Mijn-8373 bug (#1263)

* Encrypt uuid * Change bezwaren async detail page request * Update test data * Use SID
Amsterdam · Apr 26, 2024 · 2e0c999 · 2e0c999
1 parent cd1ad0b
commit 2e0c999
Show file tree

Hide file tree

Showing 15 changed files with 236 additions and 104 deletions.
diff --git a/src/client/pages/BezwarenDetail/BezwarenDetail.test.tsx b/src/client/pages/BezwarenDetail/BezwarenDetail.test.tsx
@@ -12,6 +12,7 @@ const testState = {
       {
         identificatie: 'BI.21.014121.001',
         uuid: '68cdd171-b4fd-44cc-a4d3-06b77341f20a',
+        uuidEncrypted: 'asdasd98asd098asdjalmsndas-d9aps9dapsdja.sdasd',
         startdatum: '2023-04-25',
         bezwaarnummer: 'BI.21.014121.001',
         zaakkenmerk: 'ghi.abc.def',
@@ -38,7 +39,7 @@ const testState = {
   },
   BEZWAREN_BAG: {
     abc: null,
-    '68cdd171-b4fd-44cc-a4d3-06b77341f20a': {
+    'asdasd98asd098asdjalmsndas-d9aps9dapsdja.sdasd': {
       statussen: [
         {
           uuid: 'b62fdaa9-f7ec-45d1-b23c-7f36fa00b393',

diff --git a/src/client/pages/BezwarenDetail/BezwarenDetail.tsx b/src/client/pages/BezwarenDetail/BezwarenDetail.tsx
@@ -43,27 +43,80 @@ const loadingContentBarConfig2: BarConfig = [
   ['30rem', '4rem', '2rem'],
 ];
 
-const BezwarenDetail = () => {
-  const { BEZWAREN } = useAppStateGetter();
-  const { uuid } = useParams<{ uuid: string }>();
-
-  const bezwaar = BEZWAREN.content?.find((b) => b.uuid === uuid) ?? null;
+interface BezwarenDetailPartialProps {
+  uuidEncrypted: string;
+}
 
+function BezwarenDetailPartial({ uuidEncrypted }: BezwarenDetailPartialProps) {
   const [bezwaarDetail, api] = useAppStateBagApi<BezwaarDetail | null>({
-    url: `${BFFApiUrls.BEZWAREN_DETAIL}/${uuid}`,
+    url: `${BFFApiUrls.BEZWAREN_DETAIL}/${uuidEncrypted}`,
     bagChapter: BagChapters.BEZWAREN,
-    key: uuid,
+    key: uuidEncrypted,
   });
 
-  const noContent = !isLoading(BEZWAREN) && !bezwaar;
   const documents = bezwaarDetail?.documents ?? [];
   const statussen = bezwaarDetail?.statussen ?? [];
+
   const documentCategories = uniqueArray(
     documents.map((d) => d.dossiertype).filter(Boolean)
   ).sort();
 
   const isSmallScreen = usePhoneScreen();
 
+  return (
+    <>
+      <PageContent>
+        {documentCategories.length > 0 && (
+          <>
+            {documentCategories.map((category) => {
+              const docs = documents.filter((d) => d.dossiertype === category);
+              return (
+                <InfoDetailGroup
+                  key={category}
+                  label={
+                    <div className={styles.DocumentListHeader}>
+                      <InfoDetailHeading
+                        label={`Document${
+                          documents.length > 1 ? 'en' : ''
+                        } ${category.toLowerCase()}`}
+                      />
+                      {!isSmallScreen && (
+                        <span className={styles.DocumentListHeader_Date}>
+                          Datum
+                        </span>
+                      )}
+                    </div>
+                  }
+                >
+                  <DocumentList documents={docs} showDatePublished />
+                </InfoDetailGroup>
+              );
+            })}
+          </>
+        )}
+        {api.isLoading && (
+          <>
+            <Heading level={4} size="level-4">
+              Status
+            </Heading>
+            <LoadingContent barConfig={loadingContentBarConfig2} />
+          </>
+        )}
+      </PageContent>
+      {!!bezwaarDetail && (
+        <BezwarenStatusLines id={uuidEncrypted} statussen={statussen} />
+      )}
+    </>
+  );
+}
+
+function BezwarenDetail() {
+  const { BEZWAREN } = useAppStateGetter();
+  const { uuid } = useParams<{ uuid: string }>();
+
+  const bezwaar = BEZWAREN.content?.find((b) => b.uuid === uuid) ?? null;
+  const noContent = !isLoading(BEZWAREN) && !bezwaar;
+
   return (
     <DetailPage>
       <PageHeading
@@ -78,7 +131,7 @@ const BezwarenDetail = () => {
       </PageHeading>
 
       <PageContent>
-        {(isError(BEZWAREN) || noContent || api.isError) && (
+        {(isError(BEZWAREN) || noContent) && (
           <ErrorAlert>We kunnen op dit moment geen gegevens tonen.</ErrorAlert>
         )}
         {!!bezwaar && (
@@ -111,52 +164,14 @@ const BezwarenDetail = () => {
             {bezwaar.einddatum && bezwaar.resultaat && (
               <InfoDetail label="Resultaat bezwaar" value={bezwaar.resultaat} />
             )}
-            {documentCategories.length > 0 && (
-              <>
-                {documentCategories.map((category) => {
-                  const docs = documents.filter(
-                    (d) => d.dossiertype === category
-                  );
-                  return (
-                    <InfoDetailGroup
-                      key={category}
-                      label={
-                        <div className={styles.DocumentListHeader}>
-                          <InfoDetailHeading
-                            label={`Document${
-                              documents.length > 1 ? 'en' : ''
-                            } ${category.toLowerCase()}`}
-                          />
-                          {!isSmallScreen && (
-                            <span className={styles.DocumentListHeader_Date}>
-                              Datum
-                            </span>
-                          )}
-                        </div>
-                      }
-                    >
-                      <DocumentList documents={docs} showDatePublished />
-                    </InfoDetailGroup>
-                  );
-                })}
-              </>
-            )}
           </>
         )}
       </PageContent>
-      {api.isLoading && (
-        <PageContent>
-          <Heading level={4} size="level-4">
-            Status
-          </Heading>
-          <LoadingContent barConfig={loadingContentBarConfig2} />
-        </PageContent>
-      )}
-      {!!bezwaarDetail && !!bezwaar?.uuid && (
-        <BezwarenStatusLines id={bezwaar.uuid} statussen={statussen} />
+      {!!bezwaar?.uuidEncrypted && (
+        <BezwarenDetailPartial uuidEncrypted={bezwaar.uuidEncrypted} />
       )}
     </DetailPage>
   );
-};
+}
 
 export default BezwarenDetail;
diff --git a/src/client/pages/BezwarenDetail/BezwarenStatusLines.tsx b/src/client/pages/BezwarenDetail/BezwarenStatusLines.tsx
@@ -30,7 +30,6 @@ const BezwarenStatusLines = ({
 
   return (
     <StatusLine
-      className=""
       trackCategory="Bezwaar detail / status"
       items={statusLineItems}
       id={`bezwaar-detail-${id}`}

diff --git a/src/client/pages/BezwarenDetail/__snapshots__/BezwarenDetail.test.tsx.snap b/src/client/pages/BezwarenDetail/__snapshots__/BezwarenDetail.test.tsx.snap
@@ -276,6 +276,10 @@ exports[`BezwarenDetail > With result > Matches the Full Page snapshot 1`] = `
           </div>
         </div>
       </div>
+    </div>
+    <div
+      class="_PageContent_47d7c0"
+    >
       <div
         class="_InfoDetailGroup_6f1df2"
       >

diff --git a/src/server/router-protected.ts b/src/server/router-protected.ts
@@ -92,12 +92,12 @@ router.get(
       authProfileAndToken,
       req.params.id
     );
+
     if (
       documentResponse.status === 'ERROR' ||
       !documentResponse.content?.data
     ) {
-      res.status(500);
-      return res.send(documentResponse);
+      return res.status(500).send(documentResponse);
     }
 
     res.type(documentResponse.content.mimetype ?? 'application/pdf');

diff --git a/src/server/services/bezwaren/__snapshots__/bezwaren.test.ts.snap b/src/server/services/bezwaren/__snapshots__/bezwaren.test.ts.snap
@@ -24,6 +24,7 @@ exports[`Bezwaren > fetch bezwaren > should return data in expected format 1`] =
       "statussen": [],
       "toelichting": "Lange uitleg over het bezwaar. Kan dus veel tekst hebben want is vrije invoer.",
       "uuid": "68cdd171-b4fd-44cc-a4d3-06b77341f20a",
+      "uuidEncrypted": "test-encrypted-id",
       "zaakkenmerk": "ghi.abc.def",
     },
     {
@@ -47,6 +48,7 @@ exports[`Bezwaren > fetch bezwaren > should return data in expected format 1`] =
       "statussen": [],
       "toelichting": "",
       "uuid": "9804b064-90a3-43b0-bc7c-924f9939888d",
+      "uuidEncrypted": "test-encrypted-id",
       "zaakkenmerk": "abc.def",
     },
     {
@@ -70,6 +72,7 @@ exports[`Bezwaren > fetch bezwaren > should return data in expected format 1`] =
       "statussen": [],
       "toelichting": "Met toelichting",
       "uuid": "cc117d91-1b00-4bae-bbdd-9ea3a6d6d185",
+      "uuidEncrypted": "test-encrypted-id",
       "zaakkenmerk": "123.abc.def",
     },
     {
@@ -93,6 +96,7 @@ exports[`Bezwaren > fetch bezwaren > should return data in expected format 1`] =
       "statussen": [],
       "toelichting": "Met toelichting",
       "uuid": "956541b6-7a25-4132-9592-0a509bc7ace0",
+      "uuidEncrypted": "test-encrypted-id",
       "zaakkenmerk": "321.abc.def",
     },
   ],

diff --git a/src/server/services/bezwaren/bezwaren.test.ts b/src/server/services/bezwaren/bezwaren.test.ts
@@ -18,7 +18,7 @@ vi.mock('../../../universal/helpers/encrypt-decrypt', async (requireActual) => {
   return {
     ...((await requireActual()) as object),
     encrypt: () => {
-      return ['session-id', 'test-encrypted-id'];
+      return ['test-encrypted-id'];
     },
     decrypt: () => 'session-id:e6ed38c3-a44a-4c16-97c1-89d7ebfca095',
   };
@@ -194,5 +194,25 @@ describe('Bezwaren', () => {
       expect(res.content?.statussen?.length).toBeGreaterThan(0);
       expect(res.content?.documents?.length).toBeGreaterThan(0);
     });
+
+    it('should fail to fetch more results', async () => {
+      const res = await fetchBezwaarDetail(
+        requestId,
+        {
+          ...profileAndToken,
+          profile: { ...profileAndToken.profile, sid: 'nope' },
+        },
+        'xxx'
+      );
+
+      expect(res).toMatchInlineSnapshot(`
+        {
+          "code": 401,
+          "content": null,
+          "message": "Not authorized",
+          "status": "ERROR",
+        }
+      `);
+    });
   });
 });
diff --git a/src/server/services/bezwaren/bezwaren.ts b/src/server/services/bezwaren/bezwaren.ts
@@ -86,15 +86,13 @@ function getZaakUrl(zaakId: string) {
 }
 
 function transformBezwarenDocumentsResults(
+  sessionID: AuthProfileAndToken['profile']['sid'],
   response: BezwarenSourceResponse<BezwaarSourceDocument>
 ): BezwaarDocument[] {
   if (Array.isArray(response.results)) {
     return response.results.map(
       ({ bestandsnaam, identificatie, dossiertype, verzenddatum }) => {
-        const [documentIdEncrypted] = encrypt(
-          identificatie,
-          process.env.BFF_GENERAL_ENCRYPTION_KEY ?? ''
-        );
+        const [documentIdEncrypted] = encrypt(`${sessionID}:${identificatie}`);
         return {
           id: documentIdEncrypted,
           title: bestandsnaam,
@@ -166,7 +164,11 @@ export async function fetchBezwarenDocuments(
   return requestData<BezwaarDocument[]>(
     getApiConfig('BEZWAREN_DOCUMENTS', {
       params,
-      transformResponse: transformBezwarenDocumentsResults,
+      transformResponse: (responseData) =>
+        transformBezwarenDocumentsResults(
+          authProfileAndToken.profile.sid,
+          responseData
+        ),
       headers: await getBezwarenApiHeaders(authProfileAndToken),
     }),
     zaakId
@@ -184,6 +186,7 @@ function getKenmerkValue(kenmerken: Kenmerk[], kenmerk: kenmerkKey) {
 }
 
 function transformBezwarenResults(
+  sessionID: AuthProfileAndToken['profile']['sid'],
   response: BezwarenSourceResponse<BezwaarSourceData>
 ): BezwaarResponse {
   const results = response.results;
@@ -197,11 +200,14 @@ function transformBezwarenResults(
             'besluitdatum'
           );
 
+          const [idEncrypted] = encrypt(`${sessionID}:${bezwaarBron.uuid}`);
+
           const bezwaar: Bezwaar = {
             identificatie: bezwaarBron.identificatie,
             zaakkenmerk:
               getKenmerkValue(bezwaarBron.kenmerken, 'zaakkenmerk') ?? '',
             uuid: bezwaarBron.uuid,
+            uuidEncrypted: idEncrypted,
             startdatum: bezwaarBron.startdatum,
             ontvangstdatum: bezwaarBron.registratiedatum,
             omschrijving: bezwaarBron.omschrijving,
@@ -259,7 +265,8 @@ export async function fetchBezwaren(
   const requestConfig = getApiConfig('BEZWAREN_LIST', {
     data: requestBody,
     params,
-    transformResponse: transformBezwarenResults,
+    transformResponse: (responseData) =>
+      transformBezwarenResults(authProfileAndToken.profile.sid, responseData),
     headers: await getBezwarenApiHeaders(authProfileAndToken),
   });
 
@@ -359,9 +366,15 @@ export async function fetchBezwaarDetail(
   authProfileAndToken: AuthProfileAndToken,
   zaakIdEncrypted: string
 ) {
-  const [sessionID, zaakId] = decrypt(zaakIdEncrypted).split(':');
+  let sessionID;
+  let zaakId;
+  try {
+    [sessionID, zaakId] = decrypt(zaakIdEncrypted).split(':');
+  } catch (error) {
+    captureException(error);
+  }
 
-  if (sessionID !== authProfileAndToken.profile.sid) {
+  if (!zaakId || sessionID !== authProfileAndToken.profile.sid) {
     return apiErrorResult('Not authorized', null, 401);
   }
 
@@ -399,12 +412,16 @@ export async function fetchBezwaarDocument(
   documentIdEncrypted: string,
   isDownload: boolean = true
 ) {
-  const [sessionID, documentId] = decrypt(
-    documentIdEncrypted,
-    process.env.BFF_GENERAL_ENCRYPTION_KEY ?? ''
-  ).split(':');
+  let sessionID: string = '';
+  let documentId: string = '';
+
+  try {
+    [sessionID, documentId] = decrypt(documentIdEncrypted).split(':');
+  } catch (error) {
+    captureException(error);
+  }
 
-  if (sessionID !== authProfileAndToken.profile.sid) {
+  if (!documentId || sessionID !== authProfileAndToken.profile.sid) {
     return apiErrorResult('Not authorized', null, 401);
   }
 

diff --git a/src/server/services/bezwaren/types.ts b/src/server/services/bezwaren/types.ts
@@ -43,6 +43,7 @@ export type Bezwaar = {
   identificatie: string;
   zaakkenmerk: string;
   uuid: string;
+  uuidEncrypted: string;
   startdatum: string;
   ontvangstdatum: string;
   omschrijving: string | null;
-Original file line number
+Diff line change
@@ Expand Up @@
               </div>
             </div>
           </div>
+        </div>
+        <div
+          class="_PageContent_47d7c0"
+        >
           <div
             class="_InfoDetailGroup_6f1df2"
           >
@@ Expand Down @@