mirror of
https://github.com/hasura/graphql-engine.git
synced 2025-01-05 14:27:59 +03:00
504f13725f
> High-Level TODO: * [x] Code Changes * [x] Tests * [x] Check that pro/multitenant build ok * [x] Documentation Changes * [x] Updating this PR with full details * [ ] Reviews * [ ] Ensure code has all FIXMEs and TODOs addressed * [x] Ensure no files are checked in mistakenly * [x] Consider impact on console, cli, etc. ### Description > This PR adds support for adding set-cookie header on the response from the auth webhook. If the set-cookie header is sent by the webhook, it will be forwarded in the graphQL engine response. Fixes a bug in test-server.sh: testing of get-webhook tests was done by POST method and vice versa. To fix, the parameters were swapped. ### Changelog - [x] `CHANGELOG.md` is updated with user-facing content relevant to this PR. ### Affected components - [x] Server - [ ] Console - [ ] CLI - [x] Docs - [ ] Community Content - [ ] Build System - [x] Tests - [ ] Other (list it) ### Related Issues -> Closes [#2269](https://github.com/hasura/graphql-engine/issues/2269) ### Solution and Design > ### Steps to test and verify > Please refer to the docs to see how to send the set-cookie header from webhook. ### Limitations, known bugs & workarounds > - Support for only set-cookie header forwarding is added - the value forwarded in the set-cookie header cannot be validated completely, the [Cookie](https://hackage.haskell.org/package/cookie) package has been used to parse the header value and any unnecessary information is stripped off before forwarding the header. The standard given in [RFC6265](https://datatracker.ietf.org/doc/html/rfc6265) has been followed for the Set-Cookie format. ### Server checklist #### Catalog upgrade Does this PR change Hasura Catalog version? - [x] No - [ ] Yes - [ ] Updated docs with SQL for downgrading the catalog #### Metadata Does this PR add a new Metadata feature? - [x] No #### GraphQL - [x] No new GraphQL schema is generated - [ ] New GraphQL schema is being generated: - [ ] New types and typenames are correlated #### Breaking changes - [x] No Breaking changes PR-URL: https://github.com/hasura/graphql-engine-mono/pull/2538 Co-authored-by: Robert <132113+robx@users.noreply.github.com> GitOrigin-RevId: d9047e997dd221b7ce4fef51911c3694037e7c3f
84 lines
3.0 KiB
Python
84 lines
3.0 KiB
Python
from datetime import datetime, timedelta
|
|
import math
|
|
import json
|
|
import time
|
|
import base64
|
|
|
|
import ruamel.yaml as yaml
|
|
import pytest
|
|
from test_subscriptions import init_ws_conn
|
|
from context import PytestConf
|
|
|
|
|
|
if not PytestConf.config.getoption('--hge-webhook'):
|
|
pytest.skip('--hge-webhook is missing, skipping webhook expiration tests', allow_module_level=True)
|
|
|
|
usefixtures = pytest.mark.usefixtures
|
|
|
|
@pytest.fixture(scope='function')
|
|
def ws_conn_recreate(ws_client):
|
|
ws_client.recreate_conn()
|
|
|
|
def connect_with(hge_ctx, ws_client, headers):
|
|
headers['X-Hasura-Role'] = 'user'
|
|
headers['X-Hasura-User-Id'] = '1234321'
|
|
headers['X-Hasura-Auth-Mode'] = 'webhook'
|
|
|
|
token = base64.b64encode(json.dumps(headers).encode('utf-8')).decode('utf-8')
|
|
headers['Authorization'] = 'Bearer ' + token
|
|
payload = {'headers': headers}
|
|
init_ws_conn(hge_ctx, ws_client, payload)
|
|
|
|
EXPIRE_TIME_FORMAT = '%a, %d %b %Y %T GMT'
|
|
|
|
|
|
@usefixtures('ws_conn_recreate')
|
|
class TestWebhookSubscriptionExpiry(object):
|
|
def test_expiry_with_no_header(self, hge_ctx, ws_client):
|
|
# no expiry time => the connextion will remain alive
|
|
connect_with(hge_ctx, ws_client, {})
|
|
time.sleep(5)
|
|
assert ws_client.remote_closed == False, ws_client.remote_closed
|
|
|
|
def test_expiry_with_expires_header(self, hge_ctx, ws_client):
|
|
exp = datetime.utcnow() + timedelta(seconds=6)
|
|
connect_with(hge_ctx, ws_client, {
|
|
'Expires': exp.strftime(EXPIRE_TIME_FORMAT)
|
|
})
|
|
time.sleep(4)
|
|
assert ws_client.remote_closed == False, ws_client.remote_closed
|
|
time.sleep(4)
|
|
assert ws_client.remote_closed == True, ws_client.remote_closed
|
|
|
|
def test_expiry_with_cache_control(self, hge_ctx, ws_client):
|
|
connect_with(hge_ctx, ws_client, {
|
|
'Cache-Control': 'max-age=6'
|
|
})
|
|
time.sleep(4)
|
|
assert ws_client.remote_closed == False, ws_client.remote_closed
|
|
time.sleep(4)
|
|
assert ws_client.remote_closed == True, ws_client.remote_closed
|
|
|
|
def test_expiry_with_both(self, hge_ctx, ws_client):
|
|
exp = datetime.utcnow() + timedelta(seconds=6)
|
|
connect_with(hge_ctx, ws_client, {
|
|
'Expires': exp.strftime(EXPIRE_TIME_FORMAT),
|
|
'Cache-Control': 'max-age=10',
|
|
})
|
|
# cache-control has precedence, so the expiry time will be five seconds
|
|
time.sleep(4)
|
|
assert ws_client.remote_closed == False, ws_client.remote_closed
|
|
time.sleep(4)
|
|
assert ws_client.remote_closed == False, ws_client.remote_closed
|
|
time.sleep(4)
|
|
assert ws_client.remote_closed == True, ws_client.remote_closed
|
|
|
|
def test_expiry_with_parse_error(self, hge_ctx, ws_client):
|
|
exp = datetime.utcnow() + timedelta(seconds=3)
|
|
connect_with(hge_ctx, ws_client, {
|
|
'Expires': exp.strftime('%a, %d %m %Y %T UTC'),
|
|
'Cache-Control': 'maxage=3',
|
|
})
|
|
# neither will parse, the connection will remain alive
|
|
time.sleep(5)
|
|
assert ws_client.remote_closed == False, ws_client.remote_closed |