Commit bcf01ada authored by Phil Hughes's avatar Phil Hughes

Added spec for authenticating multiplex queries

parent 301a7d32
...@@ -52,13 +52,22 @@ describe 'GitlabSchema configurations' do ...@@ -52,13 +52,22 @@ describe 'GitlabSchema configurations' do
end end
context 'multiplexed queries' do context 'multiplexed queries' do
let(:current_user) { nil }
subject do subject do
queries = [ queries = [
{ query: graphql_query_for('project', { 'fullPath' => project.full_path }, %w(id name description)) }, { query: graphql_query_for('project', { 'fullPath' => '$fullPath' }, %w(id name description)) },
{ query: graphql_query_for('echo', { 'text' => "$test" }, []), variables: { "test" => "Hello world" } } { query: graphql_query_for('echo', { 'text' => "$test" }, []), variables: { "test" => "Hello world" } },
{ query: graphql_query_for('project', { 'fullPath' => project.full_path }, "userPermissions { createIssue }") }
] ]
post_multiplex(queries) post_multiplex(queries, current_user: current_user)
end
it 'does not authenticate all queries' do
subject
expect(json_response.last['data']['project']).to be_nil
end end
it_behaves_like 'imposing query limits' do it_behaves_like 'imposing query limits' do
...@@ -69,18 +78,28 @@ describe 'GitlabSchema configurations' do ...@@ -69,18 +78,28 @@ describe 'GitlabSchema configurations' do
subject subject
# Expect a response for each query, even though it will be empty # Expect a response for each query, even though it will be empty
expect(json_response.size).to eq(2) expect(json_response.size).to eq(3)
json_response.each do |single_query_response| json_response.each do |single_query_response|
expect(single_query_response).not_to have_key('data') expect(single_query_response).not_to have_key('data')
end end
# Expect errors for each query # Expect errors for each query
expect(graphql_errors.size).to eq(2) expect(graphql_errors.size).to eq(3)
graphql_errors.each do |single_query_errors| graphql_errors.each do |single_query_errors|
expect(single_query_errors.first['message']).to include('which exceeds max complexity of 4') expect(single_query_errors.first['message']).to include('which exceeds max complexity of 4')
end end
end end
end end
context 'authentication' do
let(:current_user) { project.owner }
it 'authenticates all queries' do
subject
expect(json_response.last['data']['project']['userPermissions']['createIssue']).to be(true)
end
end
end end
context 'when IntrospectionQuery' do context 'when IntrospectionQuery' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment