1 files changed, 106 insertions, 21 deletions

diff --git a/spec/requests/api/graphql/gitlab_schema_spec.rb b/spec/requests/api/graphql/gitlab_schema_spec.rb
index dd518274f82..b6ca9246399 100644
--- a/spec/requests/api/graphql/gitlab_schema_spec.rb
+++ b/spec/requests/api/graphql/gitlab_schema_spec.rb
@@ -3,41 +3,101 @@ require 'spec_helper'
 describe 'GitlabSchema configurations' do
   include GraphqlHelpers
 
-  let(:project) { create(:project, :repository) }
-  let(:query) { graphql_query_for('project', { 'fullPath' => project.full_path }, %w(id name description)) }
-  let(:current_user) { create(:user) }
+  let(:project) { create(:project) }
 
-  describe '#max_complexity' do
-    context 'when complexity is too high' do
-      it 'shows an error' do
-        allow(GitlabSchema).to receive(:max_query_complexity).and_return 1
+  shared_examples 'imposing query limits' do
+    describe '#max_complexity' do
+      context 'when complexity is too high' do
+        it 'shows an error' do
+          allow(GitlabSchema).to receive(:max_query_complexity).and_return 1
 
-        post_graphql(query, current_user: nil)
+          subject
 
-        expect(graphql_errors.first['message']).to include('which exceeds max complexity of 1')
+          expect(graphql_errors.flatten.first['message']).to include('which exceeds max complexity of 1')
+        end
       end
     end
+
+    describe '#max_depth' do
+      context 'when query depth is too high' do
+        it 'shows error' do
+          errors = { "message" => "Query has depth of 2, which exceeds max depth of 1" }
+          allow(GitlabSchema).to receive(:max_query_depth).and_return 1
+
+          subject
+
+          expect(graphql_errors.flatten).to include(errors)
+        end
+      end
+
+      context 'when query depth is within range' do
+        it 'has no error' do
+          allow(GitlabSchema).to receive(:max_query_depth).and_return 5
+
+          subject
+
+          expect(Array.wrap(graphql_errors).compact).to be_empty
+        end
+      end
+    end
+  end
+
+  context 'regular queries' do
+    subject do
+      query = graphql_query_for('project', { 'fullPath' => project.full_path }, %w(id name description))
+      post_graphql(query)
+    end
+
+    it_behaves_like 'imposing query limits'
   end
 
-  describe '#max_depth' do
-    context 'when query depth is too high' do
-      it 'shows error' do
-        errors = [{ "message" => "Query has depth of 2, which exceeds max depth of 1" }]
-        allow(GitlabSchema).to receive(:max_query_depth).and_return 1
+  context 'multiplexed queries' do
+    let(:current_user) { nil }
+
+    subject do
+      queries = [
+        { query: graphql_query_for('project', { 'fullPath' => '$fullPath' }, %w(id name description)) },
+        { query: graphql_query_for('echo', { 'text' => "$test" }, []), variables: { "test" => "Hello world" } },
+        { query: graphql_query_for('project', { 'fullPath' => project.full_path }, "userPermissions { createIssue }") }
+      ]
+
+      post_multiplex(queries, current_user: current_user)
+    end
+
+    it 'does not authenticate all queries' do
+      subject
+
+      expect(json_response.last['data']['project']).to be_nil
+    end
+
+    it_behaves_like 'imposing query limits' do
+      it "fails all queries when only one of the queries is too complex" do
+        # The `project` query above has a complexity of 5
+        allow(GitlabSchema).to receive(:max_query_complexity).and_return 4
 
-        post_graphql(query)
+        subject
 
-        expect(graphql_errors).to eq(errors)
+        # Expect a response for each query, even though it will be empty
+        expect(json_response.size).to eq(3)
+        json_response.each do |single_query_response|
+          expect(single_query_response).not_to have_key('data')
+        end
+
+        # Expect errors for each query
+        expect(graphql_errors.size).to eq(3)
+        graphql_errors.each do |single_query_errors|
+          expect(single_query_errors.first['message']).to include('which exceeds max complexity of 4')
+        end
       end
     end
 
-    context 'when query depth is within range' do
-      it 'has no error' do
-        allow(GitlabSchema).to receive(:max_query_depth).and_return 5
+    context 'authentication' do
+      let(:current_user) { project.owner }
 
-        post_graphql(query)
+      it 'authenticates all queries' do
+        subject
 
-        expect(graphql_errors).to be_nil
+        expect(json_response.last['data']['project']['userPermissions']['createIssue']).to be(true)
       end
     end
   end
@@ -51,4 +111,29 @@ describe 'GitlabSchema configurations' do
       expect(graphql_errors).to be_nil
     end
   end
+
+  context 'logging' do
+    let(:query) { File.read(Rails.root.join('spec/fixtures/api/graphql/introspection.graphql')) }
+
+    it 'logs the query complexity and depth' do
+      analyzer_memo = {
+        query_string: query,
+        variables: {}.to_s,
+        complexity: 181,
+        depth: 0,
+        duration: 7
+      }
+
+      expect_any_instance_of(Gitlab::Graphql::QueryAnalyzers::LoggerAnalyzer).to receive(:duration).and_return(7)
+      expect(Gitlab::GraphqlLogger).to receive(:info).with(analyzer_memo)
+
+      post_graphql(query, current_user: nil)
+    end
+
+    it 'logs using `format_message`' do
+      expect_any_instance_of(Gitlab::GraphqlLogger).to receive(:format_message)
+
+      post_graphql(query, current_user: nil)
+    end
+  end
 end