c842e3352a
Implementeaza PRD 5.6 complet (14 stories, TDD). Doua axe:
Lifecycle trimiteri blocate (Val A):
- submissions_admin.py: sterge/repune scoped (404 cross-account inaintea lui 409 stare)
- reactivare dedup peste `error` cu CAS (WHERE id=? AND status='error'), creds noi in
submissions + accounts.rar_creds_enc; worker invalideaza sesiunea RAR la creds proaspete
(JWT 30h vechi nu mai trimite cu parola gresita); camp aditiv `reactivated:true`
- retentie randuri blocate 30z; purge_expired exclude queued/sending; purge_after curatat
la reactivare/requeue
- API DELETE /v1/prezentari/{id} + /repune (200+JSON); UI butoane + bulk + banner actionabil
Observabilitate:
- app/observ.py log_event: dublu canal app_events (DB) + RotatingFileHandler per-proces,
redactare creds/PII la scriere (redact_pii/vin_partial)
- request_id middleware + X-Request-ID pe toate raspunsurile
- handler global excepții -> 500 envelope 6-chei + request_id (traceback doar in jurnal)
- audit cerere API (api_prezentari/api_auth_esuat) + audit worker (rar_login/tranzitii)
- tab "Jurnal" filtrabil scoped (non-admin doar contul sau); retentie jurnal 90z
- rar_error expus in GET /v1/prezentari/{id} (recovery observabil)
pytest -q: 741 passed, 0 failed. Docs: PRD raport VERIFY, contract endpointuri noi, ROADMAP.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
123 lines
4.2 KiB
Python
123 lines
4.2 KiB
Python
"""Teste US-005 (PRD 5.6): audit login RAR + ciclu de viata trimiteri (worker)."""
|
|
|
|
from __future__ import annotations
|
|
|
|
import json
|
|
import os
|
|
import tempfile
|
|
|
|
import pytest
|
|
|
|
from app.rar_client import RarAuthError
|
|
|
|
|
|
@pytest.fixture()
|
|
def env(monkeypatch):
|
|
tmp = tempfile.mkdtemp()
|
|
monkeypatch.setenv("AUTOPASS_DB_PATH", os.path.join(tmp, "wo.db"))
|
|
monkeypatch.setenv("AUTOPASS_LOG_DIR", os.path.join(tmp, "logs"))
|
|
from app.config import get_settings
|
|
get_settings.cache_clear()
|
|
from app.db import get_connection, init_db
|
|
init_db()
|
|
conn = get_connection()
|
|
settings = get_settings()
|
|
yield conn, settings
|
|
conn.close()
|
|
get_settings.cache_clear()
|
|
|
|
|
|
_CONTENT = {"vin": "WVWZZZ1KZAW000123", "nr_inmatriculare": "B999TST",
|
|
"data_prestatie": "2026-06-15", "odometru_final": "123456",
|
|
"prestatii": [{"cod_prestatie": "OE-1"}], "sistem_reparat": "null"}
|
|
|
|
|
|
def _events(conn, tip=None):
|
|
if tip:
|
|
return conn.execute("SELECT * FROM app_events WHERE tip=?", (tip,)).fetchall()
|
|
return conn.execute("SELECT * FROM app_events").fetchall()
|
|
|
|
|
|
class FakeRar:
|
|
def __init__(self, *, token="JWT-TEST", login_exc=None, post_result=None):
|
|
self.token = token
|
|
self.login_exc = login_exc
|
|
self.post_result = post_result if post_result is not None else {"id": 1000}
|
|
self.closed = False
|
|
|
|
def login(self, email, password):
|
|
if self.login_exc:
|
|
raise self.login_exc
|
|
return self.token
|
|
|
|
def get_nomenclator(self, token):
|
|
return []
|
|
|
|
def post_prezentare(self, token, payload):
|
|
return self.post_result
|
|
|
|
def close(self):
|
|
self.closed = True
|
|
|
|
|
|
def test_login_reusit_logat(env, monkeypatch):
|
|
conn, settings = env
|
|
import app.worker.__main__ as w
|
|
monkeypatch.setattr(w, "RarClient", lambda s: FakeRar())
|
|
sessions = w.AccountSessions(settings)
|
|
tok = sessions.get_token(conn, 2, {"email": "a@b.ro", "password": "secretaXY"})
|
|
assert tok == "JWT-TEST"
|
|
rows = _events(conn, "rar_login")
|
|
assert len(rows) == 1
|
|
assert rows[0]["account_id"] == 2
|
|
ctx = rows[0]["context_json"]
|
|
assert "ok" in ctx
|
|
# fara parola in clar nicaieri
|
|
assert "secretaXY" not in (rows[0]["mesaj"] or "")
|
|
assert "secretaXY" not in (ctx or "")
|
|
|
|
|
|
def test_login_401_logat_fara_parola(env, monkeypatch):
|
|
conn, settings = env
|
|
import app.worker.__main__ as w
|
|
monkeypatch.setattr(w, "RarClient", lambda s: FakeRar(login_exc=RarAuthError("401", status_code=401)))
|
|
sessions = w.AccountSessions(settings)
|
|
with pytest.raises(RarAuthError):
|
|
sessions.get_token(conn, 3, {"email": "a@b.ro", "password": "parolaGRESITA"})
|
|
rows = _events(conn, "rar_login")
|
|
assert len(rows) == 1
|
|
assert rows[0]["nivel"] == "WARNING"
|
|
assert "esuat" in rows[0]["context_json"]
|
|
assert "parolaGRESITA" not in (rows[0]["context_json"] or "")
|
|
assert "parolaGRESITA" not in (rows[0]["mesaj"] or "")
|
|
|
|
|
|
def test_tranzitie_sent_si_error_logate(env, monkeypatch):
|
|
conn, settings = env
|
|
import app.worker.__main__ as w
|
|
from app.accounts import create_account
|
|
acct = create_account(conn, "Service Worker Obs", active=True)
|
|
cur = conn.execute(
|
|
"INSERT INTO submissions (idempotency_key, account_id, status, payload_json) VALUES (?, ?, 'sending', ?)",
|
|
(f"k-{os.urandom(4).hex()}", acct, json.dumps(_CONTENT)),
|
|
)
|
|
sid = int(cur.lastrowid)
|
|
claimed = {"id": sid, "account_id": acct, "content": _CONTENT}
|
|
rar = FakeRar()
|
|
res = w.process_one(conn, settings, rar, "tok", claimed)
|
|
assert res == "sent"
|
|
assert len(_events(conn, "submission_sent")) == 1
|
|
assert _events(conn, "submission_sent")[0]["account_id"] == 2
|
|
|
|
# eroare 4xx nerecuperabila -> submission_error
|
|
from app.rar_client import RarError
|
|
cur2 = conn.execute(
|
|
"INSERT INTO submissions (idempotency_key, account_id, status, payload_json) VALUES (?, 2, 'sending', ?)",
|
|
(f"k-{os.urandom(4).hex()}", json.dumps(_CONTENT)),
|
|
)
|
|
sid2 = int(cur2.lastrowid)
|
|
rar_err = FakeRar()
|
|
rar_err.post_prezentare = lambda t, p: (_ for _ in ()).throw(RarError("403", status_code=403))
|
|
w.process_one(conn, settings, rar_err, "tok", {"id": sid2, "account_id": 2, "content": _CONTENT})
|
|
assert len(_events(conn, "submission_error")) == 1
|