Files
register-referentie/services/bff/Bff.Tests/SelfServiceEndpointTests.cs
Niek Otten 2397d9196a
Some checks failed
CI / build (push) Has been cancelled
CI / unit (push) Has been cancelled
CI / frontend (push) Has been cancelled
CI / mutation (push) Has been cancelled
CI / verify-stack (push) Has been cancelled
CI / lint (push) Has been cancelled
feat(bff): owner-scoped self-service withdraw endpoint (S-11c-1, refs #12) (#90)
## What & why

Third sub-slice of **S-11 · Withdrawal (Flow 3)** (#12) — the **owner-scoped BFF withdraw endpoint** (backend). S-11a/b made a withdrawal transition the aggregate and cancel the workflow; this adds the citizen-facing entry point through the BFF, gated to the registration's owner.

- **Domain**: `WithdrawRegistrationCommand` carries the caller's `bsn`; the handler returns a `WithdrawOutcome` and refuses a bsn that doesn't own the registration. Unknown and not-owned are **both 404** (indistinguishable — ownership isn't revealed). `POST /registrations/{id}/withdraw` takes `{bsn}` and maps the outcome (204/404).
- **BFF**: `POST /self-service/registrations/{id}/withdraw` (DigiD-authenticated) forwards the token's `bsn` to the domain and relays 204/404. The BFF authenticates; the domain owner-scopes (an aggregate invariant, not the domain doing auth).
- OpenAPI spec + Angular client regenerated for the new endpoint.
- `run-domain-check.sh` withdrawal step now sends the owner `bsn` (verify-stack).

Refs #12 — the self-service "trek aanvraag in" button + e2e (S-11c-2) closes it.

## Definition of Done

- [x] Linked Gitea issue (#12).
- [x] Failing tests committed before the implementation.
- [x] Implementation makes the tests pass.
- [x] Conventional Commits referencing the issue (`refs #12`).
- [ ] CI green — all Gitea Actions jobs.
- [x] `docker compose up` unaffected.
- [x] No ADR needed (owner-scoping is an aggregate invariant; no boundary change).
- [x] Docs — the user-visible demo note lands with S-11c-2.

## Notes for reviewers

- **Full local gate run before pushing this time** (lessons from #89): `dotnet format --verify-no-changes` clean; `make unit` green — Acl 27, EventSubscriber 19, BFF 30, Acceptance 9, Big 95; `api-client` lint+test green.
- Owner mismatch returns 404 (not 403) so the portal can't be used to probe which references exist.

Reviewed-on: #90
2026-07-16 12:20:43 +00:00

117 lines
3.9 KiB
C#

using System.Net;
using System.Net.Http.Headers;
using System.Net.Http.Json;
namespace Bff.Tests;
public class SelfServiceEndpointTests
{
private static HttpRequestMessage Submit(string? bearer)
{
var request = new HttpRequestMessage(HttpMethod.Post, "/self-service/registrations")
{
Content = JsonContent.Create(new { }),
};
if (bearer is not null)
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", bearer);
return request;
}
[Fact]
public async Task Rejects_a_request_without_a_token()
{
using var factory = new BffFactory();
var client = factory.CreateClient();
var response = await client.SendAsync(Submit(bearer: null));
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
Assert.Null(factory.Domain.SubmittedBsn);
}
[Theory]
[InlineData("not-a-jwt")]
public async Task Rejects_a_malformed_token(string bearer)
{
using var factory = new BffFactory();
var response = await factory.CreateClient().SendAsync(Submit(bearer));
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
}
[Fact]
public async Task Rejects_a_token_signed_with_the_wrong_key()
{
using var factory = new BffFactory();
var response = await factory.CreateClient().SendAsync(Submit(TestTokens.WrongKey("123456782")));
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
}
[Fact]
public async Task Rejects_an_expired_token()
{
using var factory = new BffFactory();
var response = await factory.CreateClient().SendAsync(Submit(TestTokens.Expired("123456782")));
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
}
[Fact]
public async Task Accepts_a_valid_token_and_forwards_the_bsn_to_the_domain()
{
using var factory = new BffFactory();
var client = factory.CreateClient();
var response = await client.SendAsync(Submit(TestTokens.Valid("123456782")));
Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
Assert.Equal("123456782", factory.Domain.SubmittedBsn);
var body = await response.Content.ReadFromJsonAsync<SubmitAcceptedDto>();
Assert.Equal("reg-123", body!.RegistrationId);
}
private static HttpRequestMessage Withdraw(string? bearer, string id = "reg-123")
{
var request = new HttpRequestMessage(HttpMethod.Post, $"/self-service/registrations/{id}/withdraw");
if (bearer is not null)
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", bearer);
return request;
}
[Fact]
public async Task Rejects_a_withdrawal_without_a_token()
{
using var factory = new BffFactory();
var response = await factory.CreateClient().SendAsync(Withdraw(bearer: null));
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
Assert.Null(factory.Domain.Withdrawn);
}
[Fact]
public async Task Withdraws_the_callers_registration_forwarding_the_id_and_bsn()
{
using var factory = new BffFactory();
var response = await factory.CreateClient().SendAsync(Withdraw(TestTokens.Valid("123456782"), "reg-9"));
Assert.Equal(HttpStatusCode.NoContent, response.StatusCode);
Assert.Equal(("reg-9", "123456782"), factory.Domain.Withdrawn);
}
[Fact]
public async Task Relays_not_found_when_the_registration_is_unknown_or_not_the_callers()
{
using var factory = new BffFactory();
factory.Domain.WithdrawSucceeds = false;
var response = await factory.CreateClient().SendAsync(Withdraw(TestTokens.Valid("123456782")));
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
}
private sealed record SubmitAcceptedDto(string RegistrationId, string Status);
}