def test_jwt_valid_audience(self, hge_ctx, endpoint): jwt_conf = json.loads(hge_ctx.hge_jwt_conf) if 'audience' not in jwt_conf: pytest.skip( 'audience not present in conf, skipping testing audience') audience = jwt_conf['audience'] audience = audience if isinstance(audience, str) else audience[0] hasura_claims = mk_claims( hge_ctx.hge_jwt_conf, { 'x-hasura-user-id': '1', 'x-hasura-default-role': 'user', 'x-hasura-allowed-roles': ['user'], }) claims_namespace_path = None if 'claims_namespace_path' in hge_ctx.hge_jwt_conf_dict: claims_namespace_path = hge_ctx.hge_jwt_conf_dict[ 'claims_namespace_path'] self.claims = mk_claims_with_namespace_path(self.claims, hasura_claims, claims_namespace_path) self.claims['aud'] = audience token = jwt.encode(self.claims, hge_ctx.hge_jwt_key, algorithm=hge_ctx.hge_jwt_algo) self.conf['headers']['Authorization'] = 'Bearer ' + token check_query(hge_ctx, self.conf, add_auth=False, claims_namespace_path=claims_namespace_path)
def test_jwt_no_default_role(self, hge_ctx, endpoint): self.claims['https://hasura.io/jwt/claims'] = mk_claims( hge_ctx.hge_jwt_conf, { 'x-hasura-user-id': '1', 'x-hasura-allowed-roles': ['user'], }) token = jwt.encode(self.claims, hge_ctx.hge_jwt_key, algorithm='RS512').decode('utf-8') self.conf['headers']['Authorization'] = 'Bearer ' + token self.conf['response'] = { 'errors': [{ 'extensions': { 'code': 'jwt-missing-role-claims', 'path': '$' }, 'message': 'JWT claim does not contain x-hasura-default-role' }] } self.conf['url'] = endpoint if endpoint == '/v1/graphql': self.conf['status'] = 200 if endpoint == '/v1alpha1/graphql': self.conf['status'] = 400 check_query(hge_ctx, self.conf, add_auth=False)
def test_jwt_claims_map_no_allowed_roles_in_claim(self, hge_ctx, endpoint): self.mk_claims('1', None, 'user') default_allowed_roles = hge_ctx.hge_jwt_conf_dict['claims_map'][ 'x-hasura-allowed-roles'].get('default') token = jwt.encode(self.claims, hge_ctx.hge_jwt_key, algorithm=hge_ctx.hge_jwt_algo) self.conf['headers']['Authorization'] = 'Bearer ' + token if default_allowed_roles is None: self.conf['response'] = { 'errors': [{ 'extensions': { 'code': 'jwt-missing-role-claims', 'path': '$' }, 'message': 'JWT claim does not contain x-hasura-allowed-roles' }] } self.conf['url'] = endpoint if endpoint == '/v1/graphql': self.conf['status'] = 200 if endpoint == '/v1alpha1/graphql': self.conf['status'] = 400 else: self.conf['status'] = 200 self.conf['url'] = endpoint check_query(hge_ctx, self.conf, add_auth=False)
def test_jwt_invalid_signature(self, hge_ctx, endpoint): hasura_claims = mk_claims(hge_ctx.hge_jwt_conf, { 'x-hasura-user-id': '1', 'x-hasura-default-role': 'user', 'x-hasura-allowed-roles': ['user'], }) claims_namespace_path = None if 'claims_namespace_path' in hge_ctx.hge_jwt_conf_dict: claims_namespace_path = hge_ctx.hge_jwt_conf_dict['claims_namespace_path'] self.claims = mk_claims_with_namespace_path(self.claims,hasura_claims,claims_namespace_path) wrong_key = gen_rsa_key() token = jwt.encode(self.claims, wrong_key, algorithm='HS256').decode('utf-8') self.conf['headers']['Authorization'] = 'Bearer ' + token self.conf['response'] = { 'errors': [{ 'extensions': { 'code': 'invalid-jwt', 'path': '$' }, 'message': 'Could not verify JWT: JWSError JWSInvalidSignature' }] } self.conf['url'] = endpoint if endpoint == '/v1/graphql': self.conf['status'] = 200 if endpoint == '/v1alpha1/graphql': self.conf['status'] = 400 check_query(hge_ctx, self.conf, add_auth=False,claims_namespace_path=claims_namespace_path)
def test_jwt_invalid_role_in_request_header(self, hge_ctx, endpoint): hasura_claims = mk_claims(hge_ctx.hge_jwt_conf, { 'x-hasura-user-id': '1', 'x-hasura-allowed-roles': ['contractor', 'editor'], 'x-hasura-default-role': 'contractor' }) claims_namespace_path = None if 'claims_namespace_path' in hge_ctx.hge_jwt_conf_dict: claims_namespace_path = hge_ctx.hge_jwt_conf_dict['claims_namespace_path'] self.claims = mk_claims_with_namespace_path(self.claims,hasura_claims,claims_namespace_path) token = jwt.encode(self.claims, hge_ctx.hge_jwt_key, algorithm='RS512').decode('utf-8') self.conf['headers']['Authorization'] = 'Bearer ' + token self.conf['response'] = { 'errors': [{ 'extensions': { 'code': 'access-denied', 'path': '$' }, 'message': 'Your current role is not in allowed roles' }] } self.conf['url'] = endpoint if endpoint == '/v1/graphql': self.conf['status'] = 200 if endpoint == '/v1alpha1/graphql': self.conf['status'] = 400 check_query(hge_ctx, self.conf, add_auth=False,claims_namespace_path=claims_namespace_path)
def test_jwt_invalid_issuer(self, hge_ctx, endpoint): jwt_conf = json.loads(hge_ctx.hge_jwt_conf) if 'issuer' not in jwt_conf: pytest.skip('issuer not present in conf, skipping testing issuer') hasura_claims = mk_claims(hge_ctx.hge_jwt_conf, { 'x-hasura-user-id': '1', 'x-hasura-default-role': 'user', 'x-hasura-allowed-roles': ['user'], }) claims_namespace_path = None if 'claims_namespace_path' in hge_ctx.hge_jwt_conf_dict: claims_namespace_path = hge_ctx.hge_jwt_conf_dict['claims_namespace_path'] self.claims = mk_claims_with_namespace_path(self.claims,hasura_claims,claims_namespace_path) self.claims['iss'] = 'rubbish_issuer' token = jwt.encode(self.claims, hge_ctx.hge_jwt_key, algorithm='RS512').decode('utf-8') self.conf['headers']['Authorization'] = 'Bearer ' + token self.conf['response'] = { 'errors': [{ 'extensions': { 'code': 'invalid-jwt', 'path': '$' }, 'message': 'Could not verify JWT: JWTNotInIssuer' }] } self.conf['url'] = endpoint if endpoint == '/v1/graphql': self.conf['status'] = 200 if endpoint == '/v1alpha1/graphql': self.conf['status'] = 400 check_query(hge_ctx, self.conf, add_auth=False,claims_namespace_path=claims_namespace_path)
def test_jwt_no_audience_in_conf(self, hge_ctx, endpoint): jwt_conf = json.loads(hge_ctx.hge_jwt_conf) if 'audience' in jwt_conf: pytest.skip( 'audience present in conf, skipping testing no audience') hasura_claims = mk_claims( hge_ctx.hge_jwt_conf, { 'x-hasura-user-id': '1', 'x-hasura-default-role': 'user', 'x-hasura-allowed-roles': ['user'], }) claims_namespace_path = None if 'claims_namespace_path' in hge_ctx.hge_jwt_conf_dict: claims_namespace_path = hge_ctx.hge_jwt_conf_dict[ 'claims_namespace_path'] self.claims = mk_claims_with_namespace_path(self.claims, hasura_claims, claims_namespace_path) self.claims['aud'] = 'hasura-test-suite' token = jwt.encode(self.claims, hge_ctx.hge_jwt_key, algorithm='RS512').decode('utf-8') self.conf['headers']['Authorization'] = 'Bearer ' + token self.conf['url'] = endpoint check_query(hge_ctx, self.conf, add_auth=False, claims_namespace_path=claims_namespace_path)
def test_jwt_no_allowed_roles_in_claim(self, hge_ctx, endpoint): hasura_claims = mk_claims(hge_ctx.hge_jwt_conf, { 'x-hasura-user-id': '1', 'x-hasura-default-role': 'user' }) claims_namespace_path = None if 'claims_namespace_path' in hge_ctx.hge_jwt_conf_dict: claims_namespace_path = hge_ctx.hge_jwt_conf_dict['claims_namespace_path'] self.claims = mk_claims_with_namespace_path(self.claims,hasura_claims,claims_namespace_path) token = jwt.encode(self.claims, hge_ctx.hge_jwt_key, algorithm='RS512').decode('utf-8') self.conf['headers']['Authorization'] = 'Bearer ' + token self.conf['response'] = { 'errors': [{ 'extensions': { 'code': 'jwt-missing-role-claims', 'path': '$' }, 'message': 'JWT claim does not contain x-hasura-allowed-roles' }] } self.conf['url'] = endpoint if endpoint == '/v1/graphql': self.conf['status'] = 200 if endpoint == '/v1alpha1/graphql': self.conf['status'] = 400 check_query(hge_ctx, self.conf, add_auth=False,claims_namespace_path=claims_namespace_path)
def test_jwt_valid_issuer(self, hge_ctx, endpoint): jwt_conf = json.loads(hge_ctx.hge_jwt_conf) if 'issuer' not in jwt_conf: pytest.skip('issuer not present in conf, skipping testing issuer') issuer = jwt_conf['issuer'] hasura_claims = mk_claims( hge_ctx.hge_jwt_conf, { 'x-hasura-user-id': '1', 'x-hasura-default-role': 'user', 'x-hasura-allowed-roles': ['user'], }) claims_namespace_path = None if 'claims_namespace_path' in hge_ctx.hge_jwt_conf_dict: claims_namespace_path = hge_ctx.hge_jwt_conf_dict[ 'claims_namespace_path'] self.claims = mk_claims_with_namespace_path(self.claims, hasura_claims, claims_namespace_path) self.claims['iss'] = issuer token = jwt.encode(self.claims, hge_ctx.hge_jwt_key, algorithm='RS512').decode('utf-8') self.conf['headers']['Authorization'] = 'Bearer ' + token check_query(hge_ctx, self.conf, add_auth=False, claims_namespace_path=claims_namespace_path)
def test_jwt_no_default_role(self, hge_ctx, endpoint): hasura_claims = mk_claims(hge_ctx.hge_jwt_conf, { 'x-hasura-user-id': '1', 'x-hasura-allowed-roles': ['user'], }) claims_namespace_path = None if 'claims_namespace_path' in hge_ctx.hge_jwt_conf_dict: claims_namespace_path = hge_ctx.hge_jwt_conf_dict['claims_namespace_path'] self.claims = mk_claims_with_namespace_path(self.claims,hasura_claims,claims_namespace_path) token = jwt.encode(self.claims, hge_ctx.hge_jwt_key, algorithm=hge_ctx.hge_jwt_algo) authz_header = mk_authz_header(hge_ctx.hge_jwt_conf, token) self.conf['headers'].update(authz_header) self.conf['response'] = { 'errors': [{ 'extensions': { 'code': 'jwt-missing-role-claims', 'path': '$' }, 'message': 'JWT claim does not contain x-hasura-default-role' }] } self.conf['url'] = endpoint if endpoint == '/v1/graphql': self.conf['status'] = 200 if endpoint == '/v1alpha1/graphql': self.conf['status'] = 400 check_query(hge_ctx, self.conf, add_auth=False,claims_namespace_path=claims_namespace_path)
def test_jwt_no_issuer_in_conf(self, hge_ctx, endpoint): jwt_conf = json.loads(hge_ctx.hge_jwt_conf) if 'issuer' in jwt_conf: pytest.skip('issuer present in conf, skipping testing no issuer') hasura_claims = mk_claims( hge_ctx.hge_jwt_conf, { 'x-hasura-user-id': '1', 'x-hasura-default-role': 'user', 'x-hasura-allowed-roles': ['user'], }) claims_namespace_path = None if 'claims_namespace_path' in hge_ctx.hge_jwt_conf_dict: claims_namespace_path = hge_ctx.hge_jwt_conf_dict[ 'claims_namespace_path'] self.claims = mk_claims_with_namespace_path(self.claims, hasura_claims, claims_namespace_path) self.claims['iss'] = 'rubbish-issuer' token = jwt.encode(self.claims, hge_ctx.hge_jwt_key, algorithm='RS512').decode('utf-8') authz_header = mk_authz_header(hge_ctx.hge_jwt_conf, token) self.conf['headers'].update(authz_header) self.conf['url'] = endpoint check_query(hge_ctx, self.conf, add_auth=False, claims_namespace_path=claims_namespace_path)
def test_jwt_invalid_allowed_roles_in_claim(self, hge_ctx, endpoint): hasura_claims = mk_claims(hge_ctx.hge_jwt_conf, { 'x-hasura-user-id': '1', 'x-hasura-allowed-roles': 'user', 'x-hasura-default-role': 'user' }) claims_namespace_path = None if 'claims_namespace_path' in hge_ctx.hge_jwt_conf_dict: claims_namespace_path = hge_ctx.hge_jwt_conf_dict['claims_namespace_path'] self.claims = mk_claims_with_namespace_path(self.claims,hasura_claims,claims_namespace_path) token = jwt.encode(self.claims, hge_ctx.hge_jwt_key, algorithm=hge_ctx.hge_jwt_algo) authz_header = mk_authz_header(hge_ctx.hge_jwt_conf, token) self.conf['headers'].update(authz_header) self.conf['response'] = { 'errors': [{ 'extensions': { 'code': 'jwt-invalid-claims', 'path': '$' }, 'message': 'invalid x-hasura-allowed-roles; should be a list of roles: parsing [] failed, expected Array, but encountered String' }] } self.conf['url'] = endpoint if endpoint == '/v1/graphql': self.conf['status'] = 200 if endpoint == '/v1alpha1/graphql': self.conf['status'] = 400 check_query(hge_ctx, self.conf, add_auth=False,claims_namespace_path=claims_namespace_path)
def test_jwt_claims_map_no_default_role(self, hge_ctx, endpoint): # default_default_role is the default default role set in the JWT config # when the lookup with the JSONPath fails, this is the value that will # be used for the `x-hasura-default-role` claim default_default_role = hge_ctx.hge_jwt_conf_dict['claims_map'][ 'x-hasura-default-role'].get('default') self.mk_claims('1', ['user']) token = jwt.encode(self.claims, hge_ctx.hge_jwt_key, algorithm=hge_ctx.hge_jwt_algo) self.conf['headers']['Authorization'] = 'Bearer ' + token if default_default_role is None: self.conf['response'] = { 'errors': [{ 'extensions': { 'code': 'jwt-missing-role-claims', 'path': '$' }, 'message': 'JWT claim does not contain x-hasura-default-role' }] } if endpoint == '/v1/graphql': self.conf['status'] = 200 if endpoint == '/v1alpha1/graphql': self.conf['status'] = 400 else: self.conf['status'] = 200 self.conf['url'] = endpoint check_query(hge_ctx, self.conf, add_auth=False)
def test_jwt_claims_map_claim_not_found(self, hge_ctx, endpoint): default_user_id = hge_ctx.hge_jwt_conf_dict['claims_map'][ 'x-hasura-user-id'].get('default') self.mk_claims(None, ['user', 'editor'], 'user') token = jwt.encode(self.claims, hge_ctx.hge_jwt_key, algorithm=hge_ctx.hge_jwt_algo) self.conf['headers']['Authorization'] = 'Bearer ' + token if default_user_id is None: self.conf['response'] = { 'errors': [{ 'extensions': { 'code': 'jwt-invalid-claims', 'path': '$' }, 'message': 'JWT claim from claims_map, x-hasura-user-id not found' }] } if endpoint == '/v1/graphql': self.conf['status'] = 200 if endpoint == '/v1alpha1/graphql': self.conf['status'] = 400 else: self.conf['status'] = 200 self.conf['url'] = endpoint check_query(hge_ctx, self.conf, add_auth=False)
def test_jwt_expired(self, hge_ctx, endpoint): hasura_claims = mk_claims(hge_ctx.hge_jwt_conf, { 'x-hasura-user-id': '1', 'x-hasura-default-role': 'user', 'x-hasura-allowed-roles': ['user'], }) claims_namespace_path = None if 'claims_namespace_path' in hge_ctx.hge_jwt_conf_dict: claims_namespace_path = hge_ctx.hge_jwt_conf_dict['claims_namespace_path'] self.claims = mk_claims_with_namespace_path(self.claims,hasura_claims,claims_namespace_path) exp = datetime.utcnow() - timedelta(minutes=1) self.claims['exp'] = round(exp.timestamp()) token = jwt.encode(self.claims, hge_ctx.hge_jwt_key, algorithm='RS512').decode('utf-8') self.conf['headers']['Authorization'] = 'Bearer ' + token self.conf['response'] = { 'errors': [{ 'extensions': { 'code': 'invalid-jwt', 'path': '$' }, 'message': 'Could not verify JWT: JWTExpired' }] } self.conf['url'] = endpoint if endpoint == '/v1/graphql': self.conf['status'] = 200 if endpoint == '/v1alpha1/graphql': self.conf['status'] = 400 check_query(hge_ctx, self.conf, add_auth=False,claims_namespace_path=claims_namespace_path)
def test_jwt_invalid_audience(self, hge_ctx, endpoint): jwt_conf = json.loads(hge_ctx.hge_jwt_conf) if 'audience' not in jwt_conf: pytest.skip( 'audience not present in conf, skipping testing audience') self.claims['https://hasura.io/jwt/claims'] = mk_claims( hge_ctx.hge_jwt_conf, { 'x-hasura-user-id': '1', 'x-hasura-default-role': 'user', 'x-hasura-allowed-roles': ['user'], }) self.claims['aud'] = 'rubbish_audience' token = jwt.encode(self.claims, hge_ctx.hge_jwt_key, algorithm='RS512').decode('utf-8') self.conf['headers']['Authorization'] = 'Bearer ' + token self.conf['response'] = { 'errors': [{ 'extensions': { 'code': 'invalid-jwt', 'path': '$' }, 'message': 'Could not verify JWT: JWTNotInAudience' }] } self.conf['url'] = endpoint if endpoint == '/v1/graphql': self.conf['status'] = 200 if endpoint == '/v1alpha1/graphql': self.conf['status'] = 400 check_query(hge_ctx, self.conf, add_auth=False)
def test_create_user_success(self, hge_ctx): graphql_mutation = ''' mutation { create_user(email: "*****@*****.**", name: "Clarke") } ''' query = {'query': graphql_mutation, 'variables': {}} status, resp, _ = hge_ctx.anyq('/v1/graphql', query, self.mk_headers_with_secret(hge_ctx)) assert status == 200, resp assert 'data' in resp action_id = resp['data']['create_user'] time.sleep(2) query_async = ''' query ($action_id: uuid!){ create_user(id: $action_id){ __typename id output { __typename id user { __typename name email is_admin } } } } ''' query = {'query': query_async, 'variables': {'action_id': action_id}} response = { 'data': { 'create_user': { '__typename': 'create_user', 'id': action_id, 'output': { '__typename': 'UserId', 'id': 1, 'user': { '__typename': 'user', 'name': 'Clarke', 'email': '*****@*****.**', 'is_admin': False } } } } } conf = { 'url': '/v1/graphql', 'headers': {}, 'query': query, 'status': 200, 'response': response } check_query(hge_ctx, conf)
def test_jwt_claims_map_valid_claims_success(self, hge_ctx, endpoint): self.mk_claims('1', ['user', 'editor'], 'user') token = jwt.encode(self.claims, hge_ctx.hge_jwt_key, algorithm='RS512').decode('utf-8') self.conf['headers']['Authorization'] = 'Bearer ' + token self.conf['url'] = endpoint self.conf['status'] = 200 check_query(hge_ctx, self.conf, add_auth=False)
def assert_query_not_allowed(hge_ctx, role, query): check_query(hge_ctx, { "url": "/v1/graphql", "status": 200, "headers": {"x-hasura-role": role}, "response": response_not_allowed, "query": {"query": query}, })
def test_v1alpha1_execution_error(self, hge_ctx, transport): mutation = """ mutation { insert_article (objects: [ { title: "test 3" content: "test 3 content" author_id: 44 is_published: false } ]) { returning { id } } } """ http_conf = { 'url': '/v1alpha1/graphql', 'status': 400, 'query': { 'query': mutation }, 'response': { "errors": [{ "extensions": { "path": "$.selectionSet.insert_article.args.objects", "code": "constraint-violation" }, "message": "Foreign key violation. insert or update on table \"article\" violates foreign key constraint \"article_author_id_fkey\"" }] } } ws_conf = { 'url': '/v1alpha1/graphql', 'query': { 'query': mutation }, 'response': { 'data': None, "errors": [{ "path": "$.selectionSet.insert_article.args.objects", "error": "Foreign key violation. insert or update on table \"article\" violates foreign key constraint \"article_author_id_fkey\"", "code": "constraint-violation" }] } } if transport == 'http': check_query(hge_ctx, http_conf, transport) elif transport == 'websocket': check_query(hge_ctx, ws_conf, transport)
def test_jwt_claims_map_valid_claims_success(self, hge_ctx, endpoint): self.mk_claims('1') token = jwt.encode(self.claims, hge_ctx.hge_jwt_key, algorithm=hge_ctx.hge_jwt_algo) self.conf['headers']['Authorization'] = 'Bearer ' + token self.conf['headers']['x-hasura-custom-header'] = 'custom-value' self.conf['url'] = endpoint self.conf['status'] = 200 check_query(hge_ctx, self.conf, add_auth=False)
def test_jwt_valid_claims_success(self, hge_ctx, endpoint): self.claims['https://hasura.io/jwt/claims'] = mk_claims(hge_ctx.hge_jwt_conf, { 'x-hasura-user-id': '1', 'x-hasura-allowed-roles': ['user', 'editor'], 'x-hasura-default-role': 'user' }) token = jwt.encode(self.claims, hge_ctx.hge_jwt_key, algorithm='RS512').decode('utf-8') self.conf['headers']['Authorization'] = 'Bearer ' + token self.conf['url'] = endpoint self.conf['status'] = 200 check_query(hge_ctx, self.conf, add_auth=False)
def check_query_timeout(hge_ctx, conf, add_auth, timeout): wait_until = time.time() + timeout while True: time.sleep(2) try: check_query(hge_ctx, conf, add_auth = add_auth) except AssertionError: if time.time() > wait_until: raise else: continue break
def test_jwt_valid_claims_success(self, hge_ctx, endpoint): hasura_claims = mk_claims(hge_ctx.hge_jwt_conf, { 'x-hasura-user-id': '1', 'x-hasura-allowed-roles': ['user', 'editor'], 'x-hasura-default-role': 'user' }) claims_namespace_path = None if 'claims_namespace_path' in hge_ctx.hge_jwt_conf_dict: claims_namespace_path = hge_ctx.hge_jwt_conf_dict['claims_namespace_path'] self.claims = mk_claims_with_namespace_path(self.claims,hasura_claims,claims_namespace_path) token = jwt.encode(self.claims, hge_ctx.hge_jwt_key, algorithm='RS512').decode('utf-8') self.conf['headers']['Authorization'] = 'Bearer ' + token self.conf['url'] = endpoint self.conf['status'] = 200 check_query(hge_ctx, self.conf, add_auth=False,claims_namespace_path=claims_namespace_path)
def test_jwt_valid_issuer(self, hge_ctx, endpoint): jwt_conf = json.loads(hge_ctx.hge_jwt_conf) if 'issuer' not in jwt_conf: pytest.skip('issuer not present in conf, skipping testing issuer') issuer = jwt_conf['issuer'] self.claims['https://hasura.io/jwt/claims'] = mk_claims(hge_ctx.hge_jwt_conf, { 'x-hasura-user-id': '1', 'x-hasura-default-role': 'user', 'x-hasura-allowed-roles': ['user'], }) self.claims['iss'] = issuer token = jwt.encode(self.claims, hge_ctx.hge_jwt_key, algorithm='RS512').decode('utf-8') self.conf['headers']['Authorization'] = 'Bearer ' + token check_query(hge_ctx, self.conf, add_auth=False)
def test_remote_schema_operation_name_in_response(self, hge_ctx): with open('queries/remote_schemas/basic_query_with_op_name.yaml') as f: query = yaml.load(f) resp, _ = check_query(hge_ctx, query) assert resp['data']['hello']['operationName'] == "HelloMe"
def test_jwt_valid_claims_success(self, hge_ctx, endpoint): hasura_claims = mk_claims(hge_ctx.hge_jwt_conf, { 'x-hasura-user-id': '1', 'x-hasura-allowed-roles': ['user', 'editor'], 'x-hasura-default-role': 'user' }) claims_namespace_path = None if 'claims_namespace_path' in hge_ctx.hge_jwt_conf_dict: claims_namespace_path = hge_ctx.hge_jwt_conf_dict['claims_namespace_path'] self.claims = mk_claims_with_namespace_path(self.claims,hasura_claims,claims_namespace_path) token = jwt.encode(self.claims, hge_ctx.hge_jwt_key, algorithm=hge_ctx.hge_jwt_algo) authz_header = mk_authz_header(hge_ctx.hge_jwt_conf, token) self.conf['headers'].update(authz_header) self.conf['url'] = endpoint self.conf['status'] = 200 check_query(hge_ctx, self.conf, add_auth=False,claims_namespace_path=claims_namespace_path)
def test_update_schema_with_customization_change(self, hge_ctx): """ call update_remote_schema API and check the details stored in metadata """ customization = {'type_names': { 'prefix': 'Foo', 'mapping': {'String': 'MyString'}}, 'field_names': [{'parent_type': 'Hello', 'prefix': 'my_', 'mapping': {}}]} q = mk_update_remote_q('simple 1', 'http://localhost:5000/hello-graphql', None, False, 60, customization=customization) st_code, resp = hge_ctx.v1q(q) # This should succeed since there isn't any conflicting relations or permissions set up assert st_code == 200, resp st_code, resp = hge_ctx.v1q(export_metadata_q) assert st_code == 200, resp assert resp['remote_schemas'][0]['name'] == "simple 1" assert resp['remote_schemas'][0]['definition']['url'] == 'http://localhost:5000/hello-graphql' assert resp['remote_schemas'][0]['definition']['timeout_seconds'] == 60 assert resp['remote_schemas'][0]['definition']['customization'] == customization with open('queries/graphql_introspection/introspection.yaml') as f: query = yaml.load(f) resp, _ = check_query(hge_ctx, query) assert check_introspection_result(resp, ['MyString'], ['my_hello']) check_query_f(hge_ctx, self.dir + '/basic_query_customized.yaml') """ revert to original config for remote schema """ q = mk_update_remote_q('simple 1', 'http://localhost:5000/hello-graphql', None, False, 60) st_code, resp = hge_ctx.v1q(q) assert st_code == 200, resp st_code, resp = hge_ctx.v1q(export_metadata_q) assert st_code == 200, resp assert 'customization' not in resp['remote_schemas'][0]['definition']
def test_action_timeout_fail(self, hge_ctx): graphql_mutation = ''' mutation { create_user(email: "random-email", name: "Clarke") } ''' query = {'query': graphql_mutation, 'variables': {}} status, resp, _ = hge_ctx.anyq('/v1/graphql', query, mk_headers_with_secret(hge_ctx)) assert status == 200, resp assert 'data' in resp action_id = resp['data']['create_user'] query_async = ''' query ($action_id: uuid!){ create_user(id: $action_id){ id errors } } ''' query = {'query': query_async, 'variables': {'action_id': action_id}} conf = { 'url': '/v1/graphql', 'headers': {}, 'query': query, 'status': 200, } # the action takes 2 seconds to complete time.sleep(4) response, _ = check_query(hge_ctx, conf) assert 'errors' in response['data']['create_user'] assert 'ResponseTimeout' == response['data']['create_user']['errors'][ 'internal']['error']['message']
def test_introspection(self, hge_ctx): #check_query_f(hge_ctx, 'queries/graphql_introspection/introspection.yaml') with open('queries/graphql_introspection/introspection.yaml') as f: query = yaml.load(f) st_code, resp = check_query(hge_ctx, query) assert st_code == 200, resp assert check_introspection_result(resp, ['Hello'], ['hello'])