Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(GraphQL): Hide info when performing mutation on id field with auth rule. #6391

Merged
merged 8 commits into from
Sep 14, 2020
Merged

fix(GraphQL): Hide info when performing mutation on id field with auth rule. #6391

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
85c246f
Hide info when performing mutation on id field with auth rule.
arijitAD Sep 4, 2020
0cb5080
Fix E2E test.
arijitAD Sep 4, 2020
a4798de
Clear deadcode.
arijitAD Sep 4, 2020
bd195a7
Merge remote-tracking branch 'origin/master' into arijitAD/auth-id-error
arijitAD Sep 7, 2020
23631a7
Address comments.
arijitAD Sep 7, 2020
8849b50
Fix failing test.
arijitAD Sep 9, 2020
42a835d
Fix E2E test.
arijitAD Sep 14, 2020
4960ea6
Merge remote-tracking branch 'origin/master' into arijitAD/auth-id-error
arijitAD Sep 14, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 22 additions & 22 deletions graphql/e2e/auth/add_mutation_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,7 @@ func TestAddDeepFilter(t *testing.T) {
Name: "project_add_2",
Roles: []*Role{{
Permission: "ADMIN",
AssignedTo: []*User{{
AssignedTo: []*common.User{{
Username: "user2",
}},
}},
Expand All @@ -146,12 +146,12 @@ func TestAddDeepFilter(t *testing.T) {
Name: "project_add_4",
Roles: []*Role{{
Permission: "ADMIN",
AssignedTo: []*User{{
AssignedTo: []*common.User{{
Username: "user6",
}},
}, {
Permission: "VIEW",
AssignedTo: []*User{{
AssignedTo: []*common.User{{
Username: "user6",
}},
}},
Expand Down Expand Up @@ -197,7 +197,7 @@ func TestAddDeepFilter(t *testing.T) {

err := json.Unmarshal([]byte(tcase.result), &expected)
require.NoError(t, err)
err = json.Unmarshal([]byte(gqlResponse.Data), &result)
err = json.Unmarshal(gqlResponse.Data, &result)
require.NoError(t, err)

opt := cmpopts.IgnoreFields(Column{}, "ColID")
Expand Down Expand Up @@ -234,7 +234,7 @@ func TestAddOrRBACFilter(t *testing.T) {
Name: "project_add_2",
Roles: []*Role{{
Permission: "ADMIN",
AssignedTo: []*User{{
AssignedTo: []*common.User{{
Username: "user2",
}},
}},
Expand All @@ -247,12 +247,12 @@ func TestAddOrRBACFilter(t *testing.T) {
Name: "project_add_3",
Roles: []*Role{{
Permission: "ADMIN",
AssignedTo: []*User{{
AssignedTo: []*common.User{{
Username: "user7",
}},
}, {
Permission: "VIEW",
AssignedTo: []*User{{
AssignedTo: []*common.User{{
Username: "user7",
}},
}},
Expand Down Expand Up @@ -294,7 +294,7 @@ func TestAddOrRBACFilter(t *testing.T) {

err := json.Unmarshal([]byte(tcase.result), &expected)
require.NoError(t, err)
err = json.Unmarshal([]byte(gqlResponse.Data), &result)
err = json.Unmarshal(gqlResponse.Data, &result)
require.NoError(t, err)

opt := cmpopts.IgnoreFields(Project{}, "ProjID")
Expand All @@ -315,27 +315,27 @@ func TestAddAndRBACFilterMultiple(t *testing.T) {
result: `{"addIssue": {"issue":[{"msg":"issue_add_5"}, {"msg":"issue_add_6"}, {"msg":"issue_add_7"}]}}`,
variables: map[string]interface{}{"issues": []*Issue{{
Msg: "issue_add_5",
Owner: &User{Username: "user8"},
Owner: &common.User{Username: "user8"},
}, {
Msg: "issue_add_6",
Owner: &User{Username: "user8"},
Owner: &common.User{Username: "user8"},
}, {
Msg: "issue_add_7",
Owner: &User{Username: "user8"},
Owner: &common.User{Username: "user8"},
}}},
}, {
user: "user8",
role: "ADMIN",
result: ``,
variables: map[string]interface{}{"issues": []*Issue{{
Msg: "issue_add_8",
Owner: &User{Username: "user8"},
Owner: &common.User{Username: "user8"},
}, {
Msg: "issue_add_9",
Owner: &User{Username: "user8"},
Owner: &common.User{Username: "user8"},
}, {
Msg: "issue_add_10",
Owner: &User{Username: "user9"},
Owner: &common.User{Username: "user9"},
}}},
}}

Expand Down Expand Up @@ -373,7 +373,7 @@ func TestAddAndRBACFilterMultiple(t *testing.T) {

err := json.Unmarshal([]byte(tcase.result), &expected)
require.NoError(t, err)
err = json.Unmarshal([]byte(gqlResponse.Data), &result)
err = json.Unmarshal(gqlResponse.Data, &result)
require.NoError(t, err)

opt := cmpopts.IgnoreFields(Issue{}, "Id")
Expand All @@ -394,23 +394,23 @@ func TestAddAndRBACFilter(t *testing.T) {
result: `{"addIssue": {"issue":[{"msg":"issue_add_1"}]}}`,
variables: map[string]interface{}{"issue": &Issue{
Msg: "issue_add_1",
Owner: &User{Username: "user7"},
Owner: &common.User{Username: "user7"},
}},
}, {
user: "user7",
role: "ADMIN",
result: ``,
variables: map[string]interface{}{"issue": &Issue{
Msg: "issue_add_2",
Owner: &User{Username: "user8"},
Owner: &common.User{Username: "user8"},
}},
}, {
user: "user7",
role: "USER",
result: ``,
variables: map[string]interface{}{"issue": &Issue{
Msg: "issue_add_3",
Owner: &User{Username: "user7"},
Owner: &common.User{Username: "user7"},
}},
}}

Expand Down Expand Up @@ -448,7 +448,7 @@ func TestAddAndRBACFilter(t *testing.T) {

err := json.Unmarshal([]byte(tcase.result), &expected)
require.NoError(t, err)
err = json.Unmarshal([]byte(gqlResponse.Data), &result)
err = json.Unmarshal(gqlResponse.Data, &result)
require.NoError(t, err)

opt := cmpopts.IgnoreFields(Issue{}, "Id")
Expand Down Expand Up @@ -510,7 +510,7 @@ func TestAddComplexFilter(t *testing.T) {
RegionsAvailable: []*Region{{
Name: "add_region_2",
Global: false,
Users: []*User{{
Users: []*common.User{{
Username: "user8",
}},
}},
Expand Down Expand Up @@ -552,7 +552,7 @@ func TestAddComplexFilter(t *testing.T) {

err := json.Unmarshal([]byte(tcase.result), &expected)
require.NoError(t, err)
err = json.Unmarshal([]byte(gqlResponse.Data), &result)
err = json.Unmarshal(gqlResponse.Data, &result)
require.NoError(t, err)

opt := cmpopts.IgnoreFields(Movie{}, "Id")
Expand Down Expand Up @@ -618,7 +618,7 @@ func TestAddRBACFilter(t *testing.T) {

err := json.Unmarshal([]byte(tcase.result), &expected)
require.NoError(t, err)
err = json.Unmarshal([]byte(gqlResponse.Data), &result)
err = json.Unmarshal(gqlResponse.Data, &result)
require.NoError(t, err)

opt := cmpopts.IgnoreFields(Log{}, "Id")
Expand Down
78 changes: 50 additions & 28 deletions graphql/e2e/auth/auth_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,25 +41,11 @@ var (
metaInfo *testutil.AuthMeta
)

type Tweets struct {
Id string `json:"id,omitempty"`
Text string `json:"text,omitempty"`
Timestamp string `json:"timestamp,omitempty"`
User User `json:"user,omitempty"`
}

type User struct {
Username string `json:"username,omitempty"`
Age uint64 `json:"age,omitempty"`
IsPublic bool `json:"isPublic,omitempty"`
Disabled bool `json:"disabled,omitempty"`
}

type Region struct {
Id string `json:"id,omitempty"`
Name string `json:"name,omitempty"`
Users []*User `json:"users,omitempty"`
Global bool `json:"global,omitempty"`
Id string `json:"id,omitempty"`
Name string `json:"name,omitempty"`
Users []*common.User `json:"users,omitempty"`
Global bool `json:"global,omitempty"`
}

type Movie struct {
Expand All @@ -70,9 +56,9 @@ type Movie struct {
}

type Issue struct {
Id string `json:"id,omitempty"`
Msg string `json:"msg,omitempty"`
Owner *User `json:"owner,omitempty"`
Id string `json:"id,omitempty"`
Msg string `json:"msg,omitempty"`
Owner *common.User `json:"owner,omitempty"`
}

type Log struct {
Expand All @@ -88,16 +74,16 @@ type ComplexLog struct {
}

type Role struct {
Id string `json:"id,omitempty"`
Permission string `json:"permission,omitempty"`
AssignedTo []*User `json:"assignedTo,omitempty"`
Id string `json:"id,omitempty"`
Permission string `json:"permission,omitempty"`
AssignedTo []*common.User `json:"assignedTo,omitempty"`
}

type Ticket struct {
Id string `json:"id,omitempty"`
OnColumn *Column `json:"onColumn,omitempty"`
Title string `json:"title,omitempty"`
AssignedTo []*User `json:"assignedTo,omitempty"`
Id string `json:"id,omitempty"`
OnColumn *Column `json:"onColumn,omitempty"`
Title string `json:"title,omitempty"`
AssignedTo []*common.User `json:"assignedTo,omitempty"`
}

type Column struct {
Expand Down Expand Up @@ -280,6 +266,42 @@ func (s Student) add(t *testing.T) {
require.JSONEq(t, result, string(gqlResponse.Data))
}

func TestAddMutationWithXid(t *testing.T) {
mutation := `
mutation addTweets($tweet: AddTweetsInput!){
addTweets(input: [$tweet]) {
numUids
}
}
`

tweet := common.Tweets{
Id: "tweet1",
Text: "abc",
Timestamp: "2020-10-10",
}
user := "foo"
addTweetsParams := &common.GraphQLParams{
Headers: common.GetJWT(t, user, "", metaInfo),
Query: mutation,
Variables: map[string]interface{}{"tweet": tweet},
}

// Add the tweet for the first time.
gqlResponse := addTweetsParams.ExecuteAsPost(t, common.GraphqlURL)
require.Nil(t, gqlResponse.Errors)

// Re-adding the tweet should fail.
gqlResponse = addTweetsParams.ExecuteAsPost(t, common.GraphqlURL)
require.Error(t, gqlResponse.Errors)
require.Equal(t, len(gqlResponse.Errors), 1)
require.Contains(t, gqlResponse.Errors[0].Error(),
"GraphQL debug: id already exists for type Tweets")

// Clear the tweet.
tweet.DeleteByID(t, user, metaInfo)
}

func TestAuthWithDgraphDirective(t *testing.T) {
students := []Student{
{
Expand Down
33 changes: 33 additions & 0 deletions graphql/e2e/auth/debug_off/debugoff_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,39 @@ func TestAddGQL(t *testing.T) {
}
}

func TestAddMutationWithXid(t *testing.T) {
mutation := `
mutation addTweets($tweet: AddTweetsInput!){
addTweets(input: [$tweet]) {
numUids
}
}
`

tweet := common.Tweets{
Id: "tweet1",
Text: "abc",
Timestamp: "2020-10-10",
}
user := "foo"
addTweetsParams := &common.GraphQLParams{
Headers: common.GetJWT(t, user, "", metaInfo),
Query: mutation,
Variables: map[string]interface{}{"tweet": tweet},
}

// Add the tweet for the first time.
gqlResponse := addTweetsParams.ExecuteAsPost(t, common.GraphqlURL)
require.Nil(t, gqlResponse.Errors)

// Re-adding the tweet should fail.
gqlResponse = addTweetsParams.ExecuteAsPost(t, common.GraphqlURL)
require.Nil(t, gqlResponse.Errors)

// Clear the tweet.
tweet.DeleteByID(t, user, metaInfo)
}

func TestMain(m *testing.M) {
schemaFile := "../schema.graphql"
schema, err := ioutil.ReadFile(schemaFile)
Expand Down
4 changes: 2 additions & 2 deletions graphql/e2e/auth/delete_mutation_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -374,11 +374,11 @@ func TestDeleteRBACRuleInverseField(t *testing.T) {
addTweetsParams := &common.GraphQLParams{
Headers: common.GetJWT(t, "foo", "", metaInfo),
Query: mutation,
Variables: map[string]interface{}{"tweet": Tweets{
Variables: map[string]interface{}{"tweet": common.Tweets{
Id: "tweet1",
Text: "abc",
Timestamp: "2020-10-10",
User: User{
User: &common.User{
Username: "foo",
},
}},
Expand Down
1 change: 1 addition & 0 deletions graphql/e2e/auth/schema.graphql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ type User @auth(
}

type Tweets @auth (
query: { rule: "{$ROLE: { eq: \"admin\" } }"},
add: { rule: "{$USER: { eq: \"foo\" } }"},
delete: { rule: "{$USER: { eq: \"foo\" } }"},
update: { rule: "{$USER: { eq: \"foo\" } }"}
Expand Down
32 changes: 32 additions & 0 deletions graphql/e2e/common/common.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,20 @@ type GraphQLResponse struct {
Extensions map[string]interface{} `json:"extensions,omitempty"`
}

type Tweets struct {
Id string `json:"id,omitempty"`
Text string `json:"text,omitempty"`
Timestamp string `json:"timestamp,omitempty"`
User *User `json:"user,omitempty"`
}

type User struct {
Username string `json:"username,omitempty"`
Age uint64 `json:"age,omitempty"`
IsPublic bool `json:"isPublic,omitempty"`
Disabled bool `json:"disabled,omitempty"`
}

type country struct {
ID string `json:"id,omitempty"`
Name string `json:"name,omitempty"`
Expand Down Expand Up @@ -179,6 +193,24 @@ type UserSecret struct {
OwnedBy string `json:"ownedBy,omitempty"`
}

func (twt *Tweets) DeleteByID(t *testing.T, user string, metaInfo *testutil.AuthMeta) {
getParams := &GraphQLParams{
Headers: GetJWT(t, user, "", metaInfo),
Query: `
mutation delTweets ($filter : TweetsFilter!){
deleteTweets (filter: $filter) {
numUids
}
}
`,
Variables: map[string]interface{}{"filter": map[string]interface{}{
"id": map[string]interface{}{"eq": twt.Id},
}},
}
gqlResponse := getParams.ExecuteAsPost(t, GraphqlURL)
require.Nil(t, gqlResponse.Errors)
}

func (us *UserSecret) Delete(t *testing.T, user, role string, metaInfo *testutil.AuthMeta) {
getParams := &GraphQLParams{
Headers: GetJWT(t, user, role, metaInfo),
Expand Down
Loading