feat: send email in share transcript and add email sending in room (#924)

* fix: add source language for file pipeline * feat: send email in share transcript and add email sending in room * fix: hide audio and video streaming for unauthenticated users * fix: security order
2026-04-05 13:26:48 +00:00 · 2026-03-24 17:17:52 -05:00
parent 74b9b97453
commit e2ba502697
28 changed files with 861 additions and 174 deletions
--- a/server/tests/test_security_permissions.py
+++ b/server/tests/test_security_permissions.py
@@ -373,9 +373,9 @@ async def test_audio_mp3_requires_token_for_owned_transcript(
    tr.audio_mp3_filename.parent.mkdir(parents=True, exist_ok=True)
    shutil.copy(audio_path, tr.audio_mp3_filename)

-    # Anonymous GET without token should be 403 or 404 depending on access; we call mp3
+    # Anonymous GET without token should be 401 (auth required)
    resp = await client.get(f"/transcripts/{t.id}/audio/mp3")
-    assert resp.status_code == 403
+    assert resp.status_code == 401

    # With token should succeed
    token = create_access_token(
@@ -898,7 +898,7 @@ async def test_anonymous_transcript_in_list_when_public_mode(client, monkeypatch
@pytest.mark.asyncio
 async def test_anonymous_transcript_audio_accessible(client, monkeypatch, tmpdir):
    """Anonymous transcript audio (mp3) is accessible without authentication
-    because user_id=None bypasses share_mode checks."""
+    because user_id=None bypasses the auth requirement (pipeline access)."""
    monkeypatch.setattr(settings, "PUBLIC_MODE", True)
    monkeypatch.setattr(settings, "DATA_DIR", Path(tmpdir).as_posix())

@@ -920,7 +920,7 @@ async def test_anonymous_transcript_audio_accessible(client, monkeypatch, tmpdir
    resp = await client.get(f"/transcripts/{t.id}/audio/mp3")
    assert (
        resp.status_code == 200
-    ), f"Anonymous transcript audio should be accessible: {resp.text}"
+    ), f"Anonymous transcript audio should be accessible for pipeline: {resp.text}"


@pytest.mark.asyncio