hasura/graphql-engine
1
0
Fork 0
mirror of https://github.com/hasura/graphql-engine.git synced 2024-12-15 17:31:56 +03:00
Code Issues Projects Releases Wiki Activity
8b8d7ab96d
graphql-engine/server/tests-py/test_auth_webhook_cookie.py
Puru Gupta 504f13725f server: forward auth webhook set-cookies header on response 
>

High-Level TODO:

* [x] Code Changes
* [x] Tests
* [x] Check that pro/multitenant build ok
* [x] Documentation Changes
* [x] Updating this PR with full details
* [ ] Reviews
* [ ] Ensure code has all FIXMEs and TODOs addressed
* [x] Ensure no files are checked in mistakenly
* [x] Consider impact on console, cli, etc.

### Description
>
This PR adds support for adding set-cookie header on the response from the auth webhook. If the set-cookie header is sent by the webhook, it will be forwarded in the graphQL engine response.

Fixes a bug in test-server.sh: testing of get-webhook tests was done by POST method and vice versa. To fix, the parameters were swapped.

### Changelog

- [x] `CHANGELOG.md` is updated with user-facing content relevant to this PR.

### Affected components

- [x] Server
- [ ] Console
- [ ] CLI
- [x] Docs
- [ ] Community Content
- [ ] Build System
- [x] Tests
- [ ] Other (list it)

### Related Issues
->
Closes [#2269](https://github.com/hasura/graphql-engine/issues/2269)

### Solution and Design
>

### Steps to test and verify
>
Please refer to the docs to see how to send the set-cookie header from webhook.

### Limitations, known bugs & workarounds
>
- Support for only set-cookie header forwarding is added
- the value forwarded in the set-cookie header cannot be validated completely, the [Cookie](https://hackage.haskell.org/package/cookie) package has been used to parse the header value and any unnecessary information is stripped off before forwarding the header. The standard given in [RFC6265](https://datatracker.ietf.org/doc/html/rfc6265) has been followed for the Set-Cookie format.

### Server checklist

#### Catalog upgrade

Does this PR change Hasura Catalog version?
- [x] No
- [ ] Yes
  - [ ] Updated docs with SQL for downgrading the catalog

#### Metadata

Does this PR add a new Metadata feature?
- [x] No

#### GraphQL
- [x] No new GraphQL schema is generated
- [ ] New GraphQL schema is being generated:
   - [ ] New types and typenames are correlated

#### Breaking changes

- [x] No Breaking changes

PR-URL: https://github.com/hasura/graphql-engine-mono/pull/2538
Co-authored-by: Robert <132113+robx@users.noreply.github.com>
GitOrigin-RevId: d9047e997dd221b7ce4fef51911c3694037e7c3f
2021-11-09 12:01:31 +00:00

83 lines
2.6 KiB
Python
Raw Blame History

import json
import threading
from urllib.parse import urlparse
import websocket
import pytest
from validate import check_query
from context import PytestConf
if not PytestConf.config.getoption("--hge-webhook"):
pytest.skip("--hge-webhook flag is missing, skipping tests", allow_module_level=True)
if not PytestConf.config.getoption("--test-auth-webhook-header"):
pytest.skip("--test-auth-webhook-header flag is missing, skipping tests", allow_module_level=True)
@pytest.mark.usefixtures('per_class_tests_db_state')
class TestWebhookHeaderCookie(object):
'''
To run the test, run an instance of the auth_webhook server using `python3 auth_webhook_server.py`
'''
@classmethod
def dir(cls):
return 'webhook/insecure'
def test_single_set_cookie_header_in_response(self, hge_ctx):
query = """
query allUsers {
author {
id
name
}
}
"""
query_obj = {
"query": query,
"operationName": "allUsers"
}
headers = {}
headers['cookie'] = "Test"
headers['response-set-cookie-1'] = "__Host-id=1; Secure; Path=/; Domain=example.com"
code, resp, respHeaders = hge_ctx.anyq('/v1/graphql', query_obj, headers)
print("Status Code: ", code)
print("Response: ", resp)
print("Headers: ", respHeaders)
assert 'Set-Cookie' in respHeaders
assert respHeaders['Set-Cookie'] == "__Host-id=1; Secure; Path=/; Domain=example.com"
def test_duplicate_set_cookie_header_in_response(self, hge_ctx):
query = """
query allUsers {
author {
id
name
}
}
"""
query_obj = {
"query": query,
"operationName": "allUsers"
}
headers = {}
headers['cookie'] = "Test"
headers['response-set-cookie-1'] = "__Host-id=1; Secure; Path=/; Domain=example1.com"
headers['response-set-cookie-2'] = "__Host-id=2; Secure; Path=/; Domain=example2.com"
code, resp, respHeaders = hge_ctx.anyq('/v1/graphql', query_obj, headers)
print("Status Code: ", code)
print("Response: ", resp)
print("Headers: ", respHeaders)
assert 'Set-Cookie' in respHeaders
# In python, multiple headers with the same key are concatenated with a comma and
# then sent back in the response. Refer to: https://github.com/psf/requests/issues/4520
assert respHeaders['Set-Cookie'] == "__Host-id=2; Secure; Path=/; Domain=example2.com, __Host-id=1; Secure; Path=/; Domain=example1.com"
Reference in New Issue View Git Blame Copy Permalink