.get("password"):
return None return None
rar = RarClient(self.settings) rar = RarClient(self.settings, base_url=base_url_pentru_env(self.settings, rar_env))
try: try:
token = rar.login(creds["email"], creds["password"]) token = rar.login(creds["email"], creds["password"])
except RarAuthError as exc: except RarAuthError as exc:
@@ -363,40 +367,52 @@ class AccountSessions:
# Login esuat (401) — FARA email/parola (doar codul HTTP + contul). # Login esuat (401) — FARA email/parola (doar codul HTTP + contul).
log_event("rar_login", nivel="WARNING", account_id=account_id, log_event("rar_login", nivel="WARNING", account_id=account_id,
cod="RAR_CREDS_INVALIDE", cod="RAR_CREDS_INVALIDE",
mesaj=f"login RAR esuat (cont {account_id}): {exc.status_code or 401}", mesaj=f"login RAR esuat (cont {account_id}, env={rar_env}): {exc.status_code or 401}",
context={"rezultat": "esuat", "http": exc.status_code or 401}, context={"rezultat": "esuat", "http": exc.status_code or 401},
conn=conn, sursa="worker") conn=conn, sursa="worker")
raise raise
except Exception: except Exception:
rar.close() rar.close()
raise raise
self._sessions[account_id] = (rar, token) self._sessions[key] = (rar, token)
write_heartbeat(conn, rar_login_ok=True, detail=f"login RAR ok (cont {account_id})") write_heartbeat(conn, rar_login_ok=True, detail=f"login RAR ok (cont {account_id}, env={rar_env})")
# Login reusit (fara email/parola in clar — context curat). # Login reusit (fara email/parola in clar — context curat).
log_event("rar_login", account_id=account_id, mesaj=f"login RAR ok (cont {account_id})", log_event("rar_login", account_id=account_id,
mesaj=f"login RAR ok (cont {account_id}, env={rar_env})",
context={"rezultat": "ok", "http": 200}, conn=conn, sursa="worker") context={"rezultat": "ok", "http": 200}, conn=conn, sursa="worker")
# Creds efemere pe submissions nu mai sunt necesare: JWT acopera retry-urile -> sterge. # Creds efemere pe submissions nu mai sunt necesare: JWT acopera retry-urile -> sterge.
# GATE PURJARE: sterge DOAR submissions.rar_creds_enc, NU accounts.rar_creds_enc. # GATE PURJARE: sterge DOAR submissions.rar_creds_enc (WHERE account_id=? AND rar_env=?),
# Canal web: fallback exista in accounts -> purjarea e inofensiva (re-login dupa restart). # NU accounts.rar_creds_{env}_enc. Scoped pe env: login test NU sterge creds prod (E1/1a).
# Canal API pur: purjarea e identica cu Treapta 1 (neatinsa).
conn.execute( conn.execute(
"UPDATE submissions SET rar_creds_enc=NULL WHERE account_id=? AND rar_creds_enc IS NOT NULL", "UPDATE submissions SET rar_creds_enc=NULL "
(account_id,), "WHERE account_id=? AND rar_env=? AND rar_creds_enc IS NOT NULL",
(account_id, rar_env),
) )
# Nomenclator live (autoritativ) la fiecare login proaspat. # Nomenclator live (autoritativ) la fiecare login proaspat.
# Nota (1e): nomenclatorul e presupus identic intre medii (aceleasi 18 coduri RAR);
# daca diverge in viitor, scoparea per-env a tabelei nomenclator_rar e out of scope acum.
_refresh_nomenclator(conn, rar, token) _refresh_nomenclator(conn, rar, token)
return token return token
def rar(self, account_id: int) -> RarClient: def rar(self, account_id: int, rar_env: str = "test") -> RarClient:
return self._sessions[account_id][0] return self._sessions[(account_id, rar_env)][0]
def active(self) -> list[tuple[int, RarClient, str]]: def active(self) -> list[tuple[int, str, RarClient, str]]:
return [(acct, rar, tok) for acct, (rar, tok) in self._sessions.items()] """Sesiunile active: lista de (account_id, rar_env, RarClient, token)."""
return [(acct, env, rar, tok) for (acct, env), (rar, tok) in self._sessions.items()]
def invalidate(self, account_id: int) -> None: def invalidate(self, account_id: int, rar_env: str | None = None) -> None:
sess = self._sessions.pop(account_id, None) """Invalideaza sesiunea (cont, env). rar_env=None invalideaza TOATE sesiunile contului."""
if sess is not None: if rar_env is not None:
sess[0].close() sess = self._sessions.pop((account_id, rar_env), None)
if sess is not None:
sess[0].close()
else:
# Invalideaza toate mediile pentru acest cont.
keys_to_remove = [k for k in self._sessions if k[0] == account_id]
for k in keys_to_remove:
sess = self._sessions.pop(k)
sess[0].close()
def close_all(self) -> None: def close_all(self) -> None:
for rar, _tok in self._sessions.values(): for rar, _tok in self._sessions.values():
@@ -414,33 +430,39 @@ def _creds_for(claimed: dict, settings: Settings) -> dict | None:
return None return None
def _creds_from_account(conn, account_id: int) -> dict | None: def _creds_from_account(conn, account_id: int, rar_env: str = "test") -> dict | None:
"""Fallback: crede RAR durabile per-cont din accounts.rar_creds_enc. """Creds RAR durabile per-cont din slotul per-env, cu fallback la coloana legacy.
Canal web nu are re-pusher. Cand submission n-are creds (sterse dupa primul login Canal web: creds in accounts.rar_creds_{rar_env}_enc (per-env). Fallback la
sau upload web fara creds), worker-ul re-citeste din cont si poate re-login oricand. accounts.rar_creds_enc (legacy, back-compat inainte de US-013 care dropa coloana veche).
""" """
env_slot = f"rar_creds_{rar_env}_enc"
row = conn.execute( row = conn.execute(
"SELECT rar_creds_enc FROM accounts WHERE id=?", (account_id,) f"SELECT {env_slot}, rar_creds_enc FROM accounts WHERE id=?", (account_id,)
).fetchone() ).fetchone()
if row and row["rar_creds_enc"]: if not row:
return decrypt_creds(row["rar_creds_enc"]) return None
return None enc = row[env_slot] or row["rar_creds_enc"] # per-env intai, legacy fallback
return decrypt_creds(enc) if enc else None
def _keepalive_target(conn, settings: Settings) -> tuple[int | None, dict | None]: def _keepalive_target(conn, settings: Settings) -> tuple[int | None, dict | None]:
"""Un cont cu creds durabile pentru login-ul de proba (sau creds <test> in dev). """Un cont cu creds durabile pentru login-ul de proba (sau creds <test> in dev).
Ancora M2: cauta in slotul per-env al mediului `settings.rar_env` (ancora globala).
Fallback la coloana legacy `rar_creds_enc` (back-compat inainte de US-013).
Sare conturile ale caror creds NU se decripteaza sub cheia curenta — in dev Sare conturile ale caror creds NU se decripteaza sub cheia curenta — in dev
`start.sh both` genereaza o cheie efemera noua la fiecare pornire, deci creds-urile `start.sh both` genereaza o cheie efemera noua la fiecare pornire.
durabile criptate sub cheia veche dau decrypt -> None. Fallback la creds <test>.
""" """
env_slot = f"rar_creds_{settings.rar_env}_enc"
rows = conn.execute( rows = conn.execute(
"SELECT id, rar_creds_enc FROM accounts " f"SELECT id, {env_slot}, rar_creds_enc FROM accounts ORDER BY id"
"WHERE rar_creds_enc IS NOT NULL ORDER BY id"
).fetchall() ).fetchall()
for row in rows: for row in rows:
creds = decrypt_creds(row["rar_creds_enc"]) enc = row[env_slot] or row["rar_creds_enc"] # per-env intai, legacy fallback
if not enc:
continue
creds = decrypt_creds(enc)
if creds and creds.get("email") and creds.get("password"): if creds and creds.get("email") and creds.get("password"):
return row["id"], creds return row["id"], creds
if settings.worker_use_test_creds: if settings.worker_use_test_creds:
@@ -478,9 +500,9 @@ def _maybe_keepalive(conn, settings: Settings, sessions: "AccountSessions", stat
account_id, creds = _keepalive_target(conn, settings) account_id, creds = _keepalive_target(conn, settings)
if account_id is None or not creds: if account_id is None or not creds:
return # niciun cont cu creds durabile — nimic de sondat return # niciun cont cu creds durabile — nimic de sondat
sessions.invalidate(account_id) # forteaza login real, nu token din cache sessions.invalidate(account_id, settings.rar_env) # forteaza login real pt env-ul global
try: try:
sessions.get_token(conn, account_id, creds) # reimprospateaza last_rar_login_ok la succes sessions.get_token(conn, account_id, creds, settings.rar_env) # reimprospateaza last_rar_login_ok la succes
except RarAuthError: except RarAuthError:
pass # creds invalide — deja logat in get_token (WARNING) pass # creds invalide — deja logat in get_token (WARNING)
except Exception as exc: except Exception as exc:
@@ -527,8 +549,8 @@ def run() -> int:
claimed = claim_one(conn) claimed = claim_one(conn)
if claimed is None: if claimed is None:
# Nimic de trimis: recupereaza orfanii conturilor deja logate. # Nimic de trimis: recupereaza orfanii conturilor deja logate.
for acct, rar, tok in sessions.active(): for acct, env, rar, tok in sessions.active():
recover_orphans(conn, settings, rar, tok, account_id=acct) recover_orphans(conn, settings, rar, tok, account_id=acct, rar_env=env)
# Login de proba periodic ca dashboard-ul sa nu afiseze fals # Login de proba periodic ca dashboard-ul sa nu afiseze fals
# "RAR inaccesibil" din lipsa de trafic (vezi _maybe_keepalive). # "RAR inaccesibil" din lipsa de trafic (vezi _maybe_keepalive).
_maybe_keepalive(conn, settings, sessions, _keepalive_state) _maybe_keepalive(conn, settings, sessions, _keepalive_state)
@@ -537,18 +559,20 @@ def run() -> int:
sid = claimed["id"] sid = claimed["id"]
account_id = claimed["account_id"] account_id = claimed["account_id"]
# Mediul tinta al trimiterii (per-submission, cu fallback la ancora globala).
rar_env = claimed.get("rar_env") or settings.rar_env
# Randul poarta creds proaspete (rar_creds_enc != NULL) — fie prima trimitere # Randul poarta creds proaspete (rar_creds_enc != NULL) — fie prima trimitere
# a contului, fie o REACTIVARE dupa creds gresite. Invalidam sesiunea RAR # a contului, fie o REACTIVARE dupa creds gresite. Invalidam sesiunea RAR
# cache-uita ca un JWT vechi (30h) din parola GRESITA sa nu trimita cu ea, # cache-uita (per env) ca un JWT vechi (30h) din parola GRESITA sa nu trimita
# ignorand corectia. Re-login imediat cu creds-urile noi. # cu ea, ignorand corectia. Re-login imediat cu creds-urile noi.
if claimed.get("creds_enc"): if claimed.get("creds_enc"):
sessions.invalidate(account_id) sessions.invalidate(account_id, rar_env)
# Incearca creds din submission (canal API efemer), cu fallback la # Incearca creds din submission (canal API efemer), cu fallback la
# accounts.rar_creds_enc (canal web durabil). Canal web n-are re-pusher. # accounts.rar_creds_{rar_env}_enc (canal web durabil, per-env).
creds = _creds_for(claimed, settings) or _creds_from_account(conn, account_id) creds = _creds_for(claimed, settings) or _creds_from_account(conn, account_id, rar_env)
try: try:
token = sessions.get_token(conn, account_id, creds) token = sessions.get_token(conn, account_id, creds, rar_env)
except RarAuthError as exc: except RarAuthError as exc:
# Creds gresite (login 401): NU se face retry. # Creds gresite (login 401): NU se face retry.
mark(conn, sid, "error", rar_status_code=401, mark(conn, sid, "error", rar_status_code=401,
@@ -565,9 +589,9 @@ def run() -> int:
requeue_with_backoff(conn, settings, sid, reason="creds RAR indisponibile (astept re-trimitere)") requeue_with_backoff(conn, settings, sid, reason="creds RAR indisponibile (astept re-trimitere)")
continue continue
rar = sessions.rar(account_id) rar = sessions.rar(account_id, rar_env)
# Recupereaza orfanii contului inainte de trimitere (acelasi token). # Recupereaza orfanii contului + env-ului inainte de trimitere (acelasi token).
recover_orphans(conn, settings, rar, token, account_id=account_id) recover_orphans(conn, settings, rar, token, account_id=account_id, rar_env=rar_env)
# Guard: recover_orphans putea atinge chiar randul tocmai revendicat # Guard: recover_orphans putea atinge chiar randul tocmai revendicat
# (reconciliat 'sent' sau requeue 'queued'). Daca nu mai e 'sending', # (reconciliat 'sent' sau requeue 'queued'). Daca nu mai e 'sending',
# NU mai face POST — altfel s-ar crea un duplicat la RAR. # NU mai face POST — altfel s-ar crea un duplicat la RAR.
@@ -579,9 +603,9 @@ def run() -> int:
try: try:
process_one(conn, settings, rar, token, claimed) process_one(conn, settings, rar, token, claimed)
except RarAuthError as exc: except RarAuthError as exc:
# Token expirat mid-sesiune: invalideaza sesiunea, re-pune randul. # Token expirat mid-sesiune: invalideaza sesiunea (per env), re-pune randul.
print(f"[worker] cont {account_id} token expirat: {exc}; re-login data viitoare", flush=True) print(f"[worker] cont {account_id} env={rar_env} token expirat: {exc}; re-login data viitoare", flush=True)
sessions.invalidate(account_id) sessions.invalidate(account_id, rar_env)
requeue_with_backoff(conn, settings, sid, reason="token RAR expirat") requeue_with_backoff(conn, settings, sid, reason="token RAR expirat")
except Exception as exc: # noqa: BLE001 — loop top-level: o eroare punctuala nu opreste worker-ul except Exception as exc: # noqa: BLE001 — loop top-level: o eroare punctuala nu opreste worker-ul

View File

@@ -13,7 +13,8 @@ services:
- autopass-data:/data - autopass-data:/data
environment: environment:
AUTOPASS_DB_PATH: /data/autopass.db AUTOPASS_DB_PATH: /data/autopass.db
AUTOPASS_RAR_ENV: prod # Override din environment (Dokploy) pentru staging; default = prod.
AUTOPASS_RAR_ENV: ${AUTOPASS_RAR_ENV:-prod}
# Fus orar RO pentru bucketarea contoarelor azi/luna (SQLite 'localtime', E7). # Fus orar RO pentru bucketarea contoarelor azi/luna (SQLite 'localtime', E7).
TZ: ${TZ:-Europe/Bucharest} TZ: ${TZ:-Europe/Bucharest}
AUTOPASS_CREDS_KEY: ${AUTOPASS_CREDS_KEY:?seteaza AUTOPASS_CREDS_KEY in .env (vezi .env.example)} AUTOPASS_CREDS_KEY: ${AUTOPASS_CREDS_KEY:?seteaza AUTOPASS_CREDS_KEY in .env (vezi .env.example)}
@@ -35,10 +36,11 @@ services:
- autopass-data:/data - autopass-data:/data
environment: environment:
AUTOPASS_DB_PATH: /data/autopass.db AUTOPASS_DB_PATH: /data/autopass.db
AUTOPASS_RAR_ENV: test AUTOPASS_RAR_ENV: ${AUTOPASS_RAR_ENV:-test}
AUTOPASS_CREDS_KEY: ${AUTOPASS_CREDS_KEY:?seteaza AUTOPASS_CREDS_KEY in .env (vezi .env.example)} AUTOPASS_CREDS_KEY: ${AUTOPASS_CREDS_KEY:?seteaza AUTOPASS_CREDS_KEY in .env (vezi .env.example)}
# Send dezactivat by default; activeaza pentru proba end-to-end. # Send activ by default (prod); pe staging seteaza AUTOPASS_WORKER_SEND_ENABLED=false
AUTOPASS_WORKER_SEND_ENABLED: "true" # in Dokploy ca worker-ul sa NU trimita declaratii reale la RAR (Legea 142/2023).
AUTOPASS_WORKER_SEND_ENABLED: ${AUTOPASS_WORKER_SEND_ENABLED:-true}
restart: always restart: always
depends_on: depends_on:
- api - api

File diff suppressed because one or more lines are too long

View File

@@ -0,0 +1,495 @@
<!-- /autoplan restore point: /home/claude/.gstack/projects/romfast-rar-autopass/main-autoplan-restore-20260629-150326.md -->
# PRD 5.19 — Bifa "Auto": transmitere automata sau manuala din coada
> Status: DRAFT (asteapta aprobare). Sursa de contract: `docs/api-rar-contract.md`.
> Limba: romana, fara emoji. Stil: aditiv, nedistructiv pe backend-ul de trimitere.
## 1. Introducere
Astazi transmiterea catre RAR e controlata de un singur comutator **global**
(`AUTOPASS_WORKER_SEND_ENABLED`, env): cand e pornit, worker-ul ia ORICE rand `queued`
al unui cont `active` si il trimite imediat. Nu exista un control **per-cont** care sa
permita unui service sa-si tina prezentarile in coada pentru verificare umana inainte
de a pleca la RAR.
Cazul concret care motiveaza feature-ul: utilizatorul testeaza canalul API din ROAAUTO
(Visual FoxPro) direct in **productie** (`autopass.romfast.ro`), pe contul lui de test.
Vrea ca prezentarile sa **apara in coada si sa astepte**, nu sa plece automat la RAR,
pana cand le verifica si apasa explicit "Trimite". Reper vizual: bifa **"Auto"** din
dashboard-ul gomag-vending (`image.png`).
## 2. Obiective
### Obiectiv principal
- Un comutator **"Auto" per-cont**, persistat pe contul service-ului: cand e bifat,
prezentarile pleaca automat la RAR (comportament actual); cand e debifat, randurile
**asteapta vizibil in coada** pana cand un operator le trimite manual.
### Obiective secundare
- Trimitere manuala **per rand** ("Trimite") si in **bloc** ("Trimite toate (N)",
analogul "Start Sync" din gomag).
- La activarea Auto (OFF -> ON), randurile deja tinute sunt **eliberate automat**
spre transmitere.
- Vizibilitate: randurile tinute apar in coada cu o stare umana clara
("In asteptare (manual)"), separate de cele in curs de trimitere.
### Metrici de succes
- Cu Auto OFF, un `POST /v1/prezentari` valid creeaza un rand care **NU** e trimis de
worker (ramane vizibil in coada) pana la actiune umana.
- Cu Auto ON, acelasi rand pleaca la RAR fara interventie (zero regresie fata de azi).
- Bifa supravietuieste restartului (persistata in `accounts`), per-cont (un cont OFF nu
afecteaza alt cont).
## 3. Design (decizii luate cu utilizatorul)
| # | Decizie | Alegere |
|---|---------|---------|
| D1 | Default bifa "Auto" pe conturi (inclusiv noi) | **OFF** (manual) — sigur, nimic nu pleaca fara confirmare |
| D2 | La OFF -> ON, randurile deja tinute | **Eliberate automat** spre transmitere |
| D3 | Plasare in UI | **Bara de status** (langa contoare, ca in mockup gomag) |
| D4 | Trimitere manuala | **Per rand + buton "Trimite toate (N)"** |
| D5 | Persistenta | Bifa salvata **pe contul service-ului** (`accounts`) |
### Mecanica aleasa: flag `held` pe submission (NU stare noua)
Randurile tinute raman in starea `queued` (sunt logic in coada, doar puse pe pauza),
marcate cu o coloana booleana noua `submissions.held`. Motiv: evitam atingerea
CHECK-ului de stari si a masinii de stari (`queued/sending/sent/needs_mapping/
needs_data/error`), a pill-urilor, filtrelor si contoarelor — schimbare strict
**aditiva**. Eticheta umana "In asteptare (manual)" se deriva din `status='queued'
AND held=1` in stratul de afisaj (`labels.py`).
- **Comutatorul de cont** (`accounts.auto_send_enabled`) guverneaza DOAR:
(a) valoarea implicita a lui `held` la ingestie; (b) eliberarea in bloc la OFF -> ON.
- **Worker-ul** (`claim_one`) ia doar `status='queued' AND held=0`. Nu mai stie de
comutatorul de cont — ramane simplu si robust.
- **Trimiterea manuala** (per rand sau bulk) = `held: 1 -> 0`; worker-ul preia randul la
urmatorul poll. Functioneaza chiar daca contul e pe Auto OFF (override uman per rand).
Comutatorul global `AUTOPASS_WORKER_SEND_ENABLED` ramane **kill-switch master** (productia
il porneste). Feature-ul nou se aseaza DEASUPRA lui: held tine randul indiferent de env.
## 4. User Stories
### US-001: Schema — comutator cont + flag held
**Ca** dezvoltator
**Vreau** coloanele de persistenta pentru bifa Auto si pentru randurile tinute
**Pentru ca** starea sa supravietuiasca restartului si sa fie per-cont.
**Acceptance Criteria:**
- [ ] `accounts.auto_send_enabled INTEGER NOT NULL DEFAULT 0 CHECK (auto_send_enabled IN (0,1))`
adaugat in `app/schema.sql` + migrare defensiva in `app/db.py::_migrate` (ALTER
idempotent, ca la `email`/`tier`).
- [ ] `submissions.held INTEGER NOT NULL DEFAULT 0 CHECK (held IN (0,1))` adaugat +
migrare defensiva. Index partial `idx_submissions_held ON submissions(held) WHERE held=1`.
- [ ] **Index in `_migrate`, nu doar `schema.sql` (Eng MEDIUM):** `CREATE TABLE IF NOT EXISTS`
nu se declanseaza pe DB existent -> indexul partial trebuie creat si in `_migrate`
(ca `idx_submissions_batch` la `db.py:155`), altfel un DB prod upgradat capata coloana
(ALTER) dar NU si indexul.
- [ ] Contul implicit id=1 (dev) ramane pe default (0) — fara tratament special.
- [ ] Helperi in `app/accounts.py`: `get_auto_send(conn, account_id) -> bool` si
`set_auto_send(conn, account_id, enabled: bool)` (idempotent, scoped pe cont).
- [ ] `python3 -m pytest -q` ramane verde (migrare aditiva, fara regresie pe schema).
### US-002: Ingestie respecta comutatorul de cont
**Ca** operator de service cu Auto OFF
**Vreau** ca prezentarile noi sa intre in coada tinute (held=1)
**Pentru ca** sa le verific inainte sa plece la RAR.
**Acceptance Criteria:**
- [ ] La INSERT-ul `status='queued'` pe canalul API (`app/api/v1/router.py`, ~l.282),
`held` = `0 daca accounts.auto_send_enabled=1 altfel 1` (snapshot la ingestie).
- [ ] Acelasi snapshot la commit-ul de import (`app/api/v1/import_router.py`, ~l.1193).
- [ ] La reresolve (un `needs_mapping` rezolvat trece pe `queued`, `app/mapping.py` ~l.895),
`held` se seteaza tot din comutatorul contului.
- [ ] `held` NU intra in `payload_json`, NU in `build_key`/idempotenta, NU in payload-ul
RAR — e pur control de coada (ca `reviewed` la import).
- [ ] **DRY + acoperire COMPLETA (review CEO + Eng Finding A — HIGH):** calculul `held` e UN
SINGUR helper `held_for_account(conn, account_id) -> int`, chokepoint pt. TOATE situri
`SET status='queued'`, nu doar 3. Codebase-ul are ~8 scriitori de `queued`:
`router.py:282` (enqueue), `import_router.py:1190` (commit), `mapping.py:895` (reresolve),
**`router.py:237` (reactivare error->queued la re-POST — BUG real de bypass: randul pastra
`held` VECHI -> se auto-trimite desi Auto OFF)**, si rutele web de operator
`routes.py` mapeaza-inline / corecteaza / repune / bulk-fix.
- [ ] **Politica rute operator:** pentru tranzitiile declansate de operator in panoul de
detaliu (corecteaza/repune/mapeaza/bulk-fix), `held=0` (actiunea operatorului = intentie
explicita de trimitere) — DAR e o DECIZIE documentata, nu o omisiune, si respecta UX-ul de
confirmare cand contul e OFF. Canalele de ingestie (API/import/reresolve/reactivare) =
`held_for_account`.
- [ ] `requeue_with_backoff` (worker `:154`) NU atinge `held` (tranzitie interna worker).
- [ ] **Echo pe dedup (Eng MEDIUM):** ramura de dedup (`router.py:264`, re-POST pe rand
existent) intoarce si ea `held` (azi ar da un "queued" curat fals — vezi US-009).
- [ ] Test: cont Auto OFF -> `POST /v1/prezentari` valid -> rand `queued, held=1`;
cont Auto ON -> `queued, held=0`.
- [ ] Test reresolve: cont Auto OFF, submission `needs_mapping` -> mapare salvata ->
rand devine `queued, held=1` (nu pleaca automat).
### US-003: Worker nu trimite randurile tinute
**Ca** sistem
**Vreau** ca worker-ul sa sara peste randurile held=1
**Pentru ca** transmiterea sa astepte decizia umana.
**Acceptance Criteria:**
- [ ] `claim_one` (`app/worker/__main__.py`) adauga `AND s.held = 0` la `WHERE`-ul de claim.
- [ ] Test: rand `queued, held=1` cu cont `active` si send pornit -> `claim_one` intoarce
`None` (nu il ia); acelasi rand cu `held=0` -> e luat (`sending`).
- [ ] Recuperarea orfanilor / reconcilierea NU sunt afectate (held se aplica doar la claim
din `queued`; un rand deja `sending` ramane gestionat normal).
### US-004: Bifa "Auto" in bara de status (toggle + persistenta + auto-release)
**Ca** operator
**Vreau** o bifa "Auto" in bara de status, salvata pe cont
**Pentru ca** sa pornesc/opresc transmiterea automata dintr-un click.
**Acceptance Criteria:**
- [ ] Control checkbox HTMX cu eticheta vizibila **"Trimite automat la RAR"** (decizie user;
NU "Auto" — eviti coliziunea cu "Trimitere automata" worker din `labels.py`) + helptext
("Debifat: prezentarile asteapta confirmarea ta"), in clusterul de header langa
`.rar-chip` SAU pe rand propriu in bara de status (vezi D1). Reflecta
`accounts.auto_send_enabled` al contului din sesiune.
- [ ] `POST /auto-send` (ruta web, sub `require_login` + scope cont + CSRF) comuta bifa
si o **persista** pe cont; raspuns OOB care re-randeaza bara de status.
- [ ] La trecerea OFF -> ON: toate randurile `queued AND held=1` ale contului devin
`held=0` (eliberare in bloc), scoped strict pe contul curent. Eliberarea e o
SINGURA instructiune SQL atomica (`UPDATE ... WHERE account_id=? AND status='queued'
AND held=1`), NU un loop (review CEO: atomicitate + evita contention cu worker-ul).
- [ ] **Garda de confirmare (review CEO F4):** daca exista N>0 randuri tinute la
activarea Auto, comutatorul cere o confirmare explicita cu numarul si destinatia
("Activarea Auto trimite imediat N prezentari catre RAR PRODUCTIE — FINALIZATA e
ireversibila"). Fara confirmare, randurile tinute NU pleaca. Motiv: pe contul de
test, un OFF->ON necugetat ar arunca toate prezentarile de proba in RAR real.
- [ ] La trecerea ON -> OFF: randurile deja `queued held=0` NU sunt retrase (doar
ingestiile NOI vor fi tinute); randurile in `sending`/`sent` neatinse.
- [ ] Verify in browser: comuti bifa, se salveaza, ramane dupa refresh; cu OFF un rand nou
apare tinut; comutand pe ON randurile tinute pleaca.
### US-005: Trimitere manuala — per rand + "Trimite toate (N)"
**Ca** operator cu Auto OFF
**Vreau** sa trimit un rand tinut sau toate odata
**Pentru ca** sa eliberez selectiv sau in bloc spre RAR.
**Acceptance Criteria:**
- [ ] Buton "Trimite" pe fiecare rand `queued held=1` in lista de trimiteri/coada
(`_submissions.html` / `_coada.html`), scoped + CSRF.
- [ ] `POST /trimitere/{id}/trimite-acum`: 404-before-leak pe id strain; seteaza `held=0`
DOAR daca randul e `queued held=1` (no-op sigur altfel); OOB refresh.
- [ ] Buton bulk "Trimite toate (N)" (N = nr. randuri tinute ale contului) ->
`POST /trimite-toate`: elibereaza toate `queued AND held=1` ale contului (held=0),
cu confirmare tipata (count + "catre RAR PRODUCTIE", review CEO F5). Update atomic
scoped pe cont (NU poate elibera randuri ale altui cont).
- [ ] `POST /trimitere/{id}/trimite-acum` UPDATE include `AND status='queued'` ca un rand
deja `sending` (luat de worker intre afisaj si click) sa fie no-op sigur (edge race).
- [ ] Eliberarea seteaza doar `held=0`; worker-ul preia randul la urmatorul poll
(trimitere asincrona, ca azi). Necesita worker pornit + send master ON + cont activ.
- [ ] Butonul "Trimite toate (0)" e ascuns cand nu exista randuri tinute.
- [ ] Test: rand tinut -> `trimite-acum` -> `held=0`; apoi `claim_one` il ia.
### US-006: Afisaj stare "In asteptare (manual)"
**Ca** operator
**Vreau** sa disting randurile tinute de cele in curs de trimitere
**Pentru ca** sa stiu ce asteapta decizia mea.
**Acceptance Criteria:**
- [ ] `app/web/labels.py`: pentru `status='queued' AND held=1` -> eticheta umana
"In asteptare (manual)" + clasa CSS de avertizare (ca `needs_*`); `held=0` ramane
"In asteptare" (queued normal).
- [ ] Bara de status arata un contor separat "In asteptare (manual): N" cand N > 0
(derivat din `queued AND held=1`); contorul `queued` total ramane corect.
- [ ] Lista de trimiteri marcheaza randurile tinute (badge/pill), butonul "Trimite" apare
doar pe ele.
- [ ] Verify in browser: un rand tinut afiseaza eticheta corecta si butonul; dupa trimitere
trece la "In curs de trimitere" -> "Trimisa".
### US-007: Vizibilitate coada tinuta imbatranita (mitigare OBLIGATORIE pt. default OFF)
**Ca** operator / admin
**Vreau** un semnal vizibil cand prezentari raman tinute prea mult
**Pentru ca** default OFF (decizie user, pana devine stabil) lasa altfel prezentari
nedeclarate tacit — exact esecul silentios pe care L.142/2023 il face risc legal.
> Conditie: user a ales DELIBERAT default OFF "pana devine stabil" peste avertismentul de
> conformitate (review CEO F1/F3). Aceasta US e atenuarea agreata si e BLOCANTA, nu optionala.
**Acceptance Criteria:**
- [ ] Bara de status: cand exista randuri `queued AND held=1` mai vechi de `N` zile
(config `AUTOPASS_HELD_WARN_DAYS`, default 7), afiseaza un banner de avertizare
("M prezentari tinute de >N zile — declarare obligatorie L.142") cu deep-link la lista
filtrata pe tinute.
- [ ] `/metrics` expune un gauge `autopass_held_submissions` (total randuri tinute) si
`autopass_held_oldest_age_seconds` (varsta celui mai vechi rand tinut), scoped global
(observabilitate ops, review CEO F3).
- [ ] Bannerul + gauge sunt derivate (zero stare noua); contorul varstei foloseste
`created_at` al randului.
- [ ] Test: rand tinut cu `created_at` vechi -> bannerul apare; gauge raporteaza varsta.
### US-008: Retentie randuri tinute (inchide gaura GDPR/L.142, review CEO F6)
**Ca** sistem
**Vreau** ca randurile tinute la nesfarsit sa aiba o politica de expirare
**Pentru ca** un `queued held=1` nu e nici `sent` nici blocat -> azi NU primeste
`purge_after` -> PII criptat (si `rar_creds_enc` efemer pe canalul API) ar sta vesnic.
**Acceptance Criteria:**
- [ ] Worker-ul expira randurile `queued AND held=1` mai vechi de `held_retention_days`
(config, default 90, aliniat T16): le trece la `error` cu mesaj `TINUT_EXPIRAT`
(terminal) + **seteaza `purge_after` DIRECT la momentul expirarii** (NU lasa `mark()` sa
aplice `blocked_retention_days`=30). Eng MEDIUM: altfel viata reala = 90 (held) + 30
(error) = 120 zile, nu 90. Fie purge_after explicit la tranzitie, fie documenteaza 120.
- [ ] La eliberarea manuala/auto a unui rand tinut, daca `rar_creds_enc` (canal API) e prea
vechi, worker-ul cade pe `accounts.rar_creds_enc` (fallback re-login) ca azi — verificat
ca creds efemere expirate nu blocheaza trimiterea.
- [ ] Test: rand tinut vechi -> ciclul de purjare al worker-ului il expira + seteaza
`purge_after`; PII devine purjabil.
### US-009: Fixturi teste + jurnal audit (review CEO F7 + observabilitate)
**Ca** dezvoltator
**Vreau** ca suita existenta sa nu se blocheze pe default OFF si ca actiunile sa fie auditate
**Pentru ca** default OFF + `claim_one ... AND held=0` face ca lantul `POST -> claim -> sent`
din testele existente (+ `test_live_rar`) sa stagneze tacit daca nu setam Auto ON.
**Acceptance Criteria:**
- [ ] `conftest`/factory de cont seteaza `auto_send_enabled=1` (sau `held=0`) pe conturile
folosite de testele care exercita lantul de trimitere; `test_live_rar` seteaza explicit
Auto ON. `pytest -q` ramane verde.
- [ ] **Subtilitate id=1 (Eng HIGH/test):** contul implicit id=1 e creat de `schema.sql`
(`INSERT OR IGNORE`), NU de `create_account` -> un fix care patcheaza doar factory-ul NU
acopera contul folosit de majoritatea testelor (`test_import_e2e`, `test_creds_delivery`,
`test_live_rar` ar stagna). Conftest face explicit `UPDATE accounts SET auto_send_enabled=1
WHERE id=1` (autouse). E un fix de STARE DB, nu env var (coloana e per-rand in `accounts`).
- [ ] Audit `app_events`: comutarea Auto (`auto_send_schimbat` cu valoarea + cont) si
eliberarile manuale/bulk (`held_eliberat` cu count) sunt jurnalizate (redactat, scoped).
- [ ] Echo onest pe canalul API (aliniat invariant 5.7): raspunsul `POST /v1/prezentari`
pentru un rand tinut indica starea reala (`held=true` / nota umana "tinut pentru
verificare"), nu un fals "queued" curat. Dev-ul ROAAUTO vede ca randul NU a plecat.
- [ ] Test: eveniment audit scris la toggle + la eliberare; raspuns API reflecta `held`.
### US-010: Onestitate + observabilitate pe canalul API (review DX Faza 3.5)
**Ca** dezvoltator ROAAUTO/VFP care integreaza prin `POST /v1/prezentari`
**Vreau** sa vad clar ca un rand e tinut si NU a plecat la RAR
**Pentru ca** azi un rand tinut intoarce byte-identic cu unul gata de auto-send
(`status:queued, erori:[]`) -> reintroduce exact bug-ul de succes-fals 5.7.
**Acceptance Criteria:**
- [ ] **Camp `held: bool = False` pe `SubmissionResult`** (`models.py`) + plumbing din
`held_for_account` in `_rezultat_enqueue(..., held=...)` SI pe ramura de dedup
(`router.py:264`). Cand `held and status=='queued'`, `motiv` devine NON-null
(DX CRITICAL): mesaj uman "In asteptare — tinut pt verificare; NU trimis la RAR (Auto OFF)".
- [ ] **`held` in proiectiile GET** (`_PREZENTARE_FIELDS` `router.py:398` + lista `cols`
`router.py:369`): un dev care face `GET /v1/prezentari/{id}` vede `held=true`, nu un
`queued` etern fara semnal (DX HIGH).
- [ ] **Reutilizeaza vocabularul existent `AUTO_SEND_OPRIT`** (`errors.py:92`) pt. mesajul
held — NU inventa al treilea vocabular "auto_send" (DX + R6). Mesaj 3-niveluri
(problema/cauza/fix) pe `rar_error`/`motiv`.
- [ ] **Documentatie hub `/integrare`** (`integrare_examples.py`/`_integrare.html`): tabel
"De ce nu ajunge la RAR?" (held / needs_mapping / needs_data) + nota explicita "conturi
noi pornesc cu Auto OFF, randurile asteapta eliberare manuala" + cum verifici/comuti
(DX HIGH — altfel primul POST da 200/queued, dev-ul crede ca merge, nimic nu ajunge).
- [ ] (Optional, paritate API) endpoint de eliberare API simetric cu `/repune`
(`router.py:458`): `POST /v1/prezentari/{id}/trimite-acum`, scoped pe cont, 404-before,
no-op daca nu `queued AND held=1` — ca integratorul API sa nu fie fortat in browser.
- [ ] Test: held -> `held=true` + `motiv` non-null pe enqueue, dedup si GET (regresie ca
`test_queued_fara_erori_nemapate`).
## 5. Cerinte functionale
1. [REQ-001] Comutatorul "Auto" e per-cont, persistat in `accounts.auto_send_enabled`,
default 0 (OFF) inclusiv pentru conturi noi.
2. [REQ-002] Cu Auto OFF, orice ingestie care ar produce `queued` produce `queued held=1`.
3. [REQ-003] Worker-ul nu trimite niciodata un rand `held=1`.
4. [REQ-004] OFF -> ON elibereaza in bloc randurile tinute ale contului (atomic, scoped),
DAR cu confirmare tipata cand N>0 (count + "RAR PRODUCTIE"); ON -> OFF nu retrage
randuri deja eliberate.
5. [REQ-005] Operatorul poate elibera un rand tinut individual sau toate odata (bulk cu
confirmare).
6. [REQ-006] `held` nu influenteaza payload-ul RAR, idempotenta sau validarea — pur coada.
7. [REQ-007] Toate rutele noi sunt scoped pe contul din sesiune, sub `require_login`,
cu CSRF si 404-before-leak pe id strain. **`account_id` se deriva INTOTDEAUNA din sesiune,
NICIODATA dintr-un camp de formular** (Eng security): altfel un operator pe contul A ar
elibera in bloc randurile contului B postand `account_id=B`. Per-rand prin
`_get_submission_scoped` (404 inainte de UPDATE).
8. [REQ-008] Randurile tinute imbatranite sunt VIZIBILE (banner + `/metrics`) si au
politica de retentie/expirare (nu raman PII vesnic). Comutarea + eliberarile sunt
auditate in `app_events`.
## 6. Non-Goals (ce NU facem)
- **Fara interval/programare de sync** (dropdown "1 min" + buton "Start Sync" din gomag):
worker-ul autopass e continuu, nu pe interval. "Trimite toate" e analogul lui "Start Sync".
- **Fara stare noua de submission** (`held`/`tinut`): folosim flag boolean pe `queued`.
- **Fara comutator per-operatie sau per-canal**: granularitatea e per-cont (decizie D5).
(Nota: coloanele `auto_send` ramase pe `operations_mapping`/`operation_text_rules` sunt
neutralizate din 5.11 si NU se reactiveaza aici.)
- **Fara modificarea kill-switch-ului global** `AUTOPASS_WORKER_SEND_ENABLED`.
- **Fara retragerea randurilor deja in `sending`/`sent`** (FINALIZATA e terminal la RAR).
- **`held` NU e sandbox de testare** (avertisment de onestitate — tema cross-faza CEO F2 + DX4):
eliberarea unui rand tinut declara REAL la RAR (FINALIZATA ireversibila). "Tinut" doar
AMANA o trimitere reala. Ca sa testezi fara consecinte cu functia asta: tii randul si il
STERGI (nu-l eliberezi). **Decizie user (poarta finala): 5.19 = doar tinut operational**;
fara documentare `/valideaza` ca unealta de testare si fara rutare per-cont la RAR test
(`rar_env`). Acestea raman posibile follow-up-uri (TODOS), neangajate in 5.19.
## 7. Consideratii tehnice
### Stack / fisiere atinse
- Schema: `app/schema.sql` + `app/db.py::_migrate` (2 coloane aditive + 1 index).
- Backend cont: `app/accounts.py` (get/set toggle).
- Ingestie: `app/api/v1/router.py`, `app/api/v1/import_router.py`, `app/mapping.py`
(reresolve) — set `held` din comutator.
- Worker: `app/worker/__main__.py::claim_one` (+`AND s.held=0`).
- Web: `app/web/routes.py` (rute `/auto-send`, `/trimite-toate`,
`/trimitere/{id}/trimite-acum`), `app/web/labels.py`, template-uri
`_status.html` / `_submissions.html` / `_coada.html`.
### Patterns de urmat
- Migrare defensiva aditiva (model `accounts.email` / `accounts.tier` din 5.12/5.17).
- Rute web scoped + CSRF + OOB HTMX (model `submissions_admin.py` / butoanele de lifecycle 5.6).
- Strat de afisaj pur in `labels.py` (model 5.4) — fara logica de stare in template.
### Riscuri tehnice
- **R1 (default OFF schimba comportamentul):** azi nu exista hold; cu default 0, conturile
ar tine totul. Acceptabil — productia e pre-lansare, fara conturi legacy active
(cf. 5.17), iar utilizatorul vrea explicit OFF pe contul de test. Documentat ca
decizie constienta (D1).
- **R2 (reresolve scapa snapshot-ul):** daca uitam `held` pe calea de reresolve
(`mapping.py`), un rand deblocat din `needs_mapping` ar pleca automat desi contul e OFF.
Acoperit explicit de US-002 AC.
- **R3 (idempotenta):** `held` NU intra in cheie -> un re-`POST` al aceluiasi continut
loveste randul existent (dedup), nu creeaza dublura. Confirmat de invariantul `build_key`.
- **R4 (hazard de rollback — review CEO + Eng, HIGH operational):** daca se da revert pe cod
DUPA ce randuri au `held=1`, worker-ul pierde filtrul `AND held=0` -> ar trimite TOATE
randurile tinute la RAR (FINALIZATA ireversibila). Atenuare OBLIGATORIE: livreaza ODATA cu
feature-ul un helper `tools/` care carantineaza randurile tinute
(`UPDATE submissions SET status='error', rar_error='ROLLBACK_QUARANTINE' WHERE held=1`) +
pas de runbook scris in §9 (copy-paste, nu improvizat sub presiune).
- **R7 (eroziune creds efemere — Eng low-med):** la orice login reusit worker-ul NULL-eaza
TOATE `submissions.rar_creds_enc` ale contului (`worker:382`), nu doar randul trimis. Un cont
hibrid web+API cu keepalive-login poate sterge creds-urile efemere ale unui rand tinut API ->
la eliberare se cade pe `accounts.rar_creds_enc` (fallback). Acoperit de US-008, dar triggerul
e login-frate, nu varsta creds — de formulat corect.
- **R5 (contention SQLite la bulk release):** `UPDATE` masiv pe "Trimite toate" concureaza
cu `BEGIN IMMEDIATE` al worker-ului -> posibil `database is locked`. Update-ul atomic
(o instructiune) + retry/backoff scurt; sau chunking daca N e mare.
- **R6 (naming):** apare al TREILEA `auto_send` (cont `auto_send_enabled` vs
`operations_mapping.auto_send` vs `operation_text_rules.auto_send`). Comentariu clar in
`schema.sql` care le distinge, ca un viitor dezvoltator sa nu le confunde.
### Rafinari UI (review design Faza 2 — OBLIGATORII la implementare)
- **D1 (container real):** RAR dot e in `base.html` (header `.rar-chip`), NU in `_status.html`.
US-004 AC corectat: comutatorul Auto sta in clusterul de header langa `.rar-chip` (vizibilitate
maxima, langa semnalul RAR real) SAU pe un rand propriu etichetat in bara de status — NU
"langa dot" in `_status.html` (dot-ul nu e acolo).
- **D2 (toggle non-optimist):** checkbox HTMX flip-uie vizual indiferent de raspuns. Necesita
`hx-indicator` + revert-on-failure (la esec POST `/auto-send` -> bifa revine + toast eroare).
Fara fals-sigur tacit pe un comutator de transmitere guvernamentala.
- **D3 (poller nu inghite toggle-ul):** `#status-bar` are `hx-trigger="every 15s"` +
`hx-swap="outerHTML"` -> ar inlocui comutatorul la fiecare 15s (pierdere focus tastatura +
flicker). Exclude comutatorul din swap-ul periodic (container separat sau `hx-preserve`).
- **D4 (modal de confirmare real):** confirmarea tipata (count + "RAR PRODUCTIE") NU se poate
face cu `hx-confirm` (doar OK/Cancel nativ). Necesita un component modal (count, destinatie,
type-to-confirm) — adaugat in lista de fisiere. Per-rand "Trimite" primeste si el o
confirmare (1 linie + microcopy de ireversibilitate), nu doar bulk-ul.
- **D5 (camp derivat, nu in template):** `held` NU e stare noua -> pill-ul existent ar randa
"In coada" identic pt held si non-held. Calcul UN camp de afisaj derivat in `routes.py`
(regula "display layer pur"), nu in template. Culoare `--warn` (amber), NU clasa `needs_*`
(rosu/eroare) — held e asteptare benigna, nu eroare.
- **D6 (mobil 390px):** per-rand actiune = afordanta dedicata pe `.trimitere-slim` cu
`event.stopPropagation()` (randul e el insusi `role=button`), NU buton-copil nestat.
Al 6-lea contor "In asteptare (manual)" se pliaza in celula "In coada" pe bara compacta (nu
adauga a 6-a celula la 10px). Pill scurt ("Manual"/"Tinut") cu fraza completa in `title`.
- **D7 (ordonare bannere):** `_status.html` poate avea deja 3 bannere (cont inactiv / trial /
RAR jos) + al 4-lea (US-007 held). Regula de prioritate un-singur-banner ca sa nu impinga
contoarele sub fold pe mobil.
### Dependente
- Trimiterea manuala produce efect doar cu worker pornit + send master ON + cont `active`
(mediul de productie real). In dev (send OFF) randul eliberat ramane `queued held=0`.
## 8. Open Questions
- [ ] Trimiterea manuala se face asincron (flip `held=0`, worker preia la poll). Acceptam
latenta de un poll (cateva secunde) sau vrem feedback "in curs" imediat in UI?
(Propunere: asincron + OOB refresh, fara sincron — consistent cu arhitectura.)
- [ ] Pe mobil, butonul "Trimite" per rand + "Trimite toate" incap in layout-ul compact
(5.13)? (Propunere: "Trimite toate" in bara sticky, "Trimite" iconita pe card.)
## 9. Plan de verificare
- Regresie `python3 -m pytest -q` verde (baseline curent ~1392) + teste noi per story.
- E2E browser (Playwright, logat): comutare bifa persistenta dupa refresh; rand nou tinut
cu Auto OFF; eliberare per rand si bulk; tranzitie OFF -> ON elibereaza in bloc.
- Optional live RAR (`AUTOPASS_LIVE_RAR=1`): cont OFF -> rand tinut -> "Trimite" ->
`sent idPrezentare=...` confirmat in finalizate.
## 10. Decizii /autoplan — audit trail
Pipeline: CEO -> Design -> Eng -> DX, voce unica (Codex indisponibil pana 2026-07-18, plafon
utilizare). Deciziile intermediare auto-decise pe 6 principii; portile umane = premise + taste.
### Poarta de premise (decizia ta)
- **Scop:** AMBELE — control operational permanent + ajutor de testare.
- **Default Auto:** OFF, pastrat "pana devine stabil" (ales constient peste avertismentul de
conformitate L.142). Inverseaza recomandarea CEO F1 (default ON). Acceptat ca decizie de
domeniu; declanseaza atenuari OBLIGATORII (US-007/008/009).
### Decizii auto (6 principii)
| # | Faza | Decizie | Clasif. | Principiu | Motiv |
|---|------|---------|---------|-----------|-------|
| 1 | CEO | Approach A (held boolean) ca baza, nu stare noua (B) sau enum mod (C) | Mecanica | P5+P3 | aditiv, reuse pattern `reviewed`; B atinge masina de stari pazita |
| 2 | CEO | US-007 vizibilitate coada imbatranita OBLIGATORIE | Mecanica | P1+observ | atenuarea agreata pt default OFF; inchide esecul silentios F3 |
| 3 | CEO | US-008 retentie randuri tinute | Mecanica | P1 | F6: held nu primeste `purge_after` -> PII vesnic (GDPR/L.142) |
| 4 | CEO | US-009 fixturi teste Auto ON + audit + echo API held | Mecanica | P1 | F7: default OFF stagneaza testele; invariant 5.7 raspuns onest |
| 5 | CEO | Garda de confirmare OFF->ON + bulk (count + RAR PRODUCTIE) | Mecanica | P1 | F4/F5: flush ireversibil de randuri test in RAR real |
| 6 | CEO | `held_for_account()` helper unic (DRY) | Mecanica | P4 | calcul held inline de 3x = sit uitat trimite automat |
| 7 | CEO | Enum mod cont (live/hold/test) -> TODOS | Mecanica | P3 | scope dincolo de cerere; dream-state, nu blocant |
### Decizii de taste / provocari -> poarta finala (Faza 4)
- **T-EXP1 (reframe testare, CEO F2 + DX4) -> REZOLVAT: user a ales "doar tinut".** Nici
`rar_env`, nici documentarea `/valideaza` ca unealta de testare in 5.19. Ambele -> TODOS
(posibil follow-up). Pastrat doar avertismentul de onestitate ca eliberarea declara real.
- **T-LABEL (eticheta toggle, Design HIGH) -> REZOLVAT: user a ales REDENUMIREA.** Eticheta
vizibila = **"Trimite automat la RAR"** (nu "Auto"), ca sa nu se ciocneasca cu
"Trimitere automata" (worker viu) din `labels.py`. Conceptul/coloana raman `auto_send_enabled`.
### Faze Design/Eng/DX (audit)
| Faza | Decizie cheie | Clasif. | Motiv |
|------|---------------|---------|-------|
| Design | D1-D7 rafinari UI (non-optimist, poller, modal, mobil, camp derivat, --warn, bannere) | Mecanica | structural, P5 explicit |
| Eng | held_for_account la TOATE ~8 situri queued (bug reactivare router:237) | Mecanica | P5; bypass real Auto OFF |
| Eng | conftest UPDATE id=1; index in _migrate; purge_after direct; account_id din sesiune | Mecanica | corectitudine/securitate |
| DX | held pe SubmissionResult+GET; reuse AUTO_SEND_OPRIT; hub docs | Mecanica | P1; invariant 5.7 |
### Sumar completare review
```
+====================================================================+
| /autoplan — MEGA PLAN REVIEW — COMPLETION SUMMARY |
+====================================================================+
| Mod | SELECTIVE EXPANSION |
| Voci | Claude subagent (CEO/Design/Eng/DX); |
| | Codex INDISPONIBIL (plafon -> 2026-07-18) |
| Poarta premise | scop=AMBELE; default OFF (user, time-boxed) |
| CEO | 7 findings, 2 critice -> atenuate |
| Design | 5->8/10; 13 findings, 3 critice -> D1-D7 |
| Eng | 7 issues; 1 BUG real (reactivare bypass) |
| DX | 5->8/10; onestitate API -> US-010 |
| Stories | 6 -> 10 (US-007/008/009/010 adaugate) |
| Taskuri | 26 (14 P1, 9 P2, 3 P3), agregate pe faze |
| Tema cross-faza | hold != sandbox testare (CEO F2 + DX4) |
| Taste rezolvate | T-EXP1=doar tinut; T-LABEL=redenumire |
| Deferate (TODOS) | enum mod cont; rar_env; doc /valideaza |
| Test plan | scris pe disc (~/.gstack/.../test-plan) |
| Artefacte taskuri | 4 JSONL pe faza |
| Decizii nerezolvate | 0 |
+====================================================================+
```
## GSTACK REVIEW REPORT
| Review | Trigger | Why | Runs | Status | Findings |
|--------|---------|-----|------|--------|----------|
| CEO Review | `/plan-ceo-review` | Scope & strategy | 1 | issues_open->resolved | 5 propuneri, 4 acceptate, 2 deferate; 2 gap critice atenuate |
| Eng Review | `/plan-eng-review` | Architecture & tests (required) | 1 | issues_open->resolved | 7 issues (1 bug bypass reactivare), 0 gap critice ramase |
| Design Review | `/plan-design-review` | UI/UX gaps | 1 | issues_open->resolved | 5->8/10, 13 findings (3 critice) -> D1-D7 |
| DX Review | `/plan-devex-review` | Developer experience gaps | 1 | issues_open->resolved | 5->8/10, onestitate API (US-010) |
- **CROSS-MODEL:** N/A — Codex indisponibil (plafon utilizare pana 2026-07-18); voce unica Claude subagent pe toate fazele.
- **VERDICT:** CEO + DESIGN + ENG + DX CLEARED (voce unica) — PRD revizuit, gata de implementare. Toate deciziile portilor inchise cu user.
NO UNRESOLVED DECISIONS

View File

@@ -0,0 +1,478 @@
<!-- /autoplan restore point: /home/claude/.gstack/projects/romfast-rar-autopass/main-autoplan-restore-20260629-184940.md -->
# PRD 5.20 — Medii RAR per cont (Testare / Productie): activare, credentiale, selectie per trimitere
**Stare**: aprobat
> Proces complet: `docs/ROADMAP.md` §5. Contract RAR (sursa de adevar): `docs/api-rar-contract.md`.
> Stare: `draft -> aprobat -> in-executie -> verify-pass -> inchis`.
## 1. Obiectiv
Trateaza **Testare** si **Productie** ca doua medii RAR configurabile **per cont**. Fiecare mediu are, independent:
o **bifa de activare** si un **set propriu de credentiale**. Un mediu e *disponibil* pentru trimitere doar daca e
activat SI are credentiale. Din disponibilitate decurge tot UX-ul: cand un singur mediu e disponibil totul merge
acolo (fara selector); cand ambele sunt disponibile, apare selector la import + toggle in statusbar + alegere in
API. Trimiterile arata mereu un **badge** cu mediul tinta. Scop: clientul declara real pe Productie, iar cine are
si cont de test RAR isi poate testa integrarea pe Testare — fara redeploy si fara variabila globala de mediu.
**Premisa verificata (2026-06-29, doua seturi reale)**: test si prod sunt sisteme RAR **complet separate**; un set
de credentiale se autentifica pe **exact unul** (creds dev: test 200 / prod 401; creds client real: test 401 /
prod 200). Deci 2 seturi de creds per cont; un cont prod-only NU poate trimite la test fara cont de test emis de RAR.
Detaliu memorat: vezi memoria de proiect "rar-test-prod-creds-separate".
## 2. Non-Goals (anti scope-creep)
- NU eliminam `AUTOPASS_RAR_ENV` global: ramane **ancora de migrare** + fallback pentru actiuni de sistem fara cont
(ex. keepalive login). Per-submission are precedenta cand exista.
- NU configuram base_url-uri din UI (raman in `config.py`); NU adaugam un al treilea mediu.
- NU gating pe plan/tier pentru Productie (decizie user: liber). „Guard-ul" e: Productie e tinta doar daca e
activata + are creds, plus o confirmare unica la activarea Productie (constientizare L.142), NU per trimitere.
- NU schimbam masina de stari, backoff-ul, sau payload-ul `postPrezentare`.
- NU migram automat credentiale de prod ale clientilor — ei le introduc; migrarea doar muta creds-ul existent in
slotul mediului sub care contul opera efectiv.
## 3. Cerinte transversale (reguli de derivare)
- **REQ-DISP**: `medii_disponibile(cont)` = mediile din {test, prod} cu `enabled=1` SI creds prezente. Sursa unica
de adevar pentru vizibilitatea selector/toggle si pentru validarea unei tinte cerute.
- **REQ-VIZ**: selector la import + toggle in statusbar apar DOAR cand `len(medii_disponibile) >= 2`. La 1 mediu,
tinta e implicita (acel mediu), fara selector. La 0, trimiterea e blocata cu mesaj „configureaza credentiale RAR".
- **REQ-BADGE**: orice trimitere afiseaza badge Test/Productie (chiar si la 1 mediu — claritate ca declari real).
- **REQ-DEFAULT**: `rar_env_default(cont)` e mereu unul din mediile disponibile; cont client nou = `prod`. Daca
default-ul nu mai e disponibil (mediu dezactivat), cade pe singurul disponibil; daca 0 disponibile -> nicio tinta.
- **REQ-CONF**: trimiterea pe Productie nu cere confirmare per-rand; constientizarea vine din badge + o confirmare
UNICA la activarea mediului Productie in configurare.
## 4. Stories atomice
> Backend + UI pentru acelasi comportament = stories separate. `Fisiere` + `Depinde de` complete.
### US-001: Schema — medii per cont (activare + creds) + env pe submission
**Ca** sistem **vreau** sa stochez per cont activarea si credentialele fiecarui mediu, default-ul, si env-ul tinta
pe fiecare submission **pentru ca** test si prod sunt sisteme separate cu credentiale separate.
- **Depinde de**: —
- **Fisiere**: `app/schema.sql`, `app/db.py` (migrare idempotenta), `tests/test_schema_migrate.py`
- **Test intai (RED)**: `tests/test_schema_migrate.py``test_coloane_medii_pe_cont`,
`test_default_client_prod_on_test_off`, `test_migrare_creds_in_slotul_env_global`, `test_submissions_rar_env`
- **Acceptance criteria**:
- [ ] `accounts`: `rar_test_enabled INTEGER NOT NULL DEFAULT 0`, `rar_prod_enabled INTEGER NOT NULL DEFAULT 1`
(ambele CHECK IN (0,1)); `rar_creds_test_enc TEXT`, `rar_creds_prod_enc TEXT`;
`rar_env_default TEXT NOT NULL DEFAULT 'prod' CHECK (rar_env_default IN ('test','prod'))`
- [ ] `submissions.rar_env TEXT NOT NULL DEFAULT 'test' CHECK (rar_env IN ('test','prod'))`
- [ ] **Migrare existenti (NU presupune env-ul)**: `rar_creds_enc` -> slotul `AUTOPASS_RAR_ENV` global de la
migrare; seteaza `enabled=1` DOAR pe mediul cu creds; `rar_env_default` = acel mediu. Conturi fara creds:
raman pe default-urile coloanei (prod on / test off). Coloana veche RAMANE acum (dropul e in US-013, dupa
ce toate citirile trec pe per-env)
- [ ] **(AUTO-FIX G — CRITIC, amendament AC) Backfill `submissions.rar_env` EXISTENT din `AUTOPASS_RAR_ENV`
global**, NU lasa pe `DEFAULT 'test'`. Un rand prod pre-migrare etichetat 'test' -> US-006 reconciliaza
contra endpoint TEST -> no-match -> re-send prod = DUPLICAT REAL IREVERSIBIL. `DEFAULT 'test'` ramane doar
plasa pentru randuri net-noi (fiecare INSERT din US-004/005/009 seteaza `rar_env` explicit)
- [ ] **(AUTO-FIX E4/3) Recompute `idempotency_key` pentru randurile existente** la forma env-aware
(`build_key(account_id, canon, rar_env)` cu `rar_env`-ul backfill-at), ca lookup-urile de dedup (API +
import) sa nu rateze randuri legacy -> altfel re-POST = duplicat
- [ ] `test_submissions_rar_env` asserteaza ca un rand PRE-migrare ajunge cu env-ul global (NU 'test') si
reconciliaza contra endpointului corect
- [ ] migrare idempotenta pe DB existent, fara pierdere de date
- [ ] `python3 -m pytest tests/test_schema_migrate.py -q` PASS
- **Verificare E2E**: DB pre-migrare cu `AUTOPASS_RAR_ENV=test` -> creds aterizeaza in `rar_creds_test_enc`,
`rar_test_enabled=1`, `rar_env_default='test'`.
### US-002: Logica de disponibilitate si default efectiv
**Ca** sistem **vreau** un helper unic care intoarce mediile disponibile si default-ul efectiv al unui cont
**pentru ca** vizibilitatea UI, API-ul si worker-ul sa decida identic (REQ-DISP/REQ-DEFAULT).
- **Depinde de**: US-001
- **Fisiere**: `app/rar_env.py` (nou) sau `app/mapping.py`, `tests/test_rar_env_disponibil.py`
- **Test intai (RED)**: `tests/test_rar_env_disponibil.py``test_doar_prod_cu_creds`, `test_ambele`,
`test_zero_cand_lipsesc_creds`, `test_default_cade_pe_singurul_disponibil`, `test_enabled_fara_creds_nu_e_disponibil`
- **Acceptance criteria**:
- [ ] `medii_disponibile(account) -> list[str]` (subset din ['test','prod']) = enabled AND creds prezente
- [ ] `rar_env_efectiv(account) -> 'test'|'prod'|None` aplica REQ-DEFAULT
- [ ] `python3 -m pytest tests/test_rar_env_disponibil.py -q` PASS
- **Verificare E2E**: —
### US-003: Idempotenta include rar_env
**Ca** sistem **vreau** ca `build_key` sa incorporeze `rar_env` **pentru ca** aceeasi prezentare la test si apoi
la prod sunt doua trimiteri reale distincte, nu un duplicat.
- **Depinde de**: —
- **Fisiere**: `app/idempotency.py`, `tests/test_idempotency.py`
- **Test intai (RED)**: `tests/test_idempotency.py``test_key_difera_intre_test_si_prod`, `test_key_stabil_pe_env`
- **Acceptance criteria**:
- [ ] `build_key(account_id, canon, rar_env)` -> chei diferite test vs prod pe acelasi continut; stabil pe re-apel
- [ ] toate apelurile (`router.py`, `import_router.py`) trec env-ul rezolvat
- [ ] `python3 -m pytest tests/test_idempotency.py -q` PASS
- **Verificare E2E**: —
### US-004: Rezolvare tinta la ingestie (cerere > default cont) + respinge tinta indisponibila
**Ca** sistem **vreau** sa decid env-ul unui submission si sa resping tintele indisponibile **pentru ca** o tinta
fara mediu activ/creds nu trebuie sa intre in coada.
- **Depinde de**: US-002
- **Fisiere**: `app/validation.py`, `app/mapping.py`, `tests/test_rar_env_resolve.py`
- **Test intai (RED)**: `tests/test_rar_env_resolve.py``test_cerere_castiga`, `test_fallback_default_cont`,
`test_tinta_indisponibila_respinsa`, `test_valoare_invalida`
- **Acceptance criteria**:
- [ ] precedenta: valoare ceruta (daca e in `medii_disponibile`) > `rar_env_efectiv(cont)`
- [ ] tinta ceruta dar indisponibila -> eroare clara („mediul X nu e activat / fara credentiale"), fara enqueue
- [ ] valoare invalida (≠ test/prod) -> eroare de validare, fara fallback silentios
- [ ] `python3 -m pytest tests/test_rar_env_resolve.py -q` PASS
- **Verificare E2E**: —
### US-005: API — camp `rar_target` pe POST /v1/prezentari si /valideaza
**Ca** integrator ROAAUTO **vreau** sa pot preciza `rar_target`, cu default = default-ul contului meu **pentru ca**
sa aleg unde declar fara sa stiu env-ul global.
- **Depinde de**: US-003, US-004
- **Fisiere**: `app/api/v1/router.py`, `app/models.py`, `tests/test_api_rar_target.py`
- **Test intai (RED)**: `tests/test_api_rar_target.py``test_default_din_cont_cand_lipseste`,
`test_target_explicit`, `test_target_indisponibil_respins`, `test_get_ecou_rar_env`, `test_valoare_invalida_422`
- **Acceptance criteria**:
- [ ] camp optional `rar_target: "test"|"prod"` pe `POST /v1/prezentari` si `/valideaza`
- [ ] absent -> `rar_env_efectiv(cont)` (pt client prod-only = `prod`)
- [ ] tinta indisponibila -> raspuns clar, fara enqueue; `SubmissionResult` + GET ecou-iesc `rar_env`
- [ ] valoare invalida -> 422 fara echo de input (handler global pastrat)
- [ ] `python3 -m pytest tests/test_api_rar_target.py -q` PASS
- **Verificare E2E**: `POST /v1/prezentari` fara `rar_target` pe un cont prod-only -> submission env=prod.
### US-006: Worker — sesiuni si trimitere per (cont, env)
**Ca** worker **vreau** login/JWT separat per `(account_id, rar_env)`, cu base_url + creds corecte per submission
**pentru ca** test si prod sunt sisteme RAR diferite.
- **Depinde de**: US-001
- **Fisiere**: `app/worker/__main__.py` (`AccountSessions`), `app/rar_client.py` (base_url per env),
`app/reconcile.py`, `tests/test_worker_rar_env.py`
- **Test intai (RED)**: `tests/test_worker_rar_env.py``test_sesiune_separata_per_env`,
`test_base_url_dupa_submission`, `test_creds_din_slotul_env`, `test_reconcile_pe_env_corect`
- **Acceptance criteria**:
- [ ] cheia cache sesiune = `(account_id, rar_env)`; JWT/keepalive/last_rar_login_ok per env
- [ ] `RarClient` primeste env/base_url explicit (nu doar `settings.rar_base_url`)
- [ ] creds alese: submission efemere -> `accounts.rar_creds_{env}_enc`; lipsa -> blocaj clar (nu trimite)
- [ ] reconcilierea cauta in `finalizate` pe endpoint-ul `submission.rar_env`
- [ ] purjarea atinge DOAR `submissions.rar_creds_enc`, NU `accounts.rar_creds_{env}_enc`
- [ ] `python3 -m pytest tests/test_worker_rar_env.py -q` PASS
- **Verificare E2E**: doua submission-uri (test + prod, creds prezente) -> doua login-uri distincte in jurnal.
### US-007: Validare login pe env-ul ales (signup / preview / test integrare)
**Ca** sistem **vreau** ca validarea credentialelor sa loveasca mediul caruia ii apartin **pentru ca** o parola
prod nu se valideaza contra RAR test si invers (confirmat: 401 incrucisat).
- **Depinde de**: US-002
- **Fisiere**: `app/web/routes.py`, `app/rar_client.py`, `app/web/templates/_integrare.html`,
`tests/test_validare_env.py`
- **Test intai (RED)**: `tests/test_validare_env.py``test_valideaza_pe_env_creds`, `test_mesaj_distinge_env`
- **Acceptance criteria**:
- [ ] validarea (signup, „testeaza integrarea", preview) foloseste env-ul setului de creds verificat
- [ ] mesaj distinct „creds invalide pe TESTARE" vs „pe PRODUCTIE"
- [ ] `python3 -m pytest tests/test_validare_env.py -q` PASS
- **Verificare E2E**: in UI „testeaza integrarea" cu creds prod -> login pe endpoint prod.
### US-008: Configurare cont — doua medii (bifa activare + creds), default, confirmare prod
**Ca** titular de cont **vreau** sa activez fiecare mediu, sa-i introduc credentialele si sa aleg default-ul
**pentru ca** vreau sa controlez unde se poate trimite si unde merge implicit.
- **Depinde de**: US-001, US-007
- **Fisiere**: `app/web/routes.py`, `app/web/templates/_cont.html`, `app/crypto.py` (refolosit),
`tests/test_cont_medii.py`
- **Test intai (RED)**: `tests/test_cont_medii.py``test_activeaza_si_salveaza_creds_per_env`,
`test_default_doar_dintre_disponibile`, `test_activare_prod_cere_confirmare`, `test_creds_criptate_fara_echo`
- **Acceptance criteria**:
- [ ] doua sectiuni „Testare" si „Productie": fiecare cu bifa Activeaza + campuri email/parola; default client =
Productie bifat, Testare nebifat
- [ ] la salvare, creds-ul fiecarui mediu activat e validat prin login pe acel env (US-007); invalid -> nu se
marcheaza disponibil
- [ ] selectorul de default ofera DOAR mediile disponibile; nu poti seta default un mediu indisponibil
- [ ] activarea mediului Productie cere o confirmare unica „Inteleg ca trimiterile pe Productie sunt declaratii
reale (L.142)"
- [ ] creds criptate Fernet in `rar_creds_{env}_enc`, niciodata reflectate inapoi in pagina
- [ ] `python3 -m pytest tests/test_cont_medii.py -q` PASS
- **Verificare E2E**: activez Testare + creds valide si Productie + creds invalide -> doar Testare devine disponibil.
### US-009: Import web — selector mediu conditionat de disponibilitate
**Ca** operator **vreau** sa aleg mediul la import doar cand am ≥2 disponibile, pre-bifat pe default **pentru ca**
la un singur mediu alegerea e inutila.
- **Depinde de**: US-002, US-004
- **Fisiere**: `app/import_router.py`, `app/import_parse.py`, `app/web/templates/_upload.html`,
`_preview_import.html`, `tests/test_import_rar_env.py`
- **Test intai (RED)**: `tests/test_import_rar_env.py``test_selector_ascuns_la_un_mediu`,
`test_selector_prezent_si_prebifat_la_doua`, `test_commit_seteaza_env_pe_submissions`
- **Acceptance criteria**:
- [ ] selector Test/Prod apare DOAR daca `len(medii_disponibile) >= 2`; initial = `rar_env_efectiv`
- [ ] la 1 mediu: fara selector, toate randurile primesc acel mediu
- [ ] la commit, toate submission-urile lotului primesc `rar_env` ales
- [ ] `python3 -m pytest tests/test_import_rar_env.py -q` PASS
- **Verificare E2E**: cont prod-only -> import fara selector, submissions env=prod; cont cu ambele -> selector pre-bifat.
### US-010: Badge mediu in liste, preview, jurnal, audit + ecou API
**Ca** utilizator **vreau** sa vad pe fiecare trimitere mediul tinta **pentru ca** sa nu confund testul cu realul.
- **Depinde de**: US-001
- **Fisiere**: `app/web/templates/_submissions.html`, `_coada.html`, `_trimitere_detaliu.html`,
`_preview_rand.html`, `_jurnal.html`, `app/web/routes.py` (audit export), `app/api/v1/router.py` (GET),
`tests/test_badge_rar_env.py`
- **Test intai (RED)**: `tests/test_badge_rar_env.py``test_badge_in_lista`, `test_audit_contine_rar_env`,
`test_get_ecou_rar_env`
- **Acceptance criteria**:
- [ ] badge vizibil (Test vs Productie, culori distincte) in lista, preview rand, detaliu, jurnal
- [ ] `rar_env` in audit export si in `GET /v1/prezentari(/{id})`
- [ ] `python3 -m pytest tests/test_badge_rar_env.py -q` PASS
- **Verificare E2E**: rand prod -> badge „Productie"; export audit contine coloana.
### US-011: Statusbar — indicator mediu + toggle conditionat
**Ca** operator **vreau** sa vad in statusbar mediul default si sa-l pot schimba cand am ≥2 medii **pentru ca**
sa stiu mereu unde trimit si sa comut rapid.
- **Depinde de**: US-002, US-008
- **Fisiere**: `app/web/templates/_status.html`, `base.html`, `app/web/routes.py` (ruta toggle account-scoped),
`tests/test_statusbar_env.py`
- **Test intai (RED)**: `tests/test_statusbar_env.py``test_afiseaza_env_default`,
`test_toggle_doar_la_doua_medii`, `test_toggle_schimba_default`
- **Acceptance criteria**:
- [ ] statusbar afiseaza mediul default al contului logat (Test/Productie), distinct vizual
- [ ] toggle apare DOAR la `len(medii_disponibile) >= 2`; comutarea schimba `rar_env_default` (HTMX, fara reload)
- [ ] la 1 mediu: doar eticheta statica
- [ ] `python3 -m pytest tests/test_statusbar_env.py -q` PASS
- **Verificare E2E**: cont cu ambele -> click statusbar schimba default; cont prod-only -> eticheta fixa „Productie".
### US-012: Audit + e2e pe medii
**Ca** lead **vreau** evenimente de audit la activare mediu / schimbare default / blocaj tinta, plus teste e2e
**pentru ca** orice atingere a mediului Productie trebuie trasabila.
- **Depinde de**: US-005, US-006, US-009, US-011
- **Fisiere**: `app/audit.py`/`log_event`, `tests/test_e2e_rar_env.py`
- **Test intai (RED)**: `tests/test_e2e_rar_env.py``test_lant_import_pana_la_queued`, `test_activare_prod_logata`,
`test_tinta_indisponibila_blocata_si_logata`
- **Acceptance criteria**:
- [ ] audit la: activare/dezactivare mediu, schimbare `rar_env_default`, blocaj tinta indisponibila
- [ ] e2e (TestClient + SQLite temporar) acopera import->queued cu env corect, ambele cai
- [ ] `python3 -m pytest tests/test_e2e_rar_env.py -q` PASS
- **Verificare E2E**: jurnal arata „mediu Productie activat" + „default schimbat" cu cont + timestamp.
### US-013: Retragerea `accounts.rar_creds_enc` (toate citirile -> per-env, apoi DROP)
**Ca** sistem **vreau** ca toate cele ~40 de locuri care citesc `accounts.rar_creds_enc` sa treaca pe coloanele
per-mediu si apoi sa sterg coloana veche **pentru ca** modelul per-env sa fie sursa unica, fara schema dubla.
- **Depinde de**: US-005, US-006, US-008 (consumatorii principali deja pe per-env)
- **Fisiere**: `app/worker/__main__.py` (fallback + bucla keepalive „toate conturile cu creds"),
`app/web/routes.py` (indicatorii `are_creds`), `app/api/v1/integrare_router.py` (`are_creds_rar`),
`app/api/v1/router.py` (`POST /v1/conturi/rar-creds` devine env-aware), `app/accounts.py` (purge la stergere cont),
`app/db.py` (DROP cu garda), `app/models.py`, `tests/test_retragere_creds_enc.py`
- **Test intai (RED)**: `tests/test_retragere_creds_enc.py``test_niciun_read_pe_coloana_veche`,
`test_conturi_rar_creds_env_aware`, `test_are_creds_pe_per_env`, `test_drop_cu_garda_blocat_daca_lipsa_copiere`
- **Acceptance criteria**:
- [ ] worker fallback + keepalive citesc `rar_creds_{env}_enc` (per env), nu coloana veche
- [ ] `are_creds` (web) + `are_creds_rar` (integrare) devin per-mediu („are creds pe Testare/Productie")
- [ ] `POST /v1/conturi/rar-creds` primeste mediul (`rar_target`/`env`) si scrie in slotul corect — **schimbare
de contract API**, documentata in `docs/api-rar-contract.md`
- [ ] purjarea la stergere cont (`accounts.py`) sterge ambele sloturi per-env
- [ ] **DROP cu garda**: migrarea verifica intai ca fiecare `rar_creds_enc` non-null a aterizat intr-un slot
per-env (assert), apoi `ALTER TABLE accounts DROP COLUMN rar_creds_enc` (SQLite 3.45 OK); verificare esuata
-> NU dropa, ridica eroare (fail-safe)
- [ ] **(AUTO-FIX 6a — CRITIC) Elimina ATOMIC blocul `ADD COLUMN rar_creds_enc` din `db.py:77-78`** in aceeasi
migrare cu DROP-ul. Altfel urmatorul boot vede coloana absenta si o re-ADD goala -> ping-pong perpetuu,
garda se rupe. Garda e one-way: dropeaza doar cand sloturile per-env sunt populate SI coloana inca exista
- [ ] **(AUTO-FIX 6b — HIGH) DROP-ul nu crapa boot-ul**: `init_db/_migrate` ruleaza la fiecare pornire a ambelor
procese; un `DROP COLUMN` care arunca (SQLite < 3.35 / assert garda esuat) propaga -> API + worker
crash-loop. Prinde + degradeaza (log + lasa coloana pe loc), NU arunca. Asserteaza `sqlite_version() >= 3.35`
(verifica SQLite din imaginea Docker, nu doar dev box) si sare drop-ul gracios sub acel prag
- [ ] **(AUTO-FIX 6c — HIGH) Re-ruleaza backfill old->new IMEDIAT inainte de assert**: creds setate via
`POST /v1/conturi/rar-creds` intre deploy-ul US-001 si US-013 aterizeaza doar in coloana veche; copiaza-le
in slotul per-env (ancora globala) inainte de garda, altfel garda blocheaza drop-ul la nesfarsit
- [ ] **(AUTO-FIX 6d) Verificare prin `PRAGMA table_info(accounts)`** ca `rar_creds_enc` lipseste, NU doar prin
grep (ambele coloane — `accounts` si `submissions` — au acelasi nume; purjarea worker-ului ramane pe
`submissions.rar_creds_enc`)
- [ ] `grep -rn "rar_creds_enc" app/` nu mai gaseste citiri pe `accounts` (doar `submissions.rar_creds_enc` ramane)
- [ ] `python3 -m pytest tests/test_retragere_creds_enc.py -q` PASS
- **Verificare E2E**: dupa migrare, `PRAGMA table_info(accounts)` nu mai contine `rar_creds_enc`; fluxul de cont
(salvare creds, worker trimite) functioneaza pe per-env.
## 5. Riscuri
- **Trimitere reala accidentala** (FINALIZATA terminal, L.142): atenuat prin badge omniprezent + Productie disponibil
doar dupa activare explicita + creds + confirmare unica la activare. NU exista anulare la RAR.
- **Default invalid dupa dezactivare mediu**: REQ-DEFAULT recalculeaza; teste US-002 acopera caderea pe disponibil.
- **Migrare ambigua** (CONFIRMAT): `rar_creds_enc` poate fi test SAU prod; migrarea aterizeaza in slotul
`AUTOPASS_RAR_ENV` global + activeaza doar acel mediu. De validat pe DB-ul real inainte de deploy.
- **Client prod-only nu poate testa**: corect by design; UI explica explicit (nu „creds invalide"), nu ofera Testare
fara creds test.
- **Idempotenta**: schimbarea cheii (US-003) cere ca TOATE apelurile sa treaca env-ul; grep dupa `build_key` + teste.
- **Retragere `rar_creds_enc` (US-013)**: ~40 citiri + endpoint API `POST /v1/conturi/rar-creds` (contract). Blast
radius mare, dar single-release e mai curat decat schema dubla. DROP cu garda (assert copiere) = fara pierdere
de date; produsul e in TESTE (putine conturi reale). Recuperarea via coloana veche dispare dupa DROP — acceptat.
## 6. Intrebari deschise — REZOLVATE (user 2026-06-29)
- [x] **Default API** = default-ul contului (NU „test" hardcodat), fiindca clientii sunt prod-only. CONFIRMAT.
- [x] **Activare implicita cont nou** = Productie on / Testare off; contul operator setat manual pe Testare. CONFIRMAT.
- [x] **Confirmare Productie** = o data, la activarea mediului in configurare (nu per trimitere). CONFIRMAT.
- [x] **`rar_creds_enc` vechi** = se STERGE in acest PRD (US-013), nu in 5.2x. DROP cu garda (assert copiere),
toate citirile mutate pe per-env, endpoint `POST /v1/conturi/rar-creds` devine env-aware. CONFIRMAT.
## 7. Valuri de executie (graful de dependente)
```
Val 1: [US-001] [US-003] ← schema + idempotenta (fisiere distincte) → paralel
Val 2: [US-002] ← deblocat de US-001
Val 3: [US-004] [US-006] [US-007] ← rezolvare ingestie / worker / validare → paralel
Val 4: [US-005] [US-008] [US-009] [US-010] ← API / config cont / import / badge → paralel
Val 5: [US-011] ← statusbar (depinde de US-008)
Val 6: [US-012] [US-013] ← audit + e2e; retragere rar_creds_enc + DROP (depind de tot)
```
---
## Raport VERIFY
> Completat de subagentul verificator (context curat) in faza VERIFY — vezi ROADMAP §5.6.
> PASS/FAIL per criteriu, cu dovezi. Lipseste pana la VERIFY.
---
<!-- AUTONOMOUS DECISION LOG -->
## /autoplan Review (2026-06-29, commit 7371c37)
Voci: Claude (primar) + Claude subagent (independent). Codex indisponibil (usage limit, revine 18 iul) -> mod `[subagent-only]`. Poarta premisa: user a ales **"Build full per-account multi-env (as planned)"** — premisa de baza (sisteme separate) verificata live; nevoia de dashboard unic justifica per-cont peste 2 deployment-uri pinned.
### Auto-fixuri (corectitudine/siguranta — incorporate in stories)
| # | Story | Gap (gasit de) | Fix incorporat | Principiu |
|---|-------|----------------|----------------|-----------|
| G | US-001 | **CRITIC** (subagent): migrarea backfill-eaza creds dar NU `submissions.rar_env` existent; randuri prod pre-migrare cad pe DEFAULT 'test' -> US-006 reconciliaza contra endpoint TEST -> no-match -> **re-send prod = duplicat real ireversibil** | Migrarea backfill-eaza `submissions.rar_env` din `AUTOPASS_RAR_ENV` global (DEFAULT 'test' doar pentru randuri net-noi). Test: rand prod pre-migrare reconciliaza contra endpoint prod | P1 completeness + siguranta |
| L | **US-005/US-013** (NU US-006 — eng finding 5: write-back e in `router.py`, pe care US-006 nu-l atinge) | HIGH (ambele voci, `router.py:250`): write-back creds efemere API -> `accounts.rar_creds_enc` durabil nu e rutat pe slotul `submission.rar_env` | Write-back tinteste `accounts.rar_creds_{submission.rar_env}_enc` + test. **Plus**: nu auto-propaga creds API NEVALIDATE in slotul durabil per-env (ar putea clobber-i un slot login-validat); propaga doar dupa login reusit | P1 |
| K | US-013 | HIGH (subagent): `POST /v1/conturi/rar-creds` e contract extern; env-aware in-place = breaking | Endpoint **aditiv**: param `env` optional, default = default cont; apelanti vechi neatinsi. (Independent de decizia DROP) | P5 explicit + back-compat |
| M2 | US-013 | MEDIUM (Claude): `_keepalive_target` alege un cont fara notiune de env dupa per-env | Keepalive foloseste ancora globala `AUTOPASS_RAR_ENV` + un cont cu creds in slotul acelui env | P5 |
| M3 | US-003 | MEDIUM (Claude): `_already_sent_lookup` (import_router.py:369) are dual-lookup legacy; adaugarea env in cheie cere extinderea lui, nu doar a parametrului | US-003 extinde dual-lookup (cheie noua env-aware + fallback legacy) | P1 |
| D | US-001 | HIGH (subagent): corectitudinea migrarii e "de validat manual"; trebuie poarta testata | Script de audit pre-migrare (raporteaza slot-ul atribuit) + assert DROP-cu-garda existent ca poarta, nu nota manuala | P1 |
| M | US-012 | MEDIUM (subagent): niciun test live dual-env; riscul dominant (rutare gresita env) e exact ce SQLite nu prinde | Test live opt-in dual-env (extinde `test_live_rar`): 1 rand test + 1 prod -> 2 login-uri, 2 endpoint-uri, badge corecte, reconciliere pe env corect | P1 |
| backup | US-013 | MEDIUM (Claude): "recovery via coloana veche dispare dupa DROP — acceptat" | Inainte de DROP, dump coloana veche criptata intr-un backup timestamped (recuperare supravietuieste DROP) | P2 boil-lake |
### Decizii user la poarta finala (REZOLVATE 2026-06-29) — APROBAT
- **A (DROP US-013) -> PASTREAZA single-release.** User: "aplicatia e doar in teste, nu folosita de clienti" -> blast radius mic, rollback-ul conteaza mai putin. Decizia §6 ramane. **Garzile 6a/6b/6c sunt obligatorii in AC US-013** (eliminare atomica bloc ADD, catch+degrade fara boot-crash, re-backfill interim) + backup criptat inainte de DROP. NU se amana.
- **J/H1 (interlock prod) -> doar butonul de commit colorat (F8), FARA modal.** REQ-CONF ramane. Lantul: bifa activare (o data) + badge "fierbinte" + buton "Declară la PRODUCȚIE (real)". Fara confirmare per-commit (evita oboseala de click; clientii prod-only oricum n-au selector).
- **H (fallback default) -> doar toast zgomotos (F5), FARA re-confirmare.** REQ-DEFAULT auto-fallback ramane; toast-ul "Mediul implicit a trecut pe X" face flip-ul vizibil. Fara gate suplimentar.
### Taste (recomandari acceptate — fara override)
- **T1**: token dedicat `--prod` (brick) pentru badge-ul Productie. **T2**: `rar_env` ca nume unic input+output (scoate `rar_target`/`env`).
### Taste decisions (auto-decise cu recomandare — override la poarta)
- **T1 — token culoare Productie**: rosu (`--err`) se ciocneste cu erorile, amber (`--warn`) cu badge-ul legacy. Recomandat: token dedicat `--prod` (brick inchis) SAU `--accent` plin. (design F2)
- **T2 — nume camp request**: recomandat `rar_env` peste tot (un singur nume input+output), scoate `rar_target`/`env`. (DX F1)
### Teme cross-fază (semnal de incredere ridicat — aparut independent in 2+ faze)
- **Siguranta declaratiei reale ireversibile** — TOATE 4 fazele (CEO G/H1/J, Design F1/F8/F10, Eng 1b/3/G, DX F2/F3/F4). Semnalul dominant: badge + interlock + discoverability + rutare env corecta converg pe "nu declara real din greseala".
- **Flip silentios al mediului default** — CEO-H, Design-F5, DX-F3 (3 faze). Fa flip-ul zgomotos + nu auto-promova prod silentios.
- **Risc DROP US-013** — CEO-A, Eng 6a/6b/6c (2 faze). Intareste amanarea DROP-ului.
- **Ambiguitate spec/nume care musca implementer-ul** — Design-F14, Eng-4a, DX-F1/F7. Auto-fixurile TREBUIE sa intre in AC + contract inainte de implementare.
### NOT in scope (confirmat)
Eliminarea ancorei globale `AUTOPASS_RAR_ENV`; base_url din UI; al treilea mediu; gating plan/tier pe prod; schimbari masina-stari/backoff/payload; auto-migrare creds prod client. (PRD §2)
### Ce exista deja (leverage)
`crypto.py` Fernet (creds per-env), `AccountSessions` (re-key (cont,env)), `RarClient` (primeste settings; +param env), `config.rar_base_url_test/prod` (deja prezent), `build_key` (+param), `account_scope_clause`. Fara infra noua.
### Auto-fixuri DESIGN (structurale — incorporate in stories)
Voci: Claude (primar) + Claude subagent. Scorecard: 1 CRITIC, 7 HIGH, 5 MEDIUM, toate CONFIRMED.
| # | Story | Gap | Fix incorporat | Sev |
|---|-------|-----|----------------|-----|
| F1 | US-010 | **CRITIC**: "culori distincte" e singura spec a singurului guard vizual contra riscului dominant | Badge **normativ**: Productie = fill plin, saturat, text alb, iconita + cuvant complet UPPERCASE cu diacritice ("PRODUCȚIE"); Testare = outline/tint linistit (muted/accent), receding. Asimetria de greutate ESTE designul | CRITIC |
| F2 | US-010 | HIGH: rosu (`--err`) rezervat erorilor, amber (`--warn`) ocupat de `.badge-env` legacy + needs_* | Token dedicat `--prod` (ex. brick `#B4452F`) SAU `--accent` plin pentru Productie; hex/token scris in AC, nu improvizat per template. (taste: hexul exact -> poarta) | HIGH |
| F3/F12 | US-010 | HIGH: "Test/Testare/prod/PRODUCTIE" folosite interschimbabil; bypass `labels.py` | `labels.py` adaugat in Fisiere: `ETICHETE_ENV` + `eticheta_env(env)->(text,css)` (oglindeste `eticheta_scurta`). Productie UPPERCASE+diacritice, Testare title-case; clase `.badge-prod/.badge-test` definite o data in base.html langa `.sugg-sursa` | HIGH |
| F11 | US-011 | HIGH: `.badge-env` EXISTENT in header arata `AUTOPASS_RAR_ENV` global -> dupa 5.20 e semantic gresit; doua indicatoare env cu surse diferite in acelasi viewport | US-011 retrage/repurpune header `.badge-env` (preferat: scos pentru user logat, inlocuit de indicatorul account-scoped din statusbar). NU coexista doua surse de adevar | HIGH |
| F4 | US-009 | HIGH: starea 0-medii e numita dar nedesignata; blocaj la commit (dupa munca) = calea minima | Blocaj la UPLOAD (nu commit): banner `--warn` (refoloseste pattern "Cont in asteptare", `_status.html:8`) + CTA link `?tab=cont`, inainte de drop-zone | HIGH |
| F5 | US-011 | HIGH: schimbarea silentioasa a default-ului (mediu dezactivat) nu are UI -> target real/test comuta fara ca userul sa stie | Toast explicit (componenta `#toast` exista) la schimbarea `rar_env_default` ca efect al disponibilitatii: "Mediul implicit a trecut pe X". Leaga de CEO-H | HIGH |
| F8 | US-009 | HIGH: o bifa la activare apoi nimic = sub-avertizare; modalul per-trimitere a fost respins (REQ-CONF) | Butonul de commit POARTA greutatea cand target=Productie: "Declară la PRODUCȚIE (real)" + culoarea Productie (FARA modal, FARA click extra -> nu incalca REQ-CONF). Copy bifa activare: adauga ireversibilitatea ("declarații oficiale, finale și fără anulare") | HIGH |
| F6/F7 | US-008/US-011 | MEDIUM: stari loading/error pt toggle HTMX + validare creds la RAR nespecificate; stare per-sectiune (activat-fara-creds-valide) | toggle: `hx-indicator` + disabled in zbor, pe esec NU schimba default + eroare; US-008 validare creds arata `htmx-indicator` ("se verifica la RAR…") + esec in `.banner` cu copy per-env (US-007); fiecare sectiune arata 3 stari: dezactivat / activat-fara-creds / disponibil | MEDIUM |
| F9/F10 | US-009 | MEDIUM/HIGH: selectorul absent la 1 mediu = env invizibil la import; default pre-bifat prod la prima trimitere | Mereu randeaza un indicator env la import (eticheta statica la 1 mediu, toggle la >=2, ACEEASI pozitie). Prod pre-bifat e sigur DOAR daca F8+F9 livreaza impreuna — legate explicit in AC | HIGH |
| F13 | US-010 | MEDIUM: sa nu forkeze un badge structural nou | Refoloseste idiomul `.sugg-sursa` (10px, weight 700, tint+border) pt Testare; Productie = aceeasi geometrie dar fill plin+alb+icon (spargerea e semnalul) | MEDIUM |
### Auto-fixuri ENG (corectitudine/deploy — incorporate in stories)
Voci: Claude (primar) + Claude subagent (verificat contra codului real). **Meta (eng 4a): toate auto-fixurile de mai jos sunt NORMATIVE si trebuie sa intre in AC-ul story-urilor inainte de implementare — un implementer care urmeaza AC-ul literal, fara ele, livreaza bug-urile critice.** G + 6a deja imbinate in AC US-001/US-013.
| # | Story | Gap (vs cod real) | Fix | Sev |
|---|-------|-------------------|-----|-----|
| E1/1a | US-006 | `get_token` purjeaza `submissions.rar_creds_enc WHERE account_id=?` -> dupa re-key, login TEST sterge creds efemere ale submission-urilor PROD ale contului -> prod blocat | `WHERE account_id=? AND rar_env=?` + test `test_purge_creds_doar_pe_env` | HIGH |
| 1b/E6 | US-006 | `recover_orphans` filtreaza doar pe `account_id`; iterat per sesiune (cont,env) reconciliaza orfanii prod contra endpoint TEST -> no-match -> re-POST prod = DUPLICAT real | +`rar_env` in WHERE; apelat per (cont,env) din `active()`; test orfan env A nereconciliat contra env B | HIGH/CRITIC |
| 3/E4 | US-003 | API channel (`router.py:223`) NU are dual-lookup; re-POST al unui rand pre-5.20 cu cheie env-aware rateaza randul legacy -> duplicat. Import dual-lookup ignora env-ul randului matchuit | Recompute-keys la migrare (US-001, vezi acolo) acopera ambele canale uniform; daca pastrezi dual-lookup, exista si in `router.py` SI gate pe `matched_row.rar_env==target_env` | HIGH |
| 1c/E8 | US-006 | `claim_one` nu selecteaza `s.rar_env` -> worker nu poate alege cheia sesiune/base_url/slot | AC explicit: claim selecteaza + propaga `rar_env` in dict-ul `claimed` | MEDIUM |
| 1d | US-006/US-001 | `worker_heartbeat` e un singur rand global (`WHERE id=1`); US-006 cere `last_rar_login_ok` PER env dar US-001 nu adauga schema per-env -> neimplementabil ca scris | Decizie: pastreaza heartbeat global (JWT/sesiune per env e suficient), scoate "per env" din AC US-006; SAU adauga coloana in US-001. Recomandat: global | MEDIUM |
| 1e | US-006 (doc) | `_refresh_nomenclator` upsert intr-un `nomenclator_rar` env-less la fiecare login; login test suprascrie cu coduri test, prod cu prod -> un cod valid pe prod poate fi respins la ingestie daca ultimul refresh a fost test | Documenteaza presupunerea (nomenclator identic intre medii — aceleasi 18 coduri) SAU scope per-env (out of scope acum). Minim: nota explicita | MEDIUM |
| 5 | US-005/US-013 | write-back creds API nevalidate -> slot durabil (vezi L de mai sus) | re-asignat la US-005/US-013; propaga doar dupa login reusit | MEDIUM/HIGH |
| 6a..6d | US-013 | ping-pong re-ADD / boot-crash / interim-creds / grep ambiguu | imbinate in AC US-013 (vezi acolo) | CRITIC/HIGH |
### ENG DUAL VOICES — CONSENSUS TABLE
```
Dimension Claude Subagent Consensus
────────────────────────────── ──────── ───────── ────────────────────
1. Architecture sound? da/cond da/cond CONFIRMED (cond. fixuri)
2. Test coverage sufficient? lacune +API b/c CONFIRMED lacune
3. Performance risks? low low CONFIRMED low
4. Security (creds routing)? L/5 5+unvalid CONFIRMED
5. Error paths (boot)? E1/E9 6a/6b CRIT CONFIRMED (boot-crash)
6. Deployment risk (DROP)? migrare CRIT/HIGH CONFIRMED ELEVAT -> intareste challenge A
```
Codex: indisponibil (N/A). Mesaj-cheie: caile de duplicat ireversibil (1b, 3) si boot-crash/ping-pong (6a, 6b) musca in productie; intaresc recomandarea de a amana DROP-ul (challenge A).
### Diagrama teste (codepath -> acoperire)
| Codepath nou | Story test | Stare |
|---|---|---|
| `medii_disponibile`/`rar_env_efectiv` | US-002 | acoperit |
| resolve target (cerere>default), respinge indisponibil | US-004 | acoperit |
| idempotency env-aware + **recompute legacy** | US-003/US-001 | GAP recompute -> adaugat |
| **migrare backfill `submissions.rar_env`** | US-001 | GAP (G) -> adaugat in AC |
| worker sesiune (cont,env) + base_url per env | US-006 | acoperit |
| **purge creds scoped pe env** | US-006 | GAP (E1) -> adaugat |
| **recover_orphans per env** | US-006 | GAP (1b) -> adaugat |
| **write-back slot routing** | US-005/013 | GAP (L/5) -> adaugat |
| reconcile endpoint per env (inline + **orfani**) | US-006 | inline acoperit; orfani GAP -> adaugat |
| **keepalive env (ancora globala)** | US-013 | GAP (M2) -> adaugat |
| DROP garda: assert + **idempotent re-run** + **fail-loud/no-crash** | US-013 | partial -> intarit (6a/6b/6c) |
| **API-channel idempotency back-compat** | US-003 | GAP (3) -> adaugat |
| badge/labels env | US-010 | acoperit |
| API `rar_target` default/explicit/invalid/indisponibil | US-005 | acoperit |
| config 2 sectiuni + confirmare prod | US-008 | acoperit |
| statusbar toggle viz + **retragere header `.badge-env`** | US-011 | toggle acoperit; header GAP (F11) -> adaugat |
| **live dual-env smoke** | US-012 | GAP (M) -> adaugat opt-in |
### Auto-fixuri DX (contract API extern — incorporate in stories)
Voci: Claude (primar) + Claude subagent (perspectiva integrator VFP/ROAAUTO). Riscul ireversibilitatii ridica stacheta pe claritate nume / eroare / discoverability pre-trimitere.
| # | Story | Gap | Fix | Sev |
|---|-------|-----|-----|-----|
| F1 | US-005/US-013 | Trei nume pt un concept: input `rar_target`, echo/DB `rar_env`, rar-creds `env` (US-013 AC scrie literal "rar_target/env") | **Un singur cheie: `rar_env`** pe input + output + rar-creds (englez snake, consistent cu coloana si `on_unmapped_error`). Scoate `rar_target`/`env`. (taste usor -> poarta) | HIGH |
| F2 | US-004 | Eroarea "mediu indisponibil" e proza, fara `cod`/envelope 6-chei/status; `errors.py` nu e in Fisiere | `RAR_MEDIU_INDISPONIBIL` in `errors.CATALOG` (problema/cauza cu lista disponibile/fix "activeaza in Cont"); adauga `errors.py` la Fisiere US-004; distinge literal-invalid (422 pydantic) de valid-dar-indisponibil (cod dedicat); acopera si cazul 0-medii | HIGH |
| F3 | US-004/contract | Flip runtime test->prod prin canal web: operator comuta disponibilitatea -> apelant API fara `rar_env` trece silentios pe prod (real). Migrarea previne flip la DEPLOY, nu la RUNTIME | Mitigat de F4+F5 (probe pre-trimitere); documenteaza reasignarea ca comportament cunoscut; leaga de CEO-H | HIGH |
| F4 | US-010 (sau story noua) | Niciun GET nu expune `medii_disponibile`/`rar_env_default` -> integratorul afla env-ul doar din eroare sau dupa o trimitere reala | `GET /v1/conturi/medii` account-scoped: `{medii_disponibile, rar_env_default, test:{enabled,has_creds}, prod:{...}}` (refoloseste helper US-002, <1 fisier) | HIGH |
| F5 | US-005 | `ValidareResult` (dry-run) NU ecou-ieste `rar_env`; dry-run e canalul sigur de a confirma unde ar ateriza o trimitere reala | adauga `rar_env: str` la `ValidareResult` + `/valideaza`; `models.py` | MEDIUM |
| F6 | US-004/US-005 | Respingere whole-request vs per-rand inconsistenta cu `on_unmapped_error` (per-rand, 200) | Decide + documenteaza; recomandat: corp parsabil imbogatit cu `cod` (prietenos VFP), noteaza asimetria intentionat | MEDIUM |
| F7 | US-005/US-010/US-004/US-013 | Contractul (sursa adevar) actualizat doar pt rar-creds; lipsesc field-ul nou, echo-ul, cod-ul nou. **`/v1/conturi/rar-creds` NU e documentat deloc azi** -> US-013 e documentare de la zero, nu amendament | AC explicit "update `api-rar-contract.md`" pe fiecare; US-013 documenteaza endpoint-ul intreg (req/resp, param env, slot default) | HIGH |
| F8 | US-013 (doc) | `env` optional default = slot default cont: integrator cu creds TEST pe cont nou (default prod) le scrie silentios in slot prod -> US-007 le respinge "invalide pe PRODUCTIE" desi sunt valide (test) | pastreaza aditiv; documenteaza ca omiterea `env` tinteste slotul default; mesaj validare sugereaza nepotrivire env ("creds valide pentru alt mediu?") | MEDIUM |
### DX DUAL VOICES — CONSENSUS TABLE
```
Dimension Claude Subagent Consensus
─────────────────────────────── ─────── ───────── ──────────────
1. Getting started (aditiv)? low fr low fr CONFIRMED low
2. Naming guessable? D1 incon F1 3-nume CONFIRMED -> rar_env
3. Error messages actionable? D2 gap F2 gap CONFIRMED gap
4. Docs findable & complete? D4 gap F7 gap+ CONFIRMED gap
5. Back-compat safe? D3 resid F3 runtime CONFIRMED (1 rezidual)
6. Discoverability pre-send? D5 gap F4 gap CONFIRMED gap
```
Codex: indisponibil (N/A). DX scor initial: ~6/10 (model API solid + aditiv, dar nume inconsistent + eroare neimbogatita + zero discoverability + contract neactualizat). Tinta dupa fixuri: ~9/10.
### Jurnal integrator (condensat)
| Etapa | Azi (plan brut) | Dupa fixuri DX |
|---|---|---|
| Afla env-urile contului | doar din eroare / dupa trimitere reala | `GET /v1/conturi/medii` |
| Trimite | `rar_target` (nume #1) | `rar_env` (un nume) |
| Confirma tinta fara trimitere reala | imposibil (valideaza nu ecou-ieste) | `/valideaza` ecou-ieste `rar_env` |
| Eroare tinta indisponibila | proza, fara cod | `cod: RAR_MEDIU_INDISPONIBIL` + fix |
| Citeste rezultatul | `rar_env` (nume #2) | `rar_env` (acelasi) |
| Doc | contract fara field/endpoint | contract complet |

View File

@@ -471,17 +471,18 @@ risc regresie vizuala fara baza AC). **Auto-decis: doar instanta sub-12px** (`et
- **Fallback**: `vehicul_nr == '—'` → nu randa em-dash singur (mesaj fallback). - **Fallback**: `vehicul_nr == '—'` → nu randa em-dash singur (mesaj fallback).
- Pastreaza numele claselor `slim-vin`/`slim-meta` (reumple, nu redenumi) — minimizeaza churn teste. - Pastreaza numele claselor `slim-vin`/`slim-meta` (reumple, nu redenumi) — minimizeaza churn teste.
### Implementation Tasks (agregat) ### Implementation Tasks (agregat) — LIVRAT 2026-06-29 (toate verzi, 1392 teste)
- [ ] **T-1 (INALTA) — `_submissions.html`** — refactor rand 4→2 linii cu placuta+codRAR+operatie+data_prestatie+pill; fallback placuta; pastreaza clase. Update teste: rescrie test_vin_pe_rand_separat_sub_nr, test_rand_slim_vin_operatie_pill, test_submissions_coloane_umane; adauga test 2-linii + test fallback placuta. - [x] **T-1 (INALTA) — `_submissions.html`** — refactor rand 4→2 linii cu placuta+codRAR+operatie+data_prestatie+pill; fallback placuta; clase pastrate. Teste rescrise: test_rand_slim_vin_operatie_pill, test_submissions_coloane_umane, test_placuta_pe_rand_identificator_primar (fost test_vin_pe_rand_separat_sub_nr), test_placuta_lipsa_nu_genereaza_rand_gol (fallback "fara numar").
- [ ] **T-2 (INALTA) — `base.html` (CSS pill) + `_submissions.html`** — restilare pill slim ca mockup (fill tint + dot + text colorat per `stare_css`); pill ramane pe finalizat. - [x] **T-2 (INALTA) — `base.html` (CSS pill) + `_submissions.html`** — pill slim restilat (fill tint + dot 7px + text colorat per `stare_css` via currentColor), scopat `.lista-trimiteri-slim .pill`; ramane pe finalizat.
- [ ] **T-3 (INALTA) — `_preview_import.html` / `base.html:401`** — bug 4a: `.col-stare` width 104px→~140px (+ `overflow:hidden` sau pill wrap). NU atinge nowrap pe col-vehicul (test_web_preview_compact). Reducere 8→4 coloane (densitate) ca task separat. - [x] **T-3 (INALTA) — `base.html`** — bug 4a: `.tabel-trimiteri .col-stare` 104px→140px. nowrap pe col-vehicul neatins.
- [ ] **T-4 (MEDIE) — `_preview_import.html`** — reducere la 4 coloane esentiale (Stare/Vehicul/Operatie/Data + Editeaza); muta KM + mesaj validare in randul de editare/tooltip. - [x] **T-4 (MEDIE) — `_preview_import.html` + `_preview_rand.html`** — reducere la 5 coloane (Stare/Vehicul/Operatie/Data/Actiuni); scoase col-id, col-km, col-note; motivul mutat in `title` pe pill, KM in modal.
- [ ] **T-5 (MEDIE) — `_coada.html:10-19`** — scoate titlul "Trimiterile tale" (h2); relocare export CSV langa tab-uri / meniu cont (PRD 5.16/US-002). - [x] **T-5 (MEDIE) — `_coada.html`** — titlu vizibil "Trimiterile tale" → `<h2 class="sr-only">` (a11y pastrat); badge "de rezolvat" + export CSV intr-un rand discret. `.sr-only` adaugat in base.html.
- [ ] **T-6 (MEDIE) — `_status.html:140`** — scoate randul plan "N/60 luna asta" din corp; pastreaza badge antet + linie burger (PRD 5.17/US-006). Daca >=80% consum, afiseaza doar in starea de avertizare. - [x] **T-6 (MEDIE) — `_status.html`** — linia plan in corp DOAR pe avertizare (`plan_warn`/`plan_limita_atinsa`); consum normal in badge antet + burger. Teste status mutate pe pagina completa.
- [ ] **T-7 (MEDIE) — `_chips_prestatii.html:122`** — guard `{% if _extra %}` pe containerul `.chips` (operatii-mode), elimina chenarul gol. - [x] **T-7 (MEDIE) — `_chips_prestatii.html`** — guard `{% if _extra_chips %}` pe containerul `.chips`, chenarul gol eliminat.
- [ ] **T-8 (MICA) — `_submissions.html:133`** — `font-size:10px`→`var(--fs-xs)` (doar instanta sub-12px). - [x] **T-8 (MICA) — `_submissions.html` / base.html** — `font-size:10px`→`var(--fs-xs)` (eticheta-problema, prin clasa scopata `.lista-trimiteri-slim .eticheta-problema`).
- [ ] **T-9 (MICA) — copy/stil** — "Anuleaza"→"Renunta" (form editare); nume operatie emfatic (bold) in editorul de chips per mockup. - [x] **T-9 (MICA) — `_form_editare.html` + base.html** — "Anuleaza"→"Renunta" (default); `.op-row-name` emfatic (bold, `--fs-sm`).
- [ ] **Defer TODOS** — stare eroare HTMX lista (D-4); teste regresie vizuala; dropzone zona-mare (sec.5); retokenizare px completa; diacritice (decis: nu). - [ ] **Defer — tracked in `TODOS.md`** (la cererea userului 2026-06-29): stare eroare HTMX lista (D-4); retokenizare px completa; diacritice in textul vizibil.
- [x] **Defer — inchis ca acceptabil** (netrackuit): teste regresie vizuala (tooling viitor); dropzone zona-mare (sec.5, raportul il marcheaza acceptabil).
### Verificare la implementare ### Verificare la implementare
`python3 -m pytest tests/test_web_submissions.py tests/test_web_submissions_layout.py tests/test_web_responsive.py tests/test_web_preview_compact.py -q` `python3 -m pytest tests/test_web_submissions.py tests/test_web_submissions_layout.py tests/test_web_responsive.py tests/test_web_preview_compact.py -q`

View File

@@ -112,7 +112,10 @@ def test_list_accounts_ordonat_fara_creds(conn):
assert ids == sorted(ids) assert ids == sorted(ids)
for r in rows: for r in rows:
assert "rar_creds_enc" not in r assert "rar_creds_enc" not in r
assert set(r.keys()) == {"id", "name", "cui", "email", "active", "status", "created_at", "tier", "trial_until"} assert set(r.keys()) == {
"id", "name", "cui", "email", "active", "status", "created_at",
"tier", "trial_until", "requested_plan", "consent_at",
}
# --------------------------------------------------------------------------- # ---------------------------------------------------------------------------

View File

@@ -40,7 +40,8 @@ def _signup(client, name, email, password="parola_test_001"):
tok = _csrf(client, "/signup") tok = _csrf(client, "/signup")
resp = client.post("/signup", data={"name": name, "cui": make_test_cui(email), resp = client.post("/signup", data={"name": name, "cui": make_test_cui(email),
"email": email, "parola": password, "email": email, "parola": password,
"csrf_token": tok}, follow_redirects=True) "consent": "1", "csrf_token": tok},
follow_redirects=True)
assert resp.status_code == 200 assert resp.status_code == 200
from app.db import get_connection from app.db import get_connection
conn = get_connection() conn = get_connection()

View File

@@ -62,6 +62,7 @@ def _signup(client: TestClient, name: str, email: str, password: str = "parola_t
"cui": make_test_cui(email), "cui": make_test_cui(email),
"email": email, "email": email,
"parola": password, "parola": password,
"consent": "1",
"csrf_token": token, "csrf_token": token,
}, follow_redirects=True) }, follow_redirects=True)
assert resp.status_code == 200, f"signup esuat: {resp.text[:300]}" assert resp.status_code == 200, f"signup esuat: {resp.text[:300]}"
@@ -261,3 +262,158 @@ def test_activare_cont_incomplet_refuzata(client):
assert not _get_account_active(incomplete_id), ( assert not _get_account_active(incomplete_id), (
"Contul incomplet (fara email/CUI) a fost activat — gate pe account_is_complete nu functioneaza" "Contul incomplet (fara email/CUI) a fost activat — gate pe account_is_complete nu functioneaza"
) )
def _get_tier_trial(account_id: int) -> tuple[str, str | None]:
"""Citeste (tier, trial_until) din DB."""
from app.db import get_connection
conn = get_connection()
try:
row = conn.execute(
"SELECT tier, trial_until FROM accounts WHERE id=?", (account_id,)
).fetchone()
return (row["tier"], row["trial_until"]) if row else ("", None)
finally:
conn.close()
def _get_tier(account_id: int) -> str:
"""Citeste accounts.tier din DB."""
return _get_tier_trial(account_id)[0]
def test_set_tier_din_admin_incheie_trial(client):
"""POST /admin/set-tier -> tier actualizat, trial_until=NULL (trial incheiat), 303.
Contul nou are trial Pro 30z; alocarea manuala trebuie sa-l incheie ca alegerea
sa aiba efect imediat (decizie user 2026-06-29)."""
target_id = _signup(client, "Firma Upgrade SRL", "upgrade@test.ro")
tier0, trial0 = _get_tier_trial(target_id)
assert tier0 == "free", "cont nou trebuie sa porneasca pe free"
assert trial0, "cont nou trebuie sa aiba trial_until setat (trial Pro 30z)"
admin_id = _signup(client, "Admin Tier SA", "admintier@test.ro")
_make_admin(admin_id)
_login(client, "admintier@test.ro")
csrf = _get_csrf(client, "/admin")
resp = client.post("/admin/set-tier", data={
"account_id": str(target_id),
"tier": "pro",
"csrf_token": csrf,
})
assert resp.status_code == 303, f"asteptat 303 PRG, primit {resp.status_code}"
tier1, trial1 = _get_tier_trial(target_id)
assert tier1 == "pro", "tier-ul nu a fost mutat pe pro"
assert trial1 is None, "trial_until trebuie sters la alocarea manuala (efect imediat)"
def test_set_tier_free_opreste_pro_imediat(client):
"""Setarea pe 'free' pe un cont in trial -> efectiv 'free' acum (trial incheiat).
Fara stergerea trial-ului, effective_tier ar fi ramas 'pro' inca ~30 zile."""
from datetime import datetime, timezone
from app.plans import effective_tier
target_id = _signup(client, "Firma Abuz Trial SRL", "abuztrial@test.ro")
admin_id = _signup(client, "Admin Stop SA", "adminstop@test.ro")
_make_admin(admin_id)
_login(client, "adminstop@test.ro")
csrf = _get_csrf(client, "/admin")
resp = client.post("/admin/set-tier", data={
"account_id": str(target_id),
"tier": "free",
"csrf_token": csrf,
})
assert resp.status_code == 303
tier1, trial1 = _get_tier_trial(target_id)
assert tier1 == "free" and trial1 is None
eff = effective_tier({"tier": tier1, "trial_until": trial1}, datetime.now(timezone.utc))
assert eff == "free", "dupa setarea pe free, planul efectiv trebuie sa fie free imediat"
def test_set_tier_invalid_respins(client):
"""Tier invalid -> nu schimba nimic (re-randare cu eroare sau ignorat)."""
target_id = _signup(client, "Firma Tier Invalid SRL", "tierinvalid@test.ro")
admin_id = _signup(client, "Admin TI SA", "adminti@test.ro")
_make_admin(admin_id)
_login(client, "adminti@test.ro")
csrf = _get_csrf(client, "/admin")
resp = client.post("/admin/set-tier", data={
"account_id": str(target_id),
"tier": "platinum", # invalid
"csrf_token": csrf,
})
assert resp.status_code in (200, 422), f"tier invalid ar trebui respins, primit {resp.status_code}"
assert _get_tier(target_id) == "free", "tier invalid nu trebuie aplicat"
def test_set_tier_fara_csrf_respins(client):
"""POST /admin/set-tier fara token CSRF valid -> respins, tier neschimbat."""
target_id = _signup(client, "Firma CSRF Tier SRL", "csrftier@test.ro")
admin_id = _signup(client, "Admin CSRF SA", "admincsrf@test.ro")
_make_admin(admin_id)
_login(client, "admincsrf@test.ro")
resp = client.post("/admin/set-tier", data={
"account_id": str(target_id),
"tier": "pro",
"csrf_token": "token-fals",
})
assert resp.status_code in (400, 403), f"CSRF invalid trebuie respins, primit {resp.status_code}"
assert _get_tier(target_id) == "free", "tier schimbat desi CSRF era invalid"
def test_set_trial_din_admin(client):
"""POST /admin/set-trial -> trial_until setat, tier de baza neschimbat, efectiv pro, 303."""
from datetime import datetime, timezone
from app.plans import effective_tier
target_id = _signup(client, "Firma Trial SRL", "trialnou@test.ro")
# incheie intai orice trial (set-tier free) ca sa pornim de la baza curata
admin_id = _signup(client, "Admin Trial SA", "admintrialacord@test.ro")
_make_admin(admin_id)
_login(client, "admintrialacord@test.ro")
csrf = _get_csrf(client, "/admin")
client.post("/admin/set-tier", data={
"account_id": str(target_id), "tier": "free", "csrf_token": csrf,
})
assert _get_tier_trial(target_id) == ("free", None)
# acorda trial Pro 15 zile
csrf = _get_csrf(client, "/admin")
resp = client.post("/admin/set-trial", data={
"account_id": str(target_id),
"trial_days": "15",
"csrf_token": csrf,
})
assert resp.status_code == 303, f"asteptat 303 PRG, primit {resp.status_code}"
tier1, trial1 = _get_tier_trial(target_id)
assert tier1 == "free", "tier-ul de baza NU trebuie schimbat de acordarea de trial"
assert trial1, "trial_until trebuie setat"
eff = effective_tier({"tier": tier1, "trial_until": trial1}, datetime.now(timezone.utc))
assert eff == "pro", "trial activ trebuie sa ridice planul efectiv la pro"
def test_set_trial_zile_invalide_respins(client):
"""trial_days <= 0 -> 422, trial neschimbat."""
target_id = _signup(client, "Firma Trial Invalid SRL", "trialinvalid@test.ro")
admin_id = _signup(client, "Admin TInv SA", "admintinv@test.ro")
_make_admin(admin_id)
_login(client, "admintinv@test.ro")
# porneste de la trial sters
csrf = _get_csrf(client, "/admin")
client.post("/admin/set-tier", data={
"account_id": str(target_id), "tier": "free", "csrf_token": csrf,
})
csrf = _get_csrf(client, "/admin")
resp = client.post("/admin/set-trial", data={
"account_id": str(target_id),
"trial_days": "0",
"csrf_token": csrf,
})
assert resp.status_code == 422
assert _get_tier_trial(target_id) == ("free", None), "trial nu trebuie setat la zile invalide"

View File

@@ -0,0 +1,226 @@
"""Teste US-005 — camp rar_env pe POST /v1/prezentari si /valideaza.
Acopera: default din cont, tinta explicita, respingere tinta indisponibila,
echo GET, valoare invalida (422 Pydantic), echo dry-run valideaza.
"""
from __future__ import annotations
import os
import tempfile
import pytest
from fastapi.testclient import TestClient
@pytest.fixture()
def env(monkeypatch):
"""DB temporara izolata per test + settings reincarcate."""
tmp = tempfile.mkdtemp()
monkeypatch.setenv("AUTOPASS_DB_PATH", os.path.join(tmp, "t.db"))
from app.config import get_settings
get_settings.cache_clear()
yield monkeypatch
get_settings.cache_clear()
def _client():
from app.main import app
return TestClient(app)
def _body(rar_env=None, **over):
prez = {
"vin": "WVWZZZ1KZAW000123",
"nr_inmatriculare": "B999TST",
"data_prestatie": "2026-06-15",
"odometru_final": "123456",
"prestatii": [{"cod_prestatie": "OE-1"}],
}
prez.update(over)
body = {"rar_credentials": {"email": "x@y.ro", "password": "s"}, "prezentari": [prez]}
if rar_env is not None:
body["rar_env"] = rar_env
return body
def _setup_prod_only(conn):
"""Configureaza contul 1 ca prod-only (rar_prod_enabled=1, creds prod, default prod)."""
from app.crypto import encrypt_creds
enc = encrypt_creds({"email": "prod@rar.ro", "password": "paraprod"})
conn.execute(
"UPDATE accounts SET rar_prod_enabled=1, rar_creds_prod_enc=?, "
"rar_test_enabled=0, rar_creds_test_enc=NULL, rar_env_default='prod' WHERE id=1",
(enc,),
)
conn.commit()
def _setup_dual_env(conn):
"""Configureaza contul 1 cu ambele medii disponibile, default test."""
from app.crypto import encrypt_creds
enc_test = encrypt_creds({"email": "test@rar.ro", "password": "paratest"})
enc_prod = encrypt_creds({"email": "prod@rar.ro", "password": "paraprod"})
conn.execute(
"UPDATE accounts SET rar_prod_enabled=1, rar_creds_prod_enc=?, "
"rar_test_enabled=1, rar_creds_test_enc=?, rar_env_default='test' WHERE id=1",
(enc_prod, enc_test),
)
conn.commit()
# --------------------------------------------------------------------------- #
# test_default_din_cont_cand_lipseste #
# --------------------------------------------------------------------------- #
def test_default_din_cont_cand_lipseste(env):
"""Cont prod-only, POST fara rar_env -> submission rar_env='prod'."""
with _client() as c:
from app.db import get_connection
conn = get_connection()
try:
_setup_prod_only(conn)
finally:
conn.close()
r = c.post("/v1/prezentari", json=_body())
assert r.status_code == 200, r.text
res = r.json()["results"][0]
assert res["status"] == "queued"
assert res["rar_env"] == "prod"
# --------------------------------------------------------------------------- #
# test_target_explicit #
# --------------------------------------------------------------------------- #
def test_target_explicit(env):
"""Cont cu ambele medii, POST cu rar_env='test' -> submission rar_env='test'."""
with _client() as c:
from app.db import get_connection
conn = get_connection()
try:
_setup_dual_env(conn)
finally:
conn.close()
r = c.post("/v1/prezentari", json=_body(rar_env="test"))
assert r.status_code == 200, r.text
res = r.json()["results"][0]
assert res["status"] == "queued"
assert res["rar_env"] == "test"
# Aceeasi prezentare cu rar_env='prod' -> cheie diferita (env-aware) -> alt submission
r2 = c.post("/v1/prezentari", json=_body(rar_env="prod"))
assert r2.status_code == 200, r2.text
res2 = r2.json()["results"][0]
assert res2["rar_env"] == "prod"
# Nu e dedup (env diferit -> cheie diferita)
assert res2["submission_id"] != res["submission_id"]
# --------------------------------------------------------------------------- #
# test_target_indisponibil_respins #
# --------------------------------------------------------------------------- #
def test_target_indisponibil_respins(env):
"""Cont prod-only, POST cu rar_env='test' -> 422 RAR_MEDIU_INDISPONIBIL, fara enqueue."""
with _client() as c:
from app.db import get_connection
conn = get_connection()
try:
_setup_prod_only(conn)
finally:
conn.close()
r = c.post("/v1/prezentari", json=_body(rar_env="test"))
assert r.status_code == 422, r.text
detail = r.json()["detail"]
assert detail["cod"] == "RAR_MEDIU_INDISPONIBIL"
# Cauza contine mediul cerut si lista disponibilelor
assert "test" in detail["cauza"]
assert "prod" in detail["cauza"]
# Verifica ca nu s-a facut enqueue
lista = c.get("/v1/prezentari").json()["submissions"]
assert lista == []
# --------------------------------------------------------------------------- #
# test_get_ecou_rar_env #
# --------------------------------------------------------------------------- #
def test_get_ecou_rar_env(env):
"""Dupa enqueue, GET /v1/prezentari/{id} si lista contin rar_env."""
with _client() as c:
from app.db import get_connection
conn = get_connection()
try:
_setup_prod_only(conn)
finally:
conn.close()
# Enqueue pe prod (default contului prod-only)
r = c.post("/v1/prezentari", json=_body())
assert r.status_code == 200, r.text
sub_id = r.json()["results"][0]["submission_id"]
assert sub_id is not None
# GET detaliu
r_det = c.get(f"/v1/prezentari/{sub_id}")
assert r_det.status_code == 200, r_det.text
assert r_det.json()["rar_env"] == "prod"
# GET lista
r_lst = c.get("/v1/prezentari")
assert r_lst.status_code == 200, r_lst.text
sub_in_lista = next(s for s in r_lst.json()["submissions"] if s["id"] == sub_id)
assert sub_in_lista["rar_env"] == "prod"
# --------------------------------------------------------------------------- #
# test_valoare_invalida_422 #
# --------------------------------------------------------------------------- #
def test_valoare_invalida_422(env):
"""POST cu rar_env='staging' -> 422 din Pydantic Literal, fara echo de input."""
with _client() as c:
body = _body(rar_env="staging")
r = c.post("/v1/prezentari", json=body)
assert r.status_code == 422, r.text
# Handler-ul global sterge 'input'/'ctx' — valoarea invalida nu se ecou-ieste.
assert "staging" not in r.text
# Fara enqueue
lista = c.get("/v1/prezentari").json()["submissions"]
assert lista == []
# --------------------------------------------------------------------------- #
# test_valideaza_ecou_rar_env #
# --------------------------------------------------------------------------- #
def test_valideaza_ecou_rar_env(env):
"""POST /valideaza (dry-run) ecou-ieste rar_env rezolvat in ValidareResult."""
with _client() as c:
from app.db import get_connection
conn = get_connection()
try:
_setup_prod_only(conn)
finally:
conn.close()
# Dry-run fara rar_env -> default cont = prod
r = c.post("/v1/prezentari/valideaza", json=_body())
assert r.status_code == 200, r.text
res = r.json()["results"][0]
assert res["rar_env"] == "prod"
# Dry-run cu rar_env='prod' explicit
r2 = c.post("/v1/prezentari/valideaza", json=_body(rar_env="prod"))
assert r2.status_code == 200, r2.text
assert r2.json()["results"][0]["rar_env"] == "prod"
# Dry-run tinta indisponibila -> 422, fara echo sensibil
r3 = c.post("/v1/prezentari/valideaza", json=_body(rar_env="test"))
assert r3.status_code == 422, r3.text
assert r3.json()["detail"]["cod"] == "RAR_MEDIU_INDISPONIBIL"

313
tests/test_cont_medii.py Normal file
View File

@@ -0,0 +1,313 @@
"""Teste US-008 (PRD 5.20): configurare medii RAR per cont — Testare + Productie.
Ruta testata: POST /cont/rar-medii
Teste:
test_activeaza_si_salveaza_creds_per_env -- creds salvate criptat, mediu marcat disponibil
test_default_doar_dintre_disponibile -- mediu implicit validat contra disponibilelor
test_activare_prod_cere_confirmare -- prima activare prod cere checkbox L.142
test_creds_criptate_fara_echo -- parola niciodata in clar in DB sau HTML
"""
from __future__ import annotations
import os
import re
import tempfile
import pytest
from cryptography.fernet import Fernet
from starlette.testclient import TestClient
# ---------------------------------------------------------------------------
# Fixture
# ---------------------------------------------------------------------------
@pytest.fixture()
def client(monkeypatch):
"""Client izolat cu DB temporara + cheie Fernet pentru criptare creds."""
tmp = tempfile.mkdtemp()
monkeypatch.setenv("AUTOPASS_DB_PATH", os.path.join(tmp, "t_medii.db"))
monkeypatch.setenv("AUTOPASS_CREDS_KEY", Fernet.generate_key().decode())
from app.config import get_settings
from app import crypto
get_settings.cache_clear()
crypto.reset_cache()
from app.main import app
with TestClient(app, follow_redirects=False) as c:
yield c
get_settings.cache_clear()
crypto.reset_cache()
# ---------------------------------------------------------------------------
# Helpere
# ---------------------------------------------------------------------------
def _create_account_user(
name: str = "Service Test SRL",
email: str = "user@test.com",
password: str = "parolasecreta10",
):
"""Creeaza cont + user. Returneaza (acct_id, user_id)."""
from app.accounts import create_account
from app.users import create_user
from app.db import get_connection
conn = get_connection()
try:
acct_id = create_account(conn, name, active=True)
user_id = create_user(conn, acct_id, email, password)
return acct_id, user_id
finally:
conn.close()
def _login(client, email: str, password: str) -> None:
"""Face login real prin HTTP si seteaza cookie-ul de sesiune pe client."""
resp = client.get("/login")
assert resp.status_code == 200
m = re.search(r'name="csrf_token"\s+value="([^"]+)"', resp.text)
if not m:
m = re.search(r'value="([^"]+)"\s+name="csrf_token"', resp.text)
assert m, "csrf_token negasit pe /login"
csrf = m.group(1)
resp = client.post("/login", data={
"email": email,
"parola": password,
"csrf_token": csrf,
})
assert resp.status_code == 303, f"Login esuat: {resp.status_code} {resp.text[:200]}"
def _get_csrf(client) -> str:
"""Obtine CSRF token din fragmentul /_fragments/cont."""
resp = client.get("/_fragments/cont")
assert resp.status_code == 200, f"/_fragments/cont a returnat {resp.status_code}"
m = re.search(r'name="csrf_token"\s+value="([^"]+)"', resp.text)
if not m:
m = re.search(r'value="([^"]+)"\s+name="csrf_token"', resp.text)
assert m, f"csrf_token negasit in /_fragments/cont: {resp.text[:400]}"
return m.group(1)
def _mock_login_ok(monkeypatch) -> None:
"""Monkeypatch _valideaza_login_rar sa returneze (True, None) fara RAR live."""
import app.web.routes as routes_mod
monkeypatch.setattr(routes_mod, "_valideaza_login_rar", lambda *a, **kw: (True, None))
# ---------------------------------------------------------------------------
# Teste
# ---------------------------------------------------------------------------
def test_activeaza_si_salveaza_creds_per_env(client, monkeypatch):
"""Activez Testare cu creds valide (mock) -> DB: rar_test_enabled=1, rar_creds_test_enc non-null.
medii_disponibile si test_disponibil reflecta starea noua.
"""
_mock_login_ok(monkeypatch)
acct_id, _ = _create_account_user("Firma T1", "t1@test.com")
_login(client, "t1@test.com", "parolasecreta10")
csrf = _get_csrf(client)
resp = client.post("/cont/rar-medii", data={
"csrf_token": csrf,
"test_enabled": "1",
"test_email": "rar_test@firma.ro",
"test_parola": "parolaRARtest",
# prod_enabled absent -> rar_prod_enabled setat la 0
})
assert resp.status_code == 200
from app.db import get_connection
conn = get_connection()
try:
row = conn.execute(
"SELECT rar_test_enabled, rar_creds_test_enc, rar_prod_enabled FROM accounts WHERE id=?",
(acct_id,),
).fetchone()
finally:
conn.close()
assert row["rar_test_enabled"] == 1, "rar_test_enabled trebuia setat la 1"
assert row["rar_creds_test_enc"] is not None, "rar_creds_test_enc trebuia salvat"
# Indicator test_disponibil sau mesaj succes in HTML
assert "configurat" in resp.text or "salvate si validate" in resp.text, \
f"Indicator 'configurat' sau mesaj succes lipsa: {resp.text[:600]}"
def test_default_doar_dintre_disponibile(client, monkeypatch):
"""Incerc sa setez rar_env_default pe un mediu indisponibil -> valoarea veche ramane + eroare.
Setarea pe mediu disponibil reuseste.
"""
_mock_login_ok(monkeypatch)
acct_id, _ = _create_account_user("Firma T2", "t2@test.com")
_login(client, "t2@test.com", "parolasecreta10")
# Pasul 1: activeaza Testare cu creds + seteaza default=test (test va fi singurul disponibil)
csrf = _get_csrf(client)
resp1 = client.post("/cont/rar-medii", data={
"csrf_token": csrf,
"test_enabled": "1",
"test_email": "rar_test@firma.ro",
"test_parola": "parolaRAR123",
"rar_env_default": "test",
# prod_enabled absent -> rar_prod_enabled=0 (prod indisponibil)
})
assert resp1.status_code == 200
assert "actualizat" in resp1.text.lower(), \
f"Mesaj 'actualizat' asteptat pentru setarea default=test: {resp1.text[:500]}"
from app.db import get_connection
conn = get_connection()
try:
row1 = conn.execute(
"SELECT rar_env_default FROM accounts WHERE id=?", (acct_id,)
).fetchone()
finally:
conn.close()
assert row1["rar_env_default"] == "test", "rar_env_default trebuia setat la 'test'"
# Pasul 2: incerc sa setez default=prod (prod indisponibil: enabled=0, fara creds)
csrf = _get_csrf(client)
resp2 = client.post("/cont/rar-medii", data={
"csrf_token": csrf,
"test_enabled": "1", # re-trimit enabled fara creds noi (creds existente raman)
"rar_env_default": "prod",
})
assert resp2.status_code == 200
assert "disponibil" in resp2.text.lower(), \
f"Eroare 'nu e disponibil' asteptata in raspuns: {resp2.text[:500]}"
conn = get_connection()
try:
row2 = conn.execute(
"SELECT rar_env_default FROM accounts WHERE id=?", (acct_id,)
).fetchone()
finally:
conn.close()
assert row2["rar_env_default"] == "test", \
"rar_env_default NU trebuia schimbat la 'prod' (mediu indisponibil)"
def test_activare_prod_cere_confirmare(client, monkeypatch):
"""Prima activare Productie (de la dezactivat) fara prod_confirmare -> NU se activeaza.
Cu prod_confirmare=1 -> rar_prod_enabled devine 1.
"""
_mock_login_ok(monkeypatch)
acct_id, _ = _create_account_user("Firma T3", "t3@test.com")
_login(client, "t3@test.com", "parolasecreta10")
# Pasul 0: dezactiveaza prod (schema default=1, trebuie adus la 0 pt a testa confirmarea)
csrf = _get_csrf(client)
client.post("/cont/rar-medii", data={
"csrf_token": csrf,
# prod_enabled absent -> rar_prod_enabled setat la 0
# test_enabled absent -> rar_test_enabled setat la 0
})
from app.db import get_connection
conn = get_connection()
try:
row0 = conn.execute(
"SELECT rar_prod_enabled FROM accounts WHERE id=?", (acct_id,)
).fetchone()
finally:
conn.close()
assert row0["rar_prod_enabled"] == 0, "Prod trebuia dezactivat in pasul 0"
# Pasul 1: incerc sa activez prod FARA confirmare -> refuzat
csrf = _get_csrf(client)
resp1 = client.post("/cont/rar-medii", data={
"csrf_token": csrf,
"prod_enabled": "1",
"prod_email": "rar_prod@firma.ro",
"prod_parola": "parolaRARprod",
# prod_confirmare absent
})
assert resp1.status_code == 200
text1 = resp1.text.lower()
assert "confirmare" in text1 or "l.142" in text1 or "inteleg" in text1, \
f"Mesaj de confirmare asteptat in raspuns: {resp1.text[:600]}"
conn = get_connection()
try:
row1 = conn.execute(
"SELECT rar_prod_enabled FROM accounts WHERE id=?", (acct_id,)
).fetchone()
finally:
conn.close()
assert row1["rar_prod_enabled"] == 0, "rar_prod_enabled NU trebuia activat fara confirmare"
# Pasul 2: activeaza cu confirmare -> reuseste
csrf = _get_csrf(client)
resp2 = client.post("/cont/rar-medii", data={
"csrf_token": csrf,
"prod_enabled": "1",
"prod_email": "rar_prod@firma.ro",
"prod_parola": "parolaRARprod",
"prod_confirmare": "1",
})
assert resp2.status_code == 200
conn = get_connection()
try:
row2 = conn.execute(
"SELECT rar_prod_enabled FROM accounts WHERE id=?", (acct_id,)
).fetchone()
finally:
conn.close()
assert row2["rar_prod_enabled"] == 1, "rar_prod_enabled trebuia activat cu confirmare"
def test_creds_criptate_fara_echo(client, monkeypatch):
"""Dupa salvare, rar_creds_test_enc e criptat (nu parola in clar) si
parola NU apare in HTML-ul raspuns.
"""
_mock_login_ok(monkeypatch)
acct_id, _ = _create_account_user("Firma T4", "t4@test.com")
_login(client, "t4@test.com", "parolasecreta10")
parola_test = "SECRETPAROLATEST999"
csrf = _get_csrf(client)
resp = client.post("/cont/rar-medii", data={
"csrf_token": csrf,
"test_enabled": "1",
"test_email": "rar_test@firma.ro",
"test_parola": parola_test,
})
assert resp.status_code == 200
# Parola NU trebuie sa apara in HTML-ul raspuns
assert parola_test not in resp.text, \
f"Parola apare in raspunsul HTML (echo interzis): {resp.text[:500]}"
# In DB: rar_creds_test_enc e criptat (nu contine parola in clar)
from app.db import get_connection
from app.crypto import decrypt_creds
conn = get_connection()
try:
row = conn.execute(
"SELECT rar_creds_test_enc FROM accounts WHERE id=?", (acct_id,)
).fetchone()
finally:
conn.close()
enc = row["rar_creds_test_enc"]
assert enc is not None, "rar_creds_test_enc trebuia salvat"
assert parola_test not in enc, "Parola in clar gasita in rar_creds_test_enc (neacceptat)"
# Decriptarea trebuie sa recupereze parola originala
creds = decrypt_creds(enc)
assert creds is not None, "Decriptarea a returnat None"
assert creds.get("password") == parola_test, \
f"Parola decriptata nu corespunde: {creds!r}"

View File

@@ -157,7 +157,7 @@ class FakeRarClient:
made: list = [] made: list = []
def __init__(self, settings=None, login_exc=None): def __init__(self, settings=None, *, base_url=None, login_exc=None):
self.closed = False self.closed = False
self.login_calls = 0 self.login_calls = 0
self._login_exc = login_exc self._login_exc = login_exc
@@ -234,7 +234,7 @@ def test_get_token_bad_creds_raises(env, monkeypatch):
import app.worker.__main__ as w import app.worker.__main__ as w
from app.db import get_connection from app.db import get_connection
def _factory(settings=None): def _factory(settings=None, **kwargs):
return FakeRarClient(settings, login_exc=RarAuthError("Credentiale RAR invalide", status_code=401)) return FakeRarClient(settings, login_exc=RarAuthError("Credentiale RAR invalide", status_code=401))
monkeypatch.setattr(w, "RarClient", _factory) monkeypatch.setattr(w, "RarClient", _factory)

28
tests/test_idempotency.py Normal file
View File

@@ -0,0 +1,28 @@
"""US-003 (PRD 5.20): build_key incorporeaza rar_env."""
from __future__ import annotations
from app.idempotency import build_key, canonicalize_row
def _canon():
raw = {
"vin": "WVWZZZ1JZXW000001", "nr_inmatriculare": "B 123 ABC",
"data_prestatie": "2026-01-10", "odometru_final": "123456.0",
"prestatii": [{"cod_prestatie": "OE-1"}],
}
canon = canonicalize_row(raw)
canon["prestatii"] = raw["prestatii"]
return canon
def test_key_difera_intre_test_si_prod():
canon = _canon()
assert build_key(1, canon, "test") != build_key(1, canon, "prod")
def test_key_stabil_pe_env():
canon = _canon()
assert build_key(1, canon, "prod") == build_key(1, canon, "prod")
# None si 1 colapseaza la aceeasi cheie (account_or_default), pe acelasi env
assert build_key(None, canon, "test") == build_key(1, canon, "test")

View File

@@ -511,7 +511,7 @@ class TestE2EMixedQueue:
# 4. Worker cu MockRar injectat prin AccountSessions (simulam bucla worker) # 4. Worker cu MockRar injectat prin AccountSessions (simulam bucla worker)
mock_rar = MockRar(id_prezentare=66001, login_token="tok-mock") mock_rar = MockRar(id_prezentare=66001, login_token="tok-mock")
monkeypatch.setattr(w, "RarClient", lambda settings=None: mock_rar) monkeypatch.setattr(w, "RarClient", lambda settings=None, **kw: mock_rar)
sessions = w.AccountSessions(settings) sessions = w.AccountSessions(settings)
conn = get_connection() conn = get_connection()
@@ -595,7 +595,7 @@ class TestE2EMixedQueue:
conn.close() conn.close()
mock_rar = MockRar(id_prezentare=77777) mock_rar = MockRar(id_prezentare=77777)
monkeypatch.setattr(w, "RarClient", lambda settings=None: mock_rar) monkeypatch.setattr(w, "RarClient", lambda settings=None, **kw: mock_rar)
sessions = w.AccountSessions(settings) sessions = w.AccountSessions(settings)
conn = get_connection() conn = get_connection()

View File

@@ -0,0 +1,359 @@
"""Teste US-009 (PRD 5.20) — Import web: selector mediu RAR conditionat de disponibilitate.
Verifica:
- La 0 medii: banner avertisment non-blocant (upload functioneaza, commit foloseste ancora globala).
- La 1 mediu: eticheta statica, fara selector; submissions primesc acel mediu.
- La 2 medii: selector vizibil pre-bifat pe default-ul contului.
- La commit: toate submission-urile lotului primesc rar_env ales (sau fallback ancora globala).
"""
from __future__ import annotations
import csv
import io
import os
import re
import tempfile
import pytest
from fastapi.testclient import TestClient
# --------------------------------------------------------------------------- #
# Fixture client cu DB izolat #
# --------------------------------------------------------------------------- #
@pytest.fixture()
def client(monkeypatch):
tmp = tempfile.mkdtemp()
monkeypatch.setenv("AUTOPASS_DB_PATH", os.path.join(tmp, "rar_env_test.db"))
monkeypatch.setenv("AUTOPASS_WEB_AUTH_REQUIRED", "false")
monkeypatch.setenv("AUTOPASS_RAR_ENV", "test") # ancora globala = test
from app.config import get_settings
get_settings.cache_clear()
from app.crypto import reset_cache
reset_cache()
from app.main import app
with TestClient(app) as c:
yield c
get_settings.cache_clear()
reset_cache()
# --------------------------------------------------------------------------- #
# Utilitare #
# --------------------------------------------------------------------------- #
def _csv_bytes(rows: list[dict], sep: str = ";") -> bytes:
buf = io.StringIO()
writer = csv.DictWriter(buf, fieldnames=list(rows[0].keys()), delimiter=sep)
writer.writeheader()
writer.writerows(rows)
return buf.getvalue().encode("utf-8")
def _seed_nomenclator_si_mapare(client: TestClient) -> None:
"""Semeaza nomenclatorul si o mapare pentru randuri ok."""
from app.db import get_connection
conn = get_connection()
try:
conn.execute(
"INSERT OR REPLACE INTO nomenclator_rar (cod_prestatie, nume_prestatie) VALUES (?,?)",
("R-FRANE", "Reparatie frane"),
)
conn.execute(
"INSERT OR IGNORE INTO operations_mapping "
"(account_id, cod_op_service, cod_prestatie, auto_send) VALUES (1,?,?,1)",
("OP-FRANE", "R-FRANE"),
)
conn.commit()
finally:
conn.close()
def _configureaza_un_mediu(client: TestClient, env: str = "test") -> None:
"""Activeaza un singur mediu RAR pe contul 1 (simulate creds disponibile)."""
from app.db import get_connection
from app.crypto import encrypt_creds
conn = get_connection()
try:
fake_creds = encrypt_creds({"email": "test@rar.ro", "password": "pass"})
if env == "test":
conn.execute(
"UPDATE accounts SET rar_test_enabled=1, rar_creds_test_enc=?, "
"rar_prod_enabled=0, rar_creds_prod_enc=NULL, rar_env_default='test' WHERE id=1",
(fake_creds,),
)
else:
conn.execute(
"UPDATE accounts SET rar_prod_enabled=1, rar_creds_prod_enc=?, "
"rar_test_enabled=0, rar_creds_test_enc=NULL, rar_env_default='prod' WHERE id=1",
(fake_creds,),
)
conn.commit()
finally:
conn.close()
def _configureaza_doua_medii(client: TestClient, default_env: str = "test") -> None:
"""Activeaza ambele medii RAR pe contul 1."""
from app.db import get_connection
from app.crypto import encrypt_creds
conn = get_connection()
try:
fake_test = encrypt_creds({"email": "test@rar.ro", "password": "pass_test"})
fake_prod = encrypt_creds({"email": "prod@rar.ro", "password": "pass_prod"})
conn.execute(
"UPDATE accounts SET "
"rar_test_enabled=1, rar_creds_test_enc=?, "
"rar_prod_enabled=1, rar_creds_prod_enc=?, "
"rar_env_default=? WHERE id=1",
(fake_test, fake_prod, default_env),
)
conn.commit()
finally:
conn.close()
_ROWS_OK = [
{
"VIN": "WVWZZZ1KZAW009001",
"Nr": "B009TST",
"Data": "2026-06-15",
"KM": "77000",
"Operatie": "OP-FRANE",
},
]
def _upload_si_mapare(client: TestClient, rows: list[dict]) -> int:
"""Upload CSV si seteaza mapare coloane. Intoarce import_id."""
data = _csv_bytes(rows)
r = client.post(
"/_import/upload",
files={"file": ("test.csv", io.BytesIO(data), "text/csv")},
)
assert r.status_code == 200, r.text
m = re.search(r"/_import/(\d+)/", r.text)
assert m, f"import_id negasit in raspunsul de upload: {r.text[:400]}"
iid = int(m.group(1))
# Seteaza maparea daca nu e deja
if f"/_import/{iid}/mapare-coloane" in r.text or "mapare-coloane" in r.text.lower():
r2 = client.post(
f"/_import/{iid}/mapare-coloane",
data={
"colname": ["VIN", "Nr", "Data", "KM", "Operatie"],
"canon": ["vin", "nr_inmatriculare", "data_prestatie", "odometru_final", "operatie"],
"format_data": "YYYY-MM-DD",
},
)
assert r2.status_code == 200, r2.text
return iid
def _get_preview(client: TestClient, iid: int) -> str:
rp = client.get(f"/_import/{iid}/preview")
assert rp.status_code == 200, rp.text
return rp.text
def _commit(client: TestClient, iid: int, n_ok: int, rar_env: str | None = None) -> object:
data = {
"csrf_token": "",
"n_confirmat": str(n_ok),
"confirmed_by": "test@us009.ro",
}
if rar_env:
data["rar_env"] = rar_env
return client.post(f"/_import/{iid}/confirma", data=data)
# --------------------------------------------------------------------------- #
# Tests #
# --------------------------------------------------------------------------- #
def test_selector_ascuns_la_un_mediu(client):
"""La 1 mediu disponibil: nu apare selector; apare eticheta statica cu mediul."""
_seed_nomenclator_si_mapare(client)
_configureaza_un_mediu(client, env="test")
# GET fragment/import: verifica ca nu exista selector si apare eticheta
r = client.get("/_fragments/import")
assert r.status_code == 200, r.text
html = r.text
# Eticheta statica "Testare" trebuie sa fie prezenta
assert "Testare" in html, "Eticheta mediu 'Testare' lipseste la 1 mediu disponibil"
# Selectorul nu trebuie sa apara (input cu name=rar_env hidden, dar fara <select>)
assert "<select" not in html or 'name="rar_env"' not in html or "rar-env-select" not in html, (
"Selector mediu RAR nu trebuie sa apara la 1 mediu disponibil"
)
def test_selector_prezent_si_prebifat_la_doua(client):
"""La 2 medii disponibile: selectorul apare si e pre-bifat pe default-ul contului."""
_seed_nomenclator_si_mapare(client)
_configureaza_doua_medii(client, default_env="test")
r = client.get("/_fragments/import")
assert r.status_code == 200, r.text
html = r.text
# Selectorul trebuie sa apara
assert "rar-env-select" in html, "Selectorul mediu RAR lipseste la 2 medii disponibile"
assert 'name="rar_env"' in html, 'Atribut name="rar_env" lipsa din selector'
# Default pre-selectat = "test" (default contului)
# Optiunea Testare trebuie sa fie selectata
assert 'value="test"' in html and "selected" in html, (
"Optiunea Testare nu e pre-selectata (default cont = test)"
)
def test_banner_avertisment_la_zero_medii(client):
"""La 0 medii configurate: apare un banner de avertisment (non-blocant)."""
# Contul 1 implicit nu are medii configurate
r = client.get("/_fragments/import")
assert r.status_code == 200, r.text
html = r.text
# Banner avertisment sau link catre configurare credentiale
assert "mediu" in html.lower() or "configureaza" in html.lower() or "credentiale" in html.lower(), (
"Bannerul de avertisment pentru 0 medii lipseste din pagina de upload"
)
# Upload-ul NU e blocat: formularul de upload trebuie sa fie prezent
assert "upload-form" in html, (
"Formularul de upload lipseste — la 0 medii upload-ul nu trebuie blocat"
)
def test_commit_seteaza_env_pe_submissions(client):
"""La commit: submissions primesc rar_env ales (fallback la ancora globala pt 0 medii)."""
_seed_nomenclator_si_mapare(client)
# Contul 1 fara medii configurate -> ancora globala = "test"
iid = _upload_si_mapare(client, _ROWS_OK)
preview_html = _get_preview(client, iid)
m_ok = re.search(r'id="n-confirmat"[^>]*?value="(\d+)"', preview_html)
n_ok = int(m_ok.group(1)) if m_ok else 1
r = _commit(client, iid, n_ok)
assert r.status_code == 200, r.text
assert any(kw in r.text.lower() for kw in ("coada", "prezenta", "trimiter")), (
"Mesajul de succes lipseste din raspunsul de commit"
)
# Verifica ca submission-ul are rar_env setat (fallback "test" via ancora globala)
from app.db import get_connection
conn = get_connection()
try:
sub = conn.execute(
"SELECT rar_env FROM submissions WHERE account_id=1 ORDER BY id DESC LIMIT 1"
).fetchone()
finally:
conn.close()
assert sub is not None, "Niciun submission gasit dupa commit"
assert sub["rar_env"] in ("test", "prod"), f"rar_env invalid: {sub['rar_env']!r}"
# Cu AUTOPASS_RAR_ENV=test si 0 medii configurate, expect "test"
assert sub["rar_env"] == "test", (
f"Expected rar_env='test' (ancora globala) dar primit {sub['rar_env']!r}"
)
def test_commit_cu_un_mediu_seteaza_acel_mediu(client):
"""La commit cu 1 mediu configurat: submission primeste mediul respectiv."""
_seed_nomenclator_si_mapare(client)
_configureaza_un_mediu(client, env="test")
iid = _upload_si_mapare(client, _ROWS_OK)
preview_html = _get_preview(client, iid)
m_ok = re.search(r'id="n-confirmat"[^>]*?value="(\d+)"', preview_html)
n_ok = int(m_ok.group(1)) if m_ok else 1
r = _commit(client, iid, n_ok)
assert r.status_code == 200, r.text
from app.db import get_connection
conn = get_connection()
try:
sub = conn.execute(
"SELECT rar_env FROM submissions WHERE account_id=1 ORDER BY id DESC LIMIT 1"
).fetchone()
finally:
conn.close()
assert sub is not None
assert sub["rar_env"] == "test", (
f"Expected rar_env='test' (singurul mediu disponibil) dar primit {sub['rar_env']!r}"
)
def test_commit_cu_doua_medii_respecta_alegerea(client):
"""La 2 medii: commit cu rar_env explicit seteaza mediul ales pe submissions."""
_seed_nomenclator_si_mapare(client)
_configureaza_doua_medii(client, default_env="test")
iid = _upload_si_mapare(client, _ROWS_OK)
preview_html = _get_preview(client, iid)
m_ok = re.search(r'id="n-confirmat"[^>]*?value="(\d+)"', preview_html)
n_ok = int(m_ok.group(1)) if m_ok else 1
# Commit explicit pe "prod"
r = _commit(client, iid, n_ok, rar_env="prod")
assert r.status_code == 200, r.text
from app.db import get_connection
conn = get_connection()
try:
sub = conn.execute(
"SELECT rar_env FROM submissions WHERE account_id=1 ORDER BY id DESC LIMIT 1"
).fetchone()
finally:
conn.close()
assert sub is not None
assert sub["rar_env"] == "prod", (
f"Expected rar_env='prod' (ales explicit) dar primit {sub['rar_env']!r}"
)
def test_badge_mediu_in_preview(client):
"""Preview-ul afiseaza badge-ul cu mediul tinta (US-009, F9/F10)."""
_seed_nomenclator_si_mapare(client)
_configureaza_un_mediu(client, env="test")
iid = _upload_si_mapare(client, _ROWS_OK)
r = client.get(f"/_import/{iid}/preview")
assert r.status_code == 200, r.text
html = r.text
# Badge cu mediul trebuie sa fie prezent in HTML
assert "Testare" in html or "PRODUCTIE" in html or "rar_env" in html, (
"Badge-ul de mediu RAR lipseste din preview"
)
def test_rar_env_in_confirm_form(client):
"""Preview-ul contine un field hidden rar_env in formularul de confirmare."""
_seed_nomenclator_si_mapare(client)
_configureaza_un_mediu(client, env="test")
iid = _upload_si_mapare(client, _ROWS_OK)
r = client.get(f"/_import/{iid}/preview")
assert r.status_code == 200, r.text
html = r.text
# Formularul de confirmare trebuie sa contina rar_env ca hidden field
assert 'name="rar_env"' in html, (
"Campul hidden 'rar_env' lipseste din formularul de confirmare preview"
)

View File

@@ -0,0 +1,50 @@
"""US-002 (PRD 5.20): medii_disponibile + rar_env_efectiv (REQ-DISP / REQ-DEFAULT)."""
from __future__ import annotations
from app.rar_env import medii_disponibile, rar_env_efectiv
def _cont(**kw):
base = {
"rar_test_enabled": 0, "rar_prod_enabled": 0,
"rar_creds_test_enc": None, "rar_creds_prod_enc": None,
"rar_env_default": "prod",
}
base.update(kw)
return base
def test_doar_prod_cu_creds():
c = _cont(rar_prod_enabled=1, rar_creds_prod_enc="TOK")
assert medii_disponibile(c) == ["prod"]
assert rar_env_efectiv(c) == "prod"
def test_ambele():
c = _cont(
rar_test_enabled=1, rar_creds_test_enc="T",
rar_prod_enabled=1, rar_creds_prod_enc="P",
rar_env_default="test",
)
assert medii_disponibile(c) == ["test", "prod"]
assert rar_env_efectiv(c) == "test"
def test_zero_cand_lipsesc_creds():
# activat dar fara creds -> nu e disponibil
c = _cont(rar_test_enabled=1, rar_prod_enabled=1)
assert medii_disponibile(c) == []
assert rar_env_efectiv(c) is None
def test_default_cade_pe_singurul_disponibil():
# default='prod' dar prod nu e disponibil; doar test e -> efectiv = test
c = _cont(rar_test_enabled=1, rar_creds_test_enc="T", rar_env_default="prod")
assert medii_disponibile(c) == ["test"]
assert rar_env_efectiv(c) == "test"
def test_enabled_fara_creds_nu_e_disponibil():
c = _cont(rar_prod_enabled=1, rar_creds_prod_enc=" ") # whitespace = gol
assert medii_disponibile(c) == []

View File

@@ -0,0 +1,96 @@
"""Teste US-004 (PRD 5.20): rezolvare mediu tinta la ingestie + respingere tinte indisponibile.
Fixtura `conn` urmareste acelasi pattern ca tests/test_accounts.py:
monkeypatch AUTOPASS_DB_PATH pe tempdir, cache_clear, init_db, get_connection.
"""
from __future__ import annotations
import os
import tempfile
import pytest
@pytest.fixture()
def conn(monkeypatch):
tmp = tempfile.mkdtemp()
monkeypatch.setenv("AUTOPASS_DB_PATH", os.path.join(tmp, "test_rar_env_resolve.db"))
from app.config import get_settings
get_settings.cache_clear()
from app.db import get_connection, init_db
init_db()
c = get_connection()
yield c
c.close()
get_settings.cache_clear()
def _seteaza_cont_ambele(conn) -> None:
"""Configureaza contul id=1 cu ambele medii disponibile, default = prod."""
conn.execute(
"""UPDATE accounts
SET rar_test_enabled=1, rar_creds_test_enc='T',
rar_prod_enabled=1, rar_creds_prod_enc='P',
rar_env_default='prod'
WHERE id=1"""
)
conn.commit()
def _seteaza_cont_doar_prod(conn) -> None:
"""Configureaza contul id=1 cu doar prod disponibil, test off."""
conn.execute(
"""UPDATE accounts
SET rar_test_enabled=0, rar_creds_test_enc=NULL,
rar_prod_enabled=1, rar_creds_prod_enc='P',
rar_env_default='prod'
WHERE id=1"""
)
conn.commit()
def test_cerere_castiga(conn):
"""Cererea explicita bate default-ul contului (prod)."""
_seteaza_cont_ambele(conn)
from app.rar_env import rezolva_rar_env
rezultat = rezolva_rar_env(conn, 1, "test")
assert rezultat == "test"
def test_fallback_default_cont(conn):
"""Fara cerere explicita -> default-ul contului (prod)."""
_seteaza_cont_ambele(conn)
from app.rar_env import rezolva_rar_env
rezultat = rezolva_rar_env(conn, 1, None)
assert rezultat == "prod"
def test_tinta_indisponibila_respinsa(conn):
"""Cerere pentru 'test' pe un cont doar-prod -> MediuIndisponibil cu .disponibile=['prod']."""
_seteaza_cont_doar_prod(conn)
from app.rar_env import MediuIndisponibil, rezolva_rar_env
with pytest.raises(MediuIndisponibil) as exc_info:
rezolva_rar_env(conn, 1, "test")
err = exc_info.value
assert err.env == "test"
assert err.disponibile == ["prod"]
def test_valoare_invalida(conn):
"""Cerere cu valoare in afara VALID_ENVS -> ValueError, fara fallback silentios."""
from app.rar_env import rezolva_rar_env
with pytest.raises(ValueError, match="mediu invalid"):
rezolva_rar_env(conn, 1, "staging")
def test_zero_medii_cade_pe_ancora(conn, monkeypatch):
"""Cont fara niciun mediu disponibil -> ancora globala AUTOPASS_RAR_ENV."""
# id=1 din fresh DB: rar_prod_enabled=1 dar rar_creds_prod_enc=NULL -> 0 disponibile
# (valoarea implicita a schemei: prod enabled fara creds -> nedisponibil)
monkeypatch.setenv("AUTOPASS_RAR_ENV", "test")
from app.config import get_settings
get_settings.cache_clear()
from app.rar_env import rezolva_rar_env
rezultat = rezolva_rar_env(conn, 1, None)
assert rezultat == "test"

View File

@@ -0,0 +1,145 @@
"""US-001 (PRD 5.20): schema medii per cont + env pe submission + migrare/backfill."""
from __future__ import annotations
import json
import os
import sqlite3
import tempfile
import pytest
@pytest.fixture()
def fresh_conn(monkeypatch):
"""DB nou cu schema curenta (init_db)."""
tmp = tempfile.mkdtemp()
monkeypatch.setenv("AUTOPASS_DB_PATH", os.path.join(tmp, "t.db"))
from app.config import get_settings
get_settings.cache_clear()
from app.db import get_connection, init_db
init_db()
c = get_connection()
yield c
c.close()
get_settings.cache_clear()
def _old_db(path: str) -> sqlite3.Connection:
"""Construieste un DB in forma PRE-5.20 (fara coloanele de mediu)."""
conn = sqlite3.connect(path, isolation_level=None)
conn.row_factory = sqlite3.Row
conn.execute(
"CREATE TABLE accounts (id INTEGER PRIMARY KEY AUTOINCREMENT, name TEXT NOT NULL, "
"cui TEXT, rar_creds_enc TEXT)"
)
conn.execute(
"CREATE TABLE submissions (id INTEGER PRIMARY KEY AUTOINCREMENT, "
"idempotency_key TEXT NOT NULL UNIQUE, account_id INTEGER, status TEXT, "
"payload_json TEXT NOT NULL)"
)
return conn
def _migrate_old(path: str, env: str, monkeypatch) -> sqlite3.Connection:
monkeypatch.setenv("AUTOPASS_RAR_ENV", env)
from app.config import get_settings
get_settings.cache_clear()
conn = sqlite3.connect(path, isolation_level=None)
conn.row_factory = sqlite3.Row
from app.db import _migrate
_migrate(conn)
return conn
def test_coloane_medii_pe_cont(fresh_conn):
acc = {r["name"] for r in fresh_conn.execute("PRAGMA table_info(accounts)").fetchall()}
assert {
"rar_test_enabled", "rar_prod_enabled",
"rar_creds_test_enc", "rar_creds_prod_enc", "rar_env_default",
} <= acc
sub = {r["name"] for r in fresh_conn.execute("PRAGMA table_info(submissions)").fetchall()}
assert "rar_env" in sub
def test_default_client_prod_on_test_off(fresh_conn):
from app.accounts import create_account
aid = create_account(fresh_conn, "Service X")
row = fresh_conn.execute(
"SELECT rar_test_enabled, rar_prod_enabled, rar_env_default FROM accounts WHERE id=?",
(aid,),
).fetchone()
assert row["rar_prod_enabled"] == 1
assert row["rar_test_enabled"] == 0
assert row["rar_env_default"] == "prod"
@pytest.mark.parametrize("env,slot,other", [
("test", "rar_creds_test_enc", "rar_creds_prod_enc"),
("prod", "rar_creds_prod_enc", "rar_creds_test_enc"),
])
def test_migrare_creds_in_slotul_env_global(tmp_path, monkeypatch, env, slot, other):
path = str(tmp_path / "old.db")
old = _old_db(path)
old.execute(
"INSERT INTO accounts (id, name, rar_creds_enc) VALUES (5, 'Legacy', 'TOKEN_CREDS')"
)
old.close()
conn = _migrate_old(path, env, monkeypatch)
row = conn.execute("SELECT * FROM accounts WHERE id=5").fetchone()
assert row[slot] == "TOKEN_CREDS"
assert row[other] is None
assert row[f"rar_{env}_enabled"] == 1
assert row[f"rar_{'prod' if env == 'test' else 'test'}_enabled"] == 0
assert row["rar_env_default"] == env
conn.close()
def test_migrare_cont_fara_creds_ramane_pe_default(tmp_path, monkeypatch):
path = str(tmp_path / "old.db")
old = _old_db(path)
old.execute("INSERT INTO accounts (id, name, rar_creds_enc) VALUES (6, 'NoCreds', NULL)")
old.close()
conn = _migrate_old(path, "test", monkeypatch)
row = conn.execute("SELECT * FROM accounts WHERE id=6").fetchone()
assert row["rar_prod_enabled"] == 1
assert row["rar_test_enabled"] == 0
assert row["rar_env_default"] == "prod"
conn.close()
def test_submissions_rar_env(tmp_path, monkeypatch):
"""Un rand PRE-migrare ajunge cu env-ul global (NU 'test') + cheie recalculata env-aware."""
path = str(tmp_path / "old.db")
old = _old_db(path)
payload = {
"vin": "WVWZZZ1JZXW000001", "nr_inmatriculare": "B123ABC",
"data_prestatie": "2026-01-10", "odometru_final": "123456",
"prestatii": [{"cod_prestatie": "OE-1"}],
}
old.execute(
"INSERT INTO submissions (idempotency_key, account_id, status, payload_json) "
"VALUES ('LEGACY_KEY', 7, 'sent', ?)",
(json.dumps(payload),),
)
old.close()
conn = _migrate_old(path, "prod", monkeypatch)
row = conn.execute("SELECT rar_env, idempotency_key FROM submissions").fetchone()
assert row["rar_env"] == "prod" # ancora globala, NU DEFAULT 'test'
from app.idempotency import build_key, canonicalize_row
canon = canonicalize_row(payload)
canon["prestatii"] = payload["prestatii"]
assert row["idempotency_key"] == build_key(7, canon, "prod")
# si difera de varianta env-aware pe test (reconciliere pe endpoint corect)
assert row["idempotency_key"] != build_key(7, canon, "test")
conn.close()
def test_migrare_idempotenta(fresh_conn):
"""A doua rulare _migrate pe DB deja migrat nu strica nimic."""
from app.db import _migrate
_migrate(fresh_conn) # nu arunca, nu dubleaza coloane
acc = {r["name"] for r in fresh_conn.execute("PRAGMA table_info(accounts)").fetchall()}
assert "rar_env_default" in acc

View File

@@ -65,6 +65,7 @@ def test_signup_fara_cui_422(client):
"cui": "", "cui": "",
"email": "fara_cui@test.com", "email": "fara_cui@test.com",
"parola": "parolasecreta123", "parola": "parolasecreta123",
"consent": "1",
"csrf_token": token, "csrf_token": token,
}) })
# trebuie sa returneze 422 (sau sa randeze formularul cu eroare) # trebuie sa returneze 422 (sau sa randeze formularul cu eroare)
@@ -96,6 +97,7 @@ def test_signup_scrie_email_pe_account(client):
"cui": "RO9999001", "cui": "RO9999001",
"email": "cu_email@test.com", "email": "cu_email@test.com",
"parola": "parolasecreta123", "parola": "parolasecreta123",
"consent": "1",
"csrf_token": token, "csrf_token": token,
}) })
assert resp.status_code == 200 assert resp.status_code == 200
@@ -131,6 +133,7 @@ def test_signup_email_duplicat_mesaj_email(client):
"cui": make_test_cui("email-dup-c1"), "cui": make_test_cui("email-dup-c1"),
"email": "emaildup@test.com", "email": "emaildup@test.com",
"parola": "parolasecreta123", "parola": "parolasecreta123",
"consent": "1",
"csrf_token": token, "csrf_token": token,
}) })
assert resp1.status_code == 200 assert resp1.status_code == 200
@@ -145,6 +148,7 @@ def test_signup_email_duplicat_mesaj_email(client):
"cui": cui_nou, "cui": cui_nou,
"email": "emaildup@test.com", "email": "emaildup@test.com",
"parola": "parolasecreta456", "parola": "parolasecreta456",
"consent": "1",
"csrf_token": token2, "csrf_token": token2,
}) })
@@ -179,6 +183,7 @@ def test_signup_cui_existent_mesaj_prietenos(client):
"cui": "RO8888001", "cui": "RO8888001",
"email": "firma1@test.com", "email": "firma1@test.com",
"parola": "parolasecreta123", "parola": "parolasecreta123",
"consent": "1",
"csrf_token": token, "csrf_token": token,
}) })
@@ -190,6 +195,7 @@ def test_signup_cui_existent_mesaj_prietenos(client):
"cui": "RO8888001", "cui": "RO8888001",
"email": "firma2@test.com", "email": "firma2@test.com",
"parola": "parolasecreta456", "parola": "parolasecreta456",
"consent": "1",
"csrf_token": token2, "csrf_token": token2,
}) })

View File

@@ -52,6 +52,7 @@ def _do_signup(c: TestClient, name: str, email: str, parola: str = "parolasecret
"cui": make_test_cui(email), "cui": make_test_cui(email),
"email": email, "email": email,
"parola": parola, "parola": parola,
"consent": "1",
"csrf_token": token, "csrf_token": token,
}) })

View File

@@ -39,7 +39,7 @@ def env(monkeypatch):
class FakeRar: class FakeRar:
"""Stub RarClient pentru teste.""" """Stub RarClient pentru teste."""
def __init__(self, settings=None): def __init__(self, settings=None, *, base_url=None):
self.login_calls = 0 self.login_calls = 0
self.closed = False self.closed = False

177
tests/test_validare_env.py Normal file
View File

@@ -0,0 +1,177 @@
"""Teste US-007 (PRD 5.20): validare credentiale RAR pe env-ul setului de creds.
Premisa confirmata live (2026-06-29): creds prod NU se valideaza pe RAR test si
invers (401 incrucisat). Deci login-ul de proba TREBUIE sa loveasca endpoint-ul
mediului caruia ii apartin credentialele, nu URL-ul global AUTOPASS_RAR_ENV.
Functie testata:
routes._valideaza_login_rar(settings, email, password, env)
Teste:
test_valideaza_pe_env_creds -- login pe env='prod' foloseste base_url prod (nu test)
test_mesaj_distinge_env -- esec pe test vs prod produce mesaje diferite
"""
from __future__ import annotations
import os
import tempfile
import pytest
from app.rar_client import RarAuthError
# ---------------------------------------------------------------------------
# Fixture izolat
# ---------------------------------------------------------------------------
@pytest.fixture()
def env_db(monkeypatch):
"""DB temporara + settings curate. Numele 'env_db' evita coliziunea cu parametrul
'env' folosit in testele de mai jos ca string ('test'/'prod')."""
tmp = tempfile.mkdtemp()
monkeypatch.setenv("AUTOPASS_DB_PATH", os.path.join(tmp, "t.db"))
monkeypatch.setenv("AUTOPASS_SEED_OPERATII_ENABLED", "false")
from app.config import get_settings
get_settings.cache_clear()
from app.db import init_db
init_db()
yield
get_settings.cache_clear()
# ---------------------------------------------------------------------------
# Stub-uri RarClient
# ---------------------------------------------------------------------------
class _RarClientSpy:
"""Inregistreaza base_url-ul cu care a fost construit si simuleaza login reusit."""
captured: dict = {}
def __init__(self, settings=None, *, base_url=None):
_RarClientSpy.captured["base_url"] = base_url
def login(self, email, password):
return "TOKEN-SPY"
def __enter__(self):
return self
def __exit__(self, *args):
pass
def close(self):
pass
class _RarClientFail:
"""Simuleaza login esuat (RarAuthError 401) indiferent de env."""
def __init__(self, settings=None, *, base_url=None):
pass
def login(self, email, password):
raise RarAuthError("Credentiale RAR invalide", status_code=401)
def __enter__(self):
return self
def __exit__(self, *args):
pass
def close(self):
pass
# ---------------------------------------------------------------------------
# Teste
# ---------------------------------------------------------------------------
def test_valideaza_pe_env_creds(env_db, monkeypatch):
"""Cand validezi creds pentru env='prod', clientul de login e creat cu base_url-ul prod.
US-007 AC: 'validarea foloseste env-ul setului de creds verificat'.
Premisa: creds prod nu se valideaza pe RAR test (401 incrucisat), deci
clientul TREBUIE sa foloseasca base_url-ul prod, nu cel de test.
"""
import app.web.routes as routes_mod
from app.config import get_settings
_RarClientSpy.captured = {}
monkeypatch.setattr(routes_mod, "RarClient", _RarClientSpy)
settings = get_settings()
ok, mesaj = routes_mod._valideaza_login_rar(settings, "a@b.ro", "parola", "prod")
assert ok is True, f"Login simulat trebuia sa reuseasca: mesaj={mesaj!r}"
assert mesaj is None
base_url_folosit = _RarClientSpy.captured.get("base_url")
assert base_url_folosit == settings.rar_base_url_prod, (
f"Clientul trebuia construit cu rar_base_url_prod={settings.rar_base_url_prod!r},"
f" dar a primit base_url={base_url_folosit!r}"
)
assert base_url_folosit != settings.rar_base_url_test, (
"Clientul nu trebuia sa foloseasca base_url-ul de TEST la validarea creds PROD"
)
def test_valideaza_pe_env_creds_test(env_db, monkeypatch):
"""Cand validezi creds pentru env='test', clientul de login e creat cu base_url-ul test."""
import app.web.routes as routes_mod
from app.config import get_settings
_RarClientSpy.captured = {}
monkeypatch.setattr(routes_mod, "RarClient", _RarClientSpy)
settings = get_settings()
ok, mesaj = routes_mod._valideaza_login_rar(settings, "a@b.ro", "parola", "test")
assert ok is True
base_url_folosit = _RarClientSpy.captured.get("base_url")
assert base_url_folosit == settings.rar_base_url_test, (
f"Clientul trebuia construit cu rar_base_url_test={settings.rar_base_url_test!r},"
f" dar a primit base_url={base_url_folosit!r}"
)
assert base_url_folosit != settings.rar_base_url_prod
def test_mesaj_distinge_env(env_db, monkeypatch):
"""La esec de login pe test vs prod, mesajul difera ('TESTARE' vs 'PRODUCTIE').
US-007 AC: 'mesaj distinct creds invalide pe TESTARE vs pe PRODUCTIE'.
Design F6/F7: banner-ul de eroare indica pe ce mediu a esuat login-ul.
"""
import app.web.routes as routes_mod
from app.config import get_settings
monkeypatch.setattr(routes_mod, "RarClient", _RarClientFail)
settings = get_settings()
ok_test, msg_test = routes_mod._valideaza_login_rar(settings, "a@b.ro", "parola", "test")
ok_prod, msg_prod = routes_mod._valideaza_login_rar(settings, "a@b.ro", "parola", "prod")
assert ok_test is False, "Esecul la test trebuia sa returneze ok=False"
assert ok_prod is False, "Esecul la prod trebuia sa returneze ok=False"
assert msg_test is not None and "TESTARE" in msg_test, (
f"Mesajul la esec pe test trebuia sa contina 'TESTARE': {msg_test!r}"
)
assert msg_prod is not None and "PRODUCTIE" in msg_prod, (
f"Mesajul la esec pe prod trebuia sa contina 'PRODUCTIE': {msg_prod!r}"
)
# Cross-check: etichetele nu se amesteca
assert "PRODUCTIE" not in (msg_test or ""), (
f"Mesajul esec test nu trebuia sa mentioneze PRODUCTIE: {msg_test!r}"
)
assert "TESTARE" not in (msg_prod or ""), (
f"Mesajul esec prod nu trebuia sa mentioneze TESTARE: {msg_prod!r}"
)

View File

@@ -40,7 +40,8 @@ def _signup(client, name, email, password="parola_test_001"):
from tests.conftest import make_test_cui from tests.conftest import make_test_cui
tok = _csrf(client, "/signup") tok = _csrf(client, "/signup")
client.post("/signup", data={"name": name, "cui": make_test_cui(email), "email": email, client.post("/signup", data={"name": name, "cui": make_test_cui(email), "email": email,
"parola": password, "csrf_token": tok}, follow_redirects=True) "parola": password, "consent": "1", "csrf_token": tok},
follow_redirects=True)
from app.db import get_connection from app.db import get_connection
conn = get_connection() conn = get_connection()
try: try:

View File

@@ -224,8 +224,8 @@ def test_logo_linkeaza_acasa(client):
"In prezent logo-ul nu e un link." "In prezent logo-ul nu e un link."
) )
# Titlul "ROMFAST AUTOPASS" trebuie sa fie si el in interiorul unui <a href="/"> # Titlul "ROA AUTOPASS" trebuie sa fie si el in interiorul unui <a href="/">
# (PRD AC US-010: Logo-ul ROMFAST + titlul linkeaza la /; titlul a fost redenumit in 5.16) # (PRD AC US-010: Logo-ul ROMFAST + titlul linkeaza la /; titlul a fost redenumit in 5.16)
assert re.search(r'<a\b[^>]*href="/"[^>]*>.*?ROMFAST AUTOPASS', header_html, re.DOTALL), ( assert re.search(r'<a\b[^>]*href="/"[^>]*>.*?ROA AUTOPASS', header_html, re.DOTALL), (
"Titlul 'ROMFAST AUTOPASS' trebuie sa fie intr-un <a href='/'> in header." "Titlul 'ROA AUTOPASS' trebuie sa fie intr-un <a href='/'> in header."
) )

View File

@@ -741,20 +741,20 @@ def test_strip_sanatate_fara_hex_hardcodat():
# ============================================================ # ============================================================
# PRD 5.16 US-010: Titlu ROMFAST AUTOPASS + account_name in antet # PRD 5.16 US-010: Titlu ROA AUTOPASS + account_name in antet
# ============================================================ # ============================================================
def test_titlu_romfast_autopass(client): def test_titlu_romfast_autopass(client):
"""US-010 (PRD 5.16): titlul din antet si tag-ul <title> sunt 'ROMFAST AUTOPASS', """US-010 (PRD 5.16): titlul din antet si tag-ul <title> sunt 'ROA AUTOPASS',
nu 'Gateway RAR AUTOPASS'.""" nu 'Gateway RAR AUTOPASS'."""
_create_account_user("titlutest@test.com", name="Service Titlu") _create_account_user("titlutest@test.com", name="Service Titlu")
_login(client, "titlutest@test.com") _login(client, "titlutest@test.com")
html = client.get("/?tab=acasa").text html = client.get("/?tab=acasa").text
assert "ROMFAST AUTOPASS" in html, \ assert "ROA AUTOPASS" in html, \
"Titlul 'ROMFAST AUTOPASS' lipseste din antet (US-010 PRD 5.16)" "Titlul 'ROA AUTOPASS' lipseste din antet (US-010 PRD 5.16)"
assert "Gateway RAR AUTOPASS" not in html, \ assert "Gateway RAR AUTOPASS" not in html, \
"Titlul vechi 'Gateway RAR AUTOPASS' inca prezent — inlocuieste cu 'ROMFAST AUTOPASS'" "Titlul vechi 'Gateway RAR AUTOPASS' inca prezent — inlocuieste cu 'ROA AUTOPASS'"
def test_header_arata_nume_service_logat(client): def test_header_arata_nume_service_logat(client):
@@ -772,7 +772,7 @@ def test_header_arata_nume_service_logat(client):
def test_login_branded_nu_schelet(client): def test_login_branded_nu_schelet(client):
"""US-010 (PRD 5.16): /login are layout 2-coloane branduit cu clasa .login-shell, """US-010 (PRD 5.16): /login are layout 2-coloane branduit cu clasa .login-shell,
titlul 'ROMFAST AUTOPASS', si formular cu POST /login (CSRF intact).""" titlul 'ROA AUTOPASS', si formular cu POST /login (CSRF intact)."""
resp = client.get("/login") resp = client.get("/login")
assert resp.status_code == 200 assert resp.status_code == 200
html = resp.text html = resp.text
@@ -781,8 +781,8 @@ def test_login_branded_nu_schelet(client):
"Clasa .login-shell lipseste din /login (US-010 PRD 5.16) — layout 2-coloane nenimplementat" "Clasa .login-shell lipseste din /login (US-010 PRD 5.16) — layout 2-coloane nenimplementat"
assert "login-aside" in html, \ assert "login-aside" in html, \
"Clasa .login-aside lipseste — coloana stanga de brand lipseste (US-010)" "Clasa .login-aside lipseste — coloana stanga de brand lipseste (US-010)"
assert "ROMFAST AUTOPASS" in html, \ assert "ROA AUTOPASS" in html, \
"Titlul 'ROMFAST AUTOPASS' lipseste din /login (US-010 PRD 5.16)" "Titlul 'ROA AUTOPASS' lipseste din /login (US-010 PRD 5.16)"
# Formular intact: POST /login cu csrf_token # Formular intact: POST /login cu csrf_token
assert 'action="/login"' in html, "Actiunea formularului /login s-a schimbat — CSRF route invalida" assert 'action="/login"' in html, "Actiunea formularului /login s-a schimbat — CSRF route invalida"
assert 'name="csrf_token"' in html, "csrf_token lipseste din formular — securitate compromisa" assert 'name="csrf_token"' in html, "csrf_token lipseste din formular — securitate compromisa"

View File

@@ -48,6 +48,7 @@ def test_signup_creeaza_cont_user_si_cheie(client):
"cui": "RO12345678", "cui": "RO12345678",
"email": "test@example.com", "email": "test@example.com",
"parola": "parolasecreta", "parola": "parolasecreta",
"consent": "1",
"csrf_token": token, "csrf_token": token,
}) })
assert resp.status_code == 200 assert resp.status_code == 200
@@ -87,6 +88,7 @@ def test_signup_email_duplicat_eroare(client):
"cui": make_test_cui("dup@example.com"), "cui": make_test_cui("dup@example.com"),
"email": "dup@example.com", "email": "dup@example.com",
"parola": "parolasecreta", "parola": "parolasecreta",
"consent": "1",
"csrf_token": token, "csrf_token": token,
}) })
@@ -102,6 +104,7 @@ def test_signup_email_duplicat_eroare(client):
"cui": make_test_cui("dup-b@example.com"), "cui": make_test_cui("dup-b@example.com"),
"email": "dup@example.com", "email": "dup@example.com",
"parola": "altaparola123", "parola": "altaparola123",
"consent": "1",
"csrf_token": token, "csrf_token": token,
}) })
assert resp2.status_code in (200, 422) assert resp2.status_code in (200, 422)
@@ -139,6 +142,72 @@ def test_signup_parola_scurta_eroare(client):
conn.close() conn.close()
def test_signup_fara_consent_eroare(client):
"""Consimtamant GDPR lipsa -> 422, fara creare cont; mesaj despre Termeni/GDPR.
Checkbox-ul de consimtamant trebuie validat server-side (functional, nu doar client-side):
fara el contul nu se creeaza si planul/datele introduse se pastreaza in re-render.
"""
from tests.conftest import make_test_cui
resp = client.get("/signup")
token = _csrf(resp.text)
resp = client.post("/signup", data={
"name": "Service Fara Consent",
"cui": make_test_cui("fara-consent@test.com"),
"email": "fara-consent@test.com",
"parola": "parolasecreta123",
# fara "consent"
"csrf_token": token,
})
assert resp.status_code == 422
assert "rfak_" not in resp.text
assert "GDPR" in resp.text or "Termeni" in resp.text
from app.db import get_connection
conn = get_connection()
try:
acct = conn.execute(
"SELECT * FROM accounts WHERE name='Service Fara Consent'"
).fetchone()
assert acct is None, "Cont creat desi consimtamantul lipsea"
finally:
conn.close()
def test_signup_salveaza_requested_plan_si_consent(client):
"""POST /signup cu plan ales -> accounts.requested_plan = codul ales, consent_at setat,
iar tier RAMANE 'free' (planul cerut NU acorda drepturi)."""
from tests.conftest import make_test_cui
resp = client.get("/signup")
token = _csrf(resp.text)
resp = client.post("/signup", data={
"name": "Service Plan Pro",
"cui": make_test_cui("plan-pro@test.com"),
"email": "plan-pro@test.com",
"parola": "parolasecreta123",
"plan": "pro",
"consent": "1",
"csrf_token": token,
})
assert resp.status_code == 200
assert "rfak_" in resp.text
from app.db import get_connection
conn = get_connection()
try:
acct = conn.execute(
"SELECT * FROM accounts WHERE name='Service Plan Pro'"
).fetchone()
assert acct is not None
assert acct["requested_plan"] == "pro", "Planul cerut nu a fost salvat"
assert acct["tier"] == "free", "tier NU trebuie urcat din planul cerut (doar dupa plata)"
assert acct["consent_at"], "consent_at trebuie setat la signup cu consimtamant"
finally:
conn.close()
def test_cheie_afisata_o_data(client): def test_cheie_afisata_o_data(client):
"""Cheia rfak_ apare in raspunsul POST /signup; GET /signup nu o contine.""" """Cheia rfak_ apare in raspunsul POST /signup; GET /signup nu o contine."""
from tests.conftest import make_test_cui from tests.conftest import make_test_cui
@@ -150,6 +219,7 @@ def test_cheie_afisata_o_data(client):
"cui": make_test_cui("cheie@test.com"), "cui": make_test_cui("cheie@test.com"),
"email": "cheie@test.com", "email": "cheie@test.com",
"parola": "parolasecreta", "parola": "parolasecreta",
"consent": "1",
"csrf_token": token, "csrf_token": token,
}) })
assert resp_post.status_code == 200 assert resp_post.status_code == 200

View File

@@ -495,7 +495,9 @@ def _insert_submissions_sent(account_id: int, n: int) -> None:
def test_afisaj_plan_si_zile_trial(client): def test_afisaj_plan_si_zile_trial(client):
"""US-006: cont in trial Pro -> fragment status arata 'trial N zile ramase'. """US-006 + T-6 (5.16): cont in trial Pro -> linia de plan din meniul burger (pagina
completa) arata 'Plan: Pro · trial N zile ramase'. In starea normala (non-warn) plan_linie
NU mai e rand in corpul fragmentului status — traieste in badge antet + burger.
Contul nou primeste trial_until=now+30z automat la creare. Contul nou primeste trial_until=now+30z automat la creare.
""" """
acct_id, _ = _create_account_user("trialzile@test.com") acct_id, _ = _create_account_user("trialzile@test.com")
@@ -505,7 +507,7 @@ def test_afisaj_plan_si_zile_trial(client):
future = (datetime.now(timezone.utc) + timedelta(days=18, hours=12)).strftime("%Y-%m-%d %H:%M:%S") future = (datetime.now(timezone.utc) + timedelta(days=18, hours=12)).strftime("%Y-%m-%d %H:%M:%S")
_set_trial_until(acct_id, future) _set_trial_until(acct_id, future)
resp = client.get("/_fragments/status") resp = client.get("/", follow_redirects=True)
assert resp.status_code == 200 assert resp.status_code == 200
html = resp.text html = resp.text
@@ -516,7 +518,8 @@ def test_afisaj_plan_si_zile_trial(client):
def test_afisaj_consum_lunar(client): def test_afisaj_consum_lunar(client):
"""US-006: cont free (fara trial) -> fragment status arata 'Gratuit · N/60 luna asta'.""" """US-006 + T-6 (5.16): cont free (fara trial) -> linia de plan din burger (pagina
completa) arata 'Gratuit · N/60 luna asta'. Consumul normal nu mai e rand in corp."""
acct_id, _ = _create_account_user("consumlun@test.com") acct_id, _ = _create_account_user("consumlun@test.com")
_login(client, "consumlun@test.com", "parolasecreta10") _login(client, "consumlun@test.com", "parolasecreta10")
@@ -525,7 +528,7 @@ def test_afisaj_consum_lunar(client):
# Insereaza 5 submissions sent luna asta # Insereaza 5 submissions sent luna asta
_insert_submissions_sent(acct_id, 5) _insert_submissions_sent(acct_id, 5)
resp = client.get("/_fragments/status") resp = client.get("/", follow_redirects=True)
assert resp.status_code == 200 assert resp.status_code == 200
html = resp.text html = resp.text
@@ -584,7 +587,8 @@ def test_copy_pluralizare_zi_zile(client):
future_18 = (datetime.now(timezone.utc) + timedelta(days=18, hours=12)).strftime("%Y-%m-%d %H:%M:%S") future_18 = (datetime.now(timezone.utc) + timedelta(days=18, hours=12)).strftime("%Y-%m-%d %H:%M:%S")
_set_trial_until(acct_id, future_18) _set_trial_until(acct_id, future_18)
resp = client.get("/_fragments/status") # T-6 (5.16): linia de plan (cu pluralizarea zilelor) traieste in burger pe pagina completa.
resp = client.get("/", follow_redirects=True)
assert resp.status_code == 200 assert resp.status_code == 200
html = resp.text html = resp.text
assert "18 zile" in html, f"'18 zile' lipseste. HTML: {html[:800]}" assert "18 zile" in html, f"'18 zile' lipseste. HTML: {html[:800]}"
@@ -596,7 +600,7 @@ def test_copy_pluralizare_zi_zile(client):
future_1 = (datetime.now(timezone.utc) + timedelta(days=1, hours=12)).strftime("%Y-%m-%d %H:%M:%S") future_1 = (datetime.now(timezone.utc) + timedelta(days=1, hours=12)).strftime("%Y-%m-%d %H:%M:%S")
_set_trial_until(acct_id, future_1) _set_trial_until(acct_id, future_1)
resp = client.get("/_fragments/status") resp = client.get("/", follow_redirects=True)
assert resp.status_code == 200 assert resp.status_code == 200
html = resp.text html = resp.text
assert "1 zi" in html, f"'1 zi' (singular) lipseste la o zi ramasa. HTML: {html[:800]}" assert "1 zi" in html, f"'1 zi' (singular) lipseste la o zi ramasa. HTML: {html[:800]}"

View File

@@ -107,8 +107,9 @@ def test_submissions_coloane_umane(client):
assert "B777ZZZ" in html, "Nr inmatriculare din payload lipseste" assert "B777ZZZ" in html, "Nr inmatriculare din payload lipseste"
assert "Reparatie frane" in html, "Operatia din payload lipseste" assert "Reparatie frane" in html, "Operatia din payload lipseste"
# Nr. prezentare RAR accesibil pe linia meta discreta # 5.16: #id_prezentare nu mai e pe rand (randul are MAX 2 linii) — detaliul complet
assert "68516" in html, "Nr. prezentare RAR lipseste din linia meta" # (inclusiv nr. prezentare RAR) traieste in modalul de detaliu.
assert "68516" not in html, "Nr. prezentare RAR nu trebuie sa mai apara pe randul slim"
def test_tab_eticheta_trimiteri(client): def test_tab_eticheta_trimiteri(client):
@@ -426,9 +427,9 @@ def test_detaliu_trimitere_404_cross_account(client):
# --------------------------------------------------------------------------- # ---------------------------------------------------------------------------
def test_rand_slim_vin_operatie_pill(client): def test_rand_slim_vin_operatie_pill(client):
"""US-004: fiecare rand slim afiseaza VIN scurt in .slim-vin, operatie+ora in """5.16: fiecare rand slim are 2 linii — L1 placuta (nr. inmatriculare) in .slim-vin,
.slim-meta si un pill de stare cu clasa stare_css si eticheta stare_scurt. L2 cod RAR · operatie · data in .slim-meta, plus un pill de stare cu clasa stare_css
Lista e inconjurata de .lista-trimiteri-slim. si eticheta stare_scurt. Lista e inconjurata de .lista-trimiteri-slim.
""" """
acct = _create_account_user("slim1@test.com") acct = _create_account_user("slim1@test.com")
_insert_submission(acct, "sent", id_prezentare=80001) _insert_submission(acct, "sent", id_prezentare=80001)
@@ -442,14 +443,16 @@ def test_rand_slim_vin_operatie_pill(client):
assert "lista-trimiteri-slim" in html, "lista-trimiteri-slim lipseste din raspuns" assert "lista-trimiteri-slim" in html, "lista-trimiteri-slim lipseste din raspuns"
assert "trimitere-slim" in html, "trimitere-slim lipseste din raspuns" assert "trimitere-slim" in html, "trimitere-slim lipseste din raspuns"
# VIN scurt in clasa slim-vin (mono, linia 1) # L1: placuta (identificator primar) in clasa slim-vin
assert "slim-vin" in html, "slim-vin lipseste — linia 1 VIN mono" assert "slim-vin" in html, "slim-vin lipseste — linia 1 placuta"
assert "B777ZZZ" in html, "placuta (nr. inmatriculare) lipseste de pe rand"
# Linia 2 muted (operatie + ora/data) # L2: cod RAR · operatie · data (slim-meta / slim-rand2)
assert "slim-meta" in html, "slim-meta lipseste — linia 2 muted" assert "slim-meta" in html, "slim-meta lipseste — linia 2"
assert "slim-rand2" in html, "slim-rand2 lipseste — linia 2 (cod RAR · operatie · data)"
# VIN scurt randat (WVWZZZ1JZXW000777 -> …000777) # VIN integral nu mai e pe rand (5.16) — traieste in modalul de detaliu.
assert "000777" in html, "VIN scurt (ultimele 6 cifre) lipseste" assert "000777" not in html, "VIN scurt nu mai trebuie randat pe randul slim (2 linii)"
# Pill de stare: clasa CSS + eticheta scurta # Pill de stare: clasa CSS + eticheta scurta
assert "s-sent" in html, "clasa pill s-sent lipseste" assert "s-sent" in html, "clasa pill s-sent lipseste"

View File

@@ -81,12 +81,13 @@ def client(monkeypatch):
get_settings.cache_clear() get_settings.cache_clear()
def test_vin_pe_rand_separat_sub_nr(client): def test_placuta_pe_rand_identificator_primar(client):
"""VIN-ul apare intr-un element block-level cu clasa slim-vin (PRD 5.15 US-004). """Placuta (nr. inmatriculare) e identificatorul PRIMAR, linia 1 a randului slim
(5.16): in <div class="slim-vin"> (block-level, prominent).
PRD 5.10 (US-005): VIN era <div class="muted"> sub nr in coloana Vehicul. PRD 5.15 (US-004): VIN era identificatorul primar pe linia 1.
PRD 5.15 (US-004): VIN e acum identificatorul PRINCIPAL, linia 1 a randului slim, 5.16 (directiva user): operatorul scaneaza placuta de pe comanda, nu VIN-ul de 17
in <div class="slim-vin"> (mono, prominent, block-level). NU mai e muted. caractere — placuta devine linia 1, VIN integral se muta in modalul de detaliu.
""" """
acct = _create_account_user("vin_layout@test.com") acct = _create_account_user("vin_layout@test.com")
_ins(acct, vin="WVWZZZ1JZXW000001", nr="B123XYZ") _ins(acct, vin="WVWZZZ1JZXW000001", nr="B123XYZ")
@@ -96,46 +97,51 @@ def test_vin_pe_rand_separat_sub_nr(client):
assert resp.status_code == 200 assert resp.status_code == 200
html = resp.text html = resp.text
# VIN trunchiat trebuie sa apara in HTML # Placuta trebuie sa apara in HTML
assert "000001" in html, "VIN-ul trunchiat trebuie sa apara in lista slim" assert "B123XYZ" in html, "placuta (nr. inmatriculare) trebuie sa apara in lista slim"
# VIN e intr-un element block-level (div cu clasa slim-vin) # Placuta e intr-un element block-level (div cu clasa slim-vin)
# Pattern: <div class="slim-vin">...000001...</div> plac = "B123XYZ"
vin_fragment = "000001"
found_slim_vin = re.search( found_slim_vin = re.search(
rf'<div[^>]*class="slim-vin[^"]*"[^>]*>[^<]*{re.escape(vin_fragment)}[^<]*</div>', rf'<div[^>]*class="slim-vin[^"]*"[^>]*>[^<]*{re.escape(plac)}[^<]*</div>',
html, html,
) )
assert found_slim_vin, ( assert found_slim_vin, (
f"VIN '{vin_fragment}' trebuie sa fie in <div class=\"slim-vin\"> (block-level, " f"placuta '{plac}' trebuie sa fie in <div class=\"slim-vin\"> (linia 1 a "
f"mono, linia 1 a randului slim). HTML gasit: " f"randului slim). HTML gasit: "
+ html[max(0, html.find(vin_fragment) - 80):html.find(vin_fragment) + 80] + html[max(0, html.find(plac) - 80):html.find(plac) + 80]
) )
# VIN integral NU mai e pe rand (max 2 linii) — traieste in modalul de detaliu.
assert "000001" not in html, "VIN-ul nu mai trebuie randat pe randul slim (5.16)"
def test_vin_lipsa_nu_genereaza_rand_gol(client):
"""Cand VIN-ul lipseste (sau e EMPTY=''), slim-vin nu afiseaza '' izolat. def test_placuta_lipsa_nu_genereaza_rand_gol(client):
Fallback: slim-vin afiseaza vehicul_nr (nr. inmatriculare) cu clasa muted. """Cand placuta SI VIN-ul lipsesc, slim-vin nu afiseaza '' izolat ca identificator.
(PRD 5.15 US-004: slim-vin are garda vin != '') Fallback (5.16): VIN scurt daca exista, altfel mesaj neutru ('fara numar') — niciodata
un em-dash singur ca identificator primar.
""" """
acct = _create_account_user("vin_gol@test.com") acct = _create_account_user("vin_gol@test.com")
sid = _ins(acct, vin="", nr="B999TST") # VIN gol -> vin_scurt='—' # Placuta prezenta -> e identificatorul primar pe linia 1.
sid1 = _ins(acct, vin="", nr="B999TST")
# Placuta SI VIN absente -> fallback 'fara numar' (nu '—' izolat).
sid2 = _ins(acct, vin="", nr="")
_login(client, "vin_gol@test.com") _login(client, "vin_gol@test.com")
resp = client.get("/_fragments/submissions") resp = client.get("/_fragments/submissions")
assert resp.status_code == 200 assert resp.status_code == 200
html = resp.text html = resp.text
# Randul trebuie sa existe # Ambele randuri exista
assert f'id="trimitere-row-{sid}"' in html assert f'id="trimitere-row-{sid1}"' in html
assert f'id="trimitere-row-{sid2}"' in html
# slim-vin NU trebuie sa contina '—' izolat (VIN lipsa -> fallback vehicul_nr) # Placuta vizibila cand exista
slim_vin_match = re.search(r'<div[^>]*class="slim-vin[^"]*"[^>]*>([^<]*)</div>', html) assert "B999TST" in html, "placuta (nr. inmatriculare) lipseste de pe rand"
assert slim_vin_match, "slim-vin lipseste din randul cu VIN gol"
slim_vin_content = slim_vin_match.group(1).strip() # Niciun slim-vin nu contine '—' izolat
assert slim_vin_content != "", ( for m in re.finditer(r'<div[^>]*class="slim-vin[^"]*"[^>]*>([^<]*)</div>', html):
"slim-vin afiseaza '' izolat cand VIN lipseste — " assert m.group(1).strip() != "", "slim-vin afiseaza '' izolat ca identificator"
"trebuie sa afiseze vehicul_nr ca fallback"
) # Fallback neutru cand placuta + VIN lipsesc
# Fallback: nr inmatriculare vizibil assert "fara numar" in html, "fallback 'fara numar' lipseste cand placuta+VIN absente"
assert "B999TST" in html, "Nr inmatriculare (fallback) lipseste cand VIN e gol"

View File

@@ -42,10 +42,10 @@ class _FakeSessions:
self.invalidated: list[int] = [] self.invalidated: list[int] = []
self.tokens: list[int] = [] self.tokens: list[int] = []
def invalidate(self, account_id: int) -> None: def invalidate(self, account_id: int, rar_env=None) -> None:
self.invalidated.append(account_id) self.invalidated.append(account_id)
def get_token(self, conn, account_id: int, creds) -> str | None: def get_token(self, conn, account_id: int, creds, rar_env="test") -> str | None:
self.tokens.append(account_id) self.tokens.append(account_id)
if self._fail: if self._fail:
raise RuntimeError("RAR jos") raise RuntimeError("RAR jos")

View File

@@ -63,7 +63,7 @@ class FakeRar:
def test_login_reusit_logat(env, monkeypatch): def test_login_reusit_logat(env, monkeypatch):
conn, settings = env conn, settings = env
import app.worker.__main__ as w import app.worker.__main__ as w
monkeypatch.setattr(w, "RarClient", lambda s: FakeRar()) monkeypatch.setattr(w, "RarClient", lambda s, **kw: FakeRar())
sessions = w.AccountSessions(settings) sessions = w.AccountSessions(settings)
tok = sessions.get_token(conn, 2, {"email": "a@b.ro", "password": "secretaXY"}) tok = sessions.get_token(conn, 2, {"email": "a@b.ro", "password": "secretaXY"})
assert tok == "JWT-TEST" assert tok == "JWT-TEST"
@@ -80,7 +80,7 @@ def test_login_reusit_logat(env, monkeypatch):
def test_login_401_logat_fara_parola(env, monkeypatch): def test_login_401_logat_fara_parola(env, monkeypatch):
conn, settings = env conn, settings = env
import app.worker.__main__ as w import app.worker.__main__ as w
monkeypatch.setattr(w, "RarClient", lambda s: FakeRar(login_exc=RarAuthError("401", status_code=401))) monkeypatch.setattr(w, "RarClient", lambda s, **kw: FakeRar(login_exc=RarAuthError("401", status_code=401)))
sessions = w.AccountSessions(settings) sessions = w.AccountSessions(settings)
with pytest.raises(RarAuthError): with pytest.raises(RarAuthError):
sessions.get_token(conn, 3, {"email": "a@b.ro", "password": "parolaGRESITA"}) sessions.get_token(conn, 3, {"email": "a@b.ro", "password": "parolaGRESITA"})

View File

@@ -0,0 +1,326 @@
"""Teste US-006 (PRD 5.20) — sesiuni si trimitere worker per (cont, env).
Verifica:
- AccountSessions re-cheiat pe (account_id, rar_env): doua env ale aceluiasi cont
au sesiuni distincte.
- RarClient creat cu base_url-ul mediului (test -> rar_base_url_test,
prod -> rar_base_url_prod), nu ancora globala.
- Creds extrase din slotul accounts.rar_creds_{env}_enc corect per env.
- Purjarea creds efemere scoped pe (account_id, rar_env): login pe test NU sterge
creds efemere ale submission-urilor PROD ale aceluiasi cont (auto-fix E1/1a).
- recover_orphans per (cont, env): orfanii prod reconciliati contra endpoint prod,
nu contra test (auto-fix 1b/E6).
"""
from __future__ import annotations
import json
import os
import tempfile
import pytest
from cryptography.fernet import Fernet
# ---------------------------------------------------------------------------
# Fixture DB
# ---------------------------------------------------------------------------
@pytest.fixture()
def env(monkeypatch):
tmp = tempfile.mkdtemp()
monkeypatch.setenv("AUTOPASS_DB_PATH", os.path.join(tmp, "t.db"))
monkeypatch.setenv("AUTOPASS_CREDS_KEY", Fernet.generate_key().decode())
monkeypatch.setenv("AUTOPASS_WORKER_USE_TEST_CREDS", "false")
monkeypatch.setenv("AUTOPASS_REQUIRE_API_KEY", "false")
from app.config import get_settings
from app import crypto
get_settings.cache_clear()
crypto.reset_cache()
from app.db import get_connection, init_db
init_db()
conn = get_connection()
settings = get_settings()
yield conn, settings
conn.close()
get_settings.cache_clear()
crypto.reset_cache()
# ---------------------------------------------------------------------------
# Helpers
# ---------------------------------------------------------------------------
_CONTENT = {
"vin": "WVWZZZ1KZAW000123", "nr_inmatriculare": "B999TST",
"data_prestatie": "2026-06-15", "odometru_final": "123456",
"prestatii": [{"cod_prestatie": "OE-1"}], "sistem_reparat": "null",
}
def _insert_sub(conn, account_id=1, rar_env="test", creds_enc=None, status="queued"):
"""Insereaza un submission cu env si creds explicite."""
content = _CONTENT.copy()
cur = conn.execute(
"INSERT INTO submissions "
"(idempotency_key, account_id, status, payload_json, rar_env, rar_creds_enc) "
"VALUES (?, ?, ?, ?, ?, ?)",
(f"k-{os.urandom(4).hex()}", account_id, status, json.dumps(content), rar_env, creds_enc),
)
return int(cur.lastrowid)
def _row(conn, sid):
return conn.execute("SELECT * FROM submissions WHERE id=?", (sid,)).fetchone()
# Captura base_url-urilor clientilor creati de AccountSessions
_created_clients: list = []
class FakeRarClient:
"""RarClient stub care captura base_url-ul pentru assertii."""
def __init__(self, settings=None, *, base_url=None, login_exc=None):
self.base_url = base_url
self._login_exc = login_exc
self.login_calls = 0
self.closed = False
_created_clients.append(self)
def login(self, email, password):
self.login_calls += 1
if self._login_exc:
raise self._login_exc
return f"TOK-{email}-{self.base_url}"
def get_nomenclator(self, token):
return []
def close(self):
self.closed = True
# ---------------------------------------------------------------------------
# test_sesiune_separata_per_env
# ---------------------------------------------------------------------------
def test_sesiune_separata_per_env(env, monkeypatch):
"""Doua submission-uri ale aceluiasi cont, env test + prod -> doua login-uri distincte.
Cheia sesiunii e (account_id, rar_env): sesiunile test si prod sunt independente.
"""
import app.worker.__main__ as w
_created_clients.clear()
monkeypatch.setattr(w, "RarClient", FakeRarClient)
conn, settings = env
# Cont secundar (contul 1 e default din schema)
conn.execute("INSERT INTO accounts (id, name) VALUES (2, 'Cont2')")
conn.commit()
sessions = w.AccountSessions(settings)
creds_test = {"email": "test@example.ro", "password": "ptest"}
creds_prod = {"email": "prod@example.ro", "password": "pprod"}
tok_test = sessions.get_token(conn, 2, creds_test, "test")
tok_prod = sessions.get_token(conn, 2, creds_prod, "prod")
# Doua login-uri distincte
assert len(_created_clients) == 2
assert _created_clients[0].login_calls == 1
assert _created_clients[1].login_calls == 1
# Tokenuri distincte (de la email-uri diferite)
assert tok_test != tok_prod
# Sesiunile active: doua intrari, ambele pt cont 2, env diferite
active = sessions.active()
assert len(active) == 2
envs_active = {env for _, env, _, _ in active}
assert envs_active == {"test", "prod"}
# Al doilea apel cu acelasi (cont, env) -> cache, NU re-login
tok_test2 = sessions.get_token(conn, 2, creds_test, "test")
assert tok_test2 == tok_test
assert len(_created_clients) == 2 # niciun client nou creat
# ---------------------------------------------------------------------------
# test_base_url_dupa_submission
# ---------------------------------------------------------------------------
def test_base_url_dupa_submission(env, monkeypatch):
"""Un submission prod foloseste rar_base_url_prod; un submission test foloseste rar_base_url_test."""
import app.worker.__main__ as w
_created_clients.clear()
monkeypatch.setattr(w, "RarClient", FakeRarClient)
conn, settings = env
sessions = w.AccountSessions(settings)
creds = {"email": "x@example.ro", "password": "pw"}
sessions.get_token(conn, 1, creds, "test")
sessions.get_token(conn, 1, creds, "prod")
urls = {c.base_url for c in _created_clients}
assert settings.rar_base_url_test in urls, f"URL test asteptat in {urls}"
assert settings.rar_base_url_prod in urls, f"URL prod asteptat in {urls}"
# Cele doua URL-uri trebuie sa fie diferite (sisteme RAR separate)
assert settings.rar_base_url_test != settings.rar_base_url_prod
# ---------------------------------------------------------------------------
# test_creds_din_slotul_env
# ---------------------------------------------------------------------------
def test_creds_din_slotul_env(env, monkeypatch):
"""Cand submissions.rar_creds_enc lipseste, worker ia din accounts.rar_creds_{env}_enc.
Prod ia din rar_creds_prod_enc, nu din slotul test (auto-fix 1c/E8 + fallback per-env).
"""
import app.worker.__main__ as w
from app.crypto import encrypt_creds
conn, settings = env
enc_test = encrypt_creds({"email": "test@rar.ro", "password": "ptest"})
enc_prod = encrypt_creds({"email": "prod@rar.ro", "password": "pprod"})
# Salveaza creds in ambele sloturi per-env
conn.execute(
"UPDATE accounts SET rar_creds_test_enc=?, rar_creds_prod_enc=? WHERE id=1",
(enc_test, enc_prod),
)
conn.commit()
# Fara creds efemere pe submission -> fallback la slotul per-env
creds_test = w._creds_from_account(conn, 1, "test")
creds_prod = w._creds_from_account(conn, 1, "prod")
assert creds_test is not None, "slotul test trebuia sa aiba creds"
assert creds_test["email"] == "test@rar.ro"
assert creds_prod is not None, "slotul prod trebuia sa aiba creds"
assert creds_prod["email"] == "prod@rar.ro"
# Crucialmente: prod NU ia creds din slotul test
assert creds_prod["email"] != creds_test["email"]
# ---------------------------------------------------------------------------
# test_purge_creds_doar_pe_env (auto-fix E1/1a)
# ---------------------------------------------------------------------------
def test_purge_creds_doar_pe_env(env, monkeypatch):
"""Dupa login pe env=test, creds efemere ale submission-urilor PROD raman neatinse.
Scopul purjarii: WHERE account_id=? AND rar_env=?. Altfel un login TEST sterge
creds ale submission-urilor PROD -> prod blocat (auto-fix E1/1a).
"""
import app.worker.__main__ as w
from app.crypto import encrypt_creds
_created_clients.clear()
monkeypatch.setattr(w, "RarClient", FakeRarClient)
conn, settings = env
enc = encrypt_creds({"email": "u@rar.ro", "password": "pw"})
# Doua submission-uri ale aceluiasi cont: unul test, unul prod (ambele cu creds efemere)
sid_test = _insert_sub(conn, account_id=1, rar_env="test", creds_enc=enc)
sid_prod = _insert_sub(conn, account_id=1, rar_env="prod", creds_enc=enc)
sessions = w.AccountSessions(settings)
# Login pe env=test
sessions.get_token(conn, 1, {"email": "u@rar.ro", "password": "pw"}, "test")
# Creds efemere ale submission-ului TEST trebuie sterse (purjare normala)
row_test = _row(conn, sid_test)
assert row_test["rar_creds_enc"] is None, "creds test trebuiau sterse dupa login test"
# Creds efemere ale submission-ului PROD trebuie PASTRATE (nu sunt pentru env=test)
row_prod = _row(conn, sid_prod)
assert row_prod["rar_creds_enc"] is not None, \
"creds prod NU trebuiau sterse la login test (auto-fix E1/1a)"
# ---------------------------------------------------------------------------
# test_reconcile_pe_env_corect (auto-fix 1b/E6)
# ---------------------------------------------------------------------------
def test_reconcile_pe_env_corect(env, monkeypatch):
"""Un orfan env=prod e reconciliat contra endpoint PROD, nu contra test.
auto-fix 1b/E6: recover_orphans filtreaza pe rar_env si foloseste clientul/token-ul
env-ului corect. Orfanii prod contra endpoint test -> no-match -> re-POST prod =
DUPLICAT real ireversibil.
"""
import app.worker.__main__ as w
conn, settings = env
# Submission prod orfan (sending de mult timp)
sid_prod = _insert_sub(conn, account_id=1, rar_env="prod", status="sending")
conn.execute(
"UPDATE submissions SET sending_since=datetime('now', '-1 hour') WHERE id=?", (sid_prod,)
)
conn.commit()
# Submission test orfan (de verificat ca NU e atins de recover_orphans(rar_env='prod'))
sid_test = _insert_sub(conn, account_id=1, rar_env="test", status="sending")
conn.execute(
"UPDATE submissions SET sending_since=datetime('now', '-1 hour') WHERE id=?", (sid_test,)
)
conn.commit()
# Clientul prod fake — "gaseste" prezentarea prod la RAR
class FakeProdRar:
def __init__(self):
self.get_finalizate_calls = 0
def get_finalizate(self, token):
self.get_finalizate_calls += 1
return [{"id": 9999, "vin": "WVWZZZ1KZAW000123",
"dataPrestatie": "2026-06-15", "odometruFinal": 123456}]
def post_prezentare(self, token, payload):
return {"id": 9999}
# Clientul test fake — nu gaseste nimic (sistemul test nu are prezentarea)
class FakeTestRar:
def __init__(self):
self.get_finalizate_calls = 0
def get_finalizate(self, token):
self.get_finalizate_calls += 1
return [] # nu e la RAR test
def post_prezentare(self, token, payload):
return {"id": 1111}
rar_prod = FakeProdRar()
rar_test = FakeTestRar()
# Apelam recover_orphans cu clientul PROD si env='prod' -> trebuie sa gaseasca orfanul prod
n = w.recover_orphans(conn, settings, rar_prod, "tok-prod", account_id=1, rar_env="prod")
assert n == 1, f"trebuia sa reconcilieze 1 orfan prod, a gasit {n}"
row_prod = _row(conn, sid_prod)
assert row_prod["status"] == "sent", f"orfanul prod trebuia marcat sent, e {row_prod['status']}"
assert row_prod["id_prezentare"] == 9999
# Submission-ul TEST nu trebuia atins de recover_orphans cu rar_env='prod'
row_test = _row(conn, sid_test)
assert row_test["status"] == "sending", \
f"orfanul test NU trebuia atins de recover cu env=prod, e {row_test['status']}"
# Confirmare ca clientul prod a interogat finalizate (reconciliere pe endpoint corect)
assert rar_prod.get_finalizate_calls == 1
# Clientul test NU trebuia folosit (recover_orphans cu env=prod NU atinge endpoint test)
assert rar_test.get_finalizate_calls == 0