AccessTest::testUserAccessToUserIsEnabledWithExpressionLanguageEvaluationFailed() - Code Metrics - Inspection of "Removed silent try catching on access resolver" - overblog/GraphQLBundle - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#53)

by Jérémiah

created 2016-06-13 15:14 UTC

testUserAccessToUserIsEnabledWithExpressionLanguageEvaluationFailed() A

↳ Parent: AccessTest

Complexity

Conditions	1
Paths	1

Size

Total Lines	20
Code Lines	10

Duplication

Lines	20
Ratio	100 %

Importance

Changes	2
Bugs	0	Features	0

Metric	Value
c	2
b	0
f	0
dl	20
loc	20
rs	9.4285
cc	1
eloc	10
nc	1
nop	0

<?php

/*
 * This file is part of the OverblogGraphQLBundle package.
 *
 * (c) Overblog <http://github.com/overblog/>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

namespace Overblog\GraphQLBundle\Tests\Functional\Security;

use Overblog\GraphQLBundle\Tests\Functional\app\Mutation\SimpleMutationWithThunkFieldsMutation;
use Overblog\GraphQLBundle\Tests\Functional\TestCase;

class AccessTest extends TestCase
{
    const USER_RYAN = 'ryan';
    const USER_ADMIN = 'admin';
    const ANONYMOUS_USER = null;

    private $userNameQuery = 'query MyQuery { user { name } }';

    private $userRolesQuery = 'query MyQuery { user { roles } }';

    private $userIsEnabledQuery = 'query MyQuery { user { isEnabled } }';


    private $userFriendsQuery = <<<EOF
query MyQuery {
  user {
    friends(first: 2) {
      edges {
        node {
          name
        }
      }
    }
  }
}
EOF;

    private $simpleMutationWithThunkQuery = <<<EOF
mutation M {
  simpleMutationWithThunkFields(input: {inputData: %d, clientMutationId: "bac"}) {
    result
    clientMutationId
  }
}
EOF;

    public function testNotAuthenticatedUserAccessToUserName()

    {
        $expected = [
            'data' => [
                'user' => [
                    'name' => null,
                ],
            ],
            'extensions' => [
                'warnings' => [
                    [
                        'message' => 'Access denied to this field.',
                        'locations' => [['line' => 1, 'column' => 24]],
                    ],
                ],
            ],
        ];

        $this->assertResponse($this->userNameQuery, $expected, static::ANONYMOUS_USER);
    }

    public function testFullyAuthenticatedUserAccessToUserName()
    {
        $expected = [
            'data' => [
                'user' => [
                    'name' => 'Dan',
                ],
            ],
        ];

        $this->assertResponse($this->userNameQuery, $expected, static::USER_RYAN);
    }

    public function testNotAuthenticatedUserAccessToUserRoles()
    {
        $this->assertResponse($this->userRolesQuery, $this->expectedFailedUserRoles(), static::ANONYMOUS_USER);
    }

    public function testAuthenticatedUserAccessToUserRolesWithoutEnoughRights()
    {
        $this->assertResponse($this->userRolesQuery, $this->expectedFailedUserRoles(), static::USER_RYAN);
    }

    public function testUserWithCorrectRightsAccessToUserRoles()
    {
        $expected = [
            'data' => [
                'user' => [
                    'roles' => ['ROLE_USER'],
                ],
            ],
        ];

        $this->assertResponse($this->userRolesQuery, $expected, static::USER_ADMIN);
    }

    public function testUserForbiddenField()

    {
        $expected = [
            'data' => [
                'user' => null,
            ],
            'extensions' => [
                'warnings' => [
                    [
                        'message' => 'Access denied to this field.',
                        'locations' => [
                            [
                                'line' => 3,
                                'column' => 5,
                            ],
                        ],
                    ],
                ],
            ],
        ];

        $query = <<<EOF
query MyQuery {
  user {
    forbidden
  }
}
EOF;

        $this->assertResponse($query, $expected, static::USER_ADMIN);
    }

    public function testUserAccessToUserFriends()
    {
        $expected = [
            'data' => [
                'user' => [
                    'friends' => [
                        'edges' => [
                            ['node' => ['name' => 'Nick']],
                            ['node' => null],
                        ],
                    ],
                ],
            ],
        ];

        $this->assertResponse($this->userFriendsQuery, $expected, static::USER_ADMIN);
    }

    public function testMutationAllowedUser()
    {
        $result = 123;

        $expected = [
            'data' => [
                'simpleMutationWithThunkFields' => [
                    'result' => $result,
                    'clientMutationId' => 'bac',
                ],
            ],
        ];

        $this->assertResponse(sprintf($this->simpleMutationWithThunkQuery, $result), $expected, static::USER_ADMIN);
        $this->assertTrue(SimpleMutationWithThunkFieldsMutation::hasMutate(true));
    }

    public function testMutationAllowedButNoRightsToDisplayPayload()
    {
        $expected = [
            'data' => [
                'simpleMutationWithThunkFields' => [
                    'result' => null,
                    'clientMutationId' => 'bac',
                ],
            ],
            'extensions' => [
                'warnings' => [
                    [
                        'message' => 'Access denied to this field.',
                        'locations' => [
                            [
                                'line' => 3,
                                'column' => 5,
                            ],
                        ],
                    ],
                ],
            ],
        ];

        $this->assertResponse(sprintf($this->simpleMutationWithThunkQuery, 321), $expected, static::USER_ADMIN);
        $this->assertTrue(SimpleMutationWithThunkFieldsMutation::hasMutate(true));
    }

    public function testMutationNotAllowedUser()
    {
        $expected = [
            'data' => [
                'simpleMutationWithThunkFields' => null,
            ],
            'errors' => [
                [
                    'message' => 'Access denied to this field.',
                    'locations' => [
                        [
                            'line' => 2,
                            'column' => 3,
                        ],
                    ],
                ],
            ],
        ];

        $this->assertResponse(sprintf($this->simpleMutationWithThunkQuery, 123), $expected, static::USER_RYAN);
        $this->assertFalse(SimpleMutationWithThunkFieldsMutation::hasMutate(true));
    }

    private function expectedFailedUserRoles()
    {
        return [
            'data' => [
                'user' => [
                    'roles' => [0 => null],
                ],
            ],
        ];
    }

    private static function assertResponse($query, array $expected, $username)

    {
        $client = self::createClientAuthenticated($username);
        $client->request('GET', '/', ['query' => $query]);

        $result = $client->getResponse()->getContent();

        static::assertEquals($expected, json_decode($result, true), $result);

        return $client;
    }

    private static function createClientAuthenticated($username)
    {
        $client = static::createClient(['test_case' => 'access']);

        if ($username) {
            $client->setServerParameters([
                'PHP_AUTH_USER' => $username,
                'PHP_AUTH_PW' => '123',
            ]);
        }

        return $client;
    }
}


1		<?php
2
3		/*
4		* This file is part of the OverblogGraphQLBundle package.
5		*
6		* (c) Overblog <http://github.com/overblog/>
7		*
8		* For the full copyright and license information, please view the LICENSE
9		* file that was distributed with this source code.
10		*/
11
12		namespace Overblog\GraphQLBundle\Tests\Functional\Security;
13
14		use Overblog\GraphQLBundle\Tests\Functional\app\Mutation\SimpleMutationWithThunkFieldsMutation;
15		use Overblog\GraphQLBundle\Tests\Functional\TestCase;
16
17		class AccessTest extends TestCase
18		{
19		const USER_RYAN = 'ryan';
20		const USER_ADMIN = 'admin';
21		const ANONYMOUS_USER = null;
22
23		private $userNameQuery = 'query MyQuery { user { name } }';
24
25		private $userRolesQuery = 'query MyQuery { user { roles } }';
26
27		private $userIsEnabledQuery = 'query MyQuery { user { isEnabled } }';
		0 ignored issues – show Unused Code introduced 2016-06-13 15:18 UTC by Report Bug Copy Issue Report The property `$userIsEnabledQuery` is not used and could be removed. This check marks private properties in classes that are never used. Those properties can be removed. Loading history...
28
29		private $userFriendsQuery = <<<EOF
30		query MyQuery {
31		user {
32		friends(first: 2) {
33		edges {
34		node {
35		name
36		}
37		}
38		}
39		}
40		}
41		EOF;
42
43		private $simpleMutationWithThunkQuery = <<<EOF
44		mutation M {
45		simpleMutationWithThunkFields(input: {inputData: %d, clientMutationId: "bac"}) {
46		result
47		clientMutationId
48		}
49		}
50		EOF;
51
52	View Code Duplication	public function testNotAuthenticatedUserAccessToUserName()
		0 ignored issues – show Duplication introduced 2016-04-02 20:15 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
53		{
54		$expected = [
55		'data' => [
56		'user' => [
57		'name' => null,
58		],
59		],
60		'extensions' => [
61		'warnings' => [
62		[
63		'message' => 'Access denied to this field.',
64		'locations' => [['line' => 1, 'column' => 24]],
65		],
66		],
67		],
68		];
69
70		$this->assertResponse($this->userNameQuery, $expected, static::ANONYMOUS_USER);
71		}
72
73		public function testFullyAuthenticatedUserAccessToUserName()
74		{
75		$expected = [
76		'data' => [
77		'user' => [
78		'name' => 'Dan',
79		],
80		],
81		];
82
83		$this->assertResponse($this->userNameQuery, $expected, static::USER_RYAN);
84		}
85
86		public function testNotAuthenticatedUserAccessToUserRoles()
87		{
88		$this->assertResponse($this->userRolesQuery, $this->expectedFailedUserRoles(), static::ANONYMOUS_USER);
89		}
90
91		public function testAuthenticatedUserAccessToUserRolesWithoutEnoughRights()
92		{
93		$this->assertResponse($this->userRolesQuery, $this->expectedFailedUserRoles(), static::USER_RYAN);
94		}
95
96		public function testUserWithCorrectRightsAccessToUserRoles()
97		{
98		$expected = [
99		'data' => [
100		'user' => [
101		'roles' => ['ROLE_USER'],
102		],
103		],
104		];
105
106		$this->assertResponse($this->userRolesQuery, $expected, static::USER_ADMIN);
107		}
108
109	View Code Duplication	public function testUserForbiddenField()
		0 ignored issues – show Duplication introduced 2016-05-16 09:56 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
110		{
111		$expected = [
112		'data' => [
113		'user' => null,
114		],
115		'extensions' => [
116		'warnings' => [
117		[
118		'message' => 'Access denied to this field.',
119		'locations' => [
120		[
121		'line' => 3,
122		'column' => 5,
123		],
124		],
125		],
126		],
127		],
128		];
129
130		$query = <<<EOF
131		query MyQuery {
132		user {
133		forbidden
134		}
135		}
136		EOF;
137
138		$this->assertResponse($query, $expected, static::USER_ADMIN);
139		}
140
141		public function testUserAccessToUserFriends()
142		{
143		$expected = [
144		'data' => [
145		'user' => [
146		'friends' => [
147		'edges' => [
148		['node' => ['name' => 'Nick']],
149		['node' => null],
150		],
151		],
152		],
153		],
154		];
155
156		$this->assertResponse($this->userFriendsQuery, $expected, static::USER_ADMIN);
157		}
158
159		public function testMutationAllowedUser()
160		{
161		$result = 123;
162
163		$expected = [
164		'data' => [
165		'simpleMutationWithThunkFields' => [
166		'result' => $result,
167		'clientMutationId' => 'bac',
168		],
169		],
170		];
171
172		$this->assertResponse(sprintf($this->simpleMutationWithThunkQuery, $result), $expected, static::USER_ADMIN);
173		$this->assertTrue(SimpleMutationWithThunkFieldsMutation::hasMutate(true));
174		}
175
176		public function testMutationAllowedButNoRightsToDisplayPayload()
177		{
178		$expected = [
179		'data' => [
180		'simpleMutationWithThunkFields' => [
181		'result' => null,
182		'clientMutationId' => 'bac',
183		],
184		],
185		'extensions' => [
186		'warnings' => [
187		[
188		'message' => 'Access denied to this field.',
189		'locations' => [
190		[
191		'line' => 3,
192		'column' => 5,
193		],
194		],
195		],
196		],
197		],
198		];
199
200		$this->assertResponse(sprintf($this->simpleMutationWithThunkQuery, 321), $expected, static::USER_ADMIN);
201		$this->assertTrue(SimpleMutationWithThunkFieldsMutation::hasMutate(true));
202		}
203
204		public function testMutationNotAllowedUser()
205		{
206		$expected = [
207		'data' => [
208		'simpleMutationWithThunkFields' => null,
209		],
210		'errors' => [
211		[
212		'message' => 'Access denied to this field.',
213		'locations' => [
214		[
215		'line' => 2,
216		'column' => 3,
217		],
218		],
219		],
220		],
221		];
222
223		$this->assertResponse(sprintf($this->simpleMutationWithThunkQuery, 123), $expected, static::USER_RYAN);
224		$this->assertFalse(SimpleMutationWithThunkFieldsMutation::hasMutate(true));
225		}
226
227		private function expectedFailedUserRoles()
228		{
229		return [
230		'data' => [
231		'user' => [
232		'roles' => [0 => null],
233		],
234		],
235		];
236		}
237
238	View Code Duplication	private static function assertResponse($query, array $expected, $username)
		0 ignored issues – show Duplication introduced 2016-04-02 20:15 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
239		{
240		$client = self::createClientAuthenticated($username);
241		$client->request('GET', '/', ['query' => $query]);
242
243		$result = $client->getResponse()->getContent();
244
245		static::assertEquals($expected, json_decode($result, true), $result);
246
247		return $client;
248		}
249
250		private static function createClientAuthenticated($username)
251		{
252		$client = static::createClient(['test_case' => 'access']);
253
254		if ($username) {
255		$client->setServerParameters([
256		'PHP_AUTH_USER' => $username,
257		'PHP_AUTH_PW' => '123',
258		]);
259		}
260
261		return $client;
262		}
263		}
264

overblog / GraphQLBundle

Scrutinizer GitHub App not installed

Pull Request — master (#53)

testUserAccessToUserIsEnabledWithExpressionLanguageEvaluationFailed() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like