public async Task DownlevelSecurityRequirementNotMetDenysTheSubscription()
{
var builder = new TestServerBuilder()
.AddSubscriptionServer()
.AddGraphType <SecureSubscriptionWidgetController>();
// define the policy (declared on the controller)
// to require "role1" but assign the user "role4"
builder.Authorization.AddRolePolicy("SecureWidgetPolicy", "role1");
builder.User.AddUserRole("role4");
var server = builder.Build();
// setup a subscription against an insecure endpoint (unsecurewidgetChanged)
// but request a secure field from the result (secureDate)
// this should reslt in the subscription being denied
var queryBuilder = server.CreateQueryContextBuilder();
queryBuilder.AddQueryText(
@"subscription {
unsecureWidgetChanged(nameLike: ""j""){
id
name
description
secureDate
}
}");
var result = await server.ExecuteQuery(queryBuilder);
Assert.IsNotNull(result);
Assert.IsNull(result.Data);
Assert.AreEqual(1, result.Messages.Count);
Assert.AreEqual(Constants.ErrorCodes.ACCESS_DENIED, result.Messages[0].Code);
}
public async Task SchemaBuilder_AddMiddleware_AsFunctionRegistration_AppearsInPipeline()
{
int counter = 0;
var serverBuilder = new TestServerBuilder <CandleSchema>();
var builder = serverBuilder.AddGraphQL <CandleSchema>(options =>
{
options.AddGraphType <CandleController>();
});
builder.FieldExecutionPipeline.AddMiddleware((req, next, token) =>
{
counter++;
return(next(req, token));
});
var server = serverBuilder.Build();
var queryBuilder = server.CreateQueryContextBuilder();
queryBuilder.AddQueryText("{candles{ candle(id: 18){ name }}}");
var result = await server.ExecuteQuery(queryBuilder);
Assert.IsTrue(result.Data != null);
// resolution of fields "queryType_candles", "candle" and "name"
// means the middleware should be called 3x
Assert.AreEqual(3, counter);
}
public async Task ProductionDefaults_CamelCasedTypeNames()
{
var builder = new TestServerBuilder()
.AddGraphType <FanController>();
builder.AddGraphQL(o =>
{
o.DeclarationOptions.GraphNamingFormatter = new GraphNameFormatter(typeNameStrategy: GraphNameFormatStrategy.CamelCase);
});
var server = builder.Build();
var queryBuilder = server.CreateQueryContextBuilder();
queryBuilder.AddQueryText("{ __type(name: \"fanItem\"){ name, kind} }");
var result = await server.RenderResult(queryBuilder).ConfigureAwait(false);
var expectedResult = @"
{
""data"" : {
""__type"": {
""name"" : ""fanItem"",
""kind"" : ""OBJECT"",
}
}
}";
CommonAssertions.AreEqualJsonStrings(expectedResult, result);
}
public async Task MultiPolicyCheck_UserPassesOnly1_Fail()
{
var builder = new TestServerBuilder()
.AddGraphType <Controller_NoPolicies>();
builder.Authorization.AddRolePolicy("RequireRole6", "role6");
builder.Authorization.AddClaimPolicy("RequireClaim7", "testClaim7", "testClaim7Value");
// user has role requirements
builder.User.AddUserRole("role6");
// user does not have claims requirements
builder.User.AddUserClaim("testClaim8", "testClaim8Value");
var server = builder.Build();
var fieldBuilder = server.CreateFieldContextBuilder <Controller_NoPolicies>(
nameof(Controller_NoPolicies.MultiPolicyMethod_RequireRole6_RequireClaim7));
var authContext = fieldBuilder.CreateAuthorizationContext();
await server.ExecuteFieldAuthorization(authContext);
AssertAuthorizationFails(authContext.Result);
}
public async Task ProductionDefaults_LowerCaseEnumValues()
{
var builder = new TestServerBuilder()
.AddGraphType <FanController>();
builder.AddGraphQL(o =>
{
o.DeclarationOptions.GraphNamingFormatter = new GraphNameFormatter(enumValueStrategy: GraphNameFormatStrategy.LowerCase);
});
var server = builder.Build();
var queryBuilder = server.CreateQueryContextBuilder();
queryBuilder.AddQueryText("{ retrieveFan(name: \"bob\"){ id, name, fanSpeed} }");
var result = await server.RenderResult(queryBuilder).ConfigureAwait(false);
var expectedResult = @"
{
""data"" : {
""retrieveFan"": {
""id"" : 1,
""name"" : ""bob"",
""fanSpeed"" : ""medium""
}
}
}";
CommonAssertions.AreEqualJsonStrings(expectedResult, result);
}
public async Task ProductionDefaults_UpperCaseFieldNames()
{
var builder = new TestServerBuilder()
.AddGraphType <FanController>();
builder.AddGraphQL(o =>
{
o.DeclarationOptions.GraphNamingFormatter = new GraphNameFormatter(fieldNameStrategy: GraphNameFormatStrategy.UpperCase);
});
var server = builder.Build();
var queryBuilder = server.CreateQueryContextBuilder();
queryBuilder.AddQueryText("{ RETRIEVEFAN(NAME: \"bob\"){ ID, NAME, FANSPEED} }");
var result = await server.RenderResult(queryBuilder).ConfigureAwait(false);
var expectedResult = @"
{
""data"" : {
""RETRIEVEFAN"": {
""ID"" : 1,
""NAME"" : ""bob"",
""FANSPEED"" : ""MEDIUM""
}
}
}";
CommonAssertions.AreEqualJsonStrings(expectedResult, result);
}
public void NoFoundMiddlewareComponent_ThrowsException()
{
var serverBuilder = new TestServerBuilder <GraphSchema>(TestOptions.UseCodeDeclaredNames)
.AddGraphType <MiddlewareController>();
// do not setup an event handler on the pipeline builder, meaning no injection of the middleware component
// to the service provider (test server builder). The invoker will not be able to instantiate
// the requested middleware component for invocation and should throw an exception
var pipelineBuilder = new SchemaPipelineBuilder <GraphSchema, IGraphFieldExecutionMiddleware, GraphFieldExecutionContext>();
// a pipeline with one component
pipelineBuilder.AddMiddleware <TestMiddleware1>(ServiceLifetime.Singleton);
var pipeline = pipelineBuilder.Build();
Assert.IsNotNull(pipeline);
// fake a graph ql request context
var server = serverBuilder.Build();
var fieldBuilder = server.CreateFieldContextBuilder <MiddlewareController>(nameof(MiddlewareController.FieldOfData));
var executionContext = fieldBuilder.CreateExecutionContext();
// execute the pipeline, exception should be thrown
Assert.ThrowsAsync <GraphPipelineMiddlewareInvocationException>(
async() =>
{
await pipeline.InvokeAsync(executionContext, CancellationToken.None);
});
}
public void IntrospectedScalar_PropertyCheck()
{
var serverBuilder = new TestServerBuilder();
serverBuilder.AddGraphType <string>();
var server = serverBuilder.Build();
var schema = new IntrospectedSchema(server.Schema);
var scalar = GraphQLProviders.ScalarProvider.RetrieveScalar(typeof(string));
var spected = new IntrospectedType(scalar);
spected.Initialize(schema);
Assert.AreEqual(scalar.Name, spected.Name);
Assert.AreEqual(scalar.Description, spected.Description);
Assert.AreEqual(scalar.Kind, spected.Kind);
Assert.IsNull(spected.Fields);
Assert.IsNull(spected.Interfaces);
Assert.IsNull(spected.PossibleTypes);
Assert.IsNull(spected.EnumValues);
Assert.IsNull(spected.InputFields);
Assert.IsNull(spected.OfType);
}
public async Task MultiSecurityGroup_PassesOuter_PassesInner_Success()
{
var builder = new TestServerBuilder()
.AddGraphType <Controller_NoPolicies>();
// controller policy
builder.Authorization.AddClaimPolicy("RequiresPolicy5", "testClaim5", "testClaim5Value");
// method policy
builder.Authorization.AddRolePolicy("RequiresRole1", "role1");
// user meets controller policy
builder.User.AddUserClaim("testClaim5", "testClaim5Value");
// user meet method policy
builder.User.AddUserRole("role1");
var server = builder.Build();
var fieldBuilder = server.CreateFieldContextBuilder <Controller_Policy_RequiresPolicy5>(
nameof(Controller_Policy_RequiresPolicy5.Policy_RequiresRole1));
var authContext = fieldBuilder.CreateAuthorizationContext();
await server.ExecuteFieldAuthorization(authContext);
AssertAuthorizationSuccess(authContext.Result);
}
public async Task UnauthorizedSubscriptionRequestDenysCreation()
{
var builder = new TestServerBuilder()
.AddSubscriptionServer()
.AddGraphType <SecureSubscriptionWidgetController>();
// define the policy (declared on the controller)
// to require "role1" but assign the user "role4"
builder.Authorization.AddRolePolicy("SecureWidgetPolicy", "role1");
builder.User.AddUserRole("role4");
var server = builder.Build();
var queryBuilder = server.CreateQueryContextBuilder();
queryBuilder.AddQueryText(
@"subscription {
secureWidgetChanged(nameLike: ""j""){
id
name
description
}
}");
var result = await server.ExecuteQuery(queryBuilder);
Assert.IsNotNull(result);
Assert.IsNull(result.Data);
Assert.AreEqual(1, result.Messages.Count);
Assert.AreEqual(Constants.ErrorCodes.ACCESS_DENIED, result.Messages[0].Code);
}
public async Task SingletonMiddlewareWithUserProvidedInstance_NeverAttemptsToCreateAnInstance()
{
var serverBuilder = new TestServerBuilder <GraphSchema>(TestOptions.UseCodeDeclaredNames)
.AddGraphType <MiddlewareController>();
var idsCalled = new List <string>();
var middlewareService = new Mock <IMiddlewareTestService>();
middlewareService.Setup(x => x.BeforeNext(It.IsAny <string>())).Callback(
(string idValue) => { idsCalled.Add(idValue); }).Verifiable();
serverBuilder.AddSingleton(middlewareService.Object);
// mock the calls that would be made through the primary builder to generate a fake pipeline
var pipelineBuilder = new SchemaPipelineBuilder <GraphSchema, IGraphFieldExecutionMiddleware, GraphFieldExecutionContext>();
pipelineBuilder.TypeReferenceAdded += this.CreateTypeAddHandler(serverBuilder);
// premake the singleton middleware component
var component = new TestMiddlewareSingleton(middlewareService.Object);
// inject the component into the pipeline as an item, not just a type reference
pipelineBuilder.AddMiddleware(component);
// make sure a delegate was created
var pipeline = pipelineBuilder.Build();
Assert.IsNotNull(pipeline);
var server = serverBuilder.Build();
var builder = server.CreateFieldContextBuilder <MiddlewareController>(nameof(MiddlewareController.FieldOfData));
// make an empty service collection (preventing creation if the middleware isnt found)
var sc = new ServiceCollection();
builder.ServiceProvider = sc.BuildServiceProvider();
// execute the pipeline multiple times
await pipeline.InvokeAsync(builder.CreateExecutionContext(), CancellationToken.None);
await pipeline.InvokeAsync(builder.CreateExecutionContext(), CancellationToken.None);
await pipeline.InvokeAsync(builder.CreateExecutionContext(), CancellationToken.None);
await pipeline.InvokeAsync(builder.CreateExecutionContext(), CancellationToken.None);
await pipeline.InvokeAsync(builder.CreateExecutionContext(), CancellationToken.None);
// ensure all methods that were expected to be called, were called
middlewareService.Verify(x => x.BeforeNext(It.IsAny <string>()), Times.Exactly(5));
// ensure that each time the middleware was called and an id saved off
// that hte Id never changed (it was never "newed up" more than once and the original object id was used each time)
Assert.AreEqual(5, idsCalled.Count);
foreach (var id in idsCalled)
{
Assert.AreEqual(component.Id, id);
}
}
public WebApplicationFactory <Gherkin.Core.OrderCheckingAPI.Startup> Build()
{
var result = _testServerBuilder.Build();
_testServerBuilder = null;
return(result);
}
private (IGraphQLHttpProcessor <GraphSchema> Processor, HttpContext Context) CreateQueryArtifacts(GraphQueryData data = null)
{
var builder = new TestServerBuilder(TestOptions.UseCodeDeclaredNames);
builder.AddGraphType <CandyController>();
var server = builder.Build();
return(server.CreateHttpQueryProcessor(), server.CreateHttpContext(data));
}
public async Task ExceptionOnMessage_RendersAsExpected()
{
var fixedDate = DateTimeOffset.UtcNow.UtcDateTime;
var builder = new TestServerBuilder()
.AddGraphType <SimpleExecutionController>();
builder.AddGraphQL(o =>
{
o.ResponseOptions.TimeStampLocalizer = (_) => fixedDate;
});
var server = builder.Build();
var queryBuilder = server.CreateQueryContextBuilder();
queryBuilder.AddQueryText("query Operation1{ simple { throwsException } }");
var response = await server.ExecuteQuery(queryBuilder);
var writer = new DefaultResponseWriter <GraphSchema>(server.Schema);
var result = await this.WriteResponse(writer, response);
var exceptionStackTrace = JsonEncodedText.Encode(response.Messages[0].Exception.StackTrace, JavaScriptEncoder.UnsafeRelaxedJsonEscaping).ToString();
var expectedData = @"
{
""errors"": [
{
""message"": ""Operation failed."",
""locations"": [
{
""line"": 1,
""column"": 31
}
],
""path"": [
""simple"",
""throwsException""
],
""extensions"": {
""code"": ""UNHANDLED_EXCEPTION"",
""timestamp"": """ + fixedDate.ToRfc3339String() + @""",
""severity"": ""CRITICAL"",
""exception"": {
""type"": ""InvalidOperationException"",
""message"": ""This is an invalid message"",
""stacktrace"": """ + exceptionStackTrace + @""",
}
}
}
]
}";
CommonAssertions.AreEqualJsonStrings(
expectedData,
result);
}
public async Task BatchExtension_SingleQueryForSingleSybling_ExecutesOnce_AndReturnsData()
{
var counter = new Dictionary <string, int>();
var batchService = new Mock <IBatchCounterService>();
batchService.Setup(x => x.CallCount).Returns(counter);
var serverBuilder = new TestServerBuilder()
.AddGraphType <BatchController>();
serverBuilder.AddSingleton(batchService.Object);
var server = serverBuilder.Build();
var builder = server.CreateQueryContextBuilder();
builder.AddQueryText("query { batch { fetchData { property1, property2, sybling { syblingId, name }}}}");
var response = await server.RenderResult(builder);
var expected = @"
{
""data"": {
""batch"" : {
""fetchData"": [
{
""property1"": ""object0"",
""property2"": 0,
""sybling"": {
""syblingId"": ""object0"",
""name"": ""object0_sybling""
}
},
{
""property1"": ""object1"",
""property2"": 1,
""sybling"": {
""syblingId"": ""object1"",
""name"": ""object1_sybling""
}
},
{
""property1"": ""object2"",
""property2"": 2,
""sybling"": {
""syblingId"": ""object2"",
""name"": ""object2_sybling""
}
}]
}
}
}";
CommonAssertions.AreEqualJsonStrings(expected, response);
Assert.AreEqual(1, counter[nameof(BatchController.PrimaryDataFetch)]);
Assert.IsFalse(counter.ContainsKey(nameof(BatchController.FetchChildren)));
Assert.AreEqual(1, counter[nameof(BatchController.FetchSibling)]);
}
public async Task StandardExcution_EnsureResultsMakeSense()
{
var serverBuilder = new TestServerBuilder(TestOptions.IncludeMetrics);
serverBuilder.AddGraphType <SimpleExecutionController>();
var server = serverBuilder.Build();
var builder = server.CreateQueryContextBuilder()
.AddQueryText("query Operation1{ simple { simpleQueryMethod { property1 } } }")
.AddOperationName("Operation1");
builder.AddMetrics(new ApolloTracingMetricsV1(server.Schema));
var context = builder.Build();
await server.ExecuteQuery(context);
var metrics = context.Metrics as ApolloTracingMetricsV1;
Assert.AreEqual(0, context.Messages.Count);
// parse, validation, execution
Assert.AreEqual(3, metrics.PhaseEntries.Count);
// simple, SimpleQueryMethod, Property1
Assert.AreEqual(3, metrics.ResolverEntries.Count);
// ensure phase ordering follows natural progression
var parsePhase = metrics.PhaseEntries[ApolloExecutionPhase.PARSING];
var validationPhase = metrics.PhaseEntries[ApolloExecutionPhase.VALIDATION];
var executionPhase = metrics.PhaseEntries[ApolloExecutionPhase.EXECUTION];
Assert.IsTrue(parsePhase.StartOffsetTicks < parsePhase.EndOffsetTicks);
Assert.IsTrue(parsePhase.EndOffsetTicks < validationPhase.StartOffsetTicks);
Assert.IsTrue(validationPhase.StartOffsetTicks < validationPhase.EndOffsetTicks);
Assert.IsTrue(validationPhase.EndOffsetTicks < executionPhase.StartOffsetTicks);
Assert.IsTrue(executionPhase.StartOffsetTicks < executionPhase.EndOffsetTicks);
Assert.IsTrue(executionPhase.EndOffsetTicks < metrics.TotalTicks);
// ensure resolver tree follows natural progresion
var simple = metrics.ResolverEntries.First(x => x.Key.Field.Name == "simple").Value;
var queryMethod = metrics.ResolverEntries.First(x => x.Key.Field.Name == "simpleQueryMethod").Value;
var property1 = metrics.ResolverEntries.First(x => x.Key.Field.Name == "property1").Value;
Assert.IsTrue(executionPhase.StartOffsetTicks < simple.StartOffsetTicks);
Assert.IsTrue(simple.StartOffsetTicks < simple.EndOffsetTicks);
Assert.IsTrue(simple.EndOffsetTicks < queryMethod.StartOffsetTicks);
Assert.IsTrue(queryMethod.StartOffsetTicks < queryMethod.EndOffsetTicks);
Assert.IsTrue(queryMethod.EndOffsetTicks < property1.StartOffsetTicks);
Assert.IsTrue(property1.StartOffsetTicks < property1.EndOffsetTicks);
Assert.IsTrue(property1.EndOffsetTicks < executionPhase.EndOffsetTicks);
}
public async Task SingletonMiddlewareComponent_IsNeverInstantiatedMoreThanOnce()
{
var serverBuilder = new TestServerBuilder <GraphSchema>(TestOptions.UseCodeDeclaredNames)
.AddGraphType <MiddlewareController>();
var idsCalled = new List <string>();
var middlewareService = new Mock <IMiddlewareTestService>();
middlewareService.Setup(x => x.BeforeNext(It.IsAny <string>())).Callback(
(string idValue) => { idsCalled.Add(idValue); }).Verifiable();
serverBuilder.AddSingleton(middlewareService.Object);
// mock the calls that would be made through the primary builder to generate a fake pipeline
var pipelineBuilder = new SchemaPipelineBuilder <GraphSchema, IGraphFieldExecutionMiddleware, GraphFieldExecutionContext>();
pipelineBuilder.TypeReferenceAdded += this.CreateTypeAddHandler(serverBuilder);
pipelineBuilder.AddMiddleware <TestMiddlewareSingleton>(ServiceLifetime.Singleton);
// make sure a delegate was created
var pipeline = pipelineBuilder.Build();
Assert.IsNotNull(pipeline);
Assert.AreEqual(2, serverBuilder.Count); // 1 middleware component + the service
// fake a graph ql request context
var server = serverBuilder.Build();
var builder = server.CreateFieldContextBuilder <MiddlewareController>(nameof(MiddlewareController.FieldOfData));
// execute the pipeline multiple times
await pipeline.InvokeAsync(builder.CreateExecutionContext(), CancellationToken.None);
await pipeline.InvokeAsync(builder.CreateExecutionContext(), CancellationToken.None);
await pipeline.InvokeAsync(builder.CreateExecutionContext(), CancellationToken.None);
await pipeline.InvokeAsync(builder.CreateExecutionContext(), CancellationToken.None);
await pipeline.InvokeAsync(builder.CreateExecutionContext(), CancellationToken.None);
// ensure all methods that were expected to be called, were called
middlewareService.Verify(x => x.BeforeNext(It.IsAny <string>()), Times.Exactly(5));
// ensure that each time the middleware was called and an id saved off
// that hte Id never changed (it was never "newed up" more than once)
Assert.AreEqual(5, idsCalled.Count);
var singleton = server.ServiceProvider.GetService <TestMiddlewareSingleton>();
foreach (var id in idsCalled)
{
Assert.AreEqual(singleton.Id, id);
}
}
private ISchema CreateSchema()
{
var builder = new TestServerBuilder();
var defaultScalars = new DefaultScalarTypeProvider();
foreach (var scalarConcreteType in defaultScalars.ConcreteTypes)
{
builder.AddGraphType(scalarConcreteType);
}
builder.AddGraphType(typeof(TestEnum));
return(builder.Build().Schema);
}
private TestServer <GraphSchema> CreateTestServer(out TestLogger logInstance)
{
// fake a logger with a single instance that will accept
// log entries from the run time so they can be validated in the test.
logInstance = new TestLogger();
var builder = new TestServerBuilder();
builder.AddGraphType <LogTestController>();
builder.AddGraphQLLocalQueryCache();
builder.Logging.AddLoggerProvider(new TestLoggingProvider(logInstance));
builder.Logging.SetMinimumLogLevel(LogLevel.Trace);
return(builder.Build());
}
public void Parse_EnumWithCustomGraphTypeName_YieldsName_InGraphType()
{
var template = TemplateHelper.CreateEnumTemplate <EnumWithGraphName>();
var builder = new TestServerBuilder()
.AddGraphQL(o =>
{
o.AddGraphType <EnumWithGraphName>();
});
var server = builder.Build();
var graphType = server.CreateGraphType(template.ObjectType, TypeKind.ENUM).GraphType as IEnumGraphType;
Assert.AreEqual("ValidGraphName", graphType.Name);
}
private TestServer <GraphSchema> MakeServer(int?allowedMaxDepth = null, float?allowedMaxComplexity = null)
{
var builder = new TestServerBuilder()
.AddGraphType <ComplexityTestObject>()
.AddGraphType <NestedComplexityTestObject>()
.AddGraphType <TripleNestedComplexityObject>()
.AddGraphType <ComplexityTestController>();
builder.AddGraphQL(o =>
{
o.ExecutionOptions.MaxQueryDepth = allowedMaxDepth;
o.ExecutionOptions.MaxQueryComplexity = allowedMaxComplexity;
});
return(builder.Build());
}
public void IntrospectedVirtualType_HasATypeNameMetaField()
{
var serverBuilder = new TestServerBuilder(TestOptions.UseCodeDeclaredNames)
.AddGraphType <SodaCanBuildingController>();
var server = serverBuilder.Build();
var schema = new IntrospectedSchema(server.Schema);
schema.Rebuild();
var graphType = schema.FindGraphType("Query_buildings") as IObjectGraphType;
var typeNameField = graphType.Fields.FirstOrDefault(x => x.Name == Constants.ReservedNames.TYPENAME_FIELD);
Assert.IsNotNull(typeNameField);
}
public async Task MetaDataOnMessage_RendersAsExpected()
{
var fixedDate = DateTimeOffset.UtcNow.UtcDateTime;
var builder = new TestServerBuilder()
.AddGraphType <SimpleExecutionController>();
builder.AddGraphQL(o =>
{
o.ResponseOptions.TimeStampLocalizer = (_) => fixedDate;
});
var server = builder.Build();
var queryBuilder = server.CreateQueryContextBuilder();
queryBuilder.AddQueryText("query Operation1{ simple { customMessage } }");
var response = await server.ExecuteQuery(queryBuilder);
var writer = new DefaultResponseWriter <GraphSchema>(server.Schema);
var result = await this.WriteResponse(writer, response);
var expectedData = @"
{
""errors"": [
{
""message"": ""fail text"",
""extensions"": {
""code"": ""fail code"",
""timestamp"": """ + fixedDate.ToRfc3339String() + @""",
""severity"": ""CRITICAL"",
""metaData"" : {
""customKey1"": ""customValue1""
}
}
}
]
}";
// no errors collection generated because no errors occured.
CommonAssertions.AreEqualJsonStrings(
expectedData,
result);
}
public async Task DefaultWriteOperation_InvalidSyntax_RendersJsonWithError()
{
var fixedDate = DateTimeOffset.UtcNow.UtcDateTime;
var serverBuilder = new TestServerBuilder()
.AddGraphType <SimpleExecutionController>();
serverBuilder.AddGraphQL(o =>
{
o.ResponseOptions.TimeStampLocalizer = (_) => fixedDate;
});
var server = serverBuilder.Build();
var queryBuilder = server.CreateQueryContextBuilder();
queryBuilder.AddQueryText("query Operation1{ simple \n {{ simpleQueryMethod { property1} } }");
var response = await server.ExecuteQuery(queryBuilder);
var writer = new DefaultResponseWriter <GraphSchema>(server.Schema);
var result = await this.WriteResponse(writer, response);
var expectedData = @"
{
""errors"": [
{
""message"": ""Invalid query. Expected 'NameToken' but received 'ControlToken'"",
""locations"": [
{
""line"": 2,
""column"": 3
}],
""extensions"": {
""code"": ""SYNTAX_ERROR"",
""timestamp"": """ + fixedDate.ToRfc3339String() + @""",
""severity"": ""CRITICAL""
}
}]
}";
// no errors collection generated because no errors occured.
CommonAssertions.AreEqualJsonStrings(
expectedData,
result);
}
public async Task WithAuthorizedUser_AllFieldsResolve()
{
var serverBuilder = new TestServerBuilder()
.AddGraphController <SecuredController>()
.AddGraphQL(options =>
{
options.AuthorizationOptions.Method = AuthorizationMethod.PerRequest;
});
serverBuilder.User.Authenticate();
// should produce no errors and render both fields
var server = serverBuilder.Build();
var builder = server.CreateQueryContextBuilder();
builder.AddQueryText(@"
query {
unsecured {
property1
property2
}
secured {
property1
property2
}
}");
var result = await server.RenderResult(builder);
var expectedResults = @"
{
""data"": {
""unsecured"": {
""property1"": ""unsecure object"",
""property2"": 1
},
""secured"": {
""property1"": ""secured object"",
""property2"": 5
}
}
}";
CommonAssertions.AreEqualJsonStrings(expectedResults, result);
}
public async Task AllowAnon_WhenUserDoesntPassChecks_Success()
{
var builder = new TestServerBuilder()
.AddGraphType <Controller_NoPolicies>();
builder.Authorization.AddClaimPolicy("RequiresTestClaim7", "testClaim7", "testClaim7Value");
builder.User.AddUserClaim("testClaim6", "testClaim6Value");
var server = builder.Build();
var fieldBuilder = server.CreateFieldContextBuilder <Controller_NoPolicies>(
nameof(Controller_NoPolicies.RequireClaimPolicy_RequiresTestClaim7_ButAlsoAllowAnon));
var authContext = fieldBuilder.CreateAuthorizationContext();
await server.ExecuteFieldAuthorization(authContext);
AssertAuthorizationSuccess(authContext.Result);
}
public async Task ClaimsPolicy_UserDoesHaveClaim_ButWrongValue_Fail()
{
var builder = new TestServerBuilder()
.AddGraphType <Controller_NoPolicies>();
builder.Authorization.AddClaimPolicy("RequiresTestClaim6", "testClaim6", "testClaim6Value");
builder.User.AddUserClaim("testClaim6", "differentValueThanRequired");
var server = builder.Build();
var fieldBuilder = server.CreateFieldContextBuilder <Controller_NoPolicies>(
nameof(Controller_NoPolicies.RequireClaimPolicy_RequiresTestClaim6));
var authContext = fieldBuilder.CreateAuthorizationContext();
await server.ExecuteFieldAuthorization(authContext);
AssertAuthorizationFails(authContext.Result);
}
public async Task RolePolicy_UserInRole_Success()
{
var builder = new TestServerBuilder()
.AddGraphType <Controller_NoPolicies>();
builder.Authorization.AddRolePolicy("RequiresRole1", "role1");
builder.User.AddUserRole("role1");
var server = builder.Build();
var fieldBuilder = server.CreateFieldContextBuilder <Controller_NoPolicies>(
nameof(Controller_NoPolicies.RequireRolePolicy_RequiresRole1));
var authContext = fieldBuilder.CreateAuthorizationContext();
await server.ExecuteFieldAuthorization(authContext);
AssertAuthorizationSuccess(authContext.Result);
}
public async Task DirectRoleCheck_UserHasRole_Succeeds()
{
var builder = new TestServerBuilder()
.AddGraphType <Controller_NoPolicies>();
builder.User.AddUserRole("role5");
var server = builder.Build();
// policy name isnt declared on the controller method
var fieldBuilder = server.CreateFieldContextBuilder <Controller_NoPolicies>(
nameof(Controller_NoPolicies.MethodHasRoles_Role5));
var authContext = fieldBuilder.CreateAuthorizationContext();
await server.ExecuteFieldAuthorization(authContext);
AssertAuthorizationSuccess(authContext.Result);
}
private GraphTypeCreationResult MakeGraphType(Type type, TypeKind kind, TemplateDeclarationRequirements?requirements = null)
{
var builder = new TestServerBuilder(TestOptions.UseCodeDeclaredNames);
if (requirements.HasValue)
{
builder.AddGraphQL(o =>
{
o.DeclarationOptions.FieldDeclarationRequirements = requirements.Value;
});
}
var typeMaker = new DefaultGraphTypeMakerProvider();
var testServer = builder.Build();
var maker = typeMaker.CreateTypeMaker(testServer.Schema, kind);
return(maker.CreateGraphType(type));
}