def test_webhooksite_whitelisted(self):
KanaalFactory.create(
naam="zaken",
filters=["bron", "zaaktype", "vertrouwelijkheidaanduiding"])
KanaalFactory.create(naam="informatieobjecten", filters=[])
abonnement_create_url = get_operation_url("abonnement_create")
data = {
"callbackUrl":
"https://webhook.site/617ddec3-2eb3-4245-b55d-aa3ac8cbefa4",
"auth": "dummy",
"kanalen": [{
"naam": "zaken",
"filters": {}
}],
}
with requests_mock.mock() as m:
m.register_uri(
"POST",
"https://webhook.site/617ddec3-2eb3-4245-b55d-aa3ac8cbefa4",
status_code=204,
)
response = self.client.post(abonnement_create_url, data)
self.assertEqual(response.status_code, status.HTTP_201_CREATED,
response.data)
def test_notificaties_aanmaakdatum_in_future_fails(self):
KanaalFactory.create(naam="zaken")
notificatie_url = get_operation_url("notificaties_create")
data = {
"kanaal": "zaken",
"hoofdObject": "https://ref.tst.vng.cloud/zrc/api/v1/zaken/d7a22",
"resource": "status",
"resourceUrl":
"https://ref.tst.vng.cloud/zrc/api/v1/statussen/d7a22/721c9",
"actie": "create",
"aanmaakdatum": "2019-01-01T13:00:00Z",
"kenmerken": {
"bron": "082096752011",
"zaaktype": "example.com/api/v1/zaaktypen/5aa5c",
"vertrouwelijkheidaanduiding": "openbaar",
},
}
response = self.client.post(notificatie_url, data)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST,
response.data)
self.assertIn("aanmaakdatum", response.data)
error = response.data["aanmaakdatum"][0]
self.assertEqual(error.code, "future_not_allowed")
def test_notificatie_send_queue(self, mock_queue, mock_task):
"""
test /notificatie POST:
check if message was send to RabbitMQ
"""
KanaalFactory.create(naam="zaken")
notificatie_url = reverse(
"notificaties-list",
kwargs={"version": BASE_REST_FRAMEWORK["DEFAULT_VERSION"]},
)
request_data = {
"kanaal": "zaken",
"hoofdObject": "https://ref.tst.vng.cloud/zrc/api/v1/zaken/d7a22",
"resource": "status",
"resourceUrl":
"https://ref.tst.vng.cloud/zrc/api/v1/statussen/d7a22/721c9",
"actie": "create",
"aanmaakdatum": "2018-01-01T17:00:00Z",
"kenmerken": {
"bron": "082096752011",
"zaaktype": "example.com/api/v1/zaaktypen/5aa5c",
"vertrouwelijkheidaanduiding": "openbaar",
},
}
response = self.client.post(notificatie_url, request_data)
self.assertEqual(response.status_code, status.HTTP_201_CREATED,
response.data)
mock_queue.assert_called_with(
json.dumps(response.data, cls=DjangoJSONEncoder))
def test_abonnement_update_kanalen(self):
"""
test /abonnementen PUT:
update existent abonnement which has its kanaal via request which contains another kanaal
check if relation between abonnement and previous kanalen was removed
check if relation between abonnement and new kanaal was created
"""
abonnement = AbonnementFactory.create(client_id="testsuite")
kanaal_foo = KanaalFactory.create(
naam="foo",
filters=["bron", "zaaktype", "vertrouwelijkheidaanduiding"])
KanaalFactory.create(
naam="zaken",
filters=["bron", "zaaktype", "vertrouwelijkheidaanduiding"])
abonnement.kanalen.add(kanaal_foo)
data = {
"callbackUrl":
"https://other.url/callbacks",
"auth":
"Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImNsaWVudF9pZG"
"VudGlmaWVyIjoienJjIn0.eyJpc3MiOiJ6cmMiLCJpYXQiOjE1NTI5OTM"
"4MjcsInpkcyI6eyJzY29wZXMiOlsiemRzLnNjb3Blcy56YWtlbi5hYW5t"
"YWtlbiJdLCJ6YWFrdHlwZXMiOlsiaHR0cDovL3p0Yy5ubC9hcGkvdjEve"
"mFha3R5cGUvMTIzNCJdfX0.NHcWwoRYMuZ5IoUAWUs2lZFxLVLGhIDnU_"
"LWTjyGCD4",
"kanalen": [{
"naam": "zaken",
"filters": {
"bron": "082096752011",
"zaaktype": "example.com/api/v1/zaaktypen/5aa5c",
"vertrouwelijkheidaanduiding": "*",
},
}],
}
abonnement_update_url = get_operation_url("abonnement_update",
uuid=abonnement.uuid)
with requests_mock.mock() as m:
m.register_uri("POST",
"https://other.url/callbacks",
status_code=204)
response = self.client.put(abonnement_update_url, data)
self.assertEqual(response.status_code, status.HTTP_200_OK,
response.data)
data = response.json()
kanalen = abonnement.kanalen
self.assertEqual(len(kanalen), 1)
self.assertEqual(kanalen.pop().naam, "zaken")
def test_abonnementen_invalid_callback_url(self):
KanaalFactory.create(
naam="zaken",
filters=["bron", "zaaktype", "vertrouwelijkheidaanduiding"])
KanaalFactory.create(naam="informatieobjecten", filters=[])
abonnement_create_url = get_operation_url("abonnement_create")
data = {
"callbackUrl":
"https://some-non-existent-url.com/",
"auth":
"Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImNsaWVudF9pZG"
"VudGlmaWVyIjoienJjIn0.eyJpc3MiOiJ6cmMiLCJpYXQiOjE1NTI5OTM"
"4MjcsInpkcyI6eyJzY29wZXMiOlsiemRzLnNjb3Blcy56YWtlbi5hYW5t"
"YWtlbiJdLCJ6YWFrdHlwZXMiOlsiaHR0cDovL3p0Yy5ubC9hcGkvdjEve"
"mFha3R5cGUvMTIzNCJdfX0.NHcWwoRYMuZ5IoUAWUs2lZFxLVLGhIDnU_"
"LWTjyGCD4",
"kanalen": [
{
"naam": "zaken",
"filters": {
"bron": "082096752011",
"zaaktype": "example.com/api/v1/zaaktypen/5aa5c",
"vertrouwelijkheidaanduiding": "*",
},
},
{
"naam": "informatieobjecten",
"filters": {
"bron": "082096752011"
}
},
],
}
with requests_mock.mock() as m:
# Let callback url return 201 instead of required 204 when
# sending a notification
m.register_uri("POST",
"https://some-non-existent-url.com/",
status_code=201)
response = self.client.post(abonnement_create_url, data)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST,
response.data)
error = get_validation_errors(response, "nonFieldErrors")
self.assertEqual(error["code"], "invalid-callback-url")
def test_read_superuser(self):
"""
superuser read everything
"""
self.applicatie.heeft_alle_autorisaties = True
self.applicatie.save()
KanaalFactory.create()
url = reverse("kanaal-list")
response = self.client.get(url)
self.assertEqual(response.status_code, status.HTTP_200_OK)
response_data = response.json()
self.assertEqual(len(response_data), 1)
def test_abonnementen_create_inconsistent_filters(self):
"""
test /abonnementen POST:
create abonnement with filters inconsistent with kanaal filters
check if response contains status 400
"""
KanaalFactory.create(naam="zaken")
abonnement_create_url = get_operation_url("abonnement_create")
data = {
"callbackUrl":
"https://ref.tst.vng.cloud/zrc/api/v1/callbacks",
"auth":
"Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImNsaWVudF9pZG"
"VudGlmaWVyIjoienJjIn0.eyJpc3MiOiJ6cmMiLCJpYXQiOjE1NTI5OTM"
"4MjcsInpkcyI6eyJzY29wZXMiOlsiemRzLnNjb3Blcy56YWtlbi5hYW5t"
"YWtlbiJdLCJ6YWFrdHlwZXMiOlsiaHR0cDovL3p0Yy5ubC9hcGkvdjEve"
"mFha3R5cGUvMTIzNCJdfX0.NHcWwoRYMuZ5IoUAWUs2lZFxLVLGhIDnU_"
"LWTjyGCD4",
"kanalen": [{
"naam": "zaken",
"filters": {
"bron": "082096752011",
"zaaktype": "example.com/api/v1/zaaktypen/5aa5c",
"vertrouwelijkheidaanduiding": "*",
},
}],
}
with requests_mock.mock() as m:
m.register_uri(
"POST",
"https://ref.tst.vng.cloud/zrc/api/v1/callbacks",
status_code=204,
)
response = self.client.post(abonnement_create_url, data)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
validation_error = get_validation_errors(response, "filters")
self.assertEqual(validation_error["code"],
"inconsistent-abonnement-filters")
def test_kanaal_list(self):
"""
Assert you can only list kanaalen of the kanaaltypes of your authorization
"""
KanaalFactory.create()
url = reverse("kanaal-list")
for scope in [
SCOPE_NOTIFICATIES_CONSUMEREN, SCOPE_NOTIFICATIES_PUBLICEREN
]:
with self.subTest(scope=scope):
self.autorisatie.scopes = [scope]
self.autorisatie.save()
response = self.client.get(url)
self.assertEqual(response.status_code, status.HTTP_200_OK)
results = response.data
self.assertEqual(len(results), 1)
def test_cannot_read_without_correct_scope(self):
abonnement = AbonnementFactory.create()
kanaal = KanaalFactory.create()
urls = [
reverse("abonnement-list"),
reverse(abonnement),
reverse("kanaal-list"),
reverse(kanaal),
]
for url in urls:
with self.subTest(url=url):
self.assertForbidden(url, method="get")
def test_kanaal_retreive(self):
"""
Assert you can only read kanaalen of the kanaaltypes of your authorization
"""
kanaal = KanaalFactory.create()
url = reverse(kanaal)
for scope in [
SCOPE_NOTIFICATIES_CONSUMEREN, SCOPE_NOTIFICATIES_PUBLICEREN
]:
with self.subTest(scope=scope):
self.autorisatie.scopes = [scope]
self.autorisatie.save()
response1 = self.client.get(url)
self.assertEqual(response1.status_code, status.HTTP_200_OK)
def test_notificatie_send_success(self, mock_task):
"""
test /notificatie POST:
check if message was send to subscribers callbackUrls
"""
kanaal = KanaalFactory.create(
naam="zaken",
filters=["bron", "zaaktype", "vertrouwelijkheidaanduiding"])
abon = AbonnementFactory.create(
callback_url="https://example.com/callback")
filter_group = FilterGroupFactory.create(kanaal=kanaal,
abonnement=abon)
FilterFactory.create(filter_group=filter_group,
key="bron",
value="082096752011")
notificatie_url = reverse(
"notificaties-list",
kwargs={"version": BASE_REST_FRAMEWORK["DEFAULT_VERSION"]},
)
msg = {
"kanaal": "zaken",
"hoofdObject": "https://ref.tst.vng.cloud/zrc/api/v1/zaken/d7a22",
"resource": "status",
"resourceUrl":
"https://ref.tst.vng.cloud/zrc/api/v1/statussen/d7a22/721c9",
"actie": "create",
"aanmaakdatum": now(),
"kenmerken": {
"bron": "082096752011",
"zaaktype": "example.com/api/v1/zaaktypen/5aa5c",
"vertrouwelijkheidaanduiding": "openbaar",
},
}
response = self.client.post(notificatie_url, msg)
self.assertEqual(response.status_code, status.HTTP_201_CREATED,
response.data)
self.assertEqual(Notificatie.objects.count(), 1)
mock_task.assert_called_once_with(
abon.id, msg, notificatie_id=Notificatie.objects.get().id)
def test_notificatie_send_inconsistent_kenmerken(self, mock_task):
"""
test /notificatie POST:
send message with kenmekren inconsistent with kanaal filters
check if response contains status 400
"""
kanaal = KanaalFactory.create(naam="zaken")
abon = AbonnementFactory.create(
callback_url="https://example.com/callback")
filter_group = FilterGroupFactory.create(kanaal=kanaal,
abonnement=abon)
FilterFactory.create(filter_group=filter_group,
key="bron",
value="082096752011")
notificatie_url = reverse(
"notificaties-list",
kwargs={"version": BASE_REST_FRAMEWORK["DEFAULT_VERSION"]},
)
request_data = {
"kanaal": "zaken",
"hoofdObject": "https://ref.tst.vng.cloud/zrc/api/v1/zaken/d7a22",
"resource": "status",
"resourceUrl":
"https://ref.tst.vng.cloud/zrc/api/v1/statussen/d7a22/721c9",
"actie": "create",
"aanmaakdatum": "2018-01-01T17:00:00Z",
"kenmerken": {
"bron": "082096752011",
"zaaktype": "example.com/api/v1/zaaktypen/5aa5c",
"vertrouwelijkheidaanduiding": "openbaar",
},
}
response = self.client.post(notificatie_url, request_data)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
validation_error = response.data["kenmerken"][0]
self.assertEqual(validation_error.code, "kenmerken_inconsistent")
mock_task.assert_not_called()
def test_kanaal_filter_naam(self):
"""
test /kanaal GET with query param (naam):
check if filtering via query params is correct
"""
kanaal1, kanaal2 = KanaalFactory.create_batch(2)
assert kanaal1.naam != kanaal2.naam
kanaal1_url = get_operation_url("kanaal_read", uuid=kanaal1.uuid)
kanaal2_url = get_operation_url("kanaal_read", uuid=kanaal2.uuid)
list_url = get_operation_url("kanaal_list")
response = self.client.get(list_url, {"naam": kanaal1.naam})
self.assertEqual(response.status_code, status.HTTP_200_OK)
data = response.json()
self.assertEqual(len(data), 1)
self.assertEqual(response.data[0]["url"],
f"http://testserver{kanaal1_url}")
self.assertNotEqual(response.data[0]["url"],
f"http://testserver{kanaal2_url}")
def test_abonnementen_create(self):
"""
test /abonnementen POST:
create abonnement with nested kanalen and nested filters via POST request
check if data were parsed to models correctly
"""
KanaalFactory.create(
naam="zaken", filters=["bron", "zaaktype", "vertrouwelijkheidaanduiding"]
)
KanaalFactory.create(naam="informatieobjecten", filters=[])
abonnement_create_url = get_operation_url("abonnement_create")
data = {
"callbackUrl": "https://ref.tst.vng.cloud/zrc/api/v1/callbacks",
"auth": "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImNsaWVudF9pZG"
"VudGlmaWVyIjoienJjIn0.eyJpc3MiOiJ6cmMiLCJpYXQiOjE1NTI5OTM"
"4MjcsInpkcyI6eyJzY29wZXMiOlsiemRzLnNjb3Blcy56YWtlbi5hYW5t"
"YWtlbiJdLCJ6YWFrdHlwZXMiOlsiaHR0cDovL3p0Yy5ubC9hcGkvdjEve"
"mFha3R5cGUvMTIzNCJdfX0.NHcWwoRYMuZ5IoUAWUs2lZFxLVLGhIDnU_"
"LWTjyGCD4",
"kanalen": [
{
"naam": "zaken",
"filters": {
"bron": "082096752011",
"zaaktype": "example.com/api/v1/zaaktypen/5aa5c",
"vertrouwelijkheidaanduiding": "*",
},
},
{"naam": "informatieobjecten", "filters": {"bron": "082096752011"}},
],
}
with requests_mock.mock() as m:
m.register_uri(
"POST",
"https://ref.tst.vng.cloud/zrc/api/v1/callbacks",
status_code=204,
)
response = self.client.post(abonnement_create_url, data)
self.assertEqual(response.status_code, status.HTTP_201_CREATED, response.data)
# check parsing to models
data = response.json()
abon = Abonnement.objects.get()
filter_group = abon.filter_groups.all().order_by("id")[0]
filters = filter_group.filters.all().order_by("id")
filters_str = [str(f) for f in filters]
self.assertEqual(Abonnement.objects.count(), 1)
self.assertEqual(Kanaal.objects.count(), 2)
self.assertEqual(FilterGroup.objects.count(), 2)
self.assertEqual(Filter.objects.count(), 4)
self.assertEqual(
abon.callback_url, "https://ref.tst.vng.cloud/zrc/api/v1/callbacks"
)
self.assertEqual(filter_group.kanaal.naam, "zaken")
self.assertEqual(
filters_str,
[
"bron: 082096752011",
"zaaktype: example.com/api/v1/zaaktypen/5aa5c",
"vertrouwelijkheidaanduiding: *",
],
)