|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
/* |
|
4
|
|
|
* This file is part of the OverblogGraphQLBundle package. |
|
5
|
|
|
* |
|
6
|
|
|
* (c) Overblog <http://github.com/overblog/> |
|
7
|
|
|
* |
|
8
|
|
|
* For the full copyright and license information, please view the LICENSE |
|
9
|
|
|
* file that was distributed with this source code. |
|
10
|
|
|
*/ |
|
11
|
|
|
|
|
12
|
|
|
namespace Overblog\GraphQLBundle\Tests\Functional\Security; |
|
13
|
|
|
|
|
14
|
|
|
use Overblog\GraphQLBundle\Tests\Functional\TestCase; |
|
15
|
|
|
|
|
16
|
|
|
class AccessTest extends TestCase |
|
17
|
|
|
{ |
|
18
|
|
|
const USER_RYAN = 'ryan'; |
|
19
|
|
|
const USER_ADMIN = 'admin'; |
|
20
|
|
|
const ANONYMOUS_USER = null; |
|
21
|
|
|
|
|
22
|
|
|
private $userNameQuery = 'query MyQuery { user { name } }'; |
|
23
|
|
|
|
|
24
|
|
|
private $userRolesQuery = 'query MyQuery { user { roles } }'; |
|
25
|
|
|
|
|
26
|
|
|
private $userIsEnabledQuery = 'query MyQuery { user { isEnabled } }'; |
|
27
|
|
|
|
|
28
|
|
|
private $userFriendsQuery = <<<EOF |
|
29
|
|
|
query MyQuery { |
|
30
|
|
|
user { |
|
31
|
|
|
friends(first: 2) { |
|
32
|
|
|
edges { |
|
33
|
|
|
node { |
|
34
|
|
|
name |
|
35
|
|
|
} |
|
36
|
|
|
} |
|
37
|
|
|
} |
|
38
|
|
|
} |
|
39
|
|
|
} |
|
40
|
|
|
EOF; |
|
41
|
|
|
|
|
42
|
|
View Code Duplication |
public function testNotAuthenticatedUserAccessToUserName() |
|
|
|
|
|
|
43
|
|
|
{ |
|
44
|
|
|
$expected = [ |
|
45
|
|
|
'data' => [ |
|
46
|
|
|
'user' => [ |
|
47
|
|
|
'name' => null, |
|
48
|
|
|
], |
|
49
|
|
|
], |
|
50
|
|
|
'errors' => [ |
|
51
|
|
|
[ |
|
52
|
|
|
'message' => 'Access denied to this field.', |
|
53
|
|
|
'locations' => [['line' => 1, 'column' => 24]], |
|
54
|
|
|
], |
|
55
|
|
|
], |
|
56
|
|
|
]; |
|
57
|
|
|
|
|
58
|
|
|
$this->assertResponse($this->userNameQuery, $expected, static::ANONYMOUS_USER); |
|
59
|
|
|
} |
|
60
|
|
|
|
|
61
|
|
|
public function testFullyAuthenticatedUserAccessToUserName() |
|
62
|
|
|
{ |
|
63
|
|
|
$expected = [ |
|
64
|
|
|
'data' => [ |
|
65
|
|
|
'user' => [ |
|
66
|
|
|
'name' => 'Dan', |
|
67
|
|
|
], |
|
68
|
|
|
], |
|
69
|
|
|
]; |
|
70
|
|
|
|
|
71
|
|
|
$this->assertResponse($this->userNameQuery, $expected, static::USER_RYAN); |
|
72
|
|
|
} |
|
73
|
|
|
|
|
74
|
|
|
public function testNotAuthenticatedUserAccessToUserRoles() |
|
75
|
|
|
{ |
|
76
|
|
|
$this->assertResponse($this->userRolesQuery, $this->expectedFailedUserRoles(), static::ANONYMOUS_USER); |
|
77
|
|
|
} |
|
78
|
|
|
|
|
79
|
|
|
public function testAuthenticatedUserAccessToUserRolesWithoutEnoughRights() |
|
80
|
|
|
{ |
|
81
|
|
|
$this->assertResponse($this->userRolesQuery, $this->expectedFailedUserRoles(), static::USER_RYAN); |
|
82
|
|
|
} |
|
83
|
|
|
|
|
84
|
|
|
public function testUserWithCorrectRightsAccessToUserRoles() |
|
85
|
|
|
{ |
|
86
|
|
|
$expected = [ |
|
87
|
|
|
'data' => [ |
|
88
|
|
|
'user' => [ |
|
89
|
|
|
'roles' => ['ROLE_USER'], |
|
90
|
|
|
], |
|
91
|
|
|
], |
|
92
|
|
|
]; |
|
93
|
|
|
|
|
94
|
|
|
$this->assertResponse($this->userRolesQuery, $expected, static::USER_ADMIN); |
|
95
|
|
|
} |
|
96
|
|
|
|
|
97
|
|
|
public function testUserAccessToUserFriends() |
|
98
|
|
|
{ |
|
99
|
|
|
$expected = [ |
|
100
|
|
|
'data' => [ |
|
101
|
|
|
'user' => [ |
|
102
|
|
|
'friends' => [ |
|
103
|
|
|
'edges' => [ |
|
104
|
|
|
['node' => ['name' => 'Nick']], |
|
105
|
|
|
['node' => null], |
|
106
|
|
|
], |
|
107
|
|
|
], |
|
108
|
|
|
], |
|
109
|
|
|
], |
|
110
|
|
|
]; |
|
111
|
|
|
|
|
112
|
|
|
$this->assertResponse($this->userFriendsQuery, $expected, static::USER_ADMIN); |
|
113
|
|
|
} |
|
114
|
|
|
|
|
115
|
|
View Code Duplication |
public function testUserAccessToUserIsEnabledWithExpressionLanguageEvaluationFailed() |
|
|
|
|
|
|
116
|
|
|
{ |
|
117
|
|
|
$expected = [ |
|
118
|
|
|
'data' => [ |
|
119
|
|
|
'user' => [ |
|
120
|
|
|
'isEnabled' => null, |
|
121
|
|
|
], |
|
122
|
|
|
], |
|
123
|
|
|
'errors' => [ |
|
124
|
|
|
[ |
|
125
|
|
|
'message' => 'Access denied to this field.', |
|
126
|
|
|
'locations' => [['line' => 1, 'column' => 24]], |
|
127
|
|
|
], |
|
128
|
|
|
], |
|
129
|
|
|
]; |
|
130
|
|
|
|
|
131
|
|
|
$this->assertResponse($this->userIsEnabledQuery, $expected, static::USER_ADMIN); |
|
132
|
|
|
} |
|
133
|
|
|
|
|
134
|
|
|
private function expectedFailedUserRoles() |
|
135
|
|
|
{ |
|
136
|
|
|
return [ |
|
137
|
|
|
'data' => [ |
|
138
|
|
|
'user' => [ |
|
139
|
|
|
'roles' => [], |
|
140
|
|
|
], |
|
141
|
|
|
], |
|
142
|
|
|
]; |
|
143
|
|
|
} |
|
144
|
|
|
|
|
145
|
|
View Code Duplication |
private static function assertResponse($query, array $expected, $username) |
|
|
|
|
|
|
146
|
|
|
{ |
|
147
|
|
|
$client = self::createClientAuthenticated($username); |
|
148
|
|
|
$client->request('GET', '/', ['query' => $query]); |
|
149
|
|
|
|
|
150
|
|
|
$result = $client->getResponse()->getContent(); |
|
151
|
|
|
|
|
152
|
|
|
static::assertEquals($expected, json_decode($result, true), $result); |
|
153
|
|
|
|
|
154
|
|
|
return $client; |
|
155
|
|
|
} |
|
156
|
|
|
|
|
157
|
|
|
private static function createClientAuthenticated($username) |
|
158
|
|
|
{ |
|
159
|
|
|
$client = static::createClient(['test_case' => 'access']); |
|
160
|
|
|
|
|
161
|
|
|
if ($username) { |
|
162
|
|
|
$client->setServerParameters([ |
|
163
|
|
|
'PHP_AUTH_USER' => $username, |
|
164
|
|
|
'PHP_AUTH_PW' => '123', |
|
165
|
|
|
]); |
|
166
|
|
|
} |
|
167
|
|
|
|
|
168
|
|
|
return $client; |
|
169
|
|
|
} |
|
170
|
|
|
} |
|
171
|
|
|
|
overblog /
GraphQLBundle
Loading history...
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.