The BFF's public view exposes id/status/reference (never bsn/naam) and searches by id or reference; the openbaar register's Referentie column and search now show the reference the citizen saw on submit. api-client + openapi.json regenerated. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
84 lines
2.8 KiB
C#
84 lines
2.8 KiB
C#
using System.Net;
|
|
using System.Net.Http.Headers;
|
|
using System.Net.Http.Json;
|
|
using Acceptance.Support;
|
|
using Bff.Api;
|
|
using Reqnroll;
|
|
using Xunit;
|
|
|
|
namespace Acceptance.Steps;
|
|
|
|
/// <summary>Bindings for <c>BffToegang.feature</c> (S-07). Drives the real BFF over HTTP with a
|
|
/// fake domain + projection and locally-minted tokens (ADR-0010). One host per scenario.</summary>
|
|
[Binding]
|
|
public sealed class BffToegangSteps : IDisposable
|
|
{
|
|
private readonly BffAcceptanceHost _host = new();
|
|
private HttpClient _client = null!;
|
|
private string? _token;
|
|
private HttpResponseMessage? _response;
|
|
|
|
[Given("a zorgprofessional with a valid DigiD token for BSN \"(.*)\"")]
|
|
public void GivenAValidToken(string bsn)
|
|
{
|
|
_token = BffAcceptanceHost.MintToken(bsn);
|
|
_client = _host.CreateClient();
|
|
}
|
|
|
|
[Given("a caller without a token")]
|
|
public void GivenNoToken() => _client = _host.CreateClient();
|
|
|
|
[Given("the projection contains a zaak \"(.*)\" for BSN \"(.*)\"")]
|
|
public void GivenTheProjectionContains(string zaakId, string bsn)
|
|
{
|
|
_host.Projection.Entries.Add(new ProjectionEntry(zaakId, "INGEDIEND", "REG-" + zaakId, bsn, null));
|
|
_client = _host.CreateClient();
|
|
}
|
|
|
|
[When("they submit a registration via the BFF")]
|
|
public async Task WhenTheySubmit()
|
|
{
|
|
var request = new HttpRequestMessage(HttpMethod.Post, "/self-service/registrations")
|
|
{
|
|
Content = JsonContent.Create(new { }),
|
|
};
|
|
if (_token is not null)
|
|
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", _token);
|
|
_response = await _client.SendAsync(request);
|
|
}
|
|
|
|
[When("the openbaar register is queried anonymously")]
|
|
public async Task WhenTheOpenbaarRegisterIsQueried()
|
|
=> _response = await _client.GetAsync("/openbaar/register");
|
|
|
|
[Then("the BFF accepts it and forwards BSN \"(.*)\" to the domain")]
|
|
public void ThenAcceptedAndForwarded(string bsn)
|
|
{
|
|
Assert.Equal(HttpStatusCode.Accepted, _response!.StatusCode);
|
|
Assert.Equal(bsn, _host.Domain.SubmittedBsn);
|
|
}
|
|
|
|
[Then("the BFF rejects it as unauthorized")]
|
|
public void ThenUnauthorized()
|
|
{
|
|
Assert.Equal(HttpStatusCode.Unauthorized, _response!.StatusCode);
|
|
Assert.Null(_host.Domain.SubmittedBsn);
|
|
}
|
|
|
|
[Then("the response lists \"(.*)\" without exposing the BSN")]
|
|
public async Task ThenListsWithoutBsn(string zaakId)
|
|
{
|
|
Assert.Equal(HttpStatusCode.OK, _response!.StatusCode);
|
|
var body = await _response.Content.ReadAsStringAsync();
|
|
Assert.Contains(zaakId, body);
|
|
Assert.DoesNotContain("123456782", body);
|
|
}
|
|
|
|
public void Dispose()
|
|
{
|
|
_response?.Dispose();
|
|
_client?.Dispose();
|
|
_host.Dispose();
|
|
}
|
|
}
|