diff options
| author | Phil Hughes <me@iamphill.com> | 2019-05-29 14:23:08 +0100 |
|---|---|---|
| committer | Phil Hughes <me@iamphill.com> | 2019-05-29 14:23:08 +0100 |
| commit | bcf01adaa089f258a7660eff740c9bf2eddfadc8 (patch) | |
| tree | bc4f0028a6911e1f8aedd9aa7e31ceedb3c563b0 | |
| parent | 301a7d32b40128d388aa42b487de367c1cdbc1cd (diff) | |
| download | gitlab-ce-bcf01adaa089f258a7660eff740c9bf2eddfadc8.tar.gz | |
Added spec for authenticating multiplex queries
| -rw-r--r-- | spec/requests/api/graphql/gitlab_schema_spec.rb | 29 |
1 files changed, 24 insertions, 5 deletions
diff --git a/spec/requests/api/graphql/gitlab_schema_spec.rb b/spec/requests/api/graphql/gitlab_schema_spec.rb index a724c5c3f1c..9beea2e2594 100644 --- a/spec/requests/api/graphql/gitlab_schema_spec.rb +++ b/spec/requests/api/graphql/gitlab_schema_spec.rb @@ -52,13 +52,22 @@ describe 'GitlabSchema configurations' do end context 'multiplexed queries' do + let(:current_user) { nil } + subject do queries = [ - { query: graphql_query_for('project', { 'fullPath' => project.full_path }, %w(id name description)) }, - { query: graphql_query_for('echo', { 'text' => "$test" }, []), variables: { "test" => "Hello world" } } + { query: graphql_query_for('project', { 'fullPath' => '$fullPath' }, %w(id name description)) }, + { query: graphql_query_for('echo', { 'text' => "$test" }, []), variables: { "test" => "Hello world" } }, + { query: graphql_query_for('project', { 'fullPath' => project.full_path }, "userPermissions { createIssue }") } ] - post_multiplex(queries) + post_multiplex(queries, current_user: current_user) + end + + it 'does not authenticate all queries' do + subject + + expect(json_response.last['data']['project']).to be_nil end it_behaves_like 'imposing query limits' do @@ -69,18 +78,28 @@ describe 'GitlabSchema configurations' do subject # Expect a response for each query, even though it will be empty - expect(json_response.size).to eq(2) + expect(json_response.size).to eq(3) json_response.each do |single_query_response| expect(single_query_response).not_to have_key('data') end # Expect errors for each query - expect(graphql_errors.size).to eq(2) + expect(graphql_errors.size).to eq(3) graphql_errors.each do |single_query_errors| expect(single_query_errors.first['message']).to include('which exceeds max complexity of 4') end end end + + context 'authentication' do + let(:current_user) { project.owner } + + it 'authenticates all queries' do + subject + + expect(json_response.last['data']['project']['userPermissions']['createIssue']).to be(true) + end + end end context 'when IntrospectionQuery' do |