romfast/rar-autopass
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c05fa00007a759da084c10d9cda42c2542641d6d
rar-autopass/tests/test_jurnal_redactare.py
Claude Agent c842e3352a feat(5.6): observabilitate + jurnal aplicatie + lifecycle trimiteri blocate 
Implementeaza PRD 5.6 complet (14 stories, TDD). Doua axe:

Lifecycle trimiteri blocate (Val A):
- submissions_admin.py: sterge/repune scoped (404 cross-account inaintea lui 409 stare)
- reactivare dedup peste `error` cu CAS (WHERE id=? AND status='error'), creds noi in
  submissions + accounts.rar_creds_enc; worker invalideaza sesiunea RAR la creds proaspete
  (JWT 30h vechi nu mai trimite cu parola gresita); camp aditiv `reactivated:true`
- retentie randuri blocate 30z; purge_expired exclude queued/sending; purge_after curatat
  la reactivare/requeue
- API DELETE /v1/prezentari/{id} + /repune (200+JSON); UI butoane + bulk + banner actionabil

Observabilitate:
- app/observ.py log_event: dublu canal app_events (DB) + RotatingFileHandler per-proces,
  redactare creds/PII la scriere (redact_pii/vin_partial)
- request_id middleware + X-Request-ID pe toate raspunsurile
- handler global excepții -> 500 envelope 6-chei + request_id (traceback doar in jurnal)
- audit cerere API (api_prezentari/api_auth_esuat) + audit worker (rar_login/tranzitii)
- tab "Jurnal" filtrabil scoped (non-admin doar contul sau); retentie jurnal 90z
- rar_error expus in GET /v1/prezentari/{id} (recovery observabil)

pytest -q: 741 passed, 0 failed. Docs: PRD raport VERIFY, contract endpointuri noi, ROADMAP.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-23 18:45:39 +00:00

78 lines
2.5 KiB
Python
Raw Blame History

"""Teste US-007 (PRD 5.6): gard de redactare PII/parole in jurnal (L.142/GDPR)."""
from __future__ import annotations
import os
import tempfile
import pytest
@pytest.fixture()
def env(monkeypatch):
tmp = tempfile.mkdtemp()
monkeypatch.setenv("AUTOPASS_DB_PATH", os.path.join(tmp, "red.db"))
monkeypatch.setenv("AUTOPASS_LOG_DIR", os.path.join(tmp, "logs"))
from app.config import get_settings
get_settings.cache_clear()
from app.db import init_db
init_db()
yield tmp
get_settings.cache_clear()
def _all_events_text():
from app.db import get_connection
conn = get_connection()
try:
rows = conn.execute("SELECT mesaj, context_json FROM app_events").fetchall()
finally:
conn.close()
return "\n".join((r["mesaj"] or "") + " " + (r["context_json"] or "") for r in rows)
def test_vin_logat_partial():
from app.security import vin_partial
assert vin_partial("WVWZZZ1KZAW000123") == "WVW…0123"
assert "WVWZZZ1KZAW000123" not in vin_partial("WVWZZZ1KZAW000123")
assert vin_partial("") == ""
assert vin_partial("AB") == ""
def test_parola_niciodata_in_app_events(env):
from app import observ
observ.log_event(
"test_creds",
account_id=1,
mesaj='login cu password="parolaABC" si token=eyJsecret',
context={"rar_credentials": {"email": "a@b.ro", "password": "parolaABC"},
"password": "parolaABC", "token": "eyJsecret"},
)
blob = _all_events_text()
assert "parolaABC" not in blob
assert "eyJsecret" not in blob
assert "***REDACTED***" in blob
def test_payload_integral_nu_se_logheaza(env):
"""Un VIN integral pus in context se reduce la partial (nu se logheaza intreg)."""
from app import observ
observ.log_event("test_vin", context={"vin": "WVWZZZ1KZAW000123", "nr_inmatriculare": "B123ABC"})
blob = _all_events_text()
assert "WVWZZZ1KZAW000123" not in blob
assert "0123" in blob # partial pastrat
def test_fuzz_chei_sensibile_mascate(env):
"""Orice cheie sensibila in context -> mascata, oricat de adanc."""
from app import observ
observ.log_event("fuzz", context={
"nivel1": {"secret": "AAA", "pwd": "BBB", "ok": "vizibil"},
"lista": [{"jwt": "CCC"}, {"apikey": "DDD"}],
"authorization": "Bearer eyJxyz",
})
blob = _all_events_text()
for leak in ("AAA", "BBB", "CCC", "DDD", "eyJxyz"):
assert leak not in blob, f"scurgere: {leak}"
assert "vizibil" in blob # campurile benigne raman
Reference in New Issue View Git Blame Copy Permalink