test(bff): endpoints, JWT auth and public-safe projection (refs #8)
Failing tests for the BFF walking-skeleton endpoints: - POST /self-service/registrations rejects missing/malformed/wrong-key/expired tokens (401) and, with a valid digid token, forwards the bsn to the domain and returns 202 (WebApplicationFactory + a local test signing key, ADR-0010). - GET /openbaar/register serves public-safe rows anonymously (never the bsn) and filters by q. - OpenbaarProjection.PublicView (pure) filters by id and maps to id+status only. Endpoints and PublicView are stubs so the tests compile and fail on their assertions; the green commit implements them. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
30
services/bff/Bff.Tests/TestTokens.cs
Normal file
30
services/bff/Bff.Tests/TestTokens.cs
Normal file
@@ -0,0 +1,30 @@
|
||||
using System.Text;
|
||||
using Microsoft.IdentityModel.JsonWebTokens;
|
||||
using Microsoft.IdentityModel.Tokens;
|
||||
|
||||
namespace Bff.Tests;
|
||||
|
||||
/// <summary>Mints JWTs for the BFF tests — signed with the factory's test key (valid) or otherwise
|
||||
/// (a wrong key / expired) to exercise the bearer validation the BFF configures.</summary>
|
||||
internal static class TestTokens
|
||||
{
|
||||
public static string Valid(string bsn) => Create(bsn, BffFactory.TestSigningKey, expired: false);
|
||||
|
||||
public static string Expired(string bsn) => Create(bsn, BffFactory.TestSigningKey, expired: true);
|
||||
|
||||
public static string WrongKey(string bsn) => Create(
|
||||
bsn,
|
||||
new SymmetricSecurityKey(Encoding.UTF8.GetBytes("a-different-signing-key-256-bits-long-indeed-yes!")),
|
||||
expired: false);
|
||||
|
||||
private static string Create(string bsn, SymmetricSecurityKey key, bool expired)
|
||||
{
|
||||
var handler = new JsonWebTokenHandler();
|
||||
return handler.CreateToken(new SecurityTokenDescriptor
|
||||
{
|
||||
Claims = new Dictionary<string, object> { ["bsn"] = bsn },
|
||||
Expires = DateTime.UtcNow.AddMinutes(expired ? -5 : 30),
|
||||
SigningCredentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256),
|
||||
});
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user