From 7a0da778a9a30bd9c29aaec0933ba988415b5ae3 Mon Sep 17 00:00:00 2001
From: Steven Bal <steven@maykinmedia.nl>
Date: Fri, 23 Feb 2024 15:00:35 +0100
Subject: [PATCH 1/2] :bug: [#2146] Avoid KvK branch select redirects for media
 files

issue: https://taiga.maykinmedia.nl/project/open-inwoner/issue/2146
---
 src/open_inwoner/kvk/middleware.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/open_inwoner/kvk/middleware.py b/src/open_inwoner/kvk/middleware.py
index 659a217e1d..c6947d83b8 100644
--- a/src/open_inwoner/kvk/middleware.py
+++ b/src/open_inwoner/kvk/middleware.py
@@ -1,5 +1,6 @@
 import logging
 
+from django.conf import settings
 from django.http import HttpResponseRedirect
 from django.urls import NoReverseMatch, reverse
 
@@ -24,6 +25,8 @@ def __call__(self, request):
             not user.is_authenticated
             or not user.is_eherkenning_user
             or kvk_branch_selected_done(request.session)
+            or request.path.startswith(settings.MEDIA_URL)
+            or request.path.startswith(settings.PRIVATE_MEDIA_URL)
         ):
             return self.get_response(request)
 

From 09db9130969fa46233d68feda16b14f7329947a3 Mon Sep 17 00:00:00 2001
From: Steven Bal <steven@maykinmedia.nl>
Date: Fri, 23 Feb 2024 15:27:58 +0100
Subject: [PATCH 2/2] :white_check_mark: [#2146] Add test for
 KvKLoginMiddleware

---
 src/open_inwoner/kvk/tests/test_middleware.py | 32 +++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 src/open_inwoner/kvk/tests/test_middleware.py

diff --git a/src/open_inwoner/kvk/tests/test_middleware.py b/src/open_inwoner/kvk/tests/test_middleware.py
new file mode 100644
index 0000000000..6f186fa8d7
--- /dev/null
+++ b/src/open_inwoner/kvk/tests/test_middleware.py
@@ -0,0 +1,32 @@
+from unittest.mock import patch
+
+from django.conf import settings
+from django.test import TestCase
+
+from open_inwoner.accounts.tests.factories import eHerkenningUserFactory
+from open_inwoner.kvk.tests.factories import CertificateFactory
+
+
+class KvKLoginMiddlewareTestCase(TestCase):
+    @patch("open_inwoner.kvk.client.KvKClient.get_all_company_branches")
+    @patch(
+        "open_inwoner.kvk.models.KvKConfig.get_solo",
+    )
+    def test_middleware_skip_redirect_for_media_files(self, mock_solo, mock_kvk):
+        mock_kvk.return_value = [
+            {"kvkNummer": "12345678"},
+            {"kvkNummer": "12345678", "vestigingsnummer": "1234"},
+        ]
+
+        mock_solo.return_value.api_key = "123"
+        mock_solo.return_value.api_root = "http://foo.bar/api/v1/"
+        mock_solo.return_value.client_certificate = CertificateFactory()
+        mock_solo.return_value.server_certificate = CertificateFactory()
+
+        user = eHerkenningUserFactory.create()
+
+        self.client.force_login(user=user)
+
+        response = self.client.get(f"{settings.MEDIA_URL}filer_public/some_image.png/")
+
+        self.assertEqual(response.status_code, 404)