From 5c7605ae3bf67ea857ef4c5ae17499f68a09eaf6 Mon Sep 17 00:00:00 2001 From: vmrajas Date: Fri, 27 Nov 2020 18:27:09 +0530 Subject: [PATCH] Fix(GraphQL): Fix bug with password query rewriting (#7011) * Fix bug with password query rewriting * Remove query.ResponseName() from query_rewriter.go (cherry picked from commit 46a39c660f6c41ab3dc6a184983644c30dd6d4b1) --- graphql/e2e/common/query.go | 28 ++++++++++++++++++++++++++++ graphql/resolve/query_rewriter.go | 6 +++--- graphql/resolve/query_test.yaml | 19 +++++++++++++++++++ 3 files changed, 50 insertions(+), 3 deletions(-) diff --git a/graphql/e2e/common/query.go b/graphql/e2e/common/query.go index 8b9b44dd73c..4ec86bcf54d 100644 --- a/graphql/e2e/common/query.go +++ b/graphql/e2e/common/query.go @@ -3051,6 +3051,33 @@ func checkUser(t *testing.T, userObj, expectedObj *user) { } } +func checkUserPasswordWithAlias(t *testing.T, userObj, expectedObj *user) { + checkUserParams := &GraphQLParams{ + Query: `query checkUserPassword($name: String!, $pwd: String!) { + verify : checkUserPassword(name: $name, password: $pwd) { name } + }`, + Variables: map[string]interface{}{ + "name": userObj.Name, + "pwd": userObj.Password, + }, + } + + gqlResponse := checkUserParams.ExecuteAsPost(t, GraphqlURL) + RequireNoGQLErrors(t, gqlResponse) + + var result struct { + CheckUserPasword *user `json:"verify,omitempty"` + } + + err := json.Unmarshal([]byte(gqlResponse.Data), &result) + require.Nil(t, err) + + opt := cmpopts.IgnoreFields(user{}, "Password") + if diff := cmp.Diff(expectedObj, result.CheckUserPasword, opt); diff != "" { + t.Errorf("result mismatch (-want +got):\n%s", diff) + } +} + func passwordTest(t *testing.T) { newUser := &user{ Name: "Test User", @@ -3095,6 +3122,7 @@ func passwordTest(t *testing.T) { string(gqlResponse.Data)) checkUser(t, newUser, newUser) + checkUserPasswordWithAlias(t, newUser, newUser) checkUser(t, &user{Name: "Test User", Password: "Wrong Pass"}, nil) gqlResponse = postExecutor(t, GraphqlURL, updateUserParams) diff --git a/graphql/resolve/query_rewriter.go b/graphql/resolve/query_rewriter.go index 1c089771aa6..b2a33c1eb8c 100644 --- a/graphql/resolve/query_rewriter.go +++ b/graphql/resolve/query_rewriter.go @@ -209,7 +209,7 @@ func passwordQuery(m schema.Query, authRw *authRewriter) (*gql.GraphQuery, error // or dgQuery may be empty and its children may contain checkPassword query. // Find the exact dgQuery with the name checkPassword query. mainQuery := dgQuery - for !strings.HasPrefix(mainQuery.Attr, m.ResponseName()) { + for !strings.HasPrefix(mainQuery.Attr, m.Name()) { mainQuery = mainQuery.Children[0] } @@ -412,7 +412,7 @@ func rewriteAsGet( // caught here but in case of interface, we need to check validity on each // implementing type as Rules for the interface are made empty. if rbac == schema.Negative { - return &gql.GraphQuery{Attr: query.ResponseName() + "()"} + return &gql.GraphQuery{Attr: query.Name() + "()"} } // For interface, empty query should be returned if Auth rules are @@ -427,7 +427,7 @@ func rewriteAsGet( } if !implementingTypesHasFailedRules { - return &gql.GraphQuery{Attr: query.ResponseName() + "()"} + return &gql.GraphQuery{Attr: query.Name() + "()"} } } diff --git a/graphql/resolve/query_test.yaml b/graphql/resolve/query_test.yaml index 1d84798bd49..b402402e325 100644 --- a/graphql/resolve/query_test.yaml +++ b/graphql/resolve/query_test.yaml @@ -2352,6 +2352,25 @@ } } +- + name: "Password query with alias" + gqlquery: | + query { + verify : checkUserPassword(name: "user1", pwd: "Password") { + name + } + } + dgquery: |- + query { + checkUserPassword(func: eq(User.name, "user1")) @filter((eq(val(pwd), 1) AND type(User))) { + name : User.name + dgraph.uid : uid + } + checkPwd(func: eq(User.name, "user1")) @filter(type(User)) { + pwd as checkpwd(User.pwd, "Password") + } + } + - name: "Rewrite without custom fields" gqlquery: | query {