2022-07-13 07:38:11 +00:00
|
|
|
<?php
|
|
|
|
|
|
2025-08-19 11:03:18 +00:00
|
|
|
namespace Tests\E2E\Services\GraphQL\TablesDB;
|
2022-07-13 07:38:11 +00:00
|
|
|
|
|
|
|
|
use Tests\E2E\Client;
|
|
|
|
|
use Tests\E2E\Scopes\ProjectCustom;
|
|
|
|
|
use Tests\E2E\Scopes\Scope;
|
|
|
|
|
use Tests\E2E\Scopes\SideClient;
|
2025-05-09 14:34:02 +00:00
|
|
|
use Tests\E2E\Services\GraphQL\Base;
|
2023-01-16 09:25:40 +00:00
|
|
|
use Utopia\Database\Helpers\ID;
|
|
|
|
|
use Utopia\Database\Helpers\Permission;
|
2024-03-06 17:34:21 +00:00
|
|
|
use Utopia\Database\Helpers\Role;
|
2022-07-13 07:38:11 +00:00
|
|
|
|
2022-09-22 08:29:42 +00:00
|
|
|
class AuthTest extends Scope
|
2022-07-13 07:38:11 +00:00
|
|
|
{
|
|
|
|
|
use ProjectCustom;
|
|
|
|
|
use SideClient;
|
2022-09-22 08:29:42 +00:00
|
|
|
use Base;
|
2022-07-13 07:38:11 +00:00
|
|
|
|
|
|
|
|
private array $account1;
|
|
|
|
|
private array $account2;
|
|
|
|
|
|
|
|
|
|
private string $token1;
|
|
|
|
|
private string $token2;
|
|
|
|
|
|
|
|
|
|
private array $database;
|
2025-05-09 14:34:02 +00:00
|
|
|
private array $table;
|
2022-07-13 07:38:11 +00:00
|
|
|
|
|
|
|
|
public function setUp(): void
|
|
|
|
|
{
|
|
|
|
|
parent::setUp();
|
|
|
|
|
|
|
|
|
|
$projectId = $this->getProject()['$id'];
|
2025-08-19 11:03:18 +00:00
|
|
|
$query = $this->getQuery(self::CREATE_ACCOUNT);
|
2022-07-13 07:38:11 +00:00
|
|
|
|
|
|
|
|
$email1 = 'test' . \rand() . '@test.com';
|
|
|
|
|
$email2 = 'test' . \rand() . '@test.com';
|
|
|
|
|
|
|
|
|
|
// Create account 1
|
|
|
|
|
$graphQLPayload = [
|
|
|
|
|
'query' => $query,
|
|
|
|
|
'variables' => [
|
2022-09-22 01:53:41 +00:00
|
|
|
'userId' => ID::unique(),
|
2022-07-13 07:38:11 +00:00
|
|
|
'name' => 'User Name',
|
|
|
|
|
'email' => $email1,
|
|
|
|
|
'password' => 'password',
|
|
|
|
|
],
|
|
|
|
|
];
|
|
|
|
|
$this->account1 = $this->client->call(Client::METHOD_POST, '/graphql', [
|
|
|
|
|
'content-type' => 'application/json',
|
|
|
|
|
'x-appwrite-project' => $projectId,
|
|
|
|
|
], $graphQLPayload);
|
|
|
|
|
|
|
|
|
|
// Create account 2
|
2022-09-22 08:22:10 +00:00
|
|
|
$graphQLPayload['variables']['userId'] = ID::unique();
|
2022-07-13 07:38:11 +00:00
|
|
|
$graphQLPayload['variables']['email'] = $email2;
|
2022-09-22 08:22:10 +00:00
|
|
|
|
2025-05-09 14:34:02 +00:00
|
|
|
$this->client->call(Client::METHOD_POST, '/graphql', [
|
2022-07-13 07:38:11 +00:00
|
|
|
'content-type' => 'application/json',
|
|
|
|
|
'x-appwrite-project' => $projectId,
|
|
|
|
|
], $graphQLPayload);
|
|
|
|
|
|
|
|
|
|
// Create session 1
|
2025-08-19 11:03:18 +00:00
|
|
|
$query = $this->getQuery(self::CREATE_ACCOUNT_SESSION);
|
2022-07-13 07:38:11 +00:00
|
|
|
$graphQLPayload = [
|
|
|
|
|
'query' => $query,
|
|
|
|
|
'variables' => [
|
|
|
|
|
'email' => $email1,
|
|
|
|
|
'password' => 'password',
|
|
|
|
|
]
|
|
|
|
|
];
|
|
|
|
|
$session1 = $this->client->call(Client::METHOD_POST, '/graphql', [
|
|
|
|
|
'content-type' => 'application/json',
|
|
|
|
|
'x-appwrite-project' => $projectId,
|
|
|
|
|
], $graphQLPayload);
|
|
|
|
|
|
2023-12-08 23:36:01 +00:00
|
|
|
$this->token1 = $session1['cookies']['a_session_' . $projectId];
|
2022-07-13 07:38:11 +00:00
|
|
|
|
|
|
|
|
// Create session 2
|
|
|
|
|
$graphQLPayload['variables']['email'] = $email2;
|
2022-09-22 08:29:42 +00:00
|
|
|
|
2022-07-13 07:38:11 +00:00
|
|
|
$session2 = $this->client->call(Client::METHOD_POST, '/graphql', [
|
|
|
|
|
'content-type' => 'application/json',
|
|
|
|
|
'x-appwrite-project' => $projectId,
|
|
|
|
|
], $graphQLPayload);
|
|
|
|
|
|
2023-12-08 23:36:01 +00:00
|
|
|
$this->token2 = $session2['cookies']['a_session_' . $projectId];
|
2022-07-13 07:38:11 +00:00
|
|
|
|
|
|
|
|
// Create database
|
2025-08-19 11:03:18 +00:00
|
|
|
$query = $this->getQuery(self::CREATE_DATABASE);
|
2022-07-13 07:38:11 +00:00
|
|
|
$gqlPayload = [
|
|
|
|
|
'query' => $query,
|
|
|
|
|
'variables' => [
|
2022-09-22 01:53:41 +00:00
|
|
|
'databaseId' => ID::unique(),
|
2022-07-13 07:38:11 +00:00
|
|
|
'name' => 'Actors',
|
|
|
|
|
]
|
|
|
|
|
];
|
|
|
|
|
$this->database = $this->client->call(Client::METHOD_POST, '/graphql', [
|
|
|
|
|
'content-type' => 'application/json',
|
|
|
|
|
'x-appwrite-project' => $projectId,
|
|
|
|
|
'x-appwrite-key' => $this->getProject()['apiKey'],
|
|
|
|
|
], $gqlPayload);
|
|
|
|
|
|
2025-05-09 14:34:02 +00:00
|
|
|
// Create table
|
2025-08-19 11:03:18 +00:00
|
|
|
$query = $this->getQuery(self::CREATE_TABLE);
|
2022-12-08 03:08:57 +00:00
|
|
|
$userId = $this->account1['body']['data']['accountCreate']['_id'];
|
2022-07-13 07:38:11 +00:00
|
|
|
$gqlPayload = [
|
|
|
|
|
'query' => $query,
|
|
|
|
|
'variables' => [
|
2022-12-08 03:08:57 +00:00
|
|
|
'databaseId' => $this->database['body']['data']['databasesCreate']['_id'],
|
2025-05-09 14:34:02 +00:00
|
|
|
'tableId' => ID::unique(),
|
2022-07-13 07:38:11 +00:00
|
|
|
'name' => 'Actors',
|
2025-05-09 14:34:02 +00:00
|
|
|
'rowSecurity' => true,
|
2022-09-21 07:11:49 +00:00
|
|
|
'permissions' => [
|
|
|
|
|
Permission::create(Role::user($userId))
|
|
|
|
|
]
|
2022-07-13 07:38:11 +00:00
|
|
|
]
|
|
|
|
|
];
|
2025-05-09 14:34:02 +00:00
|
|
|
$this->table = $this->client->call(Client::METHOD_POST, '/graphql', [
|
2022-07-13 07:38:11 +00:00
|
|
|
'content-type' => 'application/json',
|
|
|
|
|
'x-appwrite-project' => $projectId,
|
|
|
|
|
'x-appwrite-key' => $this->getProject()['apiKey'],
|
|
|
|
|
], $gqlPayload);
|
|
|
|
|
|
|
|
|
|
// Create string attribute
|
2025-08-19 11:03:18 +00:00
|
|
|
$query = $this->getQuery(self::CREATE_STRING_COLUMN);
|
2022-07-13 07:38:11 +00:00
|
|
|
$gqlPayload = [
|
|
|
|
|
'query' => $query,
|
|
|
|
|
'variables' => [
|
2022-12-08 03:08:57 +00:00
|
|
|
'databaseId' => $this->database['body']['data']['databasesCreate']['_id'],
|
2025-08-20 14:20:05 +00:00
|
|
|
'tableId' => $this->table['body']['data']['tablesDBCreateTable']['_id'],
|
2022-07-13 07:38:11 +00:00
|
|
|
'key' => 'name',
|
|
|
|
|
'size' => 256,
|
|
|
|
|
'required' => true,
|
|
|
|
|
]
|
|
|
|
|
];
|
|
|
|
|
$this->client->call(Client::METHOD_POST, '/graphql', [
|
|
|
|
|
'content-type' => 'application/json',
|
|
|
|
|
'x-appwrite-project' => $projectId,
|
|
|
|
|
'x-appwrite-key' => $this->getProject()['apiKey'],
|
|
|
|
|
], $gqlPayload);
|
|
|
|
|
|
|
|
|
|
sleep(1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testInvalidAuth()
|
|
|
|
|
{
|
|
|
|
|
$projectId = $this->getProject()['$id'];
|
|
|
|
|
|
2025-05-09 14:34:02 +00:00
|
|
|
// Create row as account 1
|
2025-08-19 11:03:18 +00:00
|
|
|
$query = $this->getQuery(self::CREATE_ROW);
|
2022-12-08 03:08:57 +00:00
|
|
|
$userId = $this->account1['body']['data']['accountCreate']['_id'];
|
2022-07-13 07:38:11 +00:00
|
|
|
$gqlPayload = [
|
|
|
|
|
'query' => $query,
|
|
|
|
|
'variables' => [
|
2022-12-08 03:08:57 +00:00
|
|
|
'databaseId' => $this->database['body']['data']['databasesCreate']['_id'],
|
2025-08-20 14:20:05 +00:00
|
|
|
'tableId' => $this->table['body']['data']['tablesDBCreateTable']['_id'],
|
2025-05-09 14:34:02 +00:00
|
|
|
'rowId' => ID::unique(),
|
2022-07-13 07:38:11 +00:00
|
|
|
'data' => [
|
|
|
|
|
'name' => 'John Doe',
|
|
|
|
|
],
|
2022-09-21 07:11:49 +00:00
|
|
|
'permissions' => [
|
|
|
|
|
Permission::read(Role::user($userId)),
|
|
|
|
|
Permission::update(Role::user($userId)),
|
|
|
|
|
Permission::delete(Role::user($userId)),
|
|
|
|
|
]
|
2022-07-13 07:38:11 +00:00
|
|
|
]
|
|
|
|
|
];
|
2025-05-09 14:34:02 +00:00
|
|
|
$row = $this->client->call(Client::METHOD_POST, '/graphql', [
|
2022-07-13 07:38:11 +00:00
|
|
|
'content-type' => 'application/json',
|
|
|
|
|
'x-appwrite-project' => $projectId,
|
|
|
|
|
'cookie' => 'a_session_' . $projectId . '=' . $this->token1,
|
|
|
|
|
], $gqlPayload);
|
|
|
|
|
|
|
|
|
|
// Try to read as account 1
|
2025-08-19 11:03:18 +00:00
|
|
|
$query = $this->getQuery(self::GET_ROW);
|
2022-07-13 07:38:11 +00:00
|
|
|
$gqlPayload = [
|
|
|
|
|
'query' => $query,
|
|
|
|
|
'variables' => [
|
2022-12-08 03:08:57 +00:00
|
|
|
'databaseId' => $this->database['body']['data']['databasesCreate']['_id'],
|
2025-08-20 14:20:05 +00:00
|
|
|
'tableId' => $this->table['body']['data']['tablesDBCreateTable']['_id'],
|
|
|
|
|
'rowId' => $row['body']['data']['tablesDBCreateRow']['_id'],
|
2022-07-13 07:38:11 +00:00
|
|
|
]
|
|
|
|
|
];
|
2025-05-09 14:34:02 +00:00
|
|
|
$row = $this->client->call(Client::METHOD_POST, '/graphql', [
|
2022-07-13 07:38:11 +00:00
|
|
|
'content-type' => 'application/json',
|
|
|
|
|
'x-appwrite-project' => $projectId,
|
|
|
|
|
'cookie' => 'a_session_' . $projectId . '=' . $this->token1,
|
|
|
|
|
], $gqlPayload);
|
|
|
|
|
|
2025-08-20 14:20:05 +00:00
|
|
|
$this->assertIsArray($row['body']['data']['tablesDBGetRow']);
|
2025-05-09 14:34:02 +00:00
|
|
|
$this->assertArrayNotHasKey('errors', $row['body']);
|
2022-07-13 07:38:11 +00:00
|
|
|
|
|
|
|
|
// Try to read as account 2
|
2025-05-09 14:34:02 +00:00
|
|
|
$row = $this->client->call(Client::METHOD_POST, '/graphql', [
|
2022-07-13 07:38:11 +00:00
|
|
|
'content-type' => 'application/json',
|
|
|
|
|
'x-appwrite-project' => $projectId,
|
|
|
|
|
'cookie' => 'a_session_' . $projectId . '=' . $this->token2,
|
|
|
|
|
], $gqlPayload);
|
|
|
|
|
|
2025-05-09 14:34:02 +00:00
|
|
|
$this->assertArrayHasKey('errors', $row['body']);
|
2025-12-11 09:56:45 +00:00
|
|
|
$rowId = $gqlPayload['variables']['rowId'];
|
|
|
|
|
$this->assertEquals("Row with the requested ID '$rowId' could not be found.", $row['body']['errors'][0]['message']);
|
2022-07-13 07:38:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testValidAuth()
|
|
|
|
|
{
|
|
|
|
|
$projectId = $this->getProject()['$id'];
|
|
|
|
|
|
2025-05-09 14:34:02 +00:00
|
|
|
// Create row as account 1
|
2025-08-19 11:03:18 +00:00
|
|
|
$query = $this->getQuery(self::CREATE_ROW);
|
2022-12-08 03:08:57 +00:00
|
|
|
$userId = $this->account1['body']['data']['accountCreate']['_id'];
|
2022-07-13 07:38:11 +00:00
|
|
|
$gqlPayload = [
|
|
|
|
|
'query' => $query,
|
|
|
|
|
'variables' => [
|
2022-12-08 03:08:57 +00:00
|
|
|
'databaseId' => $this->database['body']['data']['databasesCreate']['_id'],
|
2025-08-20 14:20:05 +00:00
|
|
|
'tableId' => $this->table['body']['data']['tablesDBCreateTable']['_id'],
|
2025-05-09 14:34:02 +00:00
|
|
|
'rowId' => ID::unique(),
|
2022-07-13 07:38:11 +00:00
|
|
|
'data' => [
|
|
|
|
|
'name' => 'John Doe',
|
|
|
|
|
],
|
2022-09-21 08:17:17 +00:00
|
|
|
'permissions' => [
|
|
|
|
|
Permission::read(Role::user($userId)),
|
|
|
|
|
Permission::update(Role::user($userId)),
|
|
|
|
|
Permission::delete(Role::user($userId)),
|
|
|
|
|
],
|
2022-07-13 07:38:11 +00:00
|
|
|
]
|
|
|
|
|
];
|
2025-05-09 14:34:02 +00:00
|
|
|
$row = $this->client->call(Client::METHOD_POST, '/graphql', [
|
2022-07-13 07:38:11 +00:00
|
|
|
'content-type' => 'application/json',
|
|
|
|
|
'x-appwrite-project' => $projectId,
|
|
|
|
|
'cookie' => 'a_session_' . $projectId . '=' . $this->token1,
|
|
|
|
|
], $gqlPayload);
|
|
|
|
|
|
|
|
|
|
// Try to delete as account 1
|
2025-08-19 11:03:18 +00:00
|
|
|
$query = $this->getQuery(self::DELETE_ROW);
|
2022-07-13 07:38:11 +00:00
|
|
|
$gqlPayload = [
|
|
|
|
|
'query' => $query,
|
|
|
|
|
'variables' => [
|
2022-12-08 03:08:57 +00:00
|
|
|
'databaseId' => $this->database['body']['data']['databasesCreate']['_id'],
|
2025-08-20 14:20:05 +00:00
|
|
|
'tableId' => $this->table['body']['data']['tablesDBCreateTable']['_id'],
|
|
|
|
|
'rowId' => $row['body']['data']['tablesDBCreateRow']['_id'],
|
2022-07-13 07:38:11 +00:00
|
|
|
]
|
|
|
|
|
];
|
2025-05-09 14:34:02 +00:00
|
|
|
$row = $this->client->call(Client::METHOD_POST, '/graphql', [
|
2022-07-13 07:38:11 +00:00
|
|
|
'content-type' => 'application/json',
|
|
|
|
|
'x-appwrite-project' => $projectId,
|
|
|
|
|
'cookie' => 'a_session_' . $projectId . '=' . $this->token1,
|
|
|
|
|
], $gqlPayload);
|
|
|
|
|
|
2025-05-09 14:34:02 +00:00
|
|
|
$this->assertIsNotArray($row['body']);
|
|
|
|
|
$this->assertEquals(204, $row['headers']['status-code']);
|
2022-07-13 07:38:11 +00:00
|
|
|
}
|
|
|
|
|
}
|
