rar-autopass/tests/test_web_submissions.py

"""Teste US-004 (PRD 3.5): "Coada" -> "Trimiteri" tabel lizibil + detaliu la click.

Coloane umane (RO), stare via labels (nu "sent" brut), vehicul/operatie/data din
payload, motiv uman. Detaliu scoped pe cont (404 cross-account).
"""

from __future__ import annotations

import json
import os
import re
import tempfile

import pytest
from starlette.testclient import TestClient


def _create_account_user(email: str, name: str = "Service", password: str = "parolasecreta10"):
    from app.accounts import create_account
    from app.users import create_user
    from app.db import get_connection

    conn = get_connection()
    try:
        acct_id = create_account(conn, name, active=True)
        create_user(conn, acct_id, email, password)
        return acct_id
    finally:
        conn.close()


def _login(client, email: str, password: str = "parolasecreta10") -> None:
    resp = client.get("/login")
    m = re.search(r'name="csrf_token"\s+value="([^"]+)"', resp.text) or \
        re.search(r'value="([^"]+)"\s+name="csrf_token"', resp.text)
    assert m
    resp = client.post("/login", data={"email": email, "parola": password, "csrf_token": m.group(1)})
    assert resp.status_code == 303


def _insert_submission(acct: int, status: str = "sent", *, payload: dict | None = None,
                       rar_error: str | None = None, id_prezentare=None) -> int:
    from app.db import get_connection
    conn = get_connection()
    try:
        p = payload if payload is not None else {
            "vin": "WVWZZZ1JZXW000777",
            "nr_inmatriculare": "B777ZZZ",
            "data_prestatie": "2026-06-18",
            "odometru_final": "55000",
            "prestatii": [{"cod_prestatie": "R-FRANE", "denumire": "Reparatie frane"}],
        }
        cur = conn.execute(
            "INSERT INTO submissions (idempotency_key, account_id, status, payload_json, rar_error, id_prezentare) "
            "VALUES (?, ?, ?, ?, ?, ?)",
            (f"k-{status}-{os.urandom(4).hex()}", acct, status, json.dumps(p), rar_error, id_prezentare),
        )
        conn.commit()
        return int(cur.lastrowid)
    finally:
        conn.close()


@pytest.fixture()
def client(monkeypatch):
    tmp = tempfile.mkdtemp()
    monkeypatch.setenv("AUTOPASS_DB_PATH", os.path.join(tmp, "subm.db"))
    monkeypatch.setenv("AUTOPASS_WEB_AUTH_REQUIRED", "true")
    from app.config import get_settings
    get_settings.cache_clear()
    from app.web import ratelimit
    ratelimit._hits.clear()
    from app.main import app
    with TestClient(app, follow_redirects=False) as c:
        yield c
    ratelimit._hits.clear()
    get_settings.cache_clear()


def test_submissions_coloane_umane(client):
    """Antete RO; stare umana (nu 'sent'); vehicul/operatie din payload; fara 'HTTP RAR' ca antet."""
    acct = _create_account_user("col@test.com")
    _insert_submission(acct, "sent", id_prezentare=68516)
    _login(client, "col@test.com")

    resp = client.get("/_fragments/submissions")
    assert resp.status_code == 200
    html = resp.text
    # Antete romanesti
    for antet in ("Stare", "Vehicul", "Operatie", "Data prestatie", "Nr. prezentare RAR", "Motiv"):
        assert antet in html, f"Lipseste antetul '{antet}'"
    # "HTTP RAR" NU mai e antet principal de coloana
    assert "<th>HTTP RAR</th>" not in html
    # Starea afisata e text uman, nu 'sent' brut intr-un pill
    assert ">sent<" not in html, "Starea bruta 'sent' nu ar trebui afisata"
    assert "Declarate la RAR" in html, "Starea umana lipseste"
    # Vehicul + operatie din payload, nu doar idPrezentare
    assert "B777ZZZ" in html
    assert "Reparatie frane" in html


def test_tab_eticheta_trimiteri(client):
    """Eticheta tab e 'Trimiteri' dar deep-link ?tab=coada ramane valid."""
    _create_account_user("et@test.com")
    _login(client, "et@test.com")
    resp = client.get("/?tab=coada")
    assert resp.status_code == 200
    assert "Trimiteri" in resp.text
    assert 'id="tab-coada"' in resp.text


def test_motiv_needs_data_afisat(client):
    """Pentru needs_data, coloana Motiv arata motivul (nu gol cand exista rar_error)."""
    acct = _create_account_user("motiv@test.com")
    _insert_submission(
        acct, "needs_data",
        rar_error=json.dumps([{"field": "odometru_final", "message": "lipsa odometru"}]),
    )
    _login(client, "motiv@test.com")
    resp = client.get("/_fragments/submissions")
    assert resp.status_code == 200
    assert "lipsa odometru" in resp.text


def test_detaliu_trimitere(client):
    """/_fragments/trimitere/{id} intoarce detaliul complet scoped pe cont."""
    acct = _create_account_user("det@test.com")
    sid = _insert_submission(acct, "sent", id_prezentare=99001)
    _login(client, "det@test.com")

    resp = client.get(f"/_fragments/trimitere/{sid}")
    assert resp.status_code == 200
    html = resp.text
    assert f"Detaliu trimitere #{sid}" in html
    assert "WVWZZZ1JZXW000777" in html  # VIN integral in detaliu
    assert "99001" in html  # nr prezentare RAR


def test_detaliu_trimitere_404_cross_account(client):
    """Detaliul altui cont -> 404 (fara leak)."""
    acct1 = _create_account_user("d1@test.com", name="C1")
    _create_account_user("d2@test.com", name="C2")
    sid1 = _insert_submission(acct1, "sent")

    _login(client, "d2@test.com")
    resp = client.get(f"/_fragments/trimitere/{sid1}")
    assert resp.status_code == 404
    # acelasi 404 pentru un id inexistent
    resp2 = client.get("/_fragments/trimitere/999999")
    assert resp2.status_code == 404