Hugging Face's logo

Spaces:
MVPilgrim
/
SemanticSearchPOC
Running

App Files Community
SemanticSearchPOC
File size: 3,195 Bytes 
b110593
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
 
//                           _       _
// __      _____  __ ___   ___  __ _| |_ ___
// \ \ /\ / / _ \/ _` \ \ / / |/ _` | __/ _ \
//  \ V  V /  __/ (_| |\ V /| | (_| | ||  __/
//   \_/\_/ \___|\__,_| \_/ |_|\__,_|\__\___|
//
//  Copyright © 2016 - 2024 Weaviate B.V. All rights reserved.
//
//  CONTACT: [email protected]
//

package auth_tests

import (
	"context"
	"os"
	"testing"

	"github.com/stretchr/testify/require"
	"github.com/weaviate/weaviate-go-client/v4/weaviate/auth"
	"github.com/weaviate/weaviate-go-client/v4/weaviate/fault"
	"github.com/weaviate/weaviate/entities/models"

	client "github.com/weaviate/weaviate-go-client/v4/weaviate"
)

const (
	wcsUserOnAdmin    = "[email protected]"
	wcsUserNotOnAdmin = "[email protected]"
)

func TestAuthGraphQLUnauthenticated(t *testing.T) {
	ctx := context.Background()
	c := client.New(client.Config{Scheme: "http", Host: os.Getenv(weaviateEndpoint)})
	_, err := c.GraphQL().Raw().WithQuery("{__schema {queryType {fields {name}}}}").Do(ctx)
	require.NotNil(t, err)
}

func TestAuthGraphQLValidUserNotOnAdminlist(t *testing.T) {
	pw := os.Getenv("WCS_DUMMY_CI_PW_2")
	if pw == "" {
		t.Skip("No password supplied")
	}

	ctx := context.Background()

	conf := client.Config{
		Scheme:     "http",
		Host:       os.Getenv(weaviateEndpoint),
		AuthConfig: auth.ResourceOwnerPasswordFlow{Username: wcsUserNotOnAdmin, Password: pw},
	}
	c, err := client.NewClient(conf)
	require.Nil(t, err)

	_, err = c.GraphQL().Raw().WithQuery("{__schema {queryType {fields {name}}}}").Do(ctx)
	require.NotNil(t, err)
}

func TestAuthGraphQLValidUser(t *testing.T) {
	pwAdminUser := os.Getenv("WCS_DUMMY_CI_PW")
	pwNoAdminUser := os.Getenv("WCS_DUMMY_CI_PW_2")
	if pwAdminUser == "" || pwNoAdminUser == "" {
		t.Skip("No password supplied")
	}

	ctx := context.Background()
	conf := client.Config{
		Scheme:     "http",
		Host:       os.Getenv(weaviateEndpoint),
		AuthConfig: auth.ResourceOwnerPasswordFlow{Username: wcsUserOnAdmin, Password: pwAdminUser},
	}
	c, err := client.NewClient(conf)
	require.Nil(t, err)

	// add a class so schema is not empty
	require.Nil(t, c.Schema().AllDeleter().Do(ctx))
	require.Nil(t, c.Schema().ClassCreator().WithClass(&models.Class{Class: "Pizza"}).Do(ctx))

	t.Run("returns schema without error for admin", func(t *testing.T) {
		_, err = c.GraphQL().Raw().WithQuery("{__schema {queryType {fields {name}}}}").Do(ctx)
		require.Nil(t, err)
	})

	t.Run("returns auth error for non-admin", func(t *testing.T) {
		conf2 := client.Config{
			Scheme:     "http",
			Host:       os.Getenv(weaviateEndpoint),
			AuthConfig: auth.ResourceOwnerPasswordFlow{Username: wcsUserNotOnAdmin, Password: pwNoAdminUser},
		}
		cNoAdmin, err := client.NewClient(conf2)
		require.Nil(t, err)

		_, err = cNoAdmin.GraphQL().Raw().WithQuery("{__schema {queryType {fields {name}}}}").Do(ctx)
		require.NotNil(t, err)
		wErr, ok := err.(*fault.WeaviateClientError)
		require.True(t, ok)

		require.Contains(t, wErr.DerivedFromError.Error(), "forbidden")
	})
}