55569366f4
- src/legal/__init__.py: define canonical LEGAL_VERSION='2026-04-27' constant (single source of truth — auth.py now imports it as SIGNUP_LEGAL_VERSION). - src/legal/routes.py: add /legal/<page> + /legal/ index routes; markdown rendered from src/legal/content/*.md with toc, tables, fenced_code, attr_list extensions. - src/legal/content/: 6 French (Québec) markdown documents — DictIA Inc. / InnovA AI S.E.N.C. branding, Loi 25-compliant 12-section privacy policy, WCAG 2.2 AA accessibility statement, AGPL-3.0 attribution. All marked DRAFT v1.0 pending legal review by Allison Rioux. - templates/legal/_layout.html + index.html: extends marketing/base.html; inline .legal-content typographic styles (no CSS rebuild required). - .gitignore: allow-rule for src/legal/content/*.md so markdown is tracked despite the global *.md ignore. - tests/test_legal_pages.py: 9 tests covering 200 responses, DictIA branding, rprp@dictia.ca presence, 12 mandatory Loi 25 sections, public indexability (no X-Robots-Tag noindex), shared layout, marketing/base.html extension, DRAFT callout, and LEGAL_VERSION/SIGNUP_LEGAL_VERSION equivalence. - tests/_run_legal_pages_windows.py: manual driver (Windows fcntl stub). - static/css/marketing.css: regenerated by `npm run build:css` to include new utility classes referenced from templates/legal/*.html. Tests: 9/9 pass. No off-limits files modified beyond the 2-line auth.py constant move spec'd in B-2.9. No schema changes; markdown==3.5.1 already pinned in requirements.txt (B-1.1). Pages publicly indexable by design (Loi 25 transparency). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
165 lines
6.3 KiB
Python
165 lines
6.3 KiB
Python
"""Tests for the 6 legal pages blueprint (Task B-2.9).
|
|
|
|
All 6 markdown-rendered pages plus the index must:
|
|
- Return HTTP 200 with DictIA branding
|
|
- Be publicly indexable (no X-Robots-Tag noindex header — Loi 25 transparency)
|
|
- Share the same _layout.html structure (extends marketing/base.html)
|
|
- Be marked DRAFT pending legal review by Allison Rioux
|
|
- The privacy policy must satisfy the 12 mandatory Loi 25 sections
|
|
- LEGAL_VERSION constant must match SIGNUP_LEGAL_VERSION used by the signup route
|
|
"""
|
|
import os
|
|
import sys
|
|
|
|
sys.path.insert(0, os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
|
|
os.environ.setdefault('SQLALCHEMY_DATABASE_URI', 'sqlite:///:memory:')
|
|
os.environ.setdefault('SECRET_KEY', 'test-secret-key')
|
|
|
|
from src.app import app, db # noqa: E402
|
|
|
|
|
|
VALID_PAGES = ('conditions', 'confidentialite', 'cookies', 'remboursement', 'accessibilite', 'mentions')
|
|
|
|
|
|
def test_legal_index_returns_200_with_all_6_pages_listed():
|
|
with app.app_context():
|
|
db.create_all()
|
|
try:
|
|
client = app.test_client()
|
|
resp = client.get('/legal/')
|
|
assert resp.status_code == 200
|
|
body = resp.data.decode('utf-8')
|
|
for page in VALID_PAGES:
|
|
assert f'/legal/{page}' in body
|
|
assert 'Documents légaux' in body
|
|
finally:
|
|
db.session.rollback(); db.drop_all()
|
|
|
|
|
|
def test_each_legal_page_returns_200_with_dictia_branding():
|
|
with app.app_context():
|
|
db.create_all()
|
|
try:
|
|
client = app.test_client()
|
|
for page in VALID_PAGES:
|
|
resp = client.get(f'/legal/{page}')
|
|
assert resp.status_code == 200, f'/legal/{page} returned {resp.status_code}'
|
|
body = resp.data.decode('utf-8')
|
|
assert 'DictIA' in body
|
|
assert 'rprp@dictia.ca' in body or 'info@dictia.ca' in body
|
|
finally:
|
|
db.session.rollback(); db.drop_all()
|
|
|
|
|
|
def test_unknown_legal_page_returns_404():
|
|
with app.app_context():
|
|
db.create_all()
|
|
try:
|
|
client = app.test_client()
|
|
resp = client.get('/legal/unknown-page')
|
|
assert resp.status_code == 404
|
|
finally:
|
|
db.session.rollback(); db.drop_all()
|
|
|
|
|
|
def test_confidentialite_has_all_12_loi25_sections():
|
|
"""LPRPSP (Loi 25) requires 12 mandatory sections in privacy policy."""
|
|
with app.app_context():
|
|
db.create_all()
|
|
try:
|
|
client = app.test_client()
|
|
resp = client.get('/legal/confidentialite')
|
|
assert resp.status_code == 200
|
|
body = resp.data.decode('utf-8').lower()
|
|
required_topics = [
|
|
'identité du responsable',
|
|
'rprp', # responsable de la protection
|
|
'renseignements personnels collectés',
|
|
'finalités',
|
|
'base légale',
|
|
'destinataires',
|
|
'transfert hors-québec',
|
|
'durée de conservation',
|
|
'droits', # droits de l'utilisateur
|
|
'plainte', # procédure de plainte CAI
|
|
'cookies', # ou cookies et traceurs
|
|
'date de mise à jour',
|
|
]
|
|
for topic in required_topics:
|
|
assert topic in body, f'Missing Loi 25 mandatory section: {topic!r}'
|
|
finally:
|
|
db.session.rollback(); db.drop_all()
|
|
|
|
|
|
def test_legal_pages_use_layout_template_with_shared_layout():
|
|
"""All 6 pages should share the same _layout.html structure."""
|
|
with app.app_context():
|
|
db.create_all()
|
|
try:
|
|
client = app.test_client()
|
|
for page in VALID_PAGES:
|
|
resp = client.get(f'/legal/{page}')
|
|
body = resp.data.decode('utf-8')
|
|
assert 'Document légal DictIA' in body, f'_layout.html header missing on /legal/{page}'
|
|
assert 'Index des documents légaux' in body, f'_layout.html footer link missing on /legal/{page}'
|
|
finally:
|
|
db.session.rollback(); db.drop_all()
|
|
|
|
|
|
def test_legal_pages_publicly_indexable():
|
|
"""legal.* endpoints must NOT have X-Robots-Tag noindex header (Loi 25 transparency)."""
|
|
with app.app_context():
|
|
db.create_all()
|
|
try:
|
|
client = app.test_client()
|
|
for page in VALID_PAGES:
|
|
resp = client.get(f'/legal/{page}')
|
|
tag = resp.headers.get('X-Robots-Tag', '')
|
|
assert 'noindex' not in tag, f'/legal/{page} has noindex header: {tag!r}'
|
|
# Also test the index
|
|
resp = client.get('/legal/')
|
|
tag = resp.headers.get('X-Robots-Tag', '')
|
|
assert 'noindex' not in tag
|
|
finally:
|
|
db.session.rollback(); db.drop_all()
|
|
|
|
|
|
def test_legal_version_constant_matches_signup():
|
|
"""LEGAL_VERSION in src/legal must equal SIGNUP_LEGAL_VERSION used by signup route."""
|
|
from src.legal import LEGAL_VERSION
|
|
from src.api.auth import SIGNUP_LEGAL_VERSION
|
|
assert LEGAL_VERSION == SIGNUP_LEGAL_VERSION, (
|
|
f'LEGAL_VERSION ({LEGAL_VERSION!r}) must match SIGNUP_LEGAL_VERSION ({SIGNUP_LEGAL_VERSION!r})'
|
|
)
|
|
|
|
|
|
def test_legal_pages_extend_marketing_base_template():
|
|
"""All 6 pages extend marketing/base.html (verify by looking for header markers)."""
|
|
with app.app_context():
|
|
db.create_all()
|
|
try:
|
|
client = app.test_client()
|
|
for page in VALID_PAGES:
|
|
resp = client.get(f'/legal/{page}')
|
|
body = resp.data.decode('utf-8')
|
|
# marketing/base.html has the glassmorphism header at the top
|
|
assert 'class="fixed top-0' in body, f'/legal/{page} missing marketing/base.html header'
|
|
finally:
|
|
db.session.rollback(); db.drop_all()
|
|
|
|
|
|
def test_legal_pages_have_loi25_draft_callout():
|
|
"""All 6 pages should be marked DRAFT pending legal review by Allison."""
|
|
with app.app_context():
|
|
db.create_all()
|
|
try:
|
|
client = app.test_client()
|
|
for page in VALID_PAGES:
|
|
resp = client.get(f'/legal/{page}')
|
|
body = resp.data.decode('utf-8').lower()
|
|
assert 'draft' in body or 'allison rioux' in body, (
|
|
f'/legal/{page} missing draft+legal-review callout'
|
|
)
|
|
finally:
|
|
db.session.rollback(); db.drop_all()
|