"""Teste US-010 (PRD 3.5): corectie inline pentru randuri ne-trimise blocate. needs_data corectat valid -> queued cu payload + idempotency actualizate; sent read-only (403); coliziune de idempotency prinsa pre-UPDATE (fara 500/duplicat); cross-account interzis (404). """ from __future__ import annotations import json import os import re import tempfile import pytest from starlette.testclient import TestClient def _create_account_user(email: str, name: str = "Service", password: str = "parolasecreta10"): from app.accounts import create_account from app.users import create_user from app.db import get_connection conn = get_connection() try: acct_id = create_account(conn, name, active=True) create_user(conn, acct_id, email, password) return acct_id finally: conn.close() def _login(client, email: str, password: str = "parolasecreta10") -> None: resp = client.get("/login") m = re.search(r'name="csrf_token"\s+value="([^"]+)"', resp.text) or \ re.search(r'value="([^"]+)"\s+name="csrf_token"', resp.text) assert m resp = client.post("/login", data={"email": email, "parola": password, "csrf_token": m.group(1)}) assert resp.status_code == 303 def _csrf(client) -> str: resp = client.get("/?tab=coada") m = re.search(r'name="csrf_token"\s+value="([^"]+)"', resp.text) assert m return m.group(1) def _insert(acct: int, *, status: str, payload: dict, key: str | None = None) -> int: from app.db import get_connection conn = get_connection() try: k = key or f"k-{os.urandom(6).hex()}" cur = conn.execute( "INSERT INTO submissions (idempotency_key, account_id, status, payload_json) VALUES (?, ?, ?, ?)", (k, acct, status, json.dumps(payload)), ) conn.commit() return int(cur.lastrowid) finally: conn.close() def _row(sid: int): from app.db import get_connection conn = get_connection() try: return conn.execute("SELECT * FROM submissions WHERE id=?", (sid,)).fetchone() finally: conn.close() def _payload(vin: str, *, odo: str = "55000") -> dict: return { "vin": vin, "nr_inmatriculare": "B100AAA", "data_prestatie": "2026-06-10", "odometru_final": odo, "prestatii": [{"cod_prestatie": "R-X"}], } @pytest.fixture() def client(monkeypatch): tmp = tempfile.mkdtemp() monkeypatch.setenv("AUTOPASS_DB_PATH", os.path.join(tmp, "corectie.db")) monkeypatch.setenv("AUTOPASS_WEB_AUTH_REQUIRED", "true") from app.config import get_settings get_settings.cache_clear() from app.web import ratelimit ratelimit._hits.clear() from app.main import app with TestClient(app, follow_redirects=False) as c: yield c ratelimit._hits.clear() get_settings.cache_clear() def test_corectie_needs_data(client): """needs_data fara odometru -> completez odometru -> queued, payload + key actualizate.""" acct = _create_account_user("cd@test.com") # needs_data: odometru gol sid = _insert(acct, status="needs_data", payload=_payload("WVWZZZ1JZXW0CD001", odo="")) old_key = _row(sid)["idempotency_key"] _login(client, "cd@test.com") csrf = _csrf(client) resp = client.post(f"/trimitere/{sid}/corecteaza", data={ "odometru_final": "77000", "csrf_token": csrf, }) assert resp.status_code == 200 r = _row(sid) assert r["status"] == "queued" assert json.loads(r["payload_json"])["odometru_final"] == "77000" assert r["idempotency_key"] != old_key # recalculata assert r["rar_error"] is None def test_corectie_inca_invalid_ramane_blocat(client): """Corectie cu date inca invalide -> ramane needs_data + mesaj de validare.""" acct = _create_account_user("ci@test.com") sid = _insert(acct, status="needs_data", payload=_payload("WVWZZZ1JZXW0CI001", odo="")) _login(client, "ci@test.com") csrf = _csrf(client) # odometru tot invalid (non-numeric) resp = client.post(f"/trimitere/{sid}/corecteaza", data={ "odometru_final": "abc", "csrf_token": csrf, }) assert resp.status_code == 200 assert _row(sid)["status"] == "needs_data" assert "odometruFinal" in resp.text # mesajul de validare e afisat def test_corectie_sent_interzis(client): """Randurile sent NU pot fi editate (read-only -> 403).""" acct = _create_account_user("cs@test.com") sid = _insert(acct, status="sent", payload=_payload("WVWZZZ1JZXW0CS001")) _login(client, "cs@test.com") csrf = _csrf(client) resp = client.post(f"/trimitere/{sid}/corecteaza", data={ "odometru_final": "88000", "csrf_token": csrf, }) assert resp.status_code == 403 assert _row(sid)["status"] == "sent" # neschimbat def test_corectie_coliziune_idempotency(client): """Daca noua cheie coincide cu alt submission -> oprire cu mesaj, fara 500/duplicat.""" from app.idempotency import build_key, canonicalize_row acct = _create_account_user("cc@test.com") target = _payload("WVWZZZ1JZXW0CC999", odo="99000") existing_key = build_key(acct, canonicalize_row(target)) # B: submission existent cu cheia tinta sid_b = _insert(acct, status="queued", payload=target, key=existing_key) # A: needs_data, acelasi continut dar fara odometru sid_a = _insert(acct, status="needs_data", payload=_payload("WVWZZZ1JZXW0CC999", odo="")) _login(client, "cc@test.com") csrf = _csrf(client) resp = client.post(f"/trimitere/{sid_a}/corecteaza", data={ "odometru_final": "99000", "csrf_token": csrf, }) assert resp.status_code == 200 assert "deja o trimitere identica" in resp.text assert f"#{sid_b}" in resp.text # A NU a fost re-pus in coada (a ramas blocat), B neatins assert _row(sid_a)["status"] == "needs_data" assert _row(sid_b)["idempotency_key"] == existing_key def test_corectie_needs_mapping_nu_ajunge_in_coada(client): """Un rand needs_mapping cu cod nemapat NU trece in queued la corectie de continut (altfel ar pleca la RAR cu codPrestatie null — FINALIZATA ireversibil).""" acct = _create_account_user("cm@test.com") payload = { "vin": "WVWZZZ1JZXW0CM001", "nr_inmatriculare": "B100AAA", "data_prestatie": "2026-06-10", "odometru_final": "", "prestatii": [{"cod_op_service": "OP-NEMAP", "denumire": "ceva"}], } sid = _insert(acct, status="needs_mapping", payload=payload) _login(client, "cm@test.com") csrf = _csrf(client) # completez odometru, dar codul ramane nemapat resp = client.post(f"/trimitere/{sid}/corecteaza", data={ "odometru_final": "70000", "csrf_token": csrf, }) assert resp.status_code == 200 assert _row(sid)["status"] == "needs_mapping" # NU queued assert "cod RAR" in resp.text.lower() or "mapari" in resp.text.lower() def test_corectie_cont_strain(client): """Corectie pe randul altui cont -> 404 (fara leak).""" acct1 = _create_account_user("ca1@test.com", name="C1") _create_account_user("ca2@test.com", name="C2") sid1 = _insert(acct1, status="needs_data", payload=_payload("WVWZZZ1JZXW0CA001", odo="")) _login(client, "ca2@test.com") csrf = _csrf(client) resp = client.post(f"/trimitere/{sid1}/corecteaza", data={ "odometru_final": "10000", "csrf_token": csrf, }) assert resp.status_code == 404 assert _row(sid1)["status"] == "needs_data" # neatins