using System.Net; using System.Net.Http.Headers; using System.Net.Http.Json; using Acceptance.Support; using Bff.Api; using Reqnroll; using Xunit; namespace Acceptance.Steps; /// Bindings for BffToegang.feature (S-07). Drives the real BFF over HTTP with a /// fake domain + projection and locally-minted tokens (ADR-0010). One host per scenario. [Binding] public sealed class BffToegangSteps : IDisposable { private readonly BffAcceptanceHost _host = new(); private HttpClient _client = null!; private string? _token; private HttpResponseMessage? _response; [Given("a zorgprofessional with a valid DigiD token for BSN \"(.*)\"")] public void GivenAValidToken(string bsn) { _token = BffAcceptanceHost.MintToken(bsn); _client = _host.CreateClient(); } [Given("a caller without a token")] public void GivenNoToken() => _client = _host.CreateClient(); [Given("the projection contains a zaak \"(.*)\" for BSN \"(.*)\"")] public void GivenTheProjectionContains(string zaakId, string bsn) { _host.Projection.Entries.Add(new ProjectionEntry(zaakId, "INGEDIEND", bsn, null)); _client = _host.CreateClient(); } [When("they submit a registration via the BFF")] public async Task WhenTheySubmit() { var request = new HttpRequestMessage(HttpMethod.Post, "/self-service/registrations") { Content = JsonContent.Create(new { }), }; if (_token is not null) request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", _token); _response = await _client.SendAsync(request); } [When("the openbaar register is queried anonymously")] public async Task WhenTheOpenbaarRegisterIsQueried() => _response = await _client.GetAsync("/openbaar/register"); [Then("the BFF accepts it and forwards BSN \"(.*)\" to the domain")] public void ThenAcceptedAndForwarded(string bsn) { Assert.Equal(HttpStatusCode.Accepted, _response!.StatusCode); Assert.Equal(bsn, _host.Domain.SubmittedBsn); } [Then("the BFF rejects it as unauthorized")] public void ThenUnauthorized() { Assert.Equal(HttpStatusCode.Unauthorized, _response!.StatusCode); Assert.Null(_host.Domain.SubmittedBsn); } [Then("the response lists \"(.*)\" without exposing the BSN")] public async Task ThenListsWithoutBsn(string zaakId) { Assert.Equal(HttpStatusCode.OK, _response!.StatusCode); var body = await _response.Content.ReadAsStringAsync(); Assert.Contains(zaakId, body); Assert.DoesNotContain("123456782", body); } public void Dispose() { _response?.Dispose(); _client?.Dispose(); _host.Dispose(); } }