using System.Net; using System.Net.Http.Headers; using System.Net.Http.Json; namespace Bff.Tests; public class SelfServiceEndpointTests { private static HttpRequestMessage Submit(string? bearer) { var request = new HttpRequestMessage(HttpMethod.Post, "/self-service/registrations") { Content = JsonContent.Create(new { }), }; if (bearer is not null) request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", bearer); return request; } [Fact] public async Task Rejects_a_request_without_a_token() { using var factory = new BffFactory(); var client = factory.CreateClient(); var response = await client.SendAsync(Submit(bearer: null)); Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode); Assert.Null(factory.Domain.SubmittedBsn); } [Theory] [InlineData("not-a-jwt")] public async Task Rejects_a_malformed_token(string bearer) { using var factory = new BffFactory(); var response = await factory.CreateClient().SendAsync(Submit(bearer)); Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode); } [Fact] public async Task Rejects_a_token_signed_with_the_wrong_key() { using var factory = new BffFactory(); var response = await factory.CreateClient().SendAsync(Submit(TestTokens.WrongKey("123456782"))); Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode); } [Fact] public async Task Rejects_an_expired_token() { using var factory = new BffFactory(); var response = await factory.CreateClient().SendAsync(Submit(TestTokens.Expired("123456782"))); Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode); } [Fact] public async Task Accepts_a_valid_token_and_forwards_the_bsn_to_the_domain() { using var factory = new BffFactory(); var client = factory.CreateClient(); var response = await client.SendAsync(Submit(TestTokens.Valid("123456782"))); Assert.Equal(HttpStatusCode.Accepted, response.StatusCode); Assert.Equal("123456782", factory.Domain.SubmittedBsn); var body = await response.Content.ReadFromJsonAsync(); Assert.Equal("reg-123", body!.RegistrationId); } private sealed record SubmitAcceptedDto(string RegistrationId, string Status); }