@@ -129,6 +129,76 @@ describe('getDataConnect()', () => {
129129 }
130130 ] ;
131131
132+ const optsAuthorizedFredClaims : GraphqlOptions < undefined > = {
133+ impersonate : {
134+ authClaims : {
135+ sub : userId ,
136+ email_verified : true
137+ }
138+ }
139+ } ;
140+
141+ const optsNonExistingClaims : GraphqlOptions < undefined > = {
142+ impersonate : {
143+ authClaims : {
144+ sub : 'non-exisiting-id' ,
145+ email_verified : true
146+ }
147+ }
148+ } ;
149+
150+ const optsUnauthorizedClaims : GraphqlOptions < undefined > = {
151+ impersonate : {
152+ unauthenticated : true
153+ }
154+ } ;
155+
156+ const optsAuthorizedClaims : GraphqlOptions < undefined > = {
157+ impersonate : {
158+ authClaims : {
159+ sub : userId ,
160+ email_verified : true ,
161+ firebase : {
162+ identities : { who : 'me' } ,
163+ sign_in_provider : 'google.com'
164+ }
165+ }
166+ }
167+ } ;
168+ const optsNonExistingClaims : GraphqlOptions < undefined > = {
169+ impersonate : {
170+ authClaims : {
171+ sub : 'non-exisiting-id' ,
172+ email_verified : true ,
173+ firebase : {
174+ identities : { who : 'me' } ,
175+ sign_in_provider : 'google.com'
176+ }
177+ }
178+ }
179+ } ;
180+ const optsAnonymousClaims : GraphqlOptions < undefined > = {
181+ impersonate : {
182+ authClaims : {
183+ sub : userId ,
184+ email_verified : true ,
185+ firebase : {
186+ identities : { who : 'me' } ,
187+ sign_in_provider : 'anonymous'
188+ }
189+ }
190+ }
191+ } ;
192+ const optsUnverifiedClaims : GraphqlOptions < undefined > = {
193+ impersonate : {
194+ authClaims : {
195+ sub : 'non-exisiting-id' ,
196+ email_verified : false
197+ }
198+ }
199+ } ;
200+
201+
132202 describe ( 'executeGraphql()' , ( ) => {
133203 it ( 'executeGraphql() successfully executes a GraphQL mutation' , async ( ) => {
134204 const resp = await getDataConnect ( connectorConfig ) . executeGraphql < UserUpsertResponse , unknown > (
@@ -193,30 +263,6 @@ describe('getDataConnect()', () => {
193263 } ) ;
194264
195265 describe ( 'executeGraphql* Impersonation' , ( ) => {
196- const optsAuthorizedFredClaims : GraphqlOptions < undefined > = {
197- impersonate : {
198- authClaims : {
199- sub : userId ,
200- email_verified : true
201- }
202- }
203- } ;
204-
205- const optsNonExistingClaims : GraphqlOptions < undefined > = {
206- impersonate : {
207- authClaims : {
208- sub : 'non-exisiting-id' ,
209- email_verified : true
210- }
211- }
212- } ;
213-
214- const optsUnauthorizedClaims : GraphqlOptions < undefined > = {
215- impersonate : {
216- unauthenticated : true
217- }
218- } ;
219-
220266 describe ( 'USER Auth Policy' , ( ) => {
221267 it ( 'executeGraphqlRead() successfully executes an impersonated query with authenticated claims' , async ( ) => {
222268 const resp =
@@ -341,4 +387,57 @@ describe('getDataConnect()', () => {
341387 } ) ;
342388 } ) ;
343389 } ) ;
390+
391+ describe ( 'impersonateQuery()' , ( ) => {
392+ const impersonateConnectorConfig : ConnectorConfig = { ...connectorConfig , connector : 'my-connector' } ;
393+ describe ( 'with unauthenticated impersonation' , ( ) => {
394+ it ( 'should successfully execute a query with @auth(level: PUBLIC)' , ( ) => {
395+ return getDataConnect ( impersonateConnectorConfig ) . impersonateQuery ( { } )
396+ . should . eventually . be . rejected . and . have . property ( 'code' , 'data-connect/permission-denied' ) ;
397+
398+ } ) ;
399+ it ( 'should successfully execute a query with @auth(level: NO_ACCESS)' , ( ) => { } ) ;
400+ it ( 'should fail to successfully execute a query with @auth(level: USER)' , ( ) => { } ) ;
401+ it ( 'should fail to successfully execute a query with @auth(level: USER_ANON)' , ( ) => { } ) ;
402+ it ( 'should fail to successfully execute a query with @auth(level: USER_EMAIL_VERIFIED)' , ( ) => { } ) ;
403+ } ) ;
404+ describe ( 'with authenticated impersonation' , ( ) => {
405+ it ( 'should successfully execute a query with @auth(level: PUBLIC)' , ( ) => { } ) ;
406+ it ( 'should successfully execute a query with @auth(level: NO_ACCESS)' , ( ) => { } ) ;
407+ it ( 'should successfully execute a query with @auth(level: USER) \
408+ if the impersonated user is not anonymous' , ( ) => { } ) ;
409+ it ( 'should fail to successfully execute a query with @auth(level: USER) \
410+ if the impersonated user is anonymous' , ( ) => { } ) ;
411+ it ( 'should successfully execute a query with @auth(level: USER_ANON)' , ( ) => { } ) ;
412+ it ( 'should successfully execute a query with @auth(level: USER_EMAIL_VERIFIED) \
413+ if the impersonated user has their email verified' , ( ) => { } ) ;
414+ it ( 'should fail to successfully execute a query with @auth(level: USER_EMAIL_VERIFIED) \
415+ if the impersonated user does not have email verified' , ( ) => { } ) ;
416+ it ( "should grab the impersonated user's data" , ( ) => { } ) ;
417+ } ) ;
418+ } ) ;
419+
420+ describe ( 'impersonateMutation()' , ( ) => {
421+ describe ( 'with unauthenticated impersonation' , ( ) => {
422+ it ( 'should successfully execute a mutation with @auth(level: PUBLIC)' , ( ) => { } ) ;
423+ it ( 'should successfully execute a mutation with @auth(level: NO_ACCESS)' , ( ) => { } ) ;
424+ it ( 'should fail to successfully execute a mutation with @auth(level: USER)' , ( ) => { } ) ;
425+ it ( 'should fail to successfully execute a mutation with @auth(level: USER_ANON)' , ( ) => { } ) ;
426+ it ( 'should fail to successfully execute a mutation with @auth(level: USER_EMAIL_VERIFIED)' , ( ) => { } ) ;
427+ } ) ;
428+ describe ( 'with authenticated impersonation' , ( ) => {
429+ it ( 'should successfully execute a mutation with @auth(level: PUBLIC)' , ( ) => { } ) ;
430+ it ( 'should successfully execute a mutation with @auth(level: NO_ACCESS)' , ( ) => { } ) ;
431+ it ( 'should successfully execute a mutation with @auth(level: USER) \
432+ if the impersonated user is not anonymous' , ( ) => { } ) ;
433+ it ( 'should fail to successfully execute a mutation with @auth(level: USER) \
434+ if the impersonated user is anonymous' , ( ) => { } ) ;
435+ it ( 'should successfully execute a mutation with @auth(level: USER_ANON)' , ( ) => { } ) ;
436+ it ( 'should successfully execute a mutation with @auth(level: USER_EMAIL_VERIFIED) \
437+ if the impersonated user has their email verified' , ( ) => { } ) ;
438+ it ( 'should fail to successfully execute a mutation with @auth(level: USER_EMAIL_VERIFIED) \
439+ if the impersonated user does not have email verified' , ( ) => { } ) ;
440+ it ( "should grab the impersonated user's data" , ( ) => { } ) ;
441+ } ) ;
442+ } ) ;
344443} ) ;
0 commit comments