From 160e7c61b82a69f3385845e829d339a4a3338e8f Mon Sep 17 00:00:00 2001 From: Paul Schilling Date: Tue, 10 Dec 2024 12:54:20 +0100 Subject: [PATCH] [#2932] Skip KVK branch selection if vestigingsnummer already in session --- src/eherkenning/mock/backends.py | 2 - src/open_inwoner/accounts/backends.py | 2 - .../accounts/tests/test_oidc_views.py | 67 +++++++++++++++++++ src/open_inwoner/kvk/tests/test_views.py | 18 +++++ 4 files changed, 85 insertions(+), 4 deletions(-) diff --git a/src/eherkenning/mock/backends.py b/src/eherkenning/mock/backends.py index c076ecfe86..ad7a3b3866 100644 --- a/src/eherkenning/mock/backends.py +++ b/src/eherkenning/mock/backends.py @@ -22,8 +22,6 @@ class eHerkenningBackend(BaseBackend): } ) - # TODO: update mock to test retrieval/storage of vestigingsnummer - def get_or_create_user(self, request, kvk): created = False try: diff --git a/src/open_inwoner/accounts/backends.py b/src/open_inwoner/accounts/backends.py index d655b56e13..c5816254fb 100644 --- a/src/open_inwoner/accounts/backends.py +++ b/src/open_inwoner/accounts/backends.py @@ -5,7 +5,6 @@ from django.contrib.auth import get_user_model from django.contrib.auth.backends import ModelBackend from django.contrib.auth.hashers import check_password -from django.contrib.auth.models import AbstractUser from django.core.exceptions import SuspiciousOperation from django.urls import reverse, reverse_lazy @@ -13,7 +12,6 @@ from digid_eherkenning.oidc.backends import BaseBackend from mozilla_django_oidc_db.backends import OIDCAuthenticationBackend from mozilla_django_oidc_db.config import dynamic_setting -from mozilla_django_oidc_db.typing import JSONObject from oath import accept_totp from open_inwoner.configurations.models import SiteConfiguration diff --git a/src/open_inwoner/accounts/tests/test_oidc_views.py b/src/open_inwoner/accounts/tests/test_oidc_views.py index 3453c6a4d9..ac7934b469 100644 --- a/src/open_inwoner/accounts/tests/test_oidc_views.py +++ b/src/open_inwoner/accounts/tests/test_oidc_views.py @@ -2,6 +2,7 @@ from typing import Literal from unittest.mock import patch +from django.conf import settings from django.contrib.auth import get_user_model from django.core.exceptions import ValidationError from django.test import TestCase, modify_settings, override_settings @@ -1828,3 +1829,69 @@ def test_redirect_after_login_no_registration_and_no_branch_selection( profile_response = self.app.get(profile_response.url) self.assertEqual(profile_response.status_code, 200) + + @patch("open_inwoner.kvk.client.KvKClient.get_all_company_branches") + @patch("open_inwoner.utils.context_processors.SiteConfiguration") + @patch("mozilla_django_oidc_db.backends.OIDCAuthenticationBackend.get_userinfo") + @patch("mozilla_django_oidc_db.backends.OIDCAuthenticationBackend.store_tokens") + @patch("mozilla_django_oidc_db.backends.OIDCAuthenticationBackend.verify_token") + @patch("mozilla_django_oidc_db.backends.OIDCAuthenticationBackend.get_token") + @patch( + "open_inwoner.accounts.models.OpenIDEHerkenningConfig.get_solo", + return_value=OpenIDEHerkenningConfig( + id=1, + enabled=True, + legal_subject_claim=["kvk"], + oidc_op_authorization_endpoint="http://idp.local/auth", + ), + ) + def test_redirect_after_login_branch_already_selected( + self, + mock_get_solo, + mock_get_token, + mock_verify_token, + mock_store_tokens, + mock_get_userinfo, + mock_siteconfig, + mock_kvk, + ): + """ + KVK branch selection should be skipped if KVK_BRANCH_SESSION_VARIABLE is present in session + """ + user = eHerkenningUserFactory.create(kvk="12345678", rsin="123456789") + mock_get_userinfo.return_value = { + "sub": "some_username", + "kvk": "12345678", + } + mock_siteconfig.return_value = SiteConfiguration(id=1, eherkenning_enabled=True) + mock_kvk.return_value = [ + {"kvkNummer": "12345678"}, + {"kvkNummer": "87654321"}, + ] + + # initialize session with request + self.app.get("/") + session = self.app.session + session[KVK_BRANCH_SESSION_VARIABLE] = "1234" + session.save() + self.app.set_cookie(settings.SESSION_COOKIE_NAME, session.session_key) + + self.assertEqual(User.objects.count(), 1) + + redirect_url = reverse("profile:detail") + + callback_response = perform_oidc_login( + self.app, "eherkenning", redirect_url=redirect_url + ) + + user = User.objects.get() + + self.assertEqual(user.pk, int(self.app.session.get("_auth_user_id"))) + self.assertEqual(user.kvk, "12345678") + + self.assertRedirects( + callback_response, reverse("profile:detail"), fetch_redirect_response=False + ) + + response = self.app.get(callback_response.url) + self.assertEqual(response.status_code, 200) diff --git a/src/open_inwoner/kvk/tests/test_views.py b/src/open_inwoner/kvk/tests/test_views.py index 832559af2f..7d20d3b54f 100644 --- a/src/open_inwoner/kvk/tests/test_views.py +++ b/src/open_inwoner/kvk/tests/test_views.py @@ -183,6 +183,24 @@ def test_get_branches_page_one_branch_found_sets_branch_check_done( # Following redirect should not result in endless redirect self.assertEqual(response.status_code, 200) + def test_get_branches_page_skips_if_vestigingsnummer_present(self): + session = self.client.session + session[KVK_BRANCH_SESSION_VARIABLE] = "12345678" + session.save() + + self.client.force_login(user=self.user) + + response = self.client.get(self.url) + + self.assertEqual(response.status_code, 302) + self.assertEqual(response.url, reverse("pages-root")) + self.assertEqual(kvk_branch_selected_done(self.client.session), True) + + response = self.client.get(response.url) + + # Following redirect should not result in endless redirect + self.assertEqual(response.status_code, 200) + @patch("open_inwoner.kvk.client.KvKClient.get_all_company_branches") @patch( "open_inwoner.kvk.models.KvKConfig.get_solo",