using System.Net; using System.Net.Http.Headers; using System.Net.Http.Json; using Bff.Api; namespace Bff.Tests; /// /// The behandel werkbak endpoint (S-12c): reached only with a medewerker-realm token that carries the /// behandelaar role. A missing token is 401; an authenticated medewerker without the role is /// 403; a behandelaar gets the werkbak (staff view, incl. bsn). /// public class BehandelEndpointTests { private static HttpRequestMessage Werkbak(string? bearer) { var request = new HttpRequestMessage(HttpMethod.Get, "/behandel/werkbak"); if (bearer is not null) request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", bearer); return request; } [Fact] public async Task Rejects_the_werkbak_without_a_token() { using var factory = new BffFactory(); var response = await factory.CreateClient().SendAsync(Werkbak(bearer: null)); Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode); } [Fact] public async Task Rejects_a_medewerker_without_the_behandelaar_role() { using var factory = new BffFactory(); var response = await factory.CreateClient().SendAsync(Werkbak(TestTokens.Medewerker("teamlead"))); Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode); } [Fact] public async Task Serves_the_werkbak_to_a_behandelaar() { using var factory = new BffFactory(); factory.Domain.Werkbak.Add(new WerkbakItem("reg-1", "123456782", "InBehandeling")); var response = await factory.CreateClient().SendAsync(Werkbak(TestTokens.Medewerker("behandelaar"))); Assert.Equal(HttpStatusCode.OK, response.StatusCode); var items = await response.Content.ReadFromJsonAsync>(); var item = Assert.Single(items!); Assert.Equal("reg-1", item.RegistrationId); Assert.Equal("123456782", item.Bsn); } }