c842e3352a
Implementeaza PRD 5.6 complet (14 stories, TDD). Doua axe:
Lifecycle trimiteri blocate (Val A):
- submissions_admin.py: sterge/repune scoped (404 cross-account inaintea lui 409 stare)
- reactivare dedup peste `error` cu CAS (WHERE id=? AND status='error'), creds noi in
submissions + accounts.rar_creds_enc; worker invalideaza sesiunea RAR la creds proaspete
(JWT 30h vechi nu mai trimite cu parola gresita); camp aditiv `reactivated:true`
- retentie randuri blocate 30z; purge_expired exclude queued/sending; purge_after curatat
la reactivare/requeue
- API DELETE /v1/prezentari/{id} + /repune (200+JSON); UI butoane + bulk + banner actionabil
Observabilitate:
- app/observ.py log_event: dublu canal app_events (DB) + RotatingFileHandler per-proces,
redactare creds/PII la scriere (redact_pii/vin_partial)
- request_id middleware + X-Request-ID pe toate raspunsurile
- handler global excepții -> 500 envelope 6-chei + request_id (traceback doar in jurnal)
- audit cerere API (api_prezentari/api_auth_esuat) + audit worker (rar_login/tranzitii)
- tab "Jurnal" filtrabil scoped (non-admin doar contul sau); retentie jurnal 90z
- rar_error expus in GET /v1/prezentari/{id} (recovery observabil)
pytest -q: 741 passed, 0 failed. Docs: PRD raport VERIFY, contract endpointuri noi, ROADMAP.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
73 lines
2.2 KiB
Python
73 lines
2.2 KiB
Python
"""Teste US-004 (PRD 5.6): audit cerere API per cont in jurnal."""
|
|
|
|
from __future__ import annotations
|
|
|
|
import os
|
|
import tempfile
|
|
|
|
import pytest
|
|
from fastapi.testclient import TestClient
|
|
|
|
|
|
@pytest.fixture()
|
|
def client(monkeypatch):
|
|
tmp = tempfile.mkdtemp()
|
|
monkeypatch.setenv("AUTOPASS_DB_PATH", os.path.join(tmp, "audit.db"))
|
|
monkeypatch.setenv("AUTOPASS_LOG_DIR", os.path.join(tmp, "logs"))
|
|
monkeypatch.setenv("AUTOPASS_REQUIRE_API_KEY", "false")
|
|
from app.config import get_settings
|
|
get_settings.cache_clear()
|
|
from app.main import app
|
|
with TestClient(app) as c:
|
|
yield c
|
|
get_settings.cache_clear()
|
|
|
|
|
|
def _body(**over):
|
|
prez = {"vin": "WVWZZZ1KZAW000123", "nr_inmatriculare": "B999TST",
|
|
"data_prestatie": "2026-06-15", "odometru_final": "123456",
|
|
"prestatii": [{"cod_prestatie": "OE-1"}]}
|
|
prez.update(over)
|
|
return {"rar_credentials": {"email": "x@y.ro", "password": "secretaPP"}, "prezentari": [prez]}
|
|
|
|
|
|
def _events(tip):
|
|
from app.db import get_connection
|
|
conn = get_connection()
|
|
try:
|
|
return conn.execute("SELECT * FROM app_events WHERE tip=?", (tip,)).fetchall()
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def test_post_prezentari_logheaza_eveniment_cont(client):
|
|
r = client.post("/v1/prezentari", json=_body())
|
|
assert r.status_code == 200
|
|
rows = _events("api_prezentari")
|
|
assert len(rows) == 1
|
|
assert rows[0]["account_id"] == 1
|
|
|
|
|
|
def test_eveniment_contine_status_si_count_fara_pii(client):
|
|
client.post("/v1/prezentari", json=_body())
|
|
rows = _events("api_prezentari")
|
|
ctx = rows[0]["context_json"]
|
|
assert "distributie" in ctx
|
|
assert "queued" in ctx
|
|
assert "count" in ctx
|
|
# NICIUN PII integral (parola / VIN integral)
|
|
assert "secretaPP" not in ctx
|
|
assert "WVWZZZ1KZAW000123" not in ctx
|
|
|
|
|
|
def test_401_logat_ca_auth_esuat(client):
|
|
# cheie prezenta dar invalida -> 401 (indiferent de flag)
|
|
r = client.post("/v1/prezentari", json=_body(), headers={"X-API-Key": "rfak_invalidakey123"})
|
|
assert r.status_code == 401
|
|
rows = _events("api_auth_esuat")
|
|
assert len(rows) == 1
|
|
ctx = rows[0]["context_json"]
|
|
# prefix cheie, NU cheia intreaga
|
|
assert "rfak_inv" in ctx
|
|
assert "rfak_invalidakey123" not in ctx
|