Added Authentication for GraphQL api endpoint. Added tests

2018-10-04 10:27:49 +02:00 · 2018-10-04 10:27:49 +02:00 · a5e58fb3fc
parent 5f32bfe109
commit a5e58fb3fc
6 changed files with 40 additions and 11 deletions
--- a/server/api/schema.py
+++ b/server/api/schema.py
@ -7,8 +7,7 @@ from graphene_django.debug import DjangoDebug
 from api import graphene_wagtail  # Keep this import exactly here, it's necessary for StreamField conversion
 from assignments.schema.mutations import AssignmentMutations
 from assignments.schema.queries import AssignmentsQuery
-
-from books.schema.mutations import BookMutations
+from book.schema.mutations.main import BookMutations
 from filteredbook.schema import BookQuery
 from objectives.schema import ObjectivesQuery
 from rooms.mutations import RoomMutations
--- a/server/api/urls.py
+++ b/server/api/urls.py
@ -1,12 +1,13 @@
 from django.conf import settings
 from django.conf.urls import url
 from django.views.decorators.csrf import csrf_exempt
-from graphene_django.views import GraphQLView
+
+from core.views import PrivateGraphQLView

 app_name = 'api'
 urlpatterns = [
-    url(r'^graphql', csrf_exempt(GraphQLView.as_view())),
+    url(r'^graphql', csrf_exempt(PrivateGraphQLView.as_view())),
 ]

 if settings.DEBUG:
-    urlpatterns += [url(r'^graphiql', csrf_exempt(GraphQLView.as_view(graphiql=True, pretty=True)))]
+    urlpatterns += [url(r'^graphiql', csrf_exempt(PrivateGraphQLView.as_view(graphiql=True, pretty=True)))]
--- a/server/book/schema/mutations/main.py
+++ b/server/book/schema/mutations/main.py
@ -0,0 +1,6 @@
+from book.schema.mutations.contentblock import MutateContentBlock, AddContentBlock
+
+
+class BookMutations(object):
+    mutate_content_block = MutateContentBlock.Field()
+    add_content_block = AddContentBlock.Field()
--- a/server/books/schema/mutations/init.py
+++ b/server/books/schema/mutations/init.py
@ -7,9 +7,3 @@
 #
 # Created on 25.09.18
 # @author: Ramon Wenger <ramon.wenger@iterativ.ch>
-from .contentblock import AddContentBlock, MutateContentBlock
-
-
-class BookMutations(object):
-    mutate_content_block = MutateContentBlock.Field()
-    add_content_block = AddContentBlock.Field()
--- a/server/core/tests/init.py
+++ b/server/core/tests/init.py
--- a/server/core/tests/test_api.py
+++ b/server/core/tests/test_api.py
@ -0,0 +1,29 @@
+import json
+
+from django.test import TestCase, Client
+
+from core.factories import UserFactory
+
+
+class ApiAccessTestCase(TestCase):
+
+    def setUp(self):
+        self.query = json.dumps({
+            'operationName': 'ModulesQuery',
+            'query': 'query ModulesQuery { modules { edges { node { id }}}}',
+            'variables': None,
+        })
+
+    def test_graphqlEndpoint_shouldNotBeAccessibleWithoutLogin(self):
+        c = Client()
+        response = c.post('/api/graphql/', data=self.query, content_type='application/json')
+        self.assertRedirects(response, '/accounts/login/?next=/api/graphql/')
+
+    def test_graphqlEndpoint_shouldBeAccessibleWithLogin(self):
+        user = UserFactory(username='admin')
+
+        c = Client()
+        c.login(username='admin', password='test')
+        response = c.post('/api/graphql/', data=self.query, content_type='application/json')
+
+        self.assertEqual(200, response.status_code)