tornado graphql handler testing

dwsutherland · dwsutherland · commit 16277440640f · 2026-01-30T21:02:20.000+13:00
diff --git a/cylc/uiserver/graphql/tornado.py b/cylc/uiserver/graphql/tornado.py
@@ -235,7 +235,7 @@ def parse_body(self):
             try:
                 body = self.request.body
             except Exception as e:
-                raise ExecutionError(400, e)
+                raise ExecutionError(400, [e])
 
             try:
                 request_json = json.loads(body)
@@ -337,7 +337,7 @@ async def execute_graphql_request(
 
             return result
         except Exception as e:
-            return ExecutionResult(errors=[e])
+            return ExecutionResult(data=None, errors=[e])
 
     async def execute(self, *args, **kwargs):
         return execute(*args, **kwargs)
diff --git a/cylc/uiserver/tests/test_handlers.py b/cylc/uiserver/tests/test_handlers.py
@@ -20,17 +20,273 @@
 from unittest.mock import MagicMock
 import pytest
 
+from graphql import ExecutionResult, GraphQLError
+from graphql.execution.middleware import MiddlewareManager
 from tornado.httputil import HTTPServerRequest
-from tornado.testing import AsyncHTTPTestCase, get_async_test_timeout
+from tornado.testing import AsyncHTTPTestCase, get_async_test_timeout, gen_test
 from tornado.web import Application
+from tornado.web import HTTPError
 
+from cylc.flow.network.graphql import (
+    CylcExecutionContext, IgnoreFieldMiddleware
+)
+from cylc.uiserver.authorise import AuthorizationMiddleware
+from cylc.uiserver.graphql.tornado import TornadoGraphQLHandler, ExecutionError
 from cylc.uiserver.graphql.tornado_ws import GRAPHQL_WS
-from cylc.uiserver.handlers import SubscriptionHandler
+from cylc.uiserver.handlers import (
+    SubscriptionHandler,
+    UIServerGraphQLHandler,
+)
+from cylc.uiserver.schema import schema
 
 
 class MyApplication(Application):
     ...
 
+class GraphQLHandlersTest(AsyncHTTPTestCase):
+    """Test for TornadoGraphQLHandler/UIServerGraphQLHandler"""
+
+    def get_app(self, handler_class=UIServerGraphQLHandler) -> Application:
+        return MyApplication(
+            handlers=[
+                (
+                    'graphql',
+                    handler_class,
+                    {
+                        'schema': schema,
+                        'middleware': [
+                            AuthorizationMiddleware,
+                            IgnoreFieldMiddleware
+                        ],
+                        'execution_context_class': CylcExecutionContext,
+                    }
+                ),
+            ]
+        )
+
+    def _create_handler(
+        self,
+        handler_class=UIServerGraphQLHandler,
+        r_kwargs={},
+        h_kwargs={},
+        logged_in=True,
+    ):
+        app = self.get_app(handler_class)
+        r_params = {
+            'uri': '/graphql',
+            'method': 'GET',
+            **r_kwargs,
+        }
+        request = HTTPServerRequest(**r_params)
+        request.connection = MagicMock()
+        h_params = {
+            'middleware': [
+                AuthorizationMiddleware,
+                IgnoreFieldMiddleware
+            ],
+            'execution_context_class': CylcExecutionContext,
+            **h_kwargs,
+        }
+        handler = handler_class(
+            application=app,
+            request=request,
+            schema=schema,
+            **h_params,
+        )
+
+        if logged_in:
+            handler.get
+            _current_user = lambda: {'name': getuser()}
+        else:
+            handler.current_user = None
+        return handler
+
+    def test_setup(self):
+        """Test setup, attributes, and properties."""
+        mid_manager = MiddlewareManager()
+        handler = self._create_handler(
+            handler_class=TornadoGraphQLHandler,
+            h_kwargs={'middleware': mid_manager}
+        )
+        assert handler.middleware == mid_manager
+
+        handler = self._create_handler(
+            handler_class=TornadoGraphQLHandler,
+            h_kwargs={'middleware': None},
+        )
+        assert not handler.middleware
+        assert handler.get_context().method == "GET"
+
+    def test_parse_body(self):
+        """Test parse_body for query doc."""
+        handler = self._create_handler(
+            r_kwargs={
+                'headers': {'Content-Type': "application/json"},
+                'method': "POST",
+            }
+        )
+        assert not handler.get_parsed_body()
+
+        class FakeRequest:
+            headers = {'Content-Type': "Application/json"}
+            errors = None
+
+        # test request without body.
+        orig_request = handler.request
+        handler.request = FakeRequest()
+        with pytest.raises(ExecutionError) as exc:
+            handler.parse_body()
+        assert 'FakeRequest' in str(exc)
+
+        ex_error = ExecutionError(123, None)
+        assert ex_error.status_code == 123
+        assert ex_error.message == ''
+
+        # test invalid JSON string
+        handler.request = orig_request
+        handler.request.body = '%&^ds:ea43#'
+        with pytest.raises(HTTPError) as exc:
+            handler.parse_body()
+        assert 'invalid JSON' in str(exc.value)
+
+        # test invalid query
+        handler.request.body = json.dumps([{'this': "that"}])
+        with pytest.raises(HTTPError) as exc:
+            handler.parse_body()
+        assert 'not a valid JSON query.' in str(exc.value)
+
+    @gen_test
+    @pytest.mark.usefixtures("mock_authentication_yossarian")
+    async def test_get_response(self):
+        """Test get_response."""
+        r_kwargs = {
+            'headers': {'Content-Type': "application/json"},
+            'method': "POST",
+            'body': json.dumps({'query': "curry { massaman }"})
+        }
+        h_kwargs = {
+            'execution_context_class': None,
+            'parsed_body': 'cake',
+        }
+        handler = self._create_handler(r_kwargs=r_kwargs, h_kwargs=h_kwargs)
+        assert handler.parsed_body == 'cake'
+
+        # Test bad query
+        data = handler.parse_body()
+        result, status_code = await handler.get_response(data)
+        assert status_code == 400
+        assert 'curry' in result
+
+        # Test good query
+        doc = {
+            'query': '''
+                query stoke ($wFlows: [ID]){
+                  workflows (ids: $wFlows) { id status }
+                }
+            ''',
+            'variables': {'wFlows': ["*/run1"]},
+            'operationName': 'stoke',
+        }
+
+        handler.request.body = json.dumps(doc)
+        data = handler.parse_body()
+        handler.graphql_params = {}
+        result, status_code = await handler.get_response(data)
+        assert status_code == 200
+        # caught by auth
+        assert 'Forbidden' in str(result)
+        assert handler.graphql_params[2] == 'stoke'
+        # test the graphql params bypass
+        result, status_code = await handler.get_response(data)
+        assert status_code == 200
+        assert 'Forbidden' in str(result)
+
+        # test bad schema
+        orig_type = handler.schema.graphql_schema.query_type
+        handler.schema.graphql_schema.query_type = None
+        result, status_code = await handler.get_response(data)
+        assert 'not configured to execute query' in result
+        assert status_code == 400
+        handler.schema.graphql_schema.query_type = orig_type
+        handler.schema.graphql_schema._validation_errors = ['nasty one']
+        result, status_code = await handler.get_response(data)
+        assert 'nasty one' in results
+        assert status_code == 400
+        handler.schema.graphql_schema._validation_errors = []
+
+        # by-pass auth middleware
+        h_kwargs['middleware'] = []
+        doc['operationName'] = 'null'
+        handler = self._create_handler(r_kwargs=r_kwargs, h_kwargs=h_kwargs)
+        handler.request.body = json.dumps(doc)
+        data = handler.parse_body()
+        handler.graphql_params = {}
+        result, status_code = await handler.get_response(data)
+        assert status_code == 200
+        # because no resolvers set:
+        assert "object has no attribute 'get_workflows'" in str(result)
+        # operationName should be None
+        assert handler.graphql_params[2] is None
+
+        # test invalid variable
+        doc['variables'] = 'Nope'
+        handler.request.body = json.dumps(doc)
+        data = handler.parse_body()
+        handler.graphql_params = {}
+        with pytest.raises(HTTPError) as exc:
+            await handler.get_response(data)
+        assert 'Variables are invalid JSON' in str(exc.value)
+
+        doc['variables'] = {'wFlows': ["*/run1"]},
+        doc['operationName'] = 'stoke'
+        handler.request.body = json.dumps(doc)
+        data = handler.parse_body()
+        handler.graphql_params = {}
+
+        # test execution error
+        async def exec_error(schema, doc, **kwargs):
+            raise ExecutionError(400, ['problems'])
+        orig_exec = handler.execute
+        handler.execute = exec_error
+        result, status_code = await handler.get_response(data)
+        assert status_code == 400
+        handler.execute = orig_exec
+
+        # replicate the None result
+        async def exe_gql_req(data, query, variables, operation_name):
+            return None
+        handler.execute_graphql_request = exe_gql_req
+        result, status_code = await handler.get_response(data)
+        assert status_code == 200
+        assert result is None
+
+        # test an execution result with get method (i.e. other api link)
+        async def exe_gql_req2(data, query, variables, operation_name):
+            class FakeResult:
+                def get(self):
+                    return ExecutionResult(data='other-api-response')
+            return FakeResult()
+        handler.execute_graphql_request = exe_gql_req2
+        result, status_code = await handler.get_response(data)
+        assert status_code == 200
+        assert 'other-api-response' in result
+
+        # test an execution result with errors
+        async def exe_gql_req3(data, query, variables, operation_name):
+            return ExecutionResult(
+                errors = [
+                    GraphQLError('GQL error'),
+                    ExecutionError(400, ['Some Exc error']),
+                    Exception('random other error')
+                ]
+            )
+        handler.execute_graphql_request = exe_gql_req3
+        result, status_code = await handler.get_response(data)
+        assert status_code == 400
+        assert 'GQL error' in result
+        assert 'Some Exc error' in result
+        assert 'random other error' in result
+
 
 class SubscriptionHandlerTest(AsyncHTTPTestCase):
     """Test for SubscriptionHandler"""
