Skip to content

Commit

Permalink
fix(GraphQL): Remove auth error from mutation. (#6329)
Browse files Browse the repository at this point in the history 
* Remove auth error from add mutation.
  • Loading branch information
Arijit Das committed Sep 2, 2020
1 parent be9ebd0 commit 991f72f
Show file tree
Hide file tree
Showing 20 changed files with 537 additions and 241 deletions.
2 changes: 2 additions & 0 deletions dgraph/cmd/alpha/run.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -200,6 +200,7 @@ they form a Raft group and provide synchronous replication.
grpc.EnableTracing = false

flag.Bool("graphql_introspection", true, "Set to false for no GraphQL schema introspection")
flag.Bool("graphql_debug", false, "Enable debug mode in GraphQL. This returns auth errors to clients. We do not recommend turning it on for production.")
flag.Bool("ludicrous_mode", false, "Run alpha in ludicrous mode")
flag.Int("ludicrous_concurrency", 2000, "Number of concurrent threads in ludicrous mode")
flag.Bool("graphql_extensions", true, "Set to false if extensions not required in GraphQL response body")
Expand Down Expand Up @@ -720,6 +721,7 @@ func run() {
x.Config.NormalizeNodeLimit = cast.ToInt(Alpha.Conf.GetString("normalize_node_limit"))
x.Config.PollInterval = Alpha.Conf.GetDuration("graphql_poll_interval")
x.Config.GraphqlExtension = Alpha.Conf.GetBool("graphql_extensions")
x.Config.GraphqlDebug = Alpha.Conf.GetBool("graphql_debug")

x.PrintVersion()
glog.Infof("x.Config: %+v", x.Config)
Expand Down
59 changes: 25 additions & 34 deletions graphql/e2e/auth/add_mutation_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,25 +26,9 @@ import (
"github.com/stretchr/testify/require"
)

func (us *UserSecret) delete(t *testing.T, user, role string) {
getParams := &common.GraphQLParams{
Headers: getJWT(t, user, role),
Query: `
mutation deleteUserSecret($ids: [ID!]) {
deleteUserSecret(filter:{id:$ids}) {
msg
}
}
`,
Variables: map[string]interface{}{"ids": []string{us.Id}},
}
gqlResponse := getParams.ExecuteAsPost(t, graphqlURL)
require.Nil(t, gqlResponse.Errors)
}

func (p *Project) delete(t *testing.T, user, role string) {
getParams := &common.GraphQLParams{
Headers: getJWT(t, user, role),
Headers: common.GetJWT(t, user, role, metaInfo),
Query: `
mutation deleteProject($ids: [ID!]) {
deleteProject(filter:{projID:$ids}) {
Expand All @@ -60,7 +44,7 @@ func (p *Project) delete(t *testing.T, user, role string) {

func (c *Column) delete(t *testing.T, user, role string) {
getParams := &common.GraphQLParams{
Headers: getJWT(t, user, role),
Headers: common.GetJWT(t, user, role, metaInfo),
Query: `
mutation deleteColumn($colids: [ID!]) {
deleteColumn(filter:{colID:$colids}) {
Expand All @@ -76,7 +60,7 @@ func (c *Column) delete(t *testing.T, user, role string) {

func (i *Issue) delete(t *testing.T, user, role string) {
getParams := &common.GraphQLParams{
Headers: getJWT(t, user, role),
Headers: common.GetJWT(t, user, role, metaInfo),
Query: `
mutation deleteIssue($ids: [ID!]) {
deleteIssue(filter:{id:$ids}) {
Expand All @@ -92,7 +76,7 @@ func (i *Issue) delete(t *testing.T, user, role string) {

func (l *Log) delete(t *testing.T, user, role string) {
getParams := &common.GraphQLParams{
Headers: getJWT(t, user, role),
Headers: common.GetJWT(t, user, role, metaInfo),
Query: `
mutation deleteLog($ids: [ID!]) {
deleteLog(filter:{id:$ids}) {
Expand All @@ -108,7 +92,7 @@ func (l *Log) delete(t *testing.T, user, role string) {

func (m *Movie) delete(t *testing.T, user, role string) {
getParams := &common.GraphQLParams{
Headers: getJWT(t, user, role),
Headers: common.GetJWT(t, user, role, metaInfo),
Query: `
mutation deleteMovie($ids: [ID!]) {
deleteMovie(filter:{id:$ids}) {
Expand Down Expand Up @@ -197,14 +181,15 @@ func TestAddDeepFilter(t *testing.T) {

for _, tcase := range testCases {
getUserParams := &common.GraphQLParams{
Headers: getJWT(t, tcase.user, tcase.role),
Headers: common.GetJWT(t, tcase.user, tcase.role, metaInfo),
Query: query,
Variables: tcase.variables,
}

gqlResponse := getUserParams.ExecuteAsPost(t, graphqlURL)
if tcase.result == "" {
require.Equal(t, len(gqlResponse.Errors), 1)
require.Contains(t, gqlResponse.Errors[0].Message, "authorization failed")
continue
}

Expand Down Expand Up @@ -293,14 +278,15 @@ func TestAddOrRBACFilter(t *testing.T) {

for _, tcase := range testCases {
getUserParams := &common.GraphQLParams{
Headers: getJWT(t, tcase.user, tcase.role),
Headers: common.GetJWT(t, tcase.user, tcase.role, metaInfo),
Query: query,
Variables: tcase.variables,
}

gqlResponse := getUserParams.ExecuteAsPost(t, graphqlURL)
if tcase.result == "" {
require.Equal(t, len(gqlResponse.Errors), 1)
require.Contains(t, gqlResponse.Errors[0].Message, "authorization failed")
continue
}

Expand Down Expand Up @@ -371,14 +357,15 @@ func TestAddAndRBACFilterMultiple(t *testing.T) {

for _, tcase := range testCases {
getUserParams := &common.GraphQLParams{
Headers: getJWT(t, tcase.user, tcase.role),
Headers: common.GetJWT(t, tcase.user, tcase.role, metaInfo),
Query: query,
Variables: tcase.variables,
}

gqlResponse := getUserParams.ExecuteAsPost(t, graphqlURL)
if tcase.result == "" {
require.Equal(t, len(gqlResponse.Errors), 1)
require.Contains(t, gqlResponse.Errors[0].Message, "authorization failed")
continue
}

Expand Down Expand Up @@ -445,14 +432,15 @@ func TestAddAndRBACFilter(t *testing.T) {

for _, tcase := range testCases {
getUserParams := &common.GraphQLParams{
Headers: getJWT(t, tcase.user, tcase.role),
Headers: common.GetJWT(t, tcase.user, tcase.role, metaInfo),
Query: query,
Variables: tcase.variables,
}

gqlResponse := getUserParams.ExecuteAsPost(t, graphqlURL)
if tcase.result == "" {
require.Equal(t, len(gqlResponse.Errors), 1)
require.Contains(t, gqlResponse.Errors[0].Message, "authorization failed")
continue
}

Expand Down Expand Up @@ -548,14 +536,15 @@ func TestAddComplexFilter(t *testing.T) {

for _, tcase := range testCases {
getUserParams := &common.GraphQLParams{
Headers: getJWT(t, tcase.user, tcase.role),
Headers: common.GetJWT(t, tcase.user, tcase.role, metaInfo),
Query: query,
Variables: tcase.variables,
}

gqlResponse := getUserParams.ExecuteAsPost(t, graphqlURL)
if tcase.result == "" {
require.Equal(t, len(gqlResponse.Errors), 1)
require.Contains(t, gqlResponse.Errors[0].Message, "authorization failed")
continue
}

Expand Down Expand Up @@ -613,14 +602,15 @@ func TestAddRBACFilter(t *testing.T) {

for _, tcase := range testCases {
getUserParams := &common.GraphQLParams{
Headers: getJWT(t, tcase.user, tcase.role),
Headers: common.GetJWT(t, tcase.user, tcase.role, metaInfo),
Query: query,
Variables: tcase.variables,
}

gqlResponse := getUserParams.ExecuteAsPost(t, graphqlURL)
if tcase.result == "" {
require.Equal(t, len(gqlResponse.Errors), 1)
require.Contains(t, gqlResponse.Errors[0].Message, "authorization failed")
continue
}

Expand All @@ -646,14 +636,14 @@ func TestAddGQLOnly(t *testing.T) {
testCases := []TestCase{{
user: "user1",
result: `{"addUserSecret":{"usersecret":[{"aSecret":"secret1"}]}}`,
variables: map[string]interface{}{"user": &UserSecret{
variables: map[string]interface{}{"user": &common.UserSecret{
ASecret: "secret1",
OwnedBy: "user1",
}},
}, {
user: "user2",
result: ``,
variables: map[string]interface{}{"user": &UserSecret{
variables: map[string]interface{}{"user": &common.UserSecret{
ASecret: "secret2",
OwnedBy: "user1",
}},
Expand All @@ -670,37 +660,38 @@ func TestAddGQLOnly(t *testing.T) {
`
var expected, result struct {
AddUserSecret struct {
UserSecret []*UserSecret
UserSecret []*common.UserSecret
}
}

for _, tcase := range testCases {
getUserParams := &common.GraphQLParams{
Headers: getJWT(t, tcase.user, tcase.role),
Headers: common.GetJWT(t, tcase.user, tcase.role, metaInfo),
Query: query,
Variables: tcase.variables,
}

gqlResponse := getUserParams.ExecuteAsPost(t, graphqlURL)
if tcase.result == "" {
require.Equal(t, len(gqlResponse.Errors), 1)
require.Contains(t, gqlResponse.Errors[0].Message, "authorization failed")
continue
}

require.Nil(t, gqlResponse.Errors)

err := json.Unmarshal([]byte(tcase.result), &expected)
require.NoError(t, err)
err = json.Unmarshal([]byte(gqlResponse.Data), &result)
err = json.Unmarshal(gqlResponse.Data, &result)
require.NoError(t, err)

opt := cmpopts.IgnoreFields(UserSecret{}, "Id")
opt := cmpopts.IgnoreFields(common.UserSecret{}, "Id")
if diff := cmp.Diff(expected, result, opt); diff != "" {
t.Errorf("result mismatch (-want +got):\n%s", diff)
}

for _, i := range result.AddUserSecret.UserSecret {
i.delete(t, tcase.user, tcase.role)
i.Delete(t, tcase.user, tcase.role, metaInfo)
}
}
}
Loading

0 comments on commit 991f72f

Please sign in to comment.