feat(gui): implement first-run setup wizard (1b-8) (#24)

* feat(gui): implement first-run setup wizard (1b-8) Add a 5-step setup wizard that replaces the single-step /setup: 1. Create Operator - create initial operator account 2. System Settings - configure map tile URL and attribution 3. API Keys - optionally add API keys for adapters 4. Configure Adapters - enable/disable adapters with region picker 5. Finish Setup - review and complete setup Key changes: - Update middleware to handle wizard URL structure and step routing - Add wizard routes for each step with proper auth checks - Create new templates using base_wizard.html for consistent styling - Add audit events for system.update and setup.complete - Update tests for new middleware behavior Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(gui): handle CSRF errors on wizard paths Update csrf_exception_handler to re-render wizard forms with error message instead of redirecting to /login when CSRF validation fails. - /setup/operator: re-render with error - /setup/system: re-render with current system values + error - /setup/keys: re-render with current keys list + error - /setup/adapters: re-render with current adapter config + error - /setup/finish: re-render with summary data + error - /setup: redirect to /setup (middleware routes to appropriate step) Add error display to setup_keys.html and setup_finish.html templates. Add 7 new CSRF handler tests for wizard paths. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(gui): region picker render + click-to-draw Bug A: Maps render blank on /setup/adapters for FIRMS and USGS because Leaflet computed zero dimensions before container layout settled. Fix: add setTimeout invalidateSize() after map creation. Bug B: No click-to-draw functionality - only drag corners. Fix: add L.Control.Draw for rectangle drawing with CREATED event handler to replace existing rectangle. Both fixes applied to: - setup_adapters.html (wizard inline JS) - _region_picker.html (standalone edit page) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(gui): handle revisiting /setup/operator after operator created When an operator already exists, /setup/operator now shows a confirmation page instead of the create form. This prevents: - Unique constraint violations on duplicate username - Silent creation of duplicate operators GET /setup/operator: queries config.operators; if any exist, renders confirmation state with existing_operator context. POST /setup/operator: checks operator count before INSERT; if non-zero, renders confirmation state without inserting. Template updated with conditional to show "Operator Already Configured" message when existing_operator is set. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(csrf): replace fastapi-csrf-protect with session-bound CSRF Fixes CSRF race condition where every GET rotated the CSRF token, causing POST failures when users had multiple tabs or slow connections. Changes: - Remove fastapi-csrf-protect dependency - Add session-bound CSRF tokens stored in config.sessions table - Add pre-auth CSRF for unauthenticated routes (/login, /setup/operator) - Add csrf.py module for pre-auth token generation/validation - Update routes to use new CSRF token handling - Add migration 013 to add csrf_token column to sessions The session-bound approach ensures CSRF tokens remain stable for the duration of a session, eliminating the race condition. Note: Route tests (test_wizard.py, test_adapters.py, etc.) need refactoring to mock get_settings() instead of CsrfProtect dependency. Core auth/CSRF handler tests pass (74 tests). Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * test(csrf): update test suite for session-bound CSRF tokens - Add CSRF fixtures to conftest.py for pre-auth and session CSRF - Update test_wizard.py: use bypass_pre_auth_csrf and patch_route_settings - Update test_adapters.py: set request.state.csrf_token and form mock data - Update test_api_keys.py: add CSRF token to form data for POST routes - Update test_streams.py: change return_value to side_effect for CSRF support - Update test_region_picker.py: add CSRF token handling - Update test_config_store.py: set CENTRAL_CSRF_SECRET env var in fixture All 285 tests now pass with session-bound CSRF validation. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> Co-authored-by: Matt Johnson <mj@k7zvx.com>
2026-05-22 18:44:40 +02:00 · 2026-05-17 22:06:22 -06:00 · 2026-05-17 22:06:22 -06:00 · 494ad1c799
commit 494ad1c799
parent 96ec88883c
28 changed files with 2897 additions and 377 deletions
--- a/tests/test_api_keys.py
+++ b/tests/test_api_keys.py
@ -75,13 +75,9 @@ class TestApiKeysListAuthenticated:
        mock_pool.acquire.return_value.__aenter__.return_value = mock_conn
        mock_pool.acquire.return_value.__aexit__.return_value = None

-        mock_csrf = MagicMock()
-        mock_csrf.generate_csrf_tokens.return_value = ("token", "signed")
-        mock_csrf.set_csrf_cookie = MagicMock()
-
        with patch("central.gui.routes._get_templates", return_value=mock_templates):
            with patch("central.gui.routes.get_pool", return_value=mock_pool):
-                result = await api_keys_list(mock_request, mock_csrf)
+                result = await api_keys_list(mock_request)

        # Check template was called with correct context
        call_args = mock_templates.TemplateResponse.call_args
@ -104,7 +100,8 @@ class TestApiKeysCreate:
        mock_request = MagicMock()
        mock_request.state.operator = MagicMock(id=1, username="admin")

-        form_data = {"alias": "test1", "plaintext_key": "secret-api-key-123"}
+        mock_request.state.csrf_token = "test_csrf_token"
+        form_data = {"csrf_token": "test_csrf_token", "alias": "test1", "plaintext_key": "secret-api-key-123"}
        mock_request.form = AsyncMock(return_value=form_data)

        mock_conn = AsyncMock()
@ -119,13 +116,10 @@ class TestApiKeysCreate:
        mock_pool.acquire.return_value.__aenter__.return_value = mock_conn
        mock_pool.acquire.return_value.__aexit__.return_value = None

-        mock_csrf = MagicMock()
-        mock_csrf.validate_csrf = AsyncMock()
-
        with patch("central.gui.routes.get_pool", return_value=mock_pool):
            with patch("central.crypto.encrypt", return_value=b"encrypted_data"):
                with patch("central.gui.routes.write_audit", new_callable=AsyncMock):
-                    result = await api_keys_create(mock_request, mock_csrf)
+                    result = await api_keys_create(mock_request)

        assert result.status_code == 302
        assert result.headers["location"] == "/api-keys"
@ -136,7 +130,8 @@ class TestApiKeysCreate:
        mock_request = MagicMock()
        mock_request.state.operator = MagicMock(id=1, username="admin")

-        form_data = {"alias": "firms", "plaintext_key": "secret-key"}
+        mock_request.state.csrf_token = "test_csrf_token"
+        form_data = {"csrf_token": "test_csrf_token", "alias": "firms", "plaintext_key": "secret-key"}
        mock_request.form = AsyncMock(return_value=form_data)

        mock_templates = MagicMock()
@ -150,15 +145,10 @@ class TestApiKeysCreate:
        mock_pool.acquire.return_value.__aenter__.return_value = mock_conn
        mock_pool.acquire.return_value.__aexit__.return_value = None

-        mock_csrf = MagicMock()
-        mock_csrf.validate_csrf = AsyncMock()
-        mock_csrf.generate_csrf_tokens.return_value = ("token", "signed")
-        mock_csrf.set_csrf_cookie = MagicMock()
-
        with patch("central.gui.routes._get_templates", return_value=mock_templates):
            with patch("central.gui.routes.get_pool", return_value=mock_pool):
                with patch("central.crypto.encrypt", return_value=b"encrypted"):
-                    result = await api_keys_create(mock_request, mock_csrf)
+                    result = await api_keys_create(mock_request)

        # Should re-render form with error
        call_args = mock_templates.TemplateResponse.call_args
@ -172,7 +162,8 @@ class TestApiKeysCreate:
        mock_request = MagicMock()
        mock_request.state.operator = MagicMock(id=1, username="admin")

-        form_data = {"alias": "", "plaintext_key": "secret-key"}
+        mock_request.state.csrf_token = "test_csrf_token"
+        form_data = {"csrf_token": "test_csrf_token", "alias": "", "plaintext_key": "secret-key"}
        mock_request.form = AsyncMock(return_value=form_data)

        mock_templates = MagicMock()
@ -183,14 +174,9 @@ class TestApiKeysCreate:
        mock_pool.acquire.return_value.__aenter__.return_value = mock_conn
        mock_pool.acquire.return_value.__aexit__.return_value = None

-        mock_csrf = MagicMock()
-        mock_csrf.validate_csrf = AsyncMock()
-        mock_csrf.generate_csrf_tokens.return_value = ("token", "signed")
-        mock_csrf.set_csrf_cookie = MagicMock()
-
        with patch("central.gui.routes._get_templates", return_value=mock_templates):
            with patch("central.gui.routes.get_pool", return_value=mock_pool):
-                result = await api_keys_create(mock_request, mock_csrf)
+                result = await api_keys_create(mock_request)

        call_args = mock_templates.TemplateResponse.call_args
        context = call_args.kwargs.get("context", call_args[1].get("context"))
@ -203,7 +189,8 @@ class TestApiKeysCreate:
        mock_request.state.operator = MagicMock(id=1, username="admin")

        # Test with space
-        form_data = {"alias": "test key", "plaintext_key": "secret-key"}
+        mock_request.state.csrf_token = "test_csrf_token"
+        form_data = {"csrf_token": "test_csrf_token", "alias": "test key", "plaintext_key": "secret-key"}
        mock_request.form = AsyncMock(return_value=form_data)

        mock_templates = MagicMock()
@ -214,14 +201,9 @@ class TestApiKeysCreate:
        mock_pool.acquire.return_value.__aenter__.return_value = mock_conn
        mock_pool.acquire.return_value.__aexit__.return_value = None

-        mock_csrf = MagicMock()
-        mock_csrf.validate_csrf = AsyncMock()
-        mock_csrf.generate_csrf_tokens.return_value = ("token", "signed")
-        mock_csrf.set_csrf_cookie = MagicMock()
-
        with patch("central.gui.routes._get_templates", return_value=mock_templates):
            with patch("central.gui.routes.get_pool", return_value=mock_pool):
-                result = await api_keys_create(mock_request, mock_csrf)
+                result = await api_keys_create(mock_request)

        call_args = mock_templates.TemplateResponse.call_args
        context = call_args.kwargs.get("context", call_args[1].get("context"))
@ -233,7 +215,8 @@ class TestApiKeysCreate:
        mock_request = MagicMock()
        mock_request.state.operator = MagicMock(id=1, username="admin")

-        form_data = {"alias": "test-key", "plaintext_key": "secret-key"}
+        mock_request.state.csrf_token = "test_csrf_token"
+        form_data = {"csrf_token": "test_csrf_token", "alias": "test-key", "plaintext_key": "secret-key"}
        mock_request.form = AsyncMock(return_value=form_data)

        mock_templates = MagicMock()
@ -244,14 +227,9 @@ class TestApiKeysCreate:
        mock_pool.acquire.return_value.__aenter__.return_value = mock_conn
        mock_pool.acquire.return_value.__aexit__.return_value = None

-        mock_csrf = MagicMock()
-        mock_csrf.validate_csrf = AsyncMock()
-        mock_csrf.generate_csrf_tokens.return_value = ("token", "signed")
-        mock_csrf.set_csrf_cookie = MagicMock()
-
        with patch("central.gui.routes._get_templates", return_value=mock_templates):
            with patch("central.gui.routes.get_pool", return_value=mock_pool):
-                result = await api_keys_create(mock_request, mock_csrf)
+                result = await api_keys_create(mock_request)

        call_args = mock_templates.TemplateResponse.call_args
        context = call_args.kwargs.get("context", call_args[1].get("context"))
@ -267,7 +245,8 @@ class TestApiKeysRotate:
        mock_request = MagicMock()
        mock_request.state.operator = MagicMock(id=1, username="admin")

-        form_data = {"new_plaintext_key": "new-secret-key-456"}
+        mock_request.state.csrf_token = "test_csrf_token"
+        form_data = {"csrf_token": "test_csrf_token", "new_plaintext_key": "new-secret-key-456"}
        mock_request.form = AsyncMock(return_value=form_data)

        mock_conn = AsyncMock()
@ -290,13 +269,10 @@ class TestApiKeysRotate:
        mock_pool.acquire.return_value.__aenter__.return_value = mock_conn
        mock_pool.acquire.return_value.__aexit__.return_value = None

-        mock_csrf = MagicMock()
-        mock_csrf.validate_csrf = AsyncMock()
-
        with patch("central.gui.routes.get_pool", return_value=mock_pool):
            with patch("central.crypto.encrypt", return_value=b"new_encrypted"):
                with patch("central.gui.routes.write_audit", new_callable=AsyncMock) as mock_audit:
-                    result = await api_keys_rotate(mock_request, "test1", mock_csrf)
+                    result = await api_keys_rotate(mock_request, "test1")

        assert result.status_code == 302
        # Check audit was called with no plaintext
@ -313,6 +289,8 @@ class TestApiKeysDelete:
        """POST /api-keys/{alias}/delete with references shows error."""
        mock_request = MagicMock()
        mock_request.state.operator = MagicMock(id=1, username="admin")
+        mock_request.state.csrf_token = "test_csrf_token"
+        mock_request.form = AsyncMock(return_value={"csrf_token": "test_csrf_token"})

        mock_templates = MagicMock()
        mock_templates.TemplateResponse.return_value = MagicMock()
@ -331,14 +309,9 @@ class TestApiKeysDelete:
        mock_pool.acquire.return_value.__aenter__.return_value = mock_conn
        mock_pool.acquire.return_value.__aexit__.return_value = None

-        mock_csrf = MagicMock()
-        mock_csrf.validate_csrf = AsyncMock()
-        mock_csrf.generate_csrf_tokens.return_value = ("token", "signed")
-        mock_csrf.set_csrf_cookie = MagicMock()
-
        with patch("central.gui.routes._get_templates", return_value=mock_templates):
            with patch("central.gui.routes.get_pool", return_value=mock_pool):
-                result = await api_keys_delete(mock_request, "firms", mock_csrf)
+                result = await api_keys_delete(mock_request, "firms")

        # Should re-render with error
        call_args = mock_templates.TemplateResponse.call_args
@ -351,6 +324,8 @@ class TestApiKeysDelete:
        """POST /api-keys/{alias}/delete without references deletes and redirects."""
        mock_request = MagicMock()
        mock_request.state.operator = MagicMock(id=1, username="admin")
+        mock_request.state.csrf_token = "test_csrf_token"
+        mock_request.form = AsyncMock(return_value={"csrf_token": "test_csrf_token"})

        mock_conn = AsyncMock()
        mock_conn.fetchrow.return_value = {
@ -367,12 +342,9 @@ class TestApiKeysDelete:
        mock_pool.acquire.return_value.__aenter__.return_value = mock_conn
        mock_pool.acquire.return_value.__aexit__.return_value = None

-        mock_csrf = MagicMock()
-        mock_csrf.validate_csrf = AsyncMock()
-
        with patch("central.gui.routes.get_pool", return_value=mock_pool):
            with patch("central.gui.routes.write_audit", new_callable=AsyncMock) as mock_audit:
-                result = await api_keys_delete(mock_request, "test1", mock_csrf)
+                result = await api_keys_delete(mock_request, "test1")

        assert result.status_code == 302
        assert result.headers["location"] == "/api-keys"
@ -388,7 +360,8 @@ class TestApiKeysAuditNoPlaintext:
        mock_request = MagicMock()
        mock_request.state.operator = MagicMock(id=1, username="admin")

-        form_data = {"alias": "newkey", "plaintext_key": "super-secret-value"}
+        mock_request.state.csrf_token = "test_csrf_token"
+        form_data = {"csrf_token": "test_csrf_token", "alias": "newkey", "plaintext_key": "super-secret-value"}
        mock_request.form = AsyncMock(return_value=form_data)

        mock_conn = AsyncMock()
@ -401,13 +374,10 @@ class TestApiKeysAuditNoPlaintext:
        mock_pool.acquire.return_value.__aenter__.return_value = mock_conn
        mock_pool.acquire.return_value.__aexit__.return_value = None

-        mock_csrf = MagicMock()
-        mock_csrf.validate_csrf = AsyncMock()
-
        with patch("central.gui.routes.get_pool", return_value=mock_pool):
            with patch("central.crypto.encrypt", return_value=b"encrypted"):
                with patch("central.gui.routes.write_audit", new_callable=AsyncMock) as mock_audit:
-                    await api_keys_create(mock_request, mock_csrf)
+                    await api_keys_create(mock_request)

        # Check audit call arguments
        call_kwargs = mock_audit.call_args.kwargs