Giorgio Gilestro
6e7f57c6b2
Server no longer holds portfolios. Holdings live in the browser (localStorage); the server publishes an anonymous ticker_universe and a gzipped /api/universe payload identical for every authenticated user, so access patterns can't betray which tickers a user holds. AI commentary is generated ephemerally from the browser-supplied pie and the cost ledger row records no positions. Migrations 0009-0011 added the universe table and dropped positions / portfolio_snapshots / portfolios. Authentication is now e-mail OTP only. Migration 0010 dropped password_hash and email_verified (every active session is by construction proof of email control). The /signup endpoint is gone; signup and login share a single email-entry page. Email rendering is HTML+plain-text multipart with a shared brand palette (app/branding.py) asserted in sync with the CSS by a drift-detection test. LLM provider defaults to DeepSeek-direct (cheaper, api.deepseek.com) with OpenRouter as automatic fallback if DeepSeek fails. ai_log_job and indicator_summary_job now iterate the two tones (NOVICE, INTERMEDIATE) per cycle so the dashboard's tone toggle is instant; PROMPT_VERSION bumped to 6 with an educational anti-TA / anti-gambling stance baked into _CORE. NOVICE mode renders a curated glossary inline (CBOE VIX, yield curve, HY OAS, etc.) with JS-positioned tooltips that survive viewport edges and sticky bars. Model name and tokens hidden from the user UI; still recorded in StrategicLog.model and AICall for admin. Layout adds a sticky top nav, a sticky bottom markets bar (one chip per exchange with status LED + headline index + 1d change), and Phase H feedback reporting is queued in tasks/todo.md. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
76 lines
2.8 KiB
Python
76 lines
2.8 KiB
Python
"""Tests for email rendering + dev fallback. SMTP submission itself isn't
|
|
exercised here — covered by manual end-to-end test against real SMTP."""
|
|
from __future__ import annotations
|
|
|
|
import asyncio
|
|
|
|
import pytest
|
|
|
|
from app.services import email_service
|
|
|
|
|
|
def test_render_otp_email_returns_three_parts():
|
|
subject, text, html = email_service.render_otp_email("123456", 15)
|
|
assert isinstance(subject, str) and isinstance(text, str) and isinstance(html, str)
|
|
|
|
|
|
def test_render_otp_email_includes_code_and_ttl():
|
|
subject, text, html = email_service.render_otp_email("123456", 15)
|
|
assert "Cassandra" in subject
|
|
assert "123456" in subject # subject embeds the code for inbox visibility
|
|
assert "123456" in text
|
|
assert "123456" in html
|
|
assert "15 minutes" in text
|
|
assert "15 minutes" in html
|
|
|
|
|
|
def test_render_otp_email_plain_text_part_has_no_html():
|
|
"""The plain-text alternative must remain plain — no markup leaking
|
|
in from the HTML template."""
|
|
_, text, _ = email_service.render_otp_email("000000", 15)
|
|
assert "<" not in text and ">" not in text
|
|
|
|
|
|
def test_render_otp_email_html_is_well_formed_doctype():
|
|
_, _, html = email_service.render_otp_email("000000", 15)
|
|
assert html.lstrip().startswith("<!DOCTYPE html>")
|
|
assert "</html>" in html
|
|
|
|
|
|
def test_render_otp_email_html_has_preheader_and_responsive_styles():
|
|
_, _, html = email_service.render_otp_email("000000", 15)
|
|
# Inbox preview snippet — must be present and contain the code.
|
|
assert "Your Cassandra sign-in code" in html
|
|
# Responsive + dark-mode media queries indicate cross-client robustness.
|
|
assert "prefers-color-scheme" in html
|
|
assert "@media (max-width" in html
|
|
# No external assets — emails should render with network off.
|
|
assert "http://" not in html
|
|
assert "https://" not in html
|
|
|
|
|
|
def test_send_email_falls_back_to_stdout_when_smtp_unset(monkeypatch):
|
|
"""When SMTP_SERVER is empty, send_email should log and return rather
|
|
than attempting to connect."""
|
|
from app.config import Settings
|
|
|
|
monkeypatch.setattr(
|
|
"app.services.email_service.get_settings",
|
|
lambda: Settings(SMTP_SERVER=""),
|
|
)
|
|
asyncio.run(email_service.send_email("u@example.com", "test", "body"))
|
|
|
|
|
|
def test_send_email_accepts_html_alternative(monkeypatch):
|
|
"""multipart/alternative is opt-in via the html_body kwarg; verify
|
|
the call signature still works without it (plain-only path)."""
|
|
from app.config import Settings
|
|
|
|
monkeypatch.setattr(
|
|
"app.services.email_service.get_settings",
|
|
lambda: Settings(SMTP_SERVER=""),
|
|
)
|
|
# plain-only
|
|
asyncio.run(email_service.send_email("u@example.com", "t", "plain"))
|
|
# with HTML
|
|
asyncio.run(email_service.send_email("u@example.com", "t", "plain", html_body="<p>hi</p>"))
|