17335997908

Committed 29 Aug 2025 11:06PM UTC coverage: 84.593%. Remained the same

Build # 17335997908

Build Type

push

github

Committed by

actions-user

Commit Message

chore: update changeset for PR #3407

Run Details

15884 of 18777 relevant lines covered (84.59%)

260.51 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

41.86

/src/Server/ValidationRules/RequireAuthentication.php

<?php

namespace WPGraphQL\Server\ValidationRules;

use GraphQL\Error\Error;
use GraphQL\Language\AST\FieldNode;
use GraphQL\Language\AST\Node;
use GraphQL\Language\AST\NodeKind;
use GraphQL\Type\Definition\Type;
use GraphQL\Validator\Rules\QuerySecurityRule;

/**
 * Class RequireAuthentication
 *
 * @package WPGraphQL\Server\ValidationRules
 */
class RequireAuthentication extends QuerySecurityRule {

        /**
         * Whether the rule is enabled or not.
         */
        protected function isEnabled(): bool {
                $restrict_endpoint = null;

                /**
                 * Allows overriding the default graphql_restrict_endpoint behavior. Returning anything other
                 * than null will skip the default restrict checks.
                 *
                 * @param bool|null $restrict_endpoint Whether to restrict the endpoint. Defaults to null
                 */
                $restrict_endpoint = apply_filters( 'graphql_pre_restrict_endpoint', $restrict_endpoint );

                if ( null !== $restrict_endpoint ) {
                        return (bool) $restrict_endpoint;
                }

                // Check to see if the endpoint should be restricted to logged in users
                $restrict_endpoint = get_graphql_setting( 'restrict_endpoint_to_logged_in_users' );

                if ( false === is_graphql_http_request() ) {
                        return false;
                }

                if ( empty( $restrict_endpoint ) ) {
                        return false;
                }

                if ( 'on' !== $restrict_endpoint ) {
                        return false;
                }

                if ( null !== wp_get_current_user() && 0 !== wp_get_current_user()->ID ) {
                        return false;
                }

                return true;
        }

        /**
         * {@inheritDoc}
         */
        public function getVisitor( \GraphQL\Validator\QueryValidationContext $context ): array {
                $allowed_root_fields = [];

                /**
                 * Filters the allowed root fields
                 *
                 * @param string[]                                    $allowed_root_fields The Root fields allowed to be requested without authentication
                 * @param \GraphQL\Validator\QueryValidationContext  $context The Validation context of the field being executed.
                 */
                $allowed_root_fields = apply_filters( 'graphql_require_authentication_allowed_fields', $allowed_root_fields, $context );

                /**
                 * @param \GraphQL\Language\AST\Node $node
                 * @return void
                 */
                $field_validator = static function ( Node $node ) use ( $context, $allowed_root_fields ): void {
                        // If not a FieldNode, return early
                        if ( ! $node instanceof FieldNode ) {
                                return;
                        }

                        $parent_type = $context->getParentType();

                        if ( ! $parent_type instanceof Type || empty( $parent_type->name ) ) {
                                return;
                        }

                        if ( ! in_array( $parent_type->name, [ 'RootQuery', 'RootSubscription', 'RootMutation' ], true ) ) {
                                return;
                        }

                        if ( empty( $allowed_root_fields ) || ! is_array( $allowed_root_fields ) || ! in_array( $node->name->value, $allowed_root_fields, true ) ) {
                                $context->reportError(
                                        new Error(
                                                sprintf(
                                                // translators: %s is the field name
                                                        __( 'The field "%s" cannot be accessed without authentication.', 'wp-graphql' ),
                                                        $context->getParentType() . '.' . $node->name->value
                                                ),
                                                [ $node ]
                                        )
                                );
                        }
                };

                return $this->invokeIfNeeded(
                        $context,
                        [
                                NodeKind::FIELD => $field_validator,
                        ]
                );
        }
}

1	<?php
2
3	namespace WPGraphQL\Server\ValidationRules;
4
5	use GraphQL\Error\Error;
6	use GraphQL\Language\AST\FieldNode;
7	use GraphQL\Language\AST\Node;
8	use GraphQL\Language\AST\NodeKind;
9	use GraphQL\Type\Definition\Type;
10	use GraphQL\Validator\Rules\QuerySecurityRule;
11
12	/**
13	* Class RequireAuthentication
14	*
15	* @package WPGraphQL\Server\ValidationRules
16	*/
17	class RequireAuthentication extends QuerySecurityRule {
18
19	/**
20	* Whether the rule is enabled or not.
21	*/
22	protected function isEnabled(): bool {	754✔
23	$restrict_endpoint = null;	754✔
24
25	/**
26	* Allows overriding the default graphql_restrict_endpoint behavior. Returning anything other
27	* than null will skip the default restrict checks.
28	*
29	* @param bool\|null $restrict_endpoint Whether to restrict the endpoint. Defaults to null
30	*/
31	$restrict_endpoint = apply_filters( 'graphql_pre_restrict_endpoint', $restrict_endpoint );	754✔
32
33	if ( null !== $restrict_endpoint ) {	754✔
34	return (bool) $restrict_endpoint;	×
35	}
36
37	// Check to see if the endpoint should be restricted to logged in users
38	$restrict_endpoint = get_graphql_setting( 'restrict_endpoint_to_logged_in_users' );	754✔
39
40	if ( false === is_graphql_http_request() ) {	754✔
41	return false;	754✔
42	}
43
44	if ( empty( $restrict_endpoint ) ) {	×
45	return false;	×
46	}
47
48	if ( 'on' !== $restrict_endpoint ) {	×
49	return false;	×
50	}
51
52	if ( null !== wp_get_current_user() && 0 !== wp_get_current_user()->ID ) {	×
53	return false;	×
54	}
55
56	return true;	×
57	}
58
59	/**
60	* {@inheritDoc}
61	*/
62	public function getVisitor( \GraphQL\Validator\QueryValidationContext $context ): array {	754✔
63	$allowed_root_fields = [];	754✔
64
65	/**
66	* Filters the allowed root fields
67	*
68	* @param string[] $allowed_root_fields The Root fields allowed to be requested without authentication
69	* @param \GraphQL\Validator\QueryValidationContext $context The Validation context of the field being executed.
70	*/
71	$allowed_root_fields = apply_filters( 'graphql_require_authentication_allowed_fields', $allowed_root_fields, $context );	754✔
72
73	/**
74	* @param \GraphQL\Language\AST\Node $node
75	* @return void
76	*/
77	$field_validator = static function ( Node $node ) use ( $context, $allowed_root_fields ): void {	754✔
78	// If not a FieldNode, return early
79	if ( ! $node instanceof FieldNode ) {	×
80	return;	×
81	}
82
83	$parent_type = $context->getParentType();	×
84
85	if ( ! $parent_type instanceof Type \|\| empty( $parent_type->name ) ) {	×
86	return;	×
87	}
88
89	if ( ! in_array( $parent_type->name, [ 'RootQuery', 'RootSubscription', 'RootMutation' ], true ) ) {	×
90	return;	×
91	}
92
93	if ( empty( $allowed_root_fields ) \|\| ! is_array( $allowed_root_fields ) \|\| ! in_array( $node->name->value, $allowed_root_fields, true ) ) {	×
94	$context->reportError(	×
95	new Error(	×
96	sprintf(	×
97	// translators: %s is the field name
98	__( 'The field "%s" cannot be accessed without authentication.', 'wp-graphql' ),	×
99	$context->getParentType() . '.' . $node->name->value	×
100	),	×
101	[ $node ]	×
102	)	×
103	);	×
104	}
105	};	754✔
106
107	return $this->invokeIfNeeded(	754✔
108	$context,	754✔
109	[	754✔
110	NodeKind::FIELD => $field_validator,	754✔
111	]	754✔
112	);	754✔
113	}
114	}

wp-graphql / wp-graphql / 17335997908

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous