def test_read_superuser(self):
"""
superuser read everything
"""
self.applicatie.heeft_alle_autorisaties = True
self.applicatie.save()
AbonnementFactory.create()
url = reverse('abonnement-list')
response = self.client.get(url)
self.assertEqual(response.status_code, status.HTTP_200_OK)
response_data = response.json()
self.assertEqual(len(response_data), 1)
def test_notificatie_task_send_abonnement(self):
"""
test /notificatie POST:
check if message was send to subscribers callbackUrls
"""
abon = AbonnementFactory.create()
notif = NotificatieFactory.create()
msg = {
"kanaal": "zaken",
"hoofdObject": "https://ref.tst.vng.cloud/zrc/api/v1/zaken/d7a22",
"resource": "status",
"resourceUrl":
"https://ref.tst.vng.cloud/zrc/api/v1/statussen/d7a22/721c9",
"actie": "create",
"aanmaakdatum": "2018-01-01T17:00:00Z",
"kenmerken": {
"bron": "082096752011",
"zaaktype": "example.com/api/v1/zaaktypen/5aa5c",
"vertrouwelijkheidaanduiding": "openbaar"
}
}
with requests_mock.mock() as m:
m.post(abon.callback_url)
deliver_message(abon.id, msg, notif.id)
self.assertEqual(m.last_request.url, abon.callback_url)
self.assertEqual(m.last_request.json(), msg)
self.assertEqual(m.last_request.headers['Content-Type'],
'application/json')
self.assertEqual(m.last_request.headers['Authorization'], abon.auth)
def test_delete_scope_ok(self):
abonnement = AbonnementFactory.create(client_id='testsuite')
self.autorisatie.scopes = [SCOPE_NOTIFICATIES_CONSUMEREN]
self.autorisatie.save()
url = reverse(abonnement)
response = self.client.delete(url)
self.assertNotEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_update_scope_ok(self):
abonnement = AbonnementFactory.create(client_id='testsuite')
self.autorisatie.scopes = [SCOPE_NOTIFICATIES_CONSUMEREN]
self.autorisatie.save()
url = reverse(abonnement)
for method in ['put', 'patch']:
with self.subTest(method=method):
response = getattr(self.client, method)(url)
self.assertNotEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_abonnement_list_different_clientid(self):
"""
test /abonnementen LIST:
check if LIST action is allowed for other client-id
"""
abonnement1 = AbonnementFactory.create()
abonnement2 = AbonnementFactory.create()
assert abonnement1.client_id != 'testsuite'
assert abonnement2.client_id != 'testsuite'
url = get_operation_url('abonnement_list')
response = self.client.get(url)
self.assertEqual(response.status_code, status.HTTP_200_OK, response.data)
data = response.json()
self.assertEqual(len(data), 2)
self.assertEqual(data[0]['callbackUrl'], abonnement1.callback_url)
self.assertEqual(data[1]['callbackUrl'], abonnement2.callback_url)
def test_abonnement_destroy(self):
"""
test /abonnementen DELETE:
check if destroy action is supported
"""
abonnement = AbonnementFactory.create(client_id='testsuite')
abonnement_url = get_operation_url('abonnement_read', uuid=abonnement.uuid)
response = self.client.delete(abonnement_url)
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
def test_abonnement_list(self):
"""
Assert you can only list Abonnementen of the abonnementtypes of your authorization
"""
AbonnementFactory.create()
url = reverse('abonnement-list')
for scope in [
SCOPE_NOTIFICATIES_CONSUMEREN, SCOPE_NOTIFICATIES_PUBLICEREN
]:
with self.subTest(scope=scope):
self.autorisatie.scopes = [scope]
self.autorisatie.save()
response = self.client.get(url)
self.assertEqual(response.status_code, status.HTTP_200_OK)
results = response.data
self.assertEqual(len(results), 1)
def test_abonnement_destroy_different_clientid(self):
"""
test /abonnementen DELETE:
check if destroy action is not allowed for other client-id
"""
abonnement = AbonnementFactory.create()
assert abonnement != 'testsuite'
abonnement_url = get_operation_url('abonnement_read', uuid=abonnement.uuid)
response = self.client.delete(abonnement_url)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_cannot_read_without_correct_scope(self):
abonnement = AbonnementFactory.create()
kanaal = KanaalFactory.create()
urls = [
reverse('abonnement-list'),
reverse(abonnement),
reverse('kanaal-list'),
reverse(kanaal),
]
for url in urls:
with self.subTest(url=url):
self.assertForbidden(url, method='get')
def test_abonnement_retreive(self):
"""
Assert you can only read Abonnementen of the abonnementtypes of your authorization
"""
abonnement = AbonnementFactory.create()
url = reverse(abonnement)
for scope in [
SCOPE_NOTIFICATIES_CONSUMEREN, SCOPE_NOTIFICATIES_PUBLICEREN
]:
with self.subTest(scope=scope):
self.autorisatie.scopes = [scope]
self.autorisatie.save()
response1 = self.client.get(url)
self.assertEqual(response1.status_code, status.HTTP_200_OK)
def test_abonnement_read_different_clientid(self):
"""
test /abonnementen READ:
check if READ action is allowed for other client-id
"""
abonnement = AbonnementFactory.create()
assert abonnement.client_id != 'testsuite'
abonnement_url = get_operation_url('abonnement_read', uuid=abonnement.uuid)
response = self.client.get(abonnement_url)
self.assertEqual(response.status_code, status.HTTP_200_OK, response.data)
data = response.json()
self.assertEqual(data['url'], f'http://testserver{abonnement_url}')
self.assertEqual(data['callbackUrl'], abonnement.callback_url)
def test_notificatie_send_success(self, mock_task):
"""
test /notificatie POST:
check if message was send to subscribers callbackUrls
"""
kanaal = KanaalFactory.create(
naam='zaken',
filters=['bron', 'zaaktype', 'vertrouwelijkheidaanduiding'])
abon = AbonnementFactory.create(
callback_url='https://example.com/callback')
filter_group = FilterGroupFactory.create(kanaal=kanaal,
abonnement=abon)
FilterFactory.create(filter_group=filter_group,
key='bron',
value='082096752011')
notificatie_url = reverse(
'notificaties-list',
kwargs={'version': BASE_REST_FRAMEWORK['DEFAULT_VERSION']})
msg = {
"kanaal": "zaken",
"hoofdObject": "https://ref.tst.vng.cloud/zrc/api/v1/zaken/d7a22",
"resource": "status",
"resourceUrl":
"https://ref.tst.vng.cloud/zrc/api/v1/statussen/d7a22/721c9",
"actie": "create",
"aanmaakdatum": now(),
"kenmerken": {
"bron": "082096752011",
"zaaktype": "example.com/api/v1/zaaktypen/5aa5c",
"vertrouwelijkheidaanduiding": "openbaar",
}
}
response = self.client.post(notificatie_url, msg)
self.assertEqual(response.status_code, status.HTTP_201_CREATED,
response.data)
self.assertEqual(Notificatie.objects.count(), 1)
mock_task.assert_called_once_with(abon.id, msg,
Notificatie.objects.get().id)
def test_abonnement_update_different_client_id(self):
"""
test /abonnementen UPDATE:
check if READ action is allowed for other client-id
"""
abonnement = AbonnementFactory.create()
assert abonnement.client_id != 'testsuite'
data = {
"callbackUrl": "https://other.url/callbacks",
"auth": "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImNsaWVudF9pZG"
"VudGlmaWVyIjoienJjIn0.eyJpc3MiOiJ6cmMiLCJpYXQiOjE1NTI5OTM"
"4MjcsInpkcyI6eyJzY29wZXMiOlsiemRzLnNjb3Blcy56YWtlbi5hYW5t"
"YWtlbiJdLCJ6YWFrdHlwZXMiOlsiaHR0cDovL3p0Yy5ubC9hcGkvdjEve"
"mFha3R5cGUvMTIzNCJdfX0.NHcWwoRYMuZ5IoUAWUs2lZFxLVLGhIDnU_"
"LWTjyGCD4"
}
abonnement_url = get_operation_url('abonnement_update', uuid=abonnement.uuid)
response = self.client.put(abonnement_url, data)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_notificatie_send_inconsistent_kenmerken(self, mock_task):
"""
test /notificatie POST:
send message with kenmekren inconsistent with kanaal filters
check if response contains status 400
"""
kanaal = KanaalFactory.create(naam='zaken')
abon = AbonnementFactory.create(
callback_url='https://example.com/callback')
filter_group = FilterGroupFactory.create(kanaal=kanaal,
abonnement=abon)
FilterFactory.create(filter_group=filter_group,
key='bron',
value='082096752011')
notificatie_url = reverse(
'notificaties-list',
kwargs={'version': BASE_REST_FRAMEWORK['DEFAULT_VERSION']})
request_data = {
"kanaal": "zaken",
"hoofdObject": "https://ref.tst.vng.cloud/zrc/api/v1/zaken/d7a22",
"resource": "status",
"resourceUrl":
"https://ref.tst.vng.cloud/zrc/api/v1/statussen/d7a22/721c9",
"actie": "create",
"aanmaakdatum": "2018-01-01T17:00:00Z",
"kenmerken": {
"bron": "082096752011",
"zaaktype": "example.com/api/v1/zaaktypen/5aa5c",
"vertrouwelijkheidaanduiding": "openbaar"
}
}
response = self.client.post(notificatie_url, request_data)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
validation_error = response.data['kenmerken'][0]
self.assertEqual(validation_error.code, 'kenmerken_inconsistent')
mock_task.assert_not_called()
def test_abonnement_update_kanalen(self):
"""
test /abonnementen PUT:
update existent abonnement which has its kanaal via request which contains another kanaal
check if relation between abonnement and previous kanalen was removed
check if relation between abonnement and new kanaal was created
"""
abonnement = AbonnementFactory.create(client_id='testsuite')
kanaal_foo = KanaalFactory.create(naam='foo', filters=['bron', 'zaaktype', 'vertrouwelijkheidaanduiding'])
KanaalFactory.create(naam='zaken', filters=['bron', 'zaaktype', 'vertrouwelijkheidaanduiding'])
abonnement.kanalen.add(kanaal_foo)
data = {
"callbackUrl": "https://other.url/callbacks",
"auth": "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImNsaWVudF9pZG"
"VudGlmaWVyIjoienJjIn0.eyJpc3MiOiJ6cmMiLCJpYXQiOjE1NTI5OTM"
"4MjcsInpkcyI6eyJzY29wZXMiOlsiemRzLnNjb3Blcy56YWtlbi5hYW5t"
"YWtlbiJdLCJ6YWFrdHlwZXMiOlsiaHR0cDovL3p0Yy5ubC9hcGkvdjEve"
"mFha3R5cGUvMTIzNCJdfX0.NHcWwoRYMuZ5IoUAWUs2lZFxLVLGhIDnU_"
"LWTjyGCD4",
"kanalen": [{
"naam": "zaken",
"filters": {
"bron": "082096752011",
"zaaktype": "example.com/api/v1/zaaktypen/5aa5c",
"vertrouwelijkheidaanduiding": "*"
}
}]
}
abonnement_update_url = get_operation_url('abonnement_update', uuid=abonnement.uuid)
response = self.client.put(abonnement_update_url, data)
self.assertEqual(response.status_code, status.HTTP_200_OK, response.data)
data = response.json()
kanalen = abonnement.kanalen
self.assertEqual(len(kanalen), 1)
self.assertEqual(kanalen.pop().naam, 'zaken')
def test_notificatie_log_exception(self):
"""
test /notificatie POST:
check if message was send to subscribers callbackUrls
"""
abon = AbonnementFactory.create()
notif = NotificatieFactory.create()
request_data = {
"kanaal": "zaken",
"hoofdObject": "https://ref.tst.vng.cloud/zrc/api/v1/zaken/d7a22",
"resource": "status",
"resourceUrl":
"https://ref.tst.vng.cloud/zrc/api/v1/statussen/d7a22/721c9",
"actie": "create",
"aanmaakdatum": "2018-01-01T17:00:00Z",
"kenmerken": {
"bron": "082096752011",
"zaaktype": "example.com/api/v1/zaaktypen/5aa5c",
"vertrouwelijkheidaanduiding": "openbaar"
}
}
msg = json.dumps(request_data, cls=DjangoJSONEncoder)
with requests_mock.mock() as m:
m.post(abon.callback_url,
exc=requests.exceptions.ConnectTimeout('Timeout exception'))
deliver_message(abon.id, msg, notif.id)
self.assertEqual(NotificatieResponse.objects.count(), 1)
notif_response = NotificatieResponse.objects.get()
self.assertEqual(notif_response.exception, 'Timeout exception')