Merge branch 'master' into III-6844-match-apikeys

Author: JonasVHG

docs/architecture.md

@@ -78,6 +78,10 @@ SAPI3 is an external search service (Elasticsearch-based) that:
 - `/organizers` - Search organizers
 - `/offers` - Search events and places combined
 
+## Request Processing
+
+All API requests inside udb3-backend are processed synchronously, except for the export call. This means after creating or updating an entity, no waiting is needed before making subsequent requests to the same entity.
+
 ## Docker Services
 
 | Service | Port | Purpose |

docs/features/search.md

@@ -12,6 +12,7 @@ Acceptance tests for the SAPI3 (Search API 3) integration.
 ## Test Files
 
 - `auth.feature` - Authentication tests
+- `pagination.feature` - Pagination and sorting tests
 - `search-proxy.feature` - Search endpoint proxy tests
 - `facets.feature` - Facet response tests
 - `contributors.feature` - Contributor filtering
@@ -22,3 +23,21 @@ Acceptance tests for the SAPI3 (Search API 3) integration.
 1. Create entity (event/place/organizer) via API
 2. Poll SAPI3 endpoint waiting for indexing (max 5 seconds)
 3. Assert search results
+
+## Query Parameters
+
+SAPI3 supports two types of query parameters:
+
+- **URL parameters**: Direct query string parameters (e.g., `labels=my-label`)
+- **Advanced query parameter**: The `q` parameter using Lucene syntax (e.g., `q=labels:my-label`)
+
+## Test Isolation
+
+Search tests can use scenario-based label isolation to prevent interference from other tests:
+
+- Tag scenarios with `@labelIsolation` to enable isolation
+- A unique label (`scenario-{uuid}`) is automatically generated per scenario
+- The label is added to all fixtures created during the scenario
+- Search queries automatically filter by this label
+
+This ensures each scenario only sees its own data, regardless of what other tests create.

features/State/RequestState.php

@@ -10,6 +10,7 @@ final class RequestState
     private string $apiKey = '';
     private string $jwt = '';
     private string $clientId = '';
+    private array $urlParams = [];
 
     private string $acceptHeader = '';
     private string $contentTypeHeader = '';
@@ -47,6 +48,25 @@ public function setClientId(string $clientId): void
         $this->clientId = $clientId;
     }
 
+    public function getUrlParams(): array
+    {
+        return $this->urlParams;
+    }
+
+    public function setUrlParam(string $key, string $value): void
+    {
+        if (empty($value)) {
+            unset($this->urlParams[$key]);
+        } else {
+            $this->urlParams[$key] = $value;
+        }
+    }
+
+    public function clearUrlParams(): void
+    {
+        $this->urlParams = [];
+    }
+
     public function getJwt(): string
     {
         return $this->jwt;

features/Steps/AuthorizationSteps.php

@@ -155,6 +155,14 @@ public function iAmNotUsingAnUitidV1ApiKey(): void
         $this->requestState->setApiKey('');
     }
 
+    /**
+     * @Given I am using an invalid UiTID v1 API key
+     */
+    public function iAmUsingAnInvalidUitidV1ApiKey(): void
+    {
+        $this->requestState->setApiKey('invalid-api-key');
+    }
+
     /**
      * @Given I am using a x-client-id header for client :clientId
      */
@@ -170,4 +178,44 @@ public function iAmNotUsingAXClientIdHeader(): void
     {
         $this->requestState->setClientId('');
     }
+
+    /**
+     * @Given I am using an invalid x-client-id header
+     */
+    public function iAmUsingAnInvalidXClientIdHeader(): void
+    {
+        $this->requestState->setClientId('invalid-client-id');
+    }
+
+    /**
+     * @Given I am using an API key URL parameter of consumer :consumerName
+     */
+    public function iAmUsingAnApiKeyUrlParameterOfConsumer(string $consumerName): void
+    {
+        $this->requestState->setUrlParam('apiKey', $this->config['apiKeys'][$consumerName]);
+    }
+
+    /**
+     * @Given I am not using an API key URL parameter
+     */
+    public function iAmNotUsingAnApiKeyUrlParameter(): void
+    {
+        $this->requestState->setUrlParam('apiKey', '');
+    }
+
+    /**
+     * @Given I am using a clientId URL parameter for client :clientId
+     */
+    public function iAmUsingAClientIdUrlParameterForClient(string $clientId): void
+    {
+        $this->requestState->setUrlParam('clientId', $this->config['clients'][$clientId]['client_id']);
+    }
+
+    /**
+     * @Given I am not using a clientId URL parameter
+     */
+    public function iAmNotUsingAClientIdUrlParameter(): void
+    {
+        $this->requestState->setUrlParam('clientId', '');
+    }
 }

features/Support/HttpClient.php

@@ -12,15 +12,18 @@
 final class HttpClient
 {
     private Client $client;
+    private array $urlParams;
 
     public function __construct(
         string $jwt,
         string $apiKey,
         string $clientId,
         string $contentTypeHeader,
         string $acceptHeader,
-        string $baseUrl
+        string $baseUrl,
+        array $urlParams = []
     ) {
+        $this->urlParams = $urlParams;
         $headers = [];
 
         if (!empty($jwt)) {
@@ -87,7 +90,17 @@ public function patchJSON(string $url, string $json): ResponseInterface
 
     public function get(string $url): ResponseInterface
     {
-        return $this->client->get($url);
+        return $this->client->get($this->appendUrlParams($url));
+    }
+
+    private function appendUrlParams(string $url): string
+    {
+        if (empty($this->urlParams)) {
+            return $url;
+        }
+
+        $separator = str_contains($url, '?') ? '&' : '?';
+        return $url . $separator . http_build_query($this->urlParams);
     }
 
     public function getWithParameters(string $url, array $parameters, VariableState $variableState): ResponseInterface

features/bootstrap/FeatureContext.php

@@ -68,7 +68,8 @@ private function getHttpClient(): HttpClient
             $this->requestState->getClientId(),
             $this->requestState->getContentTypeHeader(),
             $this->requestState->getAcceptHeader(),
-            $this->requestState->getBaseUrl()
+            $this->requestState->getBaseUrl(),
+            $this->requestState->getUrlParams()
         );
     }
 

features/search/auth.feature

@@ -7,6 +7,8 @@ Feature: Test the Search API v3 authentication
     And I am not authorized
     And I am not using an UiTID v1 API key
     And I am not using a x-client-id header
+    And I am not using an API key URL parameter
+    And I am not using a clientId URL parameter
 
   Scenario: Search without authentication
     When I send a GET request to "/events"
@@ -22,6 +24,20 @@ Feature: Test the Search API v3 authentication
     When I send a GET request to "/events"
     Then the response status should be "401"
 
+  Scenario: Search with an invalid API key
+    Given I am using an invalid UiTID v1 API key
+    When I send a GET request to "/events"
+    Then the response status should be "401"
+    And the JSON response should be:
+    """
+    {
+      "title": "Unauthorized",
+      "type": "https:\/\/api.publiq.be\/probs\/auth\/unauthorized",
+      "status": 401,
+      "detail": "The provided api key invalid-api-key is invalid"
+    }
+    """
+
   Scenario: Search with an API key that will be matched to a client id
     Given I am using an UiTID v1 API key of consumer "apiKeyMatchedToClientIdWithSearchScope"
     When I send a GET request to "/events"
@@ -39,6 +55,20 @@ Feature: Test the Search API v3 authentication
     When I send a GET request to "/events"
     Then the response status should be "403"
 
+  Scenario: Search with an invalid client id
+    Given I am using an invalid x-client-id header
+    When I send a GET request to "/events"
+    Then the response status should be "403"
+    And the JSON response should be:
+    """
+    {
+      "title": "Forbidden",
+      "type": "https:\/\/api.publiq.be\/probs\/auth\/forbidden",
+      "status": 403,
+      "detail": "The provided client id invalid-client-id is not allowed to access this API."
+    }
+    """
+
   Scenario: Search with a client access token of a client that has access to Search API v3
     Given I am authorized with an OAuth client access token for "test_client_sapi3_only"
     And I am using the Search API v3 base URL
@@ -56,3 +86,13 @@ Feature: Test the Search API v3 authentication
     And I am using the Search API v3 base URL
     When I send a GET request to "/events"
     Then the response status should be "403"
+
+  Scenario: Search with API key URL parameter that has access to Search API v3
+    Given I am using an API key URL parameter of consumer "uitdatabank"
+    When I send a GET request to "/events"
+    Then the response status should be "200"
+
+  Scenario: Search with clientId URL parameter that has access to Search API v3
+    Given I am using a clientId URL parameter for client "test_client_sapi3_only"
+    When I send a GET request to "/events"
+    Then the response status should be "200"

features/search/pagination.feature

@@ -0,0 +1,98 @@
+@sapi3
+Feature: Test the Search API v3 pagination and sorting
+
+  Background:
+    Given I am using the Search API v3 base URL
+    And I am using a x-client-id header for client "test_client_sapi3_only"
+    And I send and accept "application/json"
+
+  Scenario: Default itemsPerPage should be 30
+    When I send a GET request to "/offers"
+    Then the response status should be "200"
+    And the JSON response at "itemsPerPage" should be 30
+
+  Scenario: Custom limit is accepted
+    When I send a GET request to "/offers" with parameters:
+      | limit | 50 |
+    Then the response status should be "200"
+    And the JSON response at "itemsPerPage" should be 50
+
+  Scenario: Limit above 2000 returns error
+    When I send a GET request to "/offers" with parameters:
+      | limit | 3000 |
+    Then the response status should be "404"
+    And the JSON response should be:
+    """
+    {
+      "title": "Not Found",
+      "type": "https:\/\/api.publiq.be\/probs\/url\/not-found",
+      "status": 404,
+      "detail": "The \"limit\" parameter should be between 0 and 2000"
+    }
+    """
+
+  Scenario: Different start is possible
+    When I send a GET request to "/offers" with parameters:
+      | start | 10 |
+    Then the response status should be "200"
+
+  Scenario: Start above 10000 returns error
+    When I send a GET request to "/offers" with parameters:
+      | start | 1000000 |
+    Then the response status should be "404"
+    And the JSON response should be:
+    """
+    {
+      "title": "Not Found",
+      "type": "https:\/\/api.publiq.be\/probs\/url\/not-found",
+      "status": 404,
+      "detail": "The \"start\" parameter should be between 0 and 10000"
+    }
+    """
+
+  Scenario: Sort by availableTo ascending
+    When I send a GET request to "/offers" with parameters:
+      | sort[availableTo] | asc |
+    Then the response status should be "200"
+
+  Scenario: Sort by availableTo descending
+    When I send a GET request to "/offers" with parameters:
+      | sort[availableTo] | desc |
+    Then the response status should be "200"
+
+  Scenario: Sort by completeness ascending
+    When I send a GET request to "/offers" with parameters:
+      | sort[completeness] | asc |
+    Then the response status should be "200"
+
+  Scenario: Sort by created ascending
+    When I send a GET request to "/offers" with parameters:
+      | sort[created] | asc |
+    Then the response status should be "200"
+
+  Scenario: Sort by distance ascending
+    When I send a GET request to "/offers" with parameters:
+      | coordinates    | 50.8511740,4.3386740 |
+      | distance       | 10km                 |
+      | sort[distance] | asc                  |
+    Then the response status should be "200"
+
+  Scenario: Sort by modified ascending
+    When I send a GET request to "/offers" with parameters:
+      | sort[modified] | asc |
+    Then the response status should be "200"
+
+  Scenario: Sort by modified descending
+    When I send a GET request to "/offers" with parameters:
+      | sort[modified] | desc |
+    Then the response status should be "200"
+
+  Scenario: Sort by score ascending
+    When I send a GET request to "/offers" with parameters:
+      | sort[score] | asc |
+    Then the response status should be "200"
+
+  Scenario: Sort by score descending
+    When I send a GET request to "/offers" with parameters:
+      | sort[score] | desc |
+    Then the response status should be "200"