diff options
| author | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2021-12-06 23:11:24 +0000 |
|---|---|---|
| committer | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2021-12-06 23:11:24 +0000 |
| commit | 859d87224c756ee7c492f8cd03796c0c1f39b5b1 (patch) | |
| tree | 33533cede7d7baa81bfb3dd7655d5d98bc59e125 /spec/controllers/graphql_controller_spec.rb | |
| parent | b46b1a8bf2602a42329c0f6d0a7c40d74deb4e34 (diff) | |
| parent | 314aa87d52b166ef0de60736f28fec1b5549c7eb (diff) | |
| download | gitlab-ce-14-3-stable.tar.gz | |
Merge remote-tracking branch 'dev/14-3-stable' into 14-3-stable14-3-stable
Diffstat (limited to 'spec/controllers/graphql_controller_spec.rb')
| -rw-r--r-- | spec/controllers/graphql_controller_spec.rb | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/spec/controllers/graphql_controller_spec.rb b/spec/controllers/graphql_controller_spec.rb index aed97a01a72..518854cefaf 100644 --- a/spec/controllers/graphql_controller_spec.rb +++ b/spec/controllers/graphql_controller_spec.rb @@ -44,6 +44,44 @@ RSpec.describe GraphqlController do expect(response).to have_gitlab_http_status(:ok) end + it 'executes a simple query with no errors' do + post :execute, params: { query: '{ __typename }' } + + expect(response).to have_gitlab_http_status(:ok) + expect(json_response).to eq({ 'data' => { '__typename' => 'Query' } }) + end + + it 'executes a simple multiplexed query with no errors' do + multiplex = [{ query: '{ __typename }' }] * 2 + + post :execute, params: { _json: multiplex } + + expect(response).to have_gitlab_http_status(:ok) + expect(json_response).to eq([ + { 'data' => { '__typename' => 'Query' } }, + { 'data' => { '__typename' => 'Query' } } + ]) + end + + it 'sets a limit on the total query size' do + graphql_query = "{#{(['__typename'] * 1000).join(' ')}}" + + post :execute, params: { query: graphql_query } + + expect(response).to have_gitlab_http_status(:unprocessable_entity) + expect(json_response).to eq({ 'errors' => [{ 'message' => 'Query too large' }] }) + end + + it 'sets a limit on the total query size for multiplex queries' do + graphql_query = "{#{(['__typename'] * 200).join(' ')}}" + multiplex = [{ query: graphql_query }] * 5 + + post :execute, params: { _json: multiplex } + + expect(response).to have_gitlab_http_status(:unprocessable_entity) + expect(json_response).to eq({ 'errors' => [{ 'message' => 'Query too large' }] }) + end + it 'returns forbidden when user cannot access API' do # User cannot access API in a couple of cases # * When user is internal(like ghost users) |