13316763745

Committed 13 Feb 2025 08:45PM UTC coverage: 82.712% (-0.3%) from 83.023%

Build # 13316763745

Build Type

push

github

Committed by

web-flow

Commit Message

Merge pull request #3307 from wp-graphql/release/v2.0.0

release: v2.0.0

Run Details

195 of 270 new or added lines in 20 files covered. (72.22%)

180 existing lines in 42 files now uncovered.

13836 of 16728 relevant lines covered (82.71%)

299.8 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

41.86

/src/Server/ValidationRules/RequireAuthentication.php

<?php

namespace WPGraphQL\Server\ValidationRules;

use GraphQL\Error\Error;
use GraphQL\Language\AST\FieldNode;
use GraphQL\Language\AST\Node;
use GraphQL\Language\AST\NodeKind;
use GraphQL\Type\Definition\Type;
use GraphQL\Validator\Rules\QuerySecurityRule;

/**
 * Class RequireAuthentication
 *
 * @package WPGraphQL\Server\ValidationRules
 */
class RequireAuthentication extends QuerySecurityRule {

        /**
         * Whether the rule is enabled or not.
         */
        protected function isEnabled(): bool {
                $restrict_endpoint = null;

                /**
                 * Allows overriding the default graphql_restrict_endpoint behavior. Returning anything other
                 * than null will skip the default restrict checks.
                 *
                 * @param bool|null $restrict_endpoint Whether to restrict the endpoint. Defaults to null
                 */
                $restrict_endpoint = apply_filters( 'graphql_pre_restrict_endpoint', $restrict_endpoint );

                if ( null !== $restrict_endpoint ) {
                        return (bool) $restrict_endpoint;
                }

                // Check to see if the endpoint should be restricted to logged in users
                $restrict_endpoint = get_graphql_setting( 'restrict_endpoint_to_logged_in_users' );

                if ( false === is_graphql_http_request() ) {
                        return false;
                }

                if ( empty( $restrict_endpoint ) ) {
                        return false;
                }

                if ( 'on' !== $restrict_endpoint ) {
                        return false;
                }

                if ( null !== wp_get_current_user() && 0 !== wp_get_current_user()->ID ) {
                        return false;
                }

                return true;
        }

        /**
         * {@inheritDoc}
         *
         * @param \GraphQL\Validator\QueryValidationContext $context
         *
         * @return array<string,array<string,callable(\GraphQL\Language\AST\Node): (\GraphQL\Language\VisitorOperation|void|false|null)>|(callable(\GraphQL\Language\AST\Node): (\GraphQL\Language\VisitorOperation|void|false|null))>
         */
        public function getVisitor( \GraphQL\Validator\QueryValidationContext $context ): array {
                $allowed_root_fields = [];

                /**
                 * Filters the allowed root fields
                 *
                 * @param string[]                                    $allowed_root_fields The Root fields allowed to be requested without authentication
                 * @param \GraphQL\Validator\QueryValidationContext  $context The Validation context of the field being executed.
                 */
                $allowed_root_fields = apply_filters( 'graphql_require_authentication_allowed_fields', $allowed_root_fields, $context );

                /**
                 * @param \GraphQL\Language\AST\Node $node
                 * @return void
                 */
                $field_validator = static function ( Node $node ) use ( $context, $allowed_root_fields ): void {
                        // If not a FieldNode, return early
                        if ( ! $node instanceof FieldNode ) {
                                return;
                        }

                        $parent_type = $context->getParentType();

                        if ( ! $parent_type instanceof Type || empty( $parent_type->name ) ) {
                                return;
                        }

                        if ( ! in_array( $parent_type->name, [ 'RootQuery', 'RootSubscription', 'RootMutation' ], true ) ) {
                                return;
                        }

                        if ( empty( $allowed_root_fields ) || ! is_array( $allowed_root_fields ) || ! in_array( $node->name->value, $allowed_root_fields, true ) ) {
                                $context->reportError(
                                        new Error(
                                                sprintf(
                                                // translators: %s is the field name
                                                        __( 'The field "%s" cannot be accessed without authentication.', 'wp-graphql' ),
                                                        $context->getParentType() . '.' . $node->name->value
                                                ),
                                                [ $node ]
                                        )
                                );
                        }
                };

                return $this->invokeIfNeeded(
                        $context,
                        [
                                NodeKind::FIELD => $field_validator,
                        ]
                );
        }
}

1	<?php
2
3	namespace WPGraphQL\Server\ValidationRules;
4
5	use GraphQL\Error\Error;
6	use GraphQL\Language\AST\FieldNode;
7	use GraphQL\Language\AST\Node;
8	use GraphQL\Language\AST\NodeKind;
9	use GraphQL\Type\Definition\Type;
10	use GraphQL\Validator\Rules\QuerySecurityRule;
11
12	/**
13	* Class RequireAuthentication
14	*
15	* @package WPGraphQL\Server\ValidationRules
16	*/
17	class RequireAuthentication extends QuerySecurityRule {
18
19	/**
20	* Whether the rule is enabled or not.
21	*/
22	protected function isEnabled(): bool {	746✔
23	$restrict_endpoint = null;	746✔
24
25	/**
26	* Allows overriding the default graphql_restrict_endpoint behavior. Returning anything other
27	* than null will skip the default restrict checks.
28	*
29	* @param bool\|null $restrict_endpoint Whether to restrict the endpoint. Defaults to null
30	*/
31	$restrict_endpoint = apply_filters( 'graphql_pre_restrict_endpoint', $restrict_endpoint );	746✔
32
33	if ( null !== $restrict_endpoint ) {	746✔
34	return (bool) $restrict_endpoint;	×
35	}
36
37	// Check to see if the endpoint should be restricted to logged in users
38	$restrict_endpoint = get_graphql_setting( 'restrict_endpoint_to_logged_in_users' );	746✔
39
40	if ( false === is_graphql_http_request() ) {	746✔
41	return false;	746✔
42	}
43
44	if ( empty( $restrict_endpoint ) ) {	×
45	return false;	×
46	}
47
48	if ( 'on' !== $restrict_endpoint ) {	×
49	return false;	×
50	}
51
52	if ( null !== wp_get_current_user() && 0 !== wp_get_current_user()->ID ) {	×
53	return false;	×
54	}
55
56	return true;	×
57	}
58
59	/**
60	* {@inheritDoc}
61	*
62	* @param \GraphQL\Validator\QueryValidationContext $context
63	*
64	* @return array<string,array<string,callable(\GraphQL\Language\AST\Node): (\GraphQL\Language\VisitorOperation\|void\|false\|null)>\|(callable(\GraphQL\Language\AST\Node): (\GraphQL\Language\VisitorOperation\|void\|false\|null))>
65	*/
66	public function getVisitor( \GraphQL\Validator\QueryValidationContext $context ): array {	746✔
67	$allowed_root_fields = [];	746✔
68
69	/**
70	* Filters the allowed root fields
71	*
72	* @param string[] $allowed_root_fields The Root fields allowed to be requested without authentication
73	* @param \GraphQL\Validator\QueryValidationContext $context The Validation context of the field being executed.
74	*/
75	$allowed_root_fields = apply_filters( 'graphql_require_authentication_allowed_fields', $allowed_root_fields, $context );	746✔
76
77	/**
78	* @param \GraphQL\Language\AST\Node $node
79	* @return void
80	*/
81	$field_validator = static function ( Node $node ) use ( $context, $allowed_root_fields ): void {	746✔
82	// If not a FieldNode, return early
NEW 83	if ( ! $node instanceof FieldNode ) {	×
NEW 84	return;	×
85	}
86
NEW 87	$parent_type = $context->getParentType();	×
88
NEW 89	if ( ! $parent_type instanceof Type \|\| empty( $parent_type->name ) ) {	×
NEW 90	return;	×
91	}
92
NEW 93	if ( ! in_array( $parent_type->name, [ 'RootQuery', 'RootSubscription', 'RootMutation' ], true ) ) {	×
NEW 94	return;	×
95	}
96
NEW 97	if ( empty( $allowed_root_fields ) \|\| ! is_array( $allowed_root_fields ) \|\| ! in_array( $node->name->value, $allowed_root_fields, true ) ) {	×
NEW 98	$context->reportError(	×
NEW 99	new Error(	×
NEW 100	sprintf(	×
101	// translators: %s is the field name
NEW 102	__( 'The field "%s" cannot be accessed without authentication.', 'wp-graphql' ),	×
NEW 103	$context->getParentType() . '.' . $node->name->value	×
NEW 104	),	×
NEW 105	[ $node ]	×
NEW 106	)	×
NEW 107	);	×
108	}
109	};	746✔
110
111	return $this->invokeIfNeeded(	746✔
112	$context,	746✔
113	[	746✔
114	NodeKind::FIELD => $field_validator,	746✔
115	]	746✔
116	);	746✔
117	}
118	}

wp-graphql / wp-graphql / 13316763745

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous