From 61161407b68bac66d0e330eb9601857726d8c549 Mon Sep 17 00:00:00 2001
From: Christian Cueni <christian.cueni@iterativ.ch>
Date: Tue, 8 Oct 2019 10:44:45 +0200
Subject: [PATCH] Fix & add api test

---
 server/core/tests/test_api.py | 27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/server/core/tests/test_api.py b/server/core/tests/test_api.py
index 4efd1fb7..0e0e0858 100644
--- a/server/core/tests/test_api.py
+++ b/server/core/tests/test_api.py
@@ -17,7 +17,7 @@ class ApiAccessTestCase(TestCase):
     def test_graphqlEndpoint_shouldNotBeAccessibleWithoutLogin(self):
         c = Client()
         response = c.post('/api/graphql/', data=self.query, content_type='application/json')
-        self.assertRedirects(response, '/accounts/login/?next=/api/graphql/')
+        self.assertRedirects(response, '/login?next=/api/graphql/')
 
     def test_graphqlEndpoint_shouldBeAccessibleWithLogin(self):
         user = UserFactory(username='admin')
@@ -27,3 +27,28 @@ class ApiAccessTestCase(TestCase):
         response = c.post('/api/graphql/', data=self.query, content_type='application/json')
 
         self.assertEqual(200, response.status_code)
+
+    def test_publicGraphqlEndpoint_shouldBeAccessibleWithoutLogin(self):
+
+        query= json.dumps({
+            'operationName': 'Login',
+            'query': '''
+                mutation Login($input: LoginInput!){
+                  login(input: $input) {
+                    success
+                    errors {
+                      field
+                    }
+                  }
+                }
+            ''',
+            'variables': {
+                'input': {
+                    'usernameInput': 'test',
+                    'passwordInput': 'test'
+                }
+            },
+        })
+        c = Client()
+        response = c.post('/api/graphql-public/', data=query, content_type='application/json')
+        self.assertEqual(response.status_code, 200)