Files
gaokao-volunteer-system/admin/tests/test_order_deletion.py
Hermes Agent 65422b53b2 feat(admin): 后台 routes + tests 多项增量改进
- routes: cases/orders/stats/ui/web_public 同步字段扩展
- stats.py: 统计聚合逻辑增强
- 14 个测试文件同步更新断言

dev-verify 1279 passed / ruff / mypy 全绿
2026-06-25 09:27:06 +08:00

423 lines
14 KiB
Python

from __future__ import annotations
from datetime import datetime, timedelta, timezone
from pathlib import Path
from data.notifications.email_service import DeliveryNotificationService
from data.orders.dao import OrderNotFound, OrdersDAO
from data.orders.deletion_service import OrderDeletionService
from data.orders.intake_store import IntakeStore
from data.orders.models import Order
from data.payments.service import PaymentService
def _seed_order(db_path: str, order_id: str = "GKO-20260614-DELETE") -> Order:
order = Order(
id=order_id,
source="web",
service_version="standard",
amount_cents=9900,
status="pending",
customer_name="张家长",
customer_phone="13800138000",
customer_wechat="wx-parent-01",
customer_email="parent@example.com",
candidate_name="张三",
candidate_province="湖南",
notes="需要删除的测试订单",
)
with OrdersDAO.connect(db_path) as dao:
return dao.create(order, actor="test", reason="seed")
def _mark_paid(settings, order) -> None:
service = PaymentService.for_db(
settings.orders_db_path,
base_url=settings.payment_base_url,
webhook_secret=settings.payment_webhook_secret,
)
checkout = service.create_checkout(order.id, portal_token="portal-token")
payload, headers = service.provider.build_webhook_request(
payment_id=checkout.payment_id,
amount_cents=order.amount_cents,
provider_trade_no=f"MOCK-{order.id}",
)
service.handle_webhook(payload, headers["X-Mock-Signature"])
def _expire_retention_window(db_path: str, order_id: str, days: int = 200) -> None:
"""把订单的 status_updated_at 拨到 N 天前, 让保留期门禁放行。
真实 180 天窗口太慢, 测试场景需要可重现的"已过保留期"状态。
"""
backdated = (
(datetime.now(timezone.utc) - timedelta(days=days))
.replace(microsecond=0)
.isoformat()
)
with OrdersDAO.connect(db_path) as dao:
dao.conn.execute(
"UPDATE orders SET status_updated_at=? WHERE id=?",
(backdated, order_id),
)
dao.conn.commit()
def _prepare_order_with_artifacts(
settings, tmp_path: Path, order_id: str
) -> tuple[Path, Path]:
report_root = Path(settings.share_report_dir)
report_root.mkdir(parents=True, exist_ok=True)
report_path = report_root / f"{order_id}-report.html"
pdf_path = report_root / f"{order_id}-report.pdf"
report_path.write_text("<h1>report</h1>", encoding="utf-8")
pdf_path.write_bytes(b"%PDF-1.4\ndelete\n")
with OrdersDAO.connect(settings.orders_db_path) as dao:
dao.update(
order_id,
{"audit_report": str(report_path), "pdf_path": str(pdf_path)},
actor="test",
reason="attach_report",
)
dao.transition_status(order_id, "serving", actor="test", reason="processing")
dao.transition_status(
order_id, "delivered", actor="test", reason="report_ready"
)
return report_path, pdf_path
def _prepare_portal_attachment(settings, order_id: str) -> Path:
upload_dir = Path(settings.portal_upload_dir) / order_id
upload_dir.mkdir(parents=True, exist_ok=True)
attachment = upload_dir / "score-sheet.pdf"
attachment.write_bytes(b"%PDF-1.4\nportal-upload\n")
IntakeStore.for_db(settings.orders_db_path).save(
order_id=order_id,
payload={
"candidate_score": 578,
"attachments": [
{
"original_name": "score-sheet.pdf",
"stored_name": "score-sheet.pdf",
"content_type": "application/pdf",
"size_bytes": attachment.stat().st_size,
"storage_path": str(attachment),
"kind": "portal_attachment",
}
],
},
submit=True,
)
return attachment
def test_admin_delete_order_removes_artifacts_and_related_records(
client, auth_headers, settings, tmp_path
):
order = _seed_order(settings.orders_db_path)
_mark_paid(settings, order)
attachment = _prepare_portal_attachment(settings, order.id)
report_path, pdf_path = _prepare_order_with_artifacts(settings, tmp_path, order.id)
_expire_retention_window(settings.orders_db_path, order.id)
notification_service = DeliveryNotificationService.for_db(settings.orders_db_path)
try:
events = notification_service.list_events(order.id)
assert {event.channel for event in events} == {"station", "email"}
finally:
notification_service.close()
resp = client.delete(
f"/api/orders/{order.id}?mode=delete&reason=user_request",
headers=auth_headers,
)
assert resp.status_code == 200, resp.text
body = resp.json()
assert body["action"] == "deleted"
assert body["order_id"] == order.id
assert body["files_deleted"] == 3
assert not report_path.exists()
assert not pdf_path.exists()
assert not attachment.exists()
assert not attachment.parent.exists()
with OrdersDAO.connect(settings.orders_db_path) as dao:
try:
dao.get(order.id)
except OrderNotFound:
pass
else:
raise AssertionError("order should be deleted")
notification_service = DeliveryNotificationService.for_db(settings.orders_db_path)
try:
assert notification_service.list_events(order.id) == []
finally:
notification_service.close()
deletion_service = OrderDeletionService.for_db(settings.orders_db_path)
try:
assert deletion_service.audit_count(order.id) == 1
finally:
deletion_service.close()
def test_admin_anonymize_order_masks_pii_but_keeps_order(
client, auth_headers, settings
):
order = _seed_order(settings.orders_db_path, order_id="GKO-20260614-ANON")
_mark_paid(settings, order)
_expire_retention_window(settings.orders_db_path, order.id)
IntakeStore.for_db(settings.orders_db_path).save(
order_id=order.id,
payload={"candidate_score": 578, "guardian_notes": "contains pii"},
submit=True,
)
resp = client.delete(
f"/api/orders/{order.id}?mode=anonymize&reason=retention_expired",
headers=auth_headers,
)
assert resp.status_code == 200, resp.text
body = resp.json()
assert body["action"] == "anonymized"
assert body["order_id"] == order.id
with OrdersDAO.connect(settings.orders_db_path) as dao:
anonymized = dao.get(order.id)
assert anonymized.customer_name == "已匿名化"
assert anonymized.customer_phone is None
assert anonymized.customer_wechat is None
assert anonymized.customer_email is None
assert anonymized.candidate_name == "匿名考生"
assert anonymized.notes == "[ANONYMIZED] retention_expired"
intake_store = IntakeStore.for_db(settings.orders_db_path)
try:
intake = intake_store.get(order.id)
finally:
intake_store.close()
assert intake is not None
assert intake.payload == {}
payment_service = PaymentService.for_db(
settings.orders_db_path,
base_url=settings.payment_base_url,
webhook_secret=settings.payment_webhook_secret,
)
payment = payment_service.get_payment_by_order(order.id)
assert payment is not None
assert payment.callback_payload is None
assert payment.checkout_token is None
deletion_service = OrderDeletionService.for_db(settings.orders_db_path)
try:
assert deletion_service.audit_count(order.id) == 1
finally:
deletion_service.close()
def test_admin_anonymize_order_removes_portal_attachments(
client, auth_headers, settings
):
order = _seed_order(settings.orders_db_path, order_id="GKO-20260614-ANON-FILE")
_mark_paid(settings, order)
_expire_retention_window(settings.orders_db_path, order.id)
attachment = _prepare_portal_attachment(settings, order.id)
resp = client.delete(
f"/api/orders/{order.id}?mode=anonymize&reason=retention_expired",
headers=auth_headers,
)
assert resp.status_code == 200, resp.text
body = resp.json()
assert body["action"] == "anonymized"
assert body["files_deleted"] == 1
assert not attachment.exists()
assert not attachment.parent.exists()
intake_store = IntakeStore.for_db(settings.orders_db_path)
try:
intake = intake_store.get(order.id)
finally:
intake_store.close()
assert intake is not None
assert intake.payload == {}
def test_admin_anonymize_order_skips_untrusted_attachment_paths(
client, auth_headers, settings, tmp_path
):
order = _seed_order(settings.orders_db_path, order_id="GKO-20260623-ANON-TRUST")
_mark_paid(settings, order)
_expire_retention_window(settings.orders_db_path, order.id)
sentinel = tmp_path / "outside.txt"
sentinel.write_text("keep-me", encoding="utf-8")
IntakeStore.for_db(settings.orders_db_path).save(
order_id=order.id,
payload={
"attachments": [
{
"original_name": "outside.txt",
"stored_name": "outside.txt",
"content_type": "text/plain",
"size_bytes": sentinel.stat().st_size,
"storage_path": str(sentinel),
"kind": "portal_attachment",
}
]
},
submit=True,
)
resp = client.delete(
f"/api/orders/{order.id}?mode=anonymize&reason=retention_expired",
headers=auth_headers,
)
assert resp.status_code == 200, resp.text
body = resp.json()
assert body["action"] == "anonymized"
assert body["files_deleted"] == 0
assert sentinel.exists()
def test_admin_delete_order_skips_untrusted_report_artifacts(
client, auth_headers, settings, tmp_path
):
order = _seed_order(settings.orders_db_path, order_id="GKO-20260623-DEL-TRUST")
_mark_paid(settings, order)
_expire_retention_window(settings.orders_db_path, order.id)
sentinel = tmp_path / "outside-report.html"
sentinel.write_text("keep-me", encoding="utf-8")
with OrdersDAO.connect(settings.orders_db_path) as dao:
dao.update(
order.id,
{"audit_report": str(sentinel), "pdf_path": None},
actor="test",
reason="seed_untrusted_artifact",
)
resp = client.delete(
f"/api/orders/{order.id}?mode=delete&reason=user_request",
headers=auth_headers,
)
assert resp.status_code == 200, resp.text
body = resp.json()
assert body["action"] == "deleted"
assert body["files_deleted"] == 0
assert sentinel.exists()
def test_admin_anonymize_order_scrubs_delivery_notifications_payload(
client, auth_headers, settings
):
order = _seed_order(settings.orders_db_path, order_id="GKO-20260618-ANON-NOTIFY")
_mark_paid(settings, order)
_expire_retention_window(settings.orders_db_path, order.id)
notification_service = DeliveryNotificationService.for_db(settings.orders_db_path)
try:
notification_service.notify_event(
order.id,
event_type="report_ready",
channel="station",
payload_json='{"customer_email":"parent@example.com","report_path":"/tmp/report.pdf"}',
)
notification_service.mark_delivered(
order.id,
channel="station",
payload_json='{"customer_email":"parent@example.com","report_path":"/tmp/report.pdf"}',
)
finally:
notification_service.close()
resp = client.delete(
f"/api/orders/{order.id}?mode=anonymize&reason=retention_expired",
headers=auth_headers,
)
assert resp.status_code == 200, resp.text
notification_service = DeliveryNotificationService.for_db(settings.orders_db_path)
try:
events = notification_service.list_events(order.id)
finally:
notification_service.close()
assert len(events) == 1
assert events[0].payload_json == "{}"
def test_admin_delete_rejected_within_retention_window(client, auth_headers, settings):
"""RED: 刚 paid 的订单未过 180 天保留期, 删除必须被业务错误拒绝。
锁住 docs/DATA_RETENTION_AND_DELETION.md §2 的"服务完成后 180 天"口径,
防止管理员对仍处于保留期内的订单直接 delete / anonymize。
"""
order = _seed_order(settings.orders_db_path, order_id="GKO-20260619-RETN-DEL")
_mark_paid(settings, order)
resp = client.delete(
f"/api/orders/{order.id}?mode=delete&reason=user_request",
headers=auth_headers,
)
assert resp.status_code == 409, resp.text
body = resp.json()
assert body["code"] == "E02002"
assert "保留期" in body["message"]
# 订单仍存在, 没被删
with OrdersDAO.connect(settings.orders_db_path) as dao:
assert dao.get(order.id).id == order.id
def test_admin_anonymize_rejected_within_retention_window(
client, auth_headers, settings
):
"""RED: 匿名化同样要走保留期门禁。"""
order = _seed_order(settings.orders_db_path, order_id="GKO-20260619-RETN-ANO")
_mark_paid(settings, order)
resp = client.delete(
f"/api/orders/{order.id}?mode=anonymize&reason=retention_expired",
headers=auth_headers,
)
assert resp.status_code == 409, resp.text
body = resp.json()
assert body["code"] == "E02002"
# 关键字段未被清空, 证明没执行 anonymize 路径
with OrdersDAO.connect(settings.orders_db_path) as dao:
kept = dao.get(order.id)
assert kept.customer_name != "已匿名化"
assert kept.customer_wechat == "wx-parent-01"
def test_admin_delete_allowed_after_retention_window(client, auth_headers, settings):
"""GREEN 期望: 把 status_updated_at 拨到 181 天前, 删除可成功。"""
order = _seed_order(settings.orders_db_path, order_id="GKO-20260619-RETN-OK")
_mark_paid(settings, order)
with OrdersDAO.connect(settings.orders_db_path) as dao:
backdated = (
(datetime.now(timezone.utc) - timedelta(days=181))
.replace(microsecond=0)
.isoformat()
)
dao.conn.execute(
"UPDATE orders SET status_updated_at=? WHERE id=?",
(backdated, order.id),
)
dao.conn.commit()
resp = client.delete(
f"/api/orders/{order.id}?mode=delete&reason=retention_expired",
headers=auth_headers,
)
assert resp.status_code == 200, resp.text
body = resp.json()
assert body["action"] == "deleted"
assert body["order_id"] == order.id