From de15fd6413c3e8c702bfc10fdb8a4bf9a17808e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gabriel=20Pr=C3=A1?= Date: Thu, 10 Jun 2021 15:26:58 -0300 Subject: [PATCH 1/3] Add test for introspection query --- .../object_scope_authorization_test.exs | 101 ++++++++++++++++++ 1 file changed, 101 insertions(+) diff --git a/test/middlewares/object_scope_authorization_test.exs b/test/middlewares/object_scope_authorization_test.exs index f3c6fd8..9e672d0 100644 --- a/test/middlewares/object_scope_authorization_test.exs +++ b/test/middlewares/object_scope_authorization_test.exs @@ -353,6 +353,12 @@ defmodule Rajska.ObjectScopeAuthorizationTest do end end + test "Skips introspection query" do + {:ok, result} = run_pipeline(introspection_query(), context(:admin, 2)) + assert %{data: %{}} = result + refute Map.has_key?(result, :errors) + end + defp all_query(id) do """ { @@ -473,6 +479,101 @@ defmodule Rajska.ObjectScopeAuthorizationTest do """ end + defp introspection_query do + """ + query IntrospectionQuery { + __schema { + queryType { name } + mutationType { name } + subscriptionType { name } + types { + ...FullType + } + directives { + name + description + locations + args { + ...InputValue + } + } + } + } + fragment FullType on __Type { + kind + name + description + fields(includeDeprecated: true) { + name + description + args { + ...InputValue + } + type { + ...TypeRef + } + isDeprecated + deprecationReason + } + inputFields { + ...InputValue + } + interfaces { + ...TypeRef + } + enumValues(includeDeprecated: true) { + name + description + isDeprecated + deprecationReason + } + possibleTypes { + ...TypeRef + } + } + + fragment InputValue on __InputValue { + name + description + type { ...TypeRef } + defaultValue + } + + fragment TypeRef on __Type { + kind + name + ofType { + kind + name + ofType { + kind + name + ofType { + kind + name + ofType { + kind + name + ofType { + kind + name + ofType { + kind + name + ofType { + kind + name + } + } + } + } + } + } + } + } + """ + end + defp context(role, id), do: [context: %{current_user: %{role: role, id: id}}] defp run_pipeline(document, opts) do From 6ec3a509cbdfd764d1eaf9ac8e6e81e29a15ebc7 Mon Sep 17 00:00:00 2001 From: RafaelOFreitas Date: Fri, 8 Jul 2022 16:37:37 -0300 Subject: [PATCH 2/3] fix: Ignore introspection query --- lib/middlewares/object_scope_authorization.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/middlewares/object_scope_authorization.ex b/lib/middlewares/object_scope_authorization.ex index 82d7669..76092e3 100644 --- a/lib/middlewares/object_scope_authorization.ex +++ b/lib/middlewares/object_scope_authorization.ex @@ -73,7 +73,7 @@ defmodule Rajska.ObjectScopeAuthorization do # Introspection defp result(%{emitter: %{schema_node: %{identifier: identifier}}} = result, _context) - when identifier in [:query_type, nil] do + when identifier in [:query_type, :__schema, nil] do result end From 2c8e15443c0721ba7ab660bcd479e2cc94624ab5 Mon Sep 17 00:00:00 2001 From: RafaelOFreitas Date: Fri, 8 Jul 2022 16:42:05 -0300 Subject: [PATCH 3/3] build: bump version to 1.3.2 --- README.md | 2 +- lib/rajska.ex | 2 +- mix.exs | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 0c0d853..7b27553 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,7 @@ The package can be installed by adding `rajska` to your list of dependencies in ```elixir def deps do [ - {:rajska, "~> 1.3.1"}, + {:rajska, "~> 1.3.2"}, ] end ``` diff --git a/lib/rajska.ex b/lib/rajska.ex index 5edb734..0bae4e8 100644 --- a/lib/rajska.ex +++ b/lib/rajska.ex @@ -16,7 +16,7 @@ defmodule Rajska do ```elixir def deps do [ - {:rajska, "~> 1.3.1"}, + {:rajska, "~> 1.3.2"}, ] end ``` diff --git a/mix.exs b/mix.exs index 72f9b00..f7921ab 100644 --- a/mix.exs +++ b/mix.exs @@ -6,7 +6,7 @@ defmodule Rajska.MixProject do def project do [ app: :rajska, - version: "1.3.1", + version: "1.3.2", elixir: "~> 1.8", start_permanent: Mix.env() == :prod, deps: deps(),