Innova-AI/dictia-public
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

feat(legal): B-2.9 6 pages légales (CGU, Loi 25, cookies, remboursement, accessibilité, mentions)

Browse Source 
- src/legal/__init__.py: define canonical LEGAL_VERSION='2026-04-27' constant
  (single source of truth — auth.py now imports it as SIGNUP_LEGAL_VERSION).
- src/legal/routes.py: add /legal/<page> + /legal/ index routes; markdown rendered
  from src/legal/content/*.md with toc, tables, fenced_code, attr_list extensions.
- src/legal/content/: 6 French (Québec) markdown documents — DictIA Inc. /
  InnovA AI S.E.N.C. branding, Loi 25-compliant 12-section privacy policy,
  WCAG 2.2 AA accessibility statement, AGPL-3.0 attribution. All marked
  DRAFT v1.0 pending legal review by Allison Rioux.
- templates/legal/_layout.html + index.html: extends marketing/base.html;
  inline .legal-content typographic styles (no CSS rebuild required).
- .gitignore: allow-rule for src/legal/content/*.md so markdown is tracked
  despite the global *.md ignore.
- tests/test_legal_pages.py: 9 tests covering 200 responses, DictIA branding,
  rprp@dictia.ca presence, 12 mandatory Loi 25 sections, public indexability
  (no X-Robots-Tag noindex), shared layout, marketing/base.html extension,
  DRAFT callout, and LEGAL_VERSION/SIGNUP_LEGAL_VERSION equivalence.
- tests/_run_legal_pages_windows.py: manual driver (Windows fcntl stub).
- static/css/marketing.css: regenerated by `npm run build:css` to include
  new utility classes referenced from templates/legal/*.html.

Tests: 9/9 pass. No off-limits files modified beyond the 2-line auth.py
constant move spec'd in B-2.9. No schema changes; markdown==3.5.1 already
pinned in requirements.txt (B-1.1). Pages publicly indexable by design
(Loi 25 transparency).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Allison
2026-04-28 08:57:36 -04:00
parent 64738bfd1f
commit 55569366f4
15 changed files with 1034 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
tests/_run_legal_pages_windows.py Normal file
View File

@@ -0,0 +1,74 @@
"""Windows manual driver for tests/test_legal_pages.py.
src/init_db.py imports `fcntl`, which is POSIX-only. On Windows we stub it
before src.app gets imported, then run each test_* function and report.
Run from the repo root:
py -3 tests/_run_legal_pages_windows.py
"""
import os
import sys
import types
import traceback
# 1) Stub fcntl BEFORE any import of src.* happens.
if 'fcntl' not in sys.modules:
fcntl_stub = types.ModuleType('fcntl')
fcntl_stub.LOCK_EX = 2
fcntl_stub.LOCK_NB = 4
fcntl_stub.LOCK_UN = 8
fcntl_stub.LOCK_SH = 1
fcntl_stub.flock = lambda *_args, **_kw: None
fcntl_stub.fcntl = lambda *_args, **_kw: 0
sys.modules['fcntl'] = fcntl_stub
# 2) Make repo root importable
HERE = os.path.dirname(os.path.abspath(__file__))
REPO = os.path.dirname(HERE)
sys.path.insert(0, REPO)
# 3) Test-friendly env defaults
os.environ.setdefault('SQLALCHEMY_DATABASE_URI', 'sqlite:///:memory:')
os.environ.setdefault('SECRET_KEY', 'test-secret-key-legal')
os.environ.setdefault('ENABLE_EMAIL_VERIFICATION', 'false')
os.environ.setdefault('REQUIRE_EMAIL_VERIFICATION', 'false')
os.environ.setdefault('TRANSCRIPTION_BASE_URL', 'http://test-stub')
os.environ.setdefault('TRANSCRIPTION_API_KEY', 'test-stub')
os.environ.setdefault('RATELIMIT_ENABLED', 'false')
try:
sys.stdout.reconfigure(encoding='utf-8', errors='replace')
sys.stderr.reconfigure(encoding='utf-8', errors='replace')
except Exception:
pass
# 4) Import the test module and run every test_* function
import importlib.util # noqa: E402
spec = importlib.util.spec_from_file_location(
'test_legal_pages',
os.path.join(HERE, 'test_legal_pages.py'),
)
mod = importlib.util.module_from_spec(spec)
spec.loader.exec_module(mod)
tests = [(name, fn) for name, fn in vars(mod).items()
if name.startswith('test_') and callable(fn)]
passed = 0
failed = []
for name, fn in tests:
try:
fn()
print(f' PASS {name}')
passed += 1
except Exception as e: # noqa: BLE001
print(f' FAIL {name}: {type(e).__name__}: {e}')
failed.append((name, traceback.format_exc()))
total = len(tests)
print()
print(f'Result: {passed}/{total} passed, {len(failed)} failed')
if failed:
print('\n--- Failures ---\n')
for name, tb in failed:
print(f'### {name}\n{tb}\n')
sys.exit(0 if not failed else 1)

164
tests/test_legal_pages.py Normal file
View File

@@ -0,0 +1,164 @@
"""Tests for the 6 legal pages blueprint (Task B-2.9).
All 6 markdown-rendered pages plus the index must:
- Return HTTP 200 with DictIA branding
- Be publicly indexable (no X-Robots-Tag noindex header — Loi 25 transparency)
- Share the same _layout.html structure (extends marketing/base.html)
- Be marked DRAFT pending legal review by Allison Rioux
- The privacy policy must satisfy the 12 mandatory Loi 25 sections
- LEGAL_VERSION constant must match SIGNUP_LEGAL_VERSION used by the signup route
"""
import os
import sys
sys.path.insert(0, os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
os.environ.setdefault('SQLALCHEMY_DATABASE_URI', 'sqlite:///:memory:')
os.environ.setdefault('SECRET_KEY', 'test-secret-key')
from src.app import app, db # noqa: E402
VALID_PAGES = ('conditions', 'confidentialite', 'cookies', 'remboursement', 'accessibilite', 'mentions')
def test_legal_index_returns_200_with_all_6_pages_listed():
with app.app_context():
db.create_all()
try:
client = app.test_client()
resp = client.get('/legal/')
assert resp.status_code == 200
body = resp.data.decode('utf-8')
for page in VALID_PAGES:
assert f'/legal/{page}' in body
assert 'Documents légaux' in body
finally:
db.session.rollback(); db.drop_all()
def test_each_legal_page_returns_200_with_dictia_branding():
with app.app_context():
db.create_all()
try:
client = app.test_client()
for page in VALID_PAGES:
resp = client.get(f'/legal/{page}')
assert resp.status_code == 200, f'/legal/{page} returned {resp.status_code}'
body = resp.data.decode('utf-8')
assert 'DictIA' in body
assert 'rprp@dictia.ca' in body or 'info@dictia.ca' in body
finally:
db.session.rollback(); db.drop_all()
def test_unknown_legal_page_returns_404():
with app.app_context():
db.create_all()
try:
client = app.test_client()
resp = client.get('/legal/unknown-page')
assert resp.status_code == 404
finally:
db.session.rollback(); db.drop_all()
def test_confidentialite_has_all_12_loi25_sections():
"""LPRPSP (Loi 25) requires 12 mandatory sections in privacy policy."""
with app.app_context():
db.create_all()
try:
client = app.test_client()
resp = client.get('/legal/confidentialite')
assert resp.status_code == 200
body = resp.data.decode('utf-8').lower()
required_topics = [
'identité du responsable',
'rprp', # responsable de la protection
'renseignements personnels collectés',
'finalités',
'base légale',
'destinataires',
'transfert hors-québec',
'durée de conservation',
'droits', # droits de l'utilisateur
'plainte', # procédure de plainte CAI
'cookies', # ou cookies et traceurs
'date de mise à jour',
]
for topic in required_topics:
assert topic in body, f'Missing Loi 25 mandatory section: {topic!r}'
finally:
db.session.rollback(); db.drop_all()
def test_legal_pages_use_layout_template_with_shared_layout():
"""All 6 pages should share the same _layout.html structure."""
with app.app_context():
db.create_all()
try:
client = app.test_client()
for page in VALID_PAGES:
resp = client.get(f'/legal/{page}')
body = resp.data.decode('utf-8')
assert 'Document légal DictIA' in body, f'_layout.html header missing on /legal/{page}'
assert 'Index des documents légaux' in body, f'_layout.html footer link missing on /legal/{page}'
finally:
db.session.rollback(); db.drop_all()
def test_legal_pages_publicly_indexable():
"""legal.* endpoints must NOT have X-Robots-Tag noindex header (Loi 25 transparency)."""
with app.app_context():
db.create_all()
try:
client = app.test_client()
for page in VALID_PAGES:
resp = client.get(f'/legal/{page}')
tag = resp.headers.get('X-Robots-Tag', '')
assert 'noindex' not in tag, f'/legal/{page} has noindex header: {tag!r}'
# Also test the index
resp = client.get('/legal/')
tag = resp.headers.get('X-Robots-Tag', '')
assert 'noindex' not in tag
finally:
db.session.rollback(); db.drop_all()
def test_legal_version_constant_matches_signup():
"""LEGAL_VERSION in src/legal must equal SIGNUP_LEGAL_VERSION used by signup route."""
from src.legal import LEGAL_VERSION
from src.api.auth import SIGNUP_LEGAL_VERSION
assert LEGAL_VERSION == SIGNUP_LEGAL_VERSION, (
f'LEGAL_VERSION ({LEGAL_VERSION!r}) must match SIGNUP_LEGAL_VERSION ({SIGNUP_LEGAL_VERSION!r})'
)
def test_legal_pages_extend_marketing_base_template():
"""All 6 pages extend marketing/base.html (verify by looking for header markers)."""
with app.app_context():
db.create_all()
try:
client = app.test_client()
for page in VALID_PAGES:
resp = client.get(f'/legal/{page}')
body = resp.data.decode('utf-8')
# marketing/base.html has the glassmorphism header at the top
assert 'class="fixed top-0' in body, f'/legal/{page} missing marketing/base.html header'
finally:
db.session.rollback(); db.drop_all()
def test_legal_pages_have_loi25_draft_callout():
"""All 6 pages should be marked DRAFT pending legal review by Allison."""
with app.app_context():
db.create_all()
try:
client = app.test_client()
for page in VALID_PAGES:
resp = client.get(f'/legal/{page}')
body = resp.data.decode('utf-8').lower()
assert 'draft' in body or 'allison rioux' in body, (
f'/legal/{page} missing draft+legal-review callout'
)
finally:
db.session.rollback(); db.drop_all()