Skip to content

Commit

Permalink
Remove auth error from mutation. (#6532)
Browse files Browse the repository at this point in the history
  • Loading branch information
Arijit Das authored Sep 21, 2020
1 parent aea0af3 commit 302afc3
Show file tree
Hide file tree
Showing 14 changed files with 413 additions and 154 deletions.
3 changes: 3 additions & 0 deletions dgraph/cmd/alpha/run.go
Original file line number Diff line number Diff line change
Expand Up @@ -206,6 +206,8 @@ they form a Raft group and provide synchronous replication.
grpc.EnableTracing = false

flag.Bool("graphql_introspection", true, "Set to false for no GraphQL schema introspection")
flag.Bool("graphql_debug", false, "Enable debug mode in GraphQL. "+
"This returns auth errors to clients. We do not recommend turning it on for production.")
flag.Bool("ludicrous_mode", false, "Run alpha in ludicrous mode")
flag.Bool("graphql_extensions", true, "Set to false if extensions not required in GraphQL response body")
flag.Duration("graphql_poll_interval", time.Second, "polling interval for graphql subscription.")
Expand Down Expand Up @@ -721,6 +723,7 @@ func run() {
x.Config.NormalizeNodeLimit = cast.ToInt(Alpha.Conf.GetString("normalize_node_limit"))
x.Config.PollInterval = Alpha.Conf.GetDuration("graphql_poll_interval")
x.Config.GraphqlExtension = Alpha.Conf.GetBool("graphql_extensions")
x.Config.GraphqlDebug = Alpha.Conf.GetBool("graphql_debug")

x.PrintVersion()
glog.Infof("x.Config: %+v", x.Config)
Expand Down
9 changes: 5 additions & 4 deletions graphql/e2e/auth/auth_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1270,10 +1270,11 @@ func TestMain(m *testing.M) {
}

metaInfo = &testutil.AuthMeta{
PublicKey: authMeta.VerificationKey,
Namespace: authMeta.Namespace,
Algo: authMeta.Algo,
Header: authMeta.Header,
PublicKey: authMeta.VerificationKey,
Namespace: authMeta.Namespace,
Algo: authMeta.Algo,
Header: authMeta.Header,
PrivateKeyPath: "./sample_private_key.pem",
}

common.BootstrapServer(authSchema, data)
Expand Down
136 changes: 136 additions & 0 deletions graphql/e2e/auth/debug_off/debug_off_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,136 @@
package debugoff

import (
"encoding/json"
"io/ioutil"
"os"
"testing"

"github.com/dgraph-io/dgraph/graphql/authorization"
"github.com/dgraph-io/dgraph/graphql/e2e/common"
"github.com/dgraph-io/dgraph/testutil"
"github.com/google/go-cmp/cmp"
"github.com/google/go-cmp/cmp/cmpopts"
"github.com/pkg/errors"
"github.com/stretchr/testify/require"
)

var (
metaInfo *testutil.AuthMeta
)

type TestCase struct {
user string
role string
result string
name string
variables map[string]interface{}
}

func TestAddGQL(t *testing.T) {
testCases := []TestCase{{
user: "user1",
result: `{"addUserSecret":{"usersecret":[{"aSecret":"secret1"}]}}`,
variables: map[string]interface{}{"user": &common.UserSecret{
ASecret: "secret1",
OwnedBy: "user1",
}},
}, {
user: "user2",
result: ``,
variables: map[string]interface{}{"user": &common.UserSecret{
ASecret: "secret2",
OwnedBy: "user1",
}},
}}

query := `
mutation addUser($user: AddUserSecretInput!) {
addUserSecret(input: [$user]) {
userSecret {
aSecret
}
}
}
`
var expected, result struct {
AddUserSecret struct {
UserSecret []*common.UserSecret
}
}

for _, tcase := range testCases {
getUserParams := &common.GraphQLParams{
Headers: common.GetJWT(t, tcase.user, tcase.role, metaInfo),
Query: query,
Variables: tcase.variables,
}
gqlResponse := getUserParams.ExecuteAsPost(t, common.GraphqlURL)
if tcase.result == "" {
require.Equal(t, len(gqlResponse.Errors), 0)
continue
}

require.Nil(t, gqlResponse.Errors)

err := json.Unmarshal([]byte(tcase.result), &expected)
require.NoError(t, err)
err = json.Unmarshal([]byte(gqlResponse.Data), &result)
require.NoError(t, err)

opt := cmpopts.IgnoreFields(common.UserSecret{}, "Id")
if diff := cmp.Diff(expected, result, opt); diff != "" {
t.Errorf("result mismatch (-want +got):\n%s", diff)
}

for _, i := range result.AddUserSecret.UserSecret {
i.Delete(t, tcase.user, tcase.role, metaInfo)
}
}
}

func TestMain(m *testing.M) {
schemaFile := "../schema.graphql"
schema, err := ioutil.ReadFile(schemaFile)
if err != nil {
panic(err)
}

jsonFile := "../test_data.json"
data, err := ioutil.ReadFile(jsonFile)
if err != nil {
panic(errors.Wrapf(err, "Unable to read file %s.", jsonFile))
}

jwtAlgo := []string{authorization.HMAC256, authorization.RSA256}
for _, algo := range jwtAlgo {
authSchema, err := testutil.AppendAuthInfo(schema, algo, "../sample_public_key.pem")
if err != nil {
panic(err)
}

authMeta, err := authorization.Parse(string(authSchema))
if err != nil {
panic(err)
}

metaInfo = &testutil.AuthMeta{
PublicKey: authMeta.VerificationKey,
Namespace: authMeta.Namespace,
Algo: authMeta.Algo,
Header: authMeta.Header,
PrivateKeyPath: "../sample_private_key.pem",
}

common.BootstrapServer(authSchema, data)
// Data is added only in the first iteration, but the schema is added every iteration.
if data != nil {
data = nil
}
exitCode := m.Run()
if exitCode != 0 {
os.Exit(exitCode)
}
}
os.Exit(0)
}
69 changes: 69 additions & 0 deletions graphql/e2e/auth/debug_off/docker-compose.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
version: "3.5"
services:
zero:
image: dgraph/dgraph:latest
container_name: zero1
working_dir: /data/zero1
ports:
- 5180:5180
- 6180:6180
labels:
cluster: test
service: zero1
volumes:
- type: bind
source: $GOPATH/bin
target: /gobin
read_only: true
command: /gobin/dgraph zero -o 100 --logtostderr -v=2 --bindall --expose_trace --profile_mode block --block_rate 10 --my=zero1:5180

alpha:
image: dgraph/dgraph:latest
container_name: alpha1
working_dir: /data/alpha1
volumes:
- type: bind
source: $GOPATH/bin
target: /gobin
read_only: true
ports:
- 8180:8180
- 9180:9180
labels:
cluster: test
service: alpha1
command: /gobin/dgraph alpha --lru_mb=1024 --zero=zero1:5180 -o 100 --expose_trace --trace 1.0 --profile_mode block --block_rate 10 --logtostderr -v=3 --whitelist 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 --my=alpha1:7180

zeroAdmin:
image: dgraph/dgraph:latest
container_name: zeroAdmin
working_dir: /data/zeroAdmin
ports:
- 5280:5280
- 6280:6280
labels:
cluster: admintest
service: zeroAdmin
volumes:
- type: bind
source: $GOPATH/bin
target: /gobin
read_only: true
command: /gobin/dgraph zero -o 200 --logtostderr -v=2 --bindall --expose_trace --profile_mode block --block_rate 10 --my=zeroAdmin:5280

alphaAdmin:
image: dgraph/dgraph:latest
container_name: alphaAdmin
working_dir: /data/alphaAdmin
volumes:
- type: bind
source: $GOPATH/bin
target: /gobin
read_only: true
ports:
- 8280:8280
- 9280:9280
labels:
cluster: admintest
service: alphaAdmin
command: /gobin/dgraph alpha --lru_mb=1024 --zero=zeroAdmin:5280 -o 200 --expose_trace --trace 1.0 --profile_mode block --block_rate 10 --logtostderr -v=2 --whitelist 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 --my=alphaAdmin:7280
4 changes: 2 additions & 2 deletions graphql/e2e/auth/docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ services:
labels:
cluster: test
service: alpha1
command: /gobin/dgraph alpha --lru_mb=1024 --zero=zero1:5180 -o 100 --expose_trace --trace 1.0 --profile_mode block --block_rate 10 --logtostderr -v=3 --whitelist 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 --my=alpha1:7180
command: /gobin/dgraph alpha --lru_mb=1024 --zero=zero1:5180 -o 100 --expose_trace --trace 1.0 --profile_mode block --block_rate 10 --logtostderr -v=3 --whitelist 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 --my=alpha1:7180 --graphql_debug=true

zeroAdmin:
image: dgraph/dgraph:latest
Expand Down Expand Up @@ -66,4 +66,4 @@ services:
labels:
cluster: admintest
service: alphaAdmin
command: /gobin/dgraph alpha --lru_mb=1024 --zero=zeroAdmin:5280 -o 200 --expose_trace --trace 1.0 --profile_mode block --block_rate 10 --logtostderr -v=2 --whitelist 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 --my=alphaAdmin:7280
command: /gobin/dgraph alpha --lru_mb=1024 --zero=zeroAdmin:5280 -o 200 --expose_trace --trace 1.0 --profile_mode block --block_rate 10 --logtostderr -v=2 --whitelist 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 --my=alphaAdmin:7280 --graphql_debug=true
52 changes: 47 additions & 5 deletions graphql/e2e/common/common.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,14 +30,15 @@ import (

"github.com/dgraph-io/dgo/v200"
"github.com/dgraph-io/dgo/v200/protos/api"
"github.com/dgraph-io/dgraph/testutil"
"github.com/dgraph-io/dgraph/x"
"github.com/pkg/errors"
"github.com/stretchr/testify/require"
"google.golang.org/grpc"
)

const (
graphqlURL = "http://localhost:8180/graphql"
GraphqlURL = "http://localhost:8180/graphql"
graphqlAdminURL = "http://localhost:8180/admin"
AlphagRPC = "localhost:9180"

Expand Down Expand Up @@ -171,6 +172,28 @@ type student struct {
TaughtBy []*teacher `json:"taughtBy,omitempty"`
}

type UserSecret struct {
Id string `json:"id,omitempty"`
ASecret string `json:"aSecret,omitempty"`
OwnedBy string `json:"ownedBy,omitempty"`
}

func (us *UserSecret) Delete(t *testing.T, user, role string, metaInfo *testutil.AuthMeta) {
getParams := &GraphQLParams{
Headers: GetJWT(t, user, role, metaInfo),
Query: `
mutation deleteUserSecret($ids: [ID!]) {
deleteUserSecret(filter:{id:$ids}) {
msg
}
}
`,
Variables: map[string]interface{}{"ids": []string{us.Id}},
}
gqlResponse := getParams.ExecuteAsPost(t, GraphqlURL)
require.Nil(t, gqlResponse.Errors)
}

func BootstrapServer(schema, data []byte) {
err := checkGraphQLStarted(graphqlAdminURL)
if err != nil {
Expand Down Expand Up @@ -370,7 +393,7 @@ func gzipCompressionHeader(t *testing.T) {
}`,
}

req, err := queryCountry.createGQLPost(graphqlURL)
req, err := queryCountry.createGQLPost(GraphqlURL)
require.NoError(t, err)

req.Header.Set("Content-Encoding", "gzip")
Expand All @@ -397,7 +420,7 @@ func gzipCompressionNoHeader(t *testing.T) {
gzipEncoding: true,
}

req, err := queryCountry.createGQLPost(graphqlURL)
req, err := queryCountry.createGQLPost(GraphqlURL)
require.NoError(t, err)

req.Header.Del("Content-Encoding")
Expand All @@ -423,7 +446,7 @@ func getQueryEmptyVariable(t *testing.T) {
}
}`,
}
req, err := queryCountry.createGQLGet(graphqlURL)
req, err := queryCountry.createGQLGet(GraphqlURL)
require.NoError(t, err)

q := req.URL.Query()
Expand Down Expand Up @@ -633,7 +656,7 @@ func allCountriesAdded() ([]*country, error) {
return nil, errors.Wrap(err, "unable to build GraphQL query")
}

req, err := http.NewRequest("POST", graphqlURL, bytes.NewBuffer(body))
req, err := http.NewRequest("POST", GraphqlURL, bytes.NewBuffer(body))
if err != nil {
return nil, errors.Wrap(err, "unable to build GraphQL request")
}
Expand Down Expand Up @@ -797,3 +820,22 @@ func addSchemaThroughAdminSchemaEndpt(url, schema string) error {

return nil
}

func GetJWT(t *testing.T, user, role string, metaInfo *testutil.AuthMeta) http.Header {
metaInfo.AuthVars = map[string]interface{}{}
if user != "" {
metaInfo.AuthVars["USER"] = user
}

if role != "" {
metaInfo.AuthVars["ROLE"] = role
}

require.NotNil(t, metaInfo.PrivateKeyPath)
jwtToken, err := metaInfo.GetSignedToken(metaInfo.PrivateKeyPath, 300*time.Second)
require.NoError(t, err)

h := make(http.Header)
h.Add(metaInfo.Header, jwtToken)
return h
}
6 changes: 3 additions & 3 deletions graphql/e2e/common/error.go
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ func graphQLCompletionOn(t *testing.T) {
}

// Check that the error is valid
gqlResponse := queryCountry.ExecuteAsPost(t, graphqlURL)
gqlResponse := queryCountry.ExecuteAsPost(t, GraphqlURL)
require.NotNil(t, gqlResponse.Errors)
require.Equal(t, 1, len(gqlResponse.Errors))
require.Contains(t, gqlResponse.Errors[0].Error(),
Expand Down Expand Up @@ -166,7 +166,7 @@ func deepMutationErrors(t *testing.T) {
},
}

gqlResponse := executeRequest(t, graphqlURL, updateCountryParams)
gqlResponse := executeRequest(t, GraphqlURL, updateCountryParams)
require.NotNil(t, gqlResponse.Errors)
require.Equal(t, 1, len(gqlResponse.Errors))
require.EqualError(t, gqlResponse.Errors[0], tcase.exp)
Expand All @@ -192,7 +192,7 @@ func requestValidationErrors(t *testing.T) {
Query: tcase.GQLRequest,
Variables: tcase.variables,
}
gqlResponse := test.ExecuteAsPost(t, graphqlURL)
gqlResponse := test.ExecuteAsPost(t, GraphqlURL)

require.Nil(t, gqlResponse.Data)
if diff := cmp.Diff(tcase.Errors, gqlResponse.Errors); diff != "" {
Expand Down
Loading

0 comments on commit 302afc3

Please sign in to comment.