-
Notifications
You must be signed in to change notification settings - Fork 816
/
searchable-auth.test.ts
93 lines (91 loc) · 3.13 KB
/
searchable-auth.test.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
import { AuthTransformer } from '../graphql-auth-transformer';
import { ModelTransformer } from '@aws-amplify/graphql-model-transformer';
import { SearchableModelTransformer } from '@aws-amplify/graphql-searchable-transformer';
import { GraphQLTransform } from '@aws-amplify/graphql-transformer-core';
import { AppSyncAuthConfiguration } from '@aws-amplify/graphql-transformer-interfaces';
test('auth logic is enabled on owner/static rules in es request', () => {
const validSchema = `
type Comment @model
@searchable
@auth(rules: [
{ allow: owner }
{ allow: groups, groups: ["writer"]}
])
{
id: ID!
content: String
}
`;
const authConfig: AppSyncAuthConfiguration = {
defaultAuthentication: {
authenticationType: 'AMAZON_COGNITO_USER_POOLS',
},
additionalAuthenticationProviders: [],
};
const transformer = new GraphQLTransform({
authConfig,
transformers: [
new ModelTransformer(),
new SearchableModelTransformer(),
new AuthTransformer({
authConfig,
addAwsIamAuthInOutputSchema: false,
}),
],
});
const out = transformer.transform(validSchema);
// expect response resolver to contain auth logic for owner rule
expect(out).toBeDefined();
expect(out.pipelineFunctions['Query.searchComments.auth.1.req.vtl']).toContain(
'"terms": [$util.defaultIfNull($ctx.identity.claims.get("username"), $util.defaultIfNull($ctx.identity.claims.get("cognito:username"), "___xamznone____"))],',
);
// expect response resolver to contain auth logic for group rule
expect(out.pipelineFunctions['Query.searchComments.auth.1.req.vtl']).toContain(
'#set( $staticGroupRoles = [{"claim":"cognito:groups","entity":"writer"}] )',
);
});
test('auth logic is enabled for iam/apiKey auth rules', () => {
const validSchema = `
type Post @model
@searchable
@auth(rules: [
{ allow: public, provider: apiKey } # api key is allowed
{ allow: private, provider: iam } # auth roles are allowed
]) {
id: ID!
content: String
secret: String @auth(rules: [{ allow: private, provider: iam }]) # only auth role can do crud on this
}
`;
const authConfig: AppSyncAuthConfiguration = {
defaultAuthentication: {
authenticationType: 'AMAZON_COGNITO_USER_POOLS',
},
additionalAuthenticationProviders: [
{
authenticationType: 'API_KEY',
apiKeyConfig: {
description: 'E2E Test API Key',
apiKeyExpirationDays: 300,
},
},
{
authenticationType: 'AWS_IAM',
},
],
};
const transformer = new GraphQLTransform({
authConfig,
transformers: [
new ModelTransformer(),
new SearchableModelTransformer(),
new AuthTransformer({
authConfig,
addAwsIamAuthInOutputSchema: false,
}),
],
});
const out = transformer.transform(validSchema);
expect(out).toBeDefined();
expect(out.schema).toContain('SearchablePostConnection @aws_api_key @aws_iam');
});