Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PATCH requests on Partij require soortPartij and don't validate partijIdentificatie #345

Open
swrichards opened this issue Feb 27, 2025 · 0 comments
Open

PATCH requests on Partij require soortPartij and don't validate partijIdentificatie #345

swrichards opened this issue Feb 27, 2025 · 0 comments
Labels
bug Something isn't working triage

Comments

@swrichards
Copy link
Contributor

swrichards commented Feb 27, 2025
edited
Loading

Product versie / Product version


Docker image: sha256:1f4307b50728f88d1d8db45b8b692e2f25ecc2e6589a7cb02ec550f8e6981da0 (working tree leading up to 2.6.0)

Omschrijf het probleem / Describe the bug

It seems that soortPartij is a required field when making a PATCH request on a Partij:

If the field is provided, but set to a value that differs from the current value, the existing partijIdentificatie appears to be set to None (thus leading to an invalid object).

Stappen om te reproduceren / Steps to reproduce

Patching while specifying soortPartij equal to current value works as expected

interactions:
- request:
    body: '{"digitaleAdressen": null, "voorkeursDigitaalAdres": null, "rekeningnummers":
      null, "voorkeursRekeningnummer": null, "indicatieGeheimhouding": false, "indicatieActief":
      true, "voorkeurstaal": "crp", "soortPartij": "persoon", "partijIdentificatie":
      {"contactnaam": {"voorletters": "Dr.", "voornaam": "Test Persoon", "voorvoegselAchternaam":
      "Mrs.", "achternaam": "Gamble"}}}'
    headers:
      Authorization:
      - Token b2eb1da9861da88743d72a3fb4344288fe2cba44
      Content-Length:
      - '373'
      Content-Type:
      - application/json
    method: POST
    uri: http://localhost:8338/klantinteracties/api/v1/partijen
  response:
    body:
      string: '{"uuid":"80517b7a-0d59-4d90-af51-d56795a45b3a","url":"http://localhost:8338/klantinteracties/api/v1/partijen/80517b7a-0d59-4d90-af51-d56795a45b3a","nummer":"0000000001","interneNotitie":"","betrokkenen":[],"categorieRelaties":[],"digitaleAdressen":[],"voorkeursDigitaalAdres":null,"vertegenwoordigden":[],"rekeningnummers":[],"voorkeursRekeningnummer":null,"partijIdentificatoren":[],"soortPartij":"persoon","indicatieGeheimhouding":false,"voorkeurstaal":"crp","indicatieActief":true,"bezoekadres":{"nummeraanduidingId":"","adresregel1":"","adresregel2":"","adresregel3":"","land":""},"correspondentieadres":{"nummeraanduidingId":"","adresregel1":"","adresregel2":"","adresregel3":"","land":""},"partijIdentificatie":{"contactnaam":{"voorletters":"Dr.","voornaam":"Test
        Persoon","voorvoegselAchternaam":"Mrs.","achternaam":"Gamble"},"volledigeNaam":"Test
        Persoon Mrs. Gamble"}}'
    headers:
      API-version:
      - 0.0.4
      Allow:
      - GET, POST, HEAD, OPTIONS
      Content-Length:
      - '877'
      Content-Security-Policy:
      - 'form-action ''self''; script-src ''self'' ''unsafe-inline''; font-src ''self''
        fonts.gstatic.com; frame-src ''self''; object-src ''none''; default-src ''self'';
        img-src ''self'' data: cdn.redoc.ly; base-uri ''self''; style-src ''self''
        ''unsafe-inline'' fonts.googleapis.com; worker-src ''self'' blob:; frame-ancestors
        ''none'''
      Content-Type:
      - application/json
      Cross-Origin-Opener-Policy:
      - same-origin
      Location:
      - http://localhost:8338/klantinteracties/api/v1/partijen/80517b7a-0d59-4d90-af51-d56795a45b3a
      Referrer-Policy:
      - same-origin
      Vary:
      - origin
      X-Content-Type-Options:
      - nosniff
      X-Frame-Options:
      - DENY
    status:
      code: 201
      message: Created
- request:
    body: '{"soortPartij": "persoon", "nummer": "18744"}'
    headers:
      Authorization:
      - Token b2eb1da9861da88743d72a3fb4344288fe2cba44
      Content-Length:
      - '45'
      Content-Type:
      - application/json
    method: PATCH
    uri: http://localhost:8338/klantinteracties/api/v1/partijen/80517b7a-0d59-4d90-af51-d56795a45b3a
  response:
    body:
      string: '{"uuid":"80517b7a-0d59-4d90-af51-d56795a45b3a","url":"http://localhost:8338/klantinteracties/api/v1/partijen/80517b7a-0d59-4d90-af51-d56795a45b3a","nummer":"18744","interneNotitie":"","betrokkenen":[],"categorieRelaties":[],"digitaleAdressen":[],"voorkeursDigitaalAdres":null,"vertegenwoordigden":[],"rekeningnummers":[],"voorkeursRekeningnummer":null,"partijIdentificatoren":[],"soortPartij":"persoon","indicatieGeheimhouding":false,"voorkeurstaal":"crp","indicatieActief":true,"bezoekadres":{"nummeraanduidingId":"","adresregel1":"","adresregel2":"","adresregel3":"","land":""},"correspondentieadres":{"nummeraanduidingId":"","adresregel1":"","adresregel2":"","adresregel3":"","land":""},"partijIdentificatie":{"contactnaam":{"voorletters":"Dr.","voornaam":"Test
        Persoon","voorvoegselAchternaam":"Mrs.","achternaam":"Gamble"},"volledigeNaam":"Test
        Persoon Mrs. Gamble"}}'
    headers:
      API-version:
      - 0.0.4
      Allow:
      - GET, PUT, PATCH, DELETE, HEAD, OPTIONS
      Content-Length:
      - '872'
      Content-Security-Policy:
      - 'form-action ''self''; script-src ''self'' ''unsafe-inline''; font-src ''self''
        fonts.gstatic.com; frame-src ''self''; object-src ''none''; default-src ''self'';
        img-src ''self'' data: cdn.redoc.ly; base-uri ''self''; style-src ''self''
        ''unsafe-inline'' fonts.googleapis.com; worker-src ''self'' blob:; frame-ancestors
        ''none'''
      Content-Type:
      - application/json
      Cross-Origin-Opener-Policy:
      - same-origin
      Referrer-Policy:
      - same-origin
      Vary:
      - origin
      X-Content-Type-Options:
      - nosniff
      X-Frame-Options:
      - DENY
    status:
      code: 200
      message: OK
version: 1

Patching without specifying soortPartij yields a Bad Request error

interactions:
- request:
    body: '{"digitaleAdressen": null, "voorkeursDigitaalAdres": null, "rekeningnummers":
      null, "voorkeursRekeningnummer": null, "indicatieGeheimhouding": false, "indicatieActief":
      true, "voorkeurstaal": "crp", "soortPartij": "persoon", "partijIdentificatie":
      {"contactnaam": {"voorletters": "Dr.", "voornaam": "Test Persoon", "voorvoegselAchternaam":
      "Mrs.", "achternaam": "Gamble"}}}'
    headers:
      Authorization:
      - Token b2eb1da9861da88743d72a3fb4344288fe2cba44
      Content-Length:
      - '373'
      Content-Type:
      - application/json
    method: POST
    uri: http://localhost:8338/klantinteracties/api/v1/partijen
  response:
    body:
      string: '{"uuid":"a7ab50e0-6870-4dac-a696-0a6e2314fd1b","url":"http://localhost:8338/klantinteracties/api/v1/partijen/a7ab50e0-6870-4dac-a696-0a6e2314fd1b","nummer":"0000000001","interneNotitie":"","betrokkenen":[],"categorieRelaties":[],"digitaleAdressen":[],"voorkeursDigitaalAdres":null,"vertegenwoordigden":[],"rekeningnummers":[],"voorkeursRekeningnummer":null,"partijIdentificatoren":[],"soortPartij":"persoon","indicatieGeheimhouding":false,"voorkeurstaal":"crp","indicatieActief":true,"bezoekadres":{"nummeraanduidingId":"","adresregel1":"","adresregel2":"","adresregel3":"","land":""},"correspondentieadres":{"nummeraanduidingId":"","adresregel1":"","adresregel2":"","adresregel3":"","land":""},"partijIdentificatie":{"contactnaam":{"voorletters":"Dr.","voornaam":"Test
        Persoon","voorvoegselAchternaam":"Mrs.","achternaam":"Gamble"},"volledigeNaam":"Test
        Persoon Mrs. Gamble"}}'
    headers:
      API-version:
      - 0.0.4
      Allow:
      - GET, POST, HEAD, OPTIONS
      Content-Length:
      - '877'
      Content-Security-Policy:
      - 'frame-ancestors ''none''; object-src ''none''; base-uri ''self''; style-src
        ''self'' ''unsafe-inline'' fonts.googleapis.com; frame-src ''self''; form-action
        ''self''; script-src ''self'' ''unsafe-inline''; img-src ''self'' data: cdn.redoc.ly;
        default-src ''self''; font-src ''self'' fonts.gstatic.com; worker-src ''self''
        blob:'
      Content-Type:
      - application/json
      Cross-Origin-Opener-Policy:
      - same-origin
      Location:
      - http://localhost:8338/klantinteracties/api/v1/partijen/a7ab50e0-6870-4dac-a696-0a6e2314fd1b
      Referrer-Policy:
      - same-origin
      Vary:
      - origin
      X-Content-Type-Options:
      - nosniff
      X-Frame-Options:
      - DENY
    status:
      code: 201
      message: Created
- request:
    body: '{"nummer": "18744"}'
    headers:
      Authorization:
      - Token b2eb1da9861da88743d72a3fb4344288fe2cba44
      Content-Length:
      - '19'
      Content-Type:
      - application/json
    method: PATCH
    uri: http://localhost:8338/klantinteracties/api/v1/partijen/a7ab50e0-6870-4dac-a696-0a6e2314fd1b
  response:
    body:
      string: '{"type":"http://localhost:8338/ref/fouten/ValidationError/","code":"invalid","title":"Invalid
        input.","status":400,"detail":"","instance":"urn:uuid:fede6865-466e-4bc3-9748-611e225cf9fd","invalidParams":[{"name":"soortPartij","code":"invalid","reason":"Dit
        veld is vereist."}]}'
    headers:
      API-version:
      - 0.0.4
      Allow:
      - GET, PUT, PATCH, DELETE, HEAD, OPTIONS
      Content-Length:
      - '276'
      Content-Security-Policy:
      - 'frame-ancestors ''none''; object-src ''none''; base-uri ''self''; style-src
        ''self'' ''unsafe-inline'' fonts.googleapis.com; frame-src ''self''; form-action
        ''self''; script-src ''self'' ''unsafe-inline''; img-src ''self'' data: cdn.redoc.ly;
        default-src ''self''; font-src ''self'' fonts.gstatic.com; worker-src ''self''
        blob:'
      Content-Type:
      - application/json
      Cross-Origin-Opener-Policy:
      - same-origin
      Referrer-Policy:
      - same-origin
      Vary:
      - origin
      X-Content-Type-Options:
      - nosniff
      X-Frame-Options:
      - DENY
    status:
      code: 400
      message: Bad Request
version: 1

Patching with a different soortPartij without partijIdentificatie sets partijIdentificatie to null

interactions:
- request:
    body: '{"digitaleAdressen": null, "voorkeursDigitaalAdres": null, "rekeningnummers":
      null, "voorkeursRekeningnummer": null, "indicatieGeheimhouding": false, "indicatieActief":
      true, "voorkeurstaal": "crp", "soortPartij": "persoon", "partijIdentificatie":
      {"contactnaam": {"voorletters": "Dr.", "voornaam": "Test Persoon", "voorvoegselAchternaam":
      "Mrs.", "achternaam": "Gamble"}}}'
    headers:
      Authorization:
      - Token b2eb1da9861da88743d72a3fb4344288fe2cba44
      Content-Length:
      - '373'
      Content-Type:
      - application/json
    method: POST
    uri: http://localhost:8338/klantinteracties/api/v1/partijen
  response:
    body:
      string: '{"uuid":"3cdf85d8-76c6-4afc-ace6-4d4ed18fa32a","url":"http://localhost:8338/klantinteracties/api/v1/partijen/3cdf85d8-76c6-4afc-ace6-4d4ed18fa32a","nummer":"0000000001","interneNotitie":"","betrokkenen":[],"categorieRelaties":[],"digitaleAdressen":[],"voorkeursDigitaalAdres":null,"vertegenwoordigden":[],"rekeningnummers":[],"voorkeursRekeningnummer":null,"partijIdentificatoren":[],"soortPartij":"persoon","indicatieGeheimhouding":false,"voorkeurstaal":"crp","indicatieActief":true,"bezoekadres":{"nummeraanduidingId":"","adresregel1":"","adresregel2":"","adresregel3":"","land":""},"correspondentieadres":{"nummeraanduidingId":"","adresregel1":"","adresregel2":"","adresregel3":"","land":""},"partijIdentificatie":{"contactnaam":{"voorletters":"Dr.","voornaam":"Test
        Persoon","voorvoegselAchternaam":"Mrs.","achternaam":"Gamble"},"volledigeNaam":"Test
        Persoon Mrs. Gamble"}}'
    headers:
      API-version:
      - 0.0.4
      Allow:
      - GET, POST, HEAD, OPTIONS
      Content-Length:
      - '877'
      Content-Security-Policy:
      - 'form-action ''self''; script-src ''self'' ''unsafe-inline''; base-uri ''self'';
        font-src ''self'' fonts.gstatic.com; frame-ancestors ''none''; img-src ''self''
        data: cdn.redoc.ly; object-src ''none''; worker-src ''self'' blob:; frame-src
        ''self''; style-src ''self'' ''unsafe-inline'' fonts.googleapis.com; default-src
        ''self'''
      Content-Type:
      - application/json
      Cross-Origin-Opener-Policy:
      - same-origin
      Location:
      - http://localhost:8338/klantinteracties/api/v1/partijen/3cdf85d8-76c6-4afc-ace6-4d4ed18fa32a
      Referrer-Policy:
      - same-origin
      Vary:
      - origin
      X-Content-Type-Options:
      - nosniff
      X-Frame-Options:
      - DENY
    status:
      code: 201
      message: Created
- request:
    body: '{"soortPartij": "organisatie", "nummer": "18744"}'
    headers:
      Authorization:
      - Token b2eb1da9861da88743d72a3fb4344288fe2cba44
      Content-Length:
      - '49'
      Content-Type:
      - application/json
    method: PATCH
    uri: http://localhost:8338/klantinteracties/api/v1/partijen/3cdf85d8-76c6-4afc-ace6-4d4ed18fa32a
  response:
    body:
      string: '{"uuid":"3cdf85d8-76c6-4afc-ace6-4d4ed18fa32a","url":"http://localhost:8338/klantinteracties/api/v1/partijen/3cdf85d8-76c6-4afc-ace6-4d4ed18fa32a","nummer":"18744","interneNotitie":"","betrokkenen":[],"categorieRelaties":[],"digitaleAdressen":[],"voorkeursDigitaalAdres":null,"vertegenwoordigden":[],"rekeningnummers":[],"voorkeursRekeningnummer":null,"partijIdentificatoren":[],"soortPartij":"organisatie","indicatieGeheimhouding":false,"voorkeurstaal":"crp","indicatieActief":true,"bezoekadres":{"nummeraanduidingId":"","adresregel1":"","adresregel2":"","adresregel3":"","land":""},"correspondentieadres":{"nummeraanduidingId":"","adresregel1":"","adresregel2":"","adresregel3":"","land":""},"partijIdentificatie":null}'
    headers:
      API-version:
      - 0.0.4
      Allow:
      - GET, PUT, PATCH, DELETE, HEAD, OPTIONS
      Content-Length:
      - '721'
      Content-Security-Policy:
      - 'form-action ''self''; script-src ''self'' ''unsafe-inline''; base-uri ''self'';
        font-src ''self'' fonts.gstatic.com; frame-ancestors ''none''; img-src ''self''
        data: cdn.redoc.ly; object-src ''none''; worker-src ''self'' blob:; frame-src
        ''self''; style-src ''self'' ''unsafe-inline'' fonts.googleapis.com; default-src
        ''self'''
      Content-Type:
      - application/json
      Cross-Origin-Opener-Policy:
      - same-origin
      Referrer-Policy:
      - same-origin
      Vary:
      - origin
      X-Content-Type-Options:
      - nosniff
      X-Frame-Options:
      - DENY
    status:
      code: 200
      message: OK
version: 1

Verwacht gedrag / Expected behavior

I would expect the behavior to be:

  • soortPartij should not be required to PATCH an object. I should (for instance, as in the example above) be able to PATCH the nummer attribute without specifying the soortPartij.
  • if soortPartij is provided in a PATCH request and is set to a different value than the current soortPartij, it should also require the corresponding partijIdentificatie object for that partij soort. I suspect this lack of validation is a problem elsewhere too (e.g. in the admin panel, see Creating Partij in Admin Interface results in a 500 error #303 ). Setting partijIdentificatie to null violates the API spec, which requires this field.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working triage
Projects
Data en API fundament
Status: Triage
Milestone
No milestone
Development

No branches or pull requests
1 participant
@swrichards