phase G: data minimisation + passwordless auth + DeepSeek-first LLM

Server no longer holds portfolios. Holdings live in the browser (localStorage); the server publishes an anonymous ticker_universe and a gzipped /api/universe payload identical for every authenticated user, so access patterns can't betray which tickers a user holds. AI commentary is generated ephemerally from the browser-supplied pie and the cost ledger row records no positions. Migrations 0009-0011 added the universe table and dropped positions / portfolio_snapshots / portfolios. Authentication is now e-mail OTP only. Migration 0010 dropped password_hash and email_verified (every active session is by construction proof of email control). The /signup endpoint is gone; signup and login share a single email-entry page. Email rendering is HTML+plain-text multipart with a shared brand palette (app/branding.py) asserted in sync with the CSS by a drift-detection test. LLM provider defaults to DeepSeek-direct (cheaper, api.deepseek.com) with OpenRouter as automatic fallback if DeepSeek fails. ai_log_job and indicator_summary_job now iterate the two tones (NOVICE, INTERMEDIATE) per cycle so the dashboard's tone toggle is instant; PROMPT_VERSION bumped to 6 with an educational anti-TA / anti-gambling stance baked into _CORE. NOVICE mode renders a curated glossary inline (CBOE VIX, yield curve, HY OAS, etc.) with JS-positioned tooltips that survive viewport edges and sticky bars. Model name and tokens hidden from the user UI; still recorded in StrategicLog.model and AICall for admin. Layout adds a sticky top nav, a sticky bottom markets bar (one chip per exchange with status LED + headline index + 1d change), and Phase H feedback reporting is queued in tasks/todo.md. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-18 14:16:57 +01:00 · 2026-05-18 14:16:57 +01:00 · 6e7f57c6b2
commit 6e7f57c6b2
parent 480fd311c5
54 changed files with 5005 additions and 916 deletions
--- a/tests/test_email_service.py
+++ b/tests/test_email_service.py
@ -0,0 +1,76 @@
+"""Tests for email rendering + dev fallback. SMTP submission itself isn't
+exercised here — covered by manual end-to-end test against real SMTP."""
+from __future__ import annotations
+
+import asyncio
+
+import pytest
+
+from app.services import email_service
+
+
+def test_render_otp_email_returns_three_parts():
+    subject, text, html = email_service.render_otp_email("123456", 15)
+    assert isinstance(subject, str) and isinstance(text, str) and isinstance(html, str)
+
+
+def test_render_otp_email_includes_code_and_ttl():
+    subject, text, html = email_service.render_otp_email("123456", 15)
+    assert "Cassandra" in subject
+    assert "123456" in subject       # subject embeds the code for inbox visibility
+    assert "123456" in text
+    assert "123456" in html
+    assert "15 minutes" in text
+    assert "15 minutes" in html
+
+
+def test_render_otp_email_plain_text_part_has_no_html():
+    """The plain-text alternative must remain plain — no markup leaking
+    in from the HTML template."""
+    _, text, _ = email_service.render_otp_email("000000", 15)
+    assert "<" not in text and ">" not in text
+
+
+def test_render_otp_email_html_is_well_formed_doctype():
+    _, _, html = email_service.render_otp_email("000000", 15)
+    assert html.lstrip().startswith("<!DOCTYPE html>")
+    assert "</html>" in html
+
+
+def test_render_otp_email_html_has_preheader_and_responsive_styles():
+    _, _, html = email_service.render_otp_email("000000", 15)
+    # Inbox preview snippet — must be present and contain the code.
+    assert "Your Cassandra sign-in code" in html
+    # Responsive + dark-mode media queries indicate cross-client robustness.
+    assert "prefers-color-scheme" in html
+    assert "@media (max-width" in html
+    # No external assets — emails should render with network off.
+    assert "http://" not in html
+    assert "https://" not in html
+
+
+def test_send_email_falls_back_to_stdout_when_smtp_unset(monkeypatch):
+    """When SMTP_SERVER is empty, send_email should log and return rather
+    than attempting to connect."""
+    from app.config import Settings
+
+    monkeypatch.setattr(
+        "app.services.email_service.get_settings",
+        lambda: Settings(SMTP_SERVER=""),
+    )
+    asyncio.run(email_service.send_email("u@example.com", "test", "body"))
+
+
+def test_send_email_accepts_html_alternative(monkeypatch):
+    """multipart/alternative is opt-in via the html_body kwarg; verify
+    the call signature still works without it (plain-only path)."""
+    from app.config import Settings
+
+    monkeypatch.setattr(
+        "app.services.email_service.get_settings",
+        lambda: Settings(SMTP_SERVER=""),
+    )
+    # plain-only
+    asyncio.run(email_service.send_email("u@example.com", "t", "plain"))
+    # with HTML
+    asyncio.run(email_service.send_email("u@example.com", "t", "plain", html_body="<p>hi</p>"))