test of change request

src/Authentication/Services/ChangeRequestSystemUserService.cs

@@ -2,6 +2,7 @@
 using System.Collections.Generic;
 using System.Diagnostics.Metrics;
 using System.Linq;
+using System.Text.Json;
 using System.Threading;
 using System.Threading.Tasks;
 using Altinn.Authentication.Core.Clients.Interfaces;
@@ -24,13 +25,15 @@
 using Altinn.Urn;
 using Altinn.Urn.Json;
 using Microsoft.AspNetCore.Authentication;
+using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 
 namespace Altinn.Platform.Authentication.Services;
 #nullable enable
 
 /// <inheritdoc/>
 public class ChangeRequestSystemUserService(
+    ILogger<ChangeRequestSystemUserService> logger,
     ISystemRegisterService systemRegisterService,
     IPartiesClient partiesClient,
     ISystemRegisterRepository systemRegisterRepository,
@@ -57,7 +60,16 @@
             return validationSet.Problem;
         }
 
-        var verified = await VerifySetOfRights(createRequest, vendorOrgNo);
+        Result<ChangeRequestResponse> verified = await VerifySetOfRights(createRequest, vendorOrgNo);
+        if (verified.IsProblem) 
+        {
+            return verified.Problem;
+        }
+
+        if (verified.Value.Status == ChangeRequestStatus.NoChangeNeeded.ToString())
+        {
+            return verified.Value;
+        }
 
         if (createRequest.RedirectUrl is not null && createRequest.RedirectUrl != string.Empty)
         {
@@ -635,7 +647,9 @@
         return new ChangeRequestResponse()
         {
             Id = Guid.NewGuid(),
-            ExternalRef = verifyRequest.ExternalRef,
+
+            // ExternalRef = verifyRequest.ExternalRef,
+            ExternalRef = JsonSerializer.Serialize(res.Value),
             SystemId = verifyRequest.SystemId,
             SystemUserId = Guid.Parse(valSet.Value.SystemUser.Id),
             PartyOrgNo = verifyRequest.PartyOrgNo,
@@ -795,7 +809,9 @@
                 }
             }
         };
+        var req = request.ToString();
+        logger.LogError($"SystemUser-ChangeRequest: {req} OrgNo: {systemUser.ReporteeOrgNo}");
 
         return await PDPClient.GetDecisionForRequest(request);
     }
 }

test/Altinn.Platform.Authentication.SystemIntegrationTests/Altinn.Platform.Authentication.SystemIntegrationTests.csproj

@@ -28,6 +28,9 @@
       <None Update="Resources\Testdata\Systemregister\TilgangslisteTest.json">
         <CopyToOutputDirectory>Always</CopyToOutputDirectory>
       </None>
+      <None Update="Resources\Testdata\SystemUser\CreateChangeRequest.json">
+        <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+      </None>
       <None Update="Resources\Testdata\SystemUser\RequestSystemUser.json">
         <CopyToOutputDirectory>Always</CopyToOutputDirectory>
       </None>

test/Altinn.Platform.Authentication.SystemIntegrationTests/Clients/PlatformAuthenticationClient.cs

@@ -42,10 +42,14 @@ public async Task<HttpResponseMessage> PostAsync(string endpoint, string body, s
         client.DefaultRequestHeaders.Authorization =
             new AuthenticationHeaderValue("Bearer", token);
 
-        HttpContent content = new StringContent(body, System.Text.Encoding.UTF8, "application/json");
+        if (body is not null && body != string.Empty)
+        {
+            HttpContent content = new StringContent(body, System.Text.Encoding.UTF8, "application/json");
+            return await client.PostAsync($"{BaseUrl}/{endpoint}", content);
+        }
 
-        var response = await client.PostAsync($"{BaseUrl}/{endpoint}", content);
-        return response;
+        return await client.PostAsync($"{BaseUrl}/{endpoint}", null);
+
     }
 
     /// <summary>

test/Altinn.Platform.Authentication.SystemIntegrationTests/Resources/Testdata/SystemUser/CreateChangeRequest.json

@@ -0,0 +1,25 @@
+{
+  "external_ref": "312605031",
+  "systemId": "{systemId}",
+  "partyOrgNo": "312605031",
+  "requiredRights": [
+    {
+      "resource": [
+        {
+          "id": "urn:altinn:resource",
+          "value": "kravogbetaling"
+        }
+      ]
+    },
+    {
+      "resource": [
+        {
+          "id": "urn:altinn:resource",
+          "value": "ske-innrapportering-boligsameie"
+        }
+      ]
+    }
+  ],
+  "unwantedRights": [],
+  "redirectUrl": "{redirectUrl}"
+}

test/Altinn.Platform.Authentication.SystemIntegrationTests/Resources/Testdata/Systemregister/CreateNewSystem.json

@@ -21,6 +21,14 @@
           "value": "kravogbetaling"
         }
       ]
+    },
+    {
+      "Resource": [
+        {
+          "id": "urn:altinn:resource",
+          "value": "ske-innrapportering-boligsameie"
+        }
+      ]
     }
   ],
   "allowedRedirectUrls": [

test/Altinn.Platform.Authentication.SystemIntegrationTests/Tests/SystemUserTests.cs

@@ -84,7 +84,7 @@
     /// Reported bug: https://github.com/Altinn/altinn-authentication/issues/848
     /// </summary>
     // [Fact]
     public async Task GetCreatedSystemUser()
     {
         const string alternativeParty = "50891151";
 
@@ -195,11 +195,94 @@
         Assert.Equal(HttpStatusCode.OK, resp.StatusCode);
     }
 
+    /// <summary>
+    /// https://github.com/Altinn/altinn-authentication/issues/791
+    /// API for creating a change request for System User
+    /// </summary>
+    [Fact]
+    public async Task PostChangeRequestSystemUserAndApproveReturnSuccess()
+    {
+        // Prerequisite-step
+        var maskinportenToken = await _platformClient.GetToken();
+
+        var teststate = new SystemRegisterState()
+            .WithClientId(Guid.NewGuid()
+                .ToString()) //For a real case it should use a maskinporten client id, but that means you cant post the same system again
+            .WithVendor("312605031")
+            .WithResource(value: "kravogbetaling", id: "urn:altinn:resource")
+            .WithRedirectUrl("https://altinn.no")
+            .WithToken(maskinportenToken);
+
+        var response = await _systemRegisterClient.PostSystem(teststate);
+        Assert.True(response.IsSuccessStatusCode, response.ReasonPhrase);
+
+        // Prepare New Request for a new SystemUser from a Vendor
+        var body = await Helper.ReadFile("Resources/Testdata/SystemUser/CreateRequest.json");
+        body = body
+            .Replace("{systemId}", teststate.SystemId)
+            .Replace("{redirectUrl}", teststate.RedirectUrl);
+
+        var respons =
+            await _platformClient.PostAsync("authentication/api/v1/systemuser/request/vendor", body,
+                maskinportenToken);
+
+        var content = await respons.Content.ReadAsStringAsync();
+        Assert.True(HttpStatusCode.Created == respons.StatusCode,
+            $"Status code was not Created, but: {respons.StatusCode} -  {content}");
+
+        // Prepare Approve Request by end user
+        var requestId = JObject.Parse(content)["id"].ToString();
+
+        const string party = "50692553";
+        var manager = new AltinnUser
+        {
+            userId = "20012772",
+            partyId = "51670464",
+            pid = "64837001585",
+        };
+
+        var token = await _platformClient.GetPersonalAltinnToken(manager);
+
+        // End user approves the request
+        var responseApprove = await _platformClient.PostAsync($"authentication/api/v1/systemuser/request/{party}/{requestId}/approve", null!, token);
+        Assert.True(HttpStatusCode.OK == responseApprove.StatusCode, $"Status code was not OK, but: {responseApprove.StatusCode} -  {await responseApprove.Content.ReadAsStringAsync()}");
+
+        // Prepare Create Change Request for an existing SystemUser by a Vendor
+        var bodyChange = await Helper.ReadFile("Resources/Testdata/SystemUser/CreateChangeRequest.json");
+
+        bodyChange = bodyChange
+            .Replace("{systemId}", teststate.SystemId)
+            .Replace("{redirectUrl}", teststate.RedirectUrl);
+
+        // Use the Verify endpoint to test if the change request returns an OK empty response, ie no change needed
+        var responsChange = await _platformClient.PostAsync("authentication/api/v1/systemuser/changerequest/vendor/verify", body, maskinportenToken);
+        Assert.True(HttpStatusCode.OK == responsChange.StatusCode, $"Status code was not Ok, but: {responsChange.StatusCode} -  {await responsChange.Content.ReadAsStringAsync()}");
+
+        // Use the Verify endpoint to test if the change request returns a set of Required Rights, because the change is needed
+        var responsChangeNeeded = await _platformClient.PostAsync("authentication/api/v1/systemuser/changerequest/vendor/verify", bodyChange, maskinportenToken);
+
+        Assert.True(HttpStatusCode.OK == responsChangeNeeded.StatusCode, $"Status code was not OK, but: {responsChangeNeeded.StatusCode} -  {await responsChangeNeeded.Content.ReadAsStringAsync()}");
+        string changeRequestResponse = JObject.Parse(await responsChangeNeeded.Content.ReadAsStringAsync()).ToString();
+        string requiredRights = JObject.Parse(changeRequestResponse)["requiredRights"].ToString();
+
+        // Use the Create endpoint to create the change request, returns a ChangeRequestResponse
+        var responsChangeCreate = await _platformClient.PostAsync("authentication/api/v1/systemuser/changerequest/vendor", bodyChange, maskinportenToken);
+
+        Assert.True(HttpStatusCode.Created == responsChangeCreate.StatusCode, $"Status code was not OK, but: {responsChangeCreate.StatusCode} -  {await responsChangeCreate.Content.ReadAsStringAsync()}");
+        string changeRequestResponseCreated = JObject.Parse(await responsChangeCreate.Content.ReadAsStringAsync()).ToString();
+        string requestIdChange = JObject.Parse(changeRequestResponseCreated)["id"].ToString();
+        Assert.NotEmpty(requestIdChange);
+
+        var responseApproveChange = await _platformClient.PostAsync($"authentication/api/v1/systemuser/changerequest/{party}/{requestIdChange}/approve", null!, token);
+        Assert.True(HttpStatusCode.OK == responseApproveChange.StatusCode, $"Status code was not OK, but: {responseApproveChange.StatusCode} -  {await responseApproveChange.Content.ReadAsStringAsync()}");
+    }
+
+
     /// <summary>
     /// https://docs.altinn.studio/nb/authentication/guides/systemauthentication-for-systemproviders/
     /// </summary>
     //[Fact]
     public async Task UseSystemUser()
     {
         //Bruk jwt og hent maskinporten-token direkte
     }