AccessTest::testMutationNotAllowedUser() - Code Metrics - Inspection of "Enable error formatting customization" - overblog/GraphQLBundle - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#264)

by Jérémiah

created 2017-12-21 09:57 UTC

AccessTest::testMutationNotAllowedUser() B

↳ Parent: AccessTest

Complexity

Conditions	1
Paths	1

Size

Total Lines	24
Code Lines	13

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
c	0
b	0
f	0
dl	0
loc	24
rs	8.9713
cc	1
eloc	13
nc	1
nop	0

<?php

namespace Overblog\GraphQLBundle\Tests\Functional\Security;

use Overblog\GraphQLBundle\Tests\Functional\App\Mutation\SimpleMutationWithThunkFieldsMutation;
use Overblog\GraphQLBundle\Tests\Functional\TestCase;
use Symfony\Component\HttpKernel\Kernel;

class AccessTest extends TestCase
{
    /** @var \Closure */
    private $loader;

    private $userNameQuery = 'query { user { name } }';

    private $userRolesQuery = 'query { user { roles } }';

    private $userIsEnabledQuery = 'query { user { isEnabled } }';


    private $userFriendsQuery = <<<'EOF'
query {
  user {
    friends(first: 2) {
      edges {
        node {
          name
        }
      }
    }
  }
}
EOF;

    private $simpleMutationWithThunkQuery = <<<'EOF'
mutation M {
  simpleMutationWithThunkFields(input: {inputData: %d, clientMutationId: "bac"}) {
    result
    clientMutationId
  }
}
EOF;

    public function setUp()
    {
        parent::setUp();
        // load types
        $this->loader = function ($class) {
            if (preg_match('@^'.preg_quote('Overblog\GraphQLBundle\Access\__DEFINITIONS__\\').'(.*)$@', $class, $matches)) {
                $file = '/tmp/OverblogGraphQLBundle/'.Kernel::VERSION.'/access/cache/testaccess/overblog/graphql-bundle/__definitions__/'.$matches[1].'.php';
                if (file_exists($file)) {
                    require $file;
                }
            }
        };
        spl_autoload_register($this->loader);
    }

    /**
     * @expectedException \RuntimeException
     * @expectedExceptionMessage Type class for alias "RootQuery" could not be load. If you are using your own classLoader verify the path and the namespace please.
     * @requires PHP 7
     */
    public function testCustomClassLoaderNotRegister()
    {
        spl_autoload_unregister($this->loader);
        $this->assertResponse($this->userNameQuery, [], static::ANONYMOUS_USER, 'access');
    }

    public function testNotAuthenticatedUserAccessToUserName()

    {
        $expected = [
            'data' => [
                'user' => [
                    'name' => null,
                ],
            ],
            'extensions' => [
                'warnings' => [
                    [
                        'message' => 'Access denied to this field.',
                        'locations' => [['line' => 1, 'column' => 16]],
                        'path' => ['user', 'name'],
                        'category' => 'user',
                    ],
                ],
            ],
        ];

        $this->assertResponse($this->userNameQuery, $expected, static::ANONYMOUS_USER, 'access');
    }

    public function testFullyAuthenticatedUserAccessToUserName()
    {
        $expected = [
            'data' => [
                'user' => [
                    'name' => 'Dan',
                ],
            ],
        ];

        $this->assertResponse($this->userNameQuery, $expected, static::USER_RYAN, 'access');
    }

    public function testNotAuthenticatedUserAccessToUserRoles()
    {
        $this->assertResponse($this->userRolesQuery, $this->expectedFailedUserRoles(), static::ANONYMOUS_USER, 'access');
    }

    public function testAuthenticatedUserAccessToUserRolesWithoutEnoughRights()
    {
        $this->assertResponse($this->userRolesQuery, $this->expectedFailedUserRoles(), static::USER_RYAN, 'access');
    }

    public function testUserWithCorrectRightsAccessToUserRoles()
    {
        $expected = [
            'data' => [
                'user' => [
                    'roles' => ['ROLE_USER'],
                ],
            ],
        ];

        $this->assertResponse($this->userRolesQuery, $expected, static::USER_ADMIN, 'access');
    }

    public function testUserForbiddenField()

    {
        $expected = [
            'data' => [
                'user' => null,
            ],
            'extensions' => [
                'warnings' => [
                    [
                        'message' => 'Access denied to this field.',
                        'locations' => [
                            [
                                'line' => 3,
                                'column' => 5,
                            ],
                        ],
                        'path' => ['user', 'forbidden'],
                        'category' => 'user',
                    ],
                ],
            ],
        ];

        $query = <<<'EOF'
query MyQuery {
  user {
    forbidden
  }
}
EOF;

        $this->assertResponse($query, $expected, static::USER_ADMIN, 'access');
    }

    public function testUserAccessToUserFriends()
    {
        $expected = [
            'data' => [
                'user' => [
                    'friends' => [
                        'edges' => [
                            ['node' => ['name' => 'Nick']],
                            ['node' => null],
                        ],
                    ],
                ],
            ],
        ];

        $this->assertResponse($this->userFriendsQuery, $expected, static::USER_ADMIN, 'access');
    }

    public function testMutationAllowedUser()
    {
        $result = 123;

        $expected = [
            'data' => [
                'simpleMutationWithThunkFields' => [
                    'result' => $result,
                    'clientMutationId' => 'bac',
                ],
            ],
        ];

        $this->assertResponse(sprintf($this->simpleMutationWithThunkQuery, $result), $expected, static::USER_ADMIN, 'access');
        $this->assertTrue(SimpleMutationWithThunkFieldsMutation::hasMutate(true));
    }

    public function testMutationAllowedButNoRightsToDisplayPayload()
    {
        $expected = [
            'data' => [
                'simpleMutationWithThunkFields' => [
                    'result' => null,
                    'clientMutationId' => 'bac',
                ],
            ],
            'extensions' => [
                'warnings' => [
                    [
                        'message' => 'Access denied to this field.',
                        'locations' => [
                            [
                                'line' => 3,
                                'column' => 5,
                            ],
                        ],
                        'path' => ['simpleMutationWithThunkFields', 'result'],
                        'category' => 'user',
                    ],
                ],
            ],
        ];

        $this->assertResponse(sprintf($this->simpleMutationWithThunkQuery, 321), $expected, static::USER_ADMIN, 'access');
        $this->assertTrue(SimpleMutationWithThunkFieldsMutation::hasMutate(true));
    }

    public function testMutationNotAllowedUser()
    {
        $expected = [
            'data' => [
                'simpleMutationWithThunkFields' => null,
            ],
            'errors' => [
                [
                    'message' => 'Access denied to this field.',
                    'locations' => [
                        [
                            'line' => 2,
                            'column' => 3,
                        ],
                    ],
                    'path' => ['simpleMutationWithThunkFields'],
                    'category' => 'user',
                ],
            ],
        ];

        $this->assertResponse(sprintf($this->simpleMutationWithThunkQuery, 123), $expected, static::USER_RYAN, 'access');
        $this->assertFalse(SimpleMutationWithThunkFieldsMutation::hasMutate(true));
    }

    private function expectedFailedUserRoles()
    {
        return [
            'data' => [
                'user' => [
                    'roles' => [0 => null],
                ],
            ],
        ];
    }
}


1		<?php
2
3		namespace Overblog\GraphQLBundle\Tests\Functional\Security;
4
5		use Overblog\GraphQLBundle\Tests\Functional\App\Mutation\SimpleMutationWithThunkFieldsMutation;
6		use Overblog\GraphQLBundle\Tests\Functional\TestCase;
7		use Symfony\Component\HttpKernel\Kernel;
8
9		class AccessTest extends TestCase
10		{
11		/** @var \Closure */
12		private $loader;
13
14		private $userNameQuery = 'query { user { name } }';
15
16		private $userRolesQuery = 'query { user { roles } }';
17
18		private $userIsEnabledQuery = 'query { user { isEnabled } }';
		0 ignored issues – show Unused Code introduced 2017-03-30 09:44 UTC by Report Bug Copy Issue Report The property `$userIsEnabledQuery` is not used and could be removed. This check marks private properties in classes that are never used. Those properties can be removed. Loading history...
19
20		private $userFriendsQuery = <<<'EOF'
21		query {
22		user {
23		friends(first: 2) {
24		edges {
25		node {
26		name
27		}
28		}
29		}
30		}
31		}
32		EOF;
33
34		private $simpleMutationWithThunkQuery = <<<'EOF'
35		mutation M {
36		simpleMutationWithThunkFields(input: {inputData: %d, clientMutationId: "bac"}) {
37		result
38		clientMutationId
39		}
40		}
41		EOF;
42
43		public function setUp()
44		{
45		parent::setUp();
46		// load types
47		$this->loader = function ($class) {
48		if (preg_match('@^'.preg_quote('Overblog\GraphQLBundle\Access\__DEFINITIONS__\\').'(.*)$@', $class, $matches)) {
49		$file = '/tmp/OverblogGraphQLBundle/'.Kernel::VERSION.'/access/cache/testaccess/overblog/graphql-bundle/__definitions__/'.$matches[1].'.php';
50		if (file_exists($file)) {
51		require $file;
52		}
53		}
54		};
55		spl_autoload_register($this->loader);
56		}
57
58		/**
59		* @expectedException \RuntimeException
60		* @expectedExceptionMessage Type class for alias "RootQuery" could not be load. If you are using your own classLoader verify the path and the namespace please.
61		* @requires PHP 7
62		*/
63		public function testCustomClassLoaderNotRegister()
64		{
65		spl_autoload_unregister($this->loader);
66		$this->assertResponse($this->userNameQuery, [], static::ANONYMOUS_USER, 'access');
67		}
68
69	View Code Duplication	public function testNotAuthenticatedUserAccessToUserName()
		0 ignored issues – show Duplication introduced 2017-08-01 07:43 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
70		{
71		$expected = [
72		'data' => [
73		'user' => [
74		'name' => null,
75		],
76		],
77		'extensions' => [
78		'warnings' => [
79		[
80		'message' => 'Access denied to this field.',
81		'locations' => [['line' => 1, 'column' => 16]],
82		'path' => ['user', 'name'],
83		'category' => 'user',
84		],
85		],
86		],
87		];
88
89		$this->assertResponse($this->userNameQuery, $expected, static::ANONYMOUS_USER, 'access');
90		}
91
92		public function testFullyAuthenticatedUserAccessToUserName()
93		{
94		$expected = [
95		'data' => [
96		'user' => [
97		'name' => 'Dan',
98		],
99		],
100		];
101
102		$this->assertResponse($this->userNameQuery, $expected, static::USER_RYAN, 'access');
103		}
104
105		public function testNotAuthenticatedUserAccessToUserRoles()
106		{
107		$this->assertResponse($this->userRolesQuery, $this->expectedFailedUserRoles(), static::ANONYMOUS_USER, 'access');
108		}
109
110		public function testAuthenticatedUserAccessToUserRolesWithoutEnoughRights()
111		{
112		$this->assertResponse($this->userRolesQuery, $this->expectedFailedUserRoles(), static::USER_RYAN, 'access');
113		}
114
115		public function testUserWithCorrectRightsAccessToUserRoles()
116		{
117		$expected = [
118		'data' => [
119		'user' => [
120		'roles' => ['ROLE_USER'],
121		],
122		],
123		];
124
125		$this->assertResponse($this->userRolesQuery, $expected, static::USER_ADMIN, 'access');
126		}
127
128	View Code Duplication	public function testUserForbiddenField()
		0 ignored issues – show Duplication introduced 2017-08-01 07:43 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
129		{
130		$expected = [
131		'data' => [
132		'user' => null,
133		],
134		'extensions' => [
135		'warnings' => [
136		[
137		'message' => 'Access denied to this field.',
138		'locations' => [
139		[
140		'line' => 3,
141		'column' => 5,
142		],
143		],
144		'path' => ['user', 'forbidden'],
145		'category' => 'user',
146		],
147		],
148		],
149		];
150
151		$query = <<<'EOF'
152		query MyQuery {
153		user {
154		forbidden
155		}
156		}
157		EOF;
158
159		$this->assertResponse($query, $expected, static::USER_ADMIN, 'access');
160		}
161
162		public function testUserAccessToUserFriends()
163		{
164		$expected = [
165		'data' => [
166		'user' => [
167		'friends' => [
168		'edges' => [
169		['node' => ['name' => 'Nick']],
170		['node' => null],
171		],
172		],
173		],
174		],
175		];
176
177		$this->assertResponse($this->userFriendsQuery, $expected, static::USER_ADMIN, 'access');
178		}
179
180		public function testMutationAllowedUser()
181		{
182		$result = 123;
183
184		$expected = [
185		'data' => [
186		'simpleMutationWithThunkFields' => [
187		'result' => $result,
188		'clientMutationId' => 'bac',
189		],
190		],
191		];
192
193		$this->assertResponse(sprintf($this->simpleMutationWithThunkQuery, $result), $expected, static::USER_ADMIN, 'access');
194		$this->assertTrue(SimpleMutationWithThunkFieldsMutation::hasMutate(true));
195		}
196
197		public function testMutationAllowedButNoRightsToDisplayPayload()
198		{
199		$expected = [
200		'data' => [
201		'simpleMutationWithThunkFields' => [
202		'result' => null,
203		'clientMutationId' => 'bac',
204		],
205		],
206		'extensions' => [
207		'warnings' => [
208		[
209		'message' => 'Access denied to this field.',
210		'locations' => [
211		[
212		'line' => 3,
213		'column' => 5,
214		],
215		],
216		'path' => ['simpleMutationWithThunkFields', 'result'],
217		'category' => 'user',
218		],
219		],
220		],
221		];
222
223		$this->assertResponse(sprintf($this->simpleMutationWithThunkQuery, 321), $expected, static::USER_ADMIN, 'access');
224		$this->assertTrue(SimpleMutationWithThunkFieldsMutation::hasMutate(true));
225		}
226
227		public function testMutationNotAllowedUser()
228		{
229		$expected = [
230		'data' => [
231		'simpleMutationWithThunkFields' => null,
232		],
233		'errors' => [
234		[
235		'message' => 'Access denied to this field.',
236		'locations' => [
237		[
238		'line' => 2,
239		'column' => 3,
240		],
241		],
242		'path' => ['simpleMutationWithThunkFields'],
243		'category' => 'user',
244		],
245		],
246		];
247
248		$this->assertResponse(sprintf($this->simpleMutationWithThunkQuery, 123), $expected, static::USER_RYAN, 'access');
249		$this->assertFalse(SimpleMutationWithThunkFieldsMutation::hasMutate(true));
250		}
251
252		private function expectedFailedUserRoles()
253		{
254		return [
255		'data' => [
256		'user' => [
257		'roles' => [0 => null],
258		],
259		],
260		];
261		}
262		}
263

overblog / GraphQLBundle

Scrutinizer GitHub App not installed

Pull Request — master (#264)

AccessTest::testMutationNotAllowedUser() B

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like