From f978015ca288ff7ec91cac29aefff0b4e27411e8 Mon Sep 17 00:00:00 2001 From: Gregory Schier Date: Wed, 17 Jan 2018 11:20:45 +0700 Subject: [PATCH] Fix GraphQL + OAuth 2.0 (Fixes #699) --- packages/insomnia-app/app/network/network.js | 1 + .../o-auth-2/grant-authorization-code.js | 5 ++-- .../insomnia-app/app/network/o-auth-2/misc.js | 13 ++++++---- .../editors/body/graph-ql-editor.js | 25 ++++++++++--------- 4 files changed, 25 insertions(+), 19 deletions(-) diff --git a/packages/insomnia-app/app/network/network.js b/packages/insomnia-app/app/network/network.js index 71432bbb3b..23f9499320 100644 --- a/packages/insomnia-app/app/network/network.js +++ b/packages/insomnia-app/app/network/network.js @@ -674,6 +674,7 @@ export async function sendWithSettings ( const settings = await models.settings.getOrCreate(); const ancestors = await db.withAncestors(request, [ + models.request.type, models.requestGroup.type, models.workspace.type ]); diff --git a/packages/insomnia-app/app/network/o-auth-2/grant-authorization-code.js b/packages/insomnia-app/app/network/o-auth-2/grant-authorization-code.js index ffbb417452..97246f8a0f 100644 --- a/packages/insomnia-app/app/network/o-auth-2/grant-authorization-code.js +++ b/packages/insomnia-app/app/network/o-auth-2/grant-authorization-code.js @@ -65,9 +65,10 @@ async function _authorize (url, clientId, redirectUri = '', scope = '', state = // Add query params to URL const qs = buildQueryStringFromParams(params); const finalUrl = joinUrlAndQueryString(url, qs); - const regex = new RegExp(`${escapeRegex(redirectUri)}.*(code=|error=)`, 'i'); + const successRegex = new RegExp(`${escapeRegex(redirectUri)}.*(code=)`, 'i'); + const failureRegex = new RegExp(`${escapeRegex(redirectUri)}.*(error=)`, 'i'); - const redirectedTo = await authorizeUserInWindow(finalUrl, regex); + const redirectedTo = await authorizeUserInWindow(finalUrl, successRegex, failureRegex); console.log('[oauth2] Detected redirect ' + redirectedTo); diff --git a/packages/insomnia-app/app/network/o-auth-2/misc.js b/packages/insomnia-app/app/network/o-auth-2/misc.js index c1a562611a..a7c6fc25ec 100644 --- a/packages/insomnia-app/app/network/o-auth-2/misc.js +++ b/packages/insomnia-app/app/network/o-auth-2/misc.js @@ -20,25 +20,28 @@ export function responseToObject (body, keys) { let results = {}; for (const key of keys) { - const value = data[key] !== undefined ? data[key] : null; - results[key] = value; + results[key] = data[key] !== undefined ? data[key] : null; } return results; } -export function authorizeUserInWindow (url, urlSuccessRegex = /.*/, urlFailureRegex = /.*/) { +export function authorizeUserInWindow ( + url, + urlSuccessRegex = /(code=).*/, + urlFailureRegex = /(error=).*/ +) { return new Promise((resolve, reject) => { let finalUrl = null; let hasError = false; function _parseUrl (currentUrl) { if (currentUrl.match(urlSuccessRegex)) { - console.log(`[oauth2] Matched redirect to "${currentUrl}" with ${urlSuccessRegex.toString()}`); + console.log(`[oauth2] Matched success redirect to "${currentUrl}" with ${urlSuccessRegex.toString()}`); finalUrl = currentUrl; child.close(); } else if (currentUrl.match(urlFailureRegex)) { - console.log(`[oauth2] Matched redirect to "${currentUrl}" with ${urlFailureRegex.toString()}`); + console.log(`[oauth2] Matched error redirect to "${currentUrl}" with ${urlFailureRegex.toString()}`); hasError = true; child.close(); } else if (currentUrl === url) { diff --git a/packages/insomnia-app/app/ui/components/editors/body/graph-ql-editor.js b/packages/insomnia-app/app/ui/components/editors/body/graph-ql-editor.js index 12cc70e0e2..3d21fcf1dd 100644 --- a/packages/insomnia-app/app/ui/components/editors/body/graph-ql-editor.js +++ b/packages/insomnia-app/app/ui/components/editors/body/graph-ql-editor.js @@ -19,6 +19,7 @@ import type {RenderedRequest} from '../../../../common/render'; import {getRenderedRequest} from '../../../../common/render'; import TimeFromNow from '../../time-from-now'; import * as models from '../../../../models/index'; +import * as db from '../../../../common/database'; type GraphQLBody = { query: string, @@ -97,14 +98,15 @@ class GraphQLEditor extends React.PureComponent { try { const bodyJson = JSON.stringify({query: introspectionQuery}); const introspectionRequest = Object.assign({}, request, { - body: newBodyRaw(bodyJson, CONTENT_TYPE_JSON), - - // NOTE: We're not actually saving this request or response but let's pretend - // like we are by setting these properties to prevent bugs in the future. _id: request._id + '.graphql', - parentId: request._id + parentId: request._id, + body: newBodyRaw(bodyJson, CONTENT_TYPE_JSON) }); + // We need to save this request because other parts of the + // app may look it up + await db.upsert(introspectionRequest); + const response = await network._actuallySend( introspectionRequest, workspace, @@ -113,17 +115,16 @@ class GraphQLEditor extends React.PureComponent { const bodyBuffer = models.response.getBodyBuffer(response); - const status = response.statusCode || 0; + const status = typeof response.statusCode === 'number' ? response.statusCode : 0; + const error = typeof response.error === 'string' ? response.error : ''; - if (response.error) { - newState.schemaFetchError = response.error; + if (error) { + newState.schemaFetchError = error; } else if (status < 200 || status >= 300) { - const msg = `Got status ${status} fetching schema from "${request.url}"`; - newState.schemaFetchError = msg; + newState.schemaFetchError = `Got status ${status} fetching schema from "${request.url}"`; } else if (bodyBuffer) { const {data} = JSON.parse(bodyBuffer.toString()); - const schema = buildClientSchema(data); - newState.schema = schema; + newState.schema = buildClientSchema(data); newState.schemaLastFetchTime = Date.now(); } else { newState.schemaFetchError = 'No response body received when fetching schema';