1: -module(graphql_SUITE).
2:
3: -include_lib("common_test/include/ct.hrl").
4: -include_lib("eunit/include/eunit.hrl").
5: -include_lib("exml/include/exml.hrl").
6:
7: -compile([export_all, nowarn_export_all]).
8:
9: -import(distributed_helper, [mim/0, require_rpc_nodes/1, rpc/4]).
10: -import(graphql_helper, [execute/3, execute_auth/2, execute_domain_auth/2, execute_user/3]).
11:
12: -define(assertAdminAuth(Domain, Type, Auth, Data),
13: assert_auth(#{<<"domain">> => Domain,
14: <<"authStatus">> => atom_to_binary(Auth),
15: <<"authType">> => maybe_atom_to_bin(Type)}, Data)).
16: -define(assertUserAuth(Username, Auth, Data),
17: assert_auth(#{<<"username">> => Username,
18: <<"authStatus">> => atom_to_binary(Auth)}, Data)).
19:
20: suite() ->
21: require_rpc_nodes([mim]) ++ escalus:suite().
22:
23: all() ->
24: [{group, cowboy_handler},
25: {group, admin_handler},
26: {group, domain_admin_handler},
27: {group, user_handler}].
28:
29: groups() ->
30: [{cowboy_handler, [parallel], cowboy_handler()},
31: {user_handler, [parallel], user_handler()},
32: {domain_admin_handler, [parallel], domain_admin_handler()},
33: {admin_handler, [parallel], admin_handler()}].
34:
35: cowboy_handler() ->
36: [can_connect_to_admin,
37: can_connect_to_domain_admin,
38: can_connect_to_user].
39:
40: user_handler() ->
41: [user_checks_auth,
42: auth_user_checks_auth | common_tests()].
43: admin_handler() ->
44: [admin_checks_auth,
45: auth_admin_checks_auth | common_tests()].
46: domain_admin_handler() ->
47: [domain_admin_checks_auth,
48: auth_domain_admin_checks_auth | common_tests()].
49:
50: common_tests() ->
51: [can_load_graphiql].
52:
53: init_per_suite(Config) ->
54: Config1 = escalus:init_per_suite(Config),
55: dynamic_modules:save_modules(domain_helper:host_type(), Config1).
56:
57: end_per_suite(Config) ->
58: dynamic_modules:restore_modules(Config),
59: escalus_fresh:clean(),
60: escalus:end_per_suite(Config).
61:
62: init_per_group(admin_handler, Config) ->
63: graphql_helper:init_admin_handler(Config);
64: init_per_group(domain_admin_handler, Config) ->
65: case mongoose_helper:is_rdbms_enabled(domain_helper:host_type()) of
66: true ->
67: graphql_helper:init_domain_admin_handler(Config);
68: false ->
69: {skip, require_rdbms}
70: end;
71: init_per_group(user_handler, Config) ->
72: Config1 = escalus:create_users(Config, escalus:get_users([alice])),
73: [{schema_endpoint, user} | Config1];
74: init_per_group(cowboy_handler, Config) ->
75: Config.
76:
77: end_per_group(user_handler, Config) ->
78: escalus:delete_users(Config, escalus:get_users([alice]));
79: end_per_group(domain_admin_handler, Config) ->
80: graphql_helper:end_domain_admin_handler(Config);
81: end_per_group(_, _Config) ->
82: ok.
83:
84: init_per_testcase(CaseName, Config) ->
85: escalus:init_per_testcase(CaseName, Config).
86:
87: end_per_testcase(CaseName, Config) ->
88: escalus:end_per_testcase(CaseName, Config).
89:
90: can_connect_to_admin(_Config) ->
91: ?assertMatch({{<<"400">>, <<"Bad Request">>}, _}, execute(admin, #{}, undefined)).
92:
93: can_connect_to_domain_admin(_Config) ->
94: ?assertMatch({{<<"400">>, <<"Bad Request">>}, _}, execute(domain_admin, #{}, undefined)).
95:
96: can_connect_to_user(_Config) ->
97: ?assertMatch({{<<"400">>, <<"Bad Request">>}, _}, execute(user, #{}, undefined)).
98:
99: can_load_graphiql(Config) ->
100: Ep = ?config(schema_endpoint, Config),
101: {Status, Html} = get_graphiql_website(Ep),
102: ?assertEqual({<<"200">>, <<"OK">>}, Status),
103: ?assertNotEqual(nomatch, binary:match(Html, <<"Loading...">>)).
104:
105: user_checks_auth(Config) ->
106: Ep = ?config(schema_endpoint, Config),
107: StatusData = execute(Ep, user_check_auth_body(), undefined),
108: ?assertUserAuth(null, 'UNAUTHORIZED', StatusData).
109:
110: auth_user_checks_auth(Config) ->
111: escalus:fresh_story(
112: Config, [{alice, 1}],
113: fun(Alice) ->
114: AliceJID = escalus_utils:jid_to_lower(escalus_client:short_jid(Alice)),
115: StatusData = execute_user(user_check_auth_body(), Alice, Config),
116: ?assertUserAuth(AliceJID, 'AUTHORIZED', StatusData)
117: end).
118:
119: admin_checks_auth(Config) ->
120: Ep = ?config(schema_endpoint, Config),
121: StatusData = execute(Ep, admin_check_auth_body(), undefined),
122: ?assertAdminAuth(null, null, 'UNAUTHORIZED', StatusData).
123:
124: auth_admin_checks_auth(Config) ->
125: StatusData = execute_auth(admin_check_auth_body(), Config),
126: ?assertAdminAuth(null, 'ADMIN', 'AUTHORIZED', StatusData).
127:
128: domain_admin_checks_auth(Config) ->
129: Ep = ?config(schema_endpoint, Config),
130: Res = execute(Ep, admin_check_auth_body(), undefined),
131: ?assertAdminAuth(null, null, 'UNAUTHORIZED', Res).
132:
133: auth_domain_admin_checks_auth(Config) ->
134: {Username, _} = ?config(domain_admin, Config),
135: Domain = escalus_utils:get_server(Username),
136: Res = execute_domain_auth(admin_check_auth_body(), Config),
137: ?assertAdminAuth(Domain, 'DOMAIN_ADMIN', 'AUTHORIZED', Res).
138:
139: %% Helpers
140:
141: assert_auth(Auth, {Status, Data}) ->
142: ?assertEqual({<<"200">>, <<"OK">>}, Status),
143: ?assertMatch(#{<<"data">> := #{<<"checkAuth">> := Auth}}, Data).
144:
145: get_graphiql_website(EpName) ->
146: Request =
147: #{port => graphql_helper:get_listener_port(EpName),
148: role => {graphql, atom_to_binary(EpName)},
149: method => <<"GET">>,
150: headers => [{<<"Accept">>, <<"text/html">>}],
151: return_maps => true,
152: path => "/graphql"},
153: rest_helper:make_request(Request).
154:
155: maybe_atom_to_bin(null) -> null;
156: maybe_atom_to_bin(X) -> atom_to_binary(X).
157:
158: admin_check_auth_body() ->
159: #{query => "{ checkAuth { domain authType authStatus } }"}.
160:
161: user_check_auth_body() ->
162: #{query => "{ checkAuth { username authStatus } }"}.