maykinmedia · swrichards · Jan 15, 2025 · Jan 15, 2025 · Jan 15, 2025 · Jan 14, 2025
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -208,6 +208,9 @@ jobs:
     name: Check that documentation for configuration steps is up-to-date
     runs-on: ubuntu-latest
 
+    # Skip until setup-configuration is updated
+    if: false
+
     steps:
       - uses: actions/checkout@v3
         with:

diff --git a/requirements/base.txt b/requirements/base.txt
@@ -44,7 +44,6 @@ celery-once==3.0.1
     # via -r requirements/base.in
 certifi==2023.11.17
     # via
-    #   django-simple-certmanager
     #   elastic-apm
     #   elasticsearch
     #   requests
@@ -190,8 +189,10 @@ django-csp==3.7
     # via -r requirements/base.in
 django-csp-reports==1.8.1
     # via -r requirements/base.in
-django-digid-eherkenning[oidc]==0.16.0
-    # via -r requirements/base.in
+django-digid-eherkenning[oidc]==0.19.2
+    # via
+    #   -r requirements/base.in
+    #   django-digid-eherkenning
 django-elasticsearch-dsl==7.4
     # via -r requirements/base.in
 django-extra-fields==3.0.2
@@ -258,7 +259,7 @@ django-sessionprofile==1.0
     #   django-digid-eherkenning
 django-setup-configuration==0.3.0
     # via -r requirements/base.in
-django-simple-certmanager==1.4.1
+django-simple-certmanager==2.4.1
     # via
     #   django-digid-eherkenning
     #   zgw-consumers
@@ -405,7 +406,7 @@ messagebird==2.1.0
     # via -r requirements/base.in
 mozilla-django-oidc==4.0.1
     # via mozilla-django-oidc-db
-mozilla-django-oidc-db==0.19.0
+mozilla-django-oidc-db==0.21.1
     # via
     #   -r requirements/base.in
     #   django-digid-eherkenning
@@ -456,7 +457,6 @@ pyjwt==2.8.0
 pyopenssl==24.0.0
     # via
     #   -r requirements/base.in
-    #   django-simple-certmanager
     #   josepy
     #   webauthn
 pyphen==0.12.0

diff --git a/requirements/ci.txt b/requirements/ci.txt
@@ -92,7 +92,6 @@ certifi==2023.11.17
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
-    #   django-simple-certmanager
     #   elastic-apm
     #   elasticsearch
     #   requests
@@ -314,7 +313,7 @@ django-csp-reports==1.8.1
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
-django-digid-eherkenning[oidc]==0.16.0
+django-digid-eherkenning[oidc]==0.19.2
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
@@ -442,7 +441,7 @@ django-setup-configuration==0.3.0
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
-django-simple-certmanager==1.4.1
+django-simple-certmanager==2.4.1
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
@@ -749,7 +748,7 @@ mozilla-django-oidc==4.0.1
     #   -c requirements/base.txt
     #   -r requirements/base.txt
     #   mozilla-django-oidc-db
-mozilla-django-oidc-db==0.19.0
+mozilla-django-oidc-db==0.21.1
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
@@ -879,7 +878,6 @@ pyopenssl==24.0.0
     #   -c requirements/base.txt
     #   -r requirements/base.txt
     #   -r requirements/test-tools.in
-    #   django-simple-certmanager
     #   josepy
     #   webauthn
 pyphen==0.12.0

diff --git a/requirements/dev.txt b/requirements/dev.txt
@@ -114,7 +114,6 @@ certifi==2023.11.17
     # via
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
-    #   django-simple-certmanager
     #   elastic-apm
     #   elasticsearch
     #   geventhttpclient
@@ -356,7 +355,7 @@ django-csp-reports==1.8.1
     #   -r requirements/ci.txt
 django-debug-toolbar==3.2.2
     # via -r requirements/dev.in
-django-digid-eherkenning[oidc]==0.16.0
+django-digid-eherkenning[oidc]==0.19.2
     # via
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
@@ -488,7 +487,7 @@ django-setup-configuration==0.3.0
     #   -r requirements/ci.txt
 django-silk==5.1.0
     # via -r requirements/dev.in
-django-simple-certmanager==1.4.1
+django-simple-certmanager==2.4.1
     # via
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
@@ -851,7 +850,7 @@ mozilla-django-oidc==4.0.1
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
     #   mozilla-django-oidc-db
-mozilla-django-oidc-db==0.19.0
+mozilla-django-oidc-db==0.21.1
     # via
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
@@ -1019,7 +1018,6 @@ pyopenssl==24.0.0
     # via
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
-    #   django-simple-certmanager
     #   josepy
     #   webauthn
 pyphen==0.12.0

diff --git a/src/open_inwoner/accounts/tests/test_auth.py b/src/open_inwoner/accounts/tests/test_auth.py
@@ -287,6 +287,7 @@ def test_notification_settings_with_cms_page_published(self, m):
         necessary_form[
             "case_notification_channel"
         ] = NotificationChannelChoice.digital_only
+        necessary_form["email"] = "foo@bar.com"
         necessary_form.submit()
 
         user = User.objects.get(bsn=data["auth_name"])
@@ -304,12 +305,13 @@ def test_notification_settings_with_cms_page_published(self, m):
         self.assertEqual(
             klant_patch_data,
             {
+                "emailadres": "foo@bar.com",
                 "toestemmingZaakNotificatiesAlleenDigitaal": True,
             },
         )
         # only check logs for klant api update
         dump = self.getTimelineLogDump()
-        msg = "patched klant from user profile edit with fields: toestemmingZaakNotificatiesAlleenDigitaal"
+        msg = "patched klant from user profile edit with fields: emailadres, toestemmingZaakNotificatiesAlleenDigitaal"
         assert msg in dump
 
     @requests_mock.Mocker()
@@ -507,6 +509,72 @@ def test_existing_user_digid_login_fails_brp_update_when_brp_http_404(self, m):
 
         self.assertNotEqual(user.first_name, "UpdatedName")
 
+    @requests_mock.Mocker()
+    def test_user_without_klant_is_created_and_updated(self, m):
+        """
+        Assert that if no klant exists during the filling of the necessary fields form,
+        the klant is created and updated with the writable fields (though not with
+        the toestemmingZaakNotificatiesAlleenDigitaal by default, which is tested
+        above).
+        """
+        MockAPIReadPatchData.setUpServices()
+        mock_api_data = MockAPIReadPatchData().install_mocks(m)
+
+        # reset noise from signals
+        m.reset_mock()
+        self.clearTimelineLogs()
+
+        invite = InviteFactory()
+
+        url = reverse("digid-mock:password")
+        params = {
+            "acs": reverse("acs"),
+            "next": f"{reverse('profile:registration_necessary')}?invite={invite.key}",
+        }
+        url = f"{url}?{urlencode(params)}"
+
+        data = {
+            "auth_name": mock_api_data.user_without_klant.bsn,
+            "auth_pass": "bar",
+        }
+
+        # post our password to the IDP
+        response = self.app.post(url, data).follow().follow()
+
+        necessary_form = response.forms["necessary-form"]
+
+        self.assertNotIn("cases_notifications", necessary_form.fields)
+        self.assertNotIn("messages_notifications", necessary_form.fields)
+
+        necessary_form["email"] = "foo@bar.com"
+        necessary_form.submit()
+
+        # klant did not exist, so is created
+        klant_post_data = mock_api_data.matchers[3].request_history[0].json()
+        self.assertEqual(
+            klant_post_data,
+            {"subjectIdentificatie": {"inpBsn": "665155311"}},
+        )
+
+        # klant is patched with email address
+        klant_patch_data = mock_api_data.matchers[4].request_history[0].json()
+        self.assertEqual(
+            klant_patch_data,
+            {
+                "emailadres": "foo@bar.com",
+                # Not enabled
+                # "toestemmingZaakNotificatiesAlleenDigitaal": True,
+            },
+        )
+
+        # ensure klant operations are logged
+        dump = self.getTimelineLogDump()
+        for msg in (
+            "created klant (87654321) for user",
+            "patched klant from user profile edit with fields: emailadres",
+        ):
+            assert msg in dump
+
 
 @override_settings(ROOT_URLCONF="open_inwoner.cms.tests.urls")
 class eHerkenningRegistrationTest(AssertRedirectsMixin, WebTest):

diff --git a/src/open_inwoner/accounts/views/registration.py b/src/open_inwoner/accounts/views/registration.py
@@ -1,7 +1,9 @@
+import logging
 from urllib.parse import unquote
 
 from django.contrib import messages
 from django.contrib.auth.mixins import LoginRequiredMixin
+from django.core.exceptions import ImproperlyConfigured
 from django.http import HttpResponseRedirect
 from django.shortcuts import get_object_or_404, redirect
 from django.urls import NoReverseMatch, reverse
@@ -11,9 +13,7 @@
 from django_registration.backends.one_step.views import RegistrationView
 from furl import furl
 
-from open_inwoner.accounts.choices import NotificationChannelChoice
-from open_inwoner.accounts.views.mixins import KlantenAPIMixin
-from open_inwoner.configurations.models import SiteConfiguration
+from open_inwoner.openklant.services import eSuiteKlantenService
 from open_inwoner.utils.views import CommonPageMixin, LogMixin
 
 from ...mail.verification import send_user_email_verification_mail
@@ -22,6 +22,8 @@
 from ..forms import CustomRegistrationForm, NecessaryUserForm
 from ..models import Invite, OpenIDDigiDConfig, OpenIDEHerkenningConfig, User
 
+logger = logging.getLogger(__name__)
+
 
 class InviteMixin(CommonPageMixin):
     def get_initial(self):
@@ -136,7 +138,6 @@ def get(self, request, *args, **kwargs):
 class NecessaryFieldsUserView(
     LogMixin,
     LoginRequiredMixin,
-    KlantenAPIMixin,
     InviteMixin,
     UpdateView,
 ):
@@ -164,7 +165,7 @@ def get_form_kwargs(self):
     def form_valid(self, form):
         user = form.save()
 
-        self.update_klant({k: form.cleaned_data[k] for k in form.changed_data})
+        self.update_klant(form)
 
         invite = form.cleaned_data["invite"]
         if invite:
@@ -186,18 +187,34 @@ def get_initial(self):
 
         return initial
 
-    def update_klant(self, user_form_data: dict):
-        config = SiteConfiguration.get_solo()
-        if not config.enable_notification_channel_choice:
+    def update_klant(self, form: NecessaryUserForm):
+        try:
+            service = eSuiteKlantenService()
+        except ImproperlyConfigured:
+            logger.info("Unable to build KlantenService")
             return
 
-        if notification_channel := user_form_data.get("case_notification_channel"):
-            self.patch_klant(
-                update_data={
-                    "toestemmingZaakNotificatiesAlleenDigitaal": notification_channel
-                    == NotificationChannelChoice.digital_only
-                }
+        user = form.instance
+
+        klant, _ = service.get_or_create_klant(
+            user=user, fetch_params=service.get_fetch_parameters(user=user)
+        )
+
+        if not klant:
+            logger.error(
+                "Unable to create klant during post-registration sync",
+                extra={"user": user},
             )
+            return
+
+        update_fields = ["emailadres"]
+        if "phonenumber" in form.cleaned_data.keys():
+            update_fields.append("telefoonnummer")
+
+        if "case_notification_channel" in form.cleaned_data.keys():
+            update_fields.append("toestemmingZaakNotificatiesAlleenDigitaal")
+
+        service.update_klant_from_user(klant, user, update_fields=update_fields)
 
 
 class EmailVerificationUserView(LogMixin, LoginRequiredMixin, TemplateView):

diff --git a/src/open_inwoner/configurations/tests/bootstrap/__init__.py b/src/open_inwoner/configurations/tests/bootstrap/__init__.py