rar-autopass/tests/test_web_submissions.py

"""Teste US-004 (PRD 3.5): "Coada" -> "Trimiteri" tabel lizibil + detaliu la click.

Coloane umane (RO), stare via labels (nu "sent" brut), vehicul/operatie/data din
payload, motiv uman. Detaliu scoped pe cont (404 cross-account).
"""

from __future__ import annotations

import json
import os
import re
import tempfile

import pytest
from starlette.testclient import TestClient


def _create_account_user(email: str, name: str = "Service", password: str = "parolasecreta10"):
    from app.accounts import create_account
    from app.users import create_user
    from app.db import get_connection

    conn = get_connection()
    try:
        acct_id = create_account(conn, name, active=True)
        create_user(conn, acct_id, email, password)
        return acct_id
    finally:
        conn.close()


def _login(client, email: str, password: str = "parolasecreta10") -> None:
    resp = client.get("/login")
    m = re.search(r'name="csrf_token"\s+value="([^"]+)"', resp.text) or \
        re.search(r'value="([^"]+)"\s+name="csrf_token"', resp.text)
    assert m
    resp = client.post("/login", data={"email": email, "parola": password, "csrf_token": m.group(1)})
    assert resp.status_code == 303


def _insert_submission(acct: int, status: str = "sent", *, payload: dict | None = None,
                       rar_error: str | None = None, id_prezentare=None) -> int:
    from app.db import get_connection
    conn = get_connection()
    try:
        p = payload if payload is not None else {
            "vin": "WVWZZZ1JZXW000777",
            "nr_inmatriculare": "B777ZZZ",
            "data_prestatie": "2026-06-18",
            "odometru_final": "55000",
            "prestatii": [{"cod_prestatie": "R-FRANE", "denumire": "Reparatie frane"}],
        }
        cur = conn.execute(
            "INSERT INTO submissions (idempotency_key, account_id, status, payload_json, rar_error, id_prezentare) "
            "VALUES (?, ?, ?, ?, ?, ?)",
            (f"k-{status}-{os.urandom(4).hex()}", acct, status, json.dumps(p), rar_error, id_prezentare),
        )
        conn.commit()
        return int(cur.lastrowid)
    finally:
        conn.close()


@pytest.fixture()
def client(monkeypatch):
    tmp = tempfile.mkdtemp()
    monkeypatch.setenv("AUTOPASS_DB_PATH", os.path.join(tmp, "subm.db"))
    monkeypatch.setenv("AUTOPASS_WEB_AUTH_REQUIRED", "true")
    from app.config import get_settings
    get_settings.cache_clear()
    from app.web import ratelimit
    ratelimit._hits.clear()
    from app.main import app
    with TestClient(app, follow_redirects=False) as c:
        yield c
    ratelimit._hits.clear()
    get_settings.cache_clear()


def test_submissions_coloane_umane(client):
    """Antete RO; stare umana (nu 'sent'); vehicul/operatie din payload; fara 'HTTP RAR' ca antet."""
    acct = _create_account_user("col@test.com")
    _insert_submission(acct, "sent", id_prezentare=68516)
    _login(client, "col@test.com")

    resp = client.get("/_fragments/submissions")
    assert resp.status_code == 200
    html = resp.text
    # Antete romanesti (Motiv a iesit din tabel in PRD 5.8 US-007 -> traieste in detaliu)
    for antet in ("Stare", "Vehicul", "Operatie", "Data prestatie", "Nr. prezentare RAR"):
        assert antet in html, f"Lipseste antetul '{antet}'"
    # "HTTP RAR" NU mai e antet principal de coloana
    assert "<th>HTTP RAR</th>" not in html
    # Starea afisata e text uman, nu 'sent' brut intr-un pill
    assert ">sent<" not in html, "Starea bruta 'sent' nu ar trebui afisata"
    assert "Declarate la RAR" in html, "Starea umana lipseste"
    # Vehicul + operatie din payload, nu doar idPrezentare
    assert "B777ZZZ" in html
    assert "Reparatie frane" in html


def test_tab_eticheta_trimiteri(client):
    """US-003 (3.6): tab-ul 'Trimiteri' a fost eliminat; deep-link ?tab=coada ramane
    valid (nu 404) si serveste continutul Acasa."""
    _create_account_user("et@test.com")
    _login(client, "et@test.com")
    resp = client.get("/?tab=coada")
    assert resp.status_code == 200
    # Trimiterile traiesc acum pe Acasa, nu pe un tab separat.
    assert 'id="tab-coada"' not in resp.text
    assert 'id="acasa-section"' in resp.text or 'id="import-section"' in resp.text


def test_motiv_needs_data_afisat(client):
    """Pentru needs_data, motivul apare in detaliu (PRD 5.8 US-007: Motiv a iesit din tabel)."""
    acct = _create_account_user("motiv@test.com")
    sid = _insert_submission(
        acct, "needs_data",
        rar_error=json.dumps([{"field": "odometru_final", "message": "lipsa odometru"}]),
    )
    _login(client, "motiv@test.com")
    resp = client.get(f"/_fragments/trimitere/{sid}")
    assert resp.status_code == 200
    assert "lipsa odometru" in resp.text


def test_tabel_nu_are_coloana_motiv(client):
    """PRD 5.8 US-007: coloana Motiv eliminata din thead/tbody (e in detaliu)."""
    acct = _create_account_user("nomotiv@test.com")
    _insert_submission(
        acct, "needs_data",
        rar_error=json.dumps([{"field": "odometru_final", "message": "lipsa odometru xyz"}]),
    )
    _login(client, "nomotiv@test.com")
    resp = client.get("/_fragments/submissions")
    assert resp.status_code == 200
    html = resp.text
    assert "<th>Motiv</th>" not in html
    # continutul Motiv nu mai apare in tabel (a fost mutat in detaliu)
    assert "lipsa odometru xyz" not in html


def test_operatie_contine_cod_rar(client):
    """PRD 5.8 US-007: coloana Operatie arata 'cod RAR: XXX' cand mapat, 'nemapat' cand nu."""
    acct = _create_account_user("codrar@test.com")
    # mapat: are cod_prestatie -> cod RAR vizibil
    _insert_submission(acct, "sent", payload={
        "vin": "WVWZZZ1JZXW000111",
        "nr_inmatriculare": "B111AAA",
        "data_prestatie": "2026-06-18",
        "odometru_final": "10000",
        "prestatii": [{"cod_prestatie": "OE-2", "denumire": "Verificare X"}],
    })
    # nemapat: doar cod_op_service -> "nemapat"
    _insert_submission(acct, "needs_mapping", payload={
        "vin": "WVWZZZ1JZXW000222",
        "nr_inmatriculare": "B222BBB",
        "data_prestatie": "2026-06-18",
        "odometru_final": "20000",
        "prestatii": [{"cod_op_service": "INTERN9", "denumire": "Spalare auto"}],
    })
    _login(client, "codrar@test.com")
    resp = client.get("/_fragments/submissions")
    assert resp.status_code == 200
    html = resp.text
    assert "cod RAR: OE-2" in html
    assert "nemapat" in html


def test_pill_eticheta_scurta(client):
    """PRD 5.8 US-007/US-006: pill-ul de Stare foloseste eticheta scurta; textul lung in title."""
    acct = _create_account_user("pill@test.com")
    _insert_submission(acct, "sent", id_prezentare=70001)
    _login(client, "pill@test.com")
    resp = client.get("/_fragments/submissions")
    assert resp.status_code == 200
    html = resp.text
    # eticheta scurta in pill
    assert ">Finalizat<" in html
    # textul lung pastrat ca tooltip (title)
    assert 'title="Declarate la RAR' in html


def test_detaliu_trimitere(client):
    """/_fragments/trimitere/{id} intoarce detaliul complet scoped pe cont."""
    acct = _create_account_user("det@test.com")
    sid = _insert_submission(acct, "sent", id_prezentare=99001)
    _login(client, "det@test.com")

    resp = client.get(f"/_fragments/trimitere/{sid}")
    assert resp.status_code == 200
    html = resp.text
    assert f"Detaliu trimitere #{sid}" in html
    assert "WVWZZZ1JZXW000777" in html  # VIN integral in detaliu
    assert "99001" in html  # nr prezentare RAR


def test_detaliu_trimitere_404_cross_account(client):
    """Detaliul altui cont -> 404 (fara leak)."""
    acct1 = _create_account_user("d1@test.com", name="C1")
    _create_account_user("d2@test.com", name="C2")
    sid1 = _insert_submission(acct1, "sent")

    _login(client, "d2@test.com")
    resp = client.get(f"/_fragments/trimitere/{sid1}")
    assert resp.status_code == 404
    # acelasi 404 pentru un id inexistent
    resp2 = client.get("/_fragments/trimitere/999999")
    assert resp2.status_code == 404