ramon
/
skillbox
1
0
Fork 0
Code Issues 1 Pull Requests 1 Packages Projects 1 Releases 1 Wiki Activity

Added Authentication for GraphQL api endpoint. Added tests

This commit is contained in:
Daniel Egger 2018-10-04 10:27:49 +02:00
parent 5f32bfe109
commit a5e58fb3fc
6 changed files with 40 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
server/api/schema.py
View File

@ -7,8 +7,7 @@ from graphene_django.debug import DjangoDebug
from api import graphene_wagtail # Keep this import exactly here, it's necessary for StreamField conversion from api import graphene_wagtail # Keep this import exactly here, it's necessary for StreamField conversion
from assignments.schema.mutations import AssignmentMutations from assignments.schema.mutations import AssignmentMutations
from assignments.schema.queries import AssignmentsQuery from assignments.schema.queries import AssignmentsQuery
from book.schema.mutations.main import BookMutations
from books.schema.mutations import BookMutations
from filteredbook.schema import BookQuery from filteredbook.schema import BookQuery
from objectives.schema import ObjectivesQuery from objectives.schema import ObjectivesQuery
from rooms.mutations import RoomMutations from rooms.mutations import RoomMutations

7
server/api/urls.py
View File

@ -1,12 +1,13 @@
from django.conf import settings from django.conf import settings
from django.conf.urls import url from django.conf.urls import url
from django.views.decorators.csrf import csrf_exempt from django.views.decorators.csrf import csrf_exempt
from graphene_django.views import GraphQLView
from core.views import PrivateGraphQLView
app_name = 'api' app_name = 'api'
urlpatterns = [ urlpatterns = [
url(r'^graphql', csrf_exempt(GraphQLView.as_view())), url(r'^graphql', csrf_exempt(PrivateGraphQLView.as_view())),
] ]
if settings.DEBUG: if settings.DEBUG:
urlpatterns += [url(r'^graphiql', csrf_exempt(GraphQLView.as_view(graphiql=True, pretty=True)))] urlpatterns += [url(r'^graphiql', csrf_exempt(PrivateGraphQLView.as_view(graphiql=True, pretty=True)))]

6
server/book/schema/mutations/main.py Normal file
View File

@ -0,0 +1,6 @@
from book.schema.mutations.contentblock import MutateContentBlock, AddContentBlock
class BookMutations(object):
mutate_content_block = MutateContentBlock.Field()
add_content_block = AddContentBlock.Field()

6
server/books/schema/mutations/__init__.py
View File

@ -7,9 +7,3 @@
# #
# Created on 25.09.18 # Created on 25.09.18
# @author: Ramon Wenger <ramon.wenger@iterativ.ch> # @author: Ramon Wenger <ramon.wenger@iterativ.ch>
from .contentblock import AddContentBlock, MutateContentBlock
class BookMutations(object):
mutate_content_block = MutateContentBlock.Field()
add_content_block = AddContentBlock.Field()

0
server/core/tests/__init__.py Normal file
View File

29
server/core/tests/test_api.py Normal file
View File

@ -0,0 +1,29 @@
import json
from django.test import TestCase, Client
from core.factories import UserFactory
class ApiAccessTestCase(TestCase):
def setUp(self):
self.query = json.dumps({
'operationName': 'ModulesQuery',
'query': 'query ModulesQuery { modules { edges { node { id }}}}',
'variables': None,
})
def test_graphqlEndpoint_shouldNotBeAccessibleWithoutLogin(self):
c = Client()
response = c.post('/api/graphql/', data=self.query, content_type='application/json')
self.assertRedirects(response, '/accounts/login/?next=/api/graphql/')
def test_graphqlEndpoint_shouldBeAccessibleWithLogin(self):
user = UserFactory(username='admin')
c = Client()
c.login(username='admin', password='test')
response = c.post('/api/graphql/', data=self.query, content_type='application/json')
self.assertEqual(200, response.status_code)