1790: Verein360 endpoint protection

[ztefanie]

Short description

Finalize the verein360 endpoint

Proposed changes

• protect the applications endpoint correctly
• show verein360 in digitale druckerei

Side effects

• May break the normal application flow

Testing

Create an api token
create applications with and without the api token
create applications with and without the pre-verified flag set
create applications with one or multiple organizations

Resolved issues

Fixes: #1790 #1625

[seluianova]

❓ Not directly related to the current PR but I have to ask somewhere:
The endpoint documentation contains some requirements to the acceptable values, but some of them we don't check.
For example:
"applicationType": "FIRST_APPLICATION", // Must be FIRST_APPLICATION
But I can submit RENEWAL_APPLICATION, and it will be accepted.
And for some values we have checks, but we return a 500 error with no meaningful description.
For example, if I send "givenInformationIsCorrectAndComplete": false, // Must be true
So I wonder if we actually need some user-friendly error handling here? (as a separate task maybe)

[seluianova]

❓ and one more general question:
when verein360 application is submitted, the emails to the organisation ("Bestätigung notwendig") and to the user ("Antrag erfolgreich eingereicht") are sent, but I feel like it's not actually needed, isn't it? At least when isAlreadyVerified: true

[f1sh1918]

❓ and one more general question: when verein360 application is submitted, the emails to the organisation ("Bestätigung notwendig") and to the user ("Antrag erfolgreich eingereicht") are sent, but I feel like it's not actually needed, isn't it? At least when isAlreadyVerified: true

Yes i think we decided on not sending mails in this case. For organizations it makes no sense and for the users we would have to adjust the texts because they not really submitted the application

[ztefanie]

❓ and one more general question: when verein360 application is submitted, the emails to the organisation ("Bestätigung notwendig") and to the user ("Antrag erfolgreich eingereicht") are sent, but I feel like it's not actually needed, isn't it? At least when isAlreadyVerified: true

You are right, this was a bug. I fixed it.

[ztefanie]

❓ Not directly related to the current PR but I have to ask somewhere: The endpoint documentation contains some requirements to the acceptable values, but some of them we don't check. For example: "applicationType": "FIRST_APPLICATION", // Must be FIRST_APPLICATION But I can submit RENEWAL_APPLICATION, and it will be accepted. And for some values we have checks, but we return a 500 error with no meaningful description. For example, if I send "givenInformationIsCorrectAndComplete": false, // Must be true So I wonder if we actually need some user-friendly error handling here? (as a separate task maybe)

Ok good point. I would split this:

1. I created a new issue for general validation for this endpoint: Input validation for application endpoint #1816
2. Validation that is specific for verein360 pre-verified requests: Will add this to this PR.

[seluianova]

pls update the branch, I will re-test all together :)

[ztefanie]

pls update the branch, I will re-test all together :)

done

[f1sh1918]

Works fine! Nicely done!

One thing i think we have to handle somehow
If i send an empty string for any value like forename i get a server response of

{
  "title": "Server Error",
  "status": 500,
  "type": "https://javalin.io/documentation#internalservererrorresponse",
  "details": {}
}

And the api throws internally

Caused by: app.ehrenamtskarte.backend.exception.webservice.exceptions.InvalidJsonException: Exception for GraphQL error INVALID_JSON was thrown.

Just added some minor comments about code style in react

[ztefanie]

One thing i think we have to handle somehow
If i send an empty string for any value like forename i get a server response of

This will be handled here, right? #1816
or is there anything additional you noticed that needs to be fixed? I added your example to the issue description.

[f1sh1918]

One thing i think we have to handle somehow
If i send an empty string for any value like forename i get a server response of

This will be handled here, right? #1816 or is there anything additional you noticed that needs to be fixed? I added your example to the issue description.

Sorry i just realized that there is already an issue! I think thats fine

[f1sh1918]

Tested on chrome. Works fine. 👍

I'm okay with merging it even i think the small proposals for the quick indicator would improve the code

[ztefanie]

I'm okay with merging it even i think the small proposals for the quick indicator would improve the code

Added your suggestion

[seluianova]

lgtm! 👍

[seluianova]

💭 maybe would be nice to have more or less similar style for the icons. I assume we will have more of them in the future. shall we create a ui/ux ticket for that?

[ztefanie]

💭 maybe would be nice to have more or less similar style for the icons. I assume we will have more of them in the future. shall we create a ui/ux ticket for that?

Good point. Yes may be an option. I will create ticket.