[ADD] First tests of the graphql API (pretty raw for the time being)

dfir-iris · Mar 8, 2024 · 05c8b56 · 05c8b56
1 parent 826ecff
commit 05c8b56
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 6 deletions.
diff --git a/source/app/blueprints/graphql/graphql_route.py b/source/app/blueprints/graphql/graphql_route.py
@@ -76,12 +76,7 @@ def _create_blueprint():
 
 graphql_blueprint = _create_blueprint()
 
-# TODO add first unit tests: test request is rejected with wrong token, test request is successful
-# TODO try to rewrite this as another blueprint and group it with the other blueprints
 # TODO how to handle permissions?
 # TODO link with the database: graphene-sqlalchemy
 # TODO I am unsure about the code organization (directories)
-# curl --insecure -X POST -H "Content-Type: application/json" -d '{ "query": "{ hello(firstName: \"friendly\") }" }' https://127.0.0.1/graphql
-#app.add_url_rule('/graphql', view_func=GraphQLView.as_view('graphql', schema=schema))
-#API_KEY=B8BA5D730210B50F41C06941582D7965D57319D5685440587F98DFDC45A01594
-#curl --insecure -X POST --header 'Authorization: Bearer '${API_KEY} --header 'Content-Type: application/json' -d '{ "query": "{ hello(firstName: \"friendly\") }" }' https://127.0.0.1/graphql
+# TODO define the graphql API and establish the most important needs
diff --git a/tests/tests.py b/tests/tests.py
@@ -18,6 +18,8 @@
 
 from unittest import TestCase
 from iris import Iris
+import requests
+from iris import _API_KEY, _API_URL
 
 
 class Tests(TestCase):
@@ -48,3 +50,25 @@ def test_update_case_should_not_require_case_name_issue_358(self):
         case_identifier = response['data']['case_id']
         response = self._subject.update_case(case_identifier, {'case_tags': 'test,example'})
         self.assertEqual('success', response['status'])
+
+    # TODO rewrite this test in a nicer way (too low level)
+    # TODO use gql
+    def test_graphql_endpoint_should_not_fail(self):
+        url = _API_URL + '/graphql'
+        _headers = {'Authorization': f'Bearer {_API_KEY}', 'Content-Type': 'application/json'}
+        payload = {
+            'query': '{ hello(firstName: "Paul") }'
+        }
+        response = requests.post(_API_URL + '/graphql', headers=_headers, json=payload)
+        body = response.json()
+        self.assertEqual('Hello Paul!', body['data']['hello'])
+
+    # TODO rewrite this test in a nicer way (too low level)
+    def test_graphql_endpoint_should_reject_requests_with_wrong_authentication_token(self):
+        url = _API_URL + '/graphql'
+        _headers = {'Authorization': f'Bearer 0000000000000000000000000000000000000000000000000000000000000000', 'Content-Type': 'application/json'}
+        payload = {
+            'query': '{ hello(firstName: "friendly") }'
+        }
+        response = requests.post(url, headers=_headers, json=payload)
+        self.assertEqual(401, response.status_code)