Login de validare loveste base_url_pentru_env(env) (NU ancora globala); endpoint POST /cont/test-rar-creds + card in _integrare.html; mesaj distinct TESTARE vs PRODUCTIE la 401 incrucisat (confirmat live). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
178 lines
5.9 KiB
Python
178 lines
5.9 KiB
Python
"""Teste US-007 (PRD 5.20): validare credentiale RAR pe env-ul setului de creds.
|
|
|
|
Premisa confirmata live (2026-06-29): creds prod NU se valideaza pe RAR test si
|
|
invers (401 incrucisat). Deci login-ul de proba TREBUIE sa loveasca endpoint-ul
|
|
mediului caruia ii apartin credentialele, nu URL-ul global AUTOPASS_RAR_ENV.
|
|
|
|
Functie testata:
|
|
routes._valideaza_login_rar(settings, email, password, env)
|
|
|
|
Teste:
|
|
test_valideaza_pe_env_creds -- login pe env='prod' foloseste base_url prod (nu test)
|
|
test_mesaj_distinge_env -- esec pe test vs prod produce mesaje diferite
|
|
"""
|
|
|
|
from __future__ import annotations
|
|
|
|
import os
|
|
import tempfile
|
|
|
|
import pytest
|
|
|
|
from app.rar_client import RarAuthError
|
|
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# Fixture izolat
|
|
# ---------------------------------------------------------------------------
|
|
|
|
|
|
@pytest.fixture()
|
|
def env_db(monkeypatch):
|
|
"""DB temporara + settings curate. Numele 'env_db' evita coliziunea cu parametrul
|
|
'env' folosit in testele de mai jos ca string ('test'/'prod')."""
|
|
tmp = tempfile.mkdtemp()
|
|
monkeypatch.setenv("AUTOPASS_DB_PATH", os.path.join(tmp, "t.db"))
|
|
monkeypatch.setenv("AUTOPASS_SEED_OPERATII_ENABLED", "false")
|
|
from app.config import get_settings
|
|
|
|
get_settings.cache_clear()
|
|
from app.db import init_db
|
|
|
|
init_db()
|
|
yield
|
|
get_settings.cache_clear()
|
|
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# Stub-uri RarClient
|
|
# ---------------------------------------------------------------------------
|
|
|
|
|
|
class _RarClientSpy:
|
|
"""Inregistreaza base_url-ul cu care a fost construit si simuleaza login reusit."""
|
|
|
|
captured: dict = {}
|
|
|
|
def __init__(self, settings=None, *, base_url=None):
|
|
_RarClientSpy.captured["base_url"] = base_url
|
|
|
|
def login(self, email, password):
|
|
return "TOKEN-SPY"
|
|
|
|
def __enter__(self):
|
|
return self
|
|
|
|
def __exit__(self, *args):
|
|
pass
|
|
|
|
def close(self):
|
|
pass
|
|
|
|
|
|
class _RarClientFail:
|
|
"""Simuleaza login esuat (RarAuthError 401) indiferent de env."""
|
|
|
|
def __init__(self, settings=None, *, base_url=None):
|
|
pass
|
|
|
|
def login(self, email, password):
|
|
raise RarAuthError("Credentiale RAR invalide", status_code=401)
|
|
|
|
def __enter__(self):
|
|
return self
|
|
|
|
def __exit__(self, *args):
|
|
pass
|
|
|
|
def close(self):
|
|
pass
|
|
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# Teste
|
|
# ---------------------------------------------------------------------------
|
|
|
|
|
|
def test_valideaza_pe_env_creds(env_db, monkeypatch):
|
|
"""Cand validezi creds pentru env='prod', clientul de login e creat cu base_url-ul prod.
|
|
|
|
US-007 AC: 'validarea foloseste env-ul setului de creds verificat'.
|
|
Premisa: creds prod nu se valideaza pe RAR test (401 incrucisat), deci
|
|
clientul TREBUIE sa foloseasca base_url-ul prod, nu cel de test.
|
|
"""
|
|
import app.web.routes as routes_mod
|
|
from app.config import get_settings
|
|
|
|
_RarClientSpy.captured = {}
|
|
monkeypatch.setattr(routes_mod, "RarClient", _RarClientSpy)
|
|
|
|
settings = get_settings()
|
|
ok, mesaj = routes_mod._valideaza_login_rar(settings, "a@b.ro", "parola", "prod")
|
|
|
|
assert ok is True, f"Login simulat trebuia sa reuseasca: mesaj={mesaj!r}"
|
|
assert mesaj is None
|
|
|
|
base_url_folosit = _RarClientSpy.captured.get("base_url")
|
|
assert base_url_folosit == settings.rar_base_url_prod, (
|
|
f"Clientul trebuia construit cu rar_base_url_prod={settings.rar_base_url_prod!r},"
|
|
f" dar a primit base_url={base_url_folosit!r}"
|
|
)
|
|
assert base_url_folosit != settings.rar_base_url_test, (
|
|
"Clientul nu trebuia sa foloseasca base_url-ul de TEST la validarea creds PROD"
|
|
)
|
|
|
|
|
|
def test_valideaza_pe_env_creds_test(env_db, monkeypatch):
|
|
"""Cand validezi creds pentru env='test', clientul de login e creat cu base_url-ul test."""
|
|
import app.web.routes as routes_mod
|
|
from app.config import get_settings
|
|
|
|
_RarClientSpy.captured = {}
|
|
monkeypatch.setattr(routes_mod, "RarClient", _RarClientSpy)
|
|
|
|
settings = get_settings()
|
|
ok, mesaj = routes_mod._valideaza_login_rar(settings, "a@b.ro", "parola", "test")
|
|
|
|
assert ok is True
|
|
base_url_folosit = _RarClientSpy.captured.get("base_url")
|
|
assert base_url_folosit == settings.rar_base_url_test, (
|
|
f"Clientul trebuia construit cu rar_base_url_test={settings.rar_base_url_test!r},"
|
|
f" dar a primit base_url={base_url_folosit!r}"
|
|
)
|
|
assert base_url_folosit != settings.rar_base_url_prod
|
|
|
|
|
|
def test_mesaj_distinge_env(env_db, monkeypatch):
|
|
"""La esec de login pe test vs prod, mesajul difera ('TESTARE' vs 'PRODUCTIE').
|
|
|
|
US-007 AC: 'mesaj distinct creds invalide pe TESTARE vs pe PRODUCTIE'.
|
|
Design F6/F7: banner-ul de eroare indica pe ce mediu a esuat login-ul.
|
|
"""
|
|
import app.web.routes as routes_mod
|
|
from app.config import get_settings
|
|
|
|
monkeypatch.setattr(routes_mod, "RarClient", _RarClientFail)
|
|
|
|
settings = get_settings()
|
|
|
|
ok_test, msg_test = routes_mod._valideaza_login_rar(settings, "a@b.ro", "parola", "test")
|
|
ok_prod, msg_prod = routes_mod._valideaza_login_rar(settings, "a@b.ro", "parola", "prod")
|
|
|
|
assert ok_test is False, "Esecul la test trebuia sa returneze ok=False"
|
|
assert ok_prod is False, "Esecul la prod trebuia sa returneze ok=False"
|
|
|
|
assert msg_test is not None and "TESTARE" in msg_test, (
|
|
f"Mesajul la esec pe test trebuia sa contina 'TESTARE': {msg_test!r}"
|
|
)
|
|
assert msg_prod is not None and "PRODUCTIE" in msg_prod, (
|
|
f"Mesajul la esec pe prod trebuia sa contina 'PRODUCTIE': {msg_prod!r}"
|
|
)
|
|
# Cross-check: etichetele nu se amesteca
|
|
assert "PRODUCTIE" not in (msg_test or ""), (
|
|
f"Mesajul esec test nu trebuia sa mentioneze PRODUCTIE: {msg_test!r}"
|
|
)
|
|
assert "TESTARE" not in (msg_prod or ""), (
|
|
f"Mesajul esec prod nu trebuia sa mentioneze TESTARE: {msg_prod!r}"
|
|
)
|