Compare commits

...

13 Commits

Author SHA1 Message Date
Claude Agent
3eaf1ca6cd test: actualizeaza asertia coloane list_accounts (requested_plan, consent_at)
Testul verifica setul exact de chei returnat de list_accounts; ramasese in urma
dupa ce coloanele requested_plan si consent_at au fost adaugate (5.17/consent).
Fara legatura cu 5.20 — esec pre-existent semnalat in checkpoint.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-02 19:55:48 +00:00
Claude Agent
1648960b13 feat(5.20): US-008 configurare medii RAR per cont (Testare/Productie)
Ruta noua POST /cont/rar-medii: doua sectiuni independente Testare/Productie,
fiecare cu bifa activare + email/parola. La salvare, mediu activat cu creds noi
e validat prin login pe env-ul respectiv (US-007); OK -> criptare Fernet in
rar_creds_{env}_enc + enabled=1; esec -> eroare per-env, creds nesalvate.

Prima activare Productie cere checkbox de confirmare (constientizare L.142).
Mediul implicit (rar_env_default) setabil DOAR pe un mediu disponibil, validat
server-side post-update. Parolele niciodata reflectate in pagina.

_fetch_cont_env_state deriva starea per-env pentru _cont.html; refactor al
handlerelor de cont sa foloseasca env_ctx in loc de are_creds legacy.

tests/test_cont_medii.py: 4 teste (salvare+creds criptate per env, default doar
dintre disponibile, confirmare prod obligatorie, fara echo parola).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-02 19:53:50 +00:00
Claude Agent
3579a15363 feat(5.20): US-007 validare login RAR pe env-ul setului de credentiale
Login de validare loveste base_url_pentru_env(env) (NU ancora globala); endpoint
POST /cont/test-rar-creds + card in _integrare.html; mesaj distinct TESTARE vs
PRODUCTIE la 401 incrucisat (confirmat live).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-29 20:46:50 +00:00
Claude Agent
19d8aaa7aa feat(5.20): US-004/005/006/009 ingestie+API+worker+import pe mediu RAR
US-004: rezolva_rar_env (cerere>default cont>ancora globala) + MediuIndisponibil
+ cod RAR_MEDIU_INDISPONIBIL.
US-005: camp rar_env pe POST /v1/prezentari + /valideaza (Literal), echo in
SubmissionResult/ValidareResult/GET, build_key + INSERT env-aware.
US-006: AccountSessions re-cheiat (account_id, rar_env); RarClient base_url per
env; creds din slotul env; purge + recover_orphans scoped pe env (E1/1a, 1b/E6);
claim_one propaga rar_env (1c/E8); keepalive pe ancora globala (M2).
US-009: selector mediu la import (>=2 medii), eticheta la 1, banner la 0; commit
seteaza rar_env pe submissions.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-29 20:30:11 +00:00
Claude Agent
d5ce0e2e2b feat(branding): redenumire ROMFAST AUTOPASS -> ROA AUTOPASS in UI
Titlu pagina, antet brand si /login afiseaza acum 'ROA AUTOPASS'.
Include redesignul sectiunii Problem+Calculator combinata din landing.
Teste de antet/nav aliniate la noul nume.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-29 19:42:31 +00:00
Claude Agent
deb6afff3e feat(5.20): US-001/002/003 schema medii per cont + disponibilitate + idempotenta env-aware
US-001: coloane accounts (rar_test/prod_enabled, rar_creds_test/prod_enc,
rar_env_default) + submissions.rar_env; migrare cu backfill din ancora globala
AUTOPASS_RAR_ENV (creds->slot, enabled doar pe mediul cu creds) + recompute
idempotency_key env-aware (AUTO-FIX G + E4/3).
US-002: app/rar_env.py — medii_disponibile + rar_env_efectiv (REQ-DISP/DEFAULT).
US-003: build_key(account_id, canon, rar_env) — test vs prod = trimiteri distincte.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-29 19:42:28 +00:00
Claude Agent
b4818349be docs(5.20): PRD medii RAR per cont (Testare/Productie) aprobat + roadmap
Doua medii RAR configurabile per cont, fiecare cu bifa de activare si set
propriu de credentiale. medii_disponibile=enabled AND creds deriva tot UX-ul.
13 stories / 6 valuri. Premisa verificata live: test/prod = sisteme separate.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-29 19:27:50 +00:00
Claude Agent
ff9d0f41d1 feat(landing): titlu ROMFAST AUTOPASS, calculator pe trimiteri, grila preturi uniforma
- header cu titlu ROMFAST AUTOPASS + subtitlu Gateway RAR, nav la dreapta
- title/meta description aliniate pe mesajul "incarci fisierul, coduri o data"
- hero: subtext rescris + linie beneficiu "Gratuit pana la 60 de trimiteri/luna"
- scoase toate referintele la card bancar
- calculator: slider pe Trimiteri/luna (default 100), cifre uniforme grid 2x2,
  rotunjite fara zecimale
- preturi: carduri egale cu aceleasi componente (bifa/minus), Standard 49 lei +
  badge Popular + buton verde, Gratuit fara badge, "* fara TVA" la preturi
- sectiune separata beneficiu "30 de zile Pro gratuit"; FINAL CTA eliminat
- suport: Standard maxim 24h, Pro maxim 8h
- signup: pret Standard aliniat la 49 lei

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-29 18:56:49 +00:00
Claude Agent
7371c3703d chore(compose): parametrizeaza RAR_ENV si WORKER_SEND_ENABLED pentru staging
Permite override din Dokploy environment fara a schimba comportamentul prod
(default-uri pastrate: api RAR_ENV=prod, worker RAR_ENV=test, SEND_ENABLED=true).
Necesar pentru serviciul de staging autopass-test.roa.romfast.ro, care forteaza
RAR_ENV=test si WORKER_SEND_ENABLED=false ca sa NU trimita declaratii reale la RAR.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-29 16:39:35 +00:00
Claude Agent
851f76ca16 feat(signup+admin): aliniere formular signup la landing + plan cerut, GDPR, control tier/trial in panou
Signup:
- /signup aliniat ca format la formularul din landing (campuri, etichete,
  placeholder-uri, select plan, checkbox GDPR, buton). Eticheta `name` = "Companie"
  (corecta: backendul salveaza nume de firma), uniform si in landing.
- Consimtamant GDPR validat server-side (functional, nu doar client-side) + salvat
  cu marca temporala (accounts.consent_at).
- Plan ales la signup salvat in accounts.requested_plan (intentie, NU drept): tier
  ramane sursa de adevar pentru gate-ul API; coloana pregateste integrarea platilor.
- landing: valorile `plan` = coduri tier (free/standard/pro/premium), data-plan
  sincronizat pe butoanele de pret; checkbox consimtamant primeste name.

Schema/DB:
- accounts: coloane noi requested_plan + consent_at (cu migrare aditiva in db.py).

Panou admin:
- Coloane noi: Plan curent (plan EFECTIV acum + zile trial ramase) si Plan cerut.
- Buton "Aplica" (POST /admin/set-tier): aloca plan real si INCHEIE trial-ul
  (efect imediat; altfel trial-ul Pro universal de 30z masca alegerea).
- Control "Trial Pro N zile" (POST /admin/set-trial via accounts.set_trial):
  acorda/prelungeste trial fara a schimba tier-ul de baza.

Teste: signup (consent obligatoriu, requested_plan persistat, tier ramane free),
panou admin (set-tier incheie trial, free opreste Pro imediat, set-trial, validari
+ CSRF). Call-site-urile existente POST /signup actualizate cu consent.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-29 16:02:37 +00:00
Claude Agent
a29896a790 docs(5.19): PRD bifa "Trimite automat la RAR" + coada tinuta/eliberare manuala
PRD prin /prd + /autoplan (CEO/Design/Eng/DX, voce unica - Codex la plafon).
Per-cont accounts.auto_send_enabled (default OFF time-boxed) + per-rand
submissions.held; snapshot la TOATE ~8 situri queued via held_for_account()
(Eng a prins bug reactivare router:237 ce ocolea Auto OFF); claim_one AND held=0.
Crescut 6->10 stories: US-007 banner/metrics coada imbatranita, US-008 retentie
held (GDPR/L.142), US-009 fixturi teste + audit, US-010 onestitate API (invariant
5.7). 26 taskuri. Eticheta redenumita; testare sigura (rar_env/valideaza) -> TODOS.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-29 15:46:23 +00:00
Claude Agent
3f513f6c12 fix(landing): elimina announce bar, actualizeaza badge hero, ancoreaza nav, simplifica login
- Scoate announce bar-ul de deasupra header-ului
- Badge hero reformulat: "Este gratuit pentru service-urile mici — pana la 60 de trimiteri RAR/luna" + link "Creeaza cont in 2 minute"
- Nav links "Cum functioneaza", "API", "Pret" devin <a href="#..."> cu id-uri pe sectiunile corespunzatoare
- Pagina /login: scoate <aside> cu logo/tagline/trust, layout trece la o singura coloana centrata

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-29 15:04:40 +00:00
Claude Agent
8f39dfbc1e feat(5.16): aliniere lista/preview la mockup + fix lock seed la boot
Implementeaza planul aprobat din docs/raport-comparatie-mockup-5.16.md (T-1..T-9):

- T-1/T-8: rand lista 4->2 linii (placuta primar + cod RAR · operatie · data + pill),
  fallback placuta, eticheta-problema 10px->--fs-xs (_submissions.html, base.html)
- T-2: pill slim restilat fill-tint + dot 7px + text colorat per stare (base.html)
- T-3: bug 4a coliziune pill/vehicul in preview — col-stare 104->140px (base.html)
- T-4: preview 8->5 coloane (scos #, KM, Note; motivul -> title pe pill)
- T-5: titlu sectiune "Trimiterile tale" -> sr-only (a11y) + badge/export discret
- T-6: linia plan N/60 in corp doar pe avertizare; consum normal in badge+burger
- T-7: guard chenar gol chips extra (_chips_prestatii.html)
- T-9: "Anuleaza"->"Renunta"; nume operatie emfatic bold

Fix boot: init_db reincarca seedul de ~17k operatii (5.18) pe FIECARE pornire, pe
API + worker concurent -> "database is locked" la al doilea proces. Guard "_if_empty"
pe mapping_suggestions (ca seed_nomenclator_if_empty) -> boot rapid, fara cursa.

Teste actualizate (slim 2-linii, fallback placuta, plan in burger). TODOS.md:
defer trackuit (eroare HTMX lista, retokenizare px, diacritice).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-29 14:44:10 +00:00
61 changed files with 4772 additions and 564 deletions

View File

@@ -53,3 +53,26 @@ Elemente deferate din review-uri. Negrupte de un PRD curent; de promovat cand de
- [ ] **US-009/US-010 ca PRD separat daca propagarea design e urgenta** — salvarea mapare-din-chip si
bulk-fix sunt adiacente FUNCTIONALE (acceptate via SELECTIVE EXPANSION), dincolo de obiectivul pur de
propagare design. Daca vrei sa livrezi designul rapid, pot fi scoase intr-un PRD propriu. (CEO, low.)
## Din raport comparatie mockup 5.16 (2026-06-29)
> Restul task-urilor din `docs/raport-comparatie-mockup-5.16.md` au fost livrate (T-1..T-9).
> Cele de mai jos raman explicit in coada la cererea userului.
- [ ] **Stare de eroare HTMX la incarcarea listei (D-4)** — cand `/_fragments/submissions`
da 500 sau pica reteaua, `#submissions-wrap` ramane blocat pe spinner ("se incarca…") fara
mesaj. De adaugat un partial de eroare / `hx-on::response-error` cu "nu s-a putut incarca,
reincearca". Robustete pre-existenta (nu introdusa de 5.16), impact functional real —
**candidatul cu cea mai mare valoare** din lista. (Design D-4, medium.)
- [ ] **Retokenizare px completa in template-uri**`_submissions.html` / `_preview_*` folosesc
literali `font-size:13px/12px/11px` in loc de token-urile `--fs-*`. 5.16 a corectat doar
instanta sub-12px (incalca pragul PRD). Restul ramane debt: schimbarea in masa (13px→`--fs-sm`
=13.5px) misca layout-ul, deci necesita o baza de regresie vizuala inainte. (Eng, bounded —
amanat ca scope creep fara baza AC.)
- [ ] **Diacritice in textul vizibil pentru user** — mockup-urile folosesc diacritice complete
("Observații", "Salvează", "Adaugă"); aplicatia le omite in majoritatea label-urilor. Fontul
le randeaza corect (US-001 confirmat). De aplicat pe label-uri/butoane/titluri, pastrand
cod/comentariile fara diacritice. Decizie initiala (poarta de gust T3): nu se aplica acum —
reintrodus in coada la cererea userului (2026-06-29) ca finisaj viitor. (Transversal, low.)

View File

@@ -44,6 +44,8 @@ def create_account(
cui: str | None = None,
email: str | None = None,
active: bool = True,
requested_plan: str | None = None,
consent_at: str | None = None,
) -> int:
"""Insereaza un cont si intoarce id-ul nou (AUTOINCREMENT, deci >=2 — nu atinge default id=1).
@@ -51,12 +53,19 @@ def create_account(
`email` se normalizeaza (trim+lower); sir gol -> ValueError.
Un CUI deja folosit -> ValueError cu cauza+fix. Unicitatea e impusa de indexul partial
`ux_accounts_cui` (nu de un check separat), deci e sigura la concurenta.
`requested_plan`: planul CERUT la signup (separat de `tier`). NU acorda drepturi — `tier`
ramane mereu 'free' la creare; planul cerut e doar o intentie pentru integrarea platilor.
Valoare invalida (nu e in VALID_TIERS) -> ignorata (stocata NULL), nu arunca.
`consent_at`: marca temporala consimtamant Termeni+GDPR (proba); None = fara flux consimtamant.
"""
name = (name or "").strip()
if not name:
raise ValueError("name gol (un cont are nevoie de nume)")
cui = _norm_cui(cui)
email = _norm_email(email)
# Planul cerut: pastram doar valori valide; orice altceva -> NULL (defensiv).
req_plan = requested_plan if requested_plan in VALID_TIERS else None
try:
# Trial Pro automat la creare (PRD 5.17 US-001): tier='free' + trial_until=now+30z.
trial_until = (
@@ -64,10 +73,11 @@ def create_account(
)
# Invariant (5.5): active=1 <=> status='active'; cont creat inactiv = 'pending'.
cur = conn.execute(
"INSERT INTO accounts (name, cui, email, active, status, tier, trial_until) "
"VALUES (?, ?, ?, ?, ?, ?, ?)",
"INSERT INTO accounts (name, cui, email, active, status, tier, trial_until, "
"requested_plan, consent_at) "
"VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)",
(name, cui, email, 1 if active else 0, "active" if active else "pending",
"free", trial_until),
"free", trial_until, req_plan, consent_at),
)
except sqlite3.IntegrityError:
existing = conn.execute("SELECT id FROM accounts WHERE cui=?", (cui,)).fetchone()
@@ -185,6 +195,38 @@ def set_tier(
pass
def set_trial(conn: sqlite3.Connection, account_id: int, trial_until: str | None) -> None:
"""Seteaza DOAR `trial_until` (acorda/prelungeste/sterge trial Pro), fara a atinge `tier`.
Trial Pro activ (trial_until in viitor) ridica planul efectiv la 'pro' (vezi
plans.effective_tier), indiferent de tier-ul de baza. Folosit din panoul admin ca sa
acorzi un trial fara a schimba tier-ul de baza (post-trial).
Contul de sistem id=1 e protejat. Cont inexistent -> ValueError.
trial_until: string ISO UTC ("YYYY-MM-DD HH:MM:SS") sau None (sterge trial-ul).
"""
row = conn.execute("SELECT 1 FROM accounts WHERE id=?", (account_id,)).fetchone()
if not row:
raise ValueError(f"cont inexistent: {account_id}")
if account_id == _PROTECTED_ACCOUNT_ID:
raise ValueError("Contul default (id=1) nu poate primi trial (cont de sistem).")
conn.execute(
"UPDATE accounts SET trial_until=? WHERE id=?", (trial_until, account_id)
)
# Audit in app_events (best-effort, fara PII nou — ca set_tier).
try:
from .observ import log_event
log_event(
"plan_trial_setat",
account_id=account_id,
mesaj=f"trial_until -> {trial_until or 'NULL'}",
context={"trial_until": trial_until},
conn=conn,
)
except Exception: # noqa: BLE001 — jurnal best-effort (ca observ.log_event)
pass
def delete_account(conn: sqlite3.Connection, account_id: int) -> None:
"""Stergere SOFT: randul ramane ca tombstone (status='deleted', scos din liste), DAR datele
sensibile se purjeaza IMEDIAT (GDPR/L.142): credentialele RAR criptate sterse, cheile API
@@ -208,7 +250,8 @@ def list_accounts(conn: sqlite3.Connection) -> list[dict]:
"""Metadate conturi (FARA `rar_creds_enc`), ordonate dupa id. Exclude conturile 'deleted'
(stergere soft -> invizibile in panou)."""
rows = conn.execute(
"SELECT id, name, cui, email, active, status, tier, trial_until, created_at FROM accounts "
"SELECT id, name, cui, email, active, status, tier, trial_until, "
"requested_plan, consent_at, created_at FROM accounts "
"WHERE status != 'deleted' ORDER BY id"
).fetchall()
return [dict(r) for r in rows]

View File

@@ -55,6 +55,7 @@ from ...mapping import (
resolve_prestatii,
)
from ...validation import validate_prezentare
from ...rar_env import MediuIndisponibil, rar_env_efectiv_cont, rezolva_rar_env
router = APIRouter(prefix="/v1/import", tags=["import"])
@@ -260,10 +261,10 @@ def _resolve_row_for_preview(
}
def _build_idempotency_key(account_id: int | None, resolved: dict[str, Any]) -> str:
def _build_idempotency_key(account_id: int | None, resolved: dict[str, Any], rar_env: str = "test") -> str:
"""Construieste cheia de idempotenta pentru un rand rezolvat."""
canon = canonicalize_row(resolved)
return build_key(account_id, canon)
return build_key(account_id, canon, rar_env)
# Campuri de continut editabile in preview. Operatia/codul RAR NU se editeaza
@@ -767,6 +768,11 @@ def preview_import(
valid_codes = load_nomenclator_codes(conn) or None
text_rules = load_text_rules(conn, acct)
# Mediul RAR efectiv al contului — folosit la calculul cheii de idempotenta
# la preview (trebuie sa coincida cu ce va folosi commit-ul fara rar_env explicit).
from ...config import get_settings as _get_settings_env
preview_env = rar_env_efectiv_cont(conn, account_id) or _get_settings_env().rar_env or "test"
# Recalculam coercion_flags din valorile stocate (nu sunt persistate separat):
# detectie simpla de VIN numeric.
coercion_flags_map: dict[int, list[str]] = {}
@@ -822,7 +828,7 @@ def preview_import(
key = None
if resolved_info["resolved_status"] in ("ok", "needs_review", "needs_data"):
try:
key = _build_idempotency_key(account_id, resolved_info["resolved"])
key = _build_idempotency_key(account_id, resolved_info["resolved"], preview_env)
keys_for_lookup.append(key)
if key not in key_to_index:
key_to_index[key] = []
@@ -930,6 +936,7 @@ class CommitIn(BaseModel):
description="Indecsi de rand needs_review bifate explicit de utilizator",
)
confirmed_by: str | None = Field(None, description="Email/identifier utilizator (log atestare)")
rar_env: str | None = Field(None, description="Mediu RAR tinta ('test'|'prod'). None = default cont.")
@router.post("/{import_id}/commit")
@@ -1024,6 +1031,18 @@ def commit_import(
if n_total_ok == 0:
raise HTTPException(status_code=422, detail="Niciun rand ok de confirmat.")
# Rezolva mediul RAR tinta al lotului (US-009): cerut > default cont > ancora globala.
try:
env = rezolva_rar_env(conn, account_id, req.rar_env)
except ValueError as e:
raise HTTPException(status_code=422, detail={"error": "mediu_invalid", "message": str(e)})
except MediuIndisponibil as e:
raise HTTPException(status_code=422, detail={
"error": "mediu_indisponibil",
"message": str(e),
"disponibile": e.disponibile,
})
# T3 (PRD 5.17): enforce volum plan — INAINTE de enqueue (invariant idempotenta).
# Decizie #21: respingere TOTALA a lotului (nu enqueue partial tacut).
from ...config import get_settings as _get_settings
@@ -1172,8 +1191,8 @@ def commit_import(
"odometru_final": canon["odometru_final"],
})
# Cheia de idempotenta (identica cu cheia din preview — aceeasi ordine)
key = build_key(account_id, canon)
# Cheia de idempotenta (identica cu cheia din preview — aceeasi ordine + env)
key = build_key(account_id, canon, env)
# Hash row pentru atestare (valori rezolvate)
rows_for_hash.append(json.dumps({
@@ -1189,9 +1208,9 @@ def commit_import(
# INSERT ON CONFLICT DO NOTHING (TOCTOU)
cur = conn.execute(
"INSERT OR IGNORE INTO submissions "
"(idempotency_key, account_id, status, payload_json, batch_id, row_index, purge_after) "
"VALUES (?, ?, 'queued', ?, ?, ?, " + purge_after_sql + ")",
(key, acct, payload_json, import_id, row_index),
"(idempotency_key, account_id, status, payload_json, batch_id, row_index, purge_after, rar_env) "
"VALUES (?, ?, 'queued', ?, ?, ?, " + purge_after_sql + ", ?)",
(key, acct, payload_json, import_id, row_index, env),
)
if cur.rowcount == 0:

View File

@@ -24,6 +24,7 @@ from ...crypto import encrypt_creds
from ...db import get_connection
from ...errors import eroare as err_eroare
from ...idempotency import build_key, canonicalize_row
from ...rar_env import MediuIndisponibil, rezolva_rar_env
from ...mapping import (
_emite_text_rule_hits,
account_or_default,
@@ -122,7 +123,7 @@ def _rezultat_enqueue(submission_id: int | None, cl: dict, **extra) -> Submissio
)
def _rezultat_respins(submission_id: int | None, cl: dict) -> SubmissionResult:
def _rezultat_respins(submission_id: int | None, cl: dict, rar_env: str = "test") -> SubmissionResult:
"""Rezultat pentru on_unmapped_error=True: status='error', fara enqueue/reactivare.
`erori` pastreaza COD_NEMAPAT (compat clienti vechi); `nemapate` + `motiv` adaugate.
@@ -131,6 +132,7 @@ def _rezultat_respins(submission_id: int | None, cl: dict) -> SubmissionResult:
return SubmissionResult(
submission_id=submission_id, status="error",
erori=nem, nemapate=nem, motiv=_motiv_clasificare(cl),
rar_env=rar_env,
)
@@ -168,6 +170,29 @@ def create_prezentari(
text_rules = load_text_rules(conn, acct)
error_mode = _effective_on_unmapped_error(conn, acct, req.on_unmapped_error)
# US-005: rezolva mediul RAR tinta (cerut > default cont > ancora globala).
# MediuIndisponibil -> 422 inainte de orice enqueue (respinge tot lotul).
try:
env = rezolva_rar_env(conn, acct, req.rar_env)
except MediuIndisponibil as e:
raise HTTPException(
status_code=422,
detail=err_eroare(
"RAR_MEDIU_INDISPONIBIL",
cauza=(
f"mediu cerut: {e.env}; disponibile: "
f"{', '.join(e.disponibile) or 'niciunul'}"
),
),
)
except ValueError:
# Pydantic Literal prinde valorile invalide inainte sa ajunga aici;
# ramura e defensiva pentru apeluri directe fara model Pydantic.
raise HTTPException(
status_code=422,
detail=err_eroare("RAR_MEDIU_INDISPONIBIL", cauza="valoare invalida pentru rar_env"),
)
# T3 (PRD 5.17): enforce volum plan — INAINTE de build_key/enqueue (invariant idempotenta).
# Decizie #21: respingere TOTALA a lotului (nu enqueue partial tacut).
from ...config import get_settings as _get_settings
@@ -213,7 +238,7 @@ def create_prezentari(
# build_key aplica account_or_default(account_id) inainte de hash:
# None si 1 colapseaza la aceeasi cheie (canal API + canal import).
canon = canonicalize_row(content)
key = build_key(account_id, canon)
key = build_key(account_id, canon, env)
# Aplica normalizarea si in content (odometru canonicalizat inainte de validare)
content.update({
"vin": canon["vin"],
@@ -232,19 +257,20 @@ def create_prezentari(
cl = _classify_modal(content, mapping, mapping_meta, valid_codes, error_mode, text_rules)
if cl["blocked_error"]:
# on_unmapped_error=True: nu reactivam; randul ramane 'error'.
results.append(_rezultat_respins(existing["id"], cl))
results.append(_rezultat_respins(existing["id"], cl, rar_env=env))
continue
cur = conn.execute(
"UPDATE submissions SET status=?, payload_json=?, rar_error=?, "
"rar_creds_enc=COALESCE(?, rar_creds_enc), retry_count=0, "
"next_attempt_at=NULL, sending_since=NULL, purge_after=NULL, "
"updated_at=datetime('now') WHERE id=? AND status='error'",
"rar_env=?, updated_at=datetime('now') WHERE id=? AND status='error'",
(cl["status"], json.dumps(cl["content"], ensure_ascii=False),
cl["rar_error"], creds_enc, existing["id"]),
cl["rar_error"], creds_enc, env, existing["id"]),
)
if cur.rowcount == 1:
# Creds noi se propaga si in canalul durabil (accounts.rar_creds_enc)
# — ambele canale converg pe parola corectata.
# US-013: muta pe slot env dupa login (write-back conservator).
if req.rar_credentials is not None:
conn.execute(
"UPDATE accounts SET rar_creds_enc=? WHERE id=?",
@@ -253,7 +279,7 @@ def create_prezentari(
_emite_text_rule_hits(conn, acct, existing["id"], cl["resolved"])
# Raspuns onest si la reactivare: daca re-clasificarea cade pe
# needs_data/needs_mapping, expune motivul (nu doar status).
results.append(_rezultat_enqueue(existing["id"], cl, reactivated=True))
results.append(_rezultat_enqueue(existing["id"], cl, reactivated=True, rar_env=env))
continue
# Cursa: alt POST/requeue a schimbat starea intre SELECT si UPDATE
# (rowcount==0) -> raspuns dedup pe starea CURENTA.
@@ -267,6 +293,7 @@ def create_prezentari(
status=existing["status"],
id_prezentare=existing["id_prezentare"],
deduped=True,
rar_env=env,
)
)
continue
@@ -276,17 +303,17 @@ def create_prezentari(
cl = _classify_modal(content, mapping, mapping_meta, valid_codes, error_mode, text_rules)
if cl["blocked_error"]:
# on_unmapped_error=True: respinge fara enqueue (cod necunoscut/nemapat).
results.append(_rezultat_respins(None, cl))
results.append(_rezultat_respins(None, cl, rar_env=env))
continue
cur = conn.execute(
"INSERT INTO submissions (idempotency_key, account_id, status, payload_json, rar_error, rar_creds_enc) "
"VALUES (?, ?, ?, ?, ?, ?)",
(key, acct, cl["status"], json.dumps(cl["content"], ensure_ascii=False), cl["rar_error"], creds_enc),
"INSERT INTO submissions (idempotency_key, account_id, status, payload_json, rar_error, rar_creds_enc, rar_env) "
"VALUES (?, ?, ?, ?, ?, ?, ?)",
(key, acct, cl["status"], json.dumps(cl["content"], ensure_ascii=False), cl["rar_error"], creds_enc, env),
)
sub_id = int(cur.lastrowid)
_emite_text_rule_hits(conn, acct, sub_id, cl["resolved"])
# Raspuns onest: pe needs_data/needs_mapping expune erori/nemapate/motiv.
results.append(_rezultat_enqueue(sub_id, cl))
results.append(_rezultat_enqueue(sub_id, cl, rar_env=env))
# Audit cerere API per cont. Doar metadate (count + distributie status),
# NICIUN camp de payload PII integral. Reuse conn (fara contentie WAL).
@@ -332,6 +359,27 @@ def valideaza_prezentari(
# Acelasi seam ca trimiterea reala: dry-run trebuie sa vada aceleasi reguli text.
text_rules = load_text_rules(conn, acct)
error_mode = _effective_on_unmapped_error(conn, acct, req.on_unmapped_error)
# US-005 (DX F5): rezolva env identic ca trimiterea reala si ecou-ieste in raspuns.
try:
env = rezolva_rar_env(conn, acct, req.rar_env)
except MediuIndisponibil as e:
raise HTTPException(
status_code=422,
detail=err_eroare(
"RAR_MEDIU_INDISPONIBIL",
cauza=(
f"mediu cerut: {e.env}; disponibile: "
f"{', '.join(e.disponibile) or 'niciunul'}"
),
),
)
except ValueError:
raise HTTPException(
status_code=422,
detail=err_eroare("RAR_MEDIU_INDISPONIBIL", cauza="valoare invalida pentru rar_env"),
)
for i, prez in enumerate(req.prezentari):
content = prez.model_dump()
res = _classify_modal(content, mapping, mapping_meta, valid_codes, error_mode, text_rules)
@@ -346,6 +394,7 @@ def valideaza_prezentari(
index=i,
valid=(res["status"] == "queued"),
status_estimat=res["status"],
rar_env=env,
erori=res["errors"],
nemapate=nemapate,
prestatii_rezolvate=res["resolved"],
@@ -366,9 +415,10 @@ def list_prezentari(
scope_sql, scope_params = account_scope_clause(account_id)
# payload_json e plaintext (vezi submissions.payload_json); il citim doar ca
# sa derivam campurile afisabile prin helper-ul partajat, nu il expunem.
# rar_env inclus (US-005): badge mediu in lista.
cols = (
"id, status, id_prezentare, rar_status_code, retry_count, "
"created_at, updated_at, payload_json"
"created_at, updated_at, payload_json, rar_env"
)
if status:
rows = conn.execute(
@@ -403,6 +453,8 @@ _PREZENTARE_FIELDS = frozenset({
# erori din catalog (niciodata creds, ex. RAR_CREDS_INVALIDE poarta doar cauza
# "credentiale RAR invalide", fara parola). Face recovery-ul observabil prin API.
"rar_error",
# US-005: mediul RAR tinta (Test/Productie) — necesar pentru badge + ecou API.
"rar_env",
})

127
app/db.py
View File

@@ -39,7 +39,16 @@ def init_db() -> None:
seed_nomenclator_if_empty(conn)
# Seed corpus operatii etichetate -> mapping_suggestions (SILVER, PRD 5.18 US-004).
# Gated: OFF in teste (conftest), ON in productie. INSERT OR IGNORE -> idempotent.
# DOAR daca mapping_suggestions e gol: seedul are ~17k randuri; re-rularea lui pe
# FIECARE boot (API + worker concurent) tinea write-lock-ul indelung -> al doilea
# proces primea "database is locked" la pornire. Guard "_if_empty" (ca nomenclatorul)
# -> boot rapid cand e deja seeded. Re-seed dupa actualizarea fisierului = manual
# (goleste tabela), consistent cu semantica v1 ignore-not-upsert a seederului.
if get_settings().seed_operatii_enabled:
already = conn.execute(
"SELECT 1 FROM mapping_suggestions LIMIT 1"
).fetchone()
if not already:
from .operatii_seed import seed_operatii_etichetate
seed_operatii_etichetate(conn)
@@ -62,11 +71,26 @@ def _migrate(conn: sqlite3.Connection) -> None:
conn.execute("ALTER TABLE submissions ADD COLUMN batch_id INTEGER")
if "row_index" not in sub_cols:
conn.execute("ALTER TABLE submissions ADD COLUMN row_index INTEGER")
if "rar_env" not in sub_cols:
# PRD 5.20 US-001. Mediul RAR tinta pe submission. Pe DB existent NU lasam
# randurile pe DEFAULT 'test': un rand prod pre-migrare etichetat 'test' ar fi
# reconciliat de worker (US-006) contra endpoint TEST -> no-match -> re-send prod
# = DUPLICAT REAL IREVERSIBIL. Backfill din AUTOPASS_RAR_ENV global (ancora de
# migrare) + recompute idempotency_key env-aware. Ruleaza O SINGURA DATA (in
# blocul de adaugare a coloanei); pe DB fresh coloana vine din schema.sql (fara rows).
conn.execute(
"ALTER TABLE submissions ADD COLUMN rar_env TEXT NOT NULL DEFAULT 'test' "
"CHECK (rar_env IN ('test', 'prod'))"
)
_backfill_submissions_rar_env(conn)
# Coloane accounts
acc_cols = {r["name"] for r in conn.execute("PRAGMA table_info(accounts)").fetchall()}
if "rar_creds_enc" not in acc_cols:
conn.execute("ALTER TABLE accounts ADD COLUMN rar_creds_enc TEXT")
acc_cols.add("rar_creds_enc")
# Medii RAR per cont (PRD 5.20 US-001): activare + slot creds + default, per mediu.
_migrate_accounts_medii(conn, acc_cols)
if "active" not in acc_cols:
# Conturi existente raman active (default 1).
conn.execute("ALTER TABLE accounts ADD COLUMN active INTEGER NOT NULL DEFAULT 1")
@@ -100,6 +124,14 @@ def _migrate(conn: sqlite3.Connection) -> None:
if "trial_until" not in acc_cols:
# Trial Pro activ daca != NULL si > now. Nullable (NULL = fara trial).
conn.execute("ALTER TABLE accounts ADD COLUMN trial_until TEXT")
if "requested_plan" not in acc_cols:
# Planul cerut la signup (integrare plati). NU acorda drepturi; `tier` ramane sursa
# de adevar pt API/volum. Nullable. ALTER nu poate adauga CHECK pe coloana noua in
# SQLite -> validarea valorilor se face in cod (signup, fata de VALID_TIERS).
conn.execute("ALTER TABLE accounts ADD COLUMN requested_plan TEXT")
if "consent_at" not in acc_cols:
# Marca temporala consimtamant Termeni+GDPR (proba). Nullable (NULL = CLI/legacy).
conn.execute("ALTER TABLE accounts ADD COLUMN consent_at TEXT")
# Unicitate CUI (un CUI = un cont); NULL distinct nativ -> conturi fara CUI multiplu.
conn.execute(
"CREATE UNIQUE INDEX IF NOT EXISTS ux_accounts_cui ON accounts(cui) WHERE cui IS NOT NULL"
@@ -147,6 +179,101 @@ def _migrate(conn: sqlite3.Connection) -> None:
)
def _migrate_accounts_medii(conn: sqlite3.Connection, acc_cols: set[str]) -> None:
"""PRD 5.20 US-001: coloane medii RAR per cont + backfill din ancora globala.
Adauga (idempotent): rar_test_enabled/rar_prod_enabled (bife activare),
rar_creds_test_enc/rar_creds_prod_enc (sloturi creds), rar_env_default.
Backfill (O SINGURA DATA, cand coloanele tocmai au fost adaugate pe DB existent):
creds-ul legacy `rar_creds_enc` apartine mediului `AUTOPASS_RAR_ENV` global de la
momentul migrarii (ancora) — il copiem in slotul acelui mediu, activam DOAR acel
mediu (celalalt dezactivat) si fixam default-ul pe el. Conturile fara creds raman
pe default-urile coloanei (prod on / test off). Migrarea NU presupune env-ul; se
bazeaza pe ancora globala, exact cum opera contul inainte de 5.20.
"""
newly_added = "rar_env_default" not in acc_cols
if "rar_test_enabled" not in acc_cols:
conn.execute(
"ALTER TABLE accounts ADD COLUMN rar_test_enabled INTEGER NOT NULL DEFAULT 0 "
"CHECK (rar_test_enabled IN (0, 1))"
)
if "rar_prod_enabled" not in acc_cols:
conn.execute(
"ALTER TABLE accounts ADD COLUMN rar_prod_enabled INTEGER NOT NULL DEFAULT 1 "
"CHECK (rar_prod_enabled IN (0, 1))"
)
if "rar_creds_test_enc" not in acc_cols:
conn.execute("ALTER TABLE accounts ADD COLUMN rar_creds_test_enc TEXT")
if "rar_creds_prod_enc" not in acc_cols:
conn.execute("ALTER TABLE accounts ADD COLUMN rar_creds_prod_enc TEXT")
if "rar_env_default" not in acc_cols:
# ALTER nu poate adauga CHECK pe coloana noua in SQLite -> validarea ('test'/'prod')
# se face in cod (rar_env.py / rutele de cont). DEFAULT 'prod' (cont client nou).
conn.execute("ALTER TABLE accounts ADD COLUMN rar_env_default TEXT NOT NULL DEFAULT 'prod'")
if not newly_added:
return # coloanele existau deja -> backfill-ul a rulat la o pornire anterioara
# Are coloana legacy rar_creds_enc randuri de migrat? (Pe DB foarte nou, e absenta.)
if "rar_creds_enc" not in acc_cols:
return
env = get_settings().rar_env if get_settings().rar_env in ("test", "prod") else "test"
other = "prod" if env == "test" else "test"
slot = f"rar_creds_{env}_enc"
conn.execute(
f"UPDATE accounts SET {slot} = rar_creds_enc, "
f"rar_{env}_enabled = 1, rar_{other}_enabled = 0, rar_env_default = ? "
f"WHERE rar_creds_enc IS NOT NULL AND TRIM(rar_creds_enc) <> '' AND {slot} IS NULL",
(env,),
)
def _backfill_submissions_rar_env(conn: sqlite3.Connection) -> None:
"""PRD 5.20 US-001 (AUTO-FIX G + E4/3): backfill rar_env + recompute idempotency_key.
Ruleaza O SINGURA DATA, imediat dupa ce coloana `submissions.rar_env` a fost adaugata
pe un DB existent. Toate randurile pre-migrare au fost trimise (sau urmeaza) catre
mediul `AUTOPASS_RAR_ENV` global — le etichetam cu acel env (NU DEFAULT 'test'), altfel
reconcilierea worker-ului ar lovi endpoint-ul gresit -> duplicat ireversibil.
Recompute `idempotency_key` la forma env-aware (`build_key(account_id, canon, rar_env)`):
altfel un re-POST al unui rand legacy (cheie env-less) ar rata randul existent ->
duplicat. Recompute-ul e consistent (acelasi env pe toate randurile pre-migrare) deci
nu poate crea coliziuni intre randuri care erau deja distincte.
"""
import json as _json
from .idempotency import build_key, canonicalize_row
env = get_settings().rar_env if get_settings().rar_env in ("test", "prod") else "test"
conn.execute("UPDATE submissions SET rar_env = ?", (env,))
rows = conn.execute(
"SELECT id, account_id, idempotency_key, payload_json FROM submissions"
).fetchall()
for r in rows:
try:
content = _json.loads(r["payload_json"])
except (ValueError, TypeError):
continue
canon = canonicalize_row(content)
# Pastreaza prestatiile rezolvate (cod_prestatie/cod_op_service) pentru _op_identity.
canon["prestatii"] = content.get("prestatii") or []
new_key = build_key(r["account_id"], canon, env)
if new_key == r["idempotency_key"]:
continue
try:
conn.execute(
"UPDATE submissions SET idempotency_key = ? WHERE id = ?",
(new_key, r["id"]),
)
except sqlite3.IntegrityError:
# Coliziune improbabila pe UNIQUE(idempotency_key): lasa cheia veche (no-op),
# randul ramane gasibil prin dual-lookup legacy.
continue
def _now_iso() -> str:
return datetime.now(timezone.utc).isoformat(timespec="seconds")

View File

@@ -194,6 +194,13 @@ CATALOG: dict[str, dict[str, str]] = {
" Contacteaza-ne pentru a face upgrade la planul Pro."
),
},
"RAR_MEDIU_INDISPONIBIL": {
"problema": "Mediul RAR cerut nu e disponibil",
"fix": (
"Activeaza mediul si introdu credentialele RAR in tab-ul Cont."
" Mediile disponibile acum sunt in campul cauza."
),
},
}

View File

@@ -70,17 +70,23 @@ def canonicalize_row(raw: dict[str, Any]) -> dict[str, Any]:
}
def build_key(account_id: int | None, canon: dict[str, Any]) -> str:
"""SHA-256 partajat canal-API + canal-import.
def build_key(account_id: int | None, canon: dict[str, Any], rar_env: str = "test") -> str:
"""SHA-256 partajat canal-API + canal-import, env-aware (PRD 5.20 US-003).
Aplica account_or_default inainte de hash: None si 1 colapseaza la aceeasi
cheie => acelasi rand logic din canale diferite nu se trimite de doua ori.
`rar_env` ('test'|'prod') intra in cheie: aceeasi prezentare la test si apoi la
prod sunt DOUA trimiteri reale distincte (sisteme RAR separate), nu un duplicat.
Default 'test' = back-compat cu apelantii care nu paseaza inca env-ul; toate
rutele de ingestie paseaza env-ul rezolvat explicit.
"""
# Import local ca sa evitam import circular (mapping importa din idempotency via validator)
from .mapping import account_or_default
acct = account_or_default(account_id)
canonic = {
"account_id": acct,
"rar_env": rar_env,
"vin": canon.get("vin", ""),
"nr_inmatriculare": canon.get("nr_inmatriculare", ""),
"data_prestatie": canon.get("data_prestatie"),
@@ -91,8 +97,8 @@ def build_key(account_id: int | None, canon: dict[str, Any]) -> str:
return hashlib.sha256(blob.encode("utf-8")).hexdigest()
def idempotency_key(account_id: int | None, prezentare: dict[str, Any]) -> str:
"""SHA-256 peste (account_id + campurile semnificative ale prezentarii).
def idempotency_key(account_id: int | None, prezentare: dict[str, Any], rar_env: str = "test") -> str:
"""SHA-256 peste (account_id + rar_env + campurile semnificative ale prezentarii).
Wrapper backward-compat peste canonicalize_row + build_key.
Exclude obs si b64Image (cosmetice, nu definesc unicitatea declaratiei).
@@ -102,7 +108,7 @@ def idempotency_key(account_id: int | None, prezentare: dict[str, Any]) -> str:
acoperite automat — dual-lookup sau recompute-keys la migrare productie.
"""
canon = canonicalize_row(prezentare)
return build_key(account_id, canon)
return build_key(account_id, canon, rar_env)
def build_key_legacy(account_id: int | None, prezentare: dict[str, Any]) -> str:

View File

@@ -7,6 +7,8 @@ odometru) este in app.validation.
from __future__ import annotations
from typing import Literal
from pydantic import BaseModel, Field, field_validator, model_validator
@@ -93,6 +95,8 @@ class PrezentareRequest(BaseModel):
# False -> submission 'needs_mapping' (intra in editorul de mapare);
# None -> se foloseste accounts.on_unmapped_error_default (implicit False).
on_unmapped_error: bool | None = None
# Mediul RAR tinta: 'test' | 'prod'. Absent -> default-ul contului (REQ-DEFAULT).
rar_env: Literal["test", "prod"] | None = None
class SubmissionResult(BaseModel):
@@ -105,6 +109,8 @@ class SubmissionResult(BaseModel):
# RE-ACTIVAT (re-clasificat + creds actualizate) la resubmit. `deduped` pastreaza
# semantica actuala (clientii vechi care testeaza `deduped` nu se sparg).
reactivated: bool = False
# Mediul RAR tinta efectiv (ecou din DB / rezolvat la ingestie).
rar_env: str = "test"
# Raspuns ONEST pentru randuri blocate: orice status != 'queued' isi expune
# motivul, ca integratorul sa nu trateze un needs_data/needs_mapping drept succes.
# erori = validare de continut (needs_data), 3 niveluri [{field, cod, problema, cauza, fix, message}].
@@ -126,6 +132,8 @@ class ValidarePrezentariRequest(BaseModel):
rar_credentials: RarCredentials | None = None
prezentari: list[PrezentareIn] = Field(..., min_length=1)
on_unmapped_error: bool | None = None
# Mediul RAR tinta: 'test' | 'prod'. Absent -> default-ul contului.
rar_env: Literal["test", "prod"] | None = None
class ValidareResult(BaseModel):
@@ -134,6 +142,7 @@ class ValidareResult(BaseModel):
index: int
valid: bool
status_estimat: str # "queued" | "needs_data" | "needs_mapping"
rar_env: str = "test" # mediul RAR tinta efectiv (ecou din rezolvare)
erori: list[dict] = []
nemapate: list[dict] = []
prestatii_rezolvate: list[dict] = []

View File

@@ -44,6 +44,11 @@ class RarAuthError(RarError):
"""Login esuat (401 / credentiale invalide). NU se face retry."""
def base_url_pentru_env(settings: "Settings", env: str) -> str:
"""URL de baza al mediului RAR: 'prod' -> rar_base_url_prod, altfel rar_base_url_test."""
return settings.rar_base_url_prod if env == "prod" else settings.rar_base_url_test
class RarClient:
"""Client sincron httpx. Folosit din worker (proces separat).
@@ -53,10 +58,10 @@ class RarClient:
data = rar.post_prezentare(token, payload)
"""
def __init__(self, settings: Settings | None = None):
def __init__(self, settings: Settings | None = None, *, base_url: str | None = None):
self.settings = settings or get_settings()
self._client = httpx.Client(
base_url=self.settings.rar_base_url,
base_url=base_url if base_url is not None else self.settings.rar_base_url,
timeout=self.settings.http_timeout_s,
headers={"User-Agent": self.settings.http_user_agent}, # fix WAF 403
)

156
app/rar_env.py Normal file
View File

@@ -0,0 +1,156 @@
"""Medii RAR per cont (PRD 5.20): disponibilitate + default efectiv.
Sursa UNICA de adevar pentru REQ-DISP / REQ-DEFAULT: vizibilitatea selector/toggle
in UI, validarea tintei in API si decizia worker-ului citesc TOATE de aici, ca sa
decida identic.
Un mediu ('test'|'prod') e *disponibil* pentru un cont daca e activat (bifa) SI are
credentiale (slot per-mediu non-gol). Din disponibilitate decurge tot UX-ul:
- 0 medii -> nicio tinta; trimiterea web e blocata, API cade pe ancora globala.
- 1 mediu -> tinta implicita (acel mediu), fara selector.
- 2 medii -> selector la import + toggle in statusbar + alegere in API.
Functii PURE (fara DB) peste un rand de cont (sqlite3.Row sau dict). Helperele cu
`conn` incarca randul si deleaga.
"""
from __future__ import annotations
import sqlite3
from typing import Any
VALID_ENVS: tuple[str, str] = ("test", "prod")
def _field(account: Any, key: str, default: Any = None) -> Any:
"""Citire toleranta a unui camp de cont (dict sau sqlite3.Row, camp posibil absent)."""
if account is None:
return default
if isinstance(account, dict):
return account.get(key, default)
try:
return account[key] # sqlite3.Row
except (IndexError, KeyError):
return default
def _are_creds(account: Any, env: str) -> bool:
creds = _field(account, f"rar_creds_{env}_enc", None)
return bool(creds and str(creds).strip())
def _enabled(account: Any, env: str) -> bool:
return int(_field(account, f"rar_{env}_enabled", 0) or 0) == 1
def medii_disponibile(account: Any) -> list[str]:
"""Subset din ('test','prod') = activat AND creds prezente. Ordine stabila test<prod."""
return [env for env in VALID_ENVS if _enabled(account, env) and _are_creds(account, env)]
def rar_env_efectiv(account: Any) -> str | None:
"""Mediul tinta implicit al contului (REQ-DEFAULT).
Mereu unul din mediile disponibile: default-ul contului daca inca e disponibil,
altfel singurul disponibil; daca 0 disponibile -> None (nicio tinta).
"""
disp = medii_disponibile(account)
if not disp:
return None
default = _field(account, "rar_env_default", "prod")
if default in disp:
return default
return disp[0]
# --------------------------------------------------------------------------- #
# Helpere cu conexiune #
# --------------------------------------------------------------------------- #
_ACCOUNT_ENV_COLS = (
"id, rar_test_enabled, rar_prod_enabled, "
"rar_creds_test_enc, rar_creds_prod_enc, rar_env_default"
)
def load_account_env(conn: sqlite3.Connection, account_id: int) -> sqlite3.Row | None:
"""Randul de cont cu exact coloanele de mediu (pentru medii_disponibile/rar_env_efectiv)."""
from .mapping import account_or_default
return conn.execute(
f"SELECT {_ACCOUNT_ENV_COLS} FROM accounts WHERE id=?",
(account_or_default(account_id),),
).fetchone()
def medii_disponibile_cont(conn: sqlite3.Connection, account_id: int) -> list[str]:
return medii_disponibile(load_account_env(conn, account_id))
def rar_env_efectiv_cont(conn: sqlite3.Connection, account_id: int) -> str | None:
return rar_env_efectiv(load_account_env(conn, account_id))
# --------------------------------------------------------------------------- #
# Exceptie si rezolvator de mediu tinta (US-004, dependent de US-002) #
# --------------------------------------------------------------------------- #
class MediuIndisponibil(Exception):
"""Mediul RAR cerut e valid dar nu e disponibil pentru contul dat.
Atribute
--------
env: mediul cerut (ex. 'test')
disponibile: lista mediilor disponibile pentru cont in momentul erorii
"""
def __init__(self, env: str, disponibile: list[str]) -> None:
self.env = env
self.disponibile = disponibile
super().__init__(
f"mediu indisponibil: {env!r} (disponibile: {disponibile!r})"
)
def rezolva_rar_env(
conn: sqlite3.Connection,
account_id: int,
cerut: str | None = None,
) -> str:
"""Determina mediul RAR tinta pentru un submission la ingestie.
Precedenta stricta (de la cea mai mare la cea mai mica):
1. `cerut` explicit si disponibil -> intoarce `cerut`.
2. `cerut` explicit dar indisponibil -> ridica MediuIndisponibil.
3. `cerut` invalid (nu in VALID_ENVS) -> ridica ValueError (fara fallback silentios).
4. `cerut` None -> incearca rar_env_efectiv_cont (default-ul contului).
5. Daca contul nu are niciun mediu disponibil (rar_env_efectiv_cont == None)
-> cade pe ancora globala get_settings().rar_env, normalizata la VALID_ENVS.
Acest fallback e intentionat (PRD 5.20 §2 Non-Goals): AUTOPASS_RAR_ENV ramane
ancora de migrare si fallback pentru actiuni fara cont (keepalive, canal API cu
creds efemere pe conturi nou-create fara medii configurate).
Ridica
------
ValueError -- `cerut` nu e in VALID_ENVS
MediuIndisponibil -- `cerut` e valid dar nu e disponibil pentru cont
"""
if cerut is not None:
if cerut not in VALID_ENVS:
raise ValueError(f"mediu invalid: {cerut!r}")
disp = medii_disponibile_cont(conn, account_id)
if cerut not in disp:
raise MediuIndisponibil(cerut, disp)
return cerut
# cerut e None: incearca default-ul contului
efectiv = rar_env_efectiv_cont(conn, account_id)
if efectiv is not None:
return efectiv
# Ancora globala: 0 medii disponibile pe cont -> fallback la AUTOPASS_RAR_ENV.
from .config import get_settings
global_env = get_settings().rar_env
if global_env in VALID_ENVS:
return global_env
return "test" # rar_env invalid in config -> cel mai sigur default

View File

@@ -19,7 +19,15 @@ CREATE TABLE IF NOT EXISTS accounts (
-- vezi accounts.delete_account — randul ramane doar pentru audit).
status TEXT NOT NULL DEFAULT 'active'
CHECK (status IN ('pending','active','blocked','archived','deleted')),
rar_creds_enc TEXT, -- creds RAR criptate (Fernet) durabile per-cont (D4/Eng#1)
rar_creds_enc TEXT, -- LEGACY (PRD 5.20 US-013 dropeaza coloana): creds RAR durabile env-less
-- Medii RAR per cont (PRD 5.20 US-001). Fiecare mediu = bifa de activare + slot creds.
-- medii_disponibile = enabled AND creds prezente (app/rar_env.py). Cont client nou =
-- Productie on / Testare off (clientii declara real); contul operator se pune manual pe Testare.
rar_test_enabled INTEGER NOT NULL DEFAULT 0 CHECK (rar_test_enabled IN (0, 1)),
rar_prod_enabled INTEGER NOT NULL DEFAULT 1 CHECK (rar_prod_enabled IN (0, 1)),
rar_creds_test_enc TEXT, -- creds RAR criptate (Fernet) pentru mediul Testare
rar_creds_prod_enc TEXT, -- creds RAR criptate (Fernet) pentru mediul Productie
rar_env_default TEXT NOT NULL DEFAULT 'prod' CHECK (rar_env_default IN ('test', 'prod')),
-- Comportament implicit la cod prestatie necunoscut/nemapat pe canalul API:
-- 0 (default, non-distructiv: submission 'needs_mapping', intra in editorul de mapare) sau
-- 1 (respinge cererea fara enqueue). Override per-cerere via PrezentareRequest.on_unmapped_error.
@@ -32,6 +40,15 @@ CREATE TABLE IF NOT EXISTS accounts (
tier TEXT NOT NULL DEFAULT 'free'
CHECK (tier IN ('free','standard','pro','premium')),
trial_until TEXT, -- ISO datetime UTC sau NULL; nullable
-- Planul CERUT de client la signup (separat de `tier`). NU acorda drepturi:
-- `tier` ramane sursa unica de adevar pentru gate-ul API (require_api_access) si volum.
-- Folosit la integrarea platilor: client cere plan -> plateste -> admin/webhook urca `tier`
-- -> API se deblocheaza. NULL = necunoscut (cont creat via CLI / inainte de coloana).
requested_plan TEXT
CHECK (requested_plan IS NULL OR requested_plan IN ('free','standard','pro','premium')),
-- Marca temporala a acceptarii Termenilor + politicii de confidentialitate (GDPR, L.142).
-- Setata la signup (proba de consimtamant). NULL = cont fara flux de consimtamant (CLI/legacy).
consent_at TEXT,
created_at TEXT NOT NULL DEFAULT (datetime('now'))
);
-- Un CUI = un cont (cand e prezent). NULL ramane distinct nativ in SQLite -> conturi
@@ -79,6 +96,10 @@ CREATE TABLE IF NOT EXISTS submissions (
status TEXT NOT NULL DEFAULT 'queued'
CHECK (status IN ('queued','sending','sent','needs_mapping','needs_data','error')),
payload_json TEXT NOT NULL,
-- Mediul RAR tinta al acestei trimiteri (PRD 5.20 US-001). DEFAULT 'test' e doar plasa
-- pentru randuri net-noi care nu seteaza explicit; fiecare INSERT (API/import/web) seteaza
-- rar_env explicit. Backfill din AUTOPASS_RAR_ENV global la migrare (NU lasa pe DEFAULT).
rar_env TEXT NOT NULL DEFAULT 'test' CHECK (rar_env IN ('test', 'prod')),
rar_creds_enc TEXT, -- creds RAR criptate (Fernet), sterse dupa primul login reusit
rar_status_code INTEGER,
rar_error TEXT,

View File

@@ -8,6 +8,7 @@ Rute:
from __future__ import annotations
from datetime import datetime, timedelta, timezone
from pathlib import Path
from fastapi import APIRouter, Form, Request
@@ -15,12 +16,42 @@ from fastapi.responses import HTMLResponse, RedirectResponse
from fastapi.templating import Jinja2Templates
from .. import __version__
from ..accounts import account_is_complete, list_accounts, set_active, set_status, delete_account
from ..accounts import account_is_complete, list_accounts, set_active, set_status, set_tier, set_trial, delete_account
from ..config import get_settings
from ..db import get_connection
from ..plans import PLANS, effective_tier
from ..web.csrf import get_csrf_token, verify_csrf
from ..web.session import require_admin
def _plan_label(code: str | None) -> str:
"""Eticheta RO a unui cod de plan (din PLANS). None/necunoscut -> ''."""
if not code:
return ""
plan = PLANS.get(code)
return plan["label"] if plan else code
def _trial_zile_ramase(trial_until_str: str | None, now: datetime) -> int | None:
"""Zile ramase din trial (rotunjit in sus), sau None daca nu e trial activ/malformat.
Acelasi parsing tolerant ca plans.effective_tier (UTC implicit pe valori naive).
"""
if not trial_until_str:
return None
try:
tu = datetime.fromisoformat(trial_until_str.strip().replace(" ", "T"))
if tu.tzinfo is None:
tu = tu.replace(tzinfo=timezone.utc)
now_cmp = now if now.tzinfo else now.replace(tzinfo=timezone.utc)
secunde = (tu - now_cmp).total_seconds()
if secunde <= 0:
return None
# Rotunjire in sus la zile (o fractie de zi ramasa = inca 1 zi afisata).
return int(secunde // 86400) + (1 if secunde % 86400 else 0)
except (ValueError, AttributeError, TypeError):
return None
router = APIRouter()
_TMPL = Jinja2Templates(directory=str(Path(__file__).resolve().parent / "templates"))
@@ -47,10 +78,19 @@ def _render_admin(request: Request, conn, *, error: str | None = None, status_co
"""Randeaza pagina admin.html cu lista de conturi si optional un mesaj de eroare."""
accounts = list_accounts(conn)
emails = _emails_by_account(conn)
now = datetime.now(timezone.utc)
for acct in accounts:
# Computa is_complete INAINTE de a suprascrie accounts.email cu emailul de login al userului
acct["is_complete"] = account_is_complete(acct)
acct["email"] = emails.get(acct["id"])
# Plan EFECTIV (ce are contul acum): trial Pro activ ridica `free` la `pro`.
# `tier` ramane sursa de adevar pentru drepturi; `requested_plan` e doar intentia de la signup.
eff = effective_tier(acct, now)
acct["tier_label"] = _plan_label(acct.get("tier")) # tier de baza (post-trial)
acct["tier_efectiv_label"] = _plan_label(eff) # plan efectiv ACUM
acct["trial_activ"] = eff != (acct.get("tier") or "free")
acct["trial_zile"] = _trial_zile_ramase(acct.get("trial_until"), now)
acct["requested_plan_label"] = _plan_label(acct.get("requested_plan"))
# Grupare pe STARE, nu pe `active`: altfel conturile arhivate/blocate (active=0)
# ar cadea gresit sub "in asteptare". 'deleted' e deja exclus din list_accounts.
pending = [a for a in accounts if a["status"] == "pending" and a["id"] != 1]
@@ -146,6 +186,73 @@ async def admin_delete(request: Request, account_id: list[int] = Form(...),
return _lifecycle_route(request, account_id, csrf_token, "delete")
@router.post("/admin/set-tier", response_class=HTMLResponse)
async def admin_set_tier(
request: Request,
account_id: int = Form(...),
tier: str = Form(...),
csrf_token: str = Form(default=""),
):
"""Schimba planul (tier) unui cont din panou. require_admin + CSRF, PRG 303.
Reuseaza accounts.set_tier (valideaza tier-ul, protejeaza id=1, logheaza schimbarea).
INCHEIE trial-ul (trial_until=NULL): alocarea manuala = plan real de-acum, cu efect
imediat — altfel trial-ul Pro universal (30z la signup) ar masca alegerea pana la
expirare (decizie user 2026-06-29). Tier invalid / cont protejat -> re-randare cu eroare.
"""
require_admin(request)
verify_csrf(request, csrf_token)
conn = get_connection()
try:
try:
# trial_until=None: alocarea manuala incheie trial-ul si aplica tier-ul ales acum.
set_tier(conn, account_id, tier, trial_until=None)
conn.commit()
except ValueError as exc:
return _render_admin(request, conn, error=str(exc), status_code=422)
finally:
conn.close()
return RedirectResponse("/admin", status_code=303)
@router.post("/admin/set-trial", response_class=HTMLResponse)
async def admin_set_trial(
request: Request,
account_id: int = Form(...),
trial_days: int = Form(...),
csrf_token: str = Form(default=""),
):
"""Acorda/prelungeste un trial Pro de N zile (de la acum), fara a schimba tier-ul de baza.
require_admin + CSRF, PRG 303. Reuseaza accounts.set_trial (protejeaza id=1, logheaza).
trial_days <= 0 sau peste plafon -> re-randare panou cu eroare (422). Plafon defensiv 3650z.
"""
require_admin(request)
verify_csrf(request, csrf_token)
conn = get_connection()
try:
if trial_days <= 0 or trial_days > 3650:
return _render_admin(
request, conn,
error="Numarul de zile pentru trial trebuie sa fie intre 1 si 3650.",
status_code=422,
)
try:
now = datetime.now(timezone.utc)
trial_until = (now + timedelta(days=trial_days)).strftime("%Y-%m-%d %H:%M:%S")
set_trial(conn, account_id, trial_until)
conn.commit()
except ValueError as exc:
return _render_admin(request, conn, error=str(exc), status_code=422)
finally:
conn.close()
return RedirectResponse("/admin", status_code=303)
@router.post("/admin/deactivate", response_class=HTMLResponse)
async def admin_deactivate(
request: Request,

View File

@@ -2,6 +2,7 @@
from __future__ import annotations
from datetime import datetime, timezone
from pathlib import Path
from fastapi import APIRouter, Form, Request
@@ -9,7 +10,7 @@ from fastapi.responses import HTMLResponse, RedirectResponse
from fastapi.templating import Jinja2Templates
from .. import __version__
from ..accounts import create_account
from ..accounts import VALID_TIERS, create_account
from ..auth import create_api_key
from ..config import get_settings
from ..db import get_connection
@@ -47,10 +48,18 @@ async def signup_post(
cui: str = Form(default=""),
email: str = Form(default=""),
parola: str = Form(default=""),
plan: str = Form(default=""),
consent: str = Form(default=""),
csrf_token: str = Form(default=""),
):
verify_csrf(request, csrf_token)
# Planul CERUT (intentie, nu drept): pastram doar valori valide; orice altceva -> 'free'.
# `tier`-ul real ramane 'free' la creare; planul ales se onoreaza dupa plata (admin/webhook).
requested_plan = plan.strip().lower() if plan else ""
if requested_plan not in VALID_TIERS:
requested_plan = "free"
settings = get_settings()
ip = request.client.host if request.client else "unknown"
if not check_rate_limit(ip, settings.signup_rate_max, settings.signup_rate_window_s):
@@ -58,7 +67,7 @@ async def signup_post(
request,
csrf_token=get_csrf_token(request),
error=_RATE_MSG,
name=name, cui=cui, email=email,
name=name, cui=cui, email=email, plan=requested_plan,
), status_code=429)
if len(parola) < _PASSWORD_MIN:
@@ -66,7 +75,7 @@ async def signup_post(
request,
csrf_token=get_csrf_token(request),
error=f"Parola trebuie sa aiba cel putin {_PASSWORD_MIN} caractere.",
name=name, cui=cui, email=email,
name=name, cui=cui, email=email, plan=requested_plan,
), status_code=422)
# CUI obligatoriu la signup (US-001, PRD 5.12)
@@ -76,9 +85,19 @@ async def signup_post(
request,
csrf_token=get_csrf_token(request),
error="CUI-ul firmei este obligatoriu.",
name=name, cui=cui, email=email,
name=name, cui=cui, email=email, plan=requested_plan,
), status_code=422)
# Consimtamant Termeni + GDPR obligatoriu (proba). Checkbox bifat -> valoare ne-goala.
if not (consent and consent.strip()):
return _TMPL.TemplateResponse(request, "signup.html", _ctx(
request,
csrf_token=get_csrf_token(request),
error="Trebuie sa accepti Termenii si prelucrarea datelor (GDPR) pentru a crea cont.",
name=name, cui=cui, email=email, plan=requested_plan,
), status_code=422)
consent_at = datetime.now(timezone.utc).strftime("%Y-%m-%d %H:%M:%S")
# Bootstrap admin: count_admins se citeste INAUNTRUL tranzactiei BEGIN IMMEDIATE,
# astfel lock-ul RESERVED serializeaza scriitorii si al doilea signup vede count==1.
conn = get_connection()
@@ -86,7 +105,10 @@ async def signup_post(
conn.execute("BEGIN IMMEDIATE")
try:
is_first = count_admins(conn) == 0
account_id = create_account(conn, name, cui=cui_norm, email=email, active=False)
account_id = create_account(
conn, name, cui=cui_norm, email=email, active=False,
requested_plan=requested_plan, consent_at=consent_at,
)
user_id = create_user(conn, account_id, email, parola, is_admin=is_first)
api_key = create_api_key(conn, account_id)
conn.execute("COMMIT")
@@ -121,7 +143,7 @@ async def signup_post(
request,
csrf_token=get_csrf_token(request),
error=error_msg,
name=name, cui=cui, email=email,
name=name, cui=cui, email=email, plan=requested_plan,
), status_code=422)
except Exception as exc:
conn.execute("ROLLBACK")
@@ -129,7 +151,7 @@ async def signup_post(
request,
csrf_token=get_csrf_token(request),
error=str(exc),
name=name, cui=cui, email=email,
name=name, cui=cui, email=email, plan=requested_plan,
), status_code=422)
finally:
conn.close()

View File

@@ -89,10 +89,25 @@ from ..mapping import (
text_rules_overlap,
)
from ..shared_store import record_human_validation
from ..rar_env import MediuIndisponibil, medii_disponibile_cont, rar_env_efectiv_cont, rezolva_rar_env
from ..rar_client import RarAuthError, RarClient, RarError, base_url_pentru_env
# Campuri canonice cu eticheta umana pentru dropdown mapare coloane
_CANONICAL_FIELDS = [(k, v[0]) for k, v in _CANONICAL_SYNONYMS.items()]
def _import_env_ctx(conn, account_id: int) -> dict:
"""Contextul de mediu RAR pentru paginile de import (US-009, PRD 5.20).
Intoarce {'medii': list[str], 'env_default': str} pentru template-ul _upload.html.
Un mediu e disponibil = activat SI are credentiale. La 0 medii template afiseaza
un banner non-blocant; la 1 eticheta statica; la >=2 selector.
"""
medii = medii_disponibile_cont(conn, account_id)
env_default = rar_env_efectiv_cont(conn, account_id) or "prod"
return {"medii": medii, "env_default": env_default}
router = APIRouter(tags=["web"])
templates = Jinja2Templates(directory=str(Path(__file__).resolve().parent / "templates"))
# Expune parse_erori in toate template-urile
@@ -277,10 +292,14 @@ def _get_acasa_context(request: Request, conn, account_id: int) -> dict:
acct = account_or_default(account_id)
# Pas 1: are credentiale RAR configurate? + metadate cont (pentru banner incomplet)
# Verifica atat coloana legacy rar_creds_enc cat si sloturile per-env (US-008, PRD 5.20).
row = conn.execute(
"SELECT id, name, cui, email, rar_creds_enc FROM accounts WHERE id=?", (acct,)
"SELECT id, name, cui, email, rar_creds_enc, rar_creds_test_enc, rar_creds_prod_enc "
"FROM accounts WHERE id=?", (acct,)
).fetchone()
are_creds = bool(row and row["rar_creds_enc"])
are_creds = bool(row and (
row["rar_creds_enc"] or row["rar_creds_test_enc"] or row["rar_creds_prod_enc"]
))
# Banner cont incomplet (US-002): contul nu are companie + email + CUI complete
cont_incomplet = not _acct_is_complete(row) if row else False
@@ -370,22 +389,25 @@ def _render_panel_cont(request: Request, conn, account_id: int) -> str:
"""Randeaza panoul Cont ca string HTML."""
from ..mapping import account_or_default
acct = account_or_default(account_id)
row = conn.execute(
"SELECT id, name, cui, email, rar_creds_enc FROM accounts WHERE id=?", (acct,)
).fetchone()
are_creds = bool(row and row["rar_creds_enc"])
account_meta = _fetch_account_meta(conn, acct)
env_ctx = _fetch_cont_env_state(conn, acct)
cont_ctx = {
"request": request,
"csrf_token": get_csrf_token(request),
"api_key": None,
"are_creds": are_creds,
"creds_mesaj": None,
"creds_eroare": None,
"rot_eroare": None,
"account_meta": account_meta,
"date_firma_mesaj": None,
"date_firma_eroare": None,
"creds_test_mesaj": None,
"creds_test_eroare": None,
"creds_prod_mesaj": None,
"creds_prod_eroare": None,
"creds_default_eroare": None,
"creds_default_mesaj": None,
**env_ctx,
}
# US-006 (5.17): context plan pentru sectiunea Plan din _cont.html.
cont_ctx.update(_plan_ctx(conn, account_id))
@@ -738,8 +760,13 @@ def fragment_acasa(request: Request) -> HTMLResponse:
@router.get("/_fragments/import", response_class=HTMLResponse)
def fragment_import(request: Request) -> HTMLResponse:
"""Fragment HTMX pentru tab-ul Import — include zona de upload."""
require_login(request)
return templates.TemplateResponse("_upload.html", _ctx(request))
account_id = require_login(request)
conn = get_connection()
try:
env_ctx = _import_env_ctx(conn, account_id)
finally:
conn.close()
return templates.TemplateResponse("_upload.html", _ctx(request, **env_ctx))
@router.get("/_fragments/coada", response_class=HTMLResponse)
@@ -2684,13 +2711,20 @@ def _web_compute_preview(
conn,
import_id: int,
account_id: int,
rar_env: str | None = None,
) -> dict[str, Any] | str:
"""Calculeaza preview pentru un batch; intoarce date sau str cu mesaj de eroare.
Reutilizeaza _resolve_row_for_preview, _already_sent_lookup, _signature
din import_router. Nu repeta logica de rezolvare — only orchestrare.
`rar_env`: mediul RAR ales de operator; None = default efectiv al contului
(sau ancora globala daca contul nu are medii configurate). Folosit la calculul
cheii de idempotenta la preview — trebuie sa coincida cu env-ul de la commit.
"""
acct = account_or_default(account_id)
# Mediul folosit la calculul cheii de idempotenta (preview == commit).
preview_env = rar_env or rar_env_efectiv_cont(conn, account_id) or get_settings().rar_env or "test"
batch = conn.execute(
"SELECT id, account_id, filename FROM import_batches WHERE id=? AND account_id=?",
@@ -2796,7 +2830,7 @@ def _web_compute_preview(
key: str | None = None
if info["resolved_status"] in ("ok", "needs_review", "needs_data"):
try:
key = _build_idempotency_key(account_id, info["resolved"])
key = _build_idempotency_key(account_id, info["resolved"], preview_env)
keys_for_lookup.append(key)
key_to_indices.setdefault(key, []).append(i)
except Exception:
@@ -2901,6 +2935,7 @@ async def web_upload_import(
file: UploadFile = File(...),
sheet_name: str | None = Form(None),
csrf_token: str | None = Form(None),
rar_env: str | None = Form(None),
) -> HTMLResponse:
"""Upload fisier xlsx/csv → staging; intoarce fragment HTML.
@@ -2919,31 +2954,64 @@ async def web_upload_import(
try:
parsed = parse_file(data, filename, sheet_name=sheet_name)
except MultipleSheets as ms:
return templates.TemplateResponse("_upload.html", _ctx(request, sheets=ms.sheet_names))
conn = get_connection()
try:
env_ctx = _import_env_ctx(conn, account_id)
finally:
conn.close()
return templates.TemplateResponse("_upload.html", _ctx(request, sheets=ms.sheet_names, **env_ctx))
except FileTooLarge as e:
eroare_upload = _errors.eroare("IMPORT_FISIER_PREA_MARE", cauza=str(e))
conn = get_connection()
try:
env_ctx = _import_env_ctx(conn, account_id)
finally:
conn.close()
return templates.TemplateResponse("_upload.html", _ctx(
request, error=str(e), eroare_upload=eroare_upload
request, error=str(e), eroare_upload=eroare_upload, **env_ctx
))
except HeaderError as e:
eroare_upload = _errors.eroare("IMPORT_ANTET_NECLAR", cauza=f"Antet neclar: {e}")
conn = get_connection()
try:
env_ctx = _import_env_ctx(conn, account_id)
finally:
conn.close()
return templates.TemplateResponse("_upload.html", _ctx(
request, error=f"Antet neclar: {e}", eroare_upload=eroare_upload
request, error=f"Antet neclar: {e}", eroare_upload=eroare_upload, **env_ctx
))
except UnicodeDecodeError as e:
eroare_upload = _errors.eroare("IMPORT_ENCODING", cauza=f"Encoding nesuportat: {e.reason}")
conn = get_connection()
try:
env_ctx = _import_env_ctx(conn, account_id)
finally:
conn.close()
return templates.TemplateResponse("_upload.html", _ctx(
request, error=f"Encoding nesuportat: {e.reason}", eroare_upload=eroare_upload
request, error=f"Encoding nesuportat: {e.reason}", eroare_upload=eroare_upload, **env_ctx
))
except Exception as e:
eroare_upload = _errors.eroare("IMPORT_FISIER_NERECUNOSCUT", cauza=f"Fisier nerecunoscut (xlsx/csv): {type(e).__name__}")
conn = get_connection()
try:
env_ctx = _import_env_ctx(conn, account_id)
finally:
conn.close()
return templates.TemplateResponse("_upload.html", _ctx(
request, error=f"Fisier nerecunoscut (xlsx/csv): {type(e).__name__}", eroare_upload=eroare_upload
request, error=f"Fisier nerecunoscut (xlsx/csv): {type(e).__name__}", eroare_upload=eroare_upload, **env_ctx
))
conn = get_connection()
try:
sig = _signature(parsed.columns)
env_ctx = _import_env_ctx(conn, account_id)
# Rezolva mediul RAR ales — cerut din form sau default cont (fallback ancora globala).
# La 0 medii: rezolva_rar_env cade pe ancora globala (rar_env config), non-blocant.
try:
upload_env = rezolva_rar_env(conn, account_id, rar_env or None)
except (ValueError, MediuIndisponibil):
upload_env = rar_env_efectiv_cont(conn, account_id) or get_settings().rar_env or "test"
# Stagingul in DB (tranzactie explicita)
conn.execute("BEGIN IMMEDIATE")
@@ -2978,18 +3046,17 @@ async def web_upload_import(
if existing:
# Mapare retinuta → computa preview imediat
result = _web_compute_preview(conn, batch_id_int, account_id)
result = _web_compute_preview(conn, batch_id_int, account_id, rar_env=upload_env)
if isinstance(result, str):
return templates.TemplateResponse("_upload.html", {
"request": request,
"error": result,
"csrf_token": get_csrf_token(request),
})
return templates.TemplateResponse("_upload.html", _ctx(
request, error=result, **env_ctx
))
return templates.TemplateResponse("_preview_import.html", {
"request": request,
"import_id": batch_id_int,
"message": "Mapare retinuta aplicata automat.",
"csrf_token": get_csrf_token(request),
"rar_env": upload_env,
**result,
})
@@ -3012,6 +3079,7 @@ async def web_upload_import(
"canonical_fields": _CANONICAL_FIELDS,
"format_data": None,
"csrf_token": get_csrf_token(request),
"rar_env": upload_env,
})
finally:
conn.close()
@@ -3129,8 +3197,9 @@ async def web_save_mapare_coloane(
(import_id, acct),
).fetchone()
if not batch:
env_ctx = _import_env_ctx(conn, account_id)
return templates.TemplateResponse("_upload.html", _ctx(
request, error="Batch de import inexistent sau expirat."
request, error="Batch de import inexistent sau expirat.", **env_ctx
))
# Semnatura = antetul COMPLET al fisierului (toate coloanele, inclusiv cele
@@ -3148,12 +3217,20 @@ async def web_save_mapare_coloane(
(acct, sig, json.dumps(json_mapare, ensure_ascii=False), format_data_val),
)
# Mediu RAR transmis din form-ul de mapare (daca exista) sau default cont
form_rar_env = str(form.get("rar_env") or "").strip() or None
try:
mapare_env = rezolva_rar_env(conn, account_id, form_rar_env)
except (ValueError, MediuIndisponibil):
mapare_env = rar_env_efectiv_cont(conn, account_id) or get_settings().rar_env or "test"
# Computa preview
result = _web_compute_preview(conn, import_id, account_id)
result = _web_compute_preview(conn, import_id, account_id, rar_env=mapare_env)
if isinstance(result, str):
return templates.TemplateResponse("_upload.html", _ctx(request, error=result))
env_ctx = _import_env_ctx(conn, account_id)
return templates.TemplateResponse("_upload.html", _ctx(request, error=result, **env_ctx))
return templates.TemplateResponse("_preview_import.html", _ctx(
request, import_id=import_id, **result
request, import_id=import_id, rar_env=mapare_env, **result
))
finally:
conn.close()
@@ -3163,22 +3240,31 @@ async def web_save_mapare_coloane(
def web_preview_import(
request: Request,
import_id: int,
rar_env: str | None = None,
) -> HTMLResponse:
"""Preview 6 stari per rand. Tinta HTMX dupa mapare retinuta sau navigare directa."""
account_id = require_login(request)
conn = get_connection()
try:
result = _web_compute_preview(conn, import_id, account_id)
# Rezolva mediul pentru preview (din query param sau default cont)
try:
preview_env = rezolva_rar_env(conn, account_id, rar_env)
except (ValueError, MediuIndisponibil):
preview_env = rar_env_efectiv_cont(conn, account_id) or get_settings().rar_env or "test"
result = _web_compute_preview(conn, import_id, account_id, rar_env=preview_env)
if isinstance(result, str):
env_ctx = _import_env_ctx(conn, account_id)
return templates.TemplateResponse("_upload.html", {
"request": request,
"error": result,
"csrf_token": get_csrf_token(request),
**env_ctx,
})
return templates.TemplateResponse("_preview_import.html", {
"request": request,
"import_id": import_id,
"csrf_token": get_csrf_token(request),
"rar_env": preview_env,
**result,
})
finally:
@@ -3601,10 +3687,13 @@ async def web_mapare_operatii(
@router.get("/_import/reset", response_class=HTMLResponse)
def web_import_reset(request: Request) -> HTMLResponse:
"""Reseteaza sectiunea de import la starea initiala (drop zone gol)."""
return templates.TemplateResponse("_upload.html", {
"request": request,
"csrf_token": get_csrf_token(request),
})
account_id = require_login(request)
conn = get_connection()
try:
env_ctx = _import_env_ctx(conn, account_id)
finally:
conn.close()
return templates.TemplateResponse("_upload.html", _ctx(request, **env_ctx))
@router.post("/_import/{import_id}/confirma", response_class=HTMLResponse)
@@ -3631,6 +3720,9 @@ async def web_confirma_import(
except (ValueError, TypeError):
n_confirmat = 0
# Mediu RAR din form (selectat in preview); None = default cont (fallback ancora globala)
rar_env_cerut = str(form.get("rar_env") or "").strip() or None
# US-007: reviewed_rows (checkboxe vechi) NU mai este sursa de adevar pentru gate-ul
# de commit pe canalul web. Gate-ul este derivat din DB import_rows.reviewed (D#8).
# Randurile needs_review confirmate de operator via /confirma-review au resolved_status='ok'
@@ -3798,6 +3890,12 @@ async def web_confirma_import(
valid_codes = load_nomenclator_codes(conn) or None
text_rules = load_text_rules(conn, acct)
# Rezolva mediul RAR tinta al lotului (US-009): form > default cont > ancora globala.
try:
env = rezolva_rar_env(conn, account_id, rar_env_cerut)
except (ValueError, MediuIndisponibil):
env = rar_env_efectiv_cont(conn, account_id) or get_settings().rar_env or "test"
# Enqueue in tranzactie explicita — INSERT ON CONFLICT DO NOTHING (TOCTOU)
enqueued: list[dict] = []
toctou: list[int] = []
@@ -3857,7 +3955,7 @@ async def web_confirma_import(
"odometru_final": canon["odometru_final"],
})
key = build_key(account_id, canon)
key = build_key(account_id, canon, env)
rows_for_hash.append(json.dumps({
"row_index": row_index,
@@ -3872,9 +3970,9 @@ async def web_confirma_import(
cur = conn.execute(
"INSERT OR IGNORE INTO submissions "
"(idempotency_key, account_id, status, payload_json, batch_id, row_index, purge_after) "
"VALUES (?, ?, 'queued', ?, ?, ?, datetime('now', '+90 days'))",
(key, acct, json.dumps(mapped, ensure_ascii=False), import_id, row_index),
"(idempotency_key, account_id, status, payload_json, batch_id, row_index, purge_after, rar_env) "
"VALUES (?, ?, 'queued', ?, ?, ?, datetime('now', '+90 days'), ?)",
(key, acct, json.dumps(mapped, ensure_ascii=False), import_id, row_index, env),
)
if cur.rowcount == 0:
toctou.append(row_index)
@@ -3922,8 +4020,9 @@ async def web_confirma_import(
status_ctx = _build_status_ctx(request, conn, account_id, oob=True)
# Randeaza imediat (conn inca deschis — query-urile s-au facut mai sus).
env_ctx_success = _import_env_ctx(conn, account_id)
upload_html = templates.get_template("_upload.html").render(
_ctx(request, are_trimiteri=True, message=succes_msg)
_ctx(request, are_trimiteri=True, message=succes_msg, **env_ctx_success)
)
coada_html = templates.get_template("_coada.html").render(acasa_ctx)
status_html = templates.get_template("_status.html").render(status_ctx)
@@ -3943,6 +4042,66 @@ async def web_confirma_import(
# care cere cheie API; sesiunea web e suficienta ca identitate). #
# =========================================================================== #
# ---------------------------------------------------------------------------
# US-007 (PRD 5.20): Validare credentiale RAR env-aware
#
# Premisa confirmata live (2026-06-29): creds de productie NU se valideaza pe RAR
# test si invers (401 incrucisat). Deci login-ul de proba TREBUIE sa loveasca
# endpoint-ul mediului caruia ii apartin credentialele.
#
# Puncte de validare existente:
# - /cont/test-rar-creds (testeaza integrarea RAR, fara efecte secundare)
# Puncte non-aplicabile (nu colecteaza/valideaza creds RAR):
# - signup (/signup): nu colecteaza credentiale RAR — creare cont platforma, nu RAR
# - preview import: nu valideaza credentiale RAR
# Puncte viitoare (US-008):
# - /cont/rar-creds la salvare creds per-mediu (va apela _valideaza_login_rar)
# ---------------------------------------------------------------------------
def _eticheta_mediu_rar(env: str) -> str:
"""Eticheta umana a mediului RAR pentru mesaje de eroare/succes.
'test' -> 'TESTARE', 'prod' -> 'PRODUCTIE'.
"""
return "PRODUCTIE" if env == "prod" else "TESTARE"
def _valideaza_login_rar(
settings,
email: str,
password: str,
env: str,
) -> tuple[bool, str | None]:
"""Valideaza credentialele RAR prin login pe mediul specificat (US-007, PRD 5.20).
Creeaza un RarClient cu base_url-ul mediului `env` (NU base_url-ul global),
deoarece RAR test si RAR prod sunt sisteme separate cu credentiale separate.
Parametri
---------
settings: configuratia aplicatiei (pentru base_url_test/prod si timeout)
email: email-ul contului RAR
password: parola contului RAR
env: mediul tinta: 'test' sau 'prod'
Returneaza
----------
(True, None) la succes (login reusit)
(False, mesaj) la esec; `mesaj` include eticheta mediului ('TESTARE'/'PRODUCTIE'),
ex. 'Credentiale RAR invalide pe TESTARE.'
"""
env_label = _eticheta_mediu_rar(env)
try:
with RarClient(settings, base_url=base_url_pentru_env(settings, env)) as rar:
rar.login(email, password)
return True, None
except RarAuthError:
return False, f"Credentiale RAR invalide pe {env_label}."
except RarError as exc:
return False, f"Eroare la conectare RAR ({env_label}): {exc}"
def _render_cont(
request: Request,
*,
@@ -3954,6 +4113,19 @@ def _render_cont(
account_meta: dict | None = None,
date_firma_mesaj: str | None = None,
date_firma_eroare: str | None = None,
# Per-env (US-008, PRD 5.20): starea mediilor RAR Testare + Productie.
test_enabled: bool = False,
prod_enabled: bool = True,
test_disponibil: bool = False,
prod_disponibil: bool = False,
rar_env_default: str = "prod",
medii_disponibile: list | None = None,
creds_test_mesaj: str | None = None,
creds_test_eroare: str | None = None,
creds_prod_mesaj: str | None = None,
creds_prod_eroare: str | None = None,
creds_default_eroare: str | None = None,
creds_default_mesaj: str | None = None,
) -> HTMLResponse:
"""Randeaza cardul 'Contul meu'. Parola niciodata in value=."""
return templates.TemplateResponse(
@@ -3968,6 +4140,18 @@ def _render_cont(
account_meta=account_meta or {},
date_firma_mesaj=date_firma_mesaj,
date_firma_eroare=date_firma_eroare,
test_enabled=test_enabled,
prod_enabled=prod_enabled,
test_disponibil=test_disponibil,
prod_disponibil=prod_disponibil,
rar_env_default=rar_env_default,
medii_disponibile=medii_disponibile or [],
creds_test_mesaj=creds_test_mesaj,
creds_test_eroare=creds_test_eroare,
creds_prod_mesaj=creds_prod_mesaj,
creds_prod_eroare=creds_prod_eroare,
creds_default_eroare=creds_default_eroare,
creds_default_mesaj=creds_default_mesaj,
),
)
@@ -3987,6 +4171,56 @@ def _fetch_account_meta(conn, acct: int) -> dict:
}
def _fetch_cont_env_state(conn, acct: int) -> dict:
"""Starea mediilor RAR per env pentru sectiunea 'Credentiale RAR' din _cont.html (US-008).
Returneaza un dict compatibil cu parametrii per-env ai _render_cont:
are_creds -- True daca ORICE credentiale RAR sunt configurate (legacy SAU per-env)
test_enabled -- bifa activare Testare
prod_enabled -- bifa activare Productie
test_disponibil -- Testare activata SI cu creds (poate trimite)
prod_disponibil -- Productie activata SI cu creds (poate trimite)
rar_env_default -- mediul implicit al contului
medii_disponibile -- lista mediilor disponibile (subset din ['test','prod'])
"""
row = conn.execute(
"SELECT rar_test_enabled, rar_prod_enabled, "
"rar_creds_test_enc, rar_creds_prod_enc, rar_env_default, rar_creds_enc "
"FROM accounts WHERE id=?", (acct,)
).fetchone()
if not row:
return {
"are_creds": False,
"test_enabled": False,
"prod_enabled": True,
"test_disponibil": False,
"prod_disponibil": False,
"rar_env_default": "prod",
"medii_disponibile": [],
}
test_enabled = bool(row["rar_test_enabled"])
prod_enabled = bool(row["rar_prod_enabled"])
test_disponibil = test_enabled and bool(row["rar_creds_test_enc"])
prod_disponibil = prod_enabled and bool(row["rar_creds_prod_enc"])
medii: list[str] = []
if test_disponibil:
medii.append("test")
if prod_disponibil:
medii.append("prod")
are_creds = bool(
row["rar_creds_enc"] or row["rar_creds_test_enc"] or row["rar_creds_prod_enc"]
)
return {
"are_creds": are_creds,
"test_enabled": test_enabled,
"prod_enabled": prod_enabled,
"test_disponibil": test_disponibil,
"prod_disponibil": prod_disponibil,
"rar_env_default": row["rar_env_default"] or "prod",
"medii_disponibile": medii,
}
@router.get("/_fragments/cont", response_class=HTMLResponse)
def fragment_cont(request: Request) -> HTMLResponse:
"""Fragment HTMX card 'Contul meu': stare cheie + creds RAR + date firma."""
@@ -3994,12 +4228,9 @@ def fragment_cont(request: Request) -> HTMLResponse:
acct = account_or_default(account_id)
conn = get_connection()
try:
row = conn.execute(
"SELECT id, name, cui, email, rar_creds_enc FROM accounts WHERE id=?", (acct,)
).fetchone()
are_creds = bool(row and row["rar_creds_enc"])
account_meta = _fetch_account_meta(conn, acct)
return _render_cont(request, are_creds=are_creds, account_meta=account_meta)
env_ctx = _fetch_cont_env_state(conn, acct)
return _render_cont(request, account_meta=account_meta, **env_ctx)
finally:
conn.close()
@@ -4016,12 +4247,9 @@ def cont_roteste_cheie(
conn = get_connection()
try:
new_key = rotate_api_key(conn, acct)
row = conn.execute(
"SELECT rar_creds_enc FROM accounts WHERE id=?", (acct,)
).fetchone()
are_creds = bool(row and row["rar_creds_enc"])
account_meta = _fetch_account_meta(conn, acct)
return _render_cont(request, api_key=new_key, are_creds=are_creds, account_meta=account_meta)
env_ctx = _fetch_cont_env_state(conn, acct)
return _render_cont(request, api_key=new_key, account_meta=account_meta, **env_ctx)
finally:
conn.close()
@@ -4050,15 +4278,14 @@ async def cont_date_firma(request: Request) -> HTMLResponse:
conn = get_connection()
try:
account_meta = _fetch_account_meta(conn, acct)
row_cr = conn.execute("SELECT rar_creds_enc FROM accounts WHERE id=?", (acct,)).fetchone()
are_creds = bool(row_cr and row_cr["rar_creds_enc"])
env_ctx = _fetch_cont_env_state(conn, acct)
finally:
conn.close()
return _render_cont(
request,
are_creds=are_creds,
account_meta=account_meta,
date_firma_eroare="Compania (numele firmei) este obligatorie.",
**env_ctx,
)
# Normalizare si validare email
@@ -4067,31 +4294,27 @@ async def cont_date_firma(request: Request) -> HTMLResponse:
except ValueError as exc:
conn = get_connection()
try:
account_meta = _fetch_account_meta(conn, acct)
row_cr = conn.execute("SELECT rar_creds_enc FROM accounts WHERE id=?", (acct,)).fetchone()
are_creds = bool(row_cr and row_cr["rar_creds_enc"])
env_ctx = _fetch_cont_env_state(conn, acct)
finally:
conn.close()
return _render_cont(
request,
are_creds=are_creds,
account_meta={"name": companie_raw, "email": email_raw, "cui": cui_raw},
date_firma_eroare=f"Email invalid: {exc}",
**env_ctx,
)
if not email_norm:
conn = get_connection()
try:
account_meta = _fetch_account_meta(conn, acct)
row_cr = conn.execute("SELECT rar_creds_enc FROM accounts WHERE id=?", (acct,)).fetchone()
are_creds = bool(row_cr and row_cr["rar_creds_enc"])
env_ctx = _fetch_cont_env_state(conn, acct)
finally:
conn.close()
return _render_cont(
request,
are_creds=are_creds,
account_meta={"name": companie_raw, "email": email_raw, "cui": cui_raw},
date_firma_eroare="Email-ul de contact este obligatoriu.",
**env_ctx,
)
# Normalizare si validare CUI
@@ -4100,31 +4323,27 @@ async def cont_date_firma(request: Request) -> HTMLResponse:
except ValueError as exc:
conn = get_connection()
try:
account_meta = _fetch_account_meta(conn, acct)
row_cr = conn.execute("SELECT rar_creds_enc FROM accounts WHERE id=?", (acct,)).fetchone()
are_creds = bool(row_cr and row_cr["rar_creds_enc"])
env_ctx = _fetch_cont_env_state(conn, acct)
finally:
conn.close()
return _render_cont(
request,
are_creds=are_creds,
account_meta={"name": companie_raw, "email": email_norm, "cui": cui_raw},
date_firma_eroare=f"CUI invalid: {exc}",
**env_ctx,
)
if not cui_norm:
conn = get_connection()
try:
account_meta = _fetch_account_meta(conn, acct)
row_cr = conn.execute("SELECT rar_creds_enc FROM accounts WHERE id=?", (acct,)).fetchone()
are_creds = bool(row_cr and row_cr["rar_creds_enc"])
env_ctx = _fetch_cont_env_state(conn, acct)
finally:
conn.close()
return _render_cont(
request,
are_creds=are_creds,
account_meta={"name": companie_raw, "email": email_norm, "cui": cui_raw},
date_firma_eroare="CUI-ul firmei este obligatoriu.",
**env_ctx,
)
# Actualizare in DB
@@ -4142,26 +4361,24 @@ async def cont_date_firma(request: Request) -> HTMLResponse:
).fetchone()
owner = existing["id"] if existing else "?"
account_meta = _fetch_account_meta(conn, acct)
row_cr = conn.execute("SELECT rar_creds_enc FROM accounts WHERE id=?", (acct,)).fetchone()
are_creds = bool(row_cr and row_cr["rar_creds_enc"])
env_ctx = _fetch_cont_env_state(conn, acct)
return _render_cont(
request,
are_creds=are_creds,
account_meta={"name": companie_raw, "email": email_norm, "cui": cui_norm},
date_firma_eroare=(
f"CUI-ul {cui_norm} este deja folosit de alt cont (id={owner}). "
"Foloseste un CUI diferit sau contacteaza administratorul."
),
**env_ctx,
)
account_meta = _fetch_account_meta(conn, acct)
row_cr = conn.execute("SELECT rar_creds_enc FROM accounts WHERE id=?", (acct,)).fetchone()
are_creds = bool(row_cr and row_cr["rar_creds_enc"])
env_ctx = _fetch_cont_env_state(conn, acct)
return _render_cont(
request,
are_creds=are_creds,
account_meta=account_meta,
date_firma_mesaj="Datele firmei au fost salvate.",
**env_ctx,
)
finally:
conn.close()
@@ -4244,18 +4461,15 @@ def cont_rar_creds(
if not email or not parola:
conn = get_connection()
try:
row = conn.execute(
"SELECT rar_creds_enc FROM accounts WHERE id=?", (acct,)
).fetchone()
are_creds = bool(row and row["rar_creds_enc"])
account_meta = _fetch_account_meta(conn, acct)
env_ctx = _fetch_cont_env_state(conn, acct)
finally:
conn.close()
return _render_cont(
request,
are_creds=are_creds,
creds_eroare="Email si parola sunt obligatorii.",
account_meta=account_meta,
**env_ctx,
)
enc = encrypt_creds({"email": email, "password": parola})
@@ -4266,11 +4480,222 @@ def cont_rar_creds(
(enc, acct),
)
account_meta = _fetch_account_meta(conn, acct)
env_ctx = _fetch_cont_env_state(conn, acct)
return _render_cont(
request,
are_creds=True,
creds_mesaj="Credentialele RAR au fost salvate cu succes.",
account_meta=account_meta,
**env_ctx,
)
finally:
conn.close()
@router.post("/cont/test-rar-creds", response_class=HTMLResponse)
def cont_test_rar_creds(
request: Request,
rar_email: str = Form(""),
rar_parola: str = Form(""),
rar_env: str = Form(default=""),
csrf_token: str | None = Form(None),
) -> HTMLResponse:
"""Testeaza credentialele RAR prin login real pe mediul specificat (US-007, PRD 5.20).
Fara efecte secundare: nu salveaza nimic, nu creeaza submission. Pur validare.
Camp parola NICIODATA re-pus in raspuns.
Decizie env (documentata US-007):
- param `rar_env` explicit ('test'/'prod') -> folosit direct
- altfel -> rar_env_efectiv_cont (default-ul contului) sau ancora globala settings.rar_env
- signup nu colecteaza creds RAR, deci nu apeleaza aceasta functie
"""
account_id = require_login(request)
verify_csrf(request, csrf_token)
email = rar_email.strip()
parola = rar_parola.strip()
if not email or not parola:
return templates.TemplateResponse(
"_integrare_test_rezultat.html",
{"request": request, "succes": False,
"mesaj": "Email si parola sunt obligatorii."},
)
# Determina env-ul de validare
settings = get_settings()
env_cerut = (rar_env or "").strip().lower()
if env_cerut in ("test", "prod"):
env = env_cerut
else:
# Fallback: env-ul efectiv al contului (default) sau ancora globala
conn = get_connection()
try:
env = rar_env_efectiv_cont(conn, account_id) or settings.rar_env or "test"
finally:
conn.close()
ok, mesaj_eroare = _valideaza_login_rar(settings, email, parola, env)
if ok:
env_label = _eticheta_mediu_rar(env)
return templates.TemplateResponse(
"_integrare_test_rezultat.html",
{"request": request, "succes": True,
"mesaj": f"Credentiale RAR valide pe {env_label}."},
)
return templates.TemplateResponse(
"_integrare_test_rezultat.html",
{"request": request, "succes": False, "mesaj": mesaj_eroare},
)
# =========================================================================== #
# US-008 (PRD 5.20): Configurare medii RAR per cont — Testare + Productie. #
# Ruta noua /cont/rar-medii: gestioneaza bifa activare, credentiale si #
# mediul implicit separat pentru fiecare din cele doua medii RAR. #
# =========================================================================== #
@router.post("/cont/rar-medii", response_class=HTMLResponse)
async def cont_rar_medii(request: Request) -> HTMLResponse:
"""Salveaza configuratia mediilor RAR per cont (US-008, PRD 5.20).
Doua sectiuni independente (Testare / Productie): fiecare cu bifa de activare
si campuri email/parola. La salvare, pentru fiecare mediu activat cu creds noi:
- valideaza prin login pe acel env (US-007) — RAR test si prod sunt sisteme separate;
- OK -> cripteaza cu Fernet si scrie in rar_creds_{env}_enc + enabled=1;
- esec login -> eroare per-env, mediul NU devine disponibil (creds nesalvate).
Activarea Productie pentru prima oara necesita checkbox-ul de confirmare
(constientizare L.142 — trimiterile sunt declaratii oficiale, finale si fara anulare).
Mediul implicit (rar_env_default) poate fi setat DOAR pe un mediu disponibil
(validat server-side post-update; altfel eroare, valoarea veche ramane).
Parolele NICIODATA reflectate inapoi in pagina (camp gol cu placeholder).
"""
account_id = require_login(request)
form = await request.form()
verify_csrf(request, str(form.get("csrf_token") or ""))
acct = account_or_default(account_id)
test_enabled_form = form.get("test_enabled") == "1"
prod_enabled_form = form.get("prod_enabled") == "1"
prod_confirmare = form.get("prod_confirmare") == "1"
test_email = str(form.get("test_email") or "").strip()
test_parola = str(form.get("test_parola") or "").strip()
prod_email = str(form.get("prod_email") or "").strip()
prod_parola = str(form.get("prod_parola") or "").strip()
rar_env_default_form = str(form.get("rar_env_default") or "").strip()
settings = get_settings()
creds_test_eroare: str | None = None
creds_test_mesaj: str | None = None
creds_prod_eroare: str | None = None
creds_prod_mesaj: str | None = None
creds_default_eroare: str | None = None
creds_default_mesaj: str | None = None
conn = get_connection()
try:
# Starea curenta din DB (inainte de update) — necesara pt logica de confirmare prod.
row_before = conn.execute(
"SELECT rar_prod_enabled FROM accounts WHERE id=?", (acct,)
).fetchone()
was_prod_enabled = bool(row_before["rar_prod_enabled"]) if row_before else False
# Confirmare obligatorie la PRIMA activare Productie (constientizare L.142).
# Nu se cere daca Productie era deja activata (confirmare unica per-activare).
if prod_enabled_form and not was_prod_enabled and not prod_confirmare:
creds_prod_eroare = (
"Bifati confirmarea de mai jos pentru a activa mediul Productie: "
"\"Inteleg ca trimiterile pe Productie sunt declaratii reale (L.142)\"."
)
account_meta = _fetch_account_meta(conn, acct)
env_ctx = _fetch_cont_env_state(conn, acct)
return _render_cont(
request,
account_meta=account_meta,
creds_prod_eroare=creds_prod_eroare,
**env_ctx,
)
# --- Procesare Testare ---
if test_enabled_form:
if test_email and test_parola:
# Ambele campuri completate -> valideaza prin login pe RAR Testare.
ok, mesaj = _valideaza_login_rar(settings, test_email, test_parola, "test")
if ok:
enc = encrypt_creds({"email": test_email, "password": test_parola})
conn.execute(
"UPDATE accounts SET rar_test_enabled=1, rar_creds_test_enc=? WHERE id=?",
(enc, acct),
)
creds_test_mesaj = "Credentiale Testare salvate si validate."
else:
# Login esuat: nu schimbam creds sau enabled; eroare per-env.
creds_test_eroare = mesaj
elif test_email or test_parola:
# Doar unul din campuri completat -> eroare (nu pot fi partial).
creds_test_eroare = "Email si parola Testare trebuie completate impreuna."
else:
# Activat fara creds noi -> marcheaza enabled (creds existente, daca sunt, raman).
conn.execute("UPDATE accounts SET rar_test_enabled=1 WHERE id=?", (acct,))
else:
# Dezactivat -> disabled=0; creds raman pentru posibila re-activare ulterioara.
conn.execute("UPDATE accounts SET rar_test_enabled=0 WHERE id=?", (acct,))
# --- Procesare Productie ---
if prod_enabled_form:
if prod_email and prod_parola:
ok, mesaj = _valideaza_login_rar(settings, prod_email, prod_parola, "prod")
if ok:
enc = encrypt_creds({"email": prod_email, "password": prod_parola})
conn.execute(
"UPDATE accounts SET rar_prod_enabled=1, rar_creds_prod_enc=? WHERE id=?",
(enc, acct),
)
creds_prod_mesaj = "Credentiale Productie salvate si validate."
else:
creds_prod_eroare = mesaj
elif prod_email or prod_parola:
creds_prod_eroare = "Email si parola Productie trebuie completate impreuna."
else:
conn.execute("UPDATE accounts SET rar_prod_enabled=1 WHERE id=?", (acct,))
else:
conn.execute("UPDATE accounts SET rar_prod_enabled=0 WHERE id=?", (acct,))
# --- Mediu implicit (validat post-update contra mediilor disponibile) ---
if rar_env_default_form and rar_env_default_form in ("test", "prod"):
from ..rar_env import medii_disponibile as _medii_disponibile_fn
row_after = conn.execute(
"SELECT rar_test_enabled, rar_prod_enabled, "
"rar_creds_test_enc, rar_creds_prod_enc "
"FROM accounts WHERE id=?", (acct,)
).fetchone()
medii_post = _medii_disponibile_fn(row_after)
if rar_env_default_form in medii_post:
conn.execute(
"UPDATE accounts SET rar_env_default=? WHERE id=?",
(rar_env_default_form, acct),
)
creds_default_mesaj = "Mediu implicit actualizat."
else:
creds_default_eroare = (
"Mediul ales nu e disponibil — activeaza-l si adauga credentiale valide intai."
)
account_meta = _fetch_account_meta(conn, acct)
env_ctx = _fetch_cont_env_state(conn, acct)
return _render_cont(
request,
account_meta=account_meta,
creds_test_mesaj=creds_test_mesaj,
creds_test_eroare=creds_test_eroare,
creds_prod_mesaj=creds_prod_mesaj,
creds_prod_eroare=creds_prod_eroare,
creds_default_eroare=creds_default_eroare,
creds_default_mesaj=creds_default_mesaj,
**env_ctx,
)
finally:
conn.close()

View File

@@ -118,10 +118,13 @@
{% endfor %}
{# ===== US-005 (5.16): Chips extra + picker '+ Adauga alta operatie / cod RAR' in mod operatii ===== #}
{# Chips extra: cod_op_service gol, cod_prestatie setat — afisate flat cu × (reuse remove_flat) #}
{# Chips extra: cod_op_service gol, cod_prestatie setat — afisate flat cu × (reuse remove_flat).
T-7 (5.16): containerul .chips se randeaza DOAR cand exista chips extra — altfel ramanea
un chenar gol nefinisat sub randurile de operatie. #}
{% set _extra_chips = _chips | rejectattr('cod_op_service') | selectattr('cod_prestatie') | list %}
{% if _extra_chips %}
<div class="chips" role="group" aria-label="Coduri RAR suplimentare" style="margin-top:4px;">
{% for chip in _chips %}
{% if not chip.cod_op_service and chip.cod_prestatie %}
{% for chip in _extra_chips %}
{% set _is_warn_extra = chip.cod_prestatie in ('R-ODO', 'I-ODO') %}
<span class="chip {% if _is_warn_extra %}chip-warn{% endif %}"
aria-label="Cod RAR suplimentar {{ chip.cod_prestatie }}">
@@ -134,9 +137,9 @@
hx-vals='{"chips_action":"remove_flat","chips_remove_cod":"{{ chip.cod_prestatie }}"}'
aria-label="Sterge codul suplimentar {{ chip.cod_prestatie }}">&times;</button>
</span>
{% endif %}
{% endfor %}
</div>
{% endif %}
{% if nomenclator_rar %}
<span style="display:inline-flex;align-items:center;gap:4px;margin-top:4px;">
<select name="chips_add_cod_flat"

View File

@@ -6,19 +6,26 @@
style="margin-top:22px; padding-top:18px; border-top:2px solid var(--line);"
{% if oob %}hx-swap-oob="outerHTML"{% endif %}>
<div class="card">
<div style="display:flex; align-items:center; gap:8px; flex-wrap:wrap; margin:0 0 12px;">
<h2 id="trimiteri-heading" style="font-size:15px; margin:0;">
Trimiterile tale
{# US-002 (5.16): titlul de sectiune vizibil ("Trimiterile tale") a fost eliminat —
lista incepe direct sub filtre. Heading pastrat sr-only pentru a11y (section
aria-labelledby). Badge-ul de atentie + export CSV stau intr-un rand discret. #}
<h2 id="trimiteri-heading" class="sr-only">Trimiterile tale</h2>
{% if blocate_total %}
<div style="display:flex; align-items:center; gap:6px; flex-wrap:wrap; margin:0 0 10px;">
<span class="tab-badge" title="{{ blocate_total }} necesita atentie"
style="display:inline-flex; align-items:center; justify-content:center; min-width:18px; height:18px; margin-left:6px; padding:0 5px; border-radius:99px; background:var(--err); color:#fff; font-size:11px; font-weight:700;">{{ blocate_total }}</span>
{% endif %}
</h2>
style="display:inline-flex; align-items:center; justify-content:center; min-width:18px; height:18px; padding:0 5px; border-radius:99px; background:var(--err); color:#fff; font-size:11px; font-weight:700;">{{ blocate_total }}</span>
<span class="muted" style="font-size:var(--fs-sm);">de rezolvat</span>
<span style="margin-left:auto; display:flex; gap:8px; flex-wrap:wrap;">
<a class="cardlink" href="/v1/audit/export?status=sent" download>export CSV: trimise</a>
<a class="cardlink" href="/v1/audit/export?status=all" download>toate</a>
</span>
</div>
{% else %}
<div style="display:flex; justify-content:flex-end; gap:8px; flex-wrap:wrap; margin:0 0 10px;">
<a class="cardlink" href="/v1/audit/export?status=sent" download>export CSV: trimise</a>
<a class="cardlink" href="/v1/audit/export?status=all" download>toate</a>
</div>
{% endif %}
<!-- Bara de filtre: [quick-pills data STANGA] [cautare vehicul MIJLOC] [pills stare DREAPTA].
Pill-urile de stare scriu campul hidden status si re-trimit form-ul (filtreazaStare).

View File

@@ -114,36 +114,106 @@
<!-- Sectiunea: Credentiale RAR -->
<div>
<h3 style="font-size:13px; color:var(--muted); font-weight:500; margin:0 0 8px; text-transform:uppercase; letter-spacing:.04em;">Credentiale RAR (portal AUTOPASS)</h3>
{% if are_creds %}
<div class="flash" style="margin-bottom:12px;">Credentiale RAR configurate.</div>
{% endif %}
<h3 style="font-size:13px; color:var(--muted); font-weight:500; margin:0 0 12px; text-transform:uppercase; letter-spacing:.04em;">Credentiale RAR (portal AUTOPASS)</h3>
{% if creds_mesaj %}
<div class="flash" style="margin-bottom:12px;">{{ creds_mesaj }}</div>
{% endif %}
{% if creds_eroare %}
<div class="banner" style="margin-bottom:12px; padding:8px 12px;">{{ creds_eroare }}</div>
{% endif %}
<form hx-post="/cont/rar-creds"
<form hx-post="/cont/rar-medii"
hx-target="#card-cont"
hx-swap="outerHTML">
<input type="hidden" name="csrf_token" value="{{ csrf_token }}">
<!-- Subsectiunea: Testare -->
<div style="margin-bottom:16px; padding-bottom:16px; border-bottom:1px solid var(--line);">
<p style="margin:0 0 6px;">
<label style="font-size:13px; color:var(--muted); display:flex; align-items:center; gap:6px;">
<input type="checkbox" name="test_enabled" value="1" {% if test_enabled %}checked{% endif %}>
Activare Testare
</label>
{% if test_disponibil %}
<span style="font-size:12px; color:var(--ok);">configurat</span>
{% endif %}
</p>
<p style="margin:0 0 8px;">
<label style="font-size:13px; color:var(--muted);">Email RAR</label><br>
<input type="email" name="rar_email" required style="width:100%; max-width:340px;"
<label style="font-size:13px; color:var(--muted);">Email RAR Testare</label><br>
<input type="email" name="test_email" style="width:100%; max-width:340px;"
placeholder="email@service.ro">
</p>
<p style="margin:0 0 12px;">
<label style="font-size:13px; color:var(--muted);">Parola RAR</label><br>
<input type="password" name="rar_parola" required style="width:100%; max-width:340px;"
<p style="margin:0 0 8px;">
<label style="font-size:13px; color:var(--muted);">Parola RAR Testare</label><br>
<input type="password" name="test_parola" style="width:100%; max-width:340px;"
autocomplete="new-password">
</p>
<button type="submit">Salveaza credentiale RAR</button>
<span style="font-size:12px; color:var(--muted); margin-left:8px;">Parola stocata criptat, niciodata in clar.</span>
{% if creds_test_mesaj %}
<div class="flash" style="margin-top:6px;">{{ creds_test_mesaj }}</div>
{% endif %}
{% if creds_test_eroare %}
<div class="banner" style="margin-top:6px; padding:8px 12px;">{{ creds_test_eroare }}</div>
{% endif %}
</div>
<!-- Subsectiunea: Productie -->
<div style="margin-bottom:16px; padding-bottom:16px; border-bottom:1px solid var(--line);">
<p style="margin:0 0 6px;">
<label style="font-size:13px; color:var(--muted); display:flex; align-items:center; gap:6px;">
<input type="checkbox" name="prod_enabled" value="1" {% if prod_enabled %}checked{% endif %}>
Activare Productie
</label>
{% if prod_disponibil %}
<span style="font-size:12px; color:var(--ok);">configurat</span>
{% endif %}
</p>
<p style="margin:0 0 8px;">
<label style="font-size:13px; color:var(--muted);">Email RAR Productie</label><br>
<input type="email" name="prod_email" style="width:100%; max-width:340px;"
placeholder="email@service.ro">
</p>
<p style="margin:0 0 8px;">
<label style="font-size:13px; color:var(--muted);">Parola RAR Productie</label><br>
<input type="password" name="prod_parola" style="width:100%; max-width:340px;"
autocomplete="new-password">
</p>
<p style="margin:0 0 8px;">
<label style="font-size:13px; color:var(--muted); display:flex; align-items:flex-start; gap:6px;">
<input type="checkbox" name="prod_confirmare" value="1" style="margin-top:2px; flex-shrink:0;">
Inteleg ca trimiterile pe Productie sunt declaratii reale (L.142), finale si fara anulare.
</label>
</p>
{% if creds_prod_mesaj %}
<div class="flash" style="margin-top:6px;">{{ creds_prod_mesaj }}</div>
{% endif %}
{% if creds_prod_eroare %}
<div class="banner" style="margin-top:6px; padding:8px 12px;">{{ creds_prod_eroare }}</div>
{% endif %}
</div>
<!-- Selector mediu implicit -->
<div style="margin-bottom:16px;">
<label style="font-size:13px; color:var(--muted);">Mediu implicit pentru trimiteri</label><br>
{% if medii_disponibile %}
<select name="rar_env_default" style="width:100%; max-width:340px; margin-top:4px;">
{% for env in medii_disponibile %}
<option value="{{ env }}"{% if env == rar_env_default %} selected{% endif %}>{{ "Testare" if env == "test" else "Productie" }}</option>
{% endfor %}
</select>
{% else %}
<p style="font-size:13px; color:var(--muted); margin:4px 0 0;">Activeaza si valideaza un mediu intai.</p>
{% endif %}
{% if creds_default_mesaj %}
<div class="flash" style="margin-top:6px;">{{ creds_default_mesaj }}</div>
{% endif %}
{% if creds_default_eroare %}
<div class="banner" style="margin-top:6px; padding:8px 12px;">{{ creds_default_eroare }}</div>
{% endif %}
</div>
<button type="submit">Salveaza mediile RAR</button>
<span style="font-size:12px; color:var(--muted); margin-left:8px;">Parolele stocate criptat, niciodata in clar.</span>
</form>
</div>
</div>

View File

@@ -103,8 +103,8 @@
<div class="act-group" style="margin-top:14px;">
<button type="submit" class="act act-primary" aria-label="{{ btn_label or 'Salveaza' }}">
<span class="act-tx">{{ btn_label or 'Salveaza' }}</span>{{ icon('save') }}</button>
<button type="button" class="act" aria-label="{{ cancel_label or 'Anuleaza' }}" data-modal-close>
<span class="act-tx">{{ cancel_label or 'Anuleaza' }}</span>{{ icon('x') }}</button>
<button type="button" class="act" aria-label="{{ cancel_label or 'Renunta' }}" data-modal-close>
<span class="act-tx">{{ cancel_label or 'Renunta' }}</span>{{ icon('x') }}</button>
</div>
{% else %}
<div style="margin-top:14px;">

View File

@@ -226,7 +226,7 @@
</div>
</div>
{# Formular test conexiune #}
{# Formular test conexiune cheie API #}
<div class="card" style="margin-bottom:16px;">
<h3 style="margin:0 0 12px; font-size:15px;">Testeaza conexiunea</h3>
<form id="form-test-cheie"
@@ -246,6 +246,42 @@
<div id="integrare-test-rezultat" style="margin-top:8px;"></div>
</div>
{# Formular test credentiale RAR (US-007, PRD 5.20) #}
{# Login de proba pe mediul ales — fara efecte secundare, nu salveaza nimic. #}
{# Banner-ul de rezultat include eticheta mediului ("pe TESTARE" / "pe PRODUCTIE"). #}
<div class="card" style="margin-bottom:16px;">
<h3 style="margin:0 0 6px; font-size:15px;">Testeaza credentiale RAR</h3>
<p class="muted" style="font-size:12px; margin:0 0 10px;">
Verifica daca credentialele RAR sunt corecte pe mediul ales. Nu se salveaza nimic.
</p>
<form id="form-test-rar-creds"
hx-post="/cont/test-rar-creds"
hx-target="#rar-test-rezultat"
hx-swap="innerHTML"
style="display:flex; gap:8px; flex-wrap:wrap; align-items:flex-end;">
<input type="hidden" name="csrf_token" value="{{ csrf_token }}">
<div>
<label for="test-rar-email" style="display:block; font-size:13px; color:var(--muted); margin-bottom:4px;">Email RAR</label>
<input type="email" id="test-rar-email" name="rar_email" placeholder="email@service.ro"
style="width:220px;" autocomplete="off">
</div>
<div>
<label for="test-rar-parola" style="display:block; font-size:13px; color:var(--muted); margin-bottom:4px;">Parola RAR</label>
<input type="password" id="test-rar-parola" name="rar_parola"
style="width:160px;" autocomplete="new-password">
</div>
<div>
<label for="test-rar-env" style="display:block; font-size:13px; color:var(--muted); margin-bottom:4px;">Mediu</label>
<select id="test-rar-env" name="rar_env" style="height:36px; padding:0 8px;">
<option value="prod">Productie</option>
<option value="test">Testare</option>
</select>
</div>
<button type="submit">Testeaza RAR</button>
</form>
<div id="rar-test-rezultat" style="margin-top:8px;"></div>
</div>
</div>
<script>

View File

@@ -14,6 +14,14 @@
Preview —
<span class="muted" style="font-weight:400;">{{ filename or ("import #" ~ import_id) }}</span>
</h2>
{# Badge mediu RAR (US-009): vizibil intotdeauna in preview (claritate tinta) #}
{% if rar_env %}
<span class="pill" style="font-size:var(--fs-xs);
{% if rar_env == 'prod' %}background:color-mix(in srgb,#B4452F 15%,var(--card)); border-color:#B4452F; color:#B4452F; font-weight:700;
{% else %}background:color-mix(in srgb,var(--accent) 12%,var(--card)); border-color:var(--accent); color:var(--accent);{% endif %}">
{{ "PRODUCTIE" if rar_env == "prod" else "Testare" }}
</span>
{% endif %}
<span class="muted" style="margin-left:auto; font-size:var(--fs-sm);">{{ total }} randuri</span>
</div>
@@ -144,19 +152,18 @@
{% endif %}
<!-- Tabel preview in format identic cu tabelul Trimiteri (.tabel-trimiteri).
US-007: 8 coloane (coloana de verificare eliminata).
Randurile au FORM PROPRIU pentru editare (NU sunt in #confirm-form). -->
5.16 (T-4): densitate redusa la coloanele esentiale — Stare / Vehicul /
Operatie / Data + Actiuni. KM final + mesajul de validare (Note) au iesit
din tabel: KM se editeaza in modal, motivul apare ca tooltip pe pill-ul de
Stare. Randurile au FORM PROPRIU pentru editare (NU sunt in #confirm-form). -->
<div id="preview-tabel" class="tablewrap tabel-trimiteri">
<table>
<thead>
<tr>
<th class="col-id">#</th>
<th class="col-stare">Stare</th>
<th class="col-vehicul">Vehicul</th>
<th class="col-operatie">Operatie</th>
<th class="col-data">Data</th>
<th class="col-km">KM final</th>
<th class="col-note">Note</th>
<th class="col-actiuni">Actiuni</th>
</tr>
</thead>
@@ -179,6 +186,8 @@
hx-target="#import-section"
hx-swap="outerHTML">
<input type="hidden" name="csrf_token" value="{{ csrf_token or '' }}">
{# Mediu RAR ales la upload — propagar la commit (US-009) #}
<input type="hidden" name="rar_env" value="{{ rar_env or '' }}">
<div class="sticky-bar">
<div style="flex:1; min-width:280px;">
<!-- Banner declarant — direct deasupra input-ului N -->

View File

@@ -23,9 +23,21 @@
{% if _sent_dup %}class="preview-sent-row"{% endif %}
{% if oob_tr %}hx-swap-oob="outerHTML:#preview-row-{{ row.row_index }}"{% endif %}
style="{% if status == 'needs_review' %}background:rgba(230,179,74,.04);{% elif _sent_dup %}opacity:.6;{% endif %}">
<td class="col-id muted" data-eticheta="#">{{ row.row_index + 1 }}</td>
{#- Motivul (validare / deja-trimis / duplicat) — fost coloana Note, acum tooltip pe pill.
KM final iese din tabel (se editeaza in modal). -#}
{%- if status == 'already_sent' and row.get('already_sent_info') -%}
{%- set ai = row.already_sent_info -%}
{%- set _nota = 'deja trimis ' ~ ((ai.get('created_at') or '')[:10]) ~ ((' (#' ~ ai.id_prezentare ~ ')') if ai.get('id_prezentare') else '') -%}
{%- elif status == 'duplicate_in_file' and row.get('duplicate_with') -%}
{%- set _dwith = [] -%}
{%- for idx in row.duplicate_with -%}{{ _dwith.append(idx + 1) or '' }}{%- endfor -%}
{%- set _nota = 'dubla cu randul ' ~ (_dwith | join(', ')) -%}
{%- else -%}
{%- set _nota = row.nota_umana or '' -%}
{%- endif -%}
<td class="col-stare" data-eticheta="Stare">
<span class="pill {{ row.stare_css }}" style="display:inline-flex; align-items:center; gap:5px;">
<span class="pill {{ row.stare_css }}" style="display:inline-flex; align-items:center; gap:5px;"
{% if _nota %}title="{{ _nota }}"{% endif %}>
<span aria-hidden="true" style="display:inline-block; width:7px; height:7px; border-radius:99px; background:currentColor; flex-shrink:0;"></span>{{ row.stare_eticheta }}</span>
</td>
<td class="col-vehicul" data-eticheta="Vehicul">
@@ -43,20 +55,6 @@
{% endif %}
</td>
<td class="col-data" data-eticheta="Data prestatie">{{ row.prez.data_prestatie }}</td>
<td class="col-km" data-eticheta="KM final">{{ row.prez.odometru }}</td>
<td class="col-note" data-eticheta="Note"
style="font-size:var(--fs-xs); white-space:normal;">
{% if status == 'already_sent' and row.get('already_sent_info') %}
{% set ai = row.already_sent_info %}
deja trimis {{ (ai.get('created_at') or '')[:10] }}
{% if ai.get('id_prezentare') %}(#{{ ai.id_prezentare }}){% endif %}
{% elif status == 'duplicate_in_file' and row.get('duplicate_with') %}
dubla cu randul
{% for idx in row.duplicate_with %}{{ idx + 1 }}{% if not loop.last %}, {% endif %}{% endfor %}
{% else %}
{{ row.nota_umana or '' }}
{% endif %}
</td>
<td class="col-actiuni" data-eticheta="Actiuni" style="text-align:center;">
{% if status not in ('already_sent', 'duplicate_in_file') %}
<button type="button" class="btn-editeaza"

View File

@@ -137,10 +137,11 @@
class="status-nav-link{% if _tab == 'mapari' %} status-nav-activ{% endif %}">Mapari{% if mapari_badge %}<span class="tab-badge" aria-hidden="true" style="display:inline-flex; align-items:center; justify-content:center; min-width:16px; height:16px; margin-left:4px; padding:0 4px; border-radius:99px; background:var(--err); color:#fff; font-size:11px; font-weight:700;">{{ mapari_badge }}</span>{% endif %}</a>
</nav>
{# US-006 (5.17): linia de plan — consum/trial (secundar, sub navigatie, non-blocant).
Warn=culoare+text (accesibilitate): >=80% -> --warn; limita atinsa -> --err.
Ierarhie: nu concureaza cu stripul de sanatate (E zero-silent-failures pastrat). #}
{% if plan_linie is defined and plan_linie %}
{# US-006 (5.17) + T-6 (5.16): linia de plan in CORP apare DOAR in starea de avertizare
(>=80% -> --warn; limita atinsa -> --err). Consumul normal (N/60) traieste in badge-ul
din antet + linia din meniul burger, nu ca rand permanent in corp (densitate redusa).
Ierarhie: nu concureaza cu stripul de sanatate (zero-silent-failures pastrat). #}
{% if plan_linie and (plan_warn|default(false) or plan_limita_atinsa|default(false)) %}
<div class="plan-status-line"
style="font-size:var(--fs-sm); margin-top:6px; padding-top:6px;
border-top:1px solid var(--line2);

View File

@@ -96,41 +96,43 @@
{% endif %}
</div>
{# Bloc text principal — stanga, ocupa spatiul ramas #}
{# Bloc text principal — stanga, ocupa spatiul ramas. Rand de 2 linii (spec 5.16):
L1 = placuta (identificator primar); L2 = cod RAR · operatie · data prestatie. #}
<div style="flex:1 1 auto; min-width:0;">
{# Linia 1: VIN mono scurt (slim-vin).
Guard: vin_scurt='—' inseamna VIN lipsa; fallback la vehicul_nr. #}
{% if r.prez.vin_scurt and r.prez.vin_scurt != '—' %}
<div class="slim-vin">{{ r.prez.vin_scurt }}</div>
{# Linia 1: nr. inmatriculare (placuta) — identificatorul primar pe care il
scaneaza operatorul. .slim-vin reumplut (acelasi nume de clasa, churn minim).
Fallback cand placuta lipseste ('—'): VIN scurt, apoi mesaj neutru
(nu randa em-dash izolat ca identificator). #}
{% if r.prez.vehicul_nr and r.prez.vehicul_nr != '—' %}
<div class="slim-vin">{{ r.prez.vehicul_nr }}</div>
{% elif r.prez.vin_scurt and r.prez.vin_scurt != '—' %}
<div class="slim-vin muted">{{ r.prez.vin_scurt }}</div>
{% else %}
<div class="slim-vin muted">{{ r.prez.vehicul_nr }}</div>
<div class="slim-vin muted">fara numar</div>
{% endif %}
{# Linia 2: Operatie · ora/data (slim-meta muted) #}
<div class="slim-meta">{{ r.prez.operatie }} · {{ r.updated_at }}</div>
{# Cod RAR sau indicatorul 'nemapat': discret sub operatie.
Mentine compatibilitatea cu testele cod_rar: OE-2 vizibil, fara prefix 'cod RAR:'. #}
{# Linia 2: cod RAR (sau 'nemapat') · operatie (ink, ellipsis) · data prestatie.
Separatorul "·" e injectat prin CSS intre celule. Operatia primeste ellipsis
ca randul sa NU treaca pe a 3-a linie nici la 390px.
VIN integral, #id_prezentare si secundele traiesc in modalul de detaliu. #}
<div class="slim-meta slim-rand2">
{% if r.prez.cod_rar and r.prez.cod_rar != '—' %}
<div class="slim-meta"><span class="cod-rar-cod">{{ r.prez.cod_rar }}</span></div>
<span class="cod-rar-cod">{{ r.prez.cod_rar }}</span>
{% else %}
<div class="slim-meta muted cod-rar-sub">nemapat</div>
<span class="cod-rar-cod cod-rar-sub muted">nemapat</span>
{% endif %}
<span class="slim-op">{{ r.prez.operatie }}</span>
{% if r.prez.data_prestatie and r.prez.data_prestatie != '—' %}
<span class="slim-data muted">{{ r.prez.data_prestatie }}</span>
{% endif %}
{# Linia meta discreta: nr inmatriculare · data prestatie · nr prezentare RAR.
Accesibila pe rand; informatia completa e in modalul de detaliu. #}
<div class="slim-meta" style="opacity:0.7;">
{{ r.prez.vehicul_nr -}}
{%- if r.prez.data_prestatie and r.prez.data_prestatie != '—' %} · {{ r.prez.data_prestatie }}{% endif -%}
{%- if r.id_prezentare %} · #{{ r.id_prezentare }}{% endif %}
</div>
{# Eticheta umana scurta sub pill — text mic, s-error pe error/needs_*.
Afisata DOAR pe randuri cu problema (eticheta_problema ne-goala).
Starea transmisa prin TEXT, nu doar culoare. #}
{# Micro-linie umana a problemei — text mic s-error, DOAR pe stari de problema
(loud-on-exception D6). Randul normal/finalizat ramane strict 2 linii.
Token tipografic --fs-xs (>=12px, scala 5.16). #}
{% if r.eticheta_problema and r.eticheta_problema != r.stare_scurt and r.eticheta_problema != r.stare_text %}
<div class="eticheta-problema s-error" style="font-size:10px; margin-top:2px;">{{ r.eticheta_problema }}</div>
<div class="eticheta-problema s-error">{{ r.eticheta_problema }}</div>
{% endif %}
</div>

View File

@@ -32,6 +32,38 @@
hx-indicator="#upload-spinner">
<input type="hidden" name="csrf_token" value="{{ csrf_token or '' }}">
{# Indicator mediu RAR (US-009, PRD 5.20): vizibil inainte de drop-zone #}
{% set medii_rar = medii | default([]) %}
{% if medii_rar | length == 0 %}
{# Banner avertisment — non-blocant (upload continua; commit foloseste ancora globala) #}
<div style="margin-bottom:10px; padding:8px 14px; border-radius:6px;
background:color-mix(in srgb, var(--warn, #e6b34a) 12%, var(--card));
border:1px solid var(--warn, #e6b34a); font-size:13px;" role="note">
<strong>Niciun mediu RAR configurat.</strong>
Trimiterea va folosi configuratia globala. Pentru a activa Testare sau Productie,
<a href="?tab=cont" style="color:var(--accent);">configureaza credentialele RAR</a>.
</div>
{% elif medii_rar | length == 1 %}
{# Eticheta statica (un singur mediu disponibil) #}
<input type="hidden" name="rar_env" value="{{ medii_rar[0] }}">
<div style="margin-bottom:10px; font-size:var(--fs-sm); color:var(--muted);">
Mediu RAR:
<strong>{{ "Testare" if medii_rar[0] == "test" else "Productie" }}</strong>
</div>
{% else %}
{# Selector (doua medii disponibile) #}
<div style="margin-bottom:10px; display:flex; align-items:center; gap:10px;">
<label for="rar-env-select"
style="font-size:var(--fs-sm); color:var(--muted); white-space:nowrap;">
Mediu RAR:
</label>
<select id="rar-env-select" name="rar_env">
<option value="test" {% if env_default == "test" %}selected{% endif %}>Testare</option>
<option value="prod" {% if env_default == "prod" %}selected{% endif %}>Productie</option>
</select>
</div>
{% endif %}
{% if sheets %}
<div style="margin-bottom:12px;">
<label for="sheet-select"

View File

@@ -10,6 +10,9 @@
'delete': ('Sterge', '/admin/delete', 'danger')
} %}
{# Tier-uri selectabile in panou (cod, eticheta). Aliniat cu app/plans.py#PLANS. #}
{% set TIERS = [('free', 'Gratuit'), ('standard', 'Standard'), ('pro', 'Pro'), ('premium', 'Premium')] %}
{% macro lifecycle_block(title, rows, block_id, bulk_verbs, row_verbs) %}
<div class="card">
<h3 style="margin-top:0;">{{ title }} ({{ rows|length }})</h3>
@@ -34,7 +37,7 @@
<thead><tr>
<th style="width:28px;"><input type="checkbox" class="master-check" data-block="{{ block_id }}"
aria-label="Selecteaza tot"></th>
<th>ID</th><th>Companie</th><th>CUI</th><th>Email</th><th>Stare</th><th>Inregistrat</th><th>Actiuni</th>
<th>ID</th><th>Companie</th><th>CUI</th><th>Email</th><th>Plan curent</th><th>Plan cerut</th><th>Stare</th><th>Inregistrat</th><th>Actiuni</th>
</tr></thead>
<tbody>
{% for acct in rows %}
@@ -46,6 +49,45 @@
<td>{{ acct.name }}</td>
<td class="muted">{{ acct.cui or "—" }}</td>
<td>{{ acct.email or "—" }}</td>
<td style="white-space:nowrap;">
{# Plan EFECTIV acum (prominent): trial Pro activ ridica free->pro. #}
<div style="margin-bottom:5px;">
<span class="pill" style="font-weight:600;">{{ acct.tier_efectiv_label }}</span>
{% if acct.trial_activ %}
<span class="muted" style="font-size:11px;">
trial{% if acct.trial_zile %} · {{ acct.trial_zile }} {{ 'zi' if acct.trial_zile == 1 else 'zile' }} ramase{% endif %}
→ apoi {{ acct.tier_label }}
</span>
{% endif %}
</div>
{# Schimbare plan inline: select tier de baza + Aplica. Form propriu (nu imbricat in bulk-form).
Aplica INCHEIE trial-ul si seteaza planul ales ca real, cu efect imediat. #}
<form method="post" action="/admin/set-tier" class="tier-form"
style="display:flex;align-items:center;gap:6px;">
<input type="hidden" name="csrf_token" value="{{ csrf_token }}">
<input type="hidden" name="account_id" value="{{ acct.id }}">
<select name="tier" aria-label="Plan pentru {{ acct.name }}"
style="padding:4px 8px;min-height:32px;max-width:130px;">
{% for code, label in TIERS %}
<option value="{{ code }}"{% if acct.tier == code %} selected{% endif %}>{{ label }}</option>
{% endfor %}
</select>
<button type="submit" class="btn-sm"
title="Aplica planul ales ca plan real (incheie trial-ul daca e activ)">Aplica</button>
</form>
{# Acorda/prelungeste trial Pro de N zile, fara a schimba tier-ul de baza. #}
<form method="post" action="/admin/set-trial" class="trial-form"
style="display:flex;align-items:center;gap:6px;margin-top:5px;">
<input type="hidden" name="csrf_token" value="{{ csrf_token }}">
<input type="hidden" name="account_id" value="{{ acct.id }}">
<input type="number" name="trial_days" value="30" min="1" max="3650"
aria-label="Zile trial Pro pentru {{ acct.name }}"
style="padding:4px 8px;min-height:32px;width:64px;">
<button type="submit" class="btn-sm"
title="Acorda/prelungeste trial Pro de la acum (nu schimba tier-ul de baza)">Trial Pro</button>
</form>
</td>
<td class="muted">{{ acct.requested_plan_label }}</td>
<td><span class="pill">{{ acct.status }}</span></td>
<td class="muted">{{ acct.created_at or "—" }}</td>
<td style="white-space:nowrap;">

View File

@@ -3,7 +3,7 @@
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>{% block title %}ROMFAST AUTOPASS{% endblock %}</title>
<title>{% block title %}ROA AUTOPASS{% endblock %}</title>
<script src="/static/htmx.min.js"></script>
<script>
// Raspunsurile de editare-rand contin un <tr> (swap pe rand) PLUS
@@ -143,6 +143,9 @@
.s-needs_review{color:var(--warn);}
.s-already_sent,.s-duplicate_in_file{color:var(--muted);}
.muted { color:var(--muted); }
/* Heading/eticheta accesibila doar pentru cititoare de ecran (vizual ascunsa). */
.sr-only { position:absolute; width:1px; height:1px; padding:0; margin:-1px; overflow:hidden;
clip:rect(0 0 0 0); white-space:nowrap; border:0; }
a { color:var(--accent); }
/* Drop zone upload fisier */
.drop-zone { border:2px dashed var(--line); border-radius:8px; padding:32px 20px;
@@ -410,7 +413,9 @@
.tabel-trimiteri th, .tabel-trimiteri td { white-space:normal; word-break:break-word; vertical-align:top; }
.tabel-trimiteri .col-chk { width:30px; }
.tabel-trimiteri .col-id { width:48px; }
.tabel-trimiteri .col-stare { width:104px; }
/* col-stare largita (bug 4a 5.16): cu table-layout:fixed + pill nowrap, 104px era
prea ingusta -> pill-ul de stare se revarsa peste col-vehicul. 140px o contine. */
.tabel-trimiteri .col-stare { width:140px; }
.tabel-trimiteri .col-data { width:104px; }
.tabel-trimiteri .col-rar { width:96px; }
.tabel-trimiteri .col-actualizat { width:128px; }
@@ -722,8 +727,27 @@
.trimitere-slim:last-child { border-bottom:none; }
.trimitere-slim:hover { background:color-mix(in srgb, var(--accent) 6%, transparent); }
.trimitere-slim:focus, .trimitere-slim:focus-visible { outline:2px solid var(--accent); outline-offset:-2px; }
.slim-vin { font-family:var(--font-mono); font-size:var(--fs-md); font-weight:500; color:var(--ink); }
.slim-vin { font-family:var(--font-mono); font-size:var(--fs-md); font-weight:600; color:var(--ink); }
.slim-meta { font-size:var(--fs-sm); color:var(--muted); margin-top:3px; }
/* Linia 2 a randului slim (5.16): cod RAR · operatie (ellipsis) · data, pe UN rand.
Ellipsis-ul pe operatie garanteaza 2 linii MAX si la 390px. */
.slim-rand2 { display:flex; align-items:baseline; gap:6px; min-width:0; }
.slim-rand2 .cod-rar-cod { flex:0 0 auto; font-family:var(--font-mono); font-weight:600;
color:var(--accent); }
.slim-rand2 .cod-rar-cod.muted { color:var(--muted); font-weight:500; }
.slim-rand2 .slim-op { flex:1 1 auto; min-width:0; white-space:nowrap; overflow:hidden;
text-overflow:ellipsis; color:var(--ink); }
.slim-rand2 .slim-data { flex:0 0 auto; }
.slim-rand2 .slim-op::before, .slim-rand2 .slim-data::before {
content:"·"; color:var(--muted); margin-right:6px; }
.lista-trimiteri-slim .eticheta-problema { font-size:var(--fs-xs); line-height:1.3; margin-top:2px; }
/* Pill slim (5.16): fill-tint + dot 7px + text colorat per stare (currentColor din .s-*).
Pastrat pe FIECARE rand inclusiv Finalizat (linistit dar prezent). */
.lista-trimiteri-slim .pill { display:inline-flex; align-items:center; gap:5px; font-weight:600;
background:color-mix(in srgb, currentColor 14%, transparent);
border-color:color-mix(in srgb, currentColor 35%, transparent); }
.lista-trimiteri-slim .pill::before { content:""; width:7px; height:7px; border-radius:99px;
background:currentColor; flex-shrink:0; }
/* .camp-slim — varianta compacta camp formular: label --fs-sm muted deasupra, input --fs-md, fundal --card2.
Mono pentru campuri VIN/odometru/nr: adauga clasa .camp-mono pe input. */
.camp-slim { margin-bottom:8px; }
@@ -756,7 +780,9 @@
.op-row { display:flex; align-items:center; justify-content:space-between; gap:10px;
padding:8px 10px; border:1px solid var(--line); border-radius:6px;
background:var(--card2); margin-bottom:8px; }
.op-row-name { font-size:var(--fs-xs); font-weight:500; color:var(--ink); }
/* Nume operatie emfatic (T-9 5.16): proeminent (bold) ca in mockup — e ancora
vizuala a randului de mapare op<->cod. */
.op-row-name { font-size:var(--fs-sm); font-weight:700; color:var(--ink); }
.op-row-warn { border-color:color-mix(in srgb, var(--warn) 45%, var(--line)); }
/* Mobil: tinta touch pentru trimitere-slim (deja garantata prin min-height:44px in regula de baza) */
@media (max-width:767px) {
@@ -792,7 +818,7 @@
</style>
</head>
<body>
{# US-010 (PRD 5.16): antet branduit ROMFAST AUTOPASS.
{# US-010 (PRD 5.16): antet branduit ROA AUTOPASS.
Grila 3 coloane — stanga (logo) | centru (titlu+env+tier+account_name) | dreapta (RAR dot + tema + burger).
Antet MINIMAL pe /login: nu afiseaza RAR dot, meniu burger sau account_name (nelogat). #}
<header>
@@ -804,11 +830,11 @@
<img src="/static/romfast_logo.png" alt="ROMFAST" class="brand-logo">
</a>
</div>
{# Celula centru: titlu ROMFAST AUTOPASS + badge env + badge tier + sub-titlu account_name.
{# Celula centru: titlu ROA AUTOPASS + badge env + badge tier + sub-titlu account_name.
Titlul linkeaza la / (Trimiteri) ca si logo-ul. #}
<div class="header-center">
<a href="/" style="text-decoration:none; color:inherit;">
<h1>ROMFAST AUTOPASS<span class="badge-env">{{ rar_env }}</span>{% if is_authenticated|default(false) and tier_label|default('') %}<span class="badge-tier">{{ tier_label }}</span>{% endif %}</h1>
<h1>ROA AUTOPASS<span class="badge-env">{{ rar_env }}</span>{% if is_authenticated|default(false) and tier_label|default('') %}<span class="badge-tier">{{ tier_label }}</span>{% endif %}</h1>
</a>
{% if is_authenticated|default(false) and account_name|default('') %}
<div class="h-sub">Service auto: <span class="svc">{{ account_name }}</span></div>

View File

@@ -3,8 +3,8 @@
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Gateway RAR AUTOPASS — declară automat la RAR | ROMFAST</title>
<meta name="description" content="Gateway web care declară prestațiile de service-auto la RAR AUTOPASS, automat. Conform Legii 142/2023. Gratuit până la 60 de prestații/lună, fără card bancar.">
<title>ROA AUTOPASS — declari prestațiile la RAR din câteva click-uri</title>
<meta name="description" content="Încarci fișierul tău cu operațiile service-ului, completezi o dată codurile RAR și le salvezi. ROMFAST trimite prestațiile la RAR AUTOPASS în locul tău, fără tastat manual. Conform Legii 142/2023.">
<style>
/* US-001/US-008 (PRD 5.16): IBM Plex eliminat complet — stive font sistem standard web.
@@ -32,6 +32,7 @@
.page [style*="grid-template-columns"]{grid-template-columns:1fr!important;}
.page [style*="padding:80px 40px"]{padding:48px 20px!important;}
.page [style*="padding:0 40px 80px"]{padding:0 20px 48px!important;}
.page [style*="padding:56px 40px 80px"]{padding:36px 20px 48px!important;}
.page [style*="padding:44px"]{padding:28px!important;}
.page [style*="padding:56px 40px"]{padding:40px 22px!important;}
.page [style*="height:68px"]{height:60px!important;}
@@ -54,20 +55,19 @@
<body data-theme="grafit">
<script>try{var _t=localStorage.getItem('lp-theme');if(_t&&['grafit','cobalt','cupru','hartie'].indexOf(_t)>=0)document.body.setAttribute('data-theme',_t);}catch(e){}</script>
<main class="page">
<!-- ANNOUNCE BAR -->
<div style="display:flex;align-items:center;justify-content:center;gap:16px;padding:10px 40px;background:var(--card,#181c24);border-bottom:1px solid var(--line,#262b36);font:500 13px var(--font-ui);color:var(--text,#e6e9ef);flex-wrap:wrap;">
<span style="display:inline-flex;align-items:center;gap:8px;"><svg width="15" height="15" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;"><path d="M20 6L9 17l-5-5"/></svg>Vrei să testezi sau ai un service mic? Este <strong style="font-weight:700;color:#1F9D5C;">gratuit</strong> — până la 60 de prestații/lună, fără card bancar.</span>
<a data-act="auth" data-tab="register" style="display:inline-flex;align-items:center;gap:5px;color:var(--accent,#2E74D6);font-weight:700;cursor:pointer;text-decoration:none;transition:color .18s ease, transform .18s ease;" style-hover="color:#17a96e;transform:translateX(2px)">Creează cont în 2 minute <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M5 12h14M13 6l6 6-6 6"/></svg></a>
</div>
<!-- HEADER -->
<!-- HEADER -->
<div class="lp-header" style="position:sticky;top:0;display:flex;align-items:center;justify-content:space-between;padding:0 40px;height:68px;background:var(--hbg,rgba(15,18,24,.88));backdrop-filter:blur(8px);border-bottom:1px solid var(--line,#262b36);z-index:5;">
<div style="display:flex;align-items:center;gap:48px;">
<div style="display:flex;align-items:center;gap:14px;">
<img src="/static/romfast_logo.png" alt="ROMFAST" style="height:38px;width:auto;display:block;" />
<div class="lp-nav" style="display:flex;gap:28px;font:500 14px var(--font-ui);color:var(--sub,#8b93a7);">
<span>Cum funcționează</span><span>API</span><span>Preț</span>
<div style="display:flex;flex-direction:column;line-height:1.05;">
<span style="font:700 17px var(--font-ui);letter-spacing:-.01em;color:var(--text,#e6e9ef);">ROA AUTOPASS</span>
<span style="font:500 11px var(--font-ui);letter-spacing:.04em;color:var(--sub,#8b93a7);">Gateway RAR</span>
</div>
</div>
<div style="display:flex;align-items:center;gap:28px;">
<div class="lp-nav" style="display:flex;gap:28px;font:500 14px var(--font-ui);color:var(--sub,#8b93a7);">
<a href="#cum-functioneaza" style="color:inherit;text-decoration:none;">Cum funcționează</a><a href="#api" style="color:inherit;text-decoration:none;">API</a><a href="#pret" style="color:inherit;text-decoration:none;">Preț</a>
</div>
<div class="lp-hactions" style="display:flex;align-items:center;gap:12px;">
<button data-act="theme" style="display:flex;align-items:center;gap:8px;height:40px;padding:0 13px;border-radius:6px;background:transparent;border:1px solid var(--line,#262b36);color:var(--sub,#8b93a7);font:500 13px var(--font-ui);cursor:pointer;">
<svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.6"><circle cx="12" cy="12" r="9"/><path d="M12 3a9 9 0 0 0 0 18z" fill="currentColor" stroke="none"/></svg>
@@ -77,16 +77,16 @@
<button data-act="auth" data-tab="register" style="height:44px;padding:0 18px;border-radius:6px;background:#1F9D5C;border:1px solid #1F9D5C;color:#fff;font:700 14px var(--font-ui);cursor:pointer;transition:transform .2s cubic-bezier(.2,.8,.2,1), background .2s ease, box-shadow .2s ease;" style-hover="background:#16864a;border-color:#16864a;transform:translateY(-1px)">Creează cont</button>
</div>
</div>
</div>
<!-- HERO -->
<div style="display:grid;grid-template-columns:1fr 1fr;gap:56px;align-items:center;padding:80px 40px 72px;">
<div>
<div style="display:inline-flex;align-items:center;gap:8px;padding:7px 14px;border-radius:99px;background:transparent;border:1px solid var(--line,#262b36);color:var(--text,#e6e9ef);font:500 13px var(--font-ui);margin-bottom:24px;">
<svg width="15" height="15" viewBox="0 0 24 24" fill="none" stroke="#1F9D5C" stroke-width="2.6" style="flex-shrink:0;"><path d="M20 6L9 17l-5-5"/></svg>
<span><strong style="font-weight:700;color:#1F9D5C;">Gratuit</strong> pentru testare și service-uri mici · 60 prestații/lună</span>
</div>
<h1 class="lp-h1" style="font:700 50px/1.06 var(--font-ui);letter-spacing:-.025em;margin:0 0 20px;color:var(--text,#e6e9ef);">Declară prestațiile la RAR AUTOPASS, automat</h1>
<p style="font:400 17px/1.6 var(--font-ui);color:var(--sub,#8b93a7);margin:0 0 32px;max-width:480px;">Conformitate RAR fără bătaie de cap. Încarci un fișier sau conectezi softul de service — noi trimitem prezentările la RAR în siguranță, conform Legii 142/2023.</p>
<p style="font:400 17px/1.6 var(--font-ui);color:var(--sub,#8b93a7);margin:0 0 24px;max-width:480px;">Încarci fișierul tău așa cum îl ai, potrivești o dată operațiile cu codurile RAR, și trimitem prestațiile la RAR AUTOPASS în locul tău. Fără tastat câmp cu câmp.</p>
<div style="margin-bottom:32px;">
<p style="display:flex;align-items:center;gap:8px;font:700 16px var(--font-ui);color:var(--text,#e6e9ef);margin:0;"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="#1F9D5C" stroke-width="2.6" style="flex-shrink:0;"><path d="M20 6L9 17l-5-5"/></svg><span><span style="color:#1F9D5C;">Gratuit</span> până la 60 de trimiteri/lună</span></p>
</div>
<div style="display:flex;gap:12px;margin-bottom:22px;">
<button data-act="auth" data-tab="register" style="height:50px;padding:0 26px;border-radius:6px;background:#1F9D5C;border:1px solid #1F9D5C;color:#fff;font:700 15px var(--font-ui);cursor:pointer;transition:transform .2s cubic-bezier(.2,.8,.2,1), background .2s ease, box-shadow .2s ease;" style-hover="background:#16864a;border-color:#16864a;transform:translateY(-1px)">Creează cont gratuit</button>
<button style="height:50px;padding:0 24px;border-radius:6px;background:transparent;border:1px solid var(--line,#262b36);color:var(--text,#e6e9ef);font:500 15px var(--font-ui);cursor:pointer;transition:transform .18s ease, background .18s ease, border-color .18s ease;" style-hover="background:#1F9D5C;border-color:#1F9D5C;color:#fff;transform:translateY(-1px)">Vezi cum funcționează</button>
@@ -95,8 +95,6 @@
<span style="display:flex;align-items:center;gap:6px;"><svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2"><path d="M20 6L9 17l-5-5"/></svg>Conform Legii 142/2023</span>
<span style="color:var(--line,#262b36);">·</span>
<span style="display:flex;align-items:center;gap:6px;"><svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="1.7"><rect x="5" y="11" width="14" height="9" rx="1.5"/><path d="M8 11V8a4 4 0 0 1 8 0v3"/></svg>Datele tale criptate</span>
<span style="color:var(--line,#262b36);">·</span>
<span>Fără card bancar</span>
</div>
</div>
@@ -137,65 +135,67 @@
</div>
</div>
<!-- PROBLEM -->
<div style="padding:80px 40px;background:color-mix(in srgb,#E05D5D 6%,var(--bg,#0f1218));">
<div style="display:grid;grid-template-columns:1.05fr .95fr;gap:48px;align-items:start;margin:0 auto;">
<div>
<h2 style="font:700 38px/1.14 var(--font-ui);letter-spacing:-.02em;margin:0 0 18px;color:var(--text,#e6e9ef);">Pentru fiecare comandă stai 23 minute și tastezi pe rar-autopass.ro</h2>
<p style="font:400 16px/1.65 var(--font-ui);color:var(--sub,#8b93a7);margin:0 0 16px;">VIN, cod prestație, kilometraj, dată, tip operație — câmp cu câmp, comandă cu comandă. La 20 de mașini pe zi pierzi aproape o oră. În fiecare zi.</p>
<p style="font:400 16px/1.65 var(--font-ui);color:var(--sub,#8b93a7);margin:0;">Iar dacă greșești o cifră din VIN, prestația e respinsă și o iei de la capăt — cu risc de amendă pentru raportare incompletă sau întârziată.</p>
<!-- PROBLEM + CALCULATOR (combinat) -->
<div style="padding:80px 40px 40px;background:color-mix(in srgb,#E05D5D 6%,var(--bg,#0f1218));">
<div style="text-align:center;max-width:760px;margin:0 auto 40px;">
<h2 style="font:700 38px/1.14 var(--font-ui);letter-spacing:-.02em;margin:0 0 14px;color:var(--text,#e6e9ef);">Pentru fiecare comandă stai 23 minute pe RAR AUTOPASS.<br><span style="color:var(--errt,#E05D5D);">Minutele acelea sunt bani.</span></h2>
<p style="font:400 16px/1.65 var(--font-ui);color:var(--sub,#8b93a7);margin:0;">VIN, cod prestație, kilometraj, dată, tip operație — câmp cu câmp, comandă cu comandă. La 20 de mașini pe zi pierzi aproape o oră. În fiecare zi. Mută cursorul la volumul service-ului tău și vezi cât te costă.</p>
</div>
<div style="background:var(--card,#181c24);border:1px solid var(--line,#262b36);border-radius:12px;padding:20px;">
<div style="display:flex;align-items:center;justify-content:space-between;margin-bottom:16px;"><span style="font:500 12px var(--font-mono);color:var(--sub,#8b93a7);">rar-autopass.ro · prestație nouă</span><span style="display:inline-flex;align-items:center;gap:6px;padding:4px 10px;border-radius:99px;background:color-mix(in srgb,#E05D5D 14%,transparent);color:var(--errt,#E05D5D);font:600 12px var(--font-mono);"><svg width="13" height="13" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><circle cx="12" cy="13" r="8"/><path d="M12 9v4l2.5 2.5M9 2h6"/></svg>02:34</span></div>
<div style="display:grid;grid-template-columns:1fr 1fr;gap:24px;align-items:stretch;">
<!-- STANGA: formularul RAR AUTOPASS -->
<div style="background:var(--card,#181c24);border:1px solid var(--line,#262b36);border-radius:14px;padding:24px;display:flex;flex-direction:column;">
<div style="display:flex;align-items:center;justify-content:space-between;margin-bottom:16px;"><span style="font:500 12px var(--font-mono);color:var(--sub,#8b93a7);">RAR AUTOPASS · prestație nouă</span><span style="display:inline-flex;align-items:center;gap:6px;padding:4px 10px;border-radius:99px;background:color-mix(in srgb,#E05D5D 14%,transparent);color:var(--errt,#E05D5D);font:600 12px var(--font-mono);"><svg width="13" height="13" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><circle cx="12" cy="13" r="8"/><path d="M12 9v4l2.5 2.5M9 2h6"/></svg>02:34</span></div>
<div style="display:flex;flex-direction:column;gap:10px;">
<div style="display:grid;grid-template-columns:1fr 1fr;gap:10px;">
<div><div style="font:400 11px var(--font-ui);color:var(--sub,#8b93a7);margin-bottom:4px;">VIN</div><div style="height:30px;display:flex;align-items:center;padding:0 10px;border:1px solid var(--line,#262b36);border-radius:6px;background:var(--card2,#0f1218);font:400 12px var(--font-mono);color:var(--text,#e6e9ef);overflow:hidden;white-space:nowrap;">U1234567890123456</div></div>
<div><div style="font:400 11px var(--font-ui);color:var(--sub,#8b93a7);margin-bottom:4px;">Confirmă Vin</div><div style="height:30px;display:flex;align-items:center;padding:0 10px;border:1px solid var(--line,#262b36);border-radius:6px;background:var(--card2,#0f1218);font:400 12px var(--font-mono);color:var(--text,#e6e9ef);overflow:hidden;white-space:nowrap;">U1234567890123456</div></div>
<div><div style="font:400 11px var(--font-ui);color:var(--sub,#8b93a7);margin-bottom:4px;">Confirmă VIN</div><div style="height:30px;display:flex;align-items:center;padding:0 10px;border:1px solid var(--line,#262b36);border-radius:6px;background:var(--card2,#0f1218);font:400 12px var(--font-mono);color:var(--text,#e6e9ef);overflow:hidden;white-space:nowrap;">U1234567890123456</div></div>
</div>
<div style="display:grid;grid-template-columns:1fr 1fr;gap:10px;">
<div><div style="font:400 11px var(--font-ui);color:var(--sub,#8b93a7);margin-bottom:4px;">Data prestației</div><div style="height:30px;display:flex;align-items:center;padding:0 10px;border:1px solid var(--line,#262b36);border-radius:6px;background:var(--card2,#0f1218);font:400 12px var(--font-mono);color:var(--text,#e6e9ef);">2026-06-22</div></div>
<div><div style="font:400 11px var(--font-ui);color:var(--sub,#8b93a7);margin-bottom:4px;">Număr Înmatriculare</div><div style="height:30px;display:flex;align-items:center;padding:0 10px;border:1px solid var(--line,#262b36);border-radius:6px;background:var(--card2,#0f1218);font:400 12px var(--font-mono);color:var(--text,#e6e9ef);">CT88NOE</div></div>
<div><div style="font:400 11px var(--font-ui);color:var(--sub,#8b93a7);margin-bottom:4px;">Număr înmatriculare</div><div style="height:30px;display:flex;align-items:center;padding:0 10px;border:1px solid var(--line,#262b36);border-radius:6px;background:var(--card2,#0f1218);font:400 12px var(--font-mono);color:var(--text,#e6e9ef);">CT88NOE</div></div>
</div>
<div><div style="font:400 11px var(--font-ui);color:var(--sub,#8b93a7);margin-bottom:4px;">Observații</div><div style="height:30px;display:flex;align-items:center;padding:0 10px;border:1px solid var(--line,#262b36);border-radius:6px;background:var(--card2,#0f1218);font:400 12px var(--font-ui);color:var(--text,#e6e9ef);overflow:hidden;white-space:nowrap;">REVIZIE; SCHIMBARE PLĂCUȚE FRÂNĂ</div></div>
<div><div style="font:400 11px var(--font-ui);color:var(--sub,#8b93a7);margin-bottom:4px;">Prestații</div><div style="min-height:30px;display:flex;align-items:center;gap:6px;flex-wrap:wrap;padding:3px 6px;border:1px solid var(--line,#262b36);border-radius:6px;background:var(--card2,#0f1218);"><span style="display:inline-flex;align-items:center;gap:4px;padding:3px 8px;border-radius:5px;background:color-mix(in srgb,var(--accent,#2E74D6) 18%,transparent);color:var(--accent,#2E74D6);font:500 10px var(--font-ui);"><span style="opacity:.7;">×</span>REVIZIE PERIODICĂ</span><span style="display:inline-flex;align-items:center;gap:4px;padding:3px 8px;border-radius:5px;background:color-mix(in srgb,var(--accent,#2E74D6) 18%,transparent);color:var(--accent,#2E74D6);font:500 10px var(--font-ui);"><span style="opacity:.7;">×</span>ÎNTREȚINERE</span></div></div>
<div><div style="font:400 11px var(--font-ui);color:var(--sub,#8b93a7);margin-bottom:4px;">Valoarea citită a odometrului</div><div style="height:30px;display:flex;align-items:center;padding:0 10px;border:1px solid var(--line,#262b36);border-radius:6px;background:var(--card2,#0f1218);font:400 12px var(--font-mono);color:var(--text,#e6e9ef);">39000</div></div>
</div>
<button style="margin-top:14px;height:34px;padding:0 14px;border-radius:6px;background:color-mix(in srgb,var(--accent,#2E74D6) 40%,var(--card2,#0f1218));border:none;color:#fff;opacity:.55;font:600 12px var(--font-ui);cursor:not-allowed;align-self:flex-start;">Salvează Prezentarea</button>
<div style="margin-top:12px;font:400 12px var(--font-ui);color:var(--sub,#8b93a7);text-align:center;">se repetă pentru fiecare comandă · zi de zi</div>
<div style="margin-top:auto;padding-top:12px;font:400 12px var(--font-ui);color:var(--sub,#8b93a7);text-align:center;">se repetă pentru fiecare comandă · zi de zi</div>
</div>
<!-- DREAPTA: calculatorul (slidere + cifre) -->
<div style="background:var(--card,#181c24);border:1px solid var(--line,#262b36);border-radius:14px;padding:34px;display:flex;flex-direction:column;">
<div style="display:grid;grid-template-columns:1fr 1fr;gap:28px;margin-bottom:28px;">
<div>
<div style="display:flex;align-items:baseline;justify-content:space-between;margin-bottom:10px;"><span style="font:500 13px var(--font-ui);color:var(--text,#e6e9ef);">Trimiteri/lună</span><span style="font:700 24px var(--font-ui);letter-spacing:-.02em;color:var(--accent,#2E74D6);" id="out-pres">100</span></div>
<input type="range" min="50" max="1500" step="10" value="100" id="calc-pres" data-act="calc" style="width:100%;height:6px;accent-color:var(--accent,#2E74D6);cursor:pointer;" />
</div>
<div>
<div style="display:flex;align-items:baseline;justify-content:space-between;margin-bottom:10px;"><span style="font:500 13px var(--font-ui);color:var(--text,#e6e9ef);">Manoperă</span><span style="font:700 24px var(--font-ui);letter-spacing:-.02em;color:var(--accent,#2E74D6);"><span id="out-rate">60</span><span style="font:500 12px var(--font-ui);color:var(--sub,#8b93a7);"> lei/h</span></span></div>
<input type="range" min="30" max="200" step="5" value="60" id="calc-rate" data-act="calc" style="width:100%;height:6px;accent-color:var(--accent,#2E74D6);cursor:pointer;" />
</div>
</div>
<div style="background:color-mix(in srgb,#E05D5D 9%,var(--card2,#0f1218));border:1px solid color-mix(in srgb,#E05D5D 28%,var(--line,#262b36));border-radius:10px;padding:22px 24px;">
<div style="font:600 11px var(--font-ui);color:var(--errt,#E05D5D);letter-spacing:.08em;text-transform:uppercase;margin-bottom:14px;">Pierdut pe raportare manuală</div>
<div style="display:grid;grid-template-columns:repeat(4,1fr);gap:14px;">
<div><div style="font:700 30px var(--font-ui);letter-spacing:-.02em;color:var(--errt,#E05D5D);"><span data-calc="leiMonth">0</span></div><div style="font:400 12px var(--font-ui);color:var(--sub,#8b93a7);margin-top:2px;">lei/lună</div></div>
<div><div style="font:700 30px var(--font-ui);letter-spacing:-.02em;color:var(--errt,#E05D5D);"><span data-calc="hMonth">0</span></div><div style="font:400 12px var(--font-ui);color:var(--sub,#8b93a7);margin-top:2px;">ore/lună</div></div>
<div><div style="font:700 30px var(--font-ui);letter-spacing:-.02em;color:var(--errt,#E05D5D);"><span data-calc="leiYear">0</span></div><div style="font:400 12px var(--font-ui);color:var(--sub,#8b93a7);margin-top:2px;">lei/an</div></div>
<div><div style="font:700 30px var(--font-ui);letter-spacing:-.02em;color:var(--errt,#E05D5D);"><span data-calc="days">0</span></div><div style="font:400 12px var(--font-ui);color:var(--sub,#8b93a7);margin-top:2px;">zile/an</div></div>
</div>
</div>
<div style="margin-top:20px;padding-top:18px;border-top:1px solid var(--line,#262b36);">
<div style="display:flex;align-items:center;gap:9px;font:600 14px var(--font-ui);color:var(--okt,#2FBF8F);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.2" style="flex-shrink:0;"><path d="M20 6L9 17l-5-5"/></svg>Cu ROA AUTOPASS: câteva secunde pentru tot lotul</div>
<div style="font:400 13px/1.55 var(--font-ui);color:var(--sub,#8b93a7);margin-top:6px;">Recuperezi ~<span data-calc="leiMonth">0</span> lei/lună și timpul îl pui pe mașini, nu pe formulare.</div>
</div>
<div style="margin-top:14px;display:flex;align-items:center;gap:8px;font:400 12px var(--font-ui);color:var(--mut,#5c6473);"><svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.7"><circle cx="12" cy="13" r="8"/><path d="M12 9v4l2.5 2.5M9 2h6"/></svg>Estimat la ~2,5 minute de tastat manual pentru fiecare trimitere.</div>
</div>
</div>
</div>
<!-- AGITATE / CALCULATOR -->
<div style="padding:80px 40px;">
<div style="text-align:center;max-width:720px;margin:0 auto 40px;">
<div style="font:500 13px var(--font-ui);color:var(--accent,#2E74D6);letter-spacing:.1em;text-transform:uppercase;margin-bottom:14px;">Cât te costă de fapt</div>
<h2 style="font:700 36px var(--font-ui);letter-spacing:-.02em;margin:0 0 12px;color:var(--text,#e6e9ef);">Fă socoteala. Minutele acelea sunt bani.</h2>
<p style="font:400 16px/1.6 var(--font-ui);color:var(--sub,#8b93a7);margin:0;">Mută cursorul la volumul service-ului tău și vezi cât timp și câți bani pleacă pe raportarea manuală.</p>
</div>
<div style="display:grid;grid-template-columns:1fr 1fr;gap:20px;margin:0 auto;align-items:stretch;">
<div style="background:var(--card,#181c24);border:1px solid var(--line,#262b36);border-radius:12px;padding:32px;">
<div style="margin-bottom:28px;">
<div style="display:flex;align-items:baseline;justify-content:space-between;margin-bottom:12px;"><span style="font:500 14px var(--font-ui);color:var(--text,#e6e9ef);">Prestații pe lună</span><span style="font:700 20px var(--font-mono);color:var(--accent,#2E74D6);" id="out-pres">300</span></div>
<input type="range" min="50" max="1500" step="10" value="300" id="calc-pres" data-act="calc" style="width:100%;height:6px;accent-color:var(--accent,#2E74D6);cursor:pointer;" />
</div>
<div style="margin-bottom:24px;">
<div style="display:flex;align-items:baseline;justify-content:space-between;margin-bottom:12px;"><span style="font:500 14px var(--font-ui);color:var(--text,#e6e9ef);">Cost manoperă</span><span style="font:700 20px var(--font-mono);color:var(--accent,#2E74D6);"><span id="out-rate">60</span> lei/h</span></div>
<input type="range" min="30" max="200" step="5" value="60" id="calc-rate" data-act="calc" style="width:100%;height:6px;accent-color:var(--accent,#2E74D6);cursor:pointer;" />
</div>
<div style="display:flex;align-items:center;gap:9px;padding-top:18px;border-top:1px solid var(--line,#262b36);font:400 13px/1.5 var(--font-ui);color:var(--sub,#8b93a7);"><svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.7" style="flex-shrink:0;"><circle cx="12" cy="13" r="8"/><path d="M12 9v4l2.5 2.5M9 2h6"/></svg>Estimat la ~2,5 minute de introdus manual pentru fiecare prestație.</div>
</div>
<div style="background:color-mix(in srgb,#E05D5D 9%,var(--card,#181c24));border:1px solid color-mix(in srgb,#E05D5D 32%,var(--line,#262b36));border-radius:12px;padding:32px;display:flex;flex-direction:column;justify-content:center;">
<div style="font:600 12px var(--font-ui);color:var(--errt,#E05D5D);letter-spacing:.08em;text-transform:uppercase;margin-bottom:8px;">Pierdut pe raportare manuală</div>
<div style="display:flex;align-items:baseline;gap:8px;"><span style="font:700 52px/1 var(--font-ui);letter-spacing:-.02em;color:var(--errt,#E05D5D);"><span data-calc="leiMonth">0</span></span><span style="font:500 15px var(--font-ui);color:var(--sub,#8b93a7);">lei / lună</span></div>
<div style="font:400 14px/1.6 var(--font-ui);color:var(--sub,#8b93a7);margin-top:8px;"><span data-calc="hMonth">0</span> ore pe lună &middot; <span data-calc="leiYear">0</span> lei pe an &middot;<span data-calc="days">0</span> zile lucrătoare/an doar cu raportarea.</div>
<div style="margin-top:20px;padding-top:18px;border-top:1px solid color-mix(in srgb,#E05D5D 24%,var(--line,#262b36));">
<div style="display:flex;align-items:center;gap:9px;font:600 14px var(--font-ui);color:var(--okt,#2FBF8F);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.2" style="flex-shrink:0;"><path d="M20 6L9 17l-5-5"/></svg>Cu ROMFAST: câteva secunde pentru tot lotul</div>
<div style="font:400 13px/1.55 var(--font-ui);color:var(--sub,#8b93a7);margin-top:6px;">Recuperezi ~<span data-calc="leiMonth">0</span> lei/lună și timpul îl pui pe mașini, nu pe formulare.</div>
</div>
</div>
</div>
<div style="margin:24px auto 0;display:flex;gap:20px;align-items:flex-start;background:color-mix(in srgb,#E0A93B 9%,var(--card,#181c24));border:1px solid color-mix(in srgb,#E0A93B 34%,var(--line,#262b36));border-radius:12px;padding:26px 28px;">
<!-- LEGE / AMENZI -->
<div style="padding:56px 40px 80px;">
<div style="display:flex;gap:20px;align-items:flex-start;background:color-mix(in srgb,#E0A93B 9%,var(--card,#181c24));border:1px solid color-mix(in srgb,#E0A93B 34%,var(--line,#262b36));border-radius:12px;padding:26px 28px;">
<div style="width:44px;height:44px;flex-shrink:0;border-radius:8px;background:color-mix(in srgb,#E0A93B 16%,transparent);display:flex;align-items:center;justify-content:center;color:#E0A93B;"><svg width="22" height="22" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.6"><path d="M12 3l8 4v5c0 4.4-3.1 8.3-8 9.5C7.1 20.3 4 16.4 4 12V7l8-4z"/><path d="M9.5 12l1.8 1.8L15 10"/></svg></div>
<div>
<div style="font:700 16px var(--font-ui);color:var(--text,#e6e9ef);margin-bottom:7px;">Evită riscul amenzilor — transmite automat la RAR Auto-Pass</div>
@@ -205,10 +205,10 @@
</div>
<!-- SOLVE -->
<div style="padding:80px 40px;background:color-mix(in srgb,var(--accent,#2E74D6) 8%,var(--bg,#0f1218));border-top:1px solid var(--line,#262b36);border-bottom:1px solid var(--line,#262b36);">
<div id="cum-functioneaza" style="padding:80px 40px 40px;background:color-mix(in srgb,var(--accent,#2E74D6) 8%,var(--bg,#0f1218));border-top:1px solid var(--line,#262b36);border-bottom:1px solid var(--line,#262b36);">
<div style="max-width:780px;margin:0 auto;text-align:center;">
<h2 style="font:700 36px var(--font-ui);letter-spacing:-.02em;margin:0 0 18px;color:var(--text,#e6e9ef);">Nu trebuie să fii bun cu calculatorul</h2>
<p style="font:400 19px/1.75 var(--font-ui);color:var(--sub,#8b93a7);margin:0 auto;max-width:660px;"><span style="color:var(--accent,#2E74D6);font-weight:700;text-decoration:underline;text-underline-offset:3px;">Încarci</span> fișierul CSV/XLSX (sau trimiți direct prin API). ROA Auto-Pass îți propune asocierile — tu le <span style="color:var(--accent,#2E74D6);font-weight:700;text-decoration:underline;text-underline-offset:3px;">confirmi sau corectezi</span> o singură dată — apoi le <span style="color:var(--accent,#2E74D6);font-weight:700;text-decoration:underline;text-underline-offset:3px;">trimitem</span> la RAR, iar tu doar <span style="color:var(--accent,#2E74D6);font-weight:700;text-decoration:underline;text-underline-offset:3px;">urmărești</span> pe ecran.</p>
<p style="font:400 19px/1.75 var(--font-ui);color:var(--sub,#8b93a7);margin:0 auto;max-width:660px;"><span style="color:var(--accent,#2E74D6);font-weight:700;text-decoration:underline;text-underline-offset:3px;">Încarci</span> fișierul CSV/XLSX (sau trimiți direct prin API). ROA AUTOPASS îți propune asocierile — tu le <span style="color:var(--accent,#2E74D6);font-weight:700;text-decoration:underline;text-underline-offset:3px;">confirmi sau corectezi</span> o singură dată — apoi le <span style="color:var(--accent,#2E74D6);font-weight:700;text-decoration:underline;text-underline-offset:3px;">trimitem</span> la RAR, iar tu doar <span style="color:var(--accent,#2E74D6);font-weight:700;text-decoration:underline;text-underline-offset:3px;">urmărești</span> pe ecran.</p>
</div>
<div style="text-align:center;max-width:880px;margin:38px auto 0;font:400 20px/1.6 var(--font-ui);color:var(--sub,#8b93a7);">
<span style="text-decoration:line-through;text-decoration-color:var(--errt,#E05D5D);text-decoration-thickness:2px;">23 minute de tastat pentru fiecare comandă</span><span style="color:var(--text,#e6e9ef);font-weight:700;">&nbsp;&nbsp; câteva secunde pentru tot lotul.</span>
@@ -216,10 +216,10 @@
</div>
<!-- API INTEGRATION -->
<div style="padding:0 40px 80px;">
<div id="api" style="padding:56px 40px 80px;">
<div style="background:var(--card,#181c24);border:1px solid var(--line,#262b36);border-radius:14px;display:grid;grid-template-columns:1fr 1fr;gap:40px;padding:44px;align-items:center;">
<div>
<div style="display:inline-flex;align-items:center;gap:8px;padding:5px 11px;border-radius:99px;border:1px solid var(--line,#262b36);color:var(--sub,#8b93a7);font:500 12px var(--font-ui);margin-bottom:18px;">Pentru service-uri cu soft propriu · ROAAUTO</div>
<div style="display:inline-flex;align-items:center;gap:8px;padding:5px 11px;border-radius:99px;border:1px solid var(--line,#262b36);color:var(--sub,#8b93a7);font:500 12px var(--font-ui);margin-bottom:18px;">Pentru service-uri cu soft propriu</div>
<h2 style="font:700 30px/1.15 var(--font-ui);letter-spacing:-.02em;margin:0 0 14px;color:var(--text,#e6e9ef);">Ai deja un soft de service? Conectează-l automat</h2>
<p style="font:400 15px/1.65 var(--font-ui);color:var(--sub,#8b93a7);margin:0 0 24px;">Softul tău se poate conecta și direct la API-ul RAR Auto-Pass. Cu ROMFAST primești în plus asistență la maparea automată a operațiilor tale (prin mai multe metode) și salvarea mapărilor pentru trimiterile viitoare — totul printr-un singur apel, cu cheie API per cont.</p>
<button style="height:44px;padding:0 20px;border-radius:6px;background:transparent;border:1px solid var(--line,#262b36);color:var(--text,#e6e9ef);font:500 14px var(--font-ui);cursor:pointer;display:inline-flex;align-items:center;gap:8px;transition:transform .18s ease, background .18s ease, border-color .18s ease;" style-hover="background:#1F9D5C;border-color:#1F9D5C;color:#fff;transform:translateY(-1px)">Vezi documentația API <svg width="15" height="15" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.8"><path d="M5 12h14M13 6l6 6-6 6"/></svg></button>
@@ -242,72 +242,93 @@
</div>
</div>
<!-- PRICING -->
<!-- TRIAL BENEFIT -->
<div style="padding:0 40px 80px;">
<div style="text-align:center;margin-bottom:44px;">
<div style="font:500 13px var(--font-ui);color:var(--accent,#2E74D6);letter-spacing:.08em;text-transform:uppercase;margin-bottom:12px;">Preț</div>
<h2 style="font:700 34px var(--font-ui);letter-spacing:-.02em;margin:0 0 10px;color:var(--text,#e6e9ef);">Pentru un service mic, nu costă nimic</h2>
<p style="font:400 15px var(--font-ui);color:var(--sub,#8b93a7);margin:0;">Fiecare cont începe cu <strong style="color:var(--text,#e6e9ef);font-weight:600;">Pro gratuit 30 de zile</strong>. Apoi trece automat pe Gratuit — fără plată, dacă nu alegi alt plan. Fără card bancar.</p>
<div style="display:flex;align-items:center;gap:22px;background:color-mix(in srgb,#2FBF8F 9%,var(--card,#181c24));border:1px solid color-mix(in srgb,#2FBF8F 32%,var(--line,#262b36));border-radius:14px;padding:30px 34px;flex-wrap:wrap;">
<div style="width:48px;height:48px;flex-shrink:0;border-radius:10px;background:color-mix(in srgb,#2FBF8F 16%,transparent);display:flex;align-items:center;justify-content:center;color:var(--okt,#2FBF8F);"><svg width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.7"><path d="M12 2v4M12 18v4M2 12h4M18 12h4"/><circle cx="12" cy="12" r="4.5"/></svg></div>
<div style="flex:1;min-width:240px;">
<div style="font:700 19px var(--font-ui);letter-spacing:-.01em;color:var(--text,#e6e9ef);margin-bottom:5px;"><span style="color:var(--okt,#2FBF8F);">30 de zile Pro gratuit</span> la fiecare cont nou</div>
<p style="font:400 14px/1.6 var(--font-ui);color:var(--sub,#8b93a7);margin:0;">Începi direct cu tot ce are planul Pro — import API, categorisire automată și suport rapid. După 30 de zile treci automat pe Gratuit, fără plată și fără întreruperi.</p>
</div>
<div style="display:grid;grid-template-columns:repeat(4,1fr);gap:16px;margin:0 auto;align-items:start;">
<button data-act="auth" data-tab="register" data-plan="pro" style="height:48px;padding:0 24px;border-radius:6px;background:#1F9D5C;border:1px solid #1F9D5C;color:#fff;font:700 14px var(--font-ui);cursor:pointer;white-space:nowrap;transition:transform .2s cubic-bezier(.2,.8,.2,1), background .2s ease, box-shadow .2s ease;" style-hover="background:#16864a;border-color:#16864a;transform:translateY(-1px)">Începe gratuit</button>
</div>
</div>
<!-- PRICING -->
<div id="pret" style="padding:0 40px 80px;">
<div style="text-align:center;margin-bottom:44px;">
<h2 style="font:700 34px var(--font-ui);letter-spacing:-.02em;margin:0 0 10px;color:var(--text,#e6e9ef);">Pentru un service mic, nu costă nimic</h2>
<p style="font:400 15px var(--font-ui);color:var(--sub,#8b93a7);margin:0;">Alege planul potrivit volumului tău. Poți schimba sau anula oricând.</p>
</div>
<div style="display:grid;grid-template-columns:repeat(4,1fr);gap:16px;margin:0 auto;align-items:stretch;">
<!-- Gratuit -->
<div style="background:var(--card,#181c24);border:1.5px solid var(--accent,#2E74D6);border-radius:12px;padding:26px 24px;position:relative;">
<div style="position:absolute;top:-12px;left:20px;padding:4px 11px;border-radius:99px;background:var(--accent,#2E74D6);color:#fff;font:700 10px var(--font-ui);letter-spacing:.04em;text-transform:uppercase;">Testare și firme mici</div>
<div style="background:var(--card,#181c24);border:1px solid var(--line,#262b36);border-radius:12px;padding:26px 24px;display:flex;flex-direction:column;">
<div style="font:700 17px var(--font-ui);color:var(--text,#e6e9ef);margin-bottom:8px;">Gratuit</div>
<div style="display:flex;align-items:baseline;gap:5px;margin-bottom:4px;"><span style="font:700 32px var(--font-ui);letter-spacing:-.02em;color:var(--text,#e6e9ef);">0 lei</span><span style="font:400 13px var(--font-ui);color:var(--sub,#8b93a7);">/lună</span></div>
<div style="font:400 13px var(--font-ui);color:var(--sub,#8b93a7);margin-bottom:20px;">Fără card bancar</div>
<div style="display:flex;flex-direction:column;gap:10px;margin-bottom:22px;">
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Până la 60 de prestații/lună</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Sugestii automate de prestații RAR (din mii)</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Mapare manuală coloane, cu salvare</div>
<div style="font:400 13px var(--font-ui);color:var(--sub,#8b93a7);margin-bottom:20px;">Până la 60 de trimiteri/lună</div>
<div style="display:flex;flex-direction:column;gap:10px;margin-bottom:22px;flex:1;">
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Sugestii automate de operații RAR</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Mapare coloane cu salvare</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Validare și anti-duplicat</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Suport contact/email în 48h</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--sub,#8b93a7);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="var(--sub,#8b93a7)" stroke-width="1.8" style="flex-shrink:0;margin-top:1px;"><path d="M4 12h16"/></svg>Fără import API</div>
<span style="display:none;"></span>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--mut,#5c6473);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="var(--mut,#5c6473)" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M5 12h14"/></svg>Trimiteri nelimitate</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--mut,#5c6473);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="var(--mut,#5c6473)" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M5 12h14"/></svg>Import prin API</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--mut,#5c6473);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="var(--mut,#5c6473)" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M5 12h14"/></svg>Categorisire automată, cu confirmare</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--mut,#5c6473);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="var(--mut,#5c6473)" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M5 12h14"/></svg>Integrare în softul tău</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Suport email, în 48h</div>
</div>
<button data-act="auth" data-tab="register" data-plan="Gratuit" style="width:100%;height:46px;border-radius:6px;background:#1F9D5C;border:1px solid #1F9D5C;color:#fff;font:700 14px var(--font-ui);cursor:pointer;transition:transform .2s cubic-bezier(.2,.8,.2,1), background .2s ease, box-shadow .2s ease;" style-hover="background:#16864a;border-color:#16864a;transform:translateY(-1px)">Creează cont gratuit</button>
<button data-act="auth" data-tab="register" data-plan="free" style="width:100%;height:46px;border-radius:6px;background:transparent;border:1px solid var(--line,#262b36);color:var(--text,#e6e9ef);font:500 14px var(--font-ui);cursor:pointer;transition:transform .18s ease, background .18s ease, border-color .18s ease;" style-hover="background:#1F9D5C;border-color:#1F9D5C;color:#fff;transform:translateY(-1px)">Creează cont gratuit</button>
</div>
<!-- Standard -->
<div style="background:var(--card,#181c24);border:1px solid var(--line,#262b36);border-radius:12px;padding:26px 24px;">
<div style="background:var(--card,#181c24);border:1.5px solid var(--accent,#2E74D6);border-radius:12px;padding:26px 24px;position:relative;display:flex;flex-direction:column;">
<div style="position:absolute;top:-12px;left:20px;padding:4px 11px;border-radius:99px;background:var(--accent,#2E74D6);color:#fff;font:700 10px var(--font-ui);letter-spacing:.04em;text-transform:uppercase;">Popular</div>
<div style="font:700 17px var(--font-ui);color:var(--text,#e6e9ef);margin-bottom:8px;">Standard</div>
<div style="display:flex;align-items:baseline;gap:5px;margin-bottom:4px;"><span style="font:700 32px var(--font-ui);letter-spacing:-.02em;color:var(--text,#e6e9ef);">39 lei</span><span style="font:400 13px var(--font-ui);color:var(--sub,#8b93a7);">/lună</span></div>
<div style="font:400 13px var(--font-ui);color:var(--sub,#8b93a7);margin-bottom:20px;">Volum nelimitat, fără API</div>
<div style="display:flex;flex-direction:column;gap:10px;margin-bottom:22px;">
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Tot din Gratuit</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Prestații nelimitate</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Suport contact/email în 48h</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--sub,#8b93a7);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="var(--sub,#8b93a7)" stroke-width="1.8" style="flex-shrink:0;margin-top:1px;"><path d="M4 12h16"/></svg>Fără import API</div>
<span style="display:none;"></span>
<div style="display:flex;align-items:baseline;gap:5px;margin-bottom:4px;"><span style="font:700 32px var(--font-ui);letter-spacing:-.02em;color:var(--text,#e6e9ef);">49 lei</span><span style="font:400 13px var(--font-ui);color:var(--sub,#8b93a7);">/lună</span><span style="font:400 12px var(--font-ui);color:var(--mut,#5c6473);">* fără TVA</span></div>
<div style="font:400 13px var(--font-ui);color:var(--sub,#8b93a7);margin-bottom:20px;">Trimiteri nelimitate</div>
<div style="display:flex;flex-direction:column;gap:10px;margin-bottom:22px;flex:1;">
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Sugestii automate de operații RAR</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Mapare coloane cu salvare</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Validare și anti-duplicat</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Trimiteri nelimitate</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--mut,#5c6473);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="var(--mut,#5c6473)" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M5 12h14"/></svg>Import prin API</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--mut,#5c6473);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="var(--mut,#5c6473)" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M5 12h14"/></svg>Categorisire automată, cu confirmare</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--mut,#5c6473);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="var(--mut,#5c6473)" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M5 12h14"/></svg>Integrare în softul tău</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Suport email, maxim 24h</div>
</div>
<button style="width:100%;height:46px;border-radius:6px;background:transparent;border:1px solid var(--line,#262b36);color:var(--text,#e6e9ef);font:500 14px var(--font-ui);cursor:pointer;transition:transform .18s ease, background .18s ease, border-color .18s ease;" style-hover="background:#1F9D5C;border-color:#1F9D5C;color:#fff;transform:translateY(-1px)" data-act="auth" data-tab="register" data-plan="Standard">Creează cont gratuit</button>
<button style="width:100%;height:46px;border-radius:6px;background:#1F9D5C;border:1px solid #1F9D5C;color:#fff;font:700 14px var(--font-ui);cursor:pointer;transition:transform .2s cubic-bezier(.2,.8,.2,1), background .2s ease, box-shadow .2s ease;" style-hover="background:#16864a;border-color:#16864a;transform:translateY(-1px)" data-act="auth" data-tab="register" data-plan="standard">Creează cont gratuit</button>
</div>
<!-- Pro -->
<div style="background:var(--card,#181c24);border:1px solid var(--line,#262b36);border-radius:12px;padding:26px 24px;position:relative;">
<div style="position:absolute;top:-12px;left:20px;padding:4px 11px;border-radius:99px;background:color-mix(in srgb,#2FBF8F 90%,#000);color:#fff;font:700 10px var(--font-ui);letter-spacing:.04em;text-transform:uppercase;">Cel mai ales</div>
<div style="background:var(--card,#181c24);border:1px solid var(--line,#262b36);border-radius:12px;padding:26px 24px;display:flex;flex-direction:column;">
<div style="font:700 17px var(--font-ui);color:var(--text,#e6e9ef);margin-bottom:8px;">Pro</div>
<div style="display:flex;align-items:baseline;gap:5px;margin-bottom:4px;"><span style="font:700 32px var(--font-ui);letter-spacing:-.02em;color:var(--text,#e6e9ef);">59 lei</span><span style="font:400 13px var(--font-ui);color:var(--sub,#8b93a7);">/lună</span></div>
<div style="font:400 13px var(--font-ui);color:var(--sub,#8b93a7);margin-bottom:20px;">Cu acces API</div>
<div style="display:flex;flex-direction:column;gap:10px;margin-bottom:22px;">
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Tot din Standard</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Import prin API + cheie API per cont</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Suport pe email în 24h</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Categorisire automată, cu confirmare la operațiile incerte</div>
<span style="display:none;"></span>
<div style="display:flex;align-items:baseline;gap:5px;margin-bottom:4px;"><span style="font:700 32px var(--font-ui);letter-spacing:-.02em;color:var(--text,#e6e9ef);">59 lei</span><span style="font:400 13px var(--font-ui);color:var(--sub,#8b93a7);">/lună</span><span style="font:400 12px var(--font-ui);color:var(--mut,#5c6473);">* fără TVA</span></div>
<div style="font:400 13px var(--font-ui);color:var(--sub,#8b93a7);margin-bottom:20px;">Nelimitat + acces API</div>
<div style="display:flex;flex-direction:column;gap:10px;margin-bottom:22px;flex:1;">
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Sugestii automate de operații RAR</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Mapare coloane cu salvare</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Validare și anti-duplicat</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Trimiteri nelimitate</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Import prin API</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Categorisire automată, cu confirmare</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--mut,#5c6473);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="var(--mut,#5c6473)" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M5 12h14"/></svg>Integrare în softul tău</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Suport email, maxim 8h</div>
</div>
<button style="width:100%;height:46px;border-radius:6px;background:transparent;border:1px solid var(--line,#262b36);color:var(--text,#e6e9ef);font:500 14px var(--font-ui);cursor:pointer;transition:transform .18s ease, background .18s ease, border-color .18s ease;" style-hover="background:#1F9D5C;border-color:#1F9D5C;color:#fff;transform:translateY(-1px)" data-act="auth" data-tab="register" data-plan="Pro">Creează cont gratuit</button>
<button style="width:100%;height:46px;border-radius:6px;background:transparent;border:1px solid var(--line,#262b36);color:var(--text,#e6e9ef);font:500 14px var(--font-ui);cursor:pointer;transition:transform .18s ease, background .18s ease, border-color .18s ease;" style-hover="background:#1F9D5C;border-color:#1F9D5C;color:#fff;transform:translateY(-1px)" data-act="auth" data-tab="register" data-plan="pro">Creează cont gratuit</button>
</div>
<!-- Premium -->
<div style="background:var(--card,#181c24);border:1px solid var(--line,#262b36);border-radius:12px;padding:26px 24px;">
<div style="background:var(--card,#181c24);border:1px solid var(--line,#262b36);border-radius:12px;padding:26px 24px;display:flex;flex-direction:column;">
<div style="font:700 17px var(--font-ui);color:var(--text,#e6e9ef);margin-bottom:8px;">Premium</div>
<div style="display:flex;align-items:baseline;gap:5px;margin-bottom:4px;"><span style="font:700 30px var(--font-ui);letter-spacing:-.02em;color:var(--text,#e6e9ef);">La cerere</span></div>
<div style="display:flex;align-items:baseline;gap:5px;margin-bottom:4px;"><span style="font:700 32px var(--font-ui);letter-spacing:-.02em;color:var(--text,#e6e9ef);">La cerere</span></div>
<div style="font:400 13px var(--font-ui);color:var(--sub,#8b93a7);margin-bottom:20px;">Soluție personalizată</div>
<div style="display:flex;flex-direction:column;gap:10px;margin-bottom:22px;">
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Tot din Pro</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Opțiune de integrare în softul tău</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Suport telefonic și online</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Asistență și onboarding dedicate</div>
<div style="display:flex;flex-direction:column;gap:10px;margin-bottom:22px;flex:1;">
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Sugestii automate de operații RAR</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Mapare coloane cu salvare</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Validare și anti-duplicat</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Trimiteri nelimitate</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Import prin API</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Categorisire automată, cu confirmare</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Integrare în softul tău</div>
<div style="display:flex;gap:9px;font:400 13px/1.4 var(--font-ui);color:var(--text,#e6e9ef);"><svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;margin-top:1px;"><path d="M20 6L9 17l-5-5"/></svg>Suport telefonic + onboarding dedicat</div>
</div>
<button style="width:100%;height:46px;border-radius:6px;background:transparent;border:1px solid var(--line,#262b36);color:var(--text,#e6e9ef);font:500 14px var(--font-ui);cursor:pointer;transition:transform .18s ease, background .18s ease, border-color .18s ease;" style-hover="background:#1F9D5C;border-color:#1F9D5C;color:#fff;transform:translateY(-1px)" data-act="auth" data-tab="register" data-plan="Premium">Creează cont gratuit</button>
<button style="width:100%;height:46px;border-radius:6px;background:transparent;border:1px solid var(--line,#262b36);color:var(--text,#e6e9ef);font:500 14px var(--font-ui);cursor:pointer;transition:transform .18s ease, background .18s ease, border-color .18s ease;" style-hover="background:#1F9D5C;border-color:#1F9D5C;color:#fff;transform:translateY(-1px)" data-act="auth" data-tab="register" data-plan="premium">Creează cont gratuit</button>
</div>
</div>
</div>
@@ -339,10 +360,9 @@
<div>
<div style="font:500 13px var(--font-ui);color:var(--accent,#2E74D6);letter-spacing:.1em;text-transform:uppercase;margin-bottom:14px;">Creează cont</div>
<h2 style="font:700 34px/1.15 var(--font-ui);letter-spacing:-.02em;margin:0 0 14px;color:var(--text,#e6e9ef);">Creează cont în 2 minute și declară azi la RAR</h2>
<p style="font:400 16px/1.6 var(--font-ui);color:var(--sub,#8b93a7);margin:0 0 24px;">Te înregistrezi gratuit, fără card bancar. Imediat poți încărca primul fișier sau conecta softul de service.</p>
<p style="font:400 16px/1.6 var(--font-ui);color:var(--sub,#8b93a7);margin:0 0 24px;">Te înregistrezi gratuit. Imediat poți încărca primul fișier sau conecta softul de service.</p>
<div style="display:flex;flex-direction:column;gap:12px;">
<div style="display:flex;gap:10px;align-items:center;font:400 15px var(--font-ui);color:var(--text,#e6e9ef);"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;"><path d="M20 6L9 17l-5-5"/></svg>Pro gratuit 30 de zile, apoi automat pe Gratuit</div>
<div style="display:flex;gap:10px;align-items:center;font:400 15px var(--font-ui);color:var(--text,#e6e9ef);"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;"><path d="M20 6L9 17l-5-5"/></svg>Fără card bancar la înscriere</div>
<div style="display:flex;gap:10px;align-items:center;font:400 15px var(--font-ui);color:var(--text,#e6e9ef);"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;"><path d="M20 6L9 17l-5-5"/></svg>Conform Legii 142/2023 și OMTI 210/2024</div>
<div style="display:flex;gap:10px;align-items:center;font:400 15px var(--font-ui);color:var(--text,#e6e9ef);"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="#2FBF8F" stroke-width="2" style="flex-shrink:0;"><path d="M20 6L9 17l-5-5"/></svg>Datele cu caracter personal criptate (GDPR)</div>
</div>
@@ -354,12 +374,12 @@
</div>
<form method="post" action="/signup" data-pane="register">
<input type="hidden" name="csrf_token" value="{{ csrf_token }}">
<label style="display:block;margin-bottom:14px;"><span style="display:block;margin-bottom:6px;font:500 13px var(--font-ui);color:var(--sub,#8b93a7);">Nume contact</span><input type="text" name="name" required placeholder="Ion Popescu" style="width:100%;height:44px;padding:0 12px;border:1px solid var(--line,#262b36);border-radius:6px;background:var(--card2,#0f1218);color:var(--text,#e6e9ef);font:400 14px var(--font-ui);outline:none;" /></label>
<label style="display:block;margin-bottom:14px;"><span style="display:block;margin-bottom:6px;font:500 13px var(--font-ui);color:var(--sub,#8b93a7);">Companie</span><input type="text" name="name" required placeholder="SC Service Auto SRL" style="width:100%;height:44px;padding:0 12px;border:1px solid var(--line,#262b36);border-radius:6px;background:var(--card2,#0f1218);color:var(--text,#e6e9ef);font:400 14px var(--font-ui);outline:none;" /></label>
<label style="display:block;margin-bottom:14px;"><span style="display:block;margin-bottom:6px;font:500 13px var(--font-ui);color:var(--sub,#8b93a7);">CUI</span><input type="text" name="cui" required placeholder="RO12345678" style="width:100%;height:44px;padding:0 12px;border:1px solid var(--line,#262b36);border-radius:6px;background:var(--card2,#0f1218);color:var(--text,#e6e9ef);font:400 14px var(--font-mono);outline:none;" /></label>
<label style="display:block;margin-bottom:14px;"><span style="display:block;margin-bottom:6px;font:500 13px var(--font-ui);color:var(--sub,#8b93a7);">Email</span><input type="email" name="email" required placeholder="nume@service.ro" style="width:100%;height:44px;padding:0 12px;border:1px solid var(--line,#262b36);border-radius:6px;background:var(--card2,#0f1218);color:var(--text,#e6e9ef);font:400 14px var(--font-ui);outline:none;" /></label>
<label style="display:block;margin-bottom:14px;"><span style="display:block;margin-bottom:6px;font:500 13px var(--font-ui);color:var(--sub,#8b93a7);">Parolă</span><input type="password" name="parola" required minlength="10" placeholder="Minim 10 caractere" style="width:100%;height:44px;padding:0 12px;border:1px solid var(--line,#262b36);border-radius:6px;background:var(--card2,#0f1218);color:var(--text,#e6e9ef);font:400 14px var(--font-ui);outline:none;" /></label>
<label style="display:block;margin-bottom:16px;"><span style="display:block;margin-bottom:6px;font:500 13px var(--font-ui);color:var(--sub,#8b93a7);">Pachet ales</span><select id="plan-select" name="plan" style="width:100%;height:44px;padding:0 10px;border:1px solid var(--line,#262b36);border-radius:6px;background:var(--card2,#0f1218);color:var(--text,#e6e9ef);font:400 14px var(--font-ui);outline:none;cursor:pointer;"><option value="Gratuit" selected>Gratuit — 0 lei/lună</option><option value="Standard">Standard — 39 lei/lună</option><option value="Pro">Pro — 59 lei/lună</option><option value="Premium">Premium — la cerere</option></select></label>
<label style="display:flex;gap:9px;align-items:flex-start;margin-bottom:18px;font:400 13px/1.5 var(--font-ui);color:var(--sub,#8b93a7);cursor:pointer;"><input type="checkbox" required style="margin-top:2px;accent-color:var(--accent,#2E74D6);width:16px;height:16px;flex-shrink:0;" />Sunt de acord cu Termenii și cu prelucrarea datelor conform politicii de confidențialitate (GDPR).</label>
<label style="display:block;margin-bottom:16px;"><span style="display:block;margin-bottom:6px;font:500 13px var(--font-ui);color:var(--sub,#8b93a7);">Pachet ales</span><select id="plan-select" name="plan" style="width:100%;height:44px;padding:0 10px;border:1px solid var(--line,#262b36);border-radius:6px;background:var(--card2,#0f1218);color:var(--text,#e6e9ef);font:400 14px var(--font-ui);outline:none;cursor:pointer;"><option value="free" selected>Gratuit — 0 lei/lună</option><option value="standard">Standard — 49 lei/lună</option><option value="pro">Pro — 59 lei/lună</option><option value="premium">Premium — la cerere</option></select></label>
<label style="display:flex;gap:9px;align-items:flex-start;margin-bottom:18px;font:400 13px/1.5 var(--font-ui);color:var(--sub,#8b93a7);cursor:pointer;"><input type="checkbox" name="consent" value="1" required style="margin-top:2px;accent-color:var(--accent,#2E74D6);width:16px;height:16px;flex-shrink:0;" />Sunt de acord cu Termenii și cu prelucrarea datelor conform politicii de confidențialitate (GDPR).</label>
<button type="submit" class="btn-green" style="width:100%;height:48px;border-radius:6px;background:#1F9D5C;border:1px solid #1F9D5C;color:#fff;font:700 15px var(--font-ui);cursor:pointer;transition:transform .2s cubic-bezier(.2,.8,.2,1), background .2s ease, box-shadow .2s ease;">Creează cont gratuit</button>
<div style="text-align:center;margin-top:14px;font:400 13px var(--font-ui);color:var(--sub,#8b93a7);">Ai deja cont? <a data-act="tab" data-tab="login" style="color:var(--accent,#2E74D6);font-weight:500;cursor:pointer;">Autentifică-te</a></div>
</form>
@@ -375,18 +395,6 @@
</div>
</div>
<!-- FINAL CTA -->
<div style="padding:0 40px 80px;">
<div style="background:var(--card,#181c24);border:1px solid var(--line,#262b36);border-radius:16px;padding:56px 40px;text-align:center;">
<h2 style="font:700 36px var(--font-ui);letter-spacing:-.02em;margin:0 0 14px;color:var(--text,#e6e9ef);">Începe să declari la RAR în câteva minute</h2>
<p style="font:400 16px var(--font-ui);color:var(--sub,#8b93a7);margin:0 0 28px;">Gratuit până la 60 de prezentări pe lună. Fără card bancar.</p>
<div style="display:flex;gap:12px;justify-content:center;">
<button data-act="auth" data-tab="register" style="height:50px;padding:0 28px;border-radius:6px;background:#1F9D5C;border:1px solid #1F9D5C;color:#fff;font:700 15px var(--font-ui);cursor:pointer;transition:transform .2s cubic-bezier(.2,.8,.2,1), background .2s ease, box-shadow .2s ease;" style-hover="background:#16864a;border-color:#16864a;transform:translateY(-1px)">Creează cont gratuit</button>
<button data-act="auth" data-tab="login" style="height:50px;padding:0 24px;border-radius:6px;background:transparent;border:1px solid var(--line,#262b36);color:var(--text,#e6e9ef);font:500 15px var(--font-ui);cursor:pointer;transition:transform .18s ease, background .18s ease, border-color .18s ease;" style-hover="background:#1F9D5C;border-color:#1F9D5C;color:#fff;transform:translateY(-1px)">Autentificare</button>
</div>
</div>
</div>
<!-- FOOTER -->
<div style="border-top:1px solid var(--line,#262b36);padding:36px 40px;display:flex;align-items:center;justify-content:space-between;flex-wrap:wrap;gap:16px;">
<div style="font:700 18px var(--font-ui);letter-spacing:-.02em;color:var(--text,#e6e9ef);">ROM<span style="color:var(--accent,#2E74D6);">FAST</span></div>
@@ -421,7 +429,7 @@
var hMonth=(p*minPer)/60,leiMonth=hMonth*r;
document.getElementById('out-pres').textContent=p;
document.getElementById('out-rate').textContent=r;
var map={leiMonth:nf.format(Math.round(leiMonth)),hMonth:nf1.format(hMonth),leiYear:nf.format(Math.round(leiMonth*12)),days:nf1.format((hMonth*12)/8)};
var map={leiMonth:nf.format(Math.round(leiMonth)),hMonth:nf.format(Math.round(hMonth)),leiYear:nf.format(Math.round(leiMonth*12)),days:nf.format(Math.round((hMonth*12)/8))};
Object.keys(map).forEach(function(k){document.querySelectorAll('[data-calc="'+k+'"]').forEach(function(n){n.textContent=map[k];});});
}
if(pres&&rate){pres.addEventListener('input',recalc);rate.addEventListener('input',recalc);recalc();}

View File

@@ -1,5 +1,5 @@
{% extends "base.html" %}
{% block title %}Autentificare — ROMFAST AUTOPASS{% endblock %}
{% block title %}Autentificare — ROA AUTOPASS{% endblock %}
{% block content %}
{# US-010 (PRD 5.16): /login — layout 2 coloane branduit.
Stanga: logo + tagline + puncte de incredere.
@@ -8,31 +8,7 @@
<div class="login-2col" style="max-width:860px; margin:32px auto;">
{# Antet minimal deja randat in base.html (fara RAR dot, fara burger, fara account_name) #}
<div class="login-shell">
{# === Coloana stanga: brand + trust === #}
<aside class="login-aside" aria-label="Despre ROMFAST AUTOPASS">
<div class="login-brand-row">
<img src="/static/romfast_logo.png" alt="ROMFAST" style="height:36px; width:auto;">
</div>
<h2 class="login-headline">ROMFAST <span style="color:var(--accent);">AUTOPASS</span></h2>
<p class="login-tagline">Declara prestatiile de service-auto la RAR AUTOPASS, automat.
Conform Legii 142/2023 si OMTI 210/2024.</p>
<ul class="login-trust">
<li>
<svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.2" aria-hidden="true"><path d="M20 6L9 17l-5-5"/></svg>
Conform Legii 142/2023 si OMTI 210/2024
</li>
<li>
<svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.8" aria-hidden="true"><rect x="5" y="11" width="14" height="9" rx="1.5"/><path d="M8 11V8a4 4 0 0 1 8 0v3"/></svg>
Datele criptate, sterse la 3 luni
</li>
<li>
<svg width="17" height="17" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" aria-hidden="true"><path d="M20 6L9 17l-5-5"/></svg>
Parte din familia ROA — Romfast Applications
</li>
</ul>
</aside>
{# === Coloana dreapta: formular (NESCHIMBAT — CSRF, POST /login, link signup) === #}
{# === Formular autentificare === #}
<div class="login-form-col">
<h3 style="font-size:var(--fs-xl); margin:0 0 4px;">Autentificare</h3>
<p style="font-size:var(--fs-sm); color:var(--muted); margin:0 0 22px;">
@@ -66,33 +42,18 @@
<style>
/* US-010 PRD 5.16: layout /login profesional 2 coloane. */
.login-shell {
display:grid; grid-template-columns:1.1fr 0.9fr;
display:grid; grid-template-columns:1fr;
border:1px solid var(--line); border-radius:16px; overflow:hidden;
background:var(--card); min-height:480px;
background:var(--card); max-width:460px; margin:0 auto;
}
.login-aside {
padding:40px 38px;
background:linear-gradient(160deg, color-mix(in srgb,var(--accent) 12%,var(--card)), var(--card));
border-right:1px solid var(--line);
display:flex; flex-direction:column; justify-content:center;
}
.login-brand-row { display:flex; align-items:center; gap:10px; margin-bottom:24px; }
.login-headline { font-size:var(--fs-2xl); line-height:var(--lh-tight); margin:0 0 12px; letter-spacing:-.02em; }
.login-tagline { font-size:var(--fs-md); color:var(--muted); line-height:1.6; margin:0 0 20px; max-width:340px; }
.login-trust { list-style:none; margin:0; padding:0; display:flex; flex-direction:column; gap:10px; }
.login-trust li { display:flex; align-items:center; gap:9px; font-size:var(--fs-sm); color:var(--ink); }
.login-trust svg { flex-shrink:0; color:var(--ok); }
.login-form-col { padding:40px 38px; display:flex; flex-direction:column; justify-content:center; }
.btn-primary-full { width:100%; min-height:46px; font-family:var(--font-ui); font-size:var(--fs-md);
font-weight:600; background:var(--accent); color:#fff; border:none;
border-radius:8px; cursor:pointer; margin-top:4px; }
.btn-primary-full:hover { filter:brightness(1.08); }
.login-foot { text-align:center; font-size:var(--fs-sm); color:var(--muted); margin-top:18px; }
/* Mobil: stivuire verticala, formular sus */
@media (max-width:640px) {
.login-shell { grid-template-columns:1fr; grid-template-rows:auto auto; }
.login-aside { order:2; border-right:none; border-top:1px solid var(--line); padding:28px 22px; }
.login-form-col { order:1; padding:28px 22px; }
.login-form-col { padding:28px 22px; }
}
</style>
{% endblock %}

View File

@@ -37,33 +37,53 @@
});
</script>
{% else %}
<h2 style="margin-top:0;">Inregistrare cont nou</h2>
<h2 style="margin-top:0;">Creează cont nou</h2>
{% if error %}
<div class="banner" style="margin-bottom:12px;padding:8px 12px;">{{ error }}</div>
{% endif %}
{# Format aliniat la formularul de inregistrare din landing (#inregistrare): aceleasi campuri,
etichete, placeholder-uri si stil. Valorile `plan` = coduri tier (free/standard/pro/premium),
normalizate server-side. #}
<form method="post" action="/signup">
<input type="hidden" name="csrf_token" value="{{ csrf_token }}">
<p>
<label>Companie <span style="color:var(--err)">*</span></label><br>
<input type="text" name="name" value="{{ name or '' }}" required style="width:100%;">
</p>
<p>
<label>CUI <span style="color:var(--err)">*</span></label><br>
<input type="text" name="cui" value="{{ cui or '' }}" required style="width:100%;">
</p>
<p>
<label>Email <span style="color:var(--err)">*</span></label><br>
<input type="email" name="email" value="{{ email or '' }}" required style="width:100%;">
</p>
<p>
<label>Parola <span style="color:var(--err)">*</span>
<span style="color:var(--muted);font-size:12px;">(minim 10 caractere)</span>
</label><br>
<input type="password" name="parola" required style="width:100%;">
</p>
<button type="submit" style="width:100%;margin-top:8px;">Creeaza cont</button>
<label style="display:block;margin-bottom:14px;">
<span style="display:block;margin-bottom:6px;font:500 13px var(--font-ui);color:var(--muted);">Companie</span>
<input type="text" name="name" value="{{ name or '' }}" required placeholder="SC Service Auto SRL"
style="width:100%;height:44px;padding:0 12px;border:1px solid var(--line);border-radius:6px;background:var(--card2);color:var(--ink);font:400 14px var(--font-ui);outline:none;">
</label>
<label style="display:block;margin-bottom:14px;">
<span style="display:block;margin-bottom:6px;font:500 13px var(--font-ui);color:var(--muted);">CUI</span>
<input type="text" name="cui" value="{{ cui or '' }}" required placeholder="RO12345678"
style="width:100%;height:44px;padding:0 12px;border:1px solid var(--line);border-radius:6px;background:var(--card2);color:var(--ink);font:400 14px var(--font-mono);outline:none;">
</label>
<label style="display:block;margin-bottom:14px;">
<span style="display:block;margin-bottom:6px;font:500 13px var(--font-ui);color:var(--muted);">Email</span>
<input type="email" name="email" value="{{ email or '' }}" required placeholder="nume@service.ro"
style="width:100%;height:44px;padding:0 12px;border:1px solid var(--line);border-radius:6px;background:var(--card2);color:var(--ink);font:400 14px var(--font-ui);outline:none;">
</label>
<label style="display:block;margin-bottom:14px;">
<span style="display:block;margin-bottom:6px;font:500 13px var(--font-ui);color:var(--muted);">Parolă</span>
<input type="password" name="parola" required minlength="10" placeholder="Minim 10 caractere"
style="width:100%;height:44px;padding:0 12px;border:1px solid var(--line);border-radius:6px;background:var(--card2);color:var(--ink);font:400 14px var(--font-ui);outline:none;">
</label>
<label style="display:block;margin-bottom:16px;">
<span style="display:block;margin-bottom:6px;font:500 13px var(--font-ui);color:var(--muted);">Pachet ales</span>
<select name="plan"
style="width:100%;height:44px;padding:0 10px;border:1px solid var(--line);border-radius:6px;background:var(--card2);color:var(--ink);font:400 14px var(--font-ui);outline:none;cursor:pointer;">
<option value="free"{% if not plan or plan == 'free' %} selected{% endif %}>Gratuit — 0 lei/lună</option>
<option value="standard"{% if plan == 'standard' %} selected{% endif %}>Standard — 49 lei/lună</option>
<option value="pro"{% if plan == 'pro' %} selected{% endif %}>Pro — 59 lei/lună</option>
<option value="premium"{% if plan == 'premium' %} selected{% endif %}>Premium — la cerere</option>
</select>
</label>
<label style="display:flex;gap:9px;align-items:flex-start;margin-bottom:18px;font:400 13px/1.5 var(--font-ui);color:var(--muted);cursor:pointer;">
<input type="checkbox" name="consent" value="1" required style="margin-top:2px;accent-color:var(--accent);width:16px;height:16px;flex-shrink:0;">
Sunt de acord cu Termenii și cu prelucrarea datelor conform politicii de confidențialitate (GDPR).
</label>
<button type="submit"
style="width:100%;height:48px;border-radius:6px;background:#1F9D5C;border:1px solid #1F9D5C;color:#fff;font:700 15px var(--font-ui);cursor:pointer;">Creează cont gratuit</button>
</form>
<p style="text-align:center;font-size:13px;margin-top:16px;">
Ai deja cont? <a href="/login">Autentificare</a>

View File

@@ -39,7 +39,7 @@ from ..observ import log_event, set_source
from ..mapping import DEFAULT_ACCOUNT_ID, upsert_nomenclator
from ..payload import build_rar_payload
from ..reconcile import match_finalizata
from ..rar_client import RarAuthError, RarClient, RarError
from ..rar_client import RarAuthError, RarClient, RarError, base_url_pentru_env
_running = True
@@ -167,7 +167,7 @@ def claim_one(conn) -> dict | None:
conn.execute("BEGIN IMMEDIATE")
try:
row = conn.execute(
"SELECT s.id, s.account_id, s.payload_json, s.rar_creds_enc "
"SELECT s.id, s.account_id, s.payload_json, s.rar_creds_enc, s.rar_env "
"FROM submissions s LEFT JOIN accounts a ON a.id = s.account_id "
"WHERE s.status='queued' "
"AND (s.next_attempt_at IS NULL OR s.next_attempt_at <= ?) "
@@ -189,6 +189,7 @@ def claim_one(conn) -> dict | None:
return {
"id": row["id"],
"account_id": row["account_id"] if row["account_id"] is not None else DEFAULT_ACCOUNT_ID,
"rar_env": row["rar_env"],
"creds_enc": row["rar_creds_enc"],
"content": json.loads(row["payload_json"]),
}
@@ -281,11 +282,13 @@ def _handle_transient(conn, settings: Settings, rar: RarClient, token: str, sid:
return "requeued"
def recover_orphans(conn, settings: Settings, rar: RarClient, token: str, account_id: int | None = None) -> int:
def recover_orphans(conn, settings: Settings, rar: RarClient, token: str,
account_id: int | None = None, rar_env: str | None = None) -> int:
"""Randuri 'sending' mai vechi de lease (worker mort mid-POST). Reconciliaza; altfel requeue.
`account_id` filtreaza la orfanii unui cont (login-ul e per-cont); None = toti
(compat teste / single-account).
`account_id` filtreaza la orfanii unui cont (login-ul e per-cont); None = toti.
`rar_env` filtreaza la orfanii unui mediu (1b/E6): orfanii prod contra endpoint prod,
NU contra test — altfel no-match -> re-POST prod = DUPLICAT real ireversibil.
"""
# Cutoff calculat SQLite-side, in ACELASI format ca sending_since (scris cu
# datetime('now') in claim_one -> 'YYYY-MM-DD HH:MM:SS', cu spatiu). Daca am
@@ -293,18 +296,18 @@ def recover_orphans(conn, settings: Settings, rar: RarClient, token: str, accoun
# orice rand 'sending' sa para mereu <= cutoff -> lease-ul de 120s ignorat,
# iar fiecare rand proaspat revendicat ar fi tratat instant ca orfan.
lease = f"-{int(settings.worker_sending_lease_s)} seconds"
base_sql = (
"SELECT id, payload_json FROM submissions WHERE status='sending' "
"AND (sending_since IS NULL OR sending_since <= datetime('now', ?))"
)
params: list = [lease]
if account_id is not None:
orphans = conn.execute(
"SELECT id, payload_json FROM submissions WHERE status='sending' "
"AND (sending_since IS NULL OR sending_since <= datetime('now', ?)) AND account_id=?",
(lease, account_id),
).fetchall()
else:
orphans = conn.execute(
"SELECT id, payload_json FROM submissions WHERE status='sending' "
"AND (sending_since IS NULL OR sending_since <= datetime('now', ?))",
(lease,),
).fetchall()
base_sql += " AND account_id=?"
params.append(account_id)
if rar_env is not None:
base_sql += " AND rar_env=?"
params.append(rar_env)
orphans = conn.execute(base_sql, params).fetchall()
recovered = 0
for row in orphans:
sid = row["id"]
@@ -337,25 +340,26 @@ def _refresh_nomenclator(conn, rar: RarClient, token: str) -> None:
class AccountSessions:
"""Sesiuni RAR per cont: login lazy cu creds din submission + cache JWT (30h).
"""Sesiuni RAR per (cont, env): login lazy cu creds din submission + cache JWT (30h).
La primul login reusit pentru un cont sterge creds-urile criptate ale contului
(token-ul in memorie acopera restul). Pe 401 mid-sesiune se invalideaza sesiunea
-> re-login la urmatorul submission cu creds.
Cheia = (account_id, rar_env): test si prod sunt sisteme RAR separate cu JWT separate.
La primul login reusit pentru (cont, env) sterge creds-urile efemere scoped pe acel env.
Pe 401 mid-sesiune se invalideaza sesiunea -> re-login la urmatorul submission cu creds.
"""
def __init__(self, settings: Settings):
self.settings = settings
self._sessions: dict[int, tuple[RarClient, str]] = {}
self._sessions: dict[tuple[int, str], tuple[RarClient, str]] = {}
def get_token(self, conn, account_id: int, creds: dict | None) -> str | None:
"""Token valid pentru cont. Login daca lipseste din cache si avem creds; altfel None."""
sess = self._sessions.get(account_id)
def get_token(self, conn, account_id: int, creds: dict | None, rar_env: str = "test") -> str | None:
"""Token valid pentru (cont, env). Login daca lipseste din cache si avem creds; altfel None."""
key = (account_id, rar_env)
sess = self._sessions.get(key)
if sess is not None:
return sess[1]
if not creds or not creds.get("email") or not creds.get("password"):
return None
rar = RarClient(self.settings)
rar = RarClient(self.settings, base_url=base_url_pentru_env(self.settings, rar_env))
try:
token = rar.login(creds["email"], creds["password"])
except RarAuthError as exc:
@@ -363,40 +367,52 @@ class AccountSessions:
# Login esuat (401) — FARA email/parola (doar codul HTTP + contul).
log_event("rar_login", nivel="WARNING", account_id=account_id,
cod="RAR_CREDS_INVALIDE",
mesaj=f"login RAR esuat (cont {account_id}): {exc.status_code or 401}",
mesaj=f"login RAR esuat (cont {account_id}, env={rar_env}): {exc.status_code or 401}",
context={"rezultat": "esuat", "http": exc.status_code or 401},
conn=conn, sursa="worker")
raise
except Exception:
rar.close()
raise
self._sessions[account_id] = (rar, token)
write_heartbeat(conn, rar_login_ok=True, detail=f"login RAR ok (cont {account_id})")
self._sessions[key] = (rar, token)
write_heartbeat(conn, rar_login_ok=True, detail=f"login RAR ok (cont {account_id}, env={rar_env})")
# Login reusit (fara email/parola in clar — context curat).
log_event("rar_login", account_id=account_id, mesaj=f"login RAR ok (cont {account_id})",
log_event("rar_login", account_id=account_id,
mesaj=f"login RAR ok (cont {account_id}, env={rar_env})",
context={"rezultat": "ok", "http": 200}, conn=conn, sursa="worker")
# Creds efemere pe submissions nu mai sunt necesare: JWT acopera retry-urile -> sterge.
# GATE PURJARE: sterge DOAR submissions.rar_creds_enc, NU accounts.rar_creds_enc.
# Canal web: fallback exista in accounts -> purjarea e inofensiva (re-login dupa restart).
# Canal API pur: purjarea e identica cu Treapta 1 (neatinsa).
# GATE PURJARE: sterge DOAR submissions.rar_creds_enc (WHERE account_id=? AND rar_env=?),
# NU accounts.rar_creds_{env}_enc. Scoped pe env: login test NU sterge creds prod (E1/1a).
conn.execute(
"UPDATE submissions SET rar_creds_enc=NULL WHERE account_id=? AND rar_creds_enc IS NOT NULL",
(account_id,),
"UPDATE submissions SET rar_creds_enc=NULL "
"WHERE account_id=? AND rar_env=? AND rar_creds_enc IS NOT NULL",
(account_id, rar_env),
)
# Nomenclator live (autoritativ) la fiecare login proaspat.
# Nota (1e): nomenclatorul e presupus identic intre medii (aceleasi 18 coduri RAR);
# daca diverge in viitor, scoparea per-env a tabelei nomenclator_rar e out of scope acum.
_refresh_nomenclator(conn, rar, token)
return token
def rar(self, account_id: int) -> RarClient:
return self._sessions[account_id][0]
def rar(self, account_id: int, rar_env: str = "test") -> RarClient:
return self._sessions[(account_id, rar_env)][0]
def active(self) -> list[tuple[int, RarClient, str]]:
return [(acct, rar, tok) for acct, (rar, tok) in self._sessions.items()]
def active(self) -> list[tuple[int, str, RarClient, str]]:
"""Sesiunile active: lista de (account_id, rar_env, RarClient, token)."""
return [(acct, env, rar, tok) for (acct, env), (rar, tok) in self._sessions.items()]
def invalidate(self, account_id: int) -> None:
sess = self._sessions.pop(account_id, None)
def invalidate(self, account_id: int, rar_env: str | None = None) -> None:
"""Invalideaza sesiunea (cont, env). rar_env=None invalideaza TOATE sesiunile contului."""
if rar_env is not None:
sess = self._sessions.pop((account_id, rar_env), None)
if sess is not None:
sess[0].close()
else:
# Invalideaza toate mediile pentru acest cont.
keys_to_remove = [k for k in self._sessions if k[0] == account_id]
for k in keys_to_remove:
sess = self._sessions.pop(k)
sess[0].close()
def close_all(self) -> None:
for rar, _tok in self._sessions.values():
@@ -414,33 +430,39 @@ def _creds_for(claimed: dict, settings: Settings) -> dict | None:
return None
def _creds_from_account(conn, account_id: int) -> dict | None:
"""Fallback: crede RAR durabile per-cont din accounts.rar_creds_enc.
def _creds_from_account(conn, account_id: int, rar_env: str = "test") -> dict | None:
"""Creds RAR durabile per-cont din slotul per-env, cu fallback la coloana legacy.
Canal web nu are re-pusher. Cand submission n-are creds (sterse dupa primul login
sau upload web fara creds), worker-ul re-citeste din cont si poate re-login oricand.
Canal web: creds in accounts.rar_creds_{rar_env}_enc (per-env). Fallback la
accounts.rar_creds_enc (legacy, back-compat inainte de US-013 care dropa coloana veche).
"""
env_slot = f"rar_creds_{rar_env}_enc"
row = conn.execute(
"SELECT rar_creds_enc FROM accounts WHERE id=?", (account_id,)
f"SELECT {env_slot}, rar_creds_enc FROM accounts WHERE id=?", (account_id,)
).fetchone()
if row and row["rar_creds_enc"]:
return decrypt_creds(row["rar_creds_enc"])
if not row:
return None
enc = row[env_slot] or row["rar_creds_enc"] # per-env intai, legacy fallback
return decrypt_creds(enc) if enc else None
def _keepalive_target(conn, settings: Settings) -> tuple[int | None, dict | None]:
"""Un cont cu creds durabile pentru login-ul de proba (sau creds <test> in dev).
Ancora M2: cauta in slotul per-env al mediului `settings.rar_env` (ancora globala).
Fallback la coloana legacy `rar_creds_enc` (back-compat inainte de US-013).
Sare conturile ale caror creds NU se decripteaza sub cheia curenta — in dev
`start.sh both` genereaza o cheie efemera noua la fiecare pornire, deci creds-urile
durabile criptate sub cheia veche dau decrypt -> None. Fallback la creds <test>.
`start.sh both` genereaza o cheie efemera noua la fiecare pornire.
"""
env_slot = f"rar_creds_{settings.rar_env}_enc"
rows = conn.execute(
"SELECT id, rar_creds_enc FROM accounts "
"WHERE rar_creds_enc IS NOT NULL ORDER BY id"
f"SELECT id, {env_slot}, rar_creds_enc FROM accounts ORDER BY id"
).fetchall()
for row in rows:
creds = decrypt_creds(row["rar_creds_enc"])
enc = row[env_slot] or row["rar_creds_enc"] # per-env intai, legacy fallback
if not enc:
continue
creds = decrypt_creds(enc)
if creds and creds.get("email") and creds.get("password"):
return row["id"], creds
if settings.worker_use_test_creds:
@@ -478,9 +500,9 @@ def _maybe_keepalive(conn, settings: Settings, sessions: "AccountSessions", stat
account_id, creds = _keepalive_target(conn, settings)
if account_id is None or not creds:
return # niciun cont cu creds durabile — nimic de sondat
sessions.invalidate(account_id) # forteaza login real, nu token din cache
sessions.invalidate(account_id, settings.rar_env) # forteaza login real pt env-ul global
try:
sessions.get_token(conn, account_id, creds) # reimprospateaza last_rar_login_ok la succes
sessions.get_token(conn, account_id, creds, settings.rar_env) # reimprospateaza last_rar_login_ok la succes
except RarAuthError:
pass # creds invalide — deja logat in get_token (WARNING)
except Exception as exc:
@@ -527,8 +549,8 @@ def run() -> int:
claimed = claim_one(conn)
if claimed is None:
# Nimic de trimis: recupereaza orfanii conturilor deja logate.
for acct, rar, tok in sessions.active():
recover_orphans(conn, settings, rar, tok, account_id=acct)
for acct, env, rar, tok in sessions.active():
recover_orphans(conn, settings, rar, tok, account_id=acct, rar_env=env)
# Login de proba periodic ca dashboard-ul sa nu afiseze fals
# "RAR inaccesibil" din lipsa de trafic (vezi _maybe_keepalive).
_maybe_keepalive(conn, settings, sessions, _keepalive_state)
@@ -537,18 +559,20 @@ def run() -> int:
sid = claimed["id"]
account_id = claimed["account_id"]
# Mediul tinta al trimiterii (per-submission, cu fallback la ancora globala).
rar_env = claimed.get("rar_env") or settings.rar_env
# Randul poarta creds proaspete (rar_creds_enc != NULL) — fie prima trimitere
# a contului, fie o REACTIVARE dupa creds gresite. Invalidam sesiunea RAR
# cache-uita ca un JWT vechi (30h) din parola GRESITA sa nu trimita cu ea,
# ignorand corectia. Re-login imediat cu creds-urile noi.
# cache-uita (per env) ca un JWT vechi (30h) din parola GRESITA sa nu trimita
# cu ea, ignorand corectia. Re-login imediat cu creds-urile noi.
if claimed.get("creds_enc"):
sessions.invalidate(account_id)
sessions.invalidate(account_id, rar_env)
# Incearca creds din submission (canal API efemer), cu fallback la
# accounts.rar_creds_enc (canal web durabil). Canal web n-are re-pusher.
creds = _creds_for(claimed, settings) or _creds_from_account(conn, account_id)
# accounts.rar_creds_{rar_env}_enc (canal web durabil, per-env).
creds = _creds_for(claimed, settings) or _creds_from_account(conn, account_id, rar_env)
try:
token = sessions.get_token(conn, account_id, creds)
token = sessions.get_token(conn, account_id, creds, rar_env)
except RarAuthError as exc:
# Creds gresite (login 401): NU se face retry.
mark(conn, sid, "error", rar_status_code=401,
@@ -565,9 +589,9 @@ def run() -> int:
requeue_with_backoff(conn, settings, sid, reason="creds RAR indisponibile (astept re-trimitere)")
continue
rar = sessions.rar(account_id)
# Recupereaza orfanii contului inainte de trimitere (acelasi token).
recover_orphans(conn, settings, rar, token, account_id=account_id)
rar = sessions.rar(account_id, rar_env)
# Recupereaza orfanii contului + env-ului inainte de trimitere (acelasi token).
recover_orphans(conn, settings, rar, token, account_id=account_id, rar_env=rar_env)
# Guard: recover_orphans putea atinge chiar randul tocmai revendicat
# (reconciliat 'sent' sau requeue 'queued'). Daca nu mai e 'sending',
# NU mai face POST — altfel s-ar crea un duplicat la RAR.
@@ -579,9 +603,9 @@ def run() -> int:
try:
process_one(conn, settings, rar, token, claimed)
except RarAuthError as exc:
# Token expirat mid-sesiune: invalideaza sesiunea, re-pune randul.
print(f"[worker] cont {account_id} token expirat: {exc}; re-login data viitoare", flush=True)
sessions.invalidate(account_id)
# Token expirat mid-sesiune: invalideaza sesiunea (per env), re-pune randul.
print(f"[worker] cont {account_id} env={rar_env} token expirat: {exc}; re-login data viitoare", flush=True)
sessions.invalidate(account_id, rar_env)
requeue_with_backoff(conn, settings, sid, reason="token RAR expirat")
except Exception as exc: # noqa: BLE001 — loop top-level: o eroare punctuala nu opreste worker-ul

View File

@@ -13,7 +13,8 @@ services:
- autopass-data:/data
environment:
AUTOPASS_DB_PATH: /data/autopass.db
AUTOPASS_RAR_ENV: prod
# Override din environment (Dokploy) pentru staging; default = prod.
AUTOPASS_RAR_ENV: ${AUTOPASS_RAR_ENV:-prod}
# Fus orar RO pentru bucketarea contoarelor azi/luna (SQLite 'localtime', E7).
TZ: ${TZ:-Europe/Bucharest}
AUTOPASS_CREDS_KEY: ${AUTOPASS_CREDS_KEY:?seteaza AUTOPASS_CREDS_KEY in .env (vezi .env.example)}
@@ -35,10 +36,11 @@ services:
- autopass-data:/data
environment:
AUTOPASS_DB_PATH: /data/autopass.db
AUTOPASS_RAR_ENV: test
AUTOPASS_RAR_ENV: ${AUTOPASS_RAR_ENV:-test}
AUTOPASS_CREDS_KEY: ${AUTOPASS_CREDS_KEY:?seteaza AUTOPASS_CREDS_KEY in .env (vezi .env.example)}
# Send dezactivat by default; activeaza pentru proba end-to-end.
AUTOPASS_WORKER_SEND_ENABLED: "true"
# Send activ by default (prod); pe staging seteaza AUTOPASS_WORKER_SEND_ENABLED=false
# in Dokploy ca worker-ul sa NU trimita declaratii reale la RAR (Legea 142/2023).
AUTOPASS_WORKER_SEND_ENABLED: ${AUTOPASS_WORKER_SEND_ENABLED:-true}
restart: always
depends_on:
- api

File diff suppressed because one or more lines are too long

View File

@@ -0,0 +1,495 @@
<!-- /autoplan restore point: /home/claude/.gstack/projects/romfast-rar-autopass/main-autoplan-restore-20260629-150326.md -->
# PRD 5.19 — Bifa "Auto": transmitere automata sau manuala din coada
> Status: DRAFT (asteapta aprobare). Sursa de contract: `docs/api-rar-contract.md`.
> Limba: romana, fara emoji. Stil: aditiv, nedistructiv pe backend-ul de trimitere.
## 1. Introducere
Astazi transmiterea catre RAR e controlata de un singur comutator **global**
(`AUTOPASS_WORKER_SEND_ENABLED`, env): cand e pornit, worker-ul ia ORICE rand `queued`
al unui cont `active` si il trimite imediat. Nu exista un control **per-cont** care sa
permita unui service sa-si tina prezentarile in coada pentru verificare umana inainte
de a pleca la RAR.
Cazul concret care motiveaza feature-ul: utilizatorul testeaza canalul API din ROAAUTO
(Visual FoxPro) direct in **productie** (`autopass.romfast.ro`), pe contul lui de test.
Vrea ca prezentarile sa **apara in coada si sa astepte**, nu sa plece automat la RAR,
pana cand le verifica si apasa explicit "Trimite". Reper vizual: bifa **"Auto"** din
dashboard-ul gomag-vending (`image.png`).
## 2. Obiective
### Obiectiv principal
- Un comutator **"Auto" per-cont**, persistat pe contul service-ului: cand e bifat,
prezentarile pleaca automat la RAR (comportament actual); cand e debifat, randurile
**asteapta vizibil in coada** pana cand un operator le trimite manual.
### Obiective secundare
- Trimitere manuala **per rand** ("Trimite") si in **bloc** ("Trimite toate (N)",
analogul "Start Sync" din gomag).
- La activarea Auto (OFF -> ON), randurile deja tinute sunt **eliberate automat**
spre transmitere.
- Vizibilitate: randurile tinute apar in coada cu o stare umana clara
("In asteptare (manual)"), separate de cele in curs de trimitere.
### Metrici de succes
- Cu Auto OFF, un `POST /v1/prezentari` valid creeaza un rand care **NU** e trimis de
worker (ramane vizibil in coada) pana la actiune umana.
- Cu Auto ON, acelasi rand pleaca la RAR fara interventie (zero regresie fata de azi).
- Bifa supravietuieste restartului (persistata in `accounts`), per-cont (un cont OFF nu
afecteaza alt cont).
## 3. Design (decizii luate cu utilizatorul)
| # | Decizie | Alegere |
|---|---------|---------|
| D1 | Default bifa "Auto" pe conturi (inclusiv noi) | **OFF** (manual) — sigur, nimic nu pleaca fara confirmare |
| D2 | La OFF -> ON, randurile deja tinute | **Eliberate automat** spre transmitere |
| D3 | Plasare in UI | **Bara de status** (langa contoare, ca in mockup gomag) |
| D4 | Trimitere manuala | **Per rand + buton "Trimite toate (N)"** |
| D5 | Persistenta | Bifa salvata **pe contul service-ului** (`accounts`) |
### Mecanica aleasa: flag `held` pe submission (NU stare noua)
Randurile tinute raman in starea `queued` (sunt logic in coada, doar puse pe pauza),
marcate cu o coloana booleana noua `submissions.held`. Motiv: evitam atingerea
CHECK-ului de stari si a masinii de stari (`queued/sending/sent/needs_mapping/
needs_data/error`), a pill-urilor, filtrelor si contoarelor — schimbare strict
**aditiva**. Eticheta umana "In asteptare (manual)" se deriva din `status='queued'
AND held=1` in stratul de afisaj (`labels.py`).
- **Comutatorul de cont** (`accounts.auto_send_enabled`) guverneaza DOAR:
(a) valoarea implicita a lui `held` la ingestie; (b) eliberarea in bloc la OFF -> ON.
- **Worker-ul** (`claim_one`) ia doar `status='queued' AND held=0`. Nu mai stie de
comutatorul de cont — ramane simplu si robust.
- **Trimiterea manuala** (per rand sau bulk) = `held: 1 -> 0`; worker-ul preia randul la
urmatorul poll. Functioneaza chiar daca contul e pe Auto OFF (override uman per rand).
Comutatorul global `AUTOPASS_WORKER_SEND_ENABLED` ramane **kill-switch master** (productia
il porneste). Feature-ul nou se aseaza DEASUPRA lui: held tine randul indiferent de env.
## 4. User Stories
### US-001: Schema — comutator cont + flag held
**Ca** dezvoltator
**Vreau** coloanele de persistenta pentru bifa Auto si pentru randurile tinute
**Pentru ca** starea sa supravietuiasca restartului si sa fie per-cont.
**Acceptance Criteria:**
- [ ] `accounts.auto_send_enabled INTEGER NOT NULL DEFAULT 0 CHECK (auto_send_enabled IN (0,1))`
adaugat in `app/schema.sql` + migrare defensiva in `app/db.py::_migrate` (ALTER
idempotent, ca la `email`/`tier`).
- [ ] `submissions.held INTEGER NOT NULL DEFAULT 0 CHECK (held IN (0,1))` adaugat +
migrare defensiva. Index partial `idx_submissions_held ON submissions(held) WHERE held=1`.
- [ ] **Index in `_migrate`, nu doar `schema.sql` (Eng MEDIUM):** `CREATE TABLE IF NOT EXISTS`
nu se declanseaza pe DB existent -> indexul partial trebuie creat si in `_migrate`
(ca `idx_submissions_batch` la `db.py:155`), altfel un DB prod upgradat capata coloana
(ALTER) dar NU si indexul.
- [ ] Contul implicit id=1 (dev) ramane pe default (0) — fara tratament special.
- [ ] Helperi in `app/accounts.py`: `get_auto_send(conn, account_id) -> bool` si
`set_auto_send(conn, account_id, enabled: bool)` (idempotent, scoped pe cont).
- [ ] `python3 -m pytest -q` ramane verde (migrare aditiva, fara regresie pe schema).
### US-002: Ingestie respecta comutatorul de cont
**Ca** operator de service cu Auto OFF
**Vreau** ca prezentarile noi sa intre in coada tinute (held=1)
**Pentru ca** sa le verific inainte sa plece la RAR.
**Acceptance Criteria:**
- [ ] La INSERT-ul `status='queued'` pe canalul API (`app/api/v1/router.py`, ~l.282),
`held` = `0 daca accounts.auto_send_enabled=1 altfel 1` (snapshot la ingestie).
- [ ] Acelasi snapshot la commit-ul de import (`app/api/v1/import_router.py`, ~l.1193).
- [ ] La reresolve (un `needs_mapping` rezolvat trece pe `queued`, `app/mapping.py` ~l.895),
`held` se seteaza tot din comutatorul contului.
- [ ] `held` NU intra in `payload_json`, NU in `build_key`/idempotenta, NU in payload-ul
RAR — e pur control de coada (ca `reviewed` la import).
- [ ] **DRY + acoperire COMPLETA (review CEO + Eng Finding A — HIGH):** calculul `held` e UN
SINGUR helper `held_for_account(conn, account_id) -> int`, chokepoint pt. TOATE situri
`SET status='queued'`, nu doar 3. Codebase-ul are ~8 scriitori de `queued`:
`router.py:282` (enqueue), `import_router.py:1190` (commit), `mapping.py:895` (reresolve),
**`router.py:237` (reactivare error->queued la re-POST — BUG real de bypass: randul pastra
`held` VECHI -> se auto-trimite desi Auto OFF)**, si rutele web de operator
`routes.py` mapeaza-inline / corecteaza / repune / bulk-fix.
- [ ] **Politica rute operator:** pentru tranzitiile declansate de operator in panoul de
detaliu (corecteaza/repune/mapeaza/bulk-fix), `held=0` (actiunea operatorului = intentie
explicita de trimitere) — DAR e o DECIZIE documentata, nu o omisiune, si respecta UX-ul de
confirmare cand contul e OFF. Canalele de ingestie (API/import/reresolve/reactivare) =
`held_for_account`.
- [ ] `requeue_with_backoff` (worker `:154`) NU atinge `held` (tranzitie interna worker).
- [ ] **Echo pe dedup (Eng MEDIUM):** ramura de dedup (`router.py:264`, re-POST pe rand
existent) intoarce si ea `held` (azi ar da un "queued" curat fals — vezi US-009).
- [ ] Test: cont Auto OFF -> `POST /v1/prezentari` valid -> rand `queued, held=1`;
cont Auto ON -> `queued, held=0`.
- [ ] Test reresolve: cont Auto OFF, submission `needs_mapping` -> mapare salvata ->
rand devine `queued, held=1` (nu pleaca automat).
### US-003: Worker nu trimite randurile tinute
**Ca** sistem
**Vreau** ca worker-ul sa sara peste randurile held=1
**Pentru ca** transmiterea sa astepte decizia umana.
**Acceptance Criteria:**
- [ ] `claim_one` (`app/worker/__main__.py`) adauga `AND s.held = 0` la `WHERE`-ul de claim.
- [ ] Test: rand `queued, held=1` cu cont `active` si send pornit -> `claim_one` intoarce
`None` (nu il ia); acelasi rand cu `held=0` -> e luat (`sending`).
- [ ] Recuperarea orfanilor / reconcilierea NU sunt afectate (held se aplica doar la claim
din `queued`; un rand deja `sending` ramane gestionat normal).
### US-004: Bifa "Auto" in bara de status (toggle + persistenta + auto-release)
**Ca** operator
**Vreau** o bifa "Auto" in bara de status, salvata pe cont
**Pentru ca** sa pornesc/opresc transmiterea automata dintr-un click.
**Acceptance Criteria:**
- [ ] Control checkbox HTMX cu eticheta vizibila **"Trimite automat la RAR"** (decizie user;
NU "Auto" — eviti coliziunea cu "Trimitere automata" worker din `labels.py`) + helptext
("Debifat: prezentarile asteapta confirmarea ta"), in clusterul de header langa
`.rar-chip` SAU pe rand propriu in bara de status (vezi D1). Reflecta
`accounts.auto_send_enabled` al contului din sesiune.
- [ ] `POST /auto-send` (ruta web, sub `require_login` + scope cont + CSRF) comuta bifa
si o **persista** pe cont; raspuns OOB care re-randeaza bara de status.
- [ ] La trecerea OFF -> ON: toate randurile `queued AND held=1` ale contului devin
`held=0` (eliberare in bloc), scoped strict pe contul curent. Eliberarea e o
SINGURA instructiune SQL atomica (`UPDATE ... WHERE account_id=? AND status='queued'
AND held=1`), NU un loop (review CEO: atomicitate + evita contention cu worker-ul).
- [ ] **Garda de confirmare (review CEO F4):** daca exista N>0 randuri tinute la
activarea Auto, comutatorul cere o confirmare explicita cu numarul si destinatia
("Activarea Auto trimite imediat N prezentari catre RAR PRODUCTIE — FINALIZATA e
ireversibila"). Fara confirmare, randurile tinute NU pleaca. Motiv: pe contul de
test, un OFF->ON necugetat ar arunca toate prezentarile de proba in RAR real.
- [ ] La trecerea ON -> OFF: randurile deja `queued held=0` NU sunt retrase (doar
ingestiile NOI vor fi tinute); randurile in `sending`/`sent` neatinse.
- [ ] Verify in browser: comuti bifa, se salveaza, ramane dupa refresh; cu OFF un rand nou
apare tinut; comutand pe ON randurile tinute pleaca.
### US-005: Trimitere manuala — per rand + "Trimite toate (N)"
**Ca** operator cu Auto OFF
**Vreau** sa trimit un rand tinut sau toate odata
**Pentru ca** sa eliberez selectiv sau in bloc spre RAR.
**Acceptance Criteria:**
- [ ] Buton "Trimite" pe fiecare rand `queued held=1` in lista de trimiteri/coada
(`_submissions.html` / `_coada.html`), scoped + CSRF.
- [ ] `POST /trimitere/{id}/trimite-acum`: 404-before-leak pe id strain; seteaza `held=0`
DOAR daca randul e `queued held=1` (no-op sigur altfel); OOB refresh.
- [ ] Buton bulk "Trimite toate (N)" (N = nr. randuri tinute ale contului) ->
`POST /trimite-toate`: elibereaza toate `queued AND held=1` ale contului (held=0),
cu confirmare tipata (count + "catre RAR PRODUCTIE", review CEO F5). Update atomic
scoped pe cont (NU poate elibera randuri ale altui cont).
- [ ] `POST /trimitere/{id}/trimite-acum` UPDATE include `AND status='queued'` ca un rand
deja `sending` (luat de worker intre afisaj si click) sa fie no-op sigur (edge race).
- [ ] Eliberarea seteaza doar `held=0`; worker-ul preia randul la urmatorul poll
(trimitere asincrona, ca azi). Necesita worker pornit + send master ON + cont activ.
- [ ] Butonul "Trimite toate (0)" e ascuns cand nu exista randuri tinute.
- [ ] Test: rand tinut -> `trimite-acum` -> `held=0`; apoi `claim_one` il ia.
### US-006: Afisaj stare "In asteptare (manual)"
**Ca** operator
**Vreau** sa disting randurile tinute de cele in curs de trimitere
**Pentru ca** sa stiu ce asteapta decizia mea.
**Acceptance Criteria:**
- [ ] `app/web/labels.py`: pentru `status='queued' AND held=1` -> eticheta umana
"In asteptare (manual)" + clasa CSS de avertizare (ca `needs_*`); `held=0` ramane
"In asteptare" (queued normal).
- [ ] Bara de status arata un contor separat "In asteptare (manual): N" cand N > 0
(derivat din `queued AND held=1`); contorul `queued` total ramane corect.
- [ ] Lista de trimiteri marcheaza randurile tinute (badge/pill), butonul "Trimite" apare
doar pe ele.
- [ ] Verify in browser: un rand tinut afiseaza eticheta corecta si butonul; dupa trimitere
trece la "In curs de trimitere" -> "Trimisa".
### US-007: Vizibilitate coada tinuta imbatranita (mitigare OBLIGATORIE pt. default OFF)
**Ca** operator / admin
**Vreau** un semnal vizibil cand prezentari raman tinute prea mult
**Pentru ca** default OFF (decizie user, pana devine stabil) lasa altfel prezentari
nedeclarate tacit — exact esecul silentios pe care L.142/2023 il face risc legal.
> Conditie: user a ales DELIBERAT default OFF "pana devine stabil" peste avertismentul de
> conformitate (review CEO F1/F3). Aceasta US e atenuarea agreata si e BLOCANTA, nu optionala.
**Acceptance Criteria:**
- [ ] Bara de status: cand exista randuri `queued AND held=1` mai vechi de `N` zile
(config `AUTOPASS_HELD_WARN_DAYS`, default 7), afiseaza un banner de avertizare
("M prezentari tinute de >N zile — declarare obligatorie L.142") cu deep-link la lista
filtrata pe tinute.
- [ ] `/metrics` expune un gauge `autopass_held_submissions` (total randuri tinute) si
`autopass_held_oldest_age_seconds` (varsta celui mai vechi rand tinut), scoped global
(observabilitate ops, review CEO F3).
- [ ] Bannerul + gauge sunt derivate (zero stare noua); contorul varstei foloseste
`created_at` al randului.
- [ ] Test: rand tinut cu `created_at` vechi -> bannerul apare; gauge raporteaza varsta.
### US-008: Retentie randuri tinute (inchide gaura GDPR/L.142, review CEO F6)
**Ca** sistem
**Vreau** ca randurile tinute la nesfarsit sa aiba o politica de expirare
**Pentru ca** un `queued held=1` nu e nici `sent` nici blocat -> azi NU primeste
`purge_after` -> PII criptat (si `rar_creds_enc` efemer pe canalul API) ar sta vesnic.
**Acceptance Criteria:**
- [ ] Worker-ul expira randurile `queued AND held=1` mai vechi de `held_retention_days`
(config, default 90, aliniat T16): le trece la `error` cu mesaj `TINUT_EXPIRAT`
(terminal) + **seteaza `purge_after` DIRECT la momentul expirarii** (NU lasa `mark()` sa
aplice `blocked_retention_days`=30). Eng MEDIUM: altfel viata reala = 90 (held) + 30
(error) = 120 zile, nu 90. Fie purge_after explicit la tranzitie, fie documenteaza 120.
- [ ] La eliberarea manuala/auto a unui rand tinut, daca `rar_creds_enc` (canal API) e prea
vechi, worker-ul cade pe `accounts.rar_creds_enc` (fallback re-login) ca azi — verificat
ca creds efemere expirate nu blocheaza trimiterea.
- [ ] Test: rand tinut vechi -> ciclul de purjare al worker-ului il expira + seteaza
`purge_after`; PII devine purjabil.
### US-009: Fixturi teste + jurnal audit (review CEO F7 + observabilitate)
**Ca** dezvoltator
**Vreau** ca suita existenta sa nu se blocheze pe default OFF si ca actiunile sa fie auditate
**Pentru ca** default OFF + `claim_one ... AND held=0` face ca lantul `POST -> claim -> sent`
din testele existente (+ `test_live_rar`) sa stagneze tacit daca nu setam Auto ON.
**Acceptance Criteria:**
- [ ] `conftest`/factory de cont seteaza `auto_send_enabled=1` (sau `held=0`) pe conturile
folosite de testele care exercita lantul de trimitere; `test_live_rar` seteaza explicit
Auto ON. `pytest -q` ramane verde.
- [ ] **Subtilitate id=1 (Eng HIGH/test):** contul implicit id=1 e creat de `schema.sql`
(`INSERT OR IGNORE`), NU de `create_account` -> un fix care patcheaza doar factory-ul NU
acopera contul folosit de majoritatea testelor (`test_import_e2e`, `test_creds_delivery`,
`test_live_rar` ar stagna). Conftest face explicit `UPDATE accounts SET auto_send_enabled=1
WHERE id=1` (autouse). E un fix de STARE DB, nu env var (coloana e per-rand in `accounts`).
- [ ] Audit `app_events`: comutarea Auto (`auto_send_schimbat` cu valoarea + cont) si
eliberarile manuale/bulk (`held_eliberat` cu count) sunt jurnalizate (redactat, scoped).
- [ ] Echo onest pe canalul API (aliniat invariant 5.7): raspunsul `POST /v1/prezentari`
pentru un rand tinut indica starea reala (`held=true` / nota umana "tinut pentru
verificare"), nu un fals "queued" curat. Dev-ul ROAAUTO vede ca randul NU a plecat.
- [ ] Test: eveniment audit scris la toggle + la eliberare; raspuns API reflecta `held`.
### US-010: Onestitate + observabilitate pe canalul API (review DX Faza 3.5)
**Ca** dezvoltator ROAAUTO/VFP care integreaza prin `POST /v1/prezentari`
**Vreau** sa vad clar ca un rand e tinut si NU a plecat la RAR
**Pentru ca** azi un rand tinut intoarce byte-identic cu unul gata de auto-send
(`status:queued, erori:[]`) -> reintroduce exact bug-ul de succes-fals 5.7.
**Acceptance Criteria:**
- [ ] **Camp `held: bool = False` pe `SubmissionResult`** (`models.py`) + plumbing din
`held_for_account` in `_rezultat_enqueue(..., held=...)` SI pe ramura de dedup
(`router.py:264`). Cand `held and status=='queued'`, `motiv` devine NON-null
(DX CRITICAL): mesaj uman "In asteptare — tinut pt verificare; NU trimis la RAR (Auto OFF)".
- [ ] **`held` in proiectiile GET** (`_PREZENTARE_FIELDS` `router.py:398` + lista `cols`
`router.py:369`): un dev care face `GET /v1/prezentari/{id}` vede `held=true`, nu un
`queued` etern fara semnal (DX HIGH).
- [ ] **Reutilizeaza vocabularul existent `AUTO_SEND_OPRIT`** (`errors.py:92`) pt. mesajul
held — NU inventa al treilea vocabular "auto_send" (DX + R6). Mesaj 3-niveluri
(problema/cauza/fix) pe `rar_error`/`motiv`.
- [ ] **Documentatie hub `/integrare`** (`integrare_examples.py`/`_integrare.html`): tabel
"De ce nu ajunge la RAR?" (held / needs_mapping / needs_data) + nota explicita "conturi
noi pornesc cu Auto OFF, randurile asteapta eliberare manuala" + cum verifici/comuti
(DX HIGH — altfel primul POST da 200/queued, dev-ul crede ca merge, nimic nu ajunge).
- [ ] (Optional, paritate API) endpoint de eliberare API simetric cu `/repune`
(`router.py:458`): `POST /v1/prezentari/{id}/trimite-acum`, scoped pe cont, 404-before,
no-op daca nu `queued AND held=1` — ca integratorul API sa nu fie fortat in browser.
- [ ] Test: held -> `held=true` + `motiv` non-null pe enqueue, dedup si GET (regresie ca
`test_queued_fara_erori_nemapate`).
## 5. Cerinte functionale
1. [REQ-001] Comutatorul "Auto" e per-cont, persistat in `accounts.auto_send_enabled`,
default 0 (OFF) inclusiv pentru conturi noi.
2. [REQ-002] Cu Auto OFF, orice ingestie care ar produce `queued` produce `queued held=1`.
3. [REQ-003] Worker-ul nu trimite niciodata un rand `held=1`.
4. [REQ-004] OFF -> ON elibereaza in bloc randurile tinute ale contului (atomic, scoped),
DAR cu confirmare tipata cand N>0 (count + "RAR PRODUCTIE"); ON -> OFF nu retrage
randuri deja eliberate.
5. [REQ-005] Operatorul poate elibera un rand tinut individual sau toate odata (bulk cu
confirmare).
6. [REQ-006] `held` nu influenteaza payload-ul RAR, idempotenta sau validarea — pur coada.
7. [REQ-007] Toate rutele noi sunt scoped pe contul din sesiune, sub `require_login`,
cu CSRF si 404-before-leak pe id strain. **`account_id` se deriva INTOTDEAUNA din sesiune,
NICIODATA dintr-un camp de formular** (Eng security): altfel un operator pe contul A ar
elibera in bloc randurile contului B postand `account_id=B`. Per-rand prin
`_get_submission_scoped` (404 inainte de UPDATE).
8. [REQ-008] Randurile tinute imbatranite sunt VIZIBILE (banner + `/metrics`) si au
politica de retentie/expirare (nu raman PII vesnic). Comutarea + eliberarile sunt
auditate in `app_events`.
## 6. Non-Goals (ce NU facem)
- **Fara interval/programare de sync** (dropdown "1 min" + buton "Start Sync" din gomag):
worker-ul autopass e continuu, nu pe interval. "Trimite toate" e analogul lui "Start Sync".
- **Fara stare noua de submission** (`held`/`tinut`): folosim flag boolean pe `queued`.
- **Fara comutator per-operatie sau per-canal**: granularitatea e per-cont (decizie D5).
(Nota: coloanele `auto_send` ramase pe `operations_mapping`/`operation_text_rules` sunt
neutralizate din 5.11 si NU se reactiveaza aici.)
- **Fara modificarea kill-switch-ului global** `AUTOPASS_WORKER_SEND_ENABLED`.
- **Fara retragerea randurilor deja in `sending`/`sent`** (FINALIZATA e terminal la RAR).
- **`held` NU e sandbox de testare** (avertisment de onestitate — tema cross-faza CEO F2 + DX4):
eliberarea unui rand tinut declara REAL la RAR (FINALIZATA ireversibila). "Tinut" doar
AMANA o trimitere reala. Ca sa testezi fara consecinte cu functia asta: tii randul si il
STERGI (nu-l eliberezi). **Decizie user (poarta finala): 5.19 = doar tinut operational**;
fara documentare `/valideaza` ca unealta de testare si fara rutare per-cont la RAR test
(`rar_env`). Acestea raman posibile follow-up-uri (TODOS), neangajate in 5.19.
## 7. Consideratii tehnice
### Stack / fisiere atinse
- Schema: `app/schema.sql` + `app/db.py::_migrate` (2 coloane aditive + 1 index).
- Backend cont: `app/accounts.py` (get/set toggle).
- Ingestie: `app/api/v1/router.py`, `app/api/v1/import_router.py`, `app/mapping.py`
(reresolve) — set `held` din comutator.
- Worker: `app/worker/__main__.py::claim_one` (+`AND s.held=0`).
- Web: `app/web/routes.py` (rute `/auto-send`, `/trimite-toate`,
`/trimitere/{id}/trimite-acum`), `app/web/labels.py`, template-uri
`_status.html` / `_submissions.html` / `_coada.html`.
### Patterns de urmat
- Migrare defensiva aditiva (model `accounts.email` / `accounts.tier` din 5.12/5.17).
- Rute web scoped + CSRF + OOB HTMX (model `submissions_admin.py` / butoanele de lifecycle 5.6).
- Strat de afisaj pur in `labels.py` (model 5.4) — fara logica de stare in template.
### Riscuri tehnice
- **R1 (default OFF schimba comportamentul):** azi nu exista hold; cu default 0, conturile
ar tine totul. Acceptabil — productia e pre-lansare, fara conturi legacy active
(cf. 5.17), iar utilizatorul vrea explicit OFF pe contul de test. Documentat ca
decizie constienta (D1).
- **R2 (reresolve scapa snapshot-ul):** daca uitam `held` pe calea de reresolve
(`mapping.py`), un rand deblocat din `needs_mapping` ar pleca automat desi contul e OFF.
Acoperit explicit de US-002 AC.
- **R3 (idempotenta):** `held` NU intra in cheie -> un re-`POST` al aceluiasi continut
loveste randul existent (dedup), nu creeaza dublura. Confirmat de invariantul `build_key`.
- **R4 (hazard de rollback — review CEO + Eng, HIGH operational):** daca se da revert pe cod
DUPA ce randuri au `held=1`, worker-ul pierde filtrul `AND held=0` -> ar trimite TOATE
randurile tinute la RAR (FINALIZATA ireversibila). Atenuare OBLIGATORIE: livreaza ODATA cu
feature-ul un helper `tools/` care carantineaza randurile tinute
(`UPDATE submissions SET status='error', rar_error='ROLLBACK_QUARANTINE' WHERE held=1`) +
pas de runbook scris in §9 (copy-paste, nu improvizat sub presiune).
- **R7 (eroziune creds efemere — Eng low-med):** la orice login reusit worker-ul NULL-eaza
TOATE `submissions.rar_creds_enc` ale contului (`worker:382`), nu doar randul trimis. Un cont
hibrid web+API cu keepalive-login poate sterge creds-urile efemere ale unui rand tinut API ->
la eliberare se cade pe `accounts.rar_creds_enc` (fallback). Acoperit de US-008, dar triggerul
e login-frate, nu varsta creds — de formulat corect.
- **R5 (contention SQLite la bulk release):** `UPDATE` masiv pe "Trimite toate" concureaza
cu `BEGIN IMMEDIATE` al worker-ului -> posibil `database is locked`. Update-ul atomic
(o instructiune) + retry/backoff scurt; sau chunking daca N e mare.
- **R6 (naming):** apare al TREILEA `auto_send` (cont `auto_send_enabled` vs
`operations_mapping.auto_send` vs `operation_text_rules.auto_send`). Comentariu clar in
`schema.sql` care le distinge, ca un viitor dezvoltator sa nu le confunde.
### Rafinari UI (review design Faza 2 — OBLIGATORII la implementare)
- **D1 (container real):** RAR dot e in `base.html` (header `.rar-chip`), NU in `_status.html`.
US-004 AC corectat: comutatorul Auto sta in clusterul de header langa `.rar-chip` (vizibilitate
maxima, langa semnalul RAR real) SAU pe un rand propriu etichetat in bara de status — NU
"langa dot" in `_status.html` (dot-ul nu e acolo).
- **D2 (toggle non-optimist):** checkbox HTMX flip-uie vizual indiferent de raspuns. Necesita
`hx-indicator` + revert-on-failure (la esec POST `/auto-send` -> bifa revine + toast eroare).
Fara fals-sigur tacit pe un comutator de transmitere guvernamentala.
- **D3 (poller nu inghite toggle-ul):** `#status-bar` are `hx-trigger="every 15s"` +
`hx-swap="outerHTML"` -> ar inlocui comutatorul la fiecare 15s (pierdere focus tastatura +
flicker). Exclude comutatorul din swap-ul periodic (container separat sau `hx-preserve`).
- **D4 (modal de confirmare real):** confirmarea tipata (count + "RAR PRODUCTIE") NU se poate
face cu `hx-confirm` (doar OK/Cancel nativ). Necesita un component modal (count, destinatie,
type-to-confirm) — adaugat in lista de fisiere. Per-rand "Trimite" primeste si el o
confirmare (1 linie + microcopy de ireversibilitate), nu doar bulk-ul.
- **D5 (camp derivat, nu in template):** `held` NU e stare noua -> pill-ul existent ar randa
"In coada" identic pt held si non-held. Calcul UN camp de afisaj derivat in `routes.py`
(regula "display layer pur"), nu in template. Culoare `--warn` (amber), NU clasa `needs_*`
(rosu/eroare) — held e asteptare benigna, nu eroare.
- **D6 (mobil 390px):** per-rand actiune = afordanta dedicata pe `.trimitere-slim` cu
`event.stopPropagation()` (randul e el insusi `role=button`), NU buton-copil nestat.
Al 6-lea contor "In asteptare (manual)" se pliaza in celula "In coada" pe bara compacta (nu
adauga a 6-a celula la 10px). Pill scurt ("Manual"/"Tinut") cu fraza completa in `title`.
- **D7 (ordonare bannere):** `_status.html` poate avea deja 3 bannere (cont inactiv / trial /
RAR jos) + al 4-lea (US-007 held). Regula de prioritate un-singur-banner ca sa nu impinga
contoarele sub fold pe mobil.
### Dependente
- Trimiterea manuala produce efect doar cu worker pornit + send master ON + cont `active`
(mediul de productie real). In dev (send OFF) randul eliberat ramane `queued held=0`.
## 8. Open Questions
- [ ] Trimiterea manuala se face asincron (flip `held=0`, worker preia la poll). Acceptam
latenta de un poll (cateva secunde) sau vrem feedback "in curs" imediat in UI?
(Propunere: asincron + OOB refresh, fara sincron — consistent cu arhitectura.)
- [ ] Pe mobil, butonul "Trimite" per rand + "Trimite toate" incap in layout-ul compact
(5.13)? (Propunere: "Trimite toate" in bara sticky, "Trimite" iconita pe card.)
## 9. Plan de verificare
- Regresie `python3 -m pytest -q` verde (baseline curent ~1392) + teste noi per story.
- E2E browser (Playwright, logat): comutare bifa persistenta dupa refresh; rand nou tinut
cu Auto OFF; eliberare per rand si bulk; tranzitie OFF -> ON elibereaza in bloc.
- Optional live RAR (`AUTOPASS_LIVE_RAR=1`): cont OFF -> rand tinut -> "Trimite" ->
`sent idPrezentare=...` confirmat in finalizate.
## 10. Decizii /autoplan — audit trail
Pipeline: CEO -> Design -> Eng -> DX, voce unica (Codex indisponibil pana 2026-07-18, plafon
utilizare). Deciziile intermediare auto-decise pe 6 principii; portile umane = premise + taste.
### Poarta de premise (decizia ta)
- **Scop:** AMBELE — control operational permanent + ajutor de testare.
- **Default Auto:** OFF, pastrat "pana devine stabil" (ales constient peste avertismentul de
conformitate L.142). Inverseaza recomandarea CEO F1 (default ON). Acceptat ca decizie de
domeniu; declanseaza atenuari OBLIGATORII (US-007/008/009).
### Decizii auto (6 principii)
| # | Faza | Decizie | Clasif. | Principiu | Motiv |
|---|------|---------|---------|-----------|-------|
| 1 | CEO | Approach A (held boolean) ca baza, nu stare noua (B) sau enum mod (C) | Mecanica | P5+P3 | aditiv, reuse pattern `reviewed`; B atinge masina de stari pazita |
| 2 | CEO | US-007 vizibilitate coada imbatranita OBLIGATORIE | Mecanica | P1+observ | atenuarea agreata pt default OFF; inchide esecul silentios F3 |
| 3 | CEO | US-008 retentie randuri tinute | Mecanica | P1 | F6: held nu primeste `purge_after` -> PII vesnic (GDPR/L.142) |
| 4 | CEO | US-009 fixturi teste Auto ON + audit + echo API held | Mecanica | P1 | F7: default OFF stagneaza testele; invariant 5.7 raspuns onest |
| 5 | CEO | Garda de confirmare OFF->ON + bulk (count + RAR PRODUCTIE) | Mecanica | P1 | F4/F5: flush ireversibil de randuri test in RAR real |
| 6 | CEO | `held_for_account()` helper unic (DRY) | Mecanica | P4 | calcul held inline de 3x = sit uitat trimite automat |
| 7 | CEO | Enum mod cont (live/hold/test) -> TODOS | Mecanica | P3 | scope dincolo de cerere; dream-state, nu blocant |
### Decizii de taste / provocari -> poarta finala (Faza 4)
- **T-EXP1 (reframe testare, CEO F2 + DX4) -> REZOLVAT: user a ales "doar tinut".** Nici
`rar_env`, nici documentarea `/valideaza` ca unealta de testare in 5.19. Ambele -> TODOS
(posibil follow-up). Pastrat doar avertismentul de onestitate ca eliberarea declara real.
- **T-LABEL (eticheta toggle, Design HIGH) -> REZOLVAT: user a ales REDENUMIREA.** Eticheta
vizibila = **"Trimite automat la RAR"** (nu "Auto"), ca sa nu se ciocneasca cu
"Trimitere automata" (worker viu) din `labels.py`. Conceptul/coloana raman `auto_send_enabled`.
### Faze Design/Eng/DX (audit)
| Faza | Decizie cheie | Clasif. | Motiv |
|------|---------------|---------|-------|
| Design | D1-D7 rafinari UI (non-optimist, poller, modal, mobil, camp derivat, --warn, bannere) | Mecanica | structural, P5 explicit |
| Eng | held_for_account la TOATE ~8 situri queued (bug reactivare router:237) | Mecanica | P5; bypass real Auto OFF |
| Eng | conftest UPDATE id=1; index in _migrate; purge_after direct; account_id din sesiune | Mecanica | corectitudine/securitate |
| DX | held pe SubmissionResult+GET; reuse AUTO_SEND_OPRIT; hub docs | Mecanica | P1; invariant 5.7 |
### Sumar completare review
```
+====================================================================+
| /autoplan — MEGA PLAN REVIEW — COMPLETION SUMMARY |
+====================================================================+
| Mod | SELECTIVE EXPANSION |
| Voci | Claude subagent (CEO/Design/Eng/DX); |
| | Codex INDISPONIBIL (plafon -> 2026-07-18) |
| Poarta premise | scop=AMBELE; default OFF (user, time-boxed) |
| CEO | 7 findings, 2 critice -> atenuate |
| Design | 5->8/10; 13 findings, 3 critice -> D1-D7 |
| Eng | 7 issues; 1 BUG real (reactivare bypass) |
| DX | 5->8/10; onestitate API -> US-010 |
| Stories | 6 -> 10 (US-007/008/009/010 adaugate) |
| Taskuri | 26 (14 P1, 9 P2, 3 P3), agregate pe faze |
| Tema cross-faza | hold != sandbox testare (CEO F2 + DX4) |
| Taste rezolvate | T-EXP1=doar tinut; T-LABEL=redenumire |
| Deferate (TODOS) | enum mod cont; rar_env; doc /valideaza |
| Test plan | scris pe disc (~/.gstack/.../test-plan) |
| Artefacte taskuri | 4 JSONL pe faza |
| Decizii nerezolvate | 0 |
+====================================================================+
```
## GSTACK REVIEW REPORT
| Review | Trigger | Why | Runs | Status | Findings |
|--------|---------|-----|------|--------|----------|
| CEO Review | `/plan-ceo-review` | Scope & strategy | 1 | issues_open->resolved | 5 propuneri, 4 acceptate, 2 deferate; 2 gap critice atenuate |
| Eng Review | `/plan-eng-review` | Architecture & tests (required) | 1 | issues_open->resolved | 7 issues (1 bug bypass reactivare), 0 gap critice ramase |
| Design Review | `/plan-design-review` | UI/UX gaps | 1 | issues_open->resolved | 5->8/10, 13 findings (3 critice) -> D1-D7 |
| DX Review | `/plan-devex-review` | Developer experience gaps | 1 | issues_open->resolved | 5->8/10, onestitate API (US-010) |
- **CROSS-MODEL:** N/A — Codex indisponibil (plafon utilizare pana 2026-07-18); voce unica Claude subagent pe toate fazele.
- **VERDICT:** CEO + DESIGN + ENG + DX CLEARED (voce unica) — PRD revizuit, gata de implementare. Toate deciziile portilor inchise cu user.
NO UNRESOLVED DECISIONS

View File

@@ -0,0 +1,478 @@
<!-- /autoplan restore point: /home/claude/.gstack/projects/romfast-rar-autopass/main-autoplan-restore-20260629-184940.md -->
# PRD 5.20 — Medii RAR per cont (Testare / Productie): activare, credentiale, selectie per trimitere
**Stare**: aprobat
> Proces complet: `docs/ROADMAP.md` §5. Contract RAR (sursa de adevar): `docs/api-rar-contract.md`.
> Stare: `draft -> aprobat -> in-executie -> verify-pass -> inchis`.
## 1. Obiectiv
Trateaza **Testare** si **Productie** ca doua medii RAR configurabile **per cont**. Fiecare mediu are, independent:
o **bifa de activare** si un **set propriu de credentiale**. Un mediu e *disponibil* pentru trimitere doar daca e
activat SI are credentiale. Din disponibilitate decurge tot UX-ul: cand un singur mediu e disponibil totul merge
acolo (fara selector); cand ambele sunt disponibile, apare selector la import + toggle in statusbar + alegere in
API. Trimiterile arata mereu un **badge** cu mediul tinta. Scop: clientul declara real pe Productie, iar cine are
si cont de test RAR isi poate testa integrarea pe Testare — fara redeploy si fara variabila globala de mediu.
**Premisa verificata (2026-06-29, doua seturi reale)**: test si prod sunt sisteme RAR **complet separate**; un set
de credentiale se autentifica pe **exact unul** (creds dev: test 200 / prod 401; creds client real: test 401 /
prod 200). Deci 2 seturi de creds per cont; un cont prod-only NU poate trimite la test fara cont de test emis de RAR.
Detaliu memorat: vezi memoria de proiect "rar-test-prod-creds-separate".
## 2. Non-Goals (anti scope-creep)
- NU eliminam `AUTOPASS_RAR_ENV` global: ramane **ancora de migrare** + fallback pentru actiuni de sistem fara cont
(ex. keepalive login). Per-submission are precedenta cand exista.
- NU configuram base_url-uri din UI (raman in `config.py`); NU adaugam un al treilea mediu.
- NU gating pe plan/tier pentru Productie (decizie user: liber). „Guard-ul" e: Productie e tinta doar daca e
activata + are creds, plus o confirmare unica la activarea Productie (constientizare L.142), NU per trimitere.
- NU schimbam masina de stari, backoff-ul, sau payload-ul `postPrezentare`.
- NU migram automat credentiale de prod ale clientilor — ei le introduc; migrarea doar muta creds-ul existent in
slotul mediului sub care contul opera efectiv.
## 3. Cerinte transversale (reguli de derivare)
- **REQ-DISP**: `medii_disponibile(cont)` = mediile din {test, prod} cu `enabled=1` SI creds prezente. Sursa unica
de adevar pentru vizibilitatea selector/toggle si pentru validarea unei tinte cerute.
- **REQ-VIZ**: selector la import + toggle in statusbar apar DOAR cand `len(medii_disponibile) >= 2`. La 1 mediu,
tinta e implicita (acel mediu), fara selector. La 0, trimiterea e blocata cu mesaj „configureaza credentiale RAR".
- **REQ-BADGE**: orice trimitere afiseaza badge Test/Productie (chiar si la 1 mediu — claritate ca declari real).
- **REQ-DEFAULT**: `rar_env_default(cont)` e mereu unul din mediile disponibile; cont client nou = `prod`. Daca
default-ul nu mai e disponibil (mediu dezactivat), cade pe singurul disponibil; daca 0 disponibile -> nicio tinta.
- **REQ-CONF**: trimiterea pe Productie nu cere confirmare per-rand; constientizarea vine din badge + o confirmare
UNICA la activarea mediului Productie in configurare.
## 4. Stories atomice
> Backend + UI pentru acelasi comportament = stories separate. `Fisiere` + `Depinde de` complete.
### US-001: Schema — medii per cont (activare + creds) + env pe submission
**Ca** sistem **vreau** sa stochez per cont activarea si credentialele fiecarui mediu, default-ul, si env-ul tinta
pe fiecare submission **pentru ca** test si prod sunt sisteme separate cu credentiale separate.
- **Depinde de**: —
- **Fisiere**: `app/schema.sql`, `app/db.py` (migrare idempotenta), `tests/test_schema_migrate.py`
- **Test intai (RED)**: `tests/test_schema_migrate.py``test_coloane_medii_pe_cont`,
`test_default_client_prod_on_test_off`, `test_migrare_creds_in_slotul_env_global`, `test_submissions_rar_env`
- **Acceptance criteria**:
- [ ] `accounts`: `rar_test_enabled INTEGER NOT NULL DEFAULT 0`, `rar_prod_enabled INTEGER NOT NULL DEFAULT 1`
(ambele CHECK IN (0,1)); `rar_creds_test_enc TEXT`, `rar_creds_prod_enc TEXT`;
`rar_env_default TEXT NOT NULL DEFAULT 'prod' CHECK (rar_env_default IN ('test','prod'))`
- [ ] `submissions.rar_env TEXT NOT NULL DEFAULT 'test' CHECK (rar_env IN ('test','prod'))`
- [ ] **Migrare existenti (NU presupune env-ul)**: `rar_creds_enc` -> slotul `AUTOPASS_RAR_ENV` global de la
migrare; seteaza `enabled=1` DOAR pe mediul cu creds; `rar_env_default` = acel mediu. Conturi fara creds:
raman pe default-urile coloanei (prod on / test off). Coloana veche RAMANE acum (dropul e in US-013, dupa
ce toate citirile trec pe per-env)
- [ ] **(AUTO-FIX G — CRITIC, amendament AC) Backfill `submissions.rar_env` EXISTENT din `AUTOPASS_RAR_ENV`
global**, NU lasa pe `DEFAULT 'test'`. Un rand prod pre-migrare etichetat 'test' -> US-006 reconciliaza
contra endpoint TEST -> no-match -> re-send prod = DUPLICAT REAL IREVERSIBIL. `DEFAULT 'test'` ramane doar
plasa pentru randuri net-noi (fiecare INSERT din US-004/005/009 seteaza `rar_env` explicit)
- [ ] **(AUTO-FIX E4/3) Recompute `idempotency_key` pentru randurile existente** la forma env-aware
(`build_key(account_id, canon, rar_env)` cu `rar_env`-ul backfill-at), ca lookup-urile de dedup (API +
import) sa nu rateze randuri legacy -> altfel re-POST = duplicat
- [ ] `test_submissions_rar_env` asserteaza ca un rand PRE-migrare ajunge cu env-ul global (NU 'test') si
reconciliaza contra endpointului corect
- [ ] migrare idempotenta pe DB existent, fara pierdere de date
- [ ] `python3 -m pytest tests/test_schema_migrate.py -q` PASS
- **Verificare E2E**: DB pre-migrare cu `AUTOPASS_RAR_ENV=test` -> creds aterizeaza in `rar_creds_test_enc`,
`rar_test_enabled=1`, `rar_env_default='test'`.
### US-002: Logica de disponibilitate si default efectiv
**Ca** sistem **vreau** un helper unic care intoarce mediile disponibile si default-ul efectiv al unui cont
**pentru ca** vizibilitatea UI, API-ul si worker-ul sa decida identic (REQ-DISP/REQ-DEFAULT).
- **Depinde de**: US-001
- **Fisiere**: `app/rar_env.py` (nou) sau `app/mapping.py`, `tests/test_rar_env_disponibil.py`
- **Test intai (RED)**: `tests/test_rar_env_disponibil.py``test_doar_prod_cu_creds`, `test_ambele`,
`test_zero_cand_lipsesc_creds`, `test_default_cade_pe_singurul_disponibil`, `test_enabled_fara_creds_nu_e_disponibil`
- **Acceptance criteria**:
- [ ] `medii_disponibile(account) -> list[str]` (subset din ['test','prod']) = enabled AND creds prezente
- [ ] `rar_env_efectiv(account) -> 'test'|'prod'|None` aplica REQ-DEFAULT
- [ ] `python3 -m pytest tests/test_rar_env_disponibil.py -q` PASS
- **Verificare E2E**: —
### US-003: Idempotenta include rar_env
**Ca** sistem **vreau** ca `build_key` sa incorporeze `rar_env` **pentru ca** aceeasi prezentare la test si apoi
la prod sunt doua trimiteri reale distincte, nu un duplicat.
- **Depinde de**: —
- **Fisiere**: `app/idempotency.py`, `tests/test_idempotency.py`
- **Test intai (RED)**: `tests/test_idempotency.py``test_key_difera_intre_test_si_prod`, `test_key_stabil_pe_env`
- **Acceptance criteria**:
- [ ] `build_key(account_id, canon, rar_env)` -> chei diferite test vs prod pe acelasi continut; stabil pe re-apel
- [ ] toate apelurile (`router.py`, `import_router.py`) trec env-ul rezolvat
- [ ] `python3 -m pytest tests/test_idempotency.py -q` PASS
- **Verificare E2E**: —
### US-004: Rezolvare tinta la ingestie (cerere > default cont) + respinge tinta indisponibila
**Ca** sistem **vreau** sa decid env-ul unui submission si sa resping tintele indisponibile **pentru ca** o tinta
fara mediu activ/creds nu trebuie sa intre in coada.
- **Depinde de**: US-002
- **Fisiere**: `app/validation.py`, `app/mapping.py`, `tests/test_rar_env_resolve.py`
- **Test intai (RED)**: `tests/test_rar_env_resolve.py``test_cerere_castiga`, `test_fallback_default_cont`,
`test_tinta_indisponibila_respinsa`, `test_valoare_invalida`
- **Acceptance criteria**:
- [ ] precedenta: valoare ceruta (daca e in `medii_disponibile`) > `rar_env_efectiv(cont)`
- [ ] tinta ceruta dar indisponibila -> eroare clara („mediul X nu e activat / fara credentiale"), fara enqueue
- [ ] valoare invalida (≠ test/prod) -> eroare de validare, fara fallback silentios
- [ ] `python3 -m pytest tests/test_rar_env_resolve.py -q` PASS
- **Verificare E2E**: —
### US-005: API — camp `rar_target` pe POST /v1/prezentari si /valideaza
**Ca** integrator ROAAUTO **vreau** sa pot preciza `rar_target`, cu default = default-ul contului meu **pentru ca**
sa aleg unde declar fara sa stiu env-ul global.
- **Depinde de**: US-003, US-004
- **Fisiere**: `app/api/v1/router.py`, `app/models.py`, `tests/test_api_rar_target.py`
- **Test intai (RED)**: `tests/test_api_rar_target.py``test_default_din_cont_cand_lipseste`,
`test_target_explicit`, `test_target_indisponibil_respins`, `test_get_ecou_rar_env`, `test_valoare_invalida_422`
- **Acceptance criteria**:
- [ ] camp optional `rar_target: "test"|"prod"` pe `POST /v1/prezentari` si `/valideaza`
- [ ] absent -> `rar_env_efectiv(cont)` (pt client prod-only = `prod`)
- [ ] tinta indisponibila -> raspuns clar, fara enqueue; `SubmissionResult` + GET ecou-iesc `rar_env`
- [ ] valoare invalida -> 422 fara echo de input (handler global pastrat)
- [ ] `python3 -m pytest tests/test_api_rar_target.py -q` PASS
- **Verificare E2E**: `POST /v1/prezentari` fara `rar_target` pe un cont prod-only -> submission env=prod.
### US-006: Worker — sesiuni si trimitere per (cont, env)
**Ca** worker **vreau** login/JWT separat per `(account_id, rar_env)`, cu base_url + creds corecte per submission
**pentru ca** test si prod sunt sisteme RAR diferite.
- **Depinde de**: US-001
- **Fisiere**: `app/worker/__main__.py` (`AccountSessions`), `app/rar_client.py` (base_url per env),
`app/reconcile.py`, `tests/test_worker_rar_env.py`
- **Test intai (RED)**: `tests/test_worker_rar_env.py``test_sesiune_separata_per_env`,
`test_base_url_dupa_submission`, `test_creds_din_slotul_env`, `test_reconcile_pe_env_corect`
- **Acceptance criteria**:
- [ ] cheia cache sesiune = `(account_id, rar_env)`; JWT/keepalive/last_rar_login_ok per env
- [ ] `RarClient` primeste env/base_url explicit (nu doar `settings.rar_base_url`)
- [ ] creds alese: submission efemere -> `accounts.rar_creds_{env}_enc`; lipsa -> blocaj clar (nu trimite)
- [ ] reconcilierea cauta in `finalizate` pe endpoint-ul `submission.rar_env`
- [ ] purjarea atinge DOAR `submissions.rar_creds_enc`, NU `accounts.rar_creds_{env}_enc`
- [ ] `python3 -m pytest tests/test_worker_rar_env.py -q` PASS
- **Verificare E2E**: doua submission-uri (test + prod, creds prezente) -> doua login-uri distincte in jurnal.
### US-007: Validare login pe env-ul ales (signup / preview / test integrare)
**Ca** sistem **vreau** ca validarea credentialelor sa loveasca mediul caruia ii apartin **pentru ca** o parola
prod nu se valideaza contra RAR test si invers (confirmat: 401 incrucisat).
- **Depinde de**: US-002
- **Fisiere**: `app/web/routes.py`, `app/rar_client.py`, `app/web/templates/_integrare.html`,
`tests/test_validare_env.py`
- **Test intai (RED)**: `tests/test_validare_env.py``test_valideaza_pe_env_creds`, `test_mesaj_distinge_env`
- **Acceptance criteria**:
- [ ] validarea (signup, „testeaza integrarea", preview) foloseste env-ul setului de creds verificat
- [ ] mesaj distinct „creds invalide pe TESTARE" vs „pe PRODUCTIE"
- [ ] `python3 -m pytest tests/test_validare_env.py -q` PASS
- **Verificare E2E**: in UI „testeaza integrarea" cu creds prod -> login pe endpoint prod.
### US-008: Configurare cont — doua medii (bifa activare + creds), default, confirmare prod
**Ca** titular de cont **vreau** sa activez fiecare mediu, sa-i introduc credentialele si sa aleg default-ul
**pentru ca** vreau sa controlez unde se poate trimite si unde merge implicit.
- **Depinde de**: US-001, US-007
- **Fisiere**: `app/web/routes.py`, `app/web/templates/_cont.html`, `app/crypto.py` (refolosit),
`tests/test_cont_medii.py`
- **Test intai (RED)**: `tests/test_cont_medii.py``test_activeaza_si_salveaza_creds_per_env`,
`test_default_doar_dintre_disponibile`, `test_activare_prod_cere_confirmare`, `test_creds_criptate_fara_echo`
- **Acceptance criteria**:
- [ ] doua sectiuni „Testare" si „Productie": fiecare cu bifa Activeaza + campuri email/parola; default client =
Productie bifat, Testare nebifat
- [ ] la salvare, creds-ul fiecarui mediu activat e validat prin login pe acel env (US-007); invalid -> nu se
marcheaza disponibil
- [ ] selectorul de default ofera DOAR mediile disponibile; nu poti seta default un mediu indisponibil
- [ ] activarea mediului Productie cere o confirmare unica „Inteleg ca trimiterile pe Productie sunt declaratii
reale (L.142)"
- [ ] creds criptate Fernet in `rar_creds_{env}_enc`, niciodata reflectate inapoi in pagina
- [ ] `python3 -m pytest tests/test_cont_medii.py -q` PASS
- **Verificare E2E**: activez Testare + creds valide si Productie + creds invalide -> doar Testare devine disponibil.
### US-009: Import web — selector mediu conditionat de disponibilitate
**Ca** operator **vreau** sa aleg mediul la import doar cand am ≥2 disponibile, pre-bifat pe default **pentru ca**
la un singur mediu alegerea e inutila.
- **Depinde de**: US-002, US-004
- **Fisiere**: `app/import_router.py`, `app/import_parse.py`, `app/web/templates/_upload.html`,
`_preview_import.html`, `tests/test_import_rar_env.py`
- **Test intai (RED)**: `tests/test_import_rar_env.py``test_selector_ascuns_la_un_mediu`,
`test_selector_prezent_si_prebifat_la_doua`, `test_commit_seteaza_env_pe_submissions`
- **Acceptance criteria**:
- [ ] selector Test/Prod apare DOAR daca `len(medii_disponibile) >= 2`; initial = `rar_env_efectiv`
- [ ] la 1 mediu: fara selector, toate randurile primesc acel mediu
- [ ] la commit, toate submission-urile lotului primesc `rar_env` ales
- [ ] `python3 -m pytest tests/test_import_rar_env.py -q` PASS
- **Verificare E2E**: cont prod-only -> import fara selector, submissions env=prod; cont cu ambele -> selector pre-bifat.
### US-010: Badge mediu in liste, preview, jurnal, audit + ecou API
**Ca** utilizator **vreau** sa vad pe fiecare trimitere mediul tinta **pentru ca** sa nu confund testul cu realul.
- **Depinde de**: US-001
- **Fisiere**: `app/web/templates/_submissions.html`, `_coada.html`, `_trimitere_detaliu.html`,
`_preview_rand.html`, `_jurnal.html`, `app/web/routes.py` (audit export), `app/api/v1/router.py` (GET),
`tests/test_badge_rar_env.py`
- **Test intai (RED)**: `tests/test_badge_rar_env.py``test_badge_in_lista`, `test_audit_contine_rar_env`,
`test_get_ecou_rar_env`
- **Acceptance criteria**:
- [ ] badge vizibil (Test vs Productie, culori distincte) in lista, preview rand, detaliu, jurnal
- [ ] `rar_env` in audit export si in `GET /v1/prezentari(/{id})`
- [ ] `python3 -m pytest tests/test_badge_rar_env.py -q` PASS
- **Verificare E2E**: rand prod -> badge „Productie"; export audit contine coloana.
### US-011: Statusbar — indicator mediu + toggle conditionat
**Ca** operator **vreau** sa vad in statusbar mediul default si sa-l pot schimba cand am ≥2 medii **pentru ca**
sa stiu mereu unde trimit si sa comut rapid.
- **Depinde de**: US-002, US-008
- **Fisiere**: `app/web/templates/_status.html`, `base.html`, `app/web/routes.py` (ruta toggle account-scoped),
`tests/test_statusbar_env.py`
- **Test intai (RED)**: `tests/test_statusbar_env.py``test_afiseaza_env_default`,
`test_toggle_doar_la_doua_medii`, `test_toggle_schimba_default`
- **Acceptance criteria**:
- [ ] statusbar afiseaza mediul default al contului logat (Test/Productie), distinct vizual
- [ ] toggle apare DOAR la `len(medii_disponibile) >= 2`; comutarea schimba `rar_env_default` (HTMX, fara reload)
- [ ] la 1 mediu: doar eticheta statica
- [ ] `python3 -m pytest tests/test_statusbar_env.py -q` PASS
- **Verificare E2E**: cont cu ambele -> click statusbar schimba default; cont prod-only -> eticheta fixa „Productie".
### US-012: Audit + e2e pe medii
**Ca** lead **vreau** evenimente de audit la activare mediu / schimbare default / blocaj tinta, plus teste e2e
**pentru ca** orice atingere a mediului Productie trebuie trasabila.
- **Depinde de**: US-005, US-006, US-009, US-011
- **Fisiere**: `app/audit.py`/`log_event`, `tests/test_e2e_rar_env.py`
- **Test intai (RED)**: `tests/test_e2e_rar_env.py``test_lant_import_pana_la_queued`, `test_activare_prod_logata`,
`test_tinta_indisponibila_blocata_si_logata`
- **Acceptance criteria**:
- [ ] audit la: activare/dezactivare mediu, schimbare `rar_env_default`, blocaj tinta indisponibila
- [ ] e2e (TestClient + SQLite temporar) acopera import->queued cu env corect, ambele cai
- [ ] `python3 -m pytest tests/test_e2e_rar_env.py -q` PASS
- **Verificare E2E**: jurnal arata „mediu Productie activat" + „default schimbat" cu cont + timestamp.
### US-013: Retragerea `accounts.rar_creds_enc` (toate citirile -> per-env, apoi DROP)
**Ca** sistem **vreau** ca toate cele ~40 de locuri care citesc `accounts.rar_creds_enc` sa treaca pe coloanele
per-mediu si apoi sa sterg coloana veche **pentru ca** modelul per-env sa fie sursa unica, fara schema dubla.
- **Depinde de**: US-005, US-006, US-008 (consumatorii principali deja pe per-env)
- **Fisiere**: `app/worker/__main__.py` (fallback + bucla keepalive „toate conturile cu creds"),
`app/web/routes.py` (indicatorii `are_creds`), `app/api/v1/integrare_router.py` (`are_creds_rar`),
`app/api/v1/router.py` (`POST /v1/conturi/rar-creds` devine env-aware), `app/accounts.py` (purge la stergere cont),
`app/db.py` (DROP cu garda), `app/models.py`, `tests/test_retragere_creds_enc.py`
- **Test intai (RED)**: `tests/test_retragere_creds_enc.py``test_niciun_read_pe_coloana_veche`,
`test_conturi_rar_creds_env_aware`, `test_are_creds_pe_per_env`, `test_drop_cu_garda_blocat_daca_lipsa_copiere`
- **Acceptance criteria**:
- [ ] worker fallback + keepalive citesc `rar_creds_{env}_enc` (per env), nu coloana veche
- [ ] `are_creds` (web) + `are_creds_rar` (integrare) devin per-mediu („are creds pe Testare/Productie")
- [ ] `POST /v1/conturi/rar-creds` primeste mediul (`rar_target`/`env`) si scrie in slotul corect — **schimbare
de contract API**, documentata in `docs/api-rar-contract.md`
- [ ] purjarea la stergere cont (`accounts.py`) sterge ambele sloturi per-env
- [ ] **DROP cu garda**: migrarea verifica intai ca fiecare `rar_creds_enc` non-null a aterizat intr-un slot
per-env (assert), apoi `ALTER TABLE accounts DROP COLUMN rar_creds_enc` (SQLite 3.45 OK); verificare esuata
-> NU dropa, ridica eroare (fail-safe)
- [ ] **(AUTO-FIX 6a — CRITIC) Elimina ATOMIC blocul `ADD COLUMN rar_creds_enc` din `db.py:77-78`** in aceeasi
migrare cu DROP-ul. Altfel urmatorul boot vede coloana absenta si o re-ADD goala -> ping-pong perpetuu,
garda se rupe. Garda e one-way: dropeaza doar cand sloturile per-env sunt populate SI coloana inca exista
- [ ] **(AUTO-FIX 6b — HIGH) DROP-ul nu crapa boot-ul**: `init_db/_migrate` ruleaza la fiecare pornire a ambelor
procese; un `DROP COLUMN` care arunca (SQLite < 3.35 / assert garda esuat) propaga -> API + worker
crash-loop. Prinde + degradeaza (log + lasa coloana pe loc), NU arunca. Asserteaza `sqlite_version() >= 3.35`
(verifica SQLite din imaginea Docker, nu doar dev box) si sare drop-ul gracios sub acel prag
- [ ] **(AUTO-FIX 6c — HIGH) Re-ruleaza backfill old->new IMEDIAT inainte de assert**: creds setate via
`POST /v1/conturi/rar-creds` intre deploy-ul US-001 si US-013 aterizeaza doar in coloana veche; copiaza-le
in slotul per-env (ancora globala) inainte de garda, altfel garda blocheaza drop-ul la nesfarsit
- [ ] **(AUTO-FIX 6d) Verificare prin `PRAGMA table_info(accounts)`** ca `rar_creds_enc` lipseste, NU doar prin
grep (ambele coloane — `accounts` si `submissions` — au acelasi nume; purjarea worker-ului ramane pe
`submissions.rar_creds_enc`)
- [ ] `grep -rn "rar_creds_enc" app/` nu mai gaseste citiri pe `accounts` (doar `submissions.rar_creds_enc` ramane)
- [ ] `python3 -m pytest tests/test_retragere_creds_enc.py -q` PASS
- **Verificare E2E**: dupa migrare, `PRAGMA table_info(accounts)` nu mai contine `rar_creds_enc`; fluxul de cont
(salvare creds, worker trimite) functioneaza pe per-env.
## 5. Riscuri
- **Trimitere reala accidentala** (FINALIZATA terminal, L.142): atenuat prin badge omniprezent + Productie disponibil
doar dupa activare explicita + creds + confirmare unica la activare. NU exista anulare la RAR.
- **Default invalid dupa dezactivare mediu**: REQ-DEFAULT recalculeaza; teste US-002 acopera caderea pe disponibil.
- **Migrare ambigua** (CONFIRMAT): `rar_creds_enc` poate fi test SAU prod; migrarea aterizeaza in slotul
`AUTOPASS_RAR_ENV` global + activeaza doar acel mediu. De validat pe DB-ul real inainte de deploy.
- **Client prod-only nu poate testa**: corect by design; UI explica explicit (nu „creds invalide"), nu ofera Testare
fara creds test.
- **Idempotenta**: schimbarea cheii (US-003) cere ca TOATE apelurile sa treaca env-ul; grep dupa `build_key` + teste.
- **Retragere `rar_creds_enc` (US-013)**: ~40 citiri + endpoint API `POST /v1/conturi/rar-creds` (contract). Blast
radius mare, dar single-release e mai curat decat schema dubla. DROP cu garda (assert copiere) = fara pierdere
de date; produsul e in TESTE (putine conturi reale). Recuperarea via coloana veche dispare dupa DROP — acceptat.
## 6. Intrebari deschise — REZOLVATE (user 2026-06-29)
- [x] **Default API** = default-ul contului (NU „test" hardcodat), fiindca clientii sunt prod-only. CONFIRMAT.
- [x] **Activare implicita cont nou** = Productie on / Testare off; contul operator setat manual pe Testare. CONFIRMAT.
- [x] **Confirmare Productie** = o data, la activarea mediului in configurare (nu per trimitere). CONFIRMAT.
- [x] **`rar_creds_enc` vechi** = se STERGE in acest PRD (US-013), nu in 5.2x. DROP cu garda (assert copiere),
toate citirile mutate pe per-env, endpoint `POST /v1/conturi/rar-creds` devine env-aware. CONFIRMAT.
## 7. Valuri de executie (graful de dependente)
```
Val 1: [US-001] [US-003] ← schema + idempotenta (fisiere distincte) → paralel
Val 2: [US-002] ← deblocat de US-001
Val 3: [US-004] [US-006] [US-007] ← rezolvare ingestie / worker / validare → paralel
Val 4: [US-005] [US-008] [US-009] [US-010] ← API / config cont / import / badge → paralel
Val 5: [US-011] ← statusbar (depinde de US-008)
Val 6: [US-012] [US-013] ← audit + e2e; retragere rar_creds_enc + DROP (depind de tot)
```
---
## Raport VERIFY
> Completat de subagentul verificator (context curat) in faza VERIFY — vezi ROADMAP §5.6.
> PASS/FAIL per criteriu, cu dovezi. Lipseste pana la VERIFY.
---
<!-- AUTONOMOUS DECISION LOG -->
## /autoplan Review (2026-06-29, commit 7371c37)
Voci: Claude (primar) + Claude subagent (independent). Codex indisponibil (usage limit, revine 18 iul) -> mod `[subagent-only]`. Poarta premisa: user a ales **"Build full per-account multi-env (as planned)"** — premisa de baza (sisteme separate) verificata live; nevoia de dashboard unic justifica per-cont peste 2 deployment-uri pinned.
### Auto-fixuri (corectitudine/siguranta — incorporate in stories)
| # | Story | Gap (gasit de) | Fix incorporat | Principiu |
|---|-------|----------------|----------------|-----------|
| G | US-001 | **CRITIC** (subagent): migrarea backfill-eaza creds dar NU `submissions.rar_env` existent; randuri prod pre-migrare cad pe DEFAULT 'test' -> US-006 reconciliaza contra endpoint TEST -> no-match -> **re-send prod = duplicat real ireversibil** | Migrarea backfill-eaza `submissions.rar_env` din `AUTOPASS_RAR_ENV` global (DEFAULT 'test' doar pentru randuri net-noi). Test: rand prod pre-migrare reconciliaza contra endpoint prod | P1 completeness + siguranta |
| L | **US-005/US-013** (NU US-006 — eng finding 5: write-back e in `router.py`, pe care US-006 nu-l atinge) | HIGH (ambele voci, `router.py:250`): write-back creds efemere API -> `accounts.rar_creds_enc` durabil nu e rutat pe slotul `submission.rar_env` | Write-back tinteste `accounts.rar_creds_{submission.rar_env}_enc` + test. **Plus**: nu auto-propaga creds API NEVALIDATE in slotul durabil per-env (ar putea clobber-i un slot login-validat); propaga doar dupa login reusit | P1 |
| K | US-013 | HIGH (subagent): `POST /v1/conturi/rar-creds` e contract extern; env-aware in-place = breaking | Endpoint **aditiv**: param `env` optional, default = default cont; apelanti vechi neatinsi. (Independent de decizia DROP) | P5 explicit + back-compat |
| M2 | US-013 | MEDIUM (Claude): `_keepalive_target` alege un cont fara notiune de env dupa per-env | Keepalive foloseste ancora globala `AUTOPASS_RAR_ENV` + un cont cu creds in slotul acelui env | P5 |
| M3 | US-003 | MEDIUM (Claude): `_already_sent_lookup` (import_router.py:369) are dual-lookup legacy; adaugarea env in cheie cere extinderea lui, nu doar a parametrului | US-003 extinde dual-lookup (cheie noua env-aware + fallback legacy) | P1 |
| D | US-001 | HIGH (subagent): corectitudinea migrarii e "de validat manual"; trebuie poarta testata | Script de audit pre-migrare (raporteaza slot-ul atribuit) + assert DROP-cu-garda existent ca poarta, nu nota manuala | P1 |
| M | US-012 | MEDIUM (subagent): niciun test live dual-env; riscul dominant (rutare gresita env) e exact ce SQLite nu prinde | Test live opt-in dual-env (extinde `test_live_rar`): 1 rand test + 1 prod -> 2 login-uri, 2 endpoint-uri, badge corecte, reconciliere pe env corect | P1 |
| backup | US-013 | MEDIUM (Claude): "recovery via coloana veche dispare dupa DROP — acceptat" | Inainte de DROP, dump coloana veche criptata intr-un backup timestamped (recuperare supravietuieste DROP) | P2 boil-lake |
### Decizii user la poarta finala (REZOLVATE 2026-06-29) — APROBAT
- **A (DROP US-013) -> PASTREAZA single-release.** User: "aplicatia e doar in teste, nu folosita de clienti" -> blast radius mic, rollback-ul conteaza mai putin. Decizia §6 ramane. **Garzile 6a/6b/6c sunt obligatorii in AC US-013** (eliminare atomica bloc ADD, catch+degrade fara boot-crash, re-backfill interim) + backup criptat inainte de DROP. NU se amana.
- **J/H1 (interlock prod) -> doar butonul de commit colorat (F8), FARA modal.** REQ-CONF ramane. Lantul: bifa activare (o data) + badge "fierbinte" + buton "Declară la PRODUCȚIE (real)". Fara confirmare per-commit (evita oboseala de click; clientii prod-only oricum n-au selector).
- **H (fallback default) -> doar toast zgomotos (F5), FARA re-confirmare.** REQ-DEFAULT auto-fallback ramane; toast-ul "Mediul implicit a trecut pe X" face flip-ul vizibil. Fara gate suplimentar.
### Taste (recomandari acceptate — fara override)
- **T1**: token dedicat `--prod` (brick) pentru badge-ul Productie. **T2**: `rar_env` ca nume unic input+output (scoate `rar_target`/`env`).
### Taste decisions (auto-decise cu recomandare — override la poarta)
- **T1 — token culoare Productie**: rosu (`--err`) se ciocneste cu erorile, amber (`--warn`) cu badge-ul legacy. Recomandat: token dedicat `--prod` (brick inchis) SAU `--accent` plin. (design F2)
- **T2 — nume camp request**: recomandat `rar_env` peste tot (un singur nume input+output), scoate `rar_target`/`env`. (DX F1)
### Teme cross-fază (semnal de incredere ridicat — aparut independent in 2+ faze)
- **Siguranta declaratiei reale ireversibile** — TOATE 4 fazele (CEO G/H1/J, Design F1/F8/F10, Eng 1b/3/G, DX F2/F3/F4). Semnalul dominant: badge + interlock + discoverability + rutare env corecta converg pe "nu declara real din greseala".
- **Flip silentios al mediului default** — CEO-H, Design-F5, DX-F3 (3 faze). Fa flip-ul zgomotos + nu auto-promova prod silentios.
- **Risc DROP US-013** — CEO-A, Eng 6a/6b/6c (2 faze). Intareste amanarea DROP-ului.
- **Ambiguitate spec/nume care musca implementer-ul** — Design-F14, Eng-4a, DX-F1/F7. Auto-fixurile TREBUIE sa intre in AC + contract inainte de implementare.
### NOT in scope (confirmat)
Eliminarea ancorei globale `AUTOPASS_RAR_ENV`; base_url din UI; al treilea mediu; gating plan/tier pe prod; schimbari masina-stari/backoff/payload; auto-migrare creds prod client. (PRD §2)
### Ce exista deja (leverage)
`crypto.py` Fernet (creds per-env), `AccountSessions` (re-key (cont,env)), `RarClient` (primeste settings; +param env), `config.rar_base_url_test/prod` (deja prezent), `build_key` (+param), `account_scope_clause`. Fara infra noua.
### Auto-fixuri DESIGN (structurale — incorporate in stories)
Voci: Claude (primar) + Claude subagent. Scorecard: 1 CRITIC, 7 HIGH, 5 MEDIUM, toate CONFIRMED.
| # | Story | Gap | Fix incorporat | Sev |
|---|-------|-----|----------------|-----|
| F1 | US-010 | **CRITIC**: "culori distincte" e singura spec a singurului guard vizual contra riscului dominant | Badge **normativ**: Productie = fill plin, saturat, text alb, iconita + cuvant complet UPPERCASE cu diacritice ("PRODUCȚIE"); Testare = outline/tint linistit (muted/accent), receding. Asimetria de greutate ESTE designul | CRITIC |
| F2 | US-010 | HIGH: rosu (`--err`) rezervat erorilor, amber (`--warn`) ocupat de `.badge-env` legacy + needs_* | Token dedicat `--prod` (ex. brick `#B4452F`) SAU `--accent` plin pentru Productie; hex/token scris in AC, nu improvizat per template. (taste: hexul exact -> poarta) | HIGH |
| F3/F12 | US-010 | HIGH: "Test/Testare/prod/PRODUCTIE" folosite interschimbabil; bypass `labels.py` | `labels.py` adaugat in Fisiere: `ETICHETE_ENV` + `eticheta_env(env)->(text,css)` (oglindeste `eticheta_scurta`). Productie UPPERCASE+diacritice, Testare title-case; clase `.badge-prod/.badge-test` definite o data in base.html langa `.sugg-sursa` | HIGH |
| F11 | US-011 | HIGH: `.badge-env` EXISTENT in header arata `AUTOPASS_RAR_ENV` global -> dupa 5.20 e semantic gresit; doua indicatoare env cu surse diferite in acelasi viewport | US-011 retrage/repurpune header `.badge-env` (preferat: scos pentru user logat, inlocuit de indicatorul account-scoped din statusbar). NU coexista doua surse de adevar | HIGH |
| F4 | US-009 | HIGH: starea 0-medii e numita dar nedesignata; blocaj la commit (dupa munca) = calea minima | Blocaj la UPLOAD (nu commit): banner `--warn` (refoloseste pattern "Cont in asteptare", `_status.html:8`) + CTA link `?tab=cont`, inainte de drop-zone | HIGH |
| F5 | US-011 | HIGH: schimbarea silentioasa a default-ului (mediu dezactivat) nu are UI -> target real/test comuta fara ca userul sa stie | Toast explicit (componenta `#toast` exista) la schimbarea `rar_env_default` ca efect al disponibilitatii: "Mediul implicit a trecut pe X". Leaga de CEO-H | HIGH |
| F8 | US-009 | HIGH: o bifa la activare apoi nimic = sub-avertizare; modalul per-trimitere a fost respins (REQ-CONF) | Butonul de commit POARTA greutatea cand target=Productie: "Declară la PRODUCȚIE (real)" + culoarea Productie (FARA modal, FARA click extra -> nu incalca REQ-CONF). Copy bifa activare: adauga ireversibilitatea ("declarații oficiale, finale și fără anulare") | HIGH |
| F6/F7 | US-008/US-011 | MEDIUM: stari loading/error pt toggle HTMX + validare creds la RAR nespecificate; stare per-sectiune (activat-fara-creds-valide) | toggle: `hx-indicator` + disabled in zbor, pe esec NU schimba default + eroare; US-008 validare creds arata `htmx-indicator` ("se verifica la RAR…") + esec in `.banner` cu copy per-env (US-007); fiecare sectiune arata 3 stari: dezactivat / activat-fara-creds / disponibil | MEDIUM |
| F9/F10 | US-009 | MEDIUM/HIGH: selectorul absent la 1 mediu = env invizibil la import; default pre-bifat prod la prima trimitere | Mereu randeaza un indicator env la import (eticheta statica la 1 mediu, toggle la >=2, ACEEASI pozitie). Prod pre-bifat e sigur DOAR daca F8+F9 livreaza impreuna — legate explicit in AC | HIGH |
| F13 | US-010 | MEDIUM: sa nu forkeze un badge structural nou | Refoloseste idiomul `.sugg-sursa` (10px, weight 700, tint+border) pt Testare; Productie = aceeasi geometrie dar fill plin+alb+icon (spargerea e semnalul) | MEDIUM |
### Auto-fixuri ENG (corectitudine/deploy — incorporate in stories)
Voci: Claude (primar) + Claude subagent (verificat contra codului real). **Meta (eng 4a): toate auto-fixurile de mai jos sunt NORMATIVE si trebuie sa intre in AC-ul story-urilor inainte de implementare — un implementer care urmeaza AC-ul literal, fara ele, livreaza bug-urile critice.** G + 6a deja imbinate in AC US-001/US-013.
| # | Story | Gap (vs cod real) | Fix | Sev |
|---|-------|-------------------|-----|-----|
| E1/1a | US-006 | `get_token` purjeaza `submissions.rar_creds_enc WHERE account_id=?` -> dupa re-key, login TEST sterge creds efemere ale submission-urilor PROD ale contului -> prod blocat | `WHERE account_id=? AND rar_env=?` + test `test_purge_creds_doar_pe_env` | HIGH |
| 1b/E6 | US-006 | `recover_orphans` filtreaza doar pe `account_id`; iterat per sesiune (cont,env) reconciliaza orfanii prod contra endpoint TEST -> no-match -> re-POST prod = DUPLICAT real | +`rar_env` in WHERE; apelat per (cont,env) din `active()`; test orfan env A nereconciliat contra env B | HIGH/CRITIC |
| 3/E4 | US-003 | API channel (`router.py:223`) NU are dual-lookup; re-POST al unui rand pre-5.20 cu cheie env-aware rateaza randul legacy -> duplicat. Import dual-lookup ignora env-ul randului matchuit | Recompute-keys la migrare (US-001, vezi acolo) acopera ambele canale uniform; daca pastrezi dual-lookup, exista si in `router.py` SI gate pe `matched_row.rar_env==target_env` | HIGH |
| 1c/E8 | US-006 | `claim_one` nu selecteaza `s.rar_env` -> worker nu poate alege cheia sesiune/base_url/slot | AC explicit: claim selecteaza + propaga `rar_env` in dict-ul `claimed` | MEDIUM |
| 1d | US-006/US-001 | `worker_heartbeat` e un singur rand global (`WHERE id=1`); US-006 cere `last_rar_login_ok` PER env dar US-001 nu adauga schema per-env -> neimplementabil ca scris | Decizie: pastreaza heartbeat global (JWT/sesiune per env e suficient), scoate "per env" din AC US-006; SAU adauga coloana in US-001. Recomandat: global | MEDIUM |
| 1e | US-006 (doc) | `_refresh_nomenclator` upsert intr-un `nomenclator_rar` env-less la fiecare login; login test suprascrie cu coduri test, prod cu prod -> un cod valid pe prod poate fi respins la ingestie daca ultimul refresh a fost test | Documenteaza presupunerea (nomenclator identic intre medii — aceleasi 18 coduri) SAU scope per-env (out of scope acum). Minim: nota explicita | MEDIUM |
| 5 | US-005/US-013 | write-back creds API nevalidate -> slot durabil (vezi L de mai sus) | re-asignat la US-005/US-013; propaga doar dupa login reusit | MEDIUM/HIGH |
| 6a..6d | US-013 | ping-pong re-ADD / boot-crash / interim-creds / grep ambiguu | imbinate in AC US-013 (vezi acolo) | CRITIC/HIGH |
### ENG DUAL VOICES — CONSENSUS TABLE
```
Dimension Claude Subagent Consensus
────────────────────────────── ──────── ───────── ────────────────────
1. Architecture sound? da/cond da/cond CONFIRMED (cond. fixuri)
2. Test coverage sufficient? lacune +API b/c CONFIRMED lacune
3. Performance risks? low low CONFIRMED low
4. Security (creds routing)? L/5 5+unvalid CONFIRMED
5. Error paths (boot)? E1/E9 6a/6b CRIT CONFIRMED (boot-crash)
6. Deployment risk (DROP)? migrare CRIT/HIGH CONFIRMED ELEVAT -> intareste challenge A
```
Codex: indisponibil (N/A). Mesaj-cheie: caile de duplicat ireversibil (1b, 3) si boot-crash/ping-pong (6a, 6b) musca in productie; intaresc recomandarea de a amana DROP-ul (challenge A).
### Diagrama teste (codepath -> acoperire)
| Codepath nou | Story test | Stare |
|---|---|---|
| `medii_disponibile`/`rar_env_efectiv` | US-002 | acoperit |
| resolve target (cerere>default), respinge indisponibil | US-004 | acoperit |
| idempotency env-aware + **recompute legacy** | US-003/US-001 | GAP recompute -> adaugat |
| **migrare backfill `submissions.rar_env`** | US-001 | GAP (G) -> adaugat in AC |
| worker sesiune (cont,env) + base_url per env | US-006 | acoperit |
| **purge creds scoped pe env** | US-006 | GAP (E1) -> adaugat |
| **recover_orphans per env** | US-006 | GAP (1b) -> adaugat |
| **write-back slot routing** | US-005/013 | GAP (L/5) -> adaugat |
| reconcile endpoint per env (inline + **orfani**) | US-006 | inline acoperit; orfani GAP -> adaugat |
| **keepalive env (ancora globala)** | US-013 | GAP (M2) -> adaugat |
| DROP garda: assert + **idempotent re-run** + **fail-loud/no-crash** | US-013 | partial -> intarit (6a/6b/6c) |
| **API-channel idempotency back-compat** | US-003 | GAP (3) -> adaugat |
| badge/labels env | US-010 | acoperit |
| API `rar_target` default/explicit/invalid/indisponibil | US-005 | acoperit |
| config 2 sectiuni + confirmare prod | US-008 | acoperit |
| statusbar toggle viz + **retragere header `.badge-env`** | US-011 | toggle acoperit; header GAP (F11) -> adaugat |
| **live dual-env smoke** | US-012 | GAP (M) -> adaugat opt-in |
### Auto-fixuri DX (contract API extern — incorporate in stories)
Voci: Claude (primar) + Claude subagent (perspectiva integrator VFP/ROAAUTO). Riscul ireversibilitatii ridica stacheta pe claritate nume / eroare / discoverability pre-trimitere.
| # | Story | Gap | Fix | Sev |
|---|-------|-----|-----|-----|
| F1 | US-005/US-013 | Trei nume pt un concept: input `rar_target`, echo/DB `rar_env`, rar-creds `env` (US-013 AC scrie literal "rar_target/env") | **Un singur cheie: `rar_env`** pe input + output + rar-creds (englez snake, consistent cu coloana si `on_unmapped_error`). Scoate `rar_target`/`env`. (taste usor -> poarta) | HIGH |
| F2 | US-004 | Eroarea "mediu indisponibil" e proza, fara `cod`/envelope 6-chei/status; `errors.py` nu e in Fisiere | `RAR_MEDIU_INDISPONIBIL` in `errors.CATALOG` (problema/cauza cu lista disponibile/fix "activeaza in Cont"); adauga `errors.py` la Fisiere US-004; distinge literal-invalid (422 pydantic) de valid-dar-indisponibil (cod dedicat); acopera si cazul 0-medii | HIGH |
| F3 | US-004/contract | Flip runtime test->prod prin canal web: operator comuta disponibilitatea -> apelant API fara `rar_env` trece silentios pe prod (real). Migrarea previne flip la DEPLOY, nu la RUNTIME | Mitigat de F4+F5 (probe pre-trimitere); documenteaza reasignarea ca comportament cunoscut; leaga de CEO-H | HIGH |
| F4 | US-010 (sau story noua) | Niciun GET nu expune `medii_disponibile`/`rar_env_default` -> integratorul afla env-ul doar din eroare sau dupa o trimitere reala | `GET /v1/conturi/medii` account-scoped: `{medii_disponibile, rar_env_default, test:{enabled,has_creds}, prod:{...}}` (refoloseste helper US-002, <1 fisier) | HIGH |
| F5 | US-005 | `ValidareResult` (dry-run) NU ecou-ieste `rar_env`; dry-run e canalul sigur de a confirma unde ar ateriza o trimitere reala | adauga `rar_env: str` la `ValidareResult` + `/valideaza`; `models.py` | MEDIUM |
| F6 | US-004/US-005 | Respingere whole-request vs per-rand inconsistenta cu `on_unmapped_error` (per-rand, 200) | Decide + documenteaza; recomandat: corp parsabil imbogatit cu `cod` (prietenos VFP), noteaza asimetria intentionat | MEDIUM |
| F7 | US-005/US-010/US-004/US-013 | Contractul (sursa adevar) actualizat doar pt rar-creds; lipsesc field-ul nou, echo-ul, cod-ul nou. **`/v1/conturi/rar-creds` NU e documentat deloc azi** -> US-013 e documentare de la zero, nu amendament | AC explicit "update `api-rar-contract.md`" pe fiecare; US-013 documenteaza endpoint-ul intreg (req/resp, param env, slot default) | HIGH |
| F8 | US-013 (doc) | `env` optional default = slot default cont: integrator cu creds TEST pe cont nou (default prod) le scrie silentios in slot prod -> US-007 le respinge "invalide pe PRODUCTIE" desi sunt valide (test) | pastreaza aditiv; documenteaza ca omiterea `env` tinteste slotul default; mesaj validare sugereaza nepotrivire env ("creds valide pentru alt mediu?") | MEDIUM |
### DX DUAL VOICES — CONSENSUS TABLE
```
Dimension Claude Subagent Consensus
─────────────────────────────── ─────── ───────── ──────────────
1. Getting started (aditiv)? low fr low fr CONFIRMED low
2. Naming guessable? D1 incon F1 3-nume CONFIRMED -> rar_env
3. Error messages actionable? D2 gap F2 gap CONFIRMED gap
4. Docs findable & complete? D4 gap F7 gap+ CONFIRMED gap
5. Back-compat safe? D3 resid F3 runtime CONFIRMED (1 rezidual)
6. Discoverability pre-send? D5 gap F4 gap CONFIRMED gap
```
Codex: indisponibil (N/A). DX scor initial: ~6/10 (model API solid + aditiv, dar nume inconsistent + eroare neimbogatita + zero discoverability + contract neactualizat). Tinta dupa fixuri: ~9/10.
### Jurnal integrator (condensat)
| Etapa | Azi (plan brut) | Dupa fixuri DX |
|---|---|---|
| Afla env-urile contului | doar din eroare / dupa trimitere reala | `GET /v1/conturi/medii` |
| Trimite | `rar_target` (nume #1) | `rar_env` (un nume) |
| Confirma tinta fara trimitere reala | imposibil (valideaza nu ecou-ieste) | `/valideaza` ecou-ieste `rar_env` |
| Eroare tinta indisponibila | proza, fara cod | `cod: RAR_MEDIU_INDISPONIBIL` + fix |
| Citeste rezultatul | `rar_env` (nume #2) | `rar_env` (acelasi) |
| Doc | contract fara field/endpoint | contract complet |

View File

@@ -471,17 +471,18 @@ risc regresie vizuala fara baza AC). **Auto-decis: doar instanta sub-12px** (`et
- **Fallback**: `vehicul_nr == '—'` → nu randa em-dash singur (mesaj fallback).
- Pastreaza numele claselor `slim-vin`/`slim-meta` (reumple, nu redenumi) — minimizeaza churn teste.
### Implementation Tasks (agregat)
- [ ] **T-1 (INALTA) — `_submissions.html`** — refactor rand 4→2 linii cu placuta+codRAR+operatie+data_prestatie+pill; fallback placuta; pastreaza clase. Update teste: rescrie test_vin_pe_rand_separat_sub_nr, test_rand_slim_vin_operatie_pill, test_submissions_coloane_umane; adauga test 2-linii + test fallback placuta.
- [ ] **T-2 (INALTA) — `base.html` (CSS pill) + `_submissions.html`** — restilare pill slim ca mockup (fill tint + dot + text colorat per `stare_css`); pill ramane pe finalizat.
- [ ] **T-3 (INALTA) — `_preview_import.html` / `base.html:401`** — bug 4a: `.col-stare` width 104px→~140px (+ `overflow:hidden` sau pill wrap). NU atinge nowrap pe col-vehicul (test_web_preview_compact). Reducere 8→4 coloane (densitate) ca task separat.
- [ ] **T-4 (MEDIE) — `_preview_import.html`** — reducere la 4 coloane esentiale (Stare/Vehicul/Operatie/Data + Editeaza); muta KM + mesaj validare in randul de editare/tooltip.
- [ ] **T-5 (MEDIE) — `_coada.html:10-19`** — scoate titlul "Trimiterile tale" (h2); relocare export CSV langa tab-uri / meniu cont (PRD 5.16/US-002).
- [ ] **T-6 (MEDIE) — `_status.html:140`** — scoate randul plan "N/60 luna asta" din corp; pastreaza badge antet + linie burger (PRD 5.17/US-006). Daca >=80% consum, afiseaza doar in starea de avertizare.
- [ ] **T-7 (MEDIE) — `_chips_prestatii.html:122`** — guard `{% if _extra %}` pe containerul `.chips` (operatii-mode), elimina chenarul gol.
- [ ] **T-8 (MICA) — `_submissions.html:133`** — `font-size:10px`→`var(--fs-xs)` (doar instanta sub-12px).
- [ ] **T-9 (MICA) — copy/stil** — "Anuleaza"→"Renunta" (form editare); nume operatie emfatic (bold) in editorul de chips per mockup.
- [ ] **Defer TODOS** — stare eroare HTMX lista (D-4); teste regresie vizuala; dropzone zona-mare (sec.5); retokenizare px completa; diacritice (decis: nu).
### Implementation Tasks (agregat) — LIVRAT 2026-06-29 (toate verzi, 1392 teste)
- [x] **T-1 (INALTA) — `_submissions.html`** — refactor rand 4→2 linii cu placuta+codRAR+operatie+data_prestatie+pill; fallback placuta; clase pastrate. Teste rescrise: test_rand_slim_vin_operatie_pill, test_submissions_coloane_umane, test_placuta_pe_rand_identificator_primar (fost test_vin_pe_rand_separat_sub_nr), test_placuta_lipsa_nu_genereaza_rand_gol (fallback "fara numar").
- [x] **T-2 (INALTA) — `base.html` (CSS pill) + `_submissions.html`** — pill slim restilat (fill tint + dot 7px + text colorat per `stare_css` via currentColor), scopat `.lista-trimiteri-slim .pill`; ramane pe finalizat.
- [x] **T-3 (INALTA) — `base.html`** — bug 4a: `.tabel-trimiteri .col-stare` 104px→140px. nowrap pe col-vehicul neatins.
- [x] **T-4 (MEDIE) — `_preview_import.html` + `_preview_rand.html`** — reducere la 5 coloane (Stare/Vehicul/Operatie/Data/Actiuni); scoase col-id, col-km, col-note; motivul mutat in `title` pe pill, KM in modal.
- [x] **T-5 (MEDIE) — `_coada.html`** — titlu vizibil "Trimiterile tale" → `<h2 class="sr-only">` (a11y pastrat); badge "de rezolvat" + export CSV intr-un rand discret. `.sr-only` adaugat in base.html.
- [x] **T-6 (MEDIE) — `_status.html`** — linia plan in corp DOAR pe avertizare (`plan_warn`/`plan_limita_atinsa`); consum normal in badge antet + burger. Teste status mutate pe pagina completa.
- [x] **T-7 (MEDIE) — `_chips_prestatii.html`** — guard `{% if _extra_chips %}` pe containerul `.chips`, chenarul gol eliminat.
- [x] **T-8 (MICA) — `_submissions.html` / base.html** — `font-size:10px`→`var(--fs-xs)` (eticheta-problema, prin clasa scopata `.lista-trimiteri-slim .eticheta-problema`).
- [x] **T-9 (MICA) — `_form_editare.html` + base.html** — "Anuleaza"→"Renunta" (default); `.op-row-name` emfatic (bold, `--fs-sm`).
- [ ] **Defer — tracked in `TODOS.md`** (la cererea userului 2026-06-29): stare eroare HTMX lista (D-4); retokenizare px completa; diacritice in textul vizibil.
- [x] **Defer — inchis ca acceptabil** (netrackuit): teste regresie vizuala (tooling viitor); dropzone zona-mare (sec.5, raportul il marcheaza acceptabil).
### Verificare la implementare
`python3 -m pytest tests/test_web_submissions.py tests/test_web_submissions_layout.py tests/test_web_responsive.py tests/test_web_preview_compact.py -q`

View File

@@ -112,7 +112,10 @@ def test_list_accounts_ordonat_fara_creds(conn):
assert ids == sorted(ids)
for r in rows:
assert "rar_creds_enc" not in r
assert set(r.keys()) == {"id", "name", "cui", "email", "active", "status", "created_at", "tier", "trial_until"}
assert set(r.keys()) == {
"id", "name", "cui", "email", "active", "status", "created_at",
"tier", "trial_until", "requested_plan", "consent_at",
}
# ---------------------------------------------------------------------------

View File

@@ -40,7 +40,8 @@ def _signup(client, name, email, password="parola_test_001"):
tok = _csrf(client, "/signup")
resp = client.post("/signup", data={"name": name, "cui": make_test_cui(email),
"email": email, "parola": password,
"csrf_token": tok}, follow_redirects=True)
"consent": "1", "csrf_token": tok},
follow_redirects=True)
assert resp.status_code == 200
from app.db import get_connection
conn = get_connection()

View File

@@ -62,6 +62,7 @@ def _signup(client: TestClient, name: str, email: str, password: str = "parola_t
"cui": make_test_cui(email),
"email": email,
"parola": password,
"consent": "1",
"csrf_token": token,
}, follow_redirects=True)
assert resp.status_code == 200, f"signup esuat: {resp.text[:300]}"
@@ -261,3 +262,158 @@ def test_activare_cont_incomplet_refuzata(client):
assert not _get_account_active(incomplete_id), (
"Contul incomplet (fara email/CUI) a fost activat — gate pe account_is_complete nu functioneaza"
)
def _get_tier_trial(account_id: int) -> tuple[str, str | None]:
"""Citeste (tier, trial_until) din DB."""
from app.db import get_connection
conn = get_connection()
try:
row = conn.execute(
"SELECT tier, trial_until FROM accounts WHERE id=?", (account_id,)
).fetchone()
return (row["tier"], row["trial_until"]) if row else ("", None)
finally:
conn.close()
def _get_tier(account_id: int) -> str:
"""Citeste accounts.tier din DB."""
return _get_tier_trial(account_id)[0]
def test_set_tier_din_admin_incheie_trial(client):
"""POST /admin/set-tier -> tier actualizat, trial_until=NULL (trial incheiat), 303.
Contul nou are trial Pro 30z; alocarea manuala trebuie sa-l incheie ca alegerea
sa aiba efect imediat (decizie user 2026-06-29)."""
target_id = _signup(client, "Firma Upgrade SRL", "upgrade@test.ro")
tier0, trial0 = _get_tier_trial(target_id)
assert tier0 == "free", "cont nou trebuie sa porneasca pe free"
assert trial0, "cont nou trebuie sa aiba trial_until setat (trial Pro 30z)"
admin_id = _signup(client, "Admin Tier SA", "admintier@test.ro")
_make_admin(admin_id)
_login(client, "admintier@test.ro")
csrf = _get_csrf(client, "/admin")
resp = client.post("/admin/set-tier", data={
"account_id": str(target_id),
"tier": "pro",
"csrf_token": csrf,
})
assert resp.status_code == 303, f"asteptat 303 PRG, primit {resp.status_code}"
tier1, trial1 = _get_tier_trial(target_id)
assert tier1 == "pro", "tier-ul nu a fost mutat pe pro"
assert trial1 is None, "trial_until trebuie sters la alocarea manuala (efect imediat)"
def test_set_tier_free_opreste_pro_imediat(client):
"""Setarea pe 'free' pe un cont in trial -> efectiv 'free' acum (trial incheiat).
Fara stergerea trial-ului, effective_tier ar fi ramas 'pro' inca ~30 zile."""
from datetime import datetime, timezone
from app.plans import effective_tier
target_id = _signup(client, "Firma Abuz Trial SRL", "abuztrial@test.ro")
admin_id = _signup(client, "Admin Stop SA", "adminstop@test.ro")
_make_admin(admin_id)
_login(client, "adminstop@test.ro")
csrf = _get_csrf(client, "/admin")
resp = client.post("/admin/set-tier", data={
"account_id": str(target_id),
"tier": "free",
"csrf_token": csrf,
})
assert resp.status_code == 303
tier1, trial1 = _get_tier_trial(target_id)
assert tier1 == "free" and trial1 is None
eff = effective_tier({"tier": tier1, "trial_until": trial1}, datetime.now(timezone.utc))
assert eff == "free", "dupa setarea pe free, planul efectiv trebuie sa fie free imediat"
def test_set_tier_invalid_respins(client):
"""Tier invalid -> nu schimba nimic (re-randare cu eroare sau ignorat)."""
target_id = _signup(client, "Firma Tier Invalid SRL", "tierinvalid@test.ro")
admin_id = _signup(client, "Admin TI SA", "adminti@test.ro")
_make_admin(admin_id)
_login(client, "adminti@test.ro")
csrf = _get_csrf(client, "/admin")
resp = client.post("/admin/set-tier", data={
"account_id": str(target_id),
"tier": "platinum", # invalid
"csrf_token": csrf,
})
assert resp.status_code in (200, 422), f"tier invalid ar trebui respins, primit {resp.status_code}"
assert _get_tier(target_id) == "free", "tier invalid nu trebuie aplicat"
def test_set_tier_fara_csrf_respins(client):
"""POST /admin/set-tier fara token CSRF valid -> respins, tier neschimbat."""
target_id = _signup(client, "Firma CSRF Tier SRL", "csrftier@test.ro")
admin_id = _signup(client, "Admin CSRF SA", "admincsrf@test.ro")
_make_admin(admin_id)
_login(client, "admincsrf@test.ro")
resp = client.post("/admin/set-tier", data={
"account_id": str(target_id),
"tier": "pro",
"csrf_token": "token-fals",
})
assert resp.status_code in (400, 403), f"CSRF invalid trebuie respins, primit {resp.status_code}"
assert _get_tier(target_id) == "free", "tier schimbat desi CSRF era invalid"
def test_set_trial_din_admin(client):
"""POST /admin/set-trial -> trial_until setat, tier de baza neschimbat, efectiv pro, 303."""
from datetime import datetime, timezone
from app.plans import effective_tier
target_id = _signup(client, "Firma Trial SRL", "trialnou@test.ro")
# incheie intai orice trial (set-tier free) ca sa pornim de la baza curata
admin_id = _signup(client, "Admin Trial SA", "admintrialacord@test.ro")
_make_admin(admin_id)
_login(client, "admintrialacord@test.ro")
csrf = _get_csrf(client, "/admin")
client.post("/admin/set-tier", data={
"account_id": str(target_id), "tier": "free", "csrf_token": csrf,
})
assert _get_tier_trial(target_id) == ("free", None)
# acorda trial Pro 15 zile
csrf = _get_csrf(client, "/admin")
resp = client.post("/admin/set-trial", data={
"account_id": str(target_id),
"trial_days": "15",
"csrf_token": csrf,
})
assert resp.status_code == 303, f"asteptat 303 PRG, primit {resp.status_code}"
tier1, trial1 = _get_tier_trial(target_id)
assert tier1 == "free", "tier-ul de baza NU trebuie schimbat de acordarea de trial"
assert trial1, "trial_until trebuie setat"
eff = effective_tier({"tier": tier1, "trial_until": trial1}, datetime.now(timezone.utc))
assert eff == "pro", "trial activ trebuie sa ridice planul efectiv la pro"
def test_set_trial_zile_invalide_respins(client):
"""trial_days <= 0 -> 422, trial neschimbat."""
target_id = _signup(client, "Firma Trial Invalid SRL", "trialinvalid@test.ro")
admin_id = _signup(client, "Admin TInv SA", "admintinv@test.ro")
_make_admin(admin_id)
_login(client, "admintinv@test.ro")
# porneste de la trial sters
csrf = _get_csrf(client, "/admin")
client.post("/admin/set-tier", data={
"account_id": str(target_id), "tier": "free", "csrf_token": csrf,
})
csrf = _get_csrf(client, "/admin")
resp = client.post("/admin/set-trial", data={
"account_id": str(target_id),
"trial_days": "0",
"csrf_token": csrf,
})
assert resp.status_code == 422
assert _get_tier_trial(target_id) == ("free", None), "trial nu trebuie setat la zile invalide"

View File

@@ -0,0 +1,226 @@
"""Teste US-005 — camp rar_env pe POST /v1/prezentari si /valideaza.
Acopera: default din cont, tinta explicita, respingere tinta indisponibila,
echo GET, valoare invalida (422 Pydantic), echo dry-run valideaza.
"""
from __future__ import annotations
import os
import tempfile
import pytest
from fastapi.testclient import TestClient
@pytest.fixture()
def env(monkeypatch):
"""DB temporara izolata per test + settings reincarcate."""
tmp = tempfile.mkdtemp()
monkeypatch.setenv("AUTOPASS_DB_PATH", os.path.join(tmp, "t.db"))
from app.config import get_settings
get_settings.cache_clear()
yield monkeypatch
get_settings.cache_clear()
def _client():
from app.main import app
return TestClient(app)
def _body(rar_env=None, **over):
prez = {
"vin": "WVWZZZ1KZAW000123",
"nr_inmatriculare": "B999TST",
"data_prestatie": "2026-06-15",
"odometru_final": "123456",
"prestatii": [{"cod_prestatie": "OE-1"}],
}
prez.update(over)
body = {"rar_credentials": {"email": "x@y.ro", "password": "s"}, "prezentari": [prez]}
if rar_env is not None:
body["rar_env"] = rar_env
return body
def _setup_prod_only(conn):
"""Configureaza contul 1 ca prod-only (rar_prod_enabled=1, creds prod, default prod)."""
from app.crypto import encrypt_creds
enc = encrypt_creds({"email": "prod@rar.ro", "password": "paraprod"})
conn.execute(
"UPDATE accounts SET rar_prod_enabled=1, rar_creds_prod_enc=?, "
"rar_test_enabled=0, rar_creds_test_enc=NULL, rar_env_default='prod' WHERE id=1",
(enc,),
)
conn.commit()
def _setup_dual_env(conn):
"""Configureaza contul 1 cu ambele medii disponibile, default test."""
from app.crypto import encrypt_creds
enc_test = encrypt_creds({"email": "test@rar.ro", "password": "paratest"})
enc_prod = encrypt_creds({"email": "prod@rar.ro", "password": "paraprod"})
conn.execute(
"UPDATE accounts SET rar_prod_enabled=1, rar_creds_prod_enc=?, "
"rar_test_enabled=1, rar_creds_test_enc=?, rar_env_default='test' WHERE id=1",
(enc_prod, enc_test),
)
conn.commit()
# --------------------------------------------------------------------------- #
# test_default_din_cont_cand_lipseste #
# --------------------------------------------------------------------------- #
def test_default_din_cont_cand_lipseste(env):
"""Cont prod-only, POST fara rar_env -> submission rar_env='prod'."""
with _client() as c:
from app.db import get_connection
conn = get_connection()
try:
_setup_prod_only(conn)
finally:
conn.close()
r = c.post("/v1/prezentari", json=_body())
assert r.status_code == 200, r.text
res = r.json()["results"][0]
assert res["status"] == "queued"
assert res["rar_env"] == "prod"
# --------------------------------------------------------------------------- #
# test_target_explicit #
# --------------------------------------------------------------------------- #
def test_target_explicit(env):
"""Cont cu ambele medii, POST cu rar_env='test' -> submission rar_env='test'."""
with _client() as c:
from app.db import get_connection
conn = get_connection()
try:
_setup_dual_env(conn)
finally:
conn.close()
r = c.post("/v1/prezentari", json=_body(rar_env="test"))
assert r.status_code == 200, r.text
res = r.json()["results"][0]
assert res["status"] == "queued"
assert res["rar_env"] == "test"
# Aceeasi prezentare cu rar_env='prod' -> cheie diferita (env-aware) -> alt submission
r2 = c.post("/v1/prezentari", json=_body(rar_env="prod"))
assert r2.status_code == 200, r2.text
res2 = r2.json()["results"][0]
assert res2["rar_env"] == "prod"
# Nu e dedup (env diferit -> cheie diferita)
assert res2["submission_id"] != res["submission_id"]
# --------------------------------------------------------------------------- #
# test_target_indisponibil_respins #
# --------------------------------------------------------------------------- #
def test_target_indisponibil_respins(env):
"""Cont prod-only, POST cu rar_env='test' -> 422 RAR_MEDIU_INDISPONIBIL, fara enqueue."""
with _client() as c:
from app.db import get_connection
conn = get_connection()
try:
_setup_prod_only(conn)
finally:
conn.close()
r = c.post("/v1/prezentari", json=_body(rar_env="test"))
assert r.status_code == 422, r.text
detail = r.json()["detail"]
assert detail["cod"] == "RAR_MEDIU_INDISPONIBIL"
# Cauza contine mediul cerut si lista disponibilelor
assert "test" in detail["cauza"]
assert "prod" in detail["cauza"]
# Verifica ca nu s-a facut enqueue
lista = c.get("/v1/prezentari").json()["submissions"]
assert lista == []
# --------------------------------------------------------------------------- #
# test_get_ecou_rar_env #
# --------------------------------------------------------------------------- #
def test_get_ecou_rar_env(env):
"""Dupa enqueue, GET /v1/prezentari/{id} si lista contin rar_env."""
with _client() as c:
from app.db import get_connection
conn = get_connection()
try:
_setup_prod_only(conn)
finally:
conn.close()
# Enqueue pe prod (default contului prod-only)
r = c.post("/v1/prezentari", json=_body())
assert r.status_code == 200, r.text
sub_id = r.json()["results"][0]["submission_id"]
assert sub_id is not None
# GET detaliu
r_det = c.get(f"/v1/prezentari/{sub_id}")
assert r_det.status_code == 200, r_det.text
assert r_det.json()["rar_env"] == "prod"
# GET lista
r_lst = c.get("/v1/prezentari")
assert r_lst.status_code == 200, r_lst.text
sub_in_lista = next(s for s in r_lst.json()["submissions"] if s["id"] == sub_id)
assert sub_in_lista["rar_env"] == "prod"
# --------------------------------------------------------------------------- #
# test_valoare_invalida_422 #
# --------------------------------------------------------------------------- #
def test_valoare_invalida_422(env):
"""POST cu rar_env='staging' -> 422 din Pydantic Literal, fara echo de input."""
with _client() as c:
body = _body(rar_env="staging")
r = c.post("/v1/prezentari", json=body)
assert r.status_code == 422, r.text
# Handler-ul global sterge 'input'/'ctx' — valoarea invalida nu se ecou-ieste.
assert "staging" not in r.text
# Fara enqueue
lista = c.get("/v1/prezentari").json()["submissions"]
assert lista == []
# --------------------------------------------------------------------------- #
# test_valideaza_ecou_rar_env #
# --------------------------------------------------------------------------- #
def test_valideaza_ecou_rar_env(env):
"""POST /valideaza (dry-run) ecou-ieste rar_env rezolvat in ValidareResult."""
with _client() as c:
from app.db import get_connection
conn = get_connection()
try:
_setup_prod_only(conn)
finally:
conn.close()
# Dry-run fara rar_env -> default cont = prod
r = c.post("/v1/prezentari/valideaza", json=_body())
assert r.status_code == 200, r.text
res = r.json()["results"][0]
assert res["rar_env"] == "prod"
# Dry-run cu rar_env='prod' explicit
r2 = c.post("/v1/prezentari/valideaza", json=_body(rar_env="prod"))
assert r2.status_code == 200, r2.text
assert r2.json()["results"][0]["rar_env"] == "prod"
# Dry-run tinta indisponibila -> 422, fara echo sensibil
r3 = c.post("/v1/prezentari/valideaza", json=_body(rar_env="test"))
assert r3.status_code == 422, r3.text
assert r3.json()["detail"]["cod"] == "RAR_MEDIU_INDISPONIBIL"

313
tests/test_cont_medii.py Normal file
View File

@@ -0,0 +1,313 @@
"""Teste US-008 (PRD 5.20): configurare medii RAR per cont — Testare + Productie.
Ruta testata: POST /cont/rar-medii
Teste:
test_activeaza_si_salveaza_creds_per_env -- creds salvate criptat, mediu marcat disponibil
test_default_doar_dintre_disponibile -- mediu implicit validat contra disponibilelor
test_activare_prod_cere_confirmare -- prima activare prod cere checkbox L.142
test_creds_criptate_fara_echo -- parola niciodata in clar in DB sau HTML
"""
from __future__ import annotations
import os
import re
import tempfile
import pytest
from cryptography.fernet import Fernet
from starlette.testclient import TestClient
# ---------------------------------------------------------------------------
# Fixture
# ---------------------------------------------------------------------------
@pytest.fixture()
def client(monkeypatch):
"""Client izolat cu DB temporara + cheie Fernet pentru criptare creds."""
tmp = tempfile.mkdtemp()
monkeypatch.setenv("AUTOPASS_DB_PATH", os.path.join(tmp, "t_medii.db"))
monkeypatch.setenv("AUTOPASS_CREDS_KEY", Fernet.generate_key().decode())
from app.config import get_settings
from app import crypto
get_settings.cache_clear()
crypto.reset_cache()
from app.main import app
with TestClient(app, follow_redirects=False) as c:
yield c
get_settings.cache_clear()
crypto.reset_cache()
# ---------------------------------------------------------------------------
# Helpere
# ---------------------------------------------------------------------------
def _create_account_user(
name: str = "Service Test SRL",
email: str = "user@test.com",
password: str = "parolasecreta10",
):
"""Creeaza cont + user. Returneaza (acct_id, user_id)."""
from app.accounts import create_account
from app.users import create_user
from app.db import get_connection
conn = get_connection()
try:
acct_id = create_account(conn, name, active=True)
user_id = create_user(conn, acct_id, email, password)
return acct_id, user_id
finally:
conn.close()
def _login(client, email: str, password: str) -> None:
"""Face login real prin HTTP si seteaza cookie-ul de sesiune pe client."""
resp = client.get("/login")
assert resp.status_code == 200
m = re.search(r'name="csrf_token"\s+value="([^"]+)"', resp.text)
if not m:
m = re.search(r'value="([^"]+)"\s+name="csrf_token"', resp.text)
assert m, "csrf_token negasit pe /login"
csrf = m.group(1)
resp = client.post("/login", data={
"email": email,
"parola": password,
"csrf_token": csrf,
})
assert resp.status_code == 303, f"Login esuat: {resp.status_code} {resp.text[:200]}"
def _get_csrf(client) -> str:
"""Obtine CSRF token din fragmentul /_fragments/cont."""
resp = client.get("/_fragments/cont")
assert resp.status_code == 200, f"/_fragments/cont a returnat {resp.status_code}"
m = re.search(r'name="csrf_token"\s+value="([^"]+)"', resp.text)
if not m:
m = re.search(r'value="([^"]+)"\s+name="csrf_token"', resp.text)
assert m, f"csrf_token negasit in /_fragments/cont: {resp.text[:400]}"
return m.group(1)
def _mock_login_ok(monkeypatch) -> None:
"""Monkeypatch _valideaza_login_rar sa returneze (True, None) fara RAR live."""
import app.web.routes as routes_mod
monkeypatch.setattr(routes_mod, "_valideaza_login_rar", lambda *a, **kw: (True, None))
# ---------------------------------------------------------------------------
# Teste
# ---------------------------------------------------------------------------
def test_activeaza_si_salveaza_creds_per_env(client, monkeypatch):
"""Activez Testare cu creds valide (mock) -> DB: rar_test_enabled=1, rar_creds_test_enc non-null.
medii_disponibile si test_disponibil reflecta starea noua.
"""
_mock_login_ok(monkeypatch)
acct_id, _ = _create_account_user("Firma T1", "t1@test.com")
_login(client, "t1@test.com", "parolasecreta10")
csrf = _get_csrf(client)
resp = client.post("/cont/rar-medii", data={
"csrf_token": csrf,
"test_enabled": "1",
"test_email": "rar_test@firma.ro",
"test_parola": "parolaRARtest",
# prod_enabled absent -> rar_prod_enabled setat la 0
})
assert resp.status_code == 200
from app.db import get_connection
conn = get_connection()
try:
row = conn.execute(
"SELECT rar_test_enabled, rar_creds_test_enc, rar_prod_enabled FROM accounts WHERE id=?",
(acct_id,),
).fetchone()
finally:
conn.close()
assert row["rar_test_enabled"] == 1, "rar_test_enabled trebuia setat la 1"
assert row["rar_creds_test_enc"] is not None, "rar_creds_test_enc trebuia salvat"
# Indicator test_disponibil sau mesaj succes in HTML
assert "configurat" in resp.text or "salvate si validate" in resp.text, \
f"Indicator 'configurat' sau mesaj succes lipsa: {resp.text[:600]}"
def test_default_doar_dintre_disponibile(client, monkeypatch):
"""Incerc sa setez rar_env_default pe un mediu indisponibil -> valoarea veche ramane + eroare.
Setarea pe mediu disponibil reuseste.
"""
_mock_login_ok(monkeypatch)
acct_id, _ = _create_account_user("Firma T2", "t2@test.com")
_login(client, "t2@test.com", "parolasecreta10")
# Pasul 1: activeaza Testare cu creds + seteaza default=test (test va fi singurul disponibil)
csrf = _get_csrf(client)
resp1 = client.post("/cont/rar-medii", data={
"csrf_token": csrf,
"test_enabled": "1",
"test_email": "rar_test@firma.ro",
"test_parola": "parolaRAR123",
"rar_env_default": "test",
# prod_enabled absent -> rar_prod_enabled=0 (prod indisponibil)
})
assert resp1.status_code == 200
assert "actualizat" in resp1.text.lower(), \
f"Mesaj 'actualizat' asteptat pentru setarea default=test: {resp1.text[:500]}"
from app.db import get_connection
conn = get_connection()
try:
row1 = conn.execute(
"SELECT rar_env_default FROM accounts WHERE id=?", (acct_id,)
).fetchone()
finally:
conn.close()
assert row1["rar_env_default"] == "test", "rar_env_default trebuia setat la 'test'"
# Pasul 2: incerc sa setez default=prod (prod indisponibil: enabled=0, fara creds)
csrf = _get_csrf(client)
resp2 = client.post("/cont/rar-medii", data={
"csrf_token": csrf,
"test_enabled": "1", # re-trimit enabled fara creds noi (creds existente raman)
"rar_env_default": "prod",
})
assert resp2.status_code == 200
assert "disponibil" in resp2.text.lower(), \
f"Eroare 'nu e disponibil' asteptata in raspuns: {resp2.text[:500]}"
conn = get_connection()
try:
row2 = conn.execute(
"SELECT rar_env_default FROM accounts WHERE id=?", (acct_id,)
).fetchone()
finally:
conn.close()
assert row2["rar_env_default"] == "test", \
"rar_env_default NU trebuia schimbat la 'prod' (mediu indisponibil)"
def test_activare_prod_cere_confirmare(client, monkeypatch):
"""Prima activare Productie (de la dezactivat) fara prod_confirmare -> NU se activeaza.
Cu prod_confirmare=1 -> rar_prod_enabled devine 1.
"""
_mock_login_ok(monkeypatch)
acct_id, _ = _create_account_user("Firma T3", "t3@test.com")
_login(client, "t3@test.com", "parolasecreta10")
# Pasul 0: dezactiveaza prod (schema default=1, trebuie adus la 0 pt a testa confirmarea)
csrf = _get_csrf(client)
client.post("/cont/rar-medii", data={
"csrf_token": csrf,
# prod_enabled absent -> rar_prod_enabled setat la 0
# test_enabled absent -> rar_test_enabled setat la 0
})
from app.db import get_connection
conn = get_connection()
try:
row0 = conn.execute(
"SELECT rar_prod_enabled FROM accounts WHERE id=?", (acct_id,)
).fetchone()
finally:
conn.close()
assert row0["rar_prod_enabled"] == 0, "Prod trebuia dezactivat in pasul 0"
# Pasul 1: incerc sa activez prod FARA confirmare -> refuzat
csrf = _get_csrf(client)
resp1 = client.post("/cont/rar-medii", data={
"csrf_token": csrf,
"prod_enabled": "1",
"prod_email": "rar_prod@firma.ro",
"prod_parola": "parolaRARprod",
# prod_confirmare absent
})
assert resp1.status_code == 200
text1 = resp1.text.lower()
assert "confirmare" in text1 or "l.142" in text1 or "inteleg" in text1, \
f"Mesaj de confirmare asteptat in raspuns: {resp1.text[:600]}"
conn = get_connection()
try:
row1 = conn.execute(
"SELECT rar_prod_enabled FROM accounts WHERE id=?", (acct_id,)
).fetchone()
finally:
conn.close()
assert row1["rar_prod_enabled"] == 0, "rar_prod_enabled NU trebuia activat fara confirmare"
# Pasul 2: activeaza cu confirmare -> reuseste
csrf = _get_csrf(client)
resp2 = client.post("/cont/rar-medii", data={
"csrf_token": csrf,
"prod_enabled": "1",
"prod_email": "rar_prod@firma.ro",
"prod_parola": "parolaRARprod",
"prod_confirmare": "1",
})
assert resp2.status_code == 200
conn = get_connection()
try:
row2 = conn.execute(
"SELECT rar_prod_enabled FROM accounts WHERE id=?", (acct_id,)
).fetchone()
finally:
conn.close()
assert row2["rar_prod_enabled"] == 1, "rar_prod_enabled trebuia activat cu confirmare"
def test_creds_criptate_fara_echo(client, monkeypatch):
"""Dupa salvare, rar_creds_test_enc e criptat (nu parola in clar) si
parola NU apare in HTML-ul raspuns.
"""
_mock_login_ok(monkeypatch)
acct_id, _ = _create_account_user("Firma T4", "t4@test.com")
_login(client, "t4@test.com", "parolasecreta10")
parola_test = "SECRETPAROLATEST999"
csrf = _get_csrf(client)
resp = client.post("/cont/rar-medii", data={
"csrf_token": csrf,
"test_enabled": "1",
"test_email": "rar_test@firma.ro",
"test_parola": parola_test,
})
assert resp.status_code == 200
# Parola NU trebuie sa apara in HTML-ul raspuns
assert parola_test not in resp.text, \
f"Parola apare in raspunsul HTML (echo interzis): {resp.text[:500]}"
# In DB: rar_creds_test_enc e criptat (nu contine parola in clar)
from app.db import get_connection
from app.crypto import decrypt_creds
conn = get_connection()
try:
row = conn.execute(
"SELECT rar_creds_test_enc FROM accounts WHERE id=?", (acct_id,)
).fetchone()
finally:
conn.close()
enc = row["rar_creds_test_enc"]
assert enc is not None, "rar_creds_test_enc trebuia salvat"
assert parola_test not in enc, "Parola in clar gasita in rar_creds_test_enc (neacceptat)"
# Decriptarea trebuie sa recupereze parola originala
creds = decrypt_creds(enc)
assert creds is not None, "Decriptarea a returnat None"
assert creds.get("password") == parola_test, \
f"Parola decriptata nu corespunde: {creds!r}"

View File

@@ -157,7 +157,7 @@ class FakeRarClient:
made: list = []
def __init__(self, settings=None, login_exc=None):
def __init__(self, settings=None, *, base_url=None, login_exc=None):
self.closed = False
self.login_calls = 0
self._login_exc = login_exc
@@ -234,7 +234,7 @@ def test_get_token_bad_creds_raises(env, monkeypatch):
import app.worker.__main__ as w
from app.db import get_connection
def _factory(settings=None):
def _factory(settings=None, **kwargs):
return FakeRarClient(settings, login_exc=RarAuthError("Credentiale RAR invalide", status_code=401))
monkeypatch.setattr(w, "RarClient", _factory)

28
tests/test_idempotency.py Normal file
View File

@@ -0,0 +1,28 @@
"""US-003 (PRD 5.20): build_key incorporeaza rar_env."""
from __future__ import annotations
from app.idempotency import build_key, canonicalize_row
def _canon():
raw = {
"vin": "WVWZZZ1JZXW000001", "nr_inmatriculare": "B 123 ABC",
"data_prestatie": "2026-01-10", "odometru_final": "123456.0",
"prestatii": [{"cod_prestatie": "OE-1"}],
}
canon = canonicalize_row(raw)
canon["prestatii"] = raw["prestatii"]
return canon
def test_key_difera_intre_test_si_prod():
canon = _canon()
assert build_key(1, canon, "test") != build_key(1, canon, "prod")
def test_key_stabil_pe_env():
canon = _canon()
assert build_key(1, canon, "prod") == build_key(1, canon, "prod")
# None si 1 colapseaza la aceeasi cheie (account_or_default), pe acelasi env
assert build_key(None, canon, "test") == build_key(1, canon, "test")

View File

@@ -511,7 +511,7 @@ class TestE2EMixedQueue:
# 4. Worker cu MockRar injectat prin AccountSessions (simulam bucla worker)
mock_rar = MockRar(id_prezentare=66001, login_token="tok-mock")
monkeypatch.setattr(w, "RarClient", lambda settings=None: mock_rar)
monkeypatch.setattr(w, "RarClient", lambda settings=None, **kw: mock_rar)
sessions = w.AccountSessions(settings)
conn = get_connection()
@@ -595,7 +595,7 @@ class TestE2EMixedQueue:
conn.close()
mock_rar = MockRar(id_prezentare=77777)
monkeypatch.setattr(w, "RarClient", lambda settings=None: mock_rar)
monkeypatch.setattr(w, "RarClient", lambda settings=None, **kw: mock_rar)
sessions = w.AccountSessions(settings)
conn = get_connection()

View File

@@ -0,0 +1,359 @@
"""Teste US-009 (PRD 5.20) — Import web: selector mediu RAR conditionat de disponibilitate.
Verifica:
- La 0 medii: banner avertisment non-blocant (upload functioneaza, commit foloseste ancora globala).
- La 1 mediu: eticheta statica, fara selector; submissions primesc acel mediu.
- La 2 medii: selector vizibil pre-bifat pe default-ul contului.
- La commit: toate submission-urile lotului primesc rar_env ales (sau fallback ancora globala).
"""
from __future__ import annotations
import csv
import io
import os
import re
import tempfile
import pytest
from fastapi.testclient import TestClient
# --------------------------------------------------------------------------- #
# Fixture client cu DB izolat #
# --------------------------------------------------------------------------- #
@pytest.fixture()
def client(monkeypatch):
tmp = tempfile.mkdtemp()
monkeypatch.setenv("AUTOPASS_DB_PATH", os.path.join(tmp, "rar_env_test.db"))
monkeypatch.setenv("AUTOPASS_WEB_AUTH_REQUIRED", "false")
monkeypatch.setenv("AUTOPASS_RAR_ENV", "test") # ancora globala = test
from app.config import get_settings
get_settings.cache_clear()
from app.crypto import reset_cache
reset_cache()
from app.main import app
with TestClient(app) as c:
yield c
get_settings.cache_clear()
reset_cache()
# --------------------------------------------------------------------------- #
# Utilitare #
# --------------------------------------------------------------------------- #
def _csv_bytes(rows: list[dict], sep: str = ";") -> bytes:
buf = io.StringIO()
writer = csv.DictWriter(buf, fieldnames=list(rows[0].keys()), delimiter=sep)
writer.writeheader()
writer.writerows(rows)
return buf.getvalue().encode("utf-8")
def _seed_nomenclator_si_mapare(client: TestClient) -> None:
"""Semeaza nomenclatorul si o mapare pentru randuri ok."""
from app.db import get_connection
conn = get_connection()
try:
conn.execute(
"INSERT OR REPLACE INTO nomenclator_rar (cod_prestatie, nume_prestatie) VALUES (?,?)",
("R-FRANE", "Reparatie frane"),
)
conn.execute(
"INSERT OR IGNORE INTO operations_mapping "
"(account_id, cod_op_service, cod_prestatie, auto_send) VALUES (1,?,?,1)",
("OP-FRANE", "R-FRANE"),
)
conn.commit()
finally:
conn.close()
def _configureaza_un_mediu(client: TestClient, env: str = "test") -> None:
"""Activeaza un singur mediu RAR pe contul 1 (simulate creds disponibile)."""
from app.db import get_connection
from app.crypto import encrypt_creds
conn = get_connection()
try:
fake_creds = encrypt_creds({"email": "test@rar.ro", "password": "pass"})
if env == "test":
conn.execute(
"UPDATE accounts SET rar_test_enabled=1, rar_creds_test_enc=?, "
"rar_prod_enabled=0, rar_creds_prod_enc=NULL, rar_env_default='test' WHERE id=1",
(fake_creds,),
)
else:
conn.execute(
"UPDATE accounts SET rar_prod_enabled=1, rar_creds_prod_enc=?, "
"rar_test_enabled=0, rar_creds_test_enc=NULL, rar_env_default='prod' WHERE id=1",
(fake_creds,),
)
conn.commit()
finally:
conn.close()
def _configureaza_doua_medii(client: TestClient, default_env: str = "test") -> None:
"""Activeaza ambele medii RAR pe contul 1."""
from app.db import get_connection
from app.crypto import encrypt_creds
conn = get_connection()
try:
fake_test = encrypt_creds({"email": "test@rar.ro", "password": "pass_test"})
fake_prod = encrypt_creds({"email": "prod@rar.ro", "password": "pass_prod"})
conn.execute(
"UPDATE accounts SET "
"rar_test_enabled=1, rar_creds_test_enc=?, "
"rar_prod_enabled=1, rar_creds_prod_enc=?, "
"rar_env_default=? WHERE id=1",
(fake_test, fake_prod, default_env),
)
conn.commit()
finally:
conn.close()
_ROWS_OK = [
{
"VIN": "WVWZZZ1KZAW009001",
"Nr": "B009TST",
"Data": "2026-06-15",
"KM": "77000",
"Operatie": "OP-FRANE",
},
]
def _upload_si_mapare(client: TestClient, rows: list[dict]) -> int:
"""Upload CSV si seteaza mapare coloane. Intoarce import_id."""
data = _csv_bytes(rows)
r = client.post(
"/_import/upload",
files={"file": ("test.csv", io.BytesIO(data), "text/csv")},
)
assert r.status_code == 200, r.text
m = re.search(r"/_import/(\d+)/", r.text)
assert m, f"import_id negasit in raspunsul de upload: {r.text[:400]}"
iid = int(m.group(1))
# Seteaza maparea daca nu e deja
if f"/_import/{iid}/mapare-coloane" in r.text or "mapare-coloane" in r.text.lower():
r2 = client.post(
f"/_import/{iid}/mapare-coloane",
data={
"colname": ["VIN", "Nr", "Data", "KM", "Operatie"],
"canon": ["vin", "nr_inmatriculare", "data_prestatie", "odometru_final", "operatie"],
"format_data": "YYYY-MM-DD",
},
)
assert r2.status_code == 200, r2.text
return iid
def _get_preview(client: TestClient, iid: int) -> str:
rp = client.get(f"/_import/{iid}/preview")
assert rp.status_code == 200, rp.text
return rp.text
def _commit(client: TestClient, iid: int, n_ok: int, rar_env: str | None = None) -> object:
data = {
"csrf_token": "",
"n_confirmat": str(n_ok),
"confirmed_by": "test@us009.ro",
}
if rar_env:
data["rar_env"] = rar_env
return client.post(f"/_import/{iid}/confirma", data=data)
# --------------------------------------------------------------------------- #
# Tests #
# --------------------------------------------------------------------------- #
def test_selector_ascuns_la_un_mediu(client):
"""La 1 mediu disponibil: nu apare selector; apare eticheta statica cu mediul."""
_seed_nomenclator_si_mapare(client)
_configureaza_un_mediu(client, env="test")
# GET fragment/import: verifica ca nu exista selector si apare eticheta
r = client.get("/_fragments/import")
assert r.status_code == 200, r.text
html = r.text
# Eticheta statica "Testare" trebuie sa fie prezenta
assert "Testare" in html, "Eticheta mediu 'Testare' lipseste la 1 mediu disponibil"
# Selectorul nu trebuie sa apara (input cu name=rar_env hidden, dar fara <select>)
assert "<select" not in html or 'name="rar_env"' not in html or "rar-env-select" not in html, (
"Selector mediu RAR nu trebuie sa apara la 1 mediu disponibil"
)
def test_selector_prezent_si_prebifat_la_doua(client):
"""La 2 medii disponibile: selectorul apare si e pre-bifat pe default-ul contului."""
_seed_nomenclator_si_mapare(client)
_configureaza_doua_medii(client, default_env="test")
r = client.get("/_fragments/import")
assert r.status_code == 200, r.text
html = r.text
# Selectorul trebuie sa apara
assert "rar-env-select" in html, "Selectorul mediu RAR lipseste la 2 medii disponibile"
assert 'name="rar_env"' in html, 'Atribut name="rar_env" lipsa din selector'
# Default pre-selectat = "test" (default contului)
# Optiunea Testare trebuie sa fie selectata
assert 'value="test"' in html and "selected" in html, (
"Optiunea Testare nu e pre-selectata (default cont = test)"
)
def test_banner_avertisment_la_zero_medii(client):
"""La 0 medii configurate: apare un banner de avertisment (non-blocant)."""
# Contul 1 implicit nu are medii configurate
r = client.get("/_fragments/import")
assert r.status_code == 200, r.text
html = r.text
# Banner avertisment sau link catre configurare credentiale
assert "mediu" in html.lower() or "configureaza" in html.lower() or "credentiale" in html.lower(), (
"Bannerul de avertisment pentru 0 medii lipseste din pagina de upload"
)
# Upload-ul NU e blocat: formularul de upload trebuie sa fie prezent
assert "upload-form" in html, (
"Formularul de upload lipseste — la 0 medii upload-ul nu trebuie blocat"
)
def test_commit_seteaza_env_pe_submissions(client):
"""La commit: submissions primesc rar_env ales (fallback la ancora globala pt 0 medii)."""
_seed_nomenclator_si_mapare(client)
# Contul 1 fara medii configurate -> ancora globala = "test"
iid = _upload_si_mapare(client, _ROWS_OK)
preview_html = _get_preview(client, iid)
m_ok = re.search(r'id="n-confirmat"[^>]*?value="(\d+)"', preview_html)
n_ok = int(m_ok.group(1)) if m_ok else 1
r = _commit(client, iid, n_ok)
assert r.status_code == 200, r.text
assert any(kw in r.text.lower() for kw in ("coada", "prezenta", "trimiter")), (
"Mesajul de succes lipseste din raspunsul de commit"
)
# Verifica ca submission-ul are rar_env setat (fallback "test" via ancora globala)
from app.db import get_connection
conn = get_connection()
try:
sub = conn.execute(
"SELECT rar_env FROM submissions WHERE account_id=1 ORDER BY id DESC LIMIT 1"
).fetchone()
finally:
conn.close()
assert sub is not None, "Niciun submission gasit dupa commit"
assert sub["rar_env"] in ("test", "prod"), f"rar_env invalid: {sub['rar_env']!r}"
# Cu AUTOPASS_RAR_ENV=test si 0 medii configurate, expect "test"
assert sub["rar_env"] == "test", (
f"Expected rar_env='test' (ancora globala) dar primit {sub['rar_env']!r}"
)
def test_commit_cu_un_mediu_seteaza_acel_mediu(client):
"""La commit cu 1 mediu configurat: submission primeste mediul respectiv."""
_seed_nomenclator_si_mapare(client)
_configureaza_un_mediu(client, env="test")
iid = _upload_si_mapare(client, _ROWS_OK)
preview_html = _get_preview(client, iid)
m_ok = re.search(r'id="n-confirmat"[^>]*?value="(\d+)"', preview_html)
n_ok = int(m_ok.group(1)) if m_ok else 1
r = _commit(client, iid, n_ok)
assert r.status_code == 200, r.text
from app.db import get_connection
conn = get_connection()
try:
sub = conn.execute(
"SELECT rar_env FROM submissions WHERE account_id=1 ORDER BY id DESC LIMIT 1"
).fetchone()
finally:
conn.close()
assert sub is not None
assert sub["rar_env"] == "test", (
f"Expected rar_env='test' (singurul mediu disponibil) dar primit {sub['rar_env']!r}"
)
def test_commit_cu_doua_medii_respecta_alegerea(client):
"""La 2 medii: commit cu rar_env explicit seteaza mediul ales pe submissions."""
_seed_nomenclator_si_mapare(client)
_configureaza_doua_medii(client, default_env="test")
iid = _upload_si_mapare(client, _ROWS_OK)
preview_html = _get_preview(client, iid)
m_ok = re.search(r'id="n-confirmat"[^>]*?value="(\d+)"', preview_html)
n_ok = int(m_ok.group(1)) if m_ok else 1
# Commit explicit pe "prod"
r = _commit(client, iid, n_ok, rar_env="prod")
assert r.status_code == 200, r.text
from app.db import get_connection
conn = get_connection()
try:
sub = conn.execute(
"SELECT rar_env FROM submissions WHERE account_id=1 ORDER BY id DESC LIMIT 1"
).fetchone()
finally:
conn.close()
assert sub is not None
assert sub["rar_env"] == "prod", (
f"Expected rar_env='prod' (ales explicit) dar primit {sub['rar_env']!r}"
)
def test_badge_mediu_in_preview(client):
"""Preview-ul afiseaza badge-ul cu mediul tinta (US-009, F9/F10)."""
_seed_nomenclator_si_mapare(client)
_configureaza_un_mediu(client, env="test")
iid = _upload_si_mapare(client, _ROWS_OK)
r = client.get(f"/_import/{iid}/preview")
assert r.status_code == 200, r.text
html = r.text
# Badge cu mediul trebuie sa fie prezent in HTML
assert "Testare" in html or "PRODUCTIE" in html or "rar_env" in html, (
"Badge-ul de mediu RAR lipseste din preview"
)
def test_rar_env_in_confirm_form(client):
"""Preview-ul contine un field hidden rar_env in formularul de confirmare."""
_seed_nomenclator_si_mapare(client)
_configureaza_un_mediu(client, env="test")
iid = _upload_si_mapare(client, _ROWS_OK)
r = client.get(f"/_import/{iid}/preview")
assert r.status_code == 200, r.text
html = r.text
# Formularul de confirmare trebuie sa contina rar_env ca hidden field
assert 'name="rar_env"' in html, (
"Campul hidden 'rar_env' lipseste din formularul de confirmare preview"
)

View File

@@ -0,0 +1,50 @@
"""US-002 (PRD 5.20): medii_disponibile + rar_env_efectiv (REQ-DISP / REQ-DEFAULT)."""
from __future__ import annotations
from app.rar_env import medii_disponibile, rar_env_efectiv
def _cont(**kw):
base = {
"rar_test_enabled": 0, "rar_prod_enabled": 0,
"rar_creds_test_enc": None, "rar_creds_prod_enc": None,
"rar_env_default": "prod",
}
base.update(kw)
return base
def test_doar_prod_cu_creds():
c = _cont(rar_prod_enabled=1, rar_creds_prod_enc="TOK")
assert medii_disponibile(c) == ["prod"]
assert rar_env_efectiv(c) == "prod"
def test_ambele():
c = _cont(
rar_test_enabled=1, rar_creds_test_enc="T",
rar_prod_enabled=1, rar_creds_prod_enc="P",
rar_env_default="test",
)
assert medii_disponibile(c) == ["test", "prod"]
assert rar_env_efectiv(c) == "test"
def test_zero_cand_lipsesc_creds():
# activat dar fara creds -> nu e disponibil
c = _cont(rar_test_enabled=1, rar_prod_enabled=1)
assert medii_disponibile(c) == []
assert rar_env_efectiv(c) is None
def test_default_cade_pe_singurul_disponibil():
# default='prod' dar prod nu e disponibil; doar test e -> efectiv = test
c = _cont(rar_test_enabled=1, rar_creds_test_enc="T", rar_env_default="prod")
assert medii_disponibile(c) == ["test"]
assert rar_env_efectiv(c) == "test"
def test_enabled_fara_creds_nu_e_disponibil():
c = _cont(rar_prod_enabled=1, rar_creds_prod_enc=" ") # whitespace = gol
assert medii_disponibile(c) == []

View File

@@ -0,0 +1,96 @@
"""Teste US-004 (PRD 5.20): rezolvare mediu tinta la ingestie + respingere tinte indisponibile.
Fixtura `conn` urmareste acelasi pattern ca tests/test_accounts.py:
monkeypatch AUTOPASS_DB_PATH pe tempdir, cache_clear, init_db, get_connection.
"""
from __future__ import annotations
import os
import tempfile
import pytest
@pytest.fixture()
def conn(monkeypatch):
tmp = tempfile.mkdtemp()
monkeypatch.setenv("AUTOPASS_DB_PATH", os.path.join(tmp, "test_rar_env_resolve.db"))
from app.config import get_settings
get_settings.cache_clear()
from app.db import get_connection, init_db
init_db()
c = get_connection()
yield c
c.close()
get_settings.cache_clear()
def _seteaza_cont_ambele(conn) -> None:
"""Configureaza contul id=1 cu ambele medii disponibile, default = prod."""
conn.execute(
"""UPDATE accounts
SET rar_test_enabled=1, rar_creds_test_enc='T',
rar_prod_enabled=1, rar_creds_prod_enc='P',
rar_env_default='prod'
WHERE id=1"""
)
conn.commit()
def _seteaza_cont_doar_prod(conn) -> None:
"""Configureaza contul id=1 cu doar prod disponibil, test off."""
conn.execute(
"""UPDATE accounts
SET rar_test_enabled=0, rar_creds_test_enc=NULL,
rar_prod_enabled=1, rar_creds_prod_enc='P',
rar_env_default='prod'
WHERE id=1"""
)
conn.commit()
def test_cerere_castiga(conn):
"""Cererea explicita bate default-ul contului (prod)."""
_seteaza_cont_ambele(conn)
from app.rar_env import rezolva_rar_env
rezultat = rezolva_rar_env(conn, 1, "test")
assert rezultat == "test"
def test_fallback_default_cont(conn):
"""Fara cerere explicita -> default-ul contului (prod)."""
_seteaza_cont_ambele(conn)
from app.rar_env import rezolva_rar_env
rezultat = rezolva_rar_env(conn, 1, None)
assert rezultat == "prod"
def test_tinta_indisponibila_respinsa(conn):
"""Cerere pentru 'test' pe un cont doar-prod -> MediuIndisponibil cu .disponibile=['prod']."""
_seteaza_cont_doar_prod(conn)
from app.rar_env import MediuIndisponibil, rezolva_rar_env
with pytest.raises(MediuIndisponibil) as exc_info:
rezolva_rar_env(conn, 1, "test")
err = exc_info.value
assert err.env == "test"
assert err.disponibile == ["prod"]
def test_valoare_invalida(conn):
"""Cerere cu valoare in afara VALID_ENVS -> ValueError, fara fallback silentios."""
from app.rar_env import rezolva_rar_env
with pytest.raises(ValueError, match="mediu invalid"):
rezolva_rar_env(conn, 1, "staging")
def test_zero_medii_cade_pe_ancora(conn, monkeypatch):
"""Cont fara niciun mediu disponibil -> ancora globala AUTOPASS_RAR_ENV."""
# id=1 din fresh DB: rar_prod_enabled=1 dar rar_creds_prod_enc=NULL -> 0 disponibile
# (valoarea implicita a schemei: prod enabled fara creds -> nedisponibil)
monkeypatch.setenv("AUTOPASS_RAR_ENV", "test")
from app.config import get_settings
get_settings.cache_clear()
from app.rar_env import rezolva_rar_env
rezultat = rezolva_rar_env(conn, 1, None)
assert rezultat == "test"

View File

@@ -0,0 +1,145 @@
"""US-001 (PRD 5.20): schema medii per cont + env pe submission + migrare/backfill."""
from __future__ import annotations
import json
import os
import sqlite3
import tempfile
import pytest
@pytest.fixture()
def fresh_conn(monkeypatch):
"""DB nou cu schema curenta (init_db)."""
tmp = tempfile.mkdtemp()
monkeypatch.setenv("AUTOPASS_DB_PATH", os.path.join(tmp, "t.db"))
from app.config import get_settings
get_settings.cache_clear()
from app.db import get_connection, init_db
init_db()
c = get_connection()
yield c
c.close()
get_settings.cache_clear()
def _old_db(path: str) -> sqlite3.Connection:
"""Construieste un DB in forma PRE-5.20 (fara coloanele de mediu)."""
conn = sqlite3.connect(path, isolation_level=None)
conn.row_factory = sqlite3.Row
conn.execute(
"CREATE TABLE accounts (id INTEGER PRIMARY KEY AUTOINCREMENT, name TEXT NOT NULL, "
"cui TEXT, rar_creds_enc TEXT)"
)
conn.execute(
"CREATE TABLE submissions (id INTEGER PRIMARY KEY AUTOINCREMENT, "
"idempotency_key TEXT NOT NULL UNIQUE, account_id INTEGER, status TEXT, "
"payload_json TEXT NOT NULL)"
)
return conn
def _migrate_old(path: str, env: str, monkeypatch) -> sqlite3.Connection:
monkeypatch.setenv("AUTOPASS_RAR_ENV", env)
from app.config import get_settings
get_settings.cache_clear()
conn = sqlite3.connect(path, isolation_level=None)
conn.row_factory = sqlite3.Row
from app.db import _migrate
_migrate(conn)
return conn
def test_coloane_medii_pe_cont(fresh_conn):
acc = {r["name"] for r in fresh_conn.execute("PRAGMA table_info(accounts)").fetchall()}
assert {
"rar_test_enabled", "rar_prod_enabled",
"rar_creds_test_enc", "rar_creds_prod_enc", "rar_env_default",
} <= acc
sub = {r["name"] for r in fresh_conn.execute("PRAGMA table_info(submissions)").fetchall()}
assert "rar_env" in sub
def test_default_client_prod_on_test_off(fresh_conn):
from app.accounts import create_account
aid = create_account(fresh_conn, "Service X")
row = fresh_conn.execute(
"SELECT rar_test_enabled, rar_prod_enabled, rar_env_default FROM accounts WHERE id=?",
(aid,),
).fetchone()
assert row["rar_prod_enabled"] == 1
assert row["rar_test_enabled"] == 0
assert row["rar_env_default"] == "prod"
@pytest.mark.parametrize("env,slot,other", [
("test", "rar_creds_test_enc", "rar_creds_prod_enc"),
("prod", "rar_creds_prod_enc", "rar_creds_test_enc"),
])
def test_migrare_creds_in_slotul_env_global(tmp_path, monkeypatch, env, slot, other):
path = str(tmp_path / "old.db")
old = _old_db(path)
old.execute(
"INSERT INTO accounts (id, name, rar_creds_enc) VALUES (5, 'Legacy', 'TOKEN_CREDS')"
)
old.close()
conn = _migrate_old(path, env, monkeypatch)
row = conn.execute("SELECT * FROM accounts WHERE id=5").fetchone()
assert row[slot] == "TOKEN_CREDS"
assert row[other] is None
assert row[f"rar_{env}_enabled"] == 1
assert row[f"rar_{'prod' if env == 'test' else 'test'}_enabled"] == 0
assert row["rar_env_default"] == env
conn.close()
def test_migrare_cont_fara_creds_ramane_pe_default(tmp_path, monkeypatch):
path = str(tmp_path / "old.db")
old = _old_db(path)
old.execute("INSERT INTO accounts (id, name, rar_creds_enc) VALUES (6, 'NoCreds', NULL)")
old.close()
conn = _migrate_old(path, "test", monkeypatch)
row = conn.execute("SELECT * FROM accounts WHERE id=6").fetchone()
assert row["rar_prod_enabled"] == 1
assert row["rar_test_enabled"] == 0
assert row["rar_env_default"] == "prod"
conn.close()
def test_submissions_rar_env(tmp_path, monkeypatch):
"""Un rand PRE-migrare ajunge cu env-ul global (NU 'test') + cheie recalculata env-aware."""
path = str(tmp_path / "old.db")
old = _old_db(path)
payload = {
"vin": "WVWZZZ1JZXW000001", "nr_inmatriculare": "B123ABC",
"data_prestatie": "2026-01-10", "odometru_final": "123456",
"prestatii": [{"cod_prestatie": "OE-1"}],
}
old.execute(
"INSERT INTO submissions (idempotency_key, account_id, status, payload_json) "
"VALUES ('LEGACY_KEY', 7, 'sent', ?)",
(json.dumps(payload),),
)
old.close()
conn = _migrate_old(path, "prod", monkeypatch)
row = conn.execute("SELECT rar_env, idempotency_key FROM submissions").fetchone()
assert row["rar_env"] == "prod" # ancora globala, NU DEFAULT 'test'
from app.idempotency import build_key, canonicalize_row
canon = canonicalize_row(payload)
canon["prestatii"] = payload["prestatii"]
assert row["idempotency_key"] == build_key(7, canon, "prod")
# si difera de varianta env-aware pe test (reconciliere pe endpoint corect)
assert row["idempotency_key"] != build_key(7, canon, "test")
conn.close()
def test_migrare_idempotenta(fresh_conn):
"""A doua rulare _migrate pe DB deja migrat nu strica nimic."""
from app.db import _migrate
_migrate(fresh_conn) # nu arunca, nu dubleaza coloane
acc = {r["name"] for r in fresh_conn.execute("PRAGMA table_info(accounts)").fetchall()}
assert "rar_env_default" in acc

View File

@@ -65,6 +65,7 @@ def test_signup_fara_cui_422(client):
"cui": "",
"email": "fara_cui@test.com",
"parola": "parolasecreta123",
"consent": "1",
"csrf_token": token,
})
# trebuie sa returneze 422 (sau sa randeze formularul cu eroare)
@@ -96,6 +97,7 @@ def test_signup_scrie_email_pe_account(client):
"cui": "RO9999001",
"email": "cu_email@test.com",
"parola": "parolasecreta123",
"consent": "1",
"csrf_token": token,
})
assert resp.status_code == 200
@@ -131,6 +133,7 @@ def test_signup_email_duplicat_mesaj_email(client):
"cui": make_test_cui("email-dup-c1"),
"email": "emaildup@test.com",
"parola": "parolasecreta123",
"consent": "1",
"csrf_token": token,
})
assert resp1.status_code == 200
@@ -145,6 +148,7 @@ def test_signup_email_duplicat_mesaj_email(client):
"cui": cui_nou,
"email": "emaildup@test.com",
"parola": "parolasecreta456",
"consent": "1",
"csrf_token": token2,
})
@@ -179,6 +183,7 @@ def test_signup_cui_existent_mesaj_prietenos(client):
"cui": "RO8888001",
"email": "firma1@test.com",
"parola": "parolasecreta123",
"consent": "1",
"csrf_token": token,
})
@@ -190,6 +195,7 @@ def test_signup_cui_existent_mesaj_prietenos(client):
"cui": "RO8888001",
"email": "firma2@test.com",
"parola": "parolasecreta456",
"consent": "1",
"csrf_token": token2,
})

View File

@@ -52,6 +52,7 @@ def _do_signup(c: TestClient, name: str, email: str, parola: str = "parolasecret
"cui": make_test_cui(email),
"email": email,
"parola": parola,
"consent": "1",
"csrf_token": token,
})

View File

@@ -39,7 +39,7 @@ def env(monkeypatch):
class FakeRar:
"""Stub RarClient pentru teste."""
def __init__(self, settings=None):
def __init__(self, settings=None, *, base_url=None):
self.login_calls = 0
self.closed = False

177
tests/test_validare_env.py Normal file
View File

@@ -0,0 +1,177 @@
"""Teste US-007 (PRD 5.20): validare credentiale RAR pe env-ul setului de creds.
Premisa confirmata live (2026-06-29): creds prod NU se valideaza pe RAR test si
invers (401 incrucisat). Deci login-ul de proba TREBUIE sa loveasca endpoint-ul
mediului caruia ii apartin credentialele, nu URL-ul global AUTOPASS_RAR_ENV.
Functie testata:
routes._valideaza_login_rar(settings, email, password, env)
Teste:
test_valideaza_pe_env_creds -- login pe env='prod' foloseste base_url prod (nu test)
test_mesaj_distinge_env -- esec pe test vs prod produce mesaje diferite
"""
from __future__ import annotations
import os
import tempfile
import pytest
from app.rar_client import RarAuthError
# ---------------------------------------------------------------------------
# Fixture izolat
# ---------------------------------------------------------------------------
@pytest.fixture()
def env_db(monkeypatch):
"""DB temporara + settings curate. Numele 'env_db' evita coliziunea cu parametrul
'env' folosit in testele de mai jos ca string ('test'/'prod')."""
tmp = tempfile.mkdtemp()
monkeypatch.setenv("AUTOPASS_DB_PATH", os.path.join(tmp, "t.db"))
monkeypatch.setenv("AUTOPASS_SEED_OPERATII_ENABLED", "false")
from app.config import get_settings
get_settings.cache_clear()
from app.db import init_db
init_db()
yield
get_settings.cache_clear()
# ---------------------------------------------------------------------------
# Stub-uri RarClient
# ---------------------------------------------------------------------------
class _RarClientSpy:
"""Inregistreaza base_url-ul cu care a fost construit si simuleaza login reusit."""
captured: dict = {}
def __init__(self, settings=None, *, base_url=None):
_RarClientSpy.captured["base_url"] = base_url
def login(self, email, password):
return "TOKEN-SPY"
def __enter__(self):
return self
def __exit__(self, *args):
pass
def close(self):
pass
class _RarClientFail:
"""Simuleaza login esuat (RarAuthError 401) indiferent de env."""
def __init__(self, settings=None, *, base_url=None):
pass
def login(self, email, password):
raise RarAuthError("Credentiale RAR invalide", status_code=401)
def __enter__(self):
return self
def __exit__(self, *args):
pass
def close(self):
pass
# ---------------------------------------------------------------------------
# Teste
# ---------------------------------------------------------------------------
def test_valideaza_pe_env_creds(env_db, monkeypatch):
"""Cand validezi creds pentru env='prod', clientul de login e creat cu base_url-ul prod.
US-007 AC: 'validarea foloseste env-ul setului de creds verificat'.
Premisa: creds prod nu se valideaza pe RAR test (401 incrucisat), deci
clientul TREBUIE sa foloseasca base_url-ul prod, nu cel de test.
"""
import app.web.routes as routes_mod
from app.config import get_settings
_RarClientSpy.captured = {}
monkeypatch.setattr(routes_mod, "RarClient", _RarClientSpy)
settings = get_settings()
ok, mesaj = routes_mod._valideaza_login_rar(settings, "a@b.ro", "parola", "prod")
assert ok is True, f"Login simulat trebuia sa reuseasca: mesaj={mesaj!r}"
assert mesaj is None
base_url_folosit = _RarClientSpy.captured.get("base_url")
assert base_url_folosit == settings.rar_base_url_prod, (
f"Clientul trebuia construit cu rar_base_url_prod={settings.rar_base_url_prod!r},"
f" dar a primit base_url={base_url_folosit!r}"
)
assert base_url_folosit != settings.rar_base_url_test, (
"Clientul nu trebuia sa foloseasca base_url-ul de TEST la validarea creds PROD"
)
def test_valideaza_pe_env_creds_test(env_db, monkeypatch):
"""Cand validezi creds pentru env='test', clientul de login e creat cu base_url-ul test."""
import app.web.routes as routes_mod
from app.config import get_settings
_RarClientSpy.captured = {}
monkeypatch.setattr(routes_mod, "RarClient", _RarClientSpy)
settings = get_settings()
ok, mesaj = routes_mod._valideaza_login_rar(settings, "a@b.ro", "parola", "test")
assert ok is True
base_url_folosit = _RarClientSpy.captured.get("base_url")
assert base_url_folosit == settings.rar_base_url_test, (
f"Clientul trebuia construit cu rar_base_url_test={settings.rar_base_url_test!r},"
f" dar a primit base_url={base_url_folosit!r}"
)
assert base_url_folosit != settings.rar_base_url_prod
def test_mesaj_distinge_env(env_db, monkeypatch):
"""La esec de login pe test vs prod, mesajul difera ('TESTARE' vs 'PRODUCTIE').
US-007 AC: 'mesaj distinct creds invalide pe TESTARE vs pe PRODUCTIE'.
Design F6/F7: banner-ul de eroare indica pe ce mediu a esuat login-ul.
"""
import app.web.routes as routes_mod
from app.config import get_settings
monkeypatch.setattr(routes_mod, "RarClient", _RarClientFail)
settings = get_settings()
ok_test, msg_test = routes_mod._valideaza_login_rar(settings, "a@b.ro", "parola", "test")
ok_prod, msg_prod = routes_mod._valideaza_login_rar(settings, "a@b.ro", "parola", "prod")
assert ok_test is False, "Esecul la test trebuia sa returneze ok=False"
assert ok_prod is False, "Esecul la prod trebuia sa returneze ok=False"
assert msg_test is not None and "TESTARE" in msg_test, (
f"Mesajul la esec pe test trebuia sa contina 'TESTARE': {msg_test!r}"
)
assert msg_prod is not None and "PRODUCTIE" in msg_prod, (
f"Mesajul la esec pe prod trebuia sa contina 'PRODUCTIE': {msg_prod!r}"
)
# Cross-check: etichetele nu se amesteca
assert "PRODUCTIE" not in (msg_test or ""), (
f"Mesajul esec test nu trebuia sa mentioneze PRODUCTIE: {msg_test!r}"
)
assert "TESTARE" not in (msg_prod or ""), (
f"Mesajul esec prod nu trebuia sa mentioneze TESTARE: {msg_prod!r}"
)

View File

@@ -40,7 +40,8 @@ def _signup(client, name, email, password="parola_test_001"):
from tests.conftest import make_test_cui
tok = _csrf(client, "/signup")
client.post("/signup", data={"name": name, "cui": make_test_cui(email), "email": email,
"parola": password, "csrf_token": tok}, follow_redirects=True)
"parola": password, "consent": "1", "csrf_token": tok},
follow_redirects=True)
from app.db import get_connection
conn = get_connection()
try:

View File

@@ -224,8 +224,8 @@ def test_logo_linkeaza_acasa(client):
"In prezent logo-ul nu e un link."
)
# Titlul "ROMFAST AUTOPASS" trebuie sa fie si el in interiorul unui <a href="/">
# Titlul "ROA AUTOPASS" trebuie sa fie si el in interiorul unui <a href="/">
# (PRD AC US-010: Logo-ul ROMFAST + titlul linkeaza la /; titlul a fost redenumit in 5.16)
assert re.search(r'<a\b[^>]*href="/"[^>]*>.*?ROMFAST AUTOPASS', header_html, re.DOTALL), (
"Titlul 'ROMFAST AUTOPASS' trebuie sa fie intr-un <a href='/'> in header."
assert re.search(r'<a\b[^>]*href="/"[^>]*>.*?ROA AUTOPASS', header_html, re.DOTALL), (
"Titlul 'ROA AUTOPASS' trebuie sa fie intr-un <a href='/'> in header."
)

View File

@@ -741,20 +741,20 @@ def test_strip_sanatate_fara_hex_hardcodat():
# ============================================================
# PRD 5.16 US-010: Titlu ROMFAST AUTOPASS + account_name in antet
# PRD 5.16 US-010: Titlu ROA AUTOPASS + account_name in antet
# ============================================================
def test_titlu_romfast_autopass(client):
"""US-010 (PRD 5.16): titlul din antet si tag-ul <title> sunt 'ROMFAST AUTOPASS',
"""US-010 (PRD 5.16): titlul din antet si tag-ul <title> sunt 'ROA AUTOPASS',
nu 'Gateway RAR AUTOPASS'."""
_create_account_user("titlutest@test.com", name="Service Titlu")
_login(client, "titlutest@test.com")
html = client.get("/?tab=acasa").text
assert "ROMFAST AUTOPASS" in html, \
"Titlul 'ROMFAST AUTOPASS' lipseste din antet (US-010 PRD 5.16)"
assert "ROA AUTOPASS" in html, \
"Titlul 'ROA AUTOPASS' lipseste din antet (US-010 PRD 5.16)"
assert "Gateway RAR AUTOPASS" not in html, \
"Titlul vechi 'Gateway RAR AUTOPASS' inca prezent — inlocuieste cu 'ROMFAST AUTOPASS'"
"Titlul vechi 'Gateway RAR AUTOPASS' inca prezent — inlocuieste cu 'ROA AUTOPASS'"
def test_header_arata_nume_service_logat(client):
@@ -772,7 +772,7 @@ def test_header_arata_nume_service_logat(client):
def test_login_branded_nu_schelet(client):
"""US-010 (PRD 5.16): /login are layout 2-coloane branduit cu clasa .login-shell,
titlul 'ROMFAST AUTOPASS', si formular cu POST /login (CSRF intact)."""
titlul 'ROA AUTOPASS', si formular cu POST /login (CSRF intact)."""
resp = client.get("/login")
assert resp.status_code == 200
html = resp.text
@@ -781,8 +781,8 @@ def test_login_branded_nu_schelet(client):
"Clasa .login-shell lipseste din /login (US-010 PRD 5.16) — layout 2-coloane nenimplementat"
assert "login-aside" in html, \
"Clasa .login-aside lipseste — coloana stanga de brand lipseste (US-010)"
assert "ROMFAST AUTOPASS" in html, \
"Titlul 'ROMFAST AUTOPASS' lipseste din /login (US-010 PRD 5.16)"
assert "ROA AUTOPASS" in html, \
"Titlul 'ROA AUTOPASS' lipseste din /login (US-010 PRD 5.16)"
# Formular intact: POST /login cu csrf_token
assert 'action="/login"' in html, "Actiunea formularului /login s-a schimbat — CSRF route invalida"
assert 'name="csrf_token"' in html, "csrf_token lipseste din formular — securitate compromisa"

View File

@@ -48,6 +48,7 @@ def test_signup_creeaza_cont_user_si_cheie(client):
"cui": "RO12345678",
"email": "test@example.com",
"parola": "parolasecreta",
"consent": "1",
"csrf_token": token,
})
assert resp.status_code == 200
@@ -87,6 +88,7 @@ def test_signup_email_duplicat_eroare(client):
"cui": make_test_cui("dup@example.com"),
"email": "dup@example.com",
"parola": "parolasecreta",
"consent": "1",
"csrf_token": token,
})
@@ -102,6 +104,7 @@ def test_signup_email_duplicat_eroare(client):
"cui": make_test_cui("dup-b@example.com"),
"email": "dup@example.com",
"parola": "altaparola123",
"consent": "1",
"csrf_token": token,
})
assert resp2.status_code in (200, 422)
@@ -139,6 +142,72 @@ def test_signup_parola_scurta_eroare(client):
conn.close()
def test_signup_fara_consent_eroare(client):
"""Consimtamant GDPR lipsa -> 422, fara creare cont; mesaj despre Termeni/GDPR.
Checkbox-ul de consimtamant trebuie validat server-side (functional, nu doar client-side):
fara el contul nu se creeaza si planul/datele introduse se pastreaza in re-render.
"""
from tests.conftest import make_test_cui
resp = client.get("/signup")
token = _csrf(resp.text)
resp = client.post("/signup", data={
"name": "Service Fara Consent",
"cui": make_test_cui("fara-consent@test.com"),
"email": "fara-consent@test.com",
"parola": "parolasecreta123",
# fara "consent"
"csrf_token": token,
})
assert resp.status_code == 422
assert "rfak_" not in resp.text
assert "GDPR" in resp.text or "Termeni" in resp.text
from app.db import get_connection
conn = get_connection()
try:
acct = conn.execute(
"SELECT * FROM accounts WHERE name='Service Fara Consent'"
).fetchone()
assert acct is None, "Cont creat desi consimtamantul lipsea"
finally:
conn.close()
def test_signup_salveaza_requested_plan_si_consent(client):
"""POST /signup cu plan ales -> accounts.requested_plan = codul ales, consent_at setat,
iar tier RAMANE 'free' (planul cerut NU acorda drepturi)."""
from tests.conftest import make_test_cui
resp = client.get("/signup")
token = _csrf(resp.text)
resp = client.post("/signup", data={
"name": "Service Plan Pro",
"cui": make_test_cui("plan-pro@test.com"),
"email": "plan-pro@test.com",
"parola": "parolasecreta123",
"plan": "pro",
"consent": "1",
"csrf_token": token,
})
assert resp.status_code == 200
assert "rfak_" in resp.text
from app.db import get_connection
conn = get_connection()
try:
acct = conn.execute(
"SELECT * FROM accounts WHERE name='Service Plan Pro'"
).fetchone()
assert acct is not None
assert acct["requested_plan"] == "pro", "Planul cerut nu a fost salvat"
assert acct["tier"] == "free", "tier NU trebuie urcat din planul cerut (doar dupa plata)"
assert acct["consent_at"], "consent_at trebuie setat la signup cu consimtamant"
finally:
conn.close()
def test_cheie_afisata_o_data(client):
"""Cheia rfak_ apare in raspunsul POST /signup; GET /signup nu o contine."""
from tests.conftest import make_test_cui
@@ -150,6 +219,7 @@ def test_cheie_afisata_o_data(client):
"cui": make_test_cui("cheie@test.com"),
"email": "cheie@test.com",
"parola": "parolasecreta",
"consent": "1",
"csrf_token": token,
})
assert resp_post.status_code == 200

View File

@@ -495,7 +495,9 @@ def _insert_submissions_sent(account_id: int, n: int) -> None:
def test_afisaj_plan_si_zile_trial(client):
"""US-006: cont in trial Pro -> fragment status arata 'trial N zile ramase'.
"""US-006 + T-6 (5.16): cont in trial Pro -> linia de plan din meniul burger (pagina
completa) arata 'Plan: Pro · trial N zile ramase'. In starea normala (non-warn) plan_linie
NU mai e rand in corpul fragmentului status — traieste in badge antet + burger.
Contul nou primeste trial_until=now+30z automat la creare.
"""
acct_id, _ = _create_account_user("trialzile@test.com")
@@ -505,7 +507,7 @@ def test_afisaj_plan_si_zile_trial(client):
future = (datetime.now(timezone.utc) + timedelta(days=18, hours=12)).strftime("%Y-%m-%d %H:%M:%S")
_set_trial_until(acct_id, future)
resp = client.get("/_fragments/status")
resp = client.get("/", follow_redirects=True)
assert resp.status_code == 200
html = resp.text
@@ -516,7 +518,8 @@ def test_afisaj_plan_si_zile_trial(client):
def test_afisaj_consum_lunar(client):
"""US-006: cont free (fara trial) -> fragment status arata 'Gratuit · N/60 luna asta'."""
"""US-006 + T-6 (5.16): cont free (fara trial) -> linia de plan din burger (pagina
completa) arata 'Gratuit · N/60 luna asta'. Consumul normal nu mai e rand in corp."""
acct_id, _ = _create_account_user("consumlun@test.com")
_login(client, "consumlun@test.com", "parolasecreta10")
@@ -525,7 +528,7 @@ def test_afisaj_consum_lunar(client):
# Insereaza 5 submissions sent luna asta
_insert_submissions_sent(acct_id, 5)
resp = client.get("/_fragments/status")
resp = client.get("/", follow_redirects=True)
assert resp.status_code == 200
html = resp.text
@@ -584,7 +587,8 @@ def test_copy_pluralizare_zi_zile(client):
future_18 = (datetime.now(timezone.utc) + timedelta(days=18, hours=12)).strftime("%Y-%m-%d %H:%M:%S")
_set_trial_until(acct_id, future_18)
resp = client.get("/_fragments/status")
# T-6 (5.16): linia de plan (cu pluralizarea zilelor) traieste in burger pe pagina completa.
resp = client.get("/", follow_redirects=True)
assert resp.status_code == 200
html = resp.text
assert "18 zile" in html, f"'18 zile' lipseste. HTML: {html[:800]}"
@@ -596,7 +600,7 @@ def test_copy_pluralizare_zi_zile(client):
future_1 = (datetime.now(timezone.utc) + timedelta(days=1, hours=12)).strftime("%Y-%m-%d %H:%M:%S")
_set_trial_until(acct_id, future_1)
resp = client.get("/_fragments/status")
resp = client.get("/", follow_redirects=True)
assert resp.status_code == 200
html = resp.text
assert "1 zi" in html, f"'1 zi' (singular) lipseste la o zi ramasa. HTML: {html[:800]}"

View File

@@ -107,8 +107,9 @@ def test_submissions_coloane_umane(client):
assert "B777ZZZ" in html, "Nr inmatriculare din payload lipseste"
assert "Reparatie frane" in html, "Operatia din payload lipseste"
# Nr. prezentare RAR accesibil pe linia meta discreta
assert "68516" in html, "Nr. prezentare RAR lipseste din linia meta"
# 5.16: #id_prezentare nu mai e pe rand (randul are MAX 2 linii) — detaliul complet
# (inclusiv nr. prezentare RAR) traieste in modalul de detaliu.
assert "68516" not in html, "Nr. prezentare RAR nu trebuie sa mai apara pe randul slim"
def test_tab_eticheta_trimiteri(client):
@@ -426,9 +427,9 @@ def test_detaliu_trimitere_404_cross_account(client):
# ---------------------------------------------------------------------------
def test_rand_slim_vin_operatie_pill(client):
"""US-004: fiecare rand slim afiseaza VIN scurt in .slim-vin, operatie+ora in
.slim-meta si un pill de stare cu clasa stare_css si eticheta stare_scurt.
Lista e inconjurata de .lista-trimiteri-slim.
"""5.16: fiecare rand slim are 2 linii — L1 placuta (nr. inmatriculare) in .slim-vin,
L2 cod RAR · operatie · data in .slim-meta, plus un pill de stare cu clasa stare_css
si eticheta stare_scurt. Lista e inconjurata de .lista-trimiteri-slim.
"""
acct = _create_account_user("slim1@test.com")
_insert_submission(acct, "sent", id_prezentare=80001)
@@ -442,14 +443,16 @@ def test_rand_slim_vin_operatie_pill(client):
assert "lista-trimiteri-slim" in html, "lista-trimiteri-slim lipseste din raspuns"
assert "trimitere-slim" in html, "trimitere-slim lipseste din raspuns"
# VIN scurt in clasa slim-vin (mono, linia 1)
assert "slim-vin" in html, "slim-vin lipseste — linia 1 VIN mono"
# L1: placuta (identificator primar) in clasa slim-vin
assert "slim-vin" in html, "slim-vin lipseste — linia 1 placuta"
assert "B777ZZZ" in html, "placuta (nr. inmatriculare) lipseste de pe rand"
# Linia 2 muted (operatie + ora/data)
assert "slim-meta" in html, "slim-meta lipseste — linia 2 muted"
# L2: cod RAR · operatie · data (slim-meta / slim-rand2)
assert "slim-meta" in html, "slim-meta lipseste — linia 2"
assert "slim-rand2" in html, "slim-rand2 lipseste — linia 2 (cod RAR · operatie · data)"
# VIN scurt randat (WVWZZZ1JZXW000777 -> …000777)
assert "000777" in html, "VIN scurt (ultimele 6 cifre) lipseste"
# VIN integral nu mai e pe rand (5.16) — traieste in modalul de detaliu.
assert "000777" not in html, "VIN scurt nu mai trebuie randat pe randul slim (2 linii)"
# Pill de stare: clasa CSS + eticheta scurta
assert "s-sent" in html, "clasa pill s-sent lipseste"

View File

@@ -81,12 +81,13 @@ def client(monkeypatch):
get_settings.cache_clear()
def test_vin_pe_rand_separat_sub_nr(client):
"""VIN-ul apare intr-un element block-level cu clasa slim-vin (PRD 5.15 US-004).
def test_placuta_pe_rand_identificator_primar(client):
"""Placuta (nr. inmatriculare) e identificatorul PRIMAR, linia 1 a randului slim
(5.16): in <div class="slim-vin"> (block-level, prominent).
PRD 5.10 (US-005): VIN era <div class="muted"> sub nr in coloana Vehicul.
PRD 5.15 (US-004): VIN e acum identificatorul PRINCIPAL, linia 1 a randului slim,
in <div class="slim-vin"> (mono, prominent, block-level). NU mai e muted.
PRD 5.15 (US-004): VIN era identificatorul primar pe linia 1.
5.16 (directiva user): operatorul scaneaza placuta de pe comanda, nu VIN-ul de 17
caractere — placuta devine linia 1, VIN integral se muta in modalul de detaliu.
"""
acct = _create_account_user("vin_layout@test.com")
_ins(acct, vin="WVWZZZ1JZXW000001", nr="B123XYZ")
@@ -96,46 +97,51 @@ def test_vin_pe_rand_separat_sub_nr(client):
assert resp.status_code == 200
html = resp.text
# VIN trunchiat trebuie sa apara in HTML
assert "000001" in html, "VIN-ul trunchiat trebuie sa apara in lista slim"
# Placuta trebuie sa apara in HTML
assert "B123XYZ" in html, "placuta (nr. inmatriculare) trebuie sa apara in lista slim"
# VIN e intr-un element block-level (div cu clasa slim-vin)
# Pattern: <div class="slim-vin">...000001...</div>
vin_fragment = "000001"
# Placuta e intr-un element block-level (div cu clasa slim-vin)
plac = "B123XYZ"
found_slim_vin = re.search(
rf'<div[^>]*class="slim-vin[^"]*"[^>]*>[^<]*{re.escape(vin_fragment)}[^<]*</div>',
rf'<div[^>]*class="slim-vin[^"]*"[^>]*>[^<]*{re.escape(plac)}[^<]*</div>',
html,
)
assert found_slim_vin, (
f"VIN '{vin_fragment}' trebuie sa fie in <div class=\"slim-vin\"> (block-level, "
f"mono, linia 1 a randului slim). HTML gasit: "
+ html[max(0, html.find(vin_fragment) - 80):html.find(vin_fragment) + 80]
f"placuta '{plac}' trebuie sa fie in <div class=\"slim-vin\"> (linia 1 a "
f"randului slim). HTML gasit: "
+ html[max(0, html.find(plac) - 80):html.find(plac) + 80]
)
# VIN integral NU mai e pe rand (max 2 linii) — traieste in modalul de detaliu.
assert "000001" not in html, "VIN-ul nu mai trebuie randat pe randul slim (5.16)"
def test_vin_lipsa_nu_genereaza_rand_gol(client):
"""Cand VIN-ul lipseste (sau e EMPTY=''), slim-vin nu afiseaza '' izolat.
Fallback: slim-vin afiseaza vehicul_nr (nr. inmatriculare) cu clasa muted.
(PRD 5.15 US-004: slim-vin are garda vin != '')
def test_placuta_lipsa_nu_genereaza_rand_gol(client):
"""Cand placuta SI VIN-ul lipsesc, slim-vin nu afiseaza '' izolat ca identificator.
Fallback (5.16): VIN scurt daca exista, altfel mesaj neutru ('fara numar') — niciodata
un em-dash singur ca identificator primar.
"""
acct = _create_account_user("vin_gol@test.com")
sid = _ins(acct, vin="", nr="B999TST") # VIN gol -> vin_scurt='—'
# Placuta prezenta -> e identificatorul primar pe linia 1.
sid1 = _ins(acct, vin="", nr="B999TST")
# Placuta SI VIN absente -> fallback 'fara numar' (nu '—' izolat).
sid2 = _ins(acct, vin="", nr="")
_login(client, "vin_gol@test.com")
resp = client.get("/_fragments/submissions")
assert resp.status_code == 200
html = resp.text
# Randul trebuie sa existe
assert f'id="trimitere-row-{sid}"' in html
# Ambele randuri exista
assert f'id="trimitere-row-{sid1}"' in html
assert f'id="trimitere-row-{sid2}"' in html
# slim-vin NU trebuie sa contina '—' izolat (VIN lipsa -> fallback vehicul_nr)
slim_vin_match = re.search(r'<div[^>]*class="slim-vin[^"]*"[^>]*>([^<]*)</div>', html)
assert slim_vin_match, "slim-vin lipseste din randul cu VIN gol"
slim_vin_content = slim_vin_match.group(1).strip()
assert slim_vin_content != "", (
"slim-vin afiseaza '' izolat cand VIN lipseste — "
"trebuie sa afiseze vehicul_nr ca fallback"
)
# Fallback: nr inmatriculare vizibil
assert "B999TST" in html, "Nr inmatriculare (fallback) lipseste cand VIN e gol"
# Placuta vizibila cand exista
assert "B999TST" in html, "placuta (nr. inmatriculare) lipseste de pe rand"
# Niciun slim-vin nu contine '—' izolat
for m in re.finditer(r'<div[^>]*class="slim-vin[^"]*"[^>]*>([^<]*)</div>', html):
assert m.group(1).strip() != "", "slim-vin afiseaza '' izolat ca identificator"
# Fallback neutru cand placuta + VIN lipsesc
assert "fara numar" in html, "fallback 'fara numar' lipseste cand placuta+VIN absente"

View File

@@ -42,10 +42,10 @@ class _FakeSessions:
self.invalidated: list[int] = []
self.tokens: list[int] = []
def invalidate(self, account_id: int) -> None:
def invalidate(self, account_id: int, rar_env=None) -> None:
self.invalidated.append(account_id)
def get_token(self, conn, account_id: int, creds) -> str | None:
def get_token(self, conn, account_id: int, creds, rar_env="test") -> str | None:
self.tokens.append(account_id)
if self._fail:
raise RuntimeError("RAR jos")

View File

@@ -63,7 +63,7 @@ class FakeRar:
def test_login_reusit_logat(env, monkeypatch):
conn, settings = env
import app.worker.__main__ as w
monkeypatch.setattr(w, "RarClient", lambda s: FakeRar())
monkeypatch.setattr(w, "RarClient", lambda s, **kw: FakeRar())
sessions = w.AccountSessions(settings)
tok = sessions.get_token(conn, 2, {"email": "a@b.ro", "password": "secretaXY"})
assert tok == "JWT-TEST"
@@ -80,7 +80,7 @@ def test_login_reusit_logat(env, monkeypatch):
def test_login_401_logat_fara_parola(env, monkeypatch):
conn, settings = env
import app.worker.__main__ as w
monkeypatch.setattr(w, "RarClient", lambda s: FakeRar(login_exc=RarAuthError("401", status_code=401)))
monkeypatch.setattr(w, "RarClient", lambda s, **kw: FakeRar(login_exc=RarAuthError("401", status_code=401)))
sessions = w.AccountSessions(settings)
with pytest.raises(RarAuthError):
sessions.get_token(conn, 3, {"email": "a@b.ro", "password": "parolaGRESITA"})

View File

@@ -0,0 +1,326 @@
"""Teste US-006 (PRD 5.20) — sesiuni si trimitere worker per (cont, env).
Verifica:
- AccountSessions re-cheiat pe (account_id, rar_env): doua env ale aceluiasi cont
au sesiuni distincte.
- RarClient creat cu base_url-ul mediului (test -> rar_base_url_test,
prod -> rar_base_url_prod), nu ancora globala.
- Creds extrase din slotul accounts.rar_creds_{env}_enc corect per env.
- Purjarea creds efemere scoped pe (account_id, rar_env): login pe test NU sterge
creds efemere ale submission-urilor PROD ale aceluiasi cont (auto-fix E1/1a).
- recover_orphans per (cont, env): orfanii prod reconciliati contra endpoint prod,
nu contra test (auto-fix 1b/E6).
"""
from __future__ import annotations
import json
import os
import tempfile
import pytest
from cryptography.fernet import Fernet
# ---------------------------------------------------------------------------
# Fixture DB
# ---------------------------------------------------------------------------
@pytest.fixture()
def env(monkeypatch):
tmp = tempfile.mkdtemp()
monkeypatch.setenv("AUTOPASS_DB_PATH", os.path.join(tmp, "t.db"))
monkeypatch.setenv("AUTOPASS_CREDS_KEY", Fernet.generate_key().decode())
monkeypatch.setenv("AUTOPASS_WORKER_USE_TEST_CREDS", "false")
monkeypatch.setenv("AUTOPASS_REQUIRE_API_KEY", "false")
from app.config import get_settings
from app import crypto
get_settings.cache_clear()
crypto.reset_cache()
from app.db import get_connection, init_db
init_db()
conn = get_connection()
settings = get_settings()
yield conn, settings
conn.close()
get_settings.cache_clear()
crypto.reset_cache()
# ---------------------------------------------------------------------------
# Helpers
# ---------------------------------------------------------------------------
_CONTENT = {
"vin": "WVWZZZ1KZAW000123", "nr_inmatriculare": "B999TST",
"data_prestatie": "2026-06-15", "odometru_final": "123456",
"prestatii": [{"cod_prestatie": "OE-1"}], "sistem_reparat": "null",
}
def _insert_sub(conn, account_id=1, rar_env="test", creds_enc=None, status="queued"):
"""Insereaza un submission cu env si creds explicite."""
content = _CONTENT.copy()
cur = conn.execute(
"INSERT INTO submissions "
"(idempotency_key, account_id, status, payload_json, rar_env, rar_creds_enc) "
"VALUES (?, ?, ?, ?, ?, ?)",
(f"k-{os.urandom(4).hex()}", account_id, status, json.dumps(content), rar_env, creds_enc),
)
return int(cur.lastrowid)
def _row(conn, sid):
return conn.execute("SELECT * FROM submissions WHERE id=?", (sid,)).fetchone()
# Captura base_url-urilor clientilor creati de AccountSessions
_created_clients: list = []
class FakeRarClient:
"""RarClient stub care captura base_url-ul pentru assertii."""
def __init__(self, settings=None, *, base_url=None, login_exc=None):
self.base_url = base_url
self._login_exc = login_exc
self.login_calls = 0
self.closed = False
_created_clients.append(self)
def login(self, email, password):
self.login_calls += 1
if self._login_exc:
raise self._login_exc
return f"TOK-{email}-{self.base_url}"
def get_nomenclator(self, token):
return []
def close(self):
self.closed = True
# ---------------------------------------------------------------------------
# test_sesiune_separata_per_env
# ---------------------------------------------------------------------------
def test_sesiune_separata_per_env(env, monkeypatch):
"""Doua submission-uri ale aceluiasi cont, env test + prod -> doua login-uri distincte.
Cheia sesiunii e (account_id, rar_env): sesiunile test si prod sunt independente.
"""
import app.worker.__main__ as w
_created_clients.clear()
monkeypatch.setattr(w, "RarClient", FakeRarClient)
conn, settings = env
# Cont secundar (contul 1 e default din schema)
conn.execute("INSERT INTO accounts (id, name) VALUES (2, 'Cont2')")
conn.commit()
sessions = w.AccountSessions(settings)
creds_test = {"email": "test@example.ro", "password": "ptest"}
creds_prod = {"email": "prod@example.ro", "password": "pprod"}
tok_test = sessions.get_token(conn, 2, creds_test, "test")
tok_prod = sessions.get_token(conn, 2, creds_prod, "prod")
# Doua login-uri distincte
assert len(_created_clients) == 2
assert _created_clients[0].login_calls == 1
assert _created_clients[1].login_calls == 1
# Tokenuri distincte (de la email-uri diferite)
assert tok_test != tok_prod
# Sesiunile active: doua intrari, ambele pt cont 2, env diferite
active = sessions.active()
assert len(active) == 2
envs_active = {env for _, env, _, _ in active}
assert envs_active == {"test", "prod"}
# Al doilea apel cu acelasi (cont, env) -> cache, NU re-login
tok_test2 = sessions.get_token(conn, 2, creds_test, "test")
assert tok_test2 == tok_test
assert len(_created_clients) == 2 # niciun client nou creat
# ---------------------------------------------------------------------------
# test_base_url_dupa_submission
# ---------------------------------------------------------------------------
def test_base_url_dupa_submission(env, monkeypatch):
"""Un submission prod foloseste rar_base_url_prod; un submission test foloseste rar_base_url_test."""
import app.worker.__main__ as w
_created_clients.clear()
monkeypatch.setattr(w, "RarClient", FakeRarClient)
conn, settings = env
sessions = w.AccountSessions(settings)
creds = {"email": "x@example.ro", "password": "pw"}
sessions.get_token(conn, 1, creds, "test")
sessions.get_token(conn, 1, creds, "prod")
urls = {c.base_url for c in _created_clients}
assert settings.rar_base_url_test in urls, f"URL test asteptat in {urls}"
assert settings.rar_base_url_prod in urls, f"URL prod asteptat in {urls}"
# Cele doua URL-uri trebuie sa fie diferite (sisteme RAR separate)
assert settings.rar_base_url_test != settings.rar_base_url_prod
# ---------------------------------------------------------------------------
# test_creds_din_slotul_env
# ---------------------------------------------------------------------------
def test_creds_din_slotul_env(env, monkeypatch):
"""Cand submissions.rar_creds_enc lipseste, worker ia din accounts.rar_creds_{env}_enc.
Prod ia din rar_creds_prod_enc, nu din slotul test (auto-fix 1c/E8 + fallback per-env).
"""
import app.worker.__main__ as w
from app.crypto import encrypt_creds
conn, settings = env
enc_test = encrypt_creds({"email": "test@rar.ro", "password": "ptest"})
enc_prod = encrypt_creds({"email": "prod@rar.ro", "password": "pprod"})
# Salveaza creds in ambele sloturi per-env
conn.execute(
"UPDATE accounts SET rar_creds_test_enc=?, rar_creds_prod_enc=? WHERE id=1",
(enc_test, enc_prod),
)
conn.commit()
# Fara creds efemere pe submission -> fallback la slotul per-env
creds_test = w._creds_from_account(conn, 1, "test")
creds_prod = w._creds_from_account(conn, 1, "prod")
assert creds_test is not None, "slotul test trebuia sa aiba creds"
assert creds_test["email"] == "test@rar.ro"
assert creds_prod is not None, "slotul prod trebuia sa aiba creds"
assert creds_prod["email"] == "prod@rar.ro"
# Crucialmente: prod NU ia creds din slotul test
assert creds_prod["email"] != creds_test["email"]
# ---------------------------------------------------------------------------
# test_purge_creds_doar_pe_env (auto-fix E1/1a)
# ---------------------------------------------------------------------------
def test_purge_creds_doar_pe_env(env, monkeypatch):
"""Dupa login pe env=test, creds efemere ale submission-urilor PROD raman neatinse.
Scopul purjarii: WHERE account_id=? AND rar_env=?. Altfel un login TEST sterge
creds ale submission-urilor PROD -> prod blocat (auto-fix E1/1a).
"""
import app.worker.__main__ as w
from app.crypto import encrypt_creds
_created_clients.clear()
monkeypatch.setattr(w, "RarClient", FakeRarClient)
conn, settings = env
enc = encrypt_creds({"email": "u@rar.ro", "password": "pw"})
# Doua submission-uri ale aceluiasi cont: unul test, unul prod (ambele cu creds efemere)
sid_test = _insert_sub(conn, account_id=1, rar_env="test", creds_enc=enc)
sid_prod = _insert_sub(conn, account_id=1, rar_env="prod", creds_enc=enc)
sessions = w.AccountSessions(settings)
# Login pe env=test
sessions.get_token(conn, 1, {"email": "u@rar.ro", "password": "pw"}, "test")
# Creds efemere ale submission-ului TEST trebuie sterse (purjare normala)
row_test = _row(conn, sid_test)
assert row_test["rar_creds_enc"] is None, "creds test trebuiau sterse dupa login test"
# Creds efemere ale submission-ului PROD trebuie PASTRATE (nu sunt pentru env=test)
row_prod = _row(conn, sid_prod)
assert row_prod["rar_creds_enc"] is not None, \
"creds prod NU trebuiau sterse la login test (auto-fix E1/1a)"
# ---------------------------------------------------------------------------
# test_reconcile_pe_env_corect (auto-fix 1b/E6)
# ---------------------------------------------------------------------------
def test_reconcile_pe_env_corect(env, monkeypatch):
"""Un orfan env=prod e reconciliat contra endpoint PROD, nu contra test.
auto-fix 1b/E6: recover_orphans filtreaza pe rar_env si foloseste clientul/token-ul
env-ului corect. Orfanii prod contra endpoint test -> no-match -> re-POST prod =
DUPLICAT real ireversibil.
"""
import app.worker.__main__ as w
conn, settings = env
# Submission prod orfan (sending de mult timp)
sid_prod = _insert_sub(conn, account_id=1, rar_env="prod", status="sending")
conn.execute(
"UPDATE submissions SET sending_since=datetime('now', '-1 hour') WHERE id=?", (sid_prod,)
)
conn.commit()
# Submission test orfan (de verificat ca NU e atins de recover_orphans(rar_env='prod'))
sid_test = _insert_sub(conn, account_id=1, rar_env="test", status="sending")
conn.execute(
"UPDATE submissions SET sending_since=datetime('now', '-1 hour') WHERE id=?", (sid_test,)
)
conn.commit()
# Clientul prod fake — "gaseste" prezentarea prod la RAR
class FakeProdRar:
def __init__(self):
self.get_finalizate_calls = 0
def get_finalizate(self, token):
self.get_finalizate_calls += 1
return [{"id": 9999, "vin": "WVWZZZ1KZAW000123",
"dataPrestatie": "2026-06-15", "odometruFinal": 123456}]
def post_prezentare(self, token, payload):
return {"id": 9999}
# Clientul test fake — nu gaseste nimic (sistemul test nu are prezentarea)
class FakeTestRar:
def __init__(self):
self.get_finalizate_calls = 0
def get_finalizate(self, token):
self.get_finalizate_calls += 1
return [] # nu e la RAR test
def post_prezentare(self, token, payload):
return {"id": 1111}
rar_prod = FakeProdRar()
rar_test = FakeTestRar()
# Apelam recover_orphans cu clientul PROD si env='prod' -> trebuie sa gaseasca orfanul prod
n = w.recover_orphans(conn, settings, rar_prod, "tok-prod", account_id=1, rar_env="prod")
assert n == 1, f"trebuia sa reconcilieze 1 orfan prod, a gasit {n}"
row_prod = _row(conn, sid_prod)
assert row_prod["status"] == "sent", f"orfanul prod trebuia marcat sent, e {row_prod['status']}"
assert row_prod["id_prezentare"] == 9999
# Submission-ul TEST nu trebuia atins de recover_orphans cu rar_env='prod'
row_test = _row(conn, sid_test)
assert row_test["status"] == "sending", \
f"orfanul test NU trebuia atins de recover cu env=prod, e {row_test['status']}"
# Confirmare ca clientul prod a interogat finalizate (reconciliere pe endpoint corect)
assert rar_prod.get_finalizate_calls == 1
# Clientul test NU trebuia folosit (recover_orphans cu env=prod NU atinge endpoint test)
assert rar_test.get_finalizate_calls == 0