bstein-dev-home/backend/tests/test_access_request_status.py

from __future__ import annotations

from contextlib import contextmanager
from datetime import datetime, timezone
from types import SimpleNamespace
from typing import Any

from flask import Flask, jsonify

from atlas_portal.routes.access_request_status import register_access_request_status


class DummyResult:
    def __init__(self, row: dict[str, Any] | None = None, rows: list[dict[str, Any]] | None = None) -> None:
        self.row = row
        self.rows = rows or []

    def fetchone(self) -> dict[str, Any] | None:
        return self.row

    def fetchall(self) -> list[dict[str, Any]]:
        return self.rows


class DummyConn:
    def __init__(
        self,
        *,
        rows_by_query: dict[str, dict[str, Any] | None] | None = None,
        many_by_query: dict[str, list[dict[str, Any]]] | None = None,
    ) -> None:
        self.rows_by_query = rows_by_query or {}
        self.many_by_query = many_by_query or {}
        self.executed: list[tuple[str, object | None]] = []

    def execute(self, query: str, params: object | None = None) -> DummyResult:
        self.executed.append((query, params))
        for key, rows in self.many_by_query.items():
            if key in query:
                return DummyResult(rows=rows)
        for key, row in self.rows_by_query.items():
            if key in query:
                return DummyResult(row=row)
        return DummyResult()


class DummyAriadne:
    def __init__(self, *, enabled: bool = False) -> None:
        self._enabled = enabled
        self.proxy_calls: list[tuple[str, str, object | None]] = []

    def enabled(self) -> bool:
        return self._enabled

    def proxy(self, method: str, path: str, payload: object | None = None):
        self.proxy_calls.append((method, path, payload))
        return jsonify({"proxied": True, "method": method, "path": path, "payload": payload})


class DummyDeps:
    def __init__(self, conn: DummyConn | None = None) -> None:
        self.settings = SimpleNamespace(
            ACCESS_REQUEST_ENABLED=True,
            ACCESS_REQUEST_STATUS_RATE_LIMIT=5,
            ACCESS_REQUEST_STATUS_RATE_WINDOW_SEC=60,
        )
        self.conn = conn or DummyConn()
        self.ariadne_client = DummyAriadne()
        self.rate_limit_results: list[bool] = []
        self.provisioned: list[str] = []
        self.fail_connect = False
        self.fail_provision = False
        self.configured_value = True

    def configured(self) -> bool:
        return self.configured_value

    def _client_ip(self) -> str:
        return "203.0.113.20"

    def rate_limit_allow(self, *args, **kwargs) -> bool:
        if self.rate_limit_results:
            return self.rate_limit_results.pop(0)
        return True

    @contextmanager
    def connect(self):
        if self.fail_connect:
            raise RuntimeError("database offline")
        yield self.conn

    def _normalize_status(self, status: str) -> str:
        return "accounts_building" if status == "approved" else (status or "unknown")

    def _advance_status(self, conn: DummyConn, code: str, username: str, status: str) -> str:
        return self._normalize_status(status)

    def provision_access_request(self, code: str) -> None:
        self.provisioned.append(code)
        if self.fail_provision:
            raise RuntimeError("provision failed")

    def provision_tasks_complete(self, conn: DummyConn, code: str) -> bool:
        return True

    def _onboarding_payload(self, conn: DummyConn, code: str, username: str) -> dict[str, str]:
        return {"code": code, "username": username}


def make_client(deps: DummyDeps):
    app = Flask(__name__)
    register_access_request_status(app, deps)
    return app.test_client()


def test_status_preflight_and_rate_limit_paths() -> None:
    deps = DummyDeps()
    client = make_client(deps)

    deps.settings.ACCESS_REQUEST_ENABLED = False
    assert client.post("/api/access/request/status", json={"request_code": "code"}).status_code == 503
    deps.settings.ACCESS_REQUEST_ENABLED = True

    deps.configured_value = False
    assert client.post("/api/access/request/status", json={"request_code": "code"}).status_code == 503
    deps.configured_value = True

    deps.rate_limit_results = [False]
    assert client.post("/api/access/request/status", json={"request_code": "code"}).status_code == 429
    assert client.post("/api/access/request/status", json={}).status_code == 400

    deps.rate_limit_results = [True, False]
    assert client.post("/api/access/request/status", json={"request_code": "code"}).status_code == 429


def test_status_returns_tasks_onboarding_and_reveals_password() -> None:
    now = datetime(2026, 4, 20, tzinfo=timezone.utc)
    conn = DummyConn(
        rows_by_query={
            "SELECT status,": {
                "status": "awaiting_onboarding",
                "username": "alice",
                "initial_password": "temp-pass",
                "initial_password_revealed_at": now,
                "email_verified_at": now,
            }
        },
        many_by_query={
            "SELECT task, status, detail, updated_at": [
                {"task": "mail", "status": "error", "detail": "smtp failed", "updated_at": now},
                {"task": "apps", "status": "ok", "detail": "", "updated_at": "not-a-date"},
            ]
        },
    )
    deps = DummyDeps(conn)
    client = make_client(deps)

    response = client.post("/api/access/request/status", json={"request_code": "code", "reveal_initial_password": True})
    data = response.get_json()

    assert response.status_code == 200
    assert data["status"] == "awaiting_onboarding"
    assert data["email_verified"] is True
    assert data["blocked"] is True
    assert data["automation_complete"] is True
    assert data["tasks"][0]["detail"] == "smtp failed"
    assert data["tasks"][0]["updated_at"].startswith("2026-04-20T00:00:00")
    assert data["initial_password_revealed_at"].startswith("2026-04-20T00:00:00")
    assert "initial_password" not in data
    assert data["onboarding_url"] == "/onboarding?code=code"
    assert data["onboarding"] == {"code": "code", "username": "alice"}


def test_status_autoprovisions_and_handles_failure_paths() -> None:
    conn = DummyConn(rows_by_query={"SELECT status,": {"status": "approved", "username": "alice"}})
    deps = DummyDeps(conn)
    deps.fail_provision = True
    client = make_client(deps)

    response = client.post("/api/access/request/status", json={"request_code": "code", "reveal_password": True})
    assert response.status_code == 200
    assert deps.provisioned == ["code"]

    not_found = DummyDeps(DummyConn(rows_by_query={"SELECT status,": None}))
    assert make_client(not_found).post("/api/access/request/status", json={"request_code": "missing"}).status_code == 404

    broken = DummyDeps()
    broken.fail_connect = True
    assert make_client(broken).post("/api/access/request/status", json={"request_code": "code"}).status_code == 502


def test_retry_preflight_proxy_and_validation_paths() -> None:
    deps = DummyDeps()
    client = make_client(deps)

    deps.settings.ACCESS_REQUEST_ENABLED = False
    assert client.post("/api/access/request/retry", json={"request_code": "code"}).status_code == 503
    deps.settings.ACCESS_REQUEST_ENABLED = True

    deps.configured_value = False
    assert client.post("/api/access/request/retry", json={"request_code": "code"}).status_code == 503
    deps.configured_value = True

    deps.rate_limit_results = [False]
    assert client.post("/api/access/request/retry", json={"request_code": "code"}).status_code == 429
    assert client.post("/api/access/request/retry", json={}).status_code == 400

    deps.ariadne_client = DummyAriadne(enabled=True)
    response = client.post("/api/access/request/retry", json={"request_code": "code", "tasks": ["mail", "", 5]})
    assert response.status_code == 200
    assert deps.ariadne_client.proxy_calls == [
        ("POST", "/api/access/requests/code/retry", {"tasks": ["mail"]})
    ]


def test_retry_updates_failed_tasks_and_swallows_provision_errors() -> None:
    conn = DummyConn(rows_by_query={"SELECT status FROM access_requests": {"status": "accounts_building"}})
    deps = DummyDeps(conn)
    deps.fail_provision = True
    client = make_client(deps)

    response = client.post("/api/access/request/retry", json={"request_code": "code", "tasks": ["mail"]})
    data = response.get_json()

    assert response.status_code == 200
    assert data == {"ok": True, "status": "accounts_building"}
    assert any("task = ANY" in query for query, _ in conn.executed)

    no_tasks_conn = DummyConn(rows_by_query={"SELECT status FROM access_requests": {"status": "approved"}})
    no_tasks = DummyDeps(no_tasks_conn)
    assert make_client(no_tasks).post("/api/access/request/retry", json={"request_code": "code"}).status_code == 200
    assert any("WHERE request_code = %s AND status = 'error'" in query for query, _ in no_tasks_conn.executed)

    missing = DummyDeps(DummyConn(rows_by_query={"SELECT status FROM access_requests": None}))
    assert make_client(missing).post("/api/access/request/retry", json={"request_code": "missing"}).status_code == 404

    rejected = DummyDeps(DummyConn(rows_by_query={"SELECT status FROM access_requests": {"status": "ready"}}))
    assert make_client(rejected).post("/api/access/request/retry", json={"request_code": "code"}).status_code == 409

    broken = DummyDeps()
    broken.fail_connect = True
    assert make_client(broken).post("/api/access/request/retry", json={"request_code": "code"}).status_code == 502
test(bstein-home): cover access request status 2026-04-21 08:01:07 -03:00			`from __future__ import annotations`

			`from contextlib import contextmanager`
			`from datetime import datetime, timezone`
			`from types import SimpleNamespace`
			`from typing import Any`

			`from flask import Flask, jsonify`

			`from atlas_portal.routes.access_request_status import register_access_request_status`


			`class DummyResult:`
			`def __init__(self, row: dict[str, Any] \| None = None, rows: list[dict[str, Any]] \| None = None) -> None:`
			`self.row = row`
			`self.rows = rows or []`

			`def fetchone(self) -> dict[str, Any] \| None:`
			`return self.row`

			`def fetchall(self) -> list[dict[str, Any]]:`
			`return self.rows`


			`class DummyConn:`
			`def __init__(`
			`self,`
			`*,`
			`rows_by_query: dict[str, dict[str, Any] \| None] \| None = None,`
			`many_by_query: dict[str, list[dict[str, Any]]] \| None = None,`
			`) -> None:`
			`self.rows_by_query = rows_by_query or {}`
			`self.many_by_query = many_by_query or {}`
			`self.executed: list[tuple[str, object \| None]] = []`

			`def execute(self, query: str, params: object \| None = None) -> DummyResult:`
			`self.executed.append((query, params))`
			`for key, rows in self.many_by_query.items():`
			`if key in query:`
			`return DummyResult(rows=rows)`
			`for key, row in self.rows_by_query.items():`
			`if key in query:`
			`return DummyResult(row=row)`
			`return DummyResult()`


			`class DummyAriadne:`
			`def __init__(self, *, enabled: bool = False) -> None:`
			`self._enabled = enabled`
			`self.proxy_calls: list[tuple[str, str, object \| None]] = []`

			`def enabled(self) -> bool:`
			`return self._enabled`

			`def proxy(self, method: str, path: str, payload: object \| None = None):`
			`self.proxy_calls.append((method, path, payload))`
			`return jsonify({"proxied": True, "method": method, "path": path, "payload": payload})`


			`class DummyDeps:`
			`def __init__(self, conn: DummyConn \| None = None) -> None:`
			`self.settings = SimpleNamespace(`
			`ACCESS_REQUEST_ENABLED=True,`
			`ACCESS_REQUEST_STATUS_RATE_LIMIT=5,`
			`ACCESS_REQUEST_STATUS_RATE_WINDOW_SEC=60,`
			`)`
			`self.conn = conn or DummyConn()`
			`self.ariadne_client = DummyAriadne()`
			`self.rate_limit_results: list[bool] = []`
			`self.provisioned: list[str] = []`
			`self.fail_connect = False`
			`self.fail_provision = False`
			`self.configured_value = True`

			`def configured(self) -> bool:`
			`return self.configured_value`

			`def _client_ip(self) -> str:`
			`return "203.0.113.20"`

			`def rate_limit_allow(self, args, *kwargs) -> bool:`
			`if self.rate_limit_results:`
			`return self.rate_limit_results.pop(0)`
			`return True`

			`@contextmanager`
			`def connect(self):`
			`if self.fail_connect:`
			`raise RuntimeError("database offline")`
			`yield self.conn`

			`def _normalize_status(self, status: str) -> str:`
			`return "accounts_building" if status == "approved" else (status or "unknown")`

			`def _advance_status(self, conn: DummyConn, code: str, username: str, status: str) -> str:`
			`return self._normalize_status(status)`

			`def provision_access_request(self, code: str) -> None:`
			`self.provisioned.append(code)`
			`if self.fail_provision:`
			`raise RuntimeError("provision failed")`

			`def provision_tasks_complete(self, conn: DummyConn, code: str) -> bool:`
			`return True`

			`def _onboarding_payload(self, conn: DummyConn, code: str, username: str) -> dict[str, str]:`
			`return {"code": code, "username": username}`


			`def make_client(deps: DummyDeps):`
			`app = Flask(__name__)`
			`register_access_request_status(app, deps)`
			`return app.test_client()`


			`def test_status_preflight_and_rate_limit_paths() -> None:`
			`deps = DummyDeps()`
			`client = make_client(deps)`

			`deps.settings.ACCESS_REQUEST_ENABLED = False`
			`assert client.post("/api/access/request/status", json={"request_code": "code"}).status_code == 503`
			`deps.settings.ACCESS_REQUEST_ENABLED = True`

			`deps.configured_value = False`
			`assert client.post("/api/access/request/status", json={"request_code": "code"}).status_code == 503`
			`deps.configured_value = True`

			`deps.rate_limit_results = [False]`
			`assert client.post("/api/access/request/status", json={"request_code": "code"}).status_code == 429`
			`assert client.post("/api/access/request/status", json={}).status_code == 400`

			`deps.rate_limit_results = [True, False]`
			`assert client.post("/api/access/request/status", json={"request_code": "code"}).status_code == 429`


			`def test_status_returns_tasks_onboarding_and_reveals_password() -> None:`
			`now = datetime(2026, 4, 20, tzinfo=timezone.utc)`
			`conn = DummyConn(`
			`rows_by_query={`
			`"SELECT status,": {`
			`"status": "awaiting_onboarding",`
			`"username": "alice",`
			`"initial_password": "temp-pass",`
			`"initial_password_revealed_at": now,`
			`"email_verified_at": now,`
			`}`
			`},`
			`many_by_query={`
			`"SELECT task, status, detail, updated_at": [`
			`{"task": "mail", "status": "error", "detail": "smtp failed", "updated_at": now},`
			`{"task": "apps", "status": "ok", "detail": "", "updated_at": "not-a-date"},`
			`]`
			`},`
			`)`
			`deps = DummyDeps(conn)`
			`client = make_client(deps)`

			`response = client.post("/api/access/request/status", json={"request_code": "code", "reveal_initial_password": True})`
			`data = response.get_json()`

			`assert response.status_code == 200`
			`assert data["status"] == "awaiting_onboarding"`
			`assert data["email_verified"] is True`
			`assert data["blocked"] is True`
			`assert data["automation_complete"] is True`
			`assert data["tasks"][0]["detail"] == "smtp failed"`
			`assert data["tasks"][0]["updated_at"].startswith("2026-04-20T00:00:00")`
			`assert data["initial_password_revealed_at"].startswith("2026-04-20T00:00:00")`
			`assert "initial_password" not in data`
			`assert data["onboarding_url"] == "/onboarding?code=code"`
			`assert data["onboarding"] == {"code": "code", "username": "alice"}`


			`def test_status_autoprovisions_and_handles_failure_paths() -> None:`
			`conn = DummyConn(rows_by_query={"SELECT status,": {"status": "approved", "username": "alice"}})`
			`deps = DummyDeps(conn)`
			`deps.fail_provision = True`
			`client = make_client(deps)`

			`response = client.post("/api/access/request/status", json={"request_code": "code", "reveal_password": True})`
			`assert response.status_code == 200`
			`assert deps.provisioned == ["code"]`

			`not_found = DummyDeps(DummyConn(rows_by_query={"SELECT status,": None}))`
			`assert make_client(not_found).post("/api/access/request/status", json={"request_code": "missing"}).status_code == 404`

			`broken = DummyDeps()`
			`broken.fail_connect = True`
			`assert make_client(broken).post("/api/access/request/status", json={"request_code": "code"}).status_code == 502`


			`def test_retry_preflight_proxy_and_validation_paths() -> None:`
			`deps = DummyDeps()`
			`client = make_client(deps)`

			`deps.settings.ACCESS_REQUEST_ENABLED = False`
			`assert client.post("/api/access/request/retry", json={"request_code": "code"}).status_code == 503`
			`deps.settings.ACCESS_REQUEST_ENABLED = True`

			`deps.configured_value = False`
			`assert client.post("/api/access/request/retry", json={"request_code": "code"}).status_code == 503`
			`deps.configured_value = True`

			`deps.rate_limit_results = [False]`
			`assert client.post("/api/access/request/retry", json={"request_code": "code"}).status_code == 429`
			`assert client.post("/api/access/request/retry", json={}).status_code == 400`

			`deps.ariadne_client = DummyAriadne(enabled=True)`
			`response = client.post("/api/access/request/retry", json={"request_code": "code", "tasks": ["mail", "", 5]})`
			`assert response.status_code == 200`
			`assert deps.ariadne_client.proxy_calls == [`
			`("POST", "/api/access/requests/code/retry", {"tasks": ["mail"]})`
			`]`


			`def test_retry_updates_failed_tasks_and_swallows_provision_errors() -> None:`
			`conn = DummyConn(rows_by_query={"SELECT status FROM access_requests": {"status": "accounts_building"}})`
			`deps = DummyDeps(conn)`
			`deps.fail_provision = True`
			`client = make_client(deps)`

			`response = client.post("/api/access/request/retry", json={"request_code": "code", "tasks": ["mail"]})`
			`data = response.get_json()`

			`assert response.status_code == 200`
			`assert data == {"ok": True, "status": "accounts_building"}`
			`assert any("task = ANY" in query for query, _ in conn.executed)`

			`no_tasks_conn = DummyConn(rows_by_query={"SELECT status FROM access_requests": {"status": "approved"}})`
			`no_tasks = DummyDeps(no_tasks_conn)`
			`assert make_client(no_tasks).post("/api/access/request/retry", json={"request_code": "code"}).status_code == 200`
			`assert any("WHERE request_code = %s AND status = 'error'" in query for query, _ in no_tasks_conn.executed)`

			`missing = DummyDeps(DummyConn(rows_by_query={"SELECT status FROM access_requests": None}))`
			`assert make_client(missing).post("/api/access/request/retry", json={"request_code": "missing"}).status_code == 404`

			`rejected = DummyDeps(DummyConn(rows_by_query={"SELECT status FROM access_requests": {"status": "ready"}}))`
			`assert make_client(rejected).post("/api/access/request/retry", json={"request_code": "code"}).status_code == 409`

			`broken = DummyDeps()`
			`broken.fail_connect = True`
			`assert make_client(broken).post("/api/access/request/retry", json={"request_code": "code"}).status_code == 502`