Merge pull request #1605 from open-zaak/feature/1592-local-base-urls

resolve local and external urls with the same host

docs/installation/config/env_config.md

@@ -172,6 +172,13 @@ on Docker, since `localhost` is contained within the container:
 * `NOTIFICATIONS_DISABLED`: if this variable is set to `true`, `yes` or `1`, the notification mechanism will be
     disabled. Defaults to `False`.
 
+* `LOOSE_FK_LOCAL_BASE_URLS`: explicitly list the allowed prefixes of local urls.
+  Defaults to an empty list. This setting can be used to separate local and external urls, when
+  Open Zaak and other services are deployed within the same domain or API Gateway.
+  If this setting is not defined, all urls with the same host as in the request are considered local. 
+  Example:
+  `LOOSE_FK_LOCAL_BASE_URLS=http://api.example.nl/ozgv-t/zaken/,http://api.example.nl/ozgv-t/catalogi/,http://api.example.nl/ozgv-t/autorisaties/`
+
 ### Initial superuser creation
 
 A clean installation of Open Zaak comes without pre-installed or pre-configured admin

requirements/base.txt

@@ -140,7 +140,7 @@ django-jsonform==2.21.2
     # via mozilla-django-oidc-db
 django-log-outgoing-requests==0.5.2
     # via -r requirements/base.in
-django-loose-fk==1.0.3
+django-loose-fk==1.0.4
     # via -r requirements/base.in
 django-markup==1.5
     # via -r requirements/base.in

requirements/ci.txt

@@ -186,7 +186,7 @@ django-jsonform==2.21.2
     #   mozilla-django-oidc-db
 django-log-outgoing-requests==0.5.2
     # via -r requirements/base.txt
-django-loose-fk==1.0.3
+django-loose-fk==1.0.4
     # via -r requirements/base.txt
 django-markup==1.5
     # via -r requirements/base.txt

requirements/dev.txt

@@ -213,7 +213,7 @@ django-jsonform==2.21.2
     #   mozilla-django-oidc-db
 django-log-outgoing-requests==0.5.2
     # via -r requirements/ci.txt
-django-loose-fk==1.0.3
+django-loose-fk==1.0.4
     # via -r requirements/ci.txt
 django-markup==1.5
     # via -r requirements/ci.txt

src/openzaak/components/zaken/tests/test_zaakinformatieobjecten.py

@@ -7,6 +7,7 @@
 
 from django.db import close_old_connections
 from django.test import override_settings, tag
+from django.test.utils import override_script_prefix
 from django.utils import timezone
 
 import requests_mock
@@ -966,3 +967,67 @@ def test_representation(self):
         zio_representation = str(zio)
         expected_representation = f"{zio.zaak.identificatie} - {zio.informatieobject.latest_version.identificatie}"
         self.assertEqual(expected_representation, zio_representation)
+
+
+@tag("external-urls")
+class ExternalInformatieObjectSameDomainTests(JWTAuthMixin, APITestCase):
+    heeft_alle_autorisaties = True
+
+    @override_settings(
+        ALLOWED_HOSTS=["api.example.nl"],
+        LOOSE_FK_LOCAL_BASE_URLS=[
+            "http://api.example.nl/ozgv-t/zaken/",
+            "http://api.example.nl/ozgv-t/catalogi/",
+        ],
+        FORCE_SCRIPT_NAME="/ozgv-t",
+    )
+    def test_zaaktype_internal_iotype_external_same_domain(self):
+        """
+        regression test for https://github.com/open-zaak/open-zaak/issues/1592
+        """
+
+        document_api_root = "http://api.example.nl/ozgv-t/documenten/service/drc/v1/"
+        document = f"{document_api_root}enkelvoudiginformatieobjecten/be0a31c7-6c9c-4d75-aefd-db950be62267"
+
+        Service.objects.create(
+            api_type=APITypes.drc,
+            api_root=document_api_root,
+            label="external documents",
+            auth_type=AuthTypes.zgw,
+            client_id="a-client-id",
+            secret="secret",
+        )
+        zio_type = ZaakTypeInformatieObjectTypeFactory.create(
+            informatieobjecttype__concept=False, zaaktype__concept=False
+        )
+        zaak = ZaakFactory.create(zaaktype=zio_type.zaaktype)
+        zaak_url = f"http://api.example.nl/ozgv-t{reverse(zaak)}"
+        # for mocks
+        eio_response = get_eio_response(
+            document,
+            informatieobjecttype=f"http://api.example.nl/ozgv-t{reverse(zio_type.informatieobjecttype)}",
+        )
+        oio_response = get_oio_response(document, zaak_url)
+
+        data = {"zaak": zaak_url, "informatieobject": document}
+        ziot_list_url = reverse(ZaakInformatieObject)
+
+        with requests_mock.Mocker() as m:
+            mock_service_oas_get(m, document_api_root, "drc")
+            m.get(document, json=eio_response)
+            m.post(
+                f"{document_api_root}objectinformatieobjecten",
+                json=oio_response,
+                status_code=201,
+            )
+
+            with override_script_prefix(prefix="/ozgv-t"):
+                response = self.client.post(
+                    ziot_list_url, data, HTTP_HOST="api.example.nl"
+                )
+
+        self.assertEqual(response.status_code, status.HTTP_201_CREATED, response.data)
+
+        zio = ZaakInformatieObject.objects.get()
+        self.assertEqual(zio.zaak, zaak)
+        self.assertEqual(zio._informatieobject_url, document)

src/openzaak/components/zaken/tests/utils.py

@@ -55,6 +55,7 @@ def get_zaaktype_response(catalogus: str, zaaktype: str, **overrides) -> dict:
             "https://selectielijst.openzaak.nl/api/v1/"
             "procestypen/e1b73b12-b2f6-4c4e-8929-94f84dd2a57d"
         ),
+        "verantwoordelijke": "063308836",
         "referentieproces": {},
         "statustypen": [],
         "resultaattypen": [],

src/openzaak/conf/includes/base.py

@@ -645,6 +645,7 @@
 # DJANGO-LOOSE-FK -- handle internal and external API resources
 #
 DEFAULT_LOOSE_FK_LOADER = "openzaak.loaders.AuthorizedRequestsLoader"
+LOOSE_FK_LOCAL_BASE_URLS = config("LOOSE_FK_LOCAL_BASE_URLS", split=True, default=[])
 
 #
 # RAVEN/SENTRY - error monitoring