From 86abe7b5b8ba8f469e37b0abce0c92e7f8b26df4 Mon Sep 17 00:00:00 2001 From: Steven Bal Date: Tue, 5 Nov 2024 15:21:53 +0100 Subject: [PATCH] :white_check_mark: [#4398] Update object ownership tests with log checks --- ...without_options_does_not_raise_error.yaml} | 6 +- ...ends_configured_does_not_raise_error.yaml} | 6 +- ...ests.test_user_is_not_owner_of_object.yaml | 6 +- ...owner_of_object_nested_auth_attribute.yaml | 14 +- ...torTests.test_user_is_owner_of_object.yaml | 6 +- .../setUpTestData.yaml | 8 +- .../tests/test_ownership_validation.py | 41 ++- ..._if_initial_data_reference_specified.yaml} | 6 +- .../setUpTestData.yaml | 8 +- ...nTests.test_prefill_values_happy_flow.yaml | 73 +++++- ...efill_values_when_reference_not_found.yaml | 50 +++- ...s_when_reference_returns_empty_values.yaml | 68 ++++- .../test_initial_data_ownership_validation.py | 235 ++++++++++-------- .../contrib/objects_api/tests/test_prefill.py | 7 +- .../test_initial_data_ownership_validation.py | 215 +++++++++------- 15 files changed, 488 insertions(+), 261 deletions(-) rename src/openforms/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIInitialDataOwnershipValidatorTests/{ObjectsAPIInitialDataOwnershipValidatorTests.test_backend_without_options_raises_error.yaml => ObjectsAPIInitialDataOwnershipValidatorTests.test_backend_without_options_does_not_raise_error.yaml} (70%) rename src/openforms/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIInitialDataOwnershipValidatorTests/{ObjectsAPIInitialDataOwnershipValidatorTests.test_no_backends_configured_raises_error.yaml => ObjectsAPIInitialDataOwnershipValidatorTests.test_no_backends_configured_does_not_raise_error.yaml} (70%) rename src/openforms/prefill/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIPrefillDataOwnershipCheckTests/{ObjectsAPIPrefillDataOwnershipCheckTests.test_verify_initial_data_ownership.yaml => ObjectsAPIPrefillDataOwnershipCheckTests.test_verify_initial_data_ownership_called_if_initial_data_reference_specified.yaml} (70%) diff --git a/src/openforms/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIInitialDataOwnershipValidatorTests/ObjectsAPIInitialDataOwnershipValidatorTests.test_backend_without_options_raises_error.yaml b/src/openforms/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIInitialDataOwnershipValidatorTests/ObjectsAPIInitialDataOwnershipValidatorTests.test_backend_without_options_does_not_raise_error.yaml similarity index 70% rename from src/openforms/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIInitialDataOwnershipValidatorTests/ObjectsAPIInitialDataOwnershipValidatorTests.test_backend_without_options_raises_error.yaml rename to src/openforms/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIInitialDataOwnershipValidatorTests/ObjectsAPIInitialDataOwnershipValidatorTests.test_backend_without_options_does_not_raise_error.yaml index ed0647d985..fe396c8123 100644 --- a/src/openforms/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIInitialDataOwnershipValidatorTests/ObjectsAPIInitialDataOwnershipValidatorTests.test_backend_without_options_raises_error.yaml +++ b/src/openforms/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIInitialDataOwnershipValidatorTests/ObjectsAPIInitialDataOwnershipValidatorTests.test_backend_without_options_does_not_raise_error.yaml @@ -15,10 +15,10 @@ interactions: User-Agent: - python-requests/2.32.2 method: GET - uri: http://localhost:8002/api/v2/objects/d36124c0-752e-48a7-a724-bf3241a2e646 + uri: http://localhost:8002/api/v2/objects/300e61aa-e150-459c-aa30-d3f0fe4f5506 response: body: - string: '{"url":"http://objects-web:8000/api/v2/objects/d36124c0-752e-48a7-a724-bf3241a2e646","uuid":"d36124c0-752e-48a7-a724-bf3241a2e646","type":"http://objecttypes-web:8000/api/v2/objecttypes/8faed0fa-7864-4409-aa6d-533a37616a9e","record":{"index":1,"typeVersion":1,"data":{"bsn":"111222333","foo":"bar"},"geometry":null,"startAt":"2024-10-29","endAt":null,"registrationAt":"2024-10-29","correctionFor":null,"correctedBy":null}}' + string: '{"url":"http://objects-web:8000/api/v2/objects/300e61aa-e150-459c-aa30-d3f0fe4f5506","uuid":"300e61aa-e150-459c-aa30-d3f0fe4f5506","type":"http://objecttypes-web:8000/api/v2/objecttypes/8faed0fa-7864-4409-aa6d-533a37616a9e","record":{"index":1,"typeVersion":1,"data":{"bsn":"111222333","foo":"bar"},"geometry":null,"startAt":"2024-11-05","endAt":null,"registrationAt":"2024-11-05","correctionFor":null,"correctedBy":null}}' headers: Allow: - GET, PUT, PATCH, DELETE, HEAD, OPTIONS @@ -33,7 +33,7 @@ interactions: Cross-Origin-Opener-Policy: - same-origin Date: - - Mon, 04 Nov 2024 12:48:04 GMT + - Tue, 05 Nov 2024 14:28:43 GMT Referrer-Policy: - same-origin Server: diff --git a/src/openforms/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIInitialDataOwnershipValidatorTests/ObjectsAPIInitialDataOwnershipValidatorTests.test_no_backends_configured_raises_error.yaml b/src/openforms/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIInitialDataOwnershipValidatorTests/ObjectsAPIInitialDataOwnershipValidatorTests.test_no_backends_configured_does_not_raise_error.yaml similarity index 70% rename from src/openforms/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIInitialDataOwnershipValidatorTests/ObjectsAPIInitialDataOwnershipValidatorTests.test_no_backends_configured_raises_error.yaml rename to src/openforms/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIInitialDataOwnershipValidatorTests/ObjectsAPIInitialDataOwnershipValidatorTests.test_no_backends_configured_does_not_raise_error.yaml index ed0647d985..fe396c8123 100644 --- a/src/openforms/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIInitialDataOwnershipValidatorTests/ObjectsAPIInitialDataOwnershipValidatorTests.test_no_backends_configured_raises_error.yaml +++ b/src/openforms/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIInitialDataOwnershipValidatorTests/ObjectsAPIInitialDataOwnershipValidatorTests.test_no_backends_configured_does_not_raise_error.yaml @@ -15,10 +15,10 @@ interactions: User-Agent: - python-requests/2.32.2 method: GET - uri: http://localhost:8002/api/v2/objects/d36124c0-752e-48a7-a724-bf3241a2e646 + uri: http://localhost:8002/api/v2/objects/300e61aa-e150-459c-aa30-d3f0fe4f5506 response: body: - string: '{"url":"http://objects-web:8000/api/v2/objects/d36124c0-752e-48a7-a724-bf3241a2e646","uuid":"d36124c0-752e-48a7-a724-bf3241a2e646","type":"http://objecttypes-web:8000/api/v2/objecttypes/8faed0fa-7864-4409-aa6d-533a37616a9e","record":{"index":1,"typeVersion":1,"data":{"bsn":"111222333","foo":"bar"},"geometry":null,"startAt":"2024-10-29","endAt":null,"registrationAt":"2024-10-29","correctionFor":null,"correctedBy":null}}' + string: '{"url":"http://objects-web:8000/api/v2/objects/300e61aa-e150-459c-aa30-d3f0fe4f5506","uuid":"300e61aa-e150-459c-aa30-d3f0fe4f5506","type":"http://objecttypes-web:8000/api/v2/objecttypes/8faed0fa-7864-4409-aa6d-533a37616a9e","record":{"index":1,"typeVersion":1,"data":{"bsn":"111222333","foo":"bar"},"geometry":null,"startAt":"2024-11-05","endAt":null,"registrationAt":"2024-11-05","correctionFor":null,"correctedBy":null}}' headers: Allow: - GET, PUT, PATCH, DELETE, HEAD, OPTIONS @@ -33,7 +33,7 @@ interactions: Cross-Origin-Opener-Policy: - same-origin Date: - - Mon, 04 Nov 2024 12:48:04 GMT + - Tue, 05 Nov 2024 14:28:43 GMT Referrer-Policy: - same-origin Server: diff --git a/src/openforms/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIInitialDataOwnershipValidatorTests/ObjectsAPIInitialDataOwnershipValidatorTests.test_user_is_not_owner_of_object.yaml b/src/openforms/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIInitialDataOwnershipValidatorTests/ObjectsAPIInitialDataOwnershipValidatorTests.test_user_is_not_owner_of_object.yaml index 332c63e9ec..9422e59933 100644 --- a/src/openforms/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIInitialDataOwnershipValidatorTests/ObjectsAPIInitialDataOwnershipValidatorTests.test_user_is_not_owner_of_object.yaml +++ b/src/openforms/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIInitialDataOwnershipValidatorTests/ObjectsAPIInitialDataOwnershipValidatorTests.test_user_is_not_owner_of_object.yaml @@ -15,10 +15,10 @@ interactions: User-Agent: - python-requests/2.32.2 method: GET - uri: http://localhost:8002/api/v2/objects/d36124c0-752e-48a7-a724-bf3241a2e646 + uri: http://localhost:8002/api/v2/objects/300e61aa-e150-459c-aa30-d3f0fe4f5506 response: body: - string: '{"url":"http://objects-web:8000/api/v2/objects/d36124c0-752e-48a7-a724-bf3241a2e646","uuid":"d36124c0-752e-48a7-a724-bf3241a2e646","type":"http://objecttypes-web:8000/api/v2/objecttypes/8faed0fa-7864-4409-aa6d-533a37616a9e","record":{"index":1,"typeVersion":1,"data":{"bsn":"111222333","foo":"bar"},"geometry":null,"startAt":"2024-10-29","endAt":null,"registrationAt":"2024-10-29","correctionFor":null,"correctedBy":null}}' + string: '{"url":"http://objects-web:8000/api/v2/objects/300e61aa-e150-459c-aa30-d3f0fe4f5506","uuid":"300e61aa-e150-459c-aa30-d3f0fe4f5506","type":"http://objecttypes-web:8000/api/v2/objecttypes/8faed0fa-7864-4409-aa6d-533a37616a9e","record":{"index":1,"typeVersion":1,"data":{"bsn":"111222333","foo":"bar"},"geometry":null,"startAt":"2024-11-05","endAt":null,"registrationAt":"2024-11-05","correctionFor":null,"correctedBy":null}}' headers: Allow: - GET, PUT, PATCH, DELETE, HEAD, OPTIONS @@ -33,7 +33,7 @@ interactions: Cross-Origin-Opener-Policy: - same-origin Date: - - Tue, 29 Oct 2024 13:38:52 GMT + - Tue, 05 Nov 2024 14:28:44 GMT Referrer-Policy: - same-origin Server: diff --git a/src/openforms/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIInitialDataOwnershipValidatorTests/ObjectsAPIInitialDataOwnershipValidatorTests.test_user_is_not_owner_of_object_nested_auth_attribute.yaml b/src/openforms/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIInitialDataOwnershipValidatorTests/ObjectsAPIInitialDataOwnershipValidatorTests.test_user_is_not_owner_of_object_nested_auth_attribute.yaml index 4f59403dbe..eee9ce3845 100644 --- a/src/openforms/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIInitialDataOwnershipValidatorTests/ObjectsAPIInitialDataOwnershipValidatorTests.test_user_is_not_owner_of_object_nested_auth_attribute.yaml +++ b/src/openforms/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIInitialDataOwnershipValidatorTests/ObjectsAPIInitialDataOwnershipValidatorTests.test_user_is_not_owner_of_object_nested_auth_attribute.yaml @@ -2,7 +2,7 @@ interactions: - request: body: '{"type": "http://objecttypes-web:8000/api/v2/objecttypes/8faed0fa-7864-4409-aa6d-533a37616a9e", "record": {"typeVersion": 1, "data": {"nested": {"bsn": "111222333"}, "foo": - "bar"}, "startAt": "2024-11-04"}}' + "bar"}, "startAt": "2024-11-05"}}' headers: Accept: - '*/*' @@ -24,7 +24,7 @@ interactions: uri: http://localhost:8002/api/v2/objects response: body: - string: '{"url":"http://objects-web:8000/api/v2/objects/9425a239-d592-4e02-b5dd-69609fdc292d","uuid":"9425a239-d592-4e02-b5dd-69609fdc292d","type":"http://objecttypes-web:8000/api/v2/objecttypes/8faed0fa-7864-4409-aa6d-533a37616a9e","record":{"index":1,"typeVersion":1,"data":{"nested":{"bsn":"111222333"},"foo":"bar"},"geometry":null,"startAt":"2024-11-04","endAt":null,"registrationAt":"2024-11-04","correctionFor":null,"correctedBy":null}}' + string: '{"url":"http://objects-web:8000/api/v2/objects/0fd71d89-3ec2-4593-8fb5-9e1822203c95","uuid":"0fd71d89-3ec2-4593-8fb5-9e1822203c95","type":"http://objecttypes-web:8000/api/v2/objecttypes/8faed0fa-7864-4409-aa6d-533a37616a9e","record":{"index":1,"typeVersion":1,"data":{"nested":{"bsn":"111222333"},"foo":"bar"},"geometry":null,"startAt":"2024-11-05","endAt":null,"registrationAt":"2024-11-05","correctionFor":null,"correctedBy":null}}' headers: Allow: - GET, POST, HEAD, OPTIONS @@ -39,9 +39,9 @@ interactions: Cross-Origin-Opener-Policy: - same-origin Date: - - Mon, 04 Nov 2024 15:49:09 GMT + - Tue, 05 Nov 2024 14:28:44 GMT Location: - - http://localhost:8002/api/v2/objects/9425a239-d592-4e02-b5dd-69609fdc292d + - http://localhost:8002/api/v2/objects/0fd71d89-3ec2-4593-8fb5-9e1822203c95 Referrer-Policy: - same-origin Server: @@ -71,10 +71,10 @@ interactions: User-Agent: - python-requests/2.32.2 method: GET - uri: http://localhost:8002/api/v2/objects/9425a239-d592-4e02-b5dd-69609fdc292d + uri: http://localhost:8002/api/v2/objects/0fd71d89-3ec2-4593-8fb5-9e1822203c95 response: body: - string: '{"url":"http://objects-web:8000/api/v2/objects/9425a239-d592-4e02-b5dd-69609fdc292d","uuid":"9425a239-d592-4e02-b5dd-69609fdc292d","type":"http://objecttypes-web:8000/api/v2/objecttypes/8faed0fa-7864-4409-aa6d-533a37616a9e","record":{"index":1,"typeVersion":1,"data":{"foo":"bar","nested":{"bsn":"111222333"}},"geometry":null,"startAt":"2024-11-04","endAt":null,"registrationAt":"2024-11-04","correctionFor":null,"correctedBy":null}}' + string: '{"url":"http://objects-web:8000/api/v2/objects/0fd71d89-3ec2-4593-8fb5-9e1822203c95","uuid":"0fd71d89-3ec2-4593-8fb5-9e1822203c95","type":"http://objecttypes-web:8000/api/v2/objecttypes/8faed0fa-7864-4409-aa6d-533a37616a9e","record":{"index":1,"typeVersion":1,"data":{"foo":"bar","nested":{"bsn":"111222333"}},"geometry":null,"startAt":"2024-11-05","endAt":null,"registrationAt":"2024-11-05","correctionFor":null,"correctedBy":null}}' headers: Allow: - GET, PUT, PATCH, DELETE, HEAD, OPTIONS @@ -89,7 +89,7 @@ interactions: Cross-Origin-Opener-Policy: - same-origin Date: - - Mon, 04 Nov 2024 15:49:09 GMT + - Tue, 05 Nov 2024 14:28:44 GMT Referrer-Policy: - same-origin Server: diff --git a/src/openforms/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIInitialDataOwnershipValidatorTests/ObjectsAPIInitialDataOwnershipValidatorTests.test_user_is_owner_of_object.yaml b/src/openforms/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIInitialDataOwnershipValidatorTests/ObjectsAPIInitialDataOwnershipValidatorTests.test_user_is_owner_of_object.yaml index 332c63e9ec..9422e59933 100644 --- a/src/openforms/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIInitialDataOwnershipValidatorTests/ObjectsAPIInitialDataOwnershipValidatorTests.test_user_is_owner_of_object.yaml +++ b/src/openforms/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIInitialDataOwnershipValidatorTests/ObjectsAPIInitialDataOwnershipValidatorTests.test_user_is_owner_of_object.yaml @@ -15,10 +15,10 @@ interactions: User-Agent: - python-requests/2.32.2 method: GET - uri: http://localhost:8002/api/v2/objects/d36124c0-752e-48a7-a724-bf3241a2e646 + uri: http://localhost:8002/api/v2/objects/300e61aa-e150-459c-aa30-d3f0fe4f5506 response: body: - string: '{"url":"http://objects-web:8000/api/v2/objects/d36124c0-752e-48a7-a724-bf3241a2e646","uuid":"d36124c0-752e-48a7-a724-bf3241a2e646","type":"http://objecttypes-web:8000/api/v2/objecttypes/8faed0fa-7864-4409-aa6d-533a37616a9e","record":{"index":1,"typeVersion":1,"data":{"bsn":"111222333","foo":"bar"},"geometry":null,"startAt":"2024-10-29","endAt":null,"registrationAt":"2024-10-29","correctionFor":null,"correctedBy":null}}' + string: '{"url":"http://objects-web:8000/api/v2/objects/300e61aa-e150-459c-aa30-d3f0fe4f5506","uuid":"300e61aa-e150-459c-aa30-d3f0fe4f5506","type":"http://objecttypes-web:8000/api/v2/objecttypes/8faed0fa-7864-4409-aa6d-533a37616a9e","record":{"index":1,"typeVersion":1,"data":{"bsn":"111222333","foo":"bar"},"geometry":null,"startAt":"2024-11-05","endAt":null,"registrationAt":"2024-11-05","correctionFor":null,"correctedBy":null}}' headers: Allow: - GET, PUT, PATCH, DELETE, HEAD, OPTIONS @@ -33,7 +33,7 @@ interactions: Cross-Origin-Opener-Policy: - same-origin Date: - - Tue, 29 Oct 2024 13:38:52 GMT + - Tue, 05 Nov 2024 14:28:44 GMT Referrer-Policy: - same-origin Server: diff --git a/src/openforms/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIInitialDataOwnershipValidatorTests/setUpTestData.yaml b/src/openforms/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIInitialDataOwnershipValidatorTests/setUpTestData.yaml index 4b65c9a456..0003a7470f 100644 --- a/src/openforms/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIInitialDataOwnershipValidatorTests/setUpTestData.yaml +++ b/src/openforms/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIInitialDataOwnershipValidatorTests/setUpTestData.yaml @@ -2,7 +2,7 @@ interactions: - request: body: '{"type": "http://objecttypes-web:8000/api/v2/objecttypes/8faed0fa-7864-4409-aa6d-533a37616a9e", "record": {"typeVersion": 1, "data": {"bsn": "111222333", "foo": "bar"}, "startAt": - "2024-10-29"}}' + "2024-11-05"}}' headers: Accept: - '*/*' @@ -24,7 +24,7 @@ interactions: uri: http://localhost:8002/api/v2/objects response: body: - string: '{"url":"http://objects-web:8000/api/v2/objects/d36124c0-752e-48a7-a724-bf3241a2e646","uuid":"d36124c0-752e-48a7-a724-bf3241a2e646","type":"http://objecttypes-web:8000/api/v2/objecttypes/8faed0fa-7864-4409-aa6d-533a37616a9e","record":{"index":1,"typeVersion":1,"data":{"bsn":"111222333","foo":"bar"},"geometry":null,"startAt":"2024-10-29","endAt":null,"registrationAt":"2024-10-29","correctionFor":null,"correctedBy":null}}' + string: '{"url":"http://objects-web:8000/api/v2/objects/300e61aa-e150-459c-aa30-d3f0fe4f5506","uuid":"300e61aa-e150-459c-aa30-d3f0fe4f5506","type":"http://objecttypes-web:8000/api/v2/objecttypes/8faed0fa-7864-4409-aa6d-533a37616a9e","record":{"index":1,"typeVersion":1,"data":{"bsn":"111222333","foo":"bar"},"geometry":null,"startAt":"2024-11-05","endAt":null,"registrationAt":"2024-11-05","correctionFor":null,"correctedBy":null}}' headers: Allow: - GET, POST, HEAD, OPTIONS @@ -39,9 +39,9 @@ interactions: Cross-Origin-Opener-Policy: - same-origin Date: - - Tue, 29 Oct 2024 13:38:51 GMT + - Tue, 05 Nov 2024 14:28:43 GMT Location: - - http://localhost:8002/api/v2/objects/d36124c0-752e-48a7-a724-bf3241a2e646 + - http://localhost:8002/api/v2/objects/300e61aa-e150-459c-aa30-d3f0fe4f5506 Referrer-Policy: - same-origin Server: diff --git a/src/openforms/contrib/objects_api/tests/test_ownership_validation.py b/src/openforms/contrib/objects_api/tests/test_ownership_validation.py index 6cb8af0f7b..74e4cd2244 100644 --- a/src/openforms/contrib/objects_api/tests/test_ownership_validation.py +++ b/src/openforms/contrib/objects_api/tests/test_ownership_validation.py @@ -12,6 +12,8 @@ from openforms.contrib.objects_api.helpers import prepare_data_for_registration from openforms.contrib.objects_api.tests.factories import ObjectsAPIGroupConfigFactory from openforms.forms.tests.factories import FormRegistrationBackendFactory +from openforms.logging.models import TimelineLogProxy +from openforms.registrations.contrib.objects_api.plugin import ObjectsAPIRegistration from openforms.submissions.tests.factories import SubmissionFactory from openforms.utils.tests.vcr import OFVCRMixin @@ -20,6 +22,9 @@ TEST_FILES = (Path(__file__).parent / "files").resolve() +PLUGIN = ObjectsAPIRegistration("test") + + @override_settings( CORS_ALLOW_ALL_ORIGINS=False, ALLOWED_HOSTS=["*"], @@ -89,7 +94,7 @@ def test_user_is_owner_of_object(self): ) with get_objects_client(self.objects_api_group_used) as client: - validate_object_ownership(submission, client, ["bsn"]) + validate_object_ownership(submission, client, ["bsn"], PLUGIN) @tag("gh-4398") def test_permission_denied_if_user_is_not_logged_in(self): @@ -97,11 +102,19 @@ def test_permission_denied_if_user_is_not_logged_in(self): with get_objects_client(self.objects_api_group_used) as client: with self.assertRaises(PermissionDenied) as cm: - validate_object_ownership(submission, client, ["bsn"]) + validate_object_ownership(submission, client, ["bsn"], PLUGIN) self.assertEqual( str(cm.exception), "Cannot pass data reference as anonymous user" ) + logs = TimelineLogProxy.objects.filter(object_id=submission.id) + self.assertEqual( + logs.filter( + extra_data__log_event="object_ownership_check_anonymous_user" + ).count(), + 1, + ) + @tag("gh-4398") def test_user_is_not_owner_of_object(self): submission = SubmissionFactory.create( @@ -124,11 +137,17 @@ def test_user_is_not_owner_of_object(self): with get_objects_client(self.objects_api_group_used) as client: with self.assertRaises(PermissionDenied) as cm: - validate_object_ownership(submission, client, ["bsn"]) + validate_object_ownership(submission, client, ["bsn"], PLUGIN) self.assertEqual( str(cm.exception), "User is not the owner of the referenced object" ) + logs = TimelineLogProxy.objects.filter(object_id=submission.id) + self.assertEqual( + logs.filter(extra_data__log_event="object_ownership_check_failure").count(), + 1, + ) + @tag("gh-4398") def test_user_is_not_owner_of_object_nested_auth_attribute(self): with get_objects_client(self.objects_api_group_used) as client: @@ -161,7 +180,7 @@ def test_user_is_not_owner_of_object_nested_auth_attribute(self): with get_objects_client(self.objects_api_group_used) as client: with self.assertRaises(PermissionDenied) as cm: - validate_object_ownership(submission, client, ["nested", "bsn"]) + validate_object_ownership(submission, client, ["nested", "bsn"], PLUGIN) self.assertEqual( str(cm.exception), "User is not the owner of the referenced object" ) @@ -195,10 +214,10 @@ def test_request_exception_when_doing_permission_check(self, mock_get_object): ) with get_objects_client(self.objects_api_group_used) as client: - validate_object_ownership(submission, client, ["bsn"]) + validate_object_ownership(submission, client, ["bsn"], PLUGIN) @tag("gh-4398") - def test_no_backends_configured_raises_error( + def test_no_backends_configured_does_not_raise_error( self, ): """ @@ -213,15 +232,15 @@ def test_no_backends_configured_raises_error( FormRegistrationBackendFactory.create(form=submission.form, backend="email") with get_objects_client(self.objects_api_group_used) as client: - validate_object_ownership(submission, client, ["bsn"]) + validate_object_ownership(submission, client, ["bsn"], PLUGIN) @tag("gh-4398") - def test_backend_without_options_raises_error( + def test_backend_without_options_does_not_raise_error( self, ): """ - If the object could not be fetched due to misconfiguration, the ownership check - should not fail + If the object could not be fetched due to missing API group configuration, + the ownership check should not fail """ submission = SubmissionFactory.create( auth_info__value="111222333", @@ -234,4 +253,4 @@ def test_backend_without_options_raises_error( ) with get_objects_client(self.objects_api_group_used) as client: - validate_object_ownership(submission, client, ["bsn"]) + validate_object_ownership(submission, client, ["bsn"], PLUGIN) diff --git a/src/openforms/prefill/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIPrefillDataOwnershipCheckTests/ObjectsAPIPrefillDataOwnershipCheckTests.test_verify_initial_data_ownership.yaml b/src/openforms/prefill/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIPrefillDataOwnershipCheckTests/ObjectsAPIPrefillDataOwnershipCheckTests.test_verify_initial_data_ownership_called_if_initial_data_reference_specified.yaml similarity index 70% rename from src/openforms/prefill/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIPrefillDataOwnershipCheckTests/ObjectsAPIPrefillDataOwnershipCheckTests.test_verify_initial_data_ownership.yaml rename to src/openforms/prefill/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIPrefillDataOwnershipCheckTests/ObjectsAPIPrefillDataOwnershipCheckTests.test_verify_initial_data_ownership_called_if_initial_data_reference_specified.yaml index 04ab29a804..b7527eec5a 100644 --- a/src/openforms/prefill/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIPrefillDataOwnershipCheckTests/ObjectsAPIPrefillDataOwnershipCheckTests.test_verify_initial_data_ownership.yaml +++ b/src/openforms/prefill/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIPrefillDataOwnershipCheckTests/ObjectsAPIPrefillDataOwnershipCheckTests.test_verify_initial_data_ownership_called_if_initial_data_reference_specified.yaml @@ -15,10 +15,10 @@ interactions: User-Agent: - python-requests/2.32.2 method: GET - uri: http://localhost:8002/api/v2/objects/351348b1-ff52-440f-8142-5e080b0a1b75 + uri: http://localhost:8002/api/v2/objects/d23144bd-1220-42e6-9edf-d7fd31291bff response: body: - string: '{"url":"http://objects-web:8000/api/v2/objects/351348b1-ff52-440f-8142-5e080b0a1b75","uuid":"351348b1-ff52-440f-8142-5e080b0a1b75","type":"http://objecttypes-web:8000/api/v2/objecttypes/8faed0fa-7864-4409-aa6d-533a37616a9e","record":{"index":1,"typeVersion":1,"data":{"bsn":"111222333","some":{"path":"foo"}},"geometry":null,"startAt":"2024-11-04","endAt":null,"registrationAt":"2024-11-04","correctionFor":null,"correctedBy":null}}' + string: '{"url":"http://objects-web:8000/api/v2/objects/d23144bd-1220-42e6-9edf-d7fd31291bff","uuid":"d23144bd-1220-42e6-9edf-d7fd31291bff","type":"http://objecttypes-web:8000/api/v2/objecttypes/8faed0fa-7864-4409-aa6d-533a37616a9e","record":{"index":1,"typeVersion":1,"data":{"bsn":"111222333","some":{"path":"foo"}},"geometry":null,"startAt":"2024-11-05","endAt":null,"registrationAt":"2024-11-05","correctionFor":null,"correctedBy":null}}' headers: Allow: - GET, PUT, PATCH, DELETE, HEAD, OPTIONS @@ -33,7 +33,7 @@ interactions: Cross-Origin-Opener-Policy: - same-origin Date: - - Mon, 04 Nov 2024 12:48:04 GMT + - Tue, 05 Nov 2024 14:28:44 GMT Referrer-Policy: - same-origin Server: diff --git a/src/openforms/prefill/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIPrefillDataOwnershipCheckTests/setUpTestData.yaml b/src/openforms/prefill/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIPrefillDataOwnershipCheckTests/setUpTestData.yaml index 0406a729e6..cea8230065 100644 --- a/src/openforms/prefill/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIPrefillDataOwnershipCheckTests/setUpTestData.yaml +++ b/src/openforms/prefill/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIPrefillDataOwnershipCheckTests/setUpTestData.yaml @@ -2,7 +2,7 @@ interactions: - request: body: '{"type": "http://objecttypes-web:8000/api/v2/objecttypes/8faed0fa-7864-4409-aa6d-533a37616a9e", "record": {"typeVersion": 1, "data": {"bsn": "111222333", "some": {"path": "foo"}}, - "startAt": "2024-11-04"}}' + "startAt": "2024-11-05"}}' headers: Accept: - '*/*' @@ -24,7 +24,7 @@ interactions: uri: http://localhost:8002/api/v2/objects response: body: - string: '{"url":"http://objects-web:8000/api/v2/objects/351348b1-ff52-440f-8142-5e080b0a1b75","uuid":"351348b1-ff52-440f-8142-5e080b0a1b75","type":"http://objecttypes-web:8000/api/v2/objecttypes/8faed0fa-7864-4409-aa6d-533a37616a9e","record":{"index":1,"typeVersion":1,"data":{"bsn":"111222333","some":{"path":"foo"}},"geometry":null,"startAt":"2024-11-04","endAt":null,"registrationAt":"2024-11-04","correctionFor":null,"correctedBy":null}}' + string: '{"url":"http://objects-web:8000/api/v2/objects/d23144bd-1220-42e6-9edf-d7fd31291bff","uuid":"d23144bd-1220-42e6-9edf-d7fd31291bff","type":"http://objecttypes-web:8000/api/v2/objecttypes/8faed0fa-7864-4409-aa6d-533a37616a9e","record":{"index":1,"typeVersion":1,"data":{"bsn":"111222333","some":{"path":"foo"}},"geometry":null,"startAt":"2024-11-05","endAt":null,"registrationAt":"2024-11-05","correctionFor":null,"correctedBy":null}}' headers: Allow: - GET, POST, HEAD, OPTIONS @@ -39,9 +39,9 @@ interactions: Cross-Origin-Opener-Policy: - same-origin Date: - - Mon, 04 Nov 2024 12:48:04 GMT + - Tue, 05 Nov 2024 14:28:44 GMT Location: - - http://localhost:8002/api/v2/objects/351348b1-ff52-440f-8142-5e080b0a1b75 + - http://localhost:8002/api/v2/objects/d23144bd-1220-42e6-9edf-d7fd31291bff Referrer-Policy: - same-origin Server: diff --git a/src/openforms/prefill/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIPrefillPluginTests/ObjectsAPIPrefillPluginTests.test_prefill_values_happy_flow.yaml b/src/openforms/prefill/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIPrefillPluginTests/ObjectsAPIPrefillPluginTests.test_prefill_values_happy_flow.yaml index 6903589d0e..d69d558711 100644 --- a/src/openforms/prefill/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIPrefillPluginTests/ObjectsAPIPrefillPluginTests.test_prefill_values_happy_flow.yaml +++ b/src/openforms/prefill/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIPrefillPluginTests/ObjectsAPIPrefillPluginTests.test_prefill_values_happy_flow.yaml @@ -2,7 +2,7 @@ interactions: - request: body: '{"type": "http://objecttypes-web:8000/api/v2/objecttypes/8e46e0a5-b1b4-449b-b9e9-fa3cea655f48", "record": {"typeVersion": 3, "data": {"name": {"last.name": "My last name"}, - "age": 45}, "startAt": "2024-10-24"}}' + "age": 45, "bsn": "111222333"}, "startAt": "2024-11-05"}}' headers: Accept: - '*/*' @@ -15,7 +15,7 @@ interactions: Content-Crs: - EPSG:4326 Content-Length: - - '210' + - '230' Content-Type: - application/json User-Agent: @@ -24,8 +24,8 @@ interactions: uri: http://localhost:8002/api/v2/objects response: body: - string: '{"url":"http://objects-web:8000/api/v2/objects/a57193e8-e90e-4448-88ae-1f76d38e8ba3","uuid":"a57193e8-e90e-4448-88ae-1f76d38e8ba3","type":"http://objecttypes-web:8000/api/v2/objecttypes/8e46e0a5-b1b4-449b-b9e9-fa3cea655f48","record":{"index":1,"typeVersion":3,"data":{"name":{"last.name":"My - last name"},"age":45},"geometry":null,"startAt":"2024-10-24","endAt":null,"registrationAt":"2024-10-24","correctionFor":null,"correctedBy":null}}' + string: '{"url":"http://objects-web:8000/api/v2/objects/34aeaf6a-aec0-4c56-bcb3-cf0173f77446","uuid":"34aeaf6a-aec0-4c56-bcb3-cf0173f77446","type":"http://objecttypes-web:8000/api/v2/objecttypes/8e46e0a5-b1b4-449b-b9e9-fa3cea655f48","record":{"index":1,"typeVersion":3,"data":{"name":{"last.name":"My + last name"},"age":45,"bsn":"111222333"},"geometry":null,"startAt":"2024-11-05","endAt":null,"registrationAt":"2024-11-05","correctionFor":null,"correctedBy":null}}' headers: Allow: - GET, POST, HEAD, OPTIONS @@ -34,15 +34,15 @@ interactions: Content-Crs: - EPSG:4326 Content-Length: - - '437' + - '455' Content-Type: - application/json Cross-Origin-Opener-Policy: - same-origin Date: - - Thu, 24 Oct 2024 11:01:22 GMT + - Tue, 05 Nov 2024 14:59:30 GMT Location: - - http://localhost:8002/api/v2/objects/a57193e8-e90e-4448-88ae-1f76d38e8ba3 + - http://localhost:8002/api/v2/objects/34aeaf6a-aec0-4c56-bcb3-cf0173f77446 Referrer-Policy: - same-origin Server: @@ -72,11 +72,11 @@ interactions: User-Agent: - python-requests/2.32.2 method: GET - uri: http://localhost:8002/api/v2/objects/a57193e8-e90e-4448-88ae-1f76d38e8ba3 + uri: http://localhost:8002/api/v2/objects/34aeaf6a-aec0-4c56-bcb3-cf0173f77446 response: body: - string: '{"url":"http://objects-web:8000/api/v2/objects/a57193e8-e90e-4448-88ae-1f76d38e8ba3","uuid":"a57193e8-e90e-4448-88ae-1f76d38e8ba3","type":"http://objecttypes-web:8000/api/v2/objecttypes/8e46e0a5-b1b4-449b-b9e9-fa3cea655f48","record":{"index":1,"typeVersion":3,"data":{"age":45,"name":{"last.name":"My - last name"}},"geometry":null,"startAt":"2024-10-24","endAt":null,"registrationAt":"2024-10-24","correctionFor":null,"correctedBy":null}}' + string: '{"url":"http://objects-web:8000/api/v2/objects/34aeaf6a-aec0-4c56-bcb3-cf0173f77446","uuid":"34aeaf6a-aec0-4c56-bcb3-cf0173f77446","type":"http://objecttypes-web:8000/api/v2/objecttypes/8e46e0a5-b1b4-449b-b9e9-fa3cea655f48","record":{"index":1,"typeVersion":3,"data":{"age":45,"bsn":"111222333","name":{"last.name":"My + last name"}},"geometry":null,"startAt":"2024-11-05","endAt":null,"registrationAt":"2024-11-05","correctionFor":null,"correctedBy":null}}' headers: Allow: - GET, PUT, PATCH, DELETE, HEAD, OPTIONS @@ -85,13 +85,62 @@ interactions: Content-Crs: - EPSG:4326 Content-Length: - - '437' + - '455' Content-Type: - application/json Cross-Origin-Opener-Policy: - same-origin Date: - - Thu, 24 Oct 2024 11:01:22 GMT + - Tue, 05 Nov 2024 14:59:31 GMT + Referrer-Policy: + - same-origin + Server: + - nginx/1.27.0 + Vary: + - origin + X-Content-Type-Options: + - nosniff + X-Frame-Options: + - DENY + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate, br + Authorization: + - Token 7657474c3d75f56ae0abd0d1bf7994b09964dca9 + Connection: + - keep-alive + Content-Crs: + - EPSG:4326 + User-Agent: + - python-requests/2.32.2 + method: GET + uri: http://localhost:8002/api/v2/objects/34aeaf6a-aec0-4c56-bcb3-cf0173f77446 + response: + body: + string: '{"url":"http://objects-web:8000/api/v2/objects/34aeaf6a-aec0-4c56-bcb3-cf0173f77446","uuid":"34aeaf6a-aec0-4c56-bcb3-cf0173f77446","type":"http://objecttypes-web:8000/api/v2/objecttypes/8e46e0a5-b1b4-449b-b9e9-fa3cea655f48","record":{"index":1,"typeVersion":3,"data":{"age":45,"bsn":"111222333","name":{"last.name":"My + last name"}},"geometry":null,"startAt":"2024-11-05","endAt":null,"registrationAt":"2024-11-05","correctionFor":null,"correctedBy":null}}' + headers: + Allow: + - GET, PUT, PATCH, DELETE, HEAD, OPTIONS + Connection: + - keep-alive + Content-Crs: + - EPSG:4326 + Content-Length: + - '455' + Content-Type: + - application/json + Cross-Origin-Opener-Policy: + - same-origin + Date: + - Tue, 05 Nov 2024 14:59:31 GMT Referrer-Policy: - same-origin Server: diff --git a/src/openforms/prefill/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIPrefillPluginTests/ObjectsAPIPrefillPluginTests.test_prefill_values_when_reference_not_found.yaml b/src/openforms/prefill/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIPrefillPluginTests/ObjectsAPIPrefillPluginTests.test_prefill_values_when_reference_not_found.yaml index 0d13cbb43b..d487947b3e 100644 --- a/src/openforms/prefill/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIPrefillPluginTests/ObjectsAPIPrefillPluginTests.test_prefill_values_when_reference_not_found.yaml +++ b/src/openforms/prefill/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIPrefillPluginTests/ObjectsAPIPrefillPluginTests.test_prefill_values_when_reference_not_found.yaml @@ -33,7 +33,55 @@ interactions: Cross-Origin-Opener-Policy: - same-origin Date: - - Thu, 24 Oct 2024 11:01:23 GMT + - Tue, 05 Nov 2024 15:01:56 GMT + Referrer-Policy: + - same-origin + Server: + - nginx/1.27.0 + Vary: + - origin + X-Content-Type-Options: + - nosniff + X-Frame-Options: + - DENY + status: + code: 404 + message: Not Found +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate, br + Authorization: + - Token 7657474c3d75f56ae0abd0d1bf7994b09964dca9 + Connection: + - keep-alive + Content-Crs: + - EPSG:4326 + User-Agent: + - python-requests/2.32.2 + method: GET + uri: http://localhost:8002/api/v2/objects/048a37ca-a602-4158-9e60-9f06f3e47e2a + response: + body: + string: '{"detail":"Not found."}' + headers: + Allow: + - GET, PUT, PATCH, DELETE, HEAD, OPTIONS + Connection: + - keep-alive + Content-Crs: + - EPSG:4326 + Content-Length: + - '23' + Content-Type: + - application/json + Cross-Origin-Opener-Policy: + - same-origin + Date: + - Tue, 05 Nov 2024 15:01:56 GMT Referrer-Policy: - same-origin Server: diff --git a/src/openforms/prefill/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIPrefillPluginTests/ObjectsAPIPrefillPluginTests.test_prefill_values_when_reference_returns_empty_values.yaml b/src/openforms/prefill/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIPrefillPluginTests/ObjectsAPIPrefillPluginTests.test_prefill_values_when_reference_returns_empty_values.yaml index 7a6671f41b..ff73d2e850 100644 --- a/src/openforms/prefill/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIPrefillPluginTests/ObjectsAPIPrefillPluginTests.test_prefill_values_when_reference_returns_empty_values.yaml +++ b/src/openforms/prefill/contrib/objects_api/tests/files/vcr_cassettes/ObjectsAPIPrefillPluginTests/ObjectsAPIPrefillPluginTests.test_prefill_values_when_reference_returns_empty_values.yaml @@ -1,7 +1,7 @@ interactions: - request: body: '{"type": "http://objecttypes-web:8000/api/v2/objecttypes/8e46e0a5-b1b4-449b-b9e9-fa3cea655f48", - "record": {"typeVersion": 3, "data": {}, "startAt": "2024-10-24"}}' + "record": {"typeVersion": 3, "data": {"bsn": "111222333"}, "startAt": "2024-11-05"}}' headers: Accept: - '*/*' @@ -14,7 +14,7 @@ interactions: Content-Crs: - EPSG:4326 Content-Length: - - '162' + - '180' Content-Type: - application/json User-Agent: @@ -23,7 +23,7 @@ interactions: uri: http://localhost:8002/api/v2/objects response: body: - string: '{"url":"http://objects-web:8000/api/v2/objects/b79e2fe8-dc28-4705-a757-3462cd632696","uuid":"b79e2fe8-dc28-4705-a757-3462cd632696","type":"http://objecttypes-web:8000/api/v2/objecttypes/8e46e0a5-b1b4-449b-b9e9-fa3cea655f48","record":{"index":1,"typeVersion":3,"data":{},"geometry":null,"startAt":"2024-10-24","endAt":null,"registrationAt":"2024-10-24","correctionFor":null,"correctedBy":null}}' + string: '{"url":"http://objects-web:8000/api/v2/objects/264ebc07-7cba-4ef4-8a3c-fbb802888145","uuid":"264ebc07-7cba-4ef4-8a3c-fbb802888145","type":"http://objecttypes-web:8000/api/v2/objecttypes/8e46e0a5-b1b4-449b-b9e9-fa3cea655f48","record":{"index":1,"typeVersion":3,"data":{"bsn":"111222333"},"geometry":null,"startAt":"2024-11-05","endAt":null,"registrationAt":"2024-11-05","correctionFor":null,"correctedBy":null}}' headers: Allow: - GET, POST, HEAD, OPTIONS @@ -32,15 +32,15 @@ interactions: Content-Crs: - EPSG:4326 Content-Length: - - '393' + - '410' Content-Type: - application/json Cross-Origin-Opener-Policy: - same-origin Date: - - Thu, 24 Oct 2024 11:01:23 GMT + - Tue, 05 Nov 2024 14:59:25 GMT Location: - - http://localhost:8002/api/v2/objects/b79e2fe8-dc28-4705-a757-3462cd632696 + - http://localhost:8002/api/v2/objects/264ebc07-7cba-4ef4-8a3c-fbb802888145 Referrer-Policy: - same-origin Server: @@ -70,10 +70,10 @@ interactions: User-Agent: - python-requests/2.32.2 method: GET - uri: http://localhost:8002/api/v2/objects/b79e2fe8-dc28-4705-a757-3462cd632696 + uri: http://localhost:8002/api/v2/objects/264ebc07-7cba-4ef4-8a3c-fbb802888145 response: body: - string: '{"url":"http://objects-web:8000/api/v2/objects/b79e2fe8-dc28-4705-a757-3462cd632696","uuid":"b79e2fe8-dc28-4705-a757-3462cd632696","type":"http://objecttypes-web:8000/api/v2/objecttypes/8e46e0a5-b1b4-449b-b9e9-fa3cea655f48","record":{"index":1,"typeVersion":3,"data":{},"geometry":null,"startAt":"2024-10-24","endAt":null,"registrationAt":"2024-10-24","correctionFor":null,"correctedBy":null}}' + string: '{"url":"http://objects-web:8000/api/v2/objects/264ebc07-7cba-4ef4-8a3c-fbb802888145","uuid":"264ebc07-7cba-4ef4-8a3c-fbb802888145","type":"http://objecttypes-web:8000/api/v2/objecttypes/8e46e0a5-b1b4-449b-b9e9-fa3cea655f48","record":{"index":1,"typeVersion":3,"data":{"bsn":"111222333"},"geometry":null,"startAt":"2024-11-05","endAt":null,"registrationAt":"2024-11-05","correctionFor":null,"correctedBy":null}}' headers: Allow: - GET, PUT, PATCH, DELETE, HEAD, OPTIONS @@ -82,13 +82,61 @@ interactions: Content-Crs: - EPSG:4326 Content-Length: - - '393' + - '410' Content-Type: - application/json Cross-Origin-Opener-Policy: - same-origin Date: - - Thu, 24 Oct 2024 11:01:23 GMT + - Tue, 05 Nov 2024 14:59:25 GMT + Referrer-Policy: + - same-origin + Server: + - nginx/1.27.0 + Vary: + - origin + X-Content-Type-Options: + - nosniff + X-Frame-Options: + - DENY + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate, br + Authorization: + - Token 7657474c3d75f56ae0abd0d1bf7994b09964dca9 + Connection: + - keep-alive + Content-Crs: + - EPSG:4326 + User-Agent: + - python-requests/2.32.2 + method: GET + uri: http://localhost:8002/api/v2/objects/264ebc07-7cba-4ef4-8a3c-fbb802888145 + response: + body: + string: '{"url":"http://objects-web:8000/api/v2/objects/264ebc07-7cba-4ef4-8a3c-fbb802888145","uuid":"264ebc07-7cba-4ef4-8a3c-fbb802888145","type":"http://objecttypes-web:8000/api/v2/objecttypes/8e46e0a5-b1b4-449b-b9e9-fa3cea655f48","record":{"index":1,"typeVersion":3,"data":{"bsn":"111222333"},"geometry":null,"startAt":"2024-11-05","endAt":null,"registrationAt":"2024-11-05","correctionFor":null,"correctedBy":null}}' + headers: + Allow: + - GET, PUT, PATCH, DELETE, HEAD, OPTIONS + Connection: + - keep-alive + Content-Crs: + - EPSG:4326 + Content-Length: + - '410' + Content-Type: + - application/json + Cross-Origin-Opener-Policy: + - same-origin + Date: + - Tue, 05 Nov 2024 14:59:25 GMT Referrer-Policy: - same-origin Server: diff --git a/src/openforms/prefill/contrib/objects_api/tests/test_initial_data_ownership_validation.py b/src/openforms/prefill/contrib/objects_api/tests/test_initial_data_ownership_validation.py index bc1e68beba..0c6c852ef5 100644 --- a/src/openforms/prefill/contrib/objects_api/tests/test_initial_data_ownership_validation.py +++ b/src/openforms/prefill/contrib/objects_api/tests/test_initial_data_ownership_validation.py @@ -25,6 +25,7 @@ TEST_FILES = (Path(__file__).parent / "files").resolve() +@tag("gh-4398") class ObjectsAPIPrefillDataOwnershipCheckTests(OFVCRMixin, TestCase): VCR_TEST_FILES = TEST_FILES @@ -55,40 +56,38 @@ def setUpTestData(cls): ) cls.object_ref = object["uuid"] - @tag("gh-4398") - def test_verify_initial_data_ownership(self): - objects_api_group_used = ObjectsAPIGroupConfigFactory.create( + cls.objects_api_group_used = ObjectsAPIGroupConfigFactory.create( for_test_docker_compose=True ) - objects_api_group_unused = ObjectsAPIGroupConfigFactory.create() + cls.objects_api_group_unused = ObjectsAPIGroupConfigFactory.create() - form = FormFactory.create() + cls.form = FormFactory.create() # An objects API backend with a different API group FormRegistrationBackendFactory.create( - form=form, + form=cls.form, backend="objects_api", options={ "version": 2, "objecttype": "3edfdaf7-f469-470b-a391-bb7ea015bd6f", - "objects_api_group": objects_api_group_unused.pk, + "objects_api_group": cls.objects_api_group_unused.pk, "objecttype_version": 1, }, ) # Another backend that should be ignored - FormRegistrationBackendFactory.create(form=form, backend="email") + FormRegistrationBackendFactory.create(form=cls.form, backend="email") # The backend that should be used to perform the check FormRegistrationBackendFactory.create( - form=form, + form=cls.form, backend="objects_api", options={ "version": 2, "objecttype": "3edfdaf7-f469-470b-a391-bb7ea015bd6f", - "objects_api_group": objects_api_group_used.pk, + "objects_api_group": cls.objects_api_group_used.pk, "objecttype_version": 1, }, ) - form_step = FormStepFactory.create( + cls.form_step = FormStepFactory.create( form_definition__configuration={ "components": [ { @@ -99,15 +98,15 @@ def test_verify_initial_data_ownership(self): ] } ) - variable = FormVariableFactory.create( + cls.variable = FormVariableFactory.create( key="voornamen", - form=form_step.form, + form=cls.form_step.form, prefill_plugin="objects_api", prefill_attribute="", prefill_options={ "version": 2, "objecttype": "3edfdaf7-f469-470b-a391-bb7ea015bd6f", - "objects_api_group": objects_api_group_used.pk, + "objects_api_group": cls.objects_api_group_used.pk, "objecttype_version": 1, "auth_attribute_path": ["nested", "bsn"], "variables_mapping": [ @@ -116,112 +115,138 @@ def test_verify_initial_data_ownership(self): }, ) - with self.subTest( - "verify_initial_data_ownership is called if initial_data_reference is specified" - ): - submission_step = SubmissionStepFactory.create( - submission__form=form_step.form, - form_step=form_step, - submission__auth_info__value="999990676", - submission__auth_info__attribute=AuthAttribute.bsn, - submission__initial_data_reference=self.object_ref, - ) - - with patch( - "openforms.prefill.contrib.objects_api.plugin.validate_object_ownership" - ) as mock_validate_object_ownership: - prefill_variables(submission=submission_step.submission) - - self.assertEqual(mock_validate_object_ownership.call_count, 1) + def test_verify_initial_data_ownership_called_if_initial_data_reference_specified( + self, + ): + submission_step = SubmissionStepFactory.create( + submission__form=self.form_step.form, + form_step=self.form_step, + submission__auth_info__value="999990676", + submission__auth_info__attribute=AuthAttribute.bsn, + submission__initial_data_reference=self.object_ref, + ) - # Cannot compare with `.assert_has_calls`, because the client objects - # won't match - call = mock_validate_object_ownership.mock_calls[0] + with patch( + "openforms.prefill.contrib.objects_api.plugin.validate_object_ownership" + ) as mock_validate_object_ownership: + prefill_variables(submission=submission_step.submission) - self.assertEqual(call.args[0], submission_step.submission) - self.assertEqual( - call.args[1].base_url, - objects_api_group_used.objects_service.api_root, - ) - self.assertEqual(call.args[2], ["nested", "bsn"]) + self.assertEqual(mock_validate_object_ownership.call_count, 1) - logs = TimelineLogProxy.objects.filter( - object_id=submission_step.submission.id - ) + # Cannot compare with `.assert_has_calls`, because the client objects + # won't match + call = mock_validate_object_ownership.mock_calls[0] + self.assertEqual(call.args[0], submission_step.submission) self.assertEqual( - logs.filter(extra_data__log_event="prefill_retrieve_success").count(), 1 + call.args[1].base_url, + self.objects_api_group_used.objects_service.api_root, ) + self.assertEqual(call.args[2], ["nested", "bsn"]) - with self.subTest( - "verify_initial_data_ownership raising error causes prefill to fail" - ): - submission_step = SubmissionStepFactory.create( - submission__form=form_step.form, - form_step=form_step, - submission__auth_info__value="999990676", - submission__auth_info__attribute=AuthAttribute.bsn, - submission__initial_data_reference=self.object_ref, - ) + logs = TimelineLogProxy.objects.filter(object_id=submission_step.submission.id) - with patch( - "openforms.prefill.contrib.objects_api.plugin.validate_object_ownership", - side_effect=PermissionDenied, - ) as mock_validate_object_ownership: - prefill_variables(submission=submission_step.submission) + self.assertEqual( + logs.filter(extra_data__log_event="prefill_retrieve_success").count(), 1 + ) - self.assertEqual(mock_validate_object_ownership.call_count, 1) + def test_verify_initial_data_ownership_raising_errors_causes_prefill_to_fail(self): + submission_step = SubmissionStepFactory.create( + submission__form=self.form_step.form, + form_step=self.form_step, + submission__auth_info__value="999990676", + submission__auth_info__attribute=AuthAttribute.bsn, + submission__initial_data_reference=self.object_ref, + ) - # Cannot compare with `.assert_has_calls`, because the client objects - # won't match - call = mock_validate_object_ownership.mock_calls[0] + with patch( + "openforms.prefill.contrib.objects_api.plugin.validate_object_ownership", + side_effect=PermissionDenied, + ) as mock_validate_object_ownership: + prefill_variables(submission=submission_step.submission) - self.assertEqual(call.args[0], submission_step.submission) - self.assertEqual( - call.args[1].base_url, - objects_api_group_used.objects_service.api_root, - ) - self.assertEqual(call.args[2], ["nested", "bsn"]) + self.assertEqual(mock_validate_object_ownership.call_count, 1) - logs = TimelineLogProxy.objects.filter( - object_id=submission_step.submission.id - ) - self.assertEqual( - logs.filter(extra_data__log_event="prefill_retrieve_success").count(), 0 - ) + # Cannot compare with `.assert_has_calls`, because the client objects + # won't match + call = mock_validate_object_ownership.mock_calls[0] + + self.assertEqual(call.args[0], submission_step.submission) self.assertEqual( - logs.filter(extra_data__log_event="prefill_retrieve_failure").count(), 1 + call.args[1].base_url, + self.objects_api_group_used.objects_service.api_root, ) + self.assertEqual(call.args[2], ["nested", "bsn"]) - with self.subTest( - "verify_initial_data_ownership does not raise errors if no API group is found" - ): - variable.prefill_options["objects_api_group"] = ( - ObjectsAPIGroupConfig.objects.last().pk + 1 - ) - variable.save() - submission_step = SubmissionStepFactory.create( - submission__form=form_step.form, - form_step=form_step, - submission__auth_info__value="999990676", - submission__auth_info__attribute=AuthAttribute.bsn, - submission__initial_data_reference=self.object_ref, - ) + logs = TimelineLogProxy.objects.filter(object_id=submission_step.submission.id) + self.assertEqual( + logs.filter(extra_data__log_event="prefill_retrieve_success").count(), 0 + ) + self.assertEqual( + logs.filter(extra_data__log_event="prefill_retrieve_failure").count(), 1 + ) - with patch( - "openforms.prefill.contrib.objects_api.plugin.validate_object_ownership", - ) as mock_validate_object_ownership: - prefill_variables(submission=submission_step.submission) + def test_verify_initial_data_ownership_missing_auth_attribute_path_causes_failing_prefill( + self, + ): + del self.variable.prefill_options["auth_attribute_path"] + self.variable.save() + submission_step = SubmissionStepFactory.create( + submission__form=self.form_step.form, + form_step=self.form_step, + submission__auth_info__value="999990676", + submission__auth_info__attribute=AuthAttribute.bsn, + submission__initial_data_reference=self.object_ref, + ) - self.assertEqual(mock_validate_object_ownership.call_count, 0) + with patch( + "openforms.prefill.contrib.objects_api.plugin.validate_object_ownership", + ) as mock_validate_object_ownership: + prefill_variables(submission=submission_step.submission) - logs = TimelineLogProxy.objects.filter( - object_id=submission_step.submission.id - ) - self.assertEqual( - logs.filter(extra_data__log_event="prefill_retrieve_success").count(), 0 - ) - # Prefilling fails, because the API group does not exist - self.assertEqual( - logs.filter(extra_data__log_event="prefill_retrieve_failure").count(), 1 - ) + self.assertEqual(mock_validate_object_ownership.call_count, 0) + + logs = TimelineLogProxy.objects.filter(object_id=submission_step.submission.id) + self.assertEqual( + logs.filter(extra_data__log_event="prefill_retrieve_success").count(), 0 + ) + self.assertEqual( + logs.filter(extra_data__log_event="prefill_retrieve_failure").count(), 1 + ) + self.assertEqual( + logs.filter( + extra_data__log_event="object_ownership_check_improperly_configured" + ).count(), + 1, + ) + + def test_verify_initial_data_ownership_does_not_raise_errors_without_api_group( + self, + ): + self.variable.prefill_options["objects_api_group"] = ( + ObjectsAPIGroupConfig.objects.last().pk + 1 + ) + self.variable.save() + submission_step = SubmissionStepFactory.create( + submission__form=self.form_step.form, + form_step=self.form_step, + submission__auth_info__value="999990676", + submission__auth_info__attribute=AuthAttribute.bsn, + submission__initial_data_reference=self.object_ref, + ) + + with patch( + "openforms.prefill.contrib.objects_api.plugin.validate_object_ownership", + ) as mock_validate_object_ownership: + prefill_variables(submission=submission_step.submission) + + self.assertEqual(mock_validate_object_ownership.call_count, 0) + + logs = TimelineLogProxy.objects.filter(object_id=submission_step.submission.id) + self.assertEqual( + logs.filter(extra_data__log_event="prefill_retrieve_success").count(), 0 + ) + # Prefilling fails, because the API group does not exist + self.assertEqual( + logs.filter(extra_data__log_event="prefill_retrieve_failure").count(), 1 + ) diff --git a/src/openforms/prefill/contrib/objects_api/tests/test_prefill.py b/src/openforms/prefill/contrib/objects_api/tests/test_prefill.py index 5fed373f62..60b521e08b 100644 --- a/src/openforms/prefill/contrib/objects_api/tests/test_prefill.py +++ b/src/openforms/prefill/contrib/objects_api/tests/test_prefill.py @@ -83,6 +83,7 @@ def test_prefill_values_happy_flow(self): {"variable_key": "lastName", "target_path": ["name", "last.name"]}, {"variable_key": "age", "target_path": ["age"]}, ], + "auth_attribute_path": ["bsn"], }, ) @@ -99,6 +100,8 @@ def test_prefill_values_happy_flow(self): def test_prefill_values_when_reference_not_found(self): submission = SubmissionFactory.from_components( + auth_info__value="111222333", + auth_info__attribute=AuthAttribute.bsn, initial_data_reference="048a37ca-a602-4158-9e60-9f06f3e47e2a", components_list=[ { @@ -124,6 +127,7 @@ def test_prefill_values_when_reference_not_found(self): {"variable_key": "lastName", "target_path": ["name", "last.name"]}, {"variable_key": "age", "target_path": ["age"]}, ], + "auth_attribute_path": ["bsn"], }, ) @@ -143,7 +147,7 @@ def test_prefill_values_when_reference_returns_empty_values(self): with get_objects_client(self.objects_api_group) as client: created_obj = client.create_object( record_data=prepare_data_for_registration( - data={}, + data={"bsn": "111222333"}, objecttype_version=3, ), objecttype_url="http://objecttypes-web:8000/api/v2/objecttypes/8e46e0a5-b1b4-449b-b9e9-fa3cea655f48", @@ -177,6 +181,7 @@ def test_prefill_values_when_reference_returns_empty_values(self): {"variable_key": "lastName", "target_path": ["name", "last.name"]}, {"variable_key": "age", "target_path": ["age"]}, ], + "auth_attribute_path": ["bsn"], }, ) diff --git a/src/openforms/registrations/contrib/objects_api/tests/test_initial_data_ownership_validation.py b/src/openforms/registrations/contrib/objects_api/tests/test_initial_data_ownership_validation.py index 3603959c20..51e72721d2 100644 --- a/src/openforms/registrations/contrib/objects_api/tests/test_initial_data_ownership_validation.py +++ b/src/openforms/registrations/contrib/objects_api/tests/test_initial_data_ownership_validation.py @@ -1,136 +1,169 @@ from unittest.mock import patch -from django.core.exceptions import PermissionDenied +from django.core.exceptions import ImproperlyConfigured, PermissionDenied from django.test import TestCase, tag from openforms.contrib.objects_api.tests.factories import ObjectsAPIGroupConfigFactory from openforms.forms.tests.factories import FormFactory, FormRegistrationBackendFactory +from openforms.logging.models import TimelineLogProxy from openforms.submissions.constants import PostSubmissionEvents from openforms.submissions.tasks.registration import pre_registration from openforms.submissions.tests.factories import SubmissionFactory -class ObjectsAPIPreRegistrationTests(TestCase): - @tag("gh-4398") - def test_verify_initial_data_ownership(self): - objects_api_group_used = ObjectsAPIGroupConfigFactory.create( +@tag("gh-4398") +class ObjectsAPIPrefillDataOwnershipCheckTests(TestCase): + def setUp(self): + super().setUp() + + self.objects_api_group_used = ObjectsAPIGroupConfigFactory.create( for_test_docker_compose=True ) - objects_api_group_unused = ObjectsAPIGroupConfigFactory.create() + self.objects_api_group_unused = ObjectsAPIGroupConfigFactory.create() + + self.form = FormFactory.create() - form = FormFactory.create() - # An objects API backend that is missing `auth_attribute_path` - FormRegistrationBackendFactory.create( - form=form, - backend="objects_api", - options={ - "version": 2, - "objecttype": "3edfdaf7-f469-470b-a391-bb7ea015bd6f", - "objects_api_group": objects_api_group_unused.pk, - "objecttype_version": 1, - }, - ) # An objects API backend with a different API group FormRegistrationBackendFactory.create( - form=form, + form=self.form, backend="objects_api", options={ "version": 2, "objecttype": "3edfdaf7-f469-470b-a391-bb7ea015bd6f", - "objects_api_group": objects_api_group_unused.pk, + "objects_api_group": self.objects_api_group_unused.pk, "objecttype_version": 1, "auth_attribute_path": ["bsn"], }, ) # Another backend that should be ignored - FormRegistrationBackendFactory.create(form=form, backend="email") + FormRegistrationBackendFactory.create(form=self.form, backend="email") # The backend that should be used to perform the check - FormRegistrationBackendFactory.create( - form=form, + self.backend = FormRegistrationBackendFactory.create( + form=self.form, backend="objects_api", options={ "version": 2, "objecttype": "3edfdaf7-f469-470b-a391-bb7ea015bd6f", - "objects_api_group": objects_api_group_used.pk, + "objects_api_group": self.objects_api_group_used.pk, "objecttype_version": 1, "auth_attribute_path": ["nested", "bsn"], }, ) - with self.subTest( - "verify_initial_data_ownership is not called if no initial_data_reference is specified" - ): - submission = SubmissionFactory.create( - form=form, - completed_not_preregistered=True, + def test_verify_initial_data_ownership_not_called_if_initial_data_reference_missing( + self, + ): + submission = SubmissionFactory.create( + form=self.form, + completed_not_preregistered=True, + ) + + with patch( + "openforms.registrations.contrib.objects_api.plugin.validate_object_ownership", + side_effect=PermissionDenied, + ) as mock_validate_object_ownership: + pre_registration(submission.id, PostSubmissionEvents.on_completion) + + mock_validate_object_ownership.assert_not_called() + + def test_verify_initial_data_ownership_called_if_initial_data_reference_specified( + self, + ): + submission = SubmissionFactory.create( + form=self.form, + completed_not_preregistered=True, + initial_data_reference="1234", + ) + + with patch( + "openforms.registrations.contrib.objects_api.plugin.validate_object_ownership" + ) as mock_validate_object_ownership: + pre_registration(submission.id, PostSubmissionEvents.on_completion) + + self.assertEqual(mock_validate_object_ownership.call_count, 2) + + # Cannot compare with `.assert_has_calls`, because the client objects + # won't match + call1, call2 = mock_validate_object_ownership.mock_calls + + self.assertEqual(call1.args[0], submission) + self.assertEqual( + call1.args[1].base_url, + self.objects_api_group_unused.objects_service.api_root, ) + self.assertEqual(call1.args[2], ["bsn"]) - with patch( - "openforms.registrations.contrib.objects_api.plugin.validate_object_ownership", - side_effect=PermissionDenied, - ) as mock_validate_object_ownership: + self.assertEqual(call2.args[0], submission) + self.assertEqual( + call2.args[1].base_url, + self.objects_api_group_used.objects_service.api_root, + ) + self.assertEqual(call2.args[2], ["nested", "bsn"]) + + def test_verify_initial_data_ownership_raising_error_causes_failing_pre_registration( + self, + ): + submission = SubmissionFactory.create( + form=self.form, + completed_not_preregistered=True, + initial_data_reference="1234", + ) + + with patch( + "openforms.registrations.contrib.objects_api.plugin.validate_object_ownership", + side_effect=PermissionDenied, + ) as mock_validate_object_ownership: + with self.assertRaises(PermissionDenied): pre_registration(submission.id, PostSubmissionEvents.on_completion) + self.assertEqual(mock_validate_object_ownership.call_count, 1) - mock_validate_object_ownership.assert_not_called() + # Cannot compare with `.assert_has_calls`, because the client objects + # won't match + call = mock_validate_object_ownership.mock_calls[0] - with self.subTest( - "verify_initial_data_ownership is called if initial_data_reference exists is specified" - ): - submission = SubmissionFactory.create( - form=form, - completed_not_preregistered=True, - initial_data_reference="1234", + self.assertEqual(call.args[0], submission) + self.assertEqual( + call.args[1].base_url, + self.objects_api_group_unused.objects_service.api_root, ) + self.assertEqual(call.args[2], ["bsn"]) + + def test_verify_initial_data_ownership_missing_auth_attribute_path_causes_failing_pre_registration( + self, + ): + del self.backend.options["auth_attribute_path"] + self.backend.save() + + submission = SubmissionFactory.create( + form=self.form, + completed_not_preregistered=True, + initial_data_reference="1234", + ) - with patch( - "openforms.registrations.contrib.objects_api.plugin.validate_object_ownership" - ) as mock_validate_object_ownership: + with patch( + "openforms.registrations.contrib.objects_api.plugin.validate_object_ownership", + ) as mock_validate_object_ownership: + with self.assertRaises(ImproperlyConfigured): pre_registration(submission.id, PostSubmissionEvents.on_completion) - self.assertEqual(mock_validate_object_ownership.call_count, 2) - - # Cannot compare with `.assert_has_calls`, because the client objects - # won't match - call1, call2 = mock_validate_object_ownership.mock_calls - - self.assertEqual(call1.args[0], submission) - self.assertEqual( - call1.args[1].base_url, - objects_api_group_unused.objects_service.api_root, - ) - self.assertEqual(call1.args[2], ["bsn"]) - - self.assertEqual(call2.args[0], submission) - self.assertEqual( - call2.args[1].base_url, - objects_api_group_used.objects_service.api_root, - ) - self.assertEqual(call2.args[2], ["nested", "bsn"]) - - with self.subTest( - "verify_initial_data_ownership raising error causes pre registration to fail" - ): - submission = SubmissionFactory.create( - form=form, - completed_not_preregistered=True, - initial_data_reference="1234", - ) + # Called once before crashing due to missing `auth_attribute_path` + self.assertEqual(mock_validate_object_ownership.call_count, 1) - with patch( - "openforms.registrations.contrib.objects_api.plugin.validate_object_ownership", - side_effect=PermissionDenied, - ) as mock_validate_object_ownership: - with self.assertRaises(PermissionDenied): - pre_registration(submission.id, PostSubmissionEvents.on_completion) - self.assertEqual(mock_validate_object_ownership.call_count, 1) - - # Cannot compare with `.assert_has_calls`, because the client objects - # won't match - call = mock_validate_object_ownership.mock_calls[0] - - self.assertEqual(call.args[0], submission) - self.assertEqual( - call.args[1].base_url, - objects_api_group_unused.objects_service.api_root, - ) - self.assertEqual(call.args[2], ["bsn"]) + # Cannot compare with `.assert_has_calls`, because the client objects + # won't match + call = mock_validate_object_ownership.mock_calls[0] + + self.assertEqual(call.args[0], submission) + self.assertEqual( + call.args[1].base_url, + self.objects_api_group_unused.objects_service.api_root, + ) + self.assertEqual(call.args[2], ["bsn"]) + + logs = TimelineLogProxy.objects.filter(object_id=submission.id) + self.assertEqual( + logs.filter( + extra_data__log_event="object_ownership_check_improperly_configured" + ).count(), + 1, + )