"""Teste US-012 (PRD 5.20): audit evenimente medii RAR + e2e lant submission. Fisier nou; nu modifica teste existente. Teste: test_lant_import_pana_la_queued -- submission ajunge la status=queued cu rar_env corect test_activare_prod_logata -- activarea mediului Productie produce eveniment de audit test_tinta_indisponibila_blocata_si_logata -- cerere pe mediu indisponibil -> 422 + eveniment audit """ from __future__ import annotations import json import os import re import tempfile import pytest from cryptography.fernet import Fernet from starlette.testclient import TestClient # --------------------------------------------------------------------------- # Fixture # --------------------------------------------------------------------------- @pytest.fixture() def client(monkeypatch): """Client izolat cu DB temporara + cheie Fernet pentru criptare creds.""" tmp = tempfile.mkdtemp() monkeypatch.setenv("AUTOPASS_DB_PATH", os.path.join(tmp, "t_e2e_env.db")) monkeypatch.setenv("AUTOPASS_CREDS_KEY", Fernet.generate_key().decode()) monkeypatch.setenv("AUTOPASS_REQUIRE_API_KEY", "false") monkeypatch.setenv("AUTOPASS_LOG_DIR", os.path.join(tmp, "logs")) from app.config import get_settings from app import crypto get_settings.cache_clear() crypto.reset_cache() from app.main import app with TestClient(app, follow_redirects=False) as c: yield c get_settings.cache_clear() crypto.reset_cache() # --------------------------------------------------------------------------- # Helpere # --------------------------------------------------------------------------- def _create_account_user( name: str = "Service E2E SRL", email: str = "user@e2e.com", password: str = "parolasecreta10", ): """Creeaza cont + user via create_account/create_user (id>=2; conta default e id=1). Returneaza (acct_id, user_id). """ from app.accounts import create_account from app.users import create_user from app.db import get_connection conn = get_connection() try: acct_id = create_account(conn, name, active=True) user_id = create_user(conn, acct_id, email, password) return acct_id, user_id finally: conn.close() def _login(client, email: str, password: str) -> None: """Face login real prin HTTP si seteaza cookie-ul de sesiune pe client.""" resp = client.get("/login") assert resp.status_code == 200 m = re.search(r'name="csrf_token"\s+value="([^"]+)"', resp.text) if not m: m = re.search(r'value="([^"]+)"\s+name="csrf_token"', resp.text) assert m, "csrf_token negasit pe /login" csrf = m.group(1) resp = client.post("/login", data={ "email": email, "parola": password, "csrf_token": csrf, }) assert resp.status_code == 303, f"Login esuat: {resp.status_code} {resp.text[:200]}" def _get_csrf(client) -> str: """Obtine CSRF token din fragmentul /_fragments/cont.""" resp = client.get("/_fragments/cont") assert resp.status_code == 200, f"/_fragments/cont a returnat {resp.status_code}" m = re.search(r'name="csrf_token"\s+value="([^"]+)"', resp.text) if not m: m = re.search(r'value="([^"]+)"\s+name="csrf_token"', resp.text) assert m, f"csrf_token negasit in /_fragments/cont: {resp.text[:400]}" return m.group(1) def _mock_login_ok(monkeypatch) -> None: """Monkeypatch _valideaza_login_rar sa returneze (True, None) fara RAR live.""" import app.web.routes as routes_mod monkeypatch.setattr(routes_mod, "_valideaza_login_rar", lambda *a, **kw: (True, None)) def _seteaza_mediu_disponibil_acct(acct_id: int, env: str) -> None: """Activeaza mediul `env` cu creds criptate mock direct in DB pentru contul dat.""" from app.db import get_connection from app.crypto import encrypt_creds enc = encrypt_creds({"email": f"rar_{env}@firma.ro", "password": f"parola_{env}"}) conn = get_connection() try: if env == "test": conn.execute( "UPDATE accounts SET rar_test_enabled=1, rar_creds_test_enc=?, " "rar_env_default='test' WHERE id=?", (enc, acct_id), ) elif env == "prod": conn.execute( "UPDATE accounts SET rar_prod_enabled=1, rar_creds_prod_enc=?, " "rar_env_default='prod' WHERE id=?", (enc, acct_id), ) conn.commit() finally: conn.close() def _get_events(tip: str) -> list: """Returneaza randurile din app_events cu tipul specificat.""" from app.db import get_connection conn = get_connection() try: return conn.execute( "SELECT * FROM app_events WHERE tip=?", (tip,) ).fetchall() finally: conn.close() # --------------------------------------------------------------------------- # Teste # --------------------------------------------------------------------------- def test_lant_import_pana_la_queued(client): """Canal API (POST /v1/prezentari) cu mediu test disponibil -> submission status=queued, rar_env='test' in DB. AUTOPASS_REQUIRE_API_KEY=false -> cererea e procesata pe contul implicit id=1. Configuram mediul test direct in DB pe accel cont (id=1). Canal import web e2e (upload + mapare + confirmare) e acoperit complet in tests/test_import_rar_env.py; acest test verifica propagarea rar_env pe calea API. """ # Configureaza mediu test pe contul implicit id=1 (cel utilizat de API fara cheie) _seteaza_mediu_disponibil_acct(1, "test") body = { "prezentari": [{ "vin": "WVWZZZ1KZAW001001", "nr_inmatriculare": "B001E2E", "data_prestatie": "2026-07-01", "odometru_final": "50000", "prestatii": [{"cod_prestatie": "OE-1"}], }] } resp = client.post("/v1/prezentari", json=body) assert resp.status_code == 200, ( f"POST /v1/prezentari a esuat: {resp.status_code} {resp.text[:400]}" ) # Verifica in DB: submission are status=queued sau needs_mapping (cod necunoscut in nomenclator) # si rar_env=test (mediul contului) from app.db import get_connection conn = get_connection() try: sub = conn.execute( "SELECT status, rar_env FROM submissions WHERE account_id=1 ORDER BY id DESC LIMIT 1" ).fetchone() finally: conn.close() assert sub is not None, "Niciun submission creat dupa POST /v1/prezentari" # status poate fi 'queued' sau 'needs_mapping' (nomenclator gol); rar_env trebuie sa fie 'test' assert sub["status"] in ("queued", "needs_mapping"), ( f"Status neasteptat: {sub['status']!r}" ) assert sub["rar_env"] == "test", ( f"rar_env asteptat 'test' (mediul contului), primit {sub['rar_env']!r}" ) def test_activare_prod_logata(client, monkeypatch): """Activarea mediului Productie via POST /cont/rar-medii produce eveniment 'rar_env_activat' in app_events cu context env='prod' si account_id corect. """ _mock_login_ok(monkeypatch) acct_id, _ = _create_account_user("Firma AuditProd", "audit_prod@test.com") _login(client, "audit_prod@test.com", "parolasecreta10") # Pas 0: dezactiveaza prod mai intai (schema default are rar_prod_enabled=1 fara creds) # Trimitem form fara prod_enabled -> rar_prod_enabled devine 0 csrf = _get_csrf(client) client.post("/cont/rar-medii", data={"csrf_token": csrf}) # Pas 1: activeaza prod cu creds + confirmare (mock login ok) csrf = _get_csrf(client) resp = client.post("/cont/rar-medii", data={ "csrf_token": csrf, "prod_enabled": "1", "prod_email": "rar_prod@firma.ro", "prod_parola": "parolaRARprod", "prod_confirmare": "1", }) assert resp.status_code == 200, f"Activare prod a esuat: {resp.status_code} {resp.text[:400]}" # Verifica eveniment de audit in app_events events = _get_events("rar_env_activat") assert len(events) >= 1, ( f"Eveniment 'rar_env_activat' asteptat in app_events dupa activare prod, " f"gasit {len(events)}" ) # Evenimentul trebuie sa contina env='prod' in context_json prod_events = [e for e in events if "prod" in (e["context_json"] or "")] assert len(prod_events) >= 1, ( f"Eveniment 'rar_env_activat' cu env='prod' negasit; " f"events={[e['context_json'] for e in events]}" ) ctx = json.loads(prod_events[-1]["context_json"]) assert ctx.get("env") == "prod", f"context_json.env asteptat 'prod', primit {ctx!r}" assert prod_events[-1]["account_id"] == acct_id, ( f"account_id asteptat {acct_id}, primit {prod_events[-1]['account_id']}" ) def test_tinta_indisponibila_blocata_si_logata(client): """POST /v1/prezentari cu rar_env='prod' pe un cont fara prod disponibil (rar_prod_enabled=1 dar fara creds) e respinsa cu 422 SI produce eveniment 'rar_env_blocat' in app_events cu context env='prod'. Contul implicit (id=1, AUTOPASS_REQUIRE_API_KEY=false) are rar_prod_enabled=1 dar rar_creds_prod_enc=NULL -> prod indisponibil -> MediuIndisponibil -> 422. """ # Contul 1 implicit: rar_prod_enabled=1 dar fara creds -> prod indisponibil # Asiguram ca test e de asemenea indisponibil (stare fresh DB) body = { "prezentari": [{ "vin": "WVWZZZ1KZAW002002", "nr_inmatriculare": "B002E2E", "data_prestatie": "2026-07-01", "odometru_final": "60000", "prestatii": [{"cod_prestatie": "OE-1"}], }], "rar_env": "prod", } resp = client.post("/v1/prezentari", json=body) assert resp.status_code == 422, ( f"Asteptat 422 (mediu indisponibil), primit {resp.status_code}: {resp.text[:300]}" ) # Verifica ca cererea a fost logata ca blocat events = _get_events("rar_env_blocat") assert len(events) >= 1, ( f"Eveniment 'rar_env_blocat' asteptat in app_events dupa respingere, " f"gasit {len(events)}" ) ctx = json.loads(events[-1]["context_json"]) assert ctx.get("env") == "prod", ( f"context_json.env asteptat 'prod', primit {ctx!r}" )