mirror of
https://github.com/appwrite/appwrite.git
synced 2026-05-26 13:51:13 +00:00
Chirag Aggarwal
d2230f8fe7
Raises `phpstan.neon` level from 3 to 4 and fixes the 549 new errors
that level 4 surfaces across 157 files. Fixes are root-cause — no
`@phpstan-ignore`, no `@var` casts, no baseline entries, no widened
types. A handful of latent bugs were fixed along the way:
- `app/controllers/general.php`: path-traversal guard was negating
`\substr(...)` before the strict comparison (`!\substr(...) === $base`
was always `false === $base`). Rewritten as `\substr(...) !== $base`.
- `src/Appwrite/Platform/Modules/Databases/Http/Databases/Logs/XList.php`
and `.../TablesDB/Logs/XList.php`: were importing the raw Matomo
`DeviceDetector` (whose `getDevice()` returns `?int`) but treating the
result as an array with `deviceName/deviceBrand/deviceModel` keys.
Swapped to `Appwrite\Detector\Detector`, matching the wrapper already
used a few lines below for `$os`/`$client`.
- `src/Appwrite/Platform/Modules/Functions/Workers/Builds.php`: a match
key was checking `$resourceKey === 'functions'` when `$resourceKey`
is `'functionId'|'siteId'` — always false. Switched to the intended
`$resource->getCollection() === 'functions'` check.
- `src/Appwrite/OpenSSL/OpenSSL.php`: `encrypt()` return type tightened
to `string|false` to match `openssl_encrypt`; this lets callers'
`=== false` error handling remain meaningful.
- `app/controllers/api/messaging.php`: removed a dead
`array_key_exists('from', [])` branch in the Msg91 provider (empty
array literal; branch was unreachable).
Large cleanup categories across the 549 fixes:
- Removed redundant `?? default` on array offsets and expressions that
PHPStan now knows are non-nullable.
- Removed unreachable statements (mostly `return;` after `throw` or
`markTestSkipped()`).
- Removed redundant `is_array`/`is_string`/`is_bool`/`instanceof` checks
on already-narrowed types.
- Added `default =>` arms (or throwing arms) to non-exhaustive matches
on `string`/`mixed` input.
- Removed dead `$document === false` branches where method return types
were tightened to non-nullable `Document`.
- Removed unused properties (`$version` on Etsy/Zoom OAuth2, `$paths` on
Installer State, `$source` on MigrationsWorker, `$account2` on two
GraphQL auth tests), unused traits (`ApiVectorsDB`, `DatabaseFixture`),
and an unused `cleanupStaleExecutions` task method.
- Replaced `assertTrue(true)` and redundant `assertIsArray`/`assertIsString`/
`assertNotNull` assertions with `addToAssertionCount(1)` or
`assertNotEmpty` where the runtime type was already known.
263 lines
10 KiB
PHP
263 lines
10 KiB
PHP
<?php
|
|
|
|
namespace Tests\E2E\Services\GraphQL\Legacy;
|
|
|
|
use Tests\E2E\Client;
|
|
use Tests\E2E\Scopes\ProjectCustom;
|
|
use Tests\E2E\Scopes\Scope;
|
|
use Tests\E2E\Scopes\SideClient;
|
|
use Tests\E2E\Services\GraphQL\Base;
|
|
use Utopia\Database\Helpers\ID;
|
|
use Utopia\Database\Helpers\Permission;
|
|
use Utopia\Database\Helpers\Role;
|
|
|
|
class AuthTest extends Scope
|
|
{
|
|
use ProjectCustom;
|
|
use SideClient;
|
|
use Base;
|
|
|
|
private array $account1;
|
|
|
|
private string $token1;
|
|
private string $token2;
|
|
|
|
private array $database;
|
|
private array $collection;
|
|
|
|
public function setUp(): void
|
|
{
|
|
parent::setUp();
|
|
|
|
$projectId = $this->getProject()['$id'];
|
|
$query = $this->getQuery(self::CREATE_ACCOUNT);
|
|
|
|
$email1 = 'test' . \rand() . '@test.com';
|
|
$email2 = 'test' . \rand() . '@test.com';
|
|
|
|
// Create account 1
|
|
$graphQLPayload = [
|
|
'query' => $query,
|
|
'variables' => [
|
|
'userId' => ID::unique(),
|
|
'name' => 'User Name',
|
|
'email' => $email1,
|
|
'password' => 'password',
|
|
],
|
|
];
|
|
$this->account1 = $this->client->call(Client::METHOD_POST, '/graphql', [
|
|
'content-type' => 'application/json',
|
|
'x-appwrite-project' => $projectId,
|
|
], $graphQLPayload);
|
|
|
|
// Create account 2
|
|
$graphQLPayload['variables']['userId'] = ID::unique();
|
|
$graphQLPayload['variables']['email'] = $email2;
|
|
|
|
$account2 = $this->client->call(Client::METHOD_POST, '/graphql', [
|
|
'content-type' => 'application/json',
|
|
'x-appwrite-project' => $projectId,
|
|
], $graphQLPayload);
|
|
|
|
// Create session 1
|
|
$query = $this->getQuery(self::CREATE_ACCOUNT_SESSION);
|
|
$graphQLPayload = [
|
|
'query' => $query,
|
|
'variables' => [
|
|
'email' => $email1,
|
|
'password' => 'password',
|
|
]
|
|
];
|
|
$session1 = $this->client->call(Client::METHOD_POST, '/graphql', [
|
|
'content-type' => 'application/json',
|
|
'x-appwrite-project' => $projectId,
|
|
], $graphQLPayload);
|
|
|
|
$this->token1 = $session1['cookies']['a_session_' . $projectId];
|
|
|
|
// Create session 2
|
|
$graphQLPayload['variables']['email'] = $email2;
|
|
|
|
$session2 = $this->client->call(Client::METHOD_POST, '/graphql', [
|
|
'content-type' => 'application/json',
|
|
'x-appwrite-project' => $projectId,
|
|
], $graphQLPayload);
|
|
|
|
$this->token2 = $session2['cookies']['a_session_' . $projectId];
|
|
|
|
// Create database
|
|
$query = $this->getQuery(self::CREATE_DATABASE);
|
|
$gqlPayload = [
|
|
'query' => $query,
|
|
'variables' => [
|
|
'databaseId' => ID::unique(),
|
|
'name' => 'Actors',
|
|
]
|
|
];
|
|
$this->database = $this->client->call(Client::METHOD_POST, '/graphql', [
|
|
'content-type' => 'application/json',
|
|
'x-appwrite-project' => $projectId,
|
|
'x-appwrite-key' => $this->getProject()['apiKey'],
|
|
], $gqlPayload);
|
|
|
|
// Create collection
|
|
$query = $this->getQuery(self::CREATE_COLLECTION);
|
|
$userId = $this->account1['body']['data']['accountCreate']['_id'];
|
|
$gqlPayload = [
|
|
'query' => $query,
|
|
'variables' => [
|
|
'databaseId' => $this->database['body']['data']['databasesCreate']['_id'],
|
|
'collectionId' => ID::unique(),
|
|
'name' => 'Actors',
|
|
'documentSecurity' => true,
|
|
'permissions' => [
|
|
Permission::create(Role::user($userId))
|
|
]
|
|
]
|
|
];
|
|
$this->collection = $this->client->call(Client::METHOD_POST, '/graphql', [
|
|
'content-type' => 'application/json',
|
|
'x-appwrite-project' => $projectId,
|
|
'x-appwrite-key' => $this->getProject()['apiKey'],
|
|
], $gqlPayload);
|
|
|
|
// Create string attribute
|
|
$query = $this->getQuery(self::CREATE_STRING_ATTRIBUTE);
|
|
$gqlPayload = [
|
|
'query' => $query,
|
|
'variables' => [
|
|
'databaseId' => $this->database['body']['data']['databasesCreate']['_id'],
|
|
'collectionId' => $this->collection['body']['data']['databasesCreateCollection']['_id'],
|
|
'key' => 'name',
|
|
'size' => 256,
|
|
'required' => true,
|
|
]
|
|
];
|
|
$this->client->call(Client::METHOD_POST, '/graphql', [
|
|
'content-type' => 'application/json',
|
|
'x-appwrite-project' => $projectId,
|
|
'x-appwrite-key' => $this->getProject()['apiKey'],
|
|
], $gqlPayload);
|
|
|
|
$databaseId = $this->database['body']['data']['databasesCreate']['_id'];
|
|
$collectionId = $this->collection['body']['data']['databasesCreateCollection']['_id'];
|
|
$this->assertEventually(function () use ($databaseId, $collectionId, $projectId) {
|
|
$response = $this->client->call(Client::METHOD_GET, '/databases/' . $databaseId . '/collections/' . $collectionId . '/attributes/name', [
|
|
'content-type' => 'application/json',
|
|
'x-appwrite-project' => $projectId,
|
|
'x-appwrite-key' => $this->getProject()['apiKey'],
|
|
]);
|
|
$this->assertEquals('available', $response['body']['status']);
|
|
}, 30000, 250);
|
|
}
|
|
|
|
public function testInvalidAuth()
|
|
{
|
|
$projectId = $this->getProject()['$id'];
|
|
|
|
// Create document as account 1
|
|
$query = $this->getQuery(self::CREATE_DOCUMENT);
|
|
$userId = $this->account1['body']['data']['accountCreate']['_id'];
|
|
$gqlPayload = [
|
|
'query' => $query,
|
|
'variables' => [
|
|
'databaseId' => $this->database['body']['data']['databasesCreate']['_id'],
|
|
'collectionId' => $this->collection['body']['data']['databasesCreateCollection']['_id'],
|
|
'documentId' => ID::unique(),
|
|
'data' => [
|
|
'name' => 'John Doe',
|
|
],
|
|
'permissions' => [
|
|
Permission::read(Role::user($userId)),
|
|
Permission::update(Role::user($userId)),
|
|
Permission::delete(Role::user($userId)),
|
|
]
|
|
]
|
|
];
|
|
$document = $this->client->call(Client::METHOD_POST, '/graphql', [
|
|
'content-type' => 'application/json',
|
|
'x-appwrite-project' => $projectId,
|
|
'cookie' => 'a_session_' . $projectId . '=' . $this->token1,
|
|
], $gqlPayload);
|
|
|
|
// Try to read as account 1
|
|
$query = $this->getQuery(self::GET_DOCUMENT);
|
|
$gqlPayload = [
|
|
'query' => $query,
|
|
'variables' => [
|
|
'databaseId' => $this->database['body']['data']['databasesCreate']['_id'],
|
|
'collectionId' => $this->collection['body']['data']['databasesCreateCollection']['_id'],
|
|
'documentId' => $document['body']['data']['databasesCreateDocument']['_id'],
|
|
]
|
|
];
|
|
$document = $this->client->call(Client::METHOD_POST, '/graphql', [
|
|
'content-type' => 'application/json',
|
|
'x-appwrite-project' => $projectId,
|
|
'cookie' => 'a_session_' . $projectId . '=' . $this->token1,
|
|
], $gqlPayload);
|
|
|
|
$this->assertIsArray($document['body']['data']['databasesGetDocument']);
|
|
$this->assertArrayNotHasKey('errors', $document['body']);
|
|
|
|
// Try to read as account 2
|
|
$document = $this->client->call(Client::METHOD_POST, '/graphql', [
|
|
'content-type' => 'application/json',
|
|
'x-appwrite-project' => $projectId,
|
|
'cookie' => 'a_session_' . $projectId . '=' . $this->token2,
|
|
], $gqlPayload);
|
|
|
|
$this->assertArrayHasKey('errors', $document['body']);
|
|
$documentId = $gqlPayload['variables']['documentId'];
|
|
$this->assertEquals("Document with the requested ID '$documentId' could not be found.", $document['body']['errors'][0]['message']);
|
|
}
|
|
|
|
public function testValidAuth()
|
|
{
|
|
$projectId = $this->getProject()['$id'];
|
|
|
|
// Create document as account 1
|
|
$query = $this->getQuery(self::CREATE_DOCUMENT);
|
|
$userId = $this->account1['body']['data']['accountCreate']['_id'];
|
|
$gqlPayload = [
|
|
'query' => $query,
|
|
'variables' => [
|
|
'databaseId' => $this->database['body']['data']['databasesCreate']['_id'],
|
|
'collectionId' => $this->collection['body']['data']['databasesCreateCollection']['_id'],
|
|
'documentId' => ID::unique(),
|
|
'data' => [
|
|
'name' => 'John Doe',
|
|
],
|
|
'permissions' => [
|
|
Permission::read(Role::user($userId)),
|
|
Permission::update(Role::user($userId)),
|
|
Permission::delete(Role::user($userId)),
|
|
],
|
|
]
|
|
];
|
|
$document = $this->client->call(Client::METHOD_POST, '/graphql', [
|
|
'content-type' => 'application/json',
|
|
'x-appwrite-project' => $projectId,
|
|
'cookie' => 'a_session_' . $projectId . '=' . $this->token1,
|
|
], $gqlPayload);
|
|
|
|
// Try to delete as account 1
|
|
$query = $this->getQuery(self::DELETE_DOCUMENT);
|
|
$gqlPayload = [
|
|
'query' => $query,
|
|
'variables' => [
|
|
'databaseId' => $this->database['body']['data']['databasesCreate']['_id'],
|
|
'collectionId' => $this->collection['body']['data']['databasesCreateCollection']['_id'],
|
|
'documentId' => $document['body']['data']['databasesCreateDocument']['_id'],
|
|
]
|
|
];
|
|
$document = $this->client->call(Client::METHOD_POST, '/graphql', [
|
|
'content-type' => 'application/json',
|
|
'x-appwrite-project' => $projectId,
|
|
'cookie' => 'a_session_' . $projectId . '=' . $this->token1,
|
|
], $gqlPayload);
|
|
|
|
$this->assertIsNotArray($document['body']);
|
|
$this->assertEquals(204, $document['headers']['status-code']);
|
|
}
|
|
}
|