public async Task DownlevelSecurityRequirementNotMetDenysTheSubscription() { var builder = new TestServerBuilder() .AddSubscriptionServer() .AddGraphType <SecureSubscriptionWidgetController>(); // define the policy (declared on the controller) // to require "role1" but assign the user "role4" builder.Authorization.AddRolePolicy("SecureWidgetPolicy", "role1"); builder.User.AddUserRole("role4"); var server = builder.Build(); // setup a subscription against an insecure endpoint (unsecurewidgetChanged) // but request a secure field from the result (secureDate) // this should reslt in the subscription being denied var queryBuilder = server.CreateQueryContextBuilder(); queryBuilder.AddQueryText( @"subscription { unsecureWidgetChanged(nameLike: ""j""){ id name description secureDate } }"); var result = await server.ExecuteQuery(queryBuilder); Assert.IsNotNull(result); Assert.IsNull(result.Data); Assert.AreEqual(1, result.Messages.Count); Assert.AreEqual(Constants.ErrorCodes.ACCESS_DENIED, result.Messages[0].Code); }
public async Task SchemaBuilder_AddMiddleware_AsFunctionRegistration_AppearsInPipeline() { int counter = 0; var serverBuilder = new TestServerBuilder <CandleSchema>(); var builder = serverBuilder.AddGraphQL <CandleSchema>(options => { options.AddGraphType <CandleController>(); }); builder.FieldExecutionPipeline.AddMiddleware((req, next, token) => { counter++; return(next(req, token)); }); var server = serverBuilder.Build(); var queryBuilder = server.CreateQueryContextBuilder(); queryBuilder.AddQueryText("{candles{ candle(id: 18){ name }}}"); var result = await server.ExecuteQuery(queryBuilder); Assert.IsTrue(result.Data != null); // resolution of fields "queryType_candles", "candle" and "name" // means the middleware should be called 3x Assert.AreEqual(3, counter); }
public async Task ProductionDefaults_CamelCasedTypeNames() { var builder = new TestServerBuilder() .AddGraphType <FanController>(); builder.AddGraphQL(o => { o.DeclarationOptions.GraphNamingFormatter = new GraphNameFormatter(typeNameStrategy: GraphNameFormatStrategy.CamelCase); }); var server = builder.Build(); var queryBuilder = server.CreateQueryContextBuilder(); queryBuilder.AddQueryText("{ __type(name: \"fanItem\"){ name, kind} }"); var result = await server.RenderResult(queryBuilder).ConfigureAwait(false); var expectedResult = @" { ""data"" : { ""__type"": { ""name"" : ""fanItem"", ""kind"" : ""OBJECT"", } } }"; CommonAssertions.AreEqualJsonStrings(expectedResult, result); }
public async Task MultiPolicyCheck_UserPassesOnly1_Fail() { var builder = new TestServerBuilder() .AddGraphType <Controller_NoPolicies>(); builder.Authorization.AddRolePolicy("RequireRole6", "role6"); builder.Authorization.AddClaimPolicy("RequireClaim7", "testClaim7", "testClaim7Value"); // user has role requirements builder.User.AddUserRole("role6"); // user does not have claims requirements builder.User.AddUserClaim("testClaim8", "testClaim8Value"); var server = builder.Build(); var fieldBuilder = server.CreateFieldContextBuilder <Controller_NoPolicies>( nameof(Controller_NoPolicies.MultiPolicyMethod_RequireRole6_RequireClaim7)); var authContext = fieldBuilder.CreateAuthorizationContext(); await server.ExecuteFieldAuthorization(authContext); AssertAuthorizationFails(authContext.Result); }
public async Task ProductionDefaults_LowerCaseEnumValues() { var builder = new TestServerBuilder() .AddGraphType <FanController>(); builder.AddGraphQL(o => { o.DeclarationOptions.GraphNamingFormatter = new GraphNameFormatter(enumValueStrategy: GraphNameFormatStrategy.LowerCase); }); var server = builder.Build(); var queryBuilder = server.CreateQueryContextBuilder(); queryBuilder.AddQueryText("{ retrieveFan(name: \"bob\"){ id, name, fanSpeed} }"); var result = await server.RenderResult(queryBuilder).ConfigureAwait(false); var expectedResult = @" { ""data"" : { ""retrieveFan"": { ""id"" : 1, ""name"" : ""bob"", ""fanSpeed"" : ""medium"" } } }"; CommonAssertions.AreEqualJsonStrings(expectedResult, result); }
public async Task ProductionDefaults_UpperCaseFieldNames() { var builder = new TestServerBuilder() .AddGraphType <FanController>(); builder.AddGraphQL(o => { o.DeclarationOptions.GraphNamingFormatter = new GraphNameFormatter(fieldNameStrategy: GraphNameFormatStrategy.UpperCase); }); var server = builder.Build(); var queryBuilder = server.CreateQueryContextBuilder(); queryBuilder.AddQueryText("{ RETRIEVEFAN(NAME: \"bob\"){ ID, NAME, FANSPEED} }"); var result = await server.RenderResult(queryBuilder).ConfigureAwait(false); var expectedResult = @" { ""data"" : { ""RETRIEVEFAN"": { ""ID"" : 1, ""NAME"" : ""bob"", ""FANSPEED"" : ""MEDIUM"" } } }"; CommonAssertions.AreEqualJsonStrings(expectedResult, result); }
public void NoFoundMiddlewareComponent_ThrowsException() { var serverBuilder = new TestServerBuilder <GraphSchema>(TestOptions.UseCodeDeclaredNames) .AddGraphType <MiddlewareController>(); // do not setup an event handler on the pipeline builder, meaning no injection of the middleware component // to the service provider (test server builder). The invoker will not be able to instantiate // the requested middleware component for invocation and should throw an exception var pipelineBuilder = new SchemaPipelineBuilder <GraphSchema, IGraphFieldExecutionMiddleware, GraphFieldExecutionContext>(); // a pipeline with one component pipelineBuilder.AddMiddleware <TestMiddleware1>(ServiceLifetime.Singleton); var pipeline = pipelineBuilder.Build(); Assert.IsNotNull(pipeline); // fake a graph ql request context var server = serverBuilder.Build(); var fieldBuilder = server.CreateFieldContextBuilder <MiddlewareController>(nameof(MiddlewareController.FieldOfData)); var executionContext = fieldBuilder.CreateExecutionContext(); // execute the pipeline, exception should be thrown Assert.ThrowsAsync <GraphPipelineMiddlewareInvocationException>( async() => { await pipeline.InvokeAsync(executionContext, CancellationToken.None); }); }
public void IntrospectedScalar_PropertyCheck() { var serverBuilder = new TestServerBuilder(); serverBuilder.AddGraphType <string>(); var server = serverBuilder.Build(); var schema = new IntrospectedSchema(server.Schema); var scalar = GraphQLProviders.ScalarProvider.RetrieveScalar(typeof(string)); var spected = new IntrospectedType(scalar); spected.Initialize(schema); Assert.AreEqual(scalar.Name, spected.Name); Assert.AreEqual(scalar.Description, spected.Description); Assert.AreEqual(scalar.Kind, spected.Kind); Assert.IsNull(spected.Fields); Assert.IsNull(spected.Interfaces); Assert.IsNull(spected.PossibleTypes); Assert.IsNull(spected.EnumValues); Assert.IsNull(spected.InputFields); Assert.IsNull(spected.OfType); }
public async Task MultiSecurityGroup_PassesOuter_PassesInner_Success() { var builder = new TestServerBuilder() .AddGraphType <Controller_NoPolicies>(); // controller policy builder.Authorization.AddClaimPolicy("RequiresPolicy5", "testClaim5", "testClaim5Value"); // method policy builder.Authorization.AddRolePolicy("RequiresRole1", "role1"); // user meets controller policy builder.User.AddUserClaim("testClaim5", "testClaim5Value"); // user meet method policy builder.User.AddUserRole("role1"); var server = builder.Build(); var fieldBuilder = server.CreateFieldContextBuilder <Controller_Policy_RequiresPolicy5>( nameof(Controller_Policy_RequiresPolicy5.Policy_RequiresRole1)); var authContext = fieldBuilder.CreateAuthorizationContext(); await server.ExecuteFieldAuthorization(authContext); AssertAuthorizationSuccess(authContext.Result); }
public async Task UnauthorizedSubscriptionRequestDenysCreation() { var builder = new TestServerBuilder() .AddSubscriptionServer() .AddGraphType <SecureSubscriptionWidgetController>(); // define the policy (declared on the controller) // to require "role1" but assign the user "role4" builder.Authorization.AddRolePolicy("SecureWidgetPolicy", "role1"); builder.User.AddUserRole("role4"); var server = builder.Build(); var queryBuilder = server.CreateQueryContextBuilder(); queryBuilder.AddQueryText( @"subscription { secureWidgetChanged(nameLike: ""j""){ id name description } }"); var result = await server.ExecuteQuery(queryBuilder); Assert.IsNotNull(result); Assert.IsNull(result.Data); Assert.AreEqual(1, result.Messages.Count); Assert.AreEqual(Constants.ErrorCodes.ACCESS_DENIED, result.Messages[0].Code); }
public async Task SingletonMiddlewareWithUserProvidedInstance_NeverAttemptsToCreateAnInstance() { var serverBuilder = new TestServerBuilder <GraphSchema>(TestOptions.UseCodeDeclaredNames) .AddGraphType <MiddlewareController>(); var idsCalled = new List <string>(); var middlewareService = new Mock <IMiddlewareTestService>(); middlewareService.Setup(x => x.BeforeNext(It.IsAny <string>())).Callback( (string idValue) => { idsCalled.Add(idValue); }).Verifiable(); serverBuilder.AddSingleton(middlewareService.Object); // mock the calls that would be made through the primary builder to generate a fake pipeline var pipelineBuilder = new SchemaPipelineBuilder <GraphSchema, IGraphFieldExecutionMiddleware, GraphFieldExecutionContext>(); pipelineBuilder.TypeReferenceAdded += this.CreateTypeAddHandler(serverBuilder); // premake the singleton middleware component var component = new TestMiddlewareSingleton(middlewareService.Object); // inject the component into the pipeline as an item, not just a type reference pipelineBuilder.AddMiddleware(component); // make sure a delegate was created var pipeline = pipelineBuilder.Build(); Assert.IsNotNull(pipeline); var server = serverBuilder.Build(); var builder = server.CreateFieldContextBuilder <MiddlewareController>(nameof(MiddlewareController.FieldOfData)); // make an empty service collection (preventing creation if the middleware isnt found) var sc = new ServiceCollection(); builder.ServiceProvider = sc.BuildServiceProvider(); // execute the pipeline multiple times await pipeline.InvokeAsync(builder.CreateExecutionContext(), CancellationToken.None); await pipeline.InvokeAsync(builder.CreateExecutionContext(), CancellationToken.None); await pipeline.InvokeAsync(builder.CreateExecutionContext(), CancellationToken.None); await pipeline.InvokeAsync(builder.CreateExecutionContext(), CancellationToken.None); await pipeline.InvokeAsync(builder.CreateExecutionContext(), CancellationToken.None); // ensure all methods that were expected to be called, were called middlewareService.Verify(x => x.BeforeNext(It.IsAny <string>()), Times.Exactly(5)); // ensure that each time the middleware was called and an id saved off // that hte Id never changed (it was never "newed up" more than once and the original object id was used each time) Assert.AreEqual(5, idsCalled.Count); foreach (var id in idsCalled) { Assert.AreEqual(component.Id, id); } }
public WebApplicationFactory <Gherkin.Core.OrderCheckingAPI.Startup> Build() { var result = _testServerBuilder.Build(); _testServerBuilder = null; return(result); }
private (IGraphQLHttpProcessor <GraphSchema> Processor, HttpContext Context) CreateQueryArtifacts(GraphQueryData data = null) { var builder = new TestServerBuilder(TestOptions.UseCodeDeclaredNames); builder.AddGraphType <CandyController>(); var server = builder.Build(); return(server.CreateHttpQueryProcessor(), server.CreateHttpContext(data)); }
public async Task ExceptionOnMessage_RendersAsExpected() { var fixedDate = DateTimeOffset.UtcNow.UtcDateTime; var builder = new TestServerBuilder() .AddGraphType <SimpleExecutionController>(); builder.AddGraphQL(o => { o.ResponseOptions.TimeStampLocalizer = (_) => fixedDate; }); var server = builder.Build(); var queryBuilder = server.CreateQueryContextBuilder(); queryBuilder.AddQueryText("query Operation1{ simple { throwsException } }"); var response = await server.ExecuteQuery(queryBuilder); var writer = new DefaultResponseWriter <GraphSchema>(server.Schema); var result = await this.WriteResponse(writer, response); var exceptionStackTrace = JsonEncodedText.Encode(response.Messages[0].Exception.StackTrace, JavaScriptEncoder.UnsafeRelaxedJsonEscaping).ToString(); var expectedData = @" { ""errors"": [ { ""message"": ""Operation failed."", ""locations"": [ { ""line"": 1, ""column"": 31 } ], ""path"": [ ""simple"", ""throwsException"" ], ""extensions"": { ""code"": ""UNHANDLED_EXCEPTION"", ""timestamp"": """ + fixedDate.ToRfc3339String() + @""", ""severity"": ""CRITICAL"", ""exception"": { ""type"": ""InvalidOperationException"", ""message"": ""This is an invalid message"", ""stacktrace"": """ + exceptionStackTrace + @""", } } } ] }"; CommonAssertions.AreEqualJsonStrings( expectedData, result); }
public async Task BatchExtension_SingleQueryForSingleSybling_ExecutesOnce_AndReturnsData() { var counter = new Dictionary <string, int>(); var batchService = new Mock <IBatchCounterService>(); batchService.Setup(x => x.CallCount).Returns(counter); var serverBuilder = new TestServerBuilder() .AddGraphType <BatchController>(); serverBuilder.AddSingleton(batchService.Object); var server = serverBuilder.Build(); var builder = server.CreateQueryContextBuilder(); builder.AddQueryText("query { batch { fetchData { property1, property2, sybling { syblingId, name }}}}"); var response = await server.RenderResult(builder); var expected = @" { ""data"": { ""batch"" : { ""fetchData"": [ { ""property1"": ""object0"", ""property2"": 0, ""sybling"": { ""syblingId"": ""object0"", ""name"": ""object0_sybling"" } }, { ""property1"": ""object1"", ""property2"": 1, ""sybling"": { ""syblingId"": ""object1"", ""name"": ""object1_sybling"" } }, { ""property1"": ""object2"", ""property2"": 2, ""sybling"": { ""syblingId"": ""object2"", ""name"": ""object2_sybling"" } }] } } }"; CommonAssertions.AreEqualJsonStrings(expected, response); Assert.AreEqual(1, counter[nameof(BatchController.PrimaryDataFetch)]); Assert.IsFalse(counter.ContainsKey(nameof(BatchController.FetchChildren))); Assert.AreEqual(1, counter[nameof(BatchController.FetchSibling)]); }
public async Task StandardExcution_EnsureResultsMakeSense() { var serverBuilder = new TestServerBuilder(TestOptions.IncludeMetrics); serverBuilder.AddGraphType <SimpleExecutionController>(); var server = serverBuilder.Build(); var builder = server.CreateQueryContextBuilder() .AddQueryText("query Operation1{ simple { simpleQueryMethod { property1 } } }") .AddOperationName("Operation1"); builder.AddMetrics(new ApolloTracingMetricsV1(server.Schema)); var context = builder.Build(); await server.ExecuteQuery(context); var metrics = context.Metrics as ApolloTracingMetricsV1; Assert.AreEqual(0, context.Messages.Count); // parse, validation, execution Assert.AreEqual(3, metrics.PhaseEntries.Count); // simple, SimpleQueryMethod, Property1 Assert.AreEqual(3, metrics.ResolverEntries.Count); // ensure phase ordering follows natural progression var parsePhase = metrics.PhaseEntries[ApolloExecutionPhase.PARSING]; var validationPhase = metrics.PhaseEntries[ApolloExecutionPhase.VALIDATION]; var executionPhase = metrics.PhaseEntries[ApolloExecutionPhase.EXECUTION]; Assert.IsTrue(parsePhase.StartOffsetTicks < parsePhase.EndOffsetTicks); Assert.IsTrue(parsePhase.EndOffsetTicks < validationPhase.StartOffsetTicks); Assert.IsTrue(validationPhase.StartOffsetTicks < validationPhase.EndOffsetTicks); Assert.IsTrue(validationPhase.EndOffsetTicks < executionPhase.StartOffsetTicks); Assert.IsTrue(executionPhase.StartOffsetTicks < executionPhase.EndOffsetTicks); Assert.IsTrue(executionPhase.EndOffsetTicks < metrics.TotalTicks); // ensure resolver tree follows natural progresion var simple = metrics.ResolverEntries.First(x => x.Key.Field.Name == "simple").Value; var queryMethod = metrics.ResolverEntries.First(x => x.Key.Field.Name == "simpleQueryMethod").Value; var property1 = metrics.ResolverEntries.First(x => x.Key.Field.Name == "property1").Value; Assert.IsTrue(executionPhase.StartOffsetTicks < simple.StartOffsetTicks); Assert.IsTrue(simple.StartOffsetTicks < simple.EndOffsetTicks); Assert.IsTrue(simple.EndOffsetTicks < queryMethod.StartOffsetTicks); Assert.IsTrue(queryMethod.StartOffsetTicks < queryMethod.EndOffsetTicks); Assert.IsTrue(queryMethod.EndOffsetTicks < property1.StartOffsetTicks); Assert.IsTrue(property1.StartOffsetTicks < property1.EndOffsetTicks); Assert.IsTrue(property1.EndOffsetTicks < executionPhase.EndOffsetTicks); }
public async Task SingletonMiddlewareComponent_IsNeverInstantiatedMoreThanOnce() { var serverBuilder = new TestServerBuilder <GraphSchema>(TestOptions.UseCodeDeclaredNames) .AddGraphType <MiddlewareController>(); var idsCalled = new List <string>(); var middlewareService = new Mock <IMiddlewareTestService>(); middlewareService.Setup(x => x.BeforeNext(It.IsAny <string>())).Callback( (string idValue) => { idsCalled.Add(idValue); }).Verifiable(); serverBuilder.AddSingleton(middlewareService.Object); // mock the calls that would be made through the primary builder to generate a fake pipeline var pipelineBuilder = new SchemaPipelineBuilder <GraphSchema, IGraphFieldExecutionMiddleware, GraphFieldExecutionContext>(); pipelineBuilder.TypeReferenceAdded += this.CreateTypeAddHandler(serverBuilder); pipelineBuilder.AddMiddleware <TestMiddlewareSingleton>(ServiceLifetime.Singleton); // make sure a delegate was created var pipeline = pipelineBuilder.Build(); Assert.IsNotNull(pipeline); Assert.AreEqual(2, serverBuilder.Count); // 1 middleware component + the service // fake a graph ql request context var server = serverBuilder.Build(); var builder = server.CreateFieldContextBuilder <MiddlewareController>(nameof(MiddlewareController.FieldOfData)); // execute the pipeline multiple times await pipeline.InvokeAsync(builder.CreateExecutionContext(), CancellationToken.None); await pipeline.InvokeAsync(builder.CreateExecutionContext(), CancellationToken.None); await pipeline.InvokeAsync(builder.CreateExecutionContext(), CancellationToken.None); await pipeline.InvokeAsync(builder.CreateExecutionContext(), CancellationToken.None); await pipeline.InvokeAsync(builder.CreateExecutionContext(), CancellationToken.None); // ensure all methods that were expected to be called, were called middlewareService.Verify(x => x.BeforeNext(It.IsAny <string>()), Times.Exactly(5)); // ensure that each time the middleware was called and an id saved off // that hte Id never changed (it was never "newed up" more than once) Assert.AreEqual(5, idsCalled.Count); var singleton = server.ServiceProvider.GetService <TestMiddlewareSingleton>(); foreach (var id in idsCalled) { Assert.AreEqual(singleton.Id, id); } }
private ISchema CreateSchema() { var builder = new TestServerBuilder(); var defaultScalars = new DefaultScalarTypeProvider(); foreach (var scalarConcreteType in defaultScalars.ConcreteTypes) { builder.AddGraphType(scalarConcreteType); } builder.AddGraphType(typeof(TestEnum)); return(builder.Build().Schema); }
private TestServer <GraphSchema> CreateTestServer(out TestLogger logInstance) { // fake a logger with a single instance that will accept // log entries from the run time so they can be validated in the test. logInstance = new TestLogger(); var builder = new TestServerBuilder(); builder.AddGraphType <LogTestController>(); builder.AddGraphQLLocalQueryCache(); builder.Logging.AddLoggerProvider(new TestLoggingProvider(logInstance)); builder.Logging.SetMinimumLogLevel(LogLevel.Trace); return(builder.Build()); }
public void Parse_EnumWithCustomGraphTypeName_YieldsName_InGraphType() { var template = TemplateHelper.CreateEnumTemplate <EnumWithGraphName>(); var builder = new TestServerBuilder() .AddGraphQL(o => { o.AddGraphType <EnumWithGraphName>(); }); var server = builder.Build(); var graphType = server.CreateGraphType(template.ObjectType, TypeKind.ENUM).GraphType as IEnumGraphType; Assert.AreEqual("ValidGraphName", graphType.Name); }
private TestServer <GraphSchema> MakeServer(int?allowedMaxDepth = null, float?allowedMaxComplexity = null) { var builder = new TestServerBuilder() .AddGraphType <ComplexityTestObject>() .AddGraphType <NestedComplexityTestObject>() .AddGraphType <TripleNestedComplexityObject>() .AddGraphType <ComplexityTestController>(); builder.AddGraphQL(o => { o.ExecutionOptions.MaxQueryDepth = allowedMaxDepth; o.ExecutionOptions.MaxQueryComplexity = allowedMaxComplexity; }); return(builder.Build()); }
public void IntrospectedVirtualType_HasATypeNameMetaField() { var serverBuilder = new TestServerBuilder(TestOptions.UseCodeDeclaredNames) .AddGraphType <SodaCanBuildingController>(); var server = serverBuilder.Build(); var schema = new IntrospectedSchema(server.Schema); schema.Rebuild(); var graphType = schema.FindGraphType("Query_buildings") as IObjectGraphType; var typeNameField = graphType.Fields.FirstOrDefault(x => x.Name == Constants.ReservedNames.TYPENAME_FIELD); Assert.IsNotNull(typeNameField); }
public async Task MetaDataOnMessage_RendersAsExpected() { var fixedDate = DateTimeOffset.UtcNow.UtcDateTime; var builder = new TestServerBuilder() .AddGraphType <SimpleExecutionController>(); builder.AddGraphQL(o => { o.ResponseOptions.TimeStampLocalizer = (_) => fixedDate; }); var server = builder.Build(); var queryBuilder = server.CreateQueryContextBuilder(); queryBuilder.AddQueryText("query Operation1{ simple { customMessage } }"); var response = await server.ExecuteQuery(queryBuilder); var writer = new DefaultResponseWriter <GraphSchema>(server.Schema); var result = await this.WriteResponse(writer, response); var expectedData = @" { ""errors"": [ { ""message"": ""fail text"", ""extensions"": { ""code"": ""fail code"", ""timestamp"": """ + fixedDate.ToRfc3339String() + @""", ""severity"": ""CRITICAL"", ""metaData"" : { ""customKey1"": ""customValue1"" } } } ] }"; // no errors collection generated because no errors occured. CommonAssertions.AreEqualJsonStrings( expectedData, result); }
public async Task DefaultWriteOperation_InvalidSyntax_RendersJsonWithError() { var fixedDate = DateTimeOffset.UtcNow.UtcDateTime; var serverBuilder = new TestServerBuilder() .AddGraphType <SimpleExecutionController>(); serverBuilder.AddGraphQL(o => { o.ResponseOptions.TimeStampLocalizer = (_) => fixedDate; }); var server = serverBuilder.Build(); var queryBuilder = server.CreateQueryContextBuilder(); queryBuilder.AddQueryText("query Operation1{ simple \n {{ simpleQueryMethod { property1} } }"); var response = await server.ExecuteQuery(queryBuilder); var writer = new DefaultResponseWriter <GraphSchema>(server.Schema); var result = await this.WriteResponse(writer, response); var expectedData = @" { ""errors"": [ { ""message"": ""Invalid query. Expected 'NameToken' but received 'ControlToken'"", ""locations"": [ { ""line"": 2, ""column"": 3 }], ""extensions"": { ""code"": ""SYNTAX_ERROR"", ""timestamp"": """ + fixedDate.ToRfc3339String() + @""", ""severity"": ""CRITICAL"" } }] }"; // no errors collection generated because no errors occured. CommonAssertions.AreEqualJsonStrings( expectedData, result); }
public async Task WithAuthorizedUser_AllFieldsResolve() { var serverBuilder = new TestServerBuilder() .AddGraphController <SecuredController>() .AddGraphQL(options => { options.AuthorizationOptions.Method = AuthorizationMethod.PerRequest; }); serverBuilder.User.Authenticate(); // should produce no errors and render both fields var server = serverBuilder.Build(); var builder = server.CreateQueryContextBuilder(); builder.AddQueryText(@" query { unsecured { property1 property2 } secured { property1 property2 } }"); var result = await server.RenderResult(builder); var expectedResults = @" { ""data"": { ""unsecured"": { ""property1"": ""unsecure object"", ""property2"": 1 }, ""secured"": { ""property1"": ""secured object"", ""property2"": 5 } } }"; CommonAssertions.AreEqualJsonStrings(expectedResults, result); }
public async Task AllowAnon_WhenUserDoesntPassChecks_Success() { var builder = new TestServerBuilder() .AddGraphType <Controller_NoPolicies>(); builder.Authorization.AddClaimPolicy("RequiresTestClaim7", "testClaim7", "testClaim7Value"); builder.User.AddUserClaim("testClaim6", "testClaim6Value"); var server = builder.Build(); var fieldBuilder = server.CreateFieldContextBuilder <Controller_NoPolicies>( nameof(Controller_NoPolicies.RequireClaimPolicy_RequiresTestClaim7_ButAlsoAllowAnon)); var authContext = fieldBuilder.CreateAuthorizationContext(); await server.ExecuteFieldAuthorization(authContext); AssertAuthorizationSuccess(authContext.Result); }
public async Task ClaimsPolicy_UserDoesHaveClaim_ButWrongValue_Fail() { var builder = new TestServerBuilder() .AddGraphType <Controller_NoPolicies>(); builder.Authorization.AddClaimPolicy("RequiresTestClaim6", "testClaim6", "testClaim6Value"); builder.User.AddUserClaim("testClaim6", "differentValueThanRequired"); var server = builder.Build(); var fieldBuilder = server.CreateFieldContextBuilder <Controller_NoPolicies>( nameof(Controller_NoPolicies.RequireClaimPolicy_RequiresTestClaim6)); var authContext = fieldBuilder.CreateAuthorizationContext(); await server.ExecuteFieldAuthorization(authContext); AssertAuthorizationFails(authContext.Result); }
public async Task RolePolicy_UserInRole_Success() { var builder = new TestServerBuilder() .AddGraphType <Controller_NoPolicies>(); builder.Authorization.AddRolePolicy("RequiresRole1", "role1"); builder.User.AddUserRole("role1"); var server = builder.Build(); var fieldBuilder = server.CreateFieldContextBuilder <Controller_NoPolicies>( nameof(Controller_NoPolicies.RequireRolePolicy_RequiresRole1)); var authContext = fieldBuilder.CreateAuthorizationContext(); await server.ExecuteFieldAuthorization(authContext); AssertAuthorizationSuccess(authContext.Result); }
public async Task DirectRoleCheck_UserHasRole_Succeeds() { var builder = new TestServerBuilder() .AddGraphType <Controller_NoPolicies>(); builder.User.AddUserRole("role5"); var server = builder.Build(); // policy name isnt declared on the controller method var fieldBuilder = server.CreateFieldContextBuilder <Controller_NoPolicies>( nameof(Controller_NoPolicies.MethodHasRoles_Role5)); var authContext = fieldBuilder.CreateAuthorizationContext(); await server.ExecuteFieldAuthorization(authContext); AssertAuthorizationSuccess(authContext.Result); }
private GraphTypeCreationResult MakeGraphType(Type type, TypeKind kind, TemplateDeclarationRequirements?requirements = null) { var builder = new TestServerBuilder(TestOptions.UseCodeDeclaredNames); if (requirements.HasValue) { builder.AddGraphQL(o => { o.DeclarationOptions.FieldDeclarationRequirements = requirements.Value; }); } var typeMaker = new DefaultGraphTypeMakerProvider(); var testServer = builder.Build(); var maker = typeMaker.CreateTypeMaker(testServer.Schema, kind); return(maker.CreateGraphType(type)); }