"""Teste US-004 (PRD 3.5): "Coada" -> "Trimiteri" tabel lizibil + detaliu la click. Coloane umane (RO), stare via labels (nu "sent" brut), vehicul/operatie/data din payload, motiv uman. Detaliu scoped pe cont (404 cross-account). """ from __future__ import annotations import json import os import re import tempfile import pytest from starlette.testclient import TestClient def _create_account_user(email: str, name: str = "Service", password: str = "parolasecreta10"): from app.accounts import create_account from app.users import create_user from app.db import get_connection conn = get_connection() try: acct_id = create_account(conn, name, active=True) create_user(conn, acct_id, email, password) return acct_id finally: conn.close() def _login(client, email: str, password: str = "parolasecreta10") -> None: resp = client.get("/login") m = re.search(r'name="csrf_token"\s+value="([^"]+)"', resp.text) or \ re.search(r'value="([^"]+)"\s+name="csrf_token"', resp.text) assert m resp = client.post("/login", data={"email": email, "parola": password, "csrf_token": m.group(1)}) assert resp.status_code == 303 def _insert_submission(acct: int, status: str = "sent", *, payload: dict | None = None, rar_error: str | None = None, id_prezentare=None) -> int: from app.db import get_connection conn = get_connection() try: p = payload if payload is not None else { "vin": "WVWZZZ1JZXW000777", "nr_inmatriculare": "B777ZZZ", "data_prestatie": "2026-06-18", "odometru_final": "55000", "prestatii": [{"cod_prestatie": "R-FRANE", "denumire": "Reparatie frane"}], } cur = conn.execute( "INSERT INTO submissions (idempotency_key, account_id, status, payload_json, rar_error, id_prezentare) " "VALUES (?, ?, ?, ?, ?, ?)", (f"k-{status}-{os.urandom(4).hex()}", acct, status, json.dumps(p), rar_error, id_prezentare), ) conn.commit() return int(cur.lastrowid) finally: conn.close() @pytest.fixture() def client(monkeypatch): tmp = tempfile.mkdtemp() monkeypatch.setenv("AUTOPASS_DB_PATH", os.path.join(tmp, "subm.db")) monkeypatch.setenv("AUTOPASS_WEB_AUTH_REQUIRED", "true") from app.config import get_settings get_settings.cache_clear() from app.web import ratelimit ratelimit._hits.clear() from app.main import app with TestClient(app, follow_redirects=False) as c: yield c ratelimit._hits.clear() get_settings.cache_clear() def test_submissions_coloane_umane(client): """Antete RO; stare umana (nu 'sent'); vehicul/operatie din payload; fara 'HTTP RAR' ca antet.""" acct = _create_account_user("col@test.com") _insert_submission(acct, "sent", id_prezentare=68516) _login(client, "col@test.com") resp = client.get("/_fragments/submissions") assert resp.status_code == 200 html = resp.text # Antete romanesti for antet in ("Stare", "Vehicul", "Operatie", "Data prestatie", "Nr. prezentare RAR", "Motiv"): assert antet in html, f"Lipseste antetul '{antet}'" # "HTTP RAR" NU mai e antet principal de coloana assert "HTTP RAR" not in html # Starea afisata e text uman, nu 'sent' brut intr-un pill assert ">sent<" not in html, "Starea bruta 'sent' nu ar trebui afisata" assert "Declarate la RAR" in html, "Starea umana lipseste" # Vehicul + operatie din payload, nu doar idPrezentare assert "B777ZZZ" in html assert "Reparatie frane" in html def test_tab_eticheta_trimiteri(client): """Eticheta tab e 'Trimiteri' dar deep-link ?tab=coada ramane valid.""" _create_account_user("et@test.com") _login(client, "et@test.com") resp = client.get("/?tab=coada") assert resp.status_code == 200 assert "Trimiteri" in resp.text assert 'id="tab-coada"' in resp.text def test_motiv_needs_data_afisat(client): """Pentru needs_data, coloana Motiv arata motivul (nu gol cand exista rar_error).""" acct = _create_account_user("motiv@test.com") _insert_submission( acct, "needs_data", rar_error=json.dumps([{"field": "odometru_final", "message": "lipsa odometru"}]), ) _login(client, "motiv@test.com") resp = client.get("/_fragments/submissions") assert resp.status_code == 200 assert "lipsa odometru" in resp.text def test_detaliu_trimitere(client): """/_fragments/trimitere/{id} intoarce detaliul complet scoped pe cont.""" acct = _create_account_user("det@test.com") sid = _insert_submission(acct, "sent", id_prezentare=99001) _login(client, "det@test.com") resp = client.get(f"/_fragments/trimitere/{sid}") assert resp.status_code == 200 html = resp.text assert f"Detaliu trimitere #{sid}" in html assert "WVWZZZ1JZXW000777" in html # VIN integral in detaliu assert "99001" in html # nr prezentare RAR def test_detaliu_trimitere_404_cross_account(client): """Detaliul altui cont -> 404 (fara leak).""" acct1 = _create_account_user("d1@test.com", name="C1") _create_account_user("d2@test.com", name="C2") sid1 = _insert_submission(acct1, "sent") _login(client, "d2@test.com") resp = client.get(f"/_fragments/trimitere/{sid1}") assert resp.status_code == 404 # acelasi 404 pentru un id inexistent resp2 = client.get("/_fragments/trimitere/999999") assert resp2.status_code == 404