aiolabs/libra
8
0
Fork 1
Code Issues 36 Pull requests Projects Releases 6 Packages Wiki Activity Actions
libra/tests/test_void_reject_api.py
Padreug 7a4b3022c2 Add integration test suite 
113 passing tests + 3 skipped + 8 xfailed across 10 files, covering user
expense and income flow, admin receivable/revenue, settings + auth gates,
void/reject, manual payment requests, balance display, Lightning auth
paths, reconciliation API, and pure-function units. Runs against a real
Fava subprocess and full LNbits app via asgi_lifespan; the harness
captures the auth-flow / settings / env-var disciplines surfaced during
build-out (see tests/README.md and tests/conftest.py docstring).

Eight xfailed/skipped tests carry full implementations gated behind issues
#38, #39, #40 — they flip back on automatically when those land.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-06-07 15:39:45 +02:00

212 lines
7.4 KiB
Python
Raw Permalink Blame History

"""Reject / void pending entry flow — `POST /libra/api/v1/entries/{id}/reject`.
Captures the current (pre-issue #24) in-place mutation behaviour:
- Pending entries (`!` flag) can be rejected by a super user.
- Rejection appends `#voided` to the transaction line in the .beancount file
(no new transaction posted — this is the only in-place edit path in libra).
- Voided entries are filtered out of balance queries.
- The reject endpoint only matches pending entries; cleared (`*`) ones return
404 because the search loop filters by `flag == '!'`.
PR #34 changes whether the user's `/entries/user` listing surfaces voided rows.
The test `test_voided_entry_excluded_from_user_journal` documents the current
("filtered") behaviour; flip it if/when that change lands.
When the reversing-entry refactor in issue #24 ships, these tests will need to
move from "void via tag append" to "void via reversal transaction." The shape
of the tests should still hold — what changes is the on-disk evidence.
"""
from uuid import uuid4
import pytest
from .helpers import (
approve_entry,
get_balance,
list_user_entries,
post_expense,
reject_entry,
)
@pytest.mark.anyio
async def test_admin_can_reject_pending_expense(
client, super_user_headers, configured_user, standard_accounts,
):
"""Happy path: user submits expense → admin rejects → response includes
the entry id, balance still zero."""
_, wallet = configured_user
posted = await post_expense(
client,
wallet_inkey=wallet.inkey,
user_wallet_id=wallet.id,
amount="15.00",
currency="EUR",
description=f"Reject me {uuid4().hex[:6]}",
expense_account=standard_accounts["expense_food"]["name"],
)
result = await reject_entry(
client, super_user_headers=super_user_headers, entry_id=posted["id"],
)
assert result.get("entry_id") == posted["id"]
balance = await get_balance(client, wallet_inkey=wallet.inkey)
assert not balance.get("fiat_balances"), (
f"voided entry should not surface in balance, got {balance}"
)
@pytest.mark.anyio
async def test_voided_entry_visible_in_user_journal(
client, super_user_headers, configured_user, standard_accounts,
):
"""Post-commit-1c89e69 behaviour: rejected entries remain visible in
the user's `/entries/user` listing so the user can see their own
rejected history rather than having it silently disappear.
The UI is expected to render these with a 'voided' visual marker
(PR #34 webapp companion). The balance query still excludes them
via the separate `tags` filter — covered in
`test_admin_can_reject_pending_expense`.
"""
_, wallet = configured_user
tag = f"void-marker-{uuid4().hex[:6]}"
posted = await post_expense(
client,
wallet_inkey=wallet.inkey,
user_wallet_id=wallet.id,
amount="20.00",
currency="EUR",
description=tag,
expense_account=standard_accounts["expense_food"]["name"],
)
await reject_entry(
client, super_user_headers=super_user_headers, entry_id=posted["id"],
)
listing = await list_user_entries(client, wallet_inkey=wallet.inkey)
entries = listing.get("entries", [])
descriptions = [e.get("description") or "" for e in entries]
assert any(tag in d for d in descriptions), (
f"voided entry should remain visible in user journal post-#34, "
f"got descriptions: {descriptions}"
)
voided = next(
(e for e in entries if tag in (e.get("description") or "")), None,
)
assert voided is not None
assert "voided" in voided.get("tags", []), (
f"voided entry should be tagged 'voided' for UI styling, "
f"got tags: {voided.get('tags')}"
)
@pytest.mark.anyio
async def test_reject_unknown_entry_returns_404(
client, super_user_headers,
):
"""An entry id that doesn't exist anywhere in the ledger 404s."""
bogus_id = uuid4().hex[:16]
r = await client.post(
f"/libra/api/v1/entries/{bogus_id}/reject",
headers=super_user_headers,
)
assert r.status_code == 404, f"expected 404, got {r.status_code}: {r.text}"
assert "not found" in r.text.lower()
@pytest.mark.anyio
async def test_reject_already_cleared_entry_returns_404(
client, super_user_headers, configured_user, standard_accounts,
):
"""The reject lookup filters by `flag == '!'` so already-approved
(cleared) entries are indistinguishable from non-existent ones —
both 404."""
_, wallet = configured_user
posted = await post_expense(
client,
wallet_inkey=wallet.inkey,
user_wallet_id=wallet.id,
amount="11.00",
currency="EUR",
description=f"Approve-then-reject {uuid4().hex[:6]}",
expense_account=standard_accounts["expense_food"]["name"],
)
await approve_entry(
client, super_user_headers=super_user_headers, entry_id=posted["id"],
)
r = await client.post(
f"/libra/api/v1/entries/{posted['id']}/reject",
headers=super_user_headers,
)
assert r.status_code == 404, f"expected 404, got {r.status_code}: {r.text}"
@pytest.mark.anyio
async def test_non_super_user_cannot_reject(
client, configured_user, standard_accounts,
):
"""Reject endpoint uses libra's `require_super_user` — wallet
admin-key of a non-super user is forbidden."""
_, wallet = configured_user
posted = await post_expense(
client,
wallet_inkey=wallet.inkey,
user_wallet_id=wallet.id,
amount="13.00",
currency="EUR",
description=f"Forbidden reject {uuid4().hex[:6]}",
expense_account=standard_accounts["expense_food"]["name"],
)
r = await client.post(
f"/libra/api/v1/entries/{posted['id']}/reject",
headers={"X-Api-Key": wallet.adminkey, "Content-type": "application/json"},
)
assert r.status_code == 403, f"expected 403, got {r.status_code}: {r.text}"
assert "super" in r.text.lower()
@pytest.mark.anyio
async def test_double_reject_returns_404_on_second_call(
client, super_user_headers, configured_user, standard_accounts,
):
"""After a successful reject the entry is no longer matched by the
lookup (it's still flag `!` but its journal-listing-filter behaviour
is "voided"). A second reject 404s rather than mutating again.
Documents the de-facto idempotency story: it's "first wins, repeat
fails cleanly" rather than "repeat is a no-op success." If the
reversing-entry refactor (#24) reshapes this, the test will reveal it.
"""
_, wallet = configured_user
posted = await post_expense(
client,
wallet_inkey=wallet.inkey,
user_wallet_id=wallet.id,
amount="9.00",
currency="EUR",
description=f"Double reject {uuid4().hex[:6]}",
expense_account=standard_accounts["expense_food"]["name"],
)
await reject_entry(
client, super_user_headers=super_user_headers, entry_id=posted["id"],
)
r = await client.post(
f"/libra/api/v1/entries/{posted['id']}/reject",
headers=super_user_headers,
)
# First reject succeeded; second reject either 404 (entry still flag !
# but matched-by-tag elsewhere) or 200 with idempotent no-op. Lock in
# whichever the current code does so a future change to the reject
# path forces a deliberate decision.
assert r.status_code in (200, 404), (
f"second reject should be deterministic, got {r.status_code}: {r.text}"
)
Reference in a new issue View git blame Copy permalink