Merge pull request #3666 from magento-engcom/graphql-develop-prs

[EngCom] Public Pull Requests - GraphQL

Author: naydav

app/code/Magento/ThemeGraphQl/etc/graphql/di.xml

@@ -0,0 +1,30 @@
+<?xml version="1.0"?>
+<!--
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+-->
+<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:ObjectManager/etc/config.xsd">
+    <type name="Magento\StoreGraphQl\Model\Resolver\Store\StoreConfigDataProvider">
+        <arguments>
+            <argument name="extendedConfigData" xsi:type="array">
+                <item name="head_shortcut_icon" xsi:type="string">design/head/shortcut_icon</item>
+                <item name="default_title" xsi:type="string">design/head/default_title</item>
+                <item name="title_prefix" xsi:type="string">design/head/title_prefix</item>
+                <item name="title_suffix" xsi:type="string">design/head/title_suffix</item>
+                <item name="default_description" xsi:type="string">design/head/default_description</item>
+                <item name="default_keywords" xsi:type="string">design/head/default_keywords</item>
+                <item name="head_includes" xsi:type="string">design/head/includes</item>
+                <item name="demonotice" xsi:type="string">design/head/demonotice</item>
+                <item name="header_logo_src" xsi:type="string">design/header/logo_src</item>
+                <item name="logo_width" xsi:type="string">design/header/logo_width</item>
+                <item name="logo_height" xsi:type="string">design/header/logo_height</item>
+                <item name="logo_alt" xsi:type="string">design/header/logo_alt</item>
+                <item name="welcome" xsi:type="string">design/header/welcome</item>
+                <item name="absolute_footer" xsi:type="string">design/footer/absolute_footer</item>
+                <item name="copyright" xsi:type="string">design/footer/copyright</item>
+            </argument>
+        </arguments>
+    </type>
+</config>

dev/tests/api-functional/testsuite/Magento/GraphQl/IntrospectionQueryTest.php

@@ -12,10 +12,10 @@
 class IntrospectionQueryTest extends GraphQlAbstract
 {
     /**
-     * Tests that Introspection is disabled when not in developer mode
+     * Tests that Introspection is allowed by default
      * @SuppressWarnings(PHPMD.ExcessiveMethodLength)
      */
-    public function testIntrospectionQueryWithFieldArgs()
+    public function testIntrospectionQuery()
     {
         $query
             = <<<QUERY
@@ -54,11 +54,6 @@ public function testIntrospectionQueryWithFieldArgs()
 }
 QUERY;
 
-        $this->expectException(\Exception::class);
-        $this->expectExceptionMessage(
-            'GraphQL response contains errors: GraphQL introspection is not allowed, but ' .
-            'the query contained __schema or __type'
-        );
-        $this->graphQlQuery($query);
+        $this->assertArrayHasKey('__schema', $this->graphQlQuery($query));
     }
 }

lib/internal/Magento/Framework/GraphQl/Query/IntrospectionConfiguration.php

@@ -0,0 +1,42 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\Framework\GraphQl\Query;
+
+use Magento\Framework\App\DeploymentConfig;
+
+/**
+ * Class for fetching the availability of introspection queries
+ */
+class IntrospectionConfiguration
+{
+    private const CONFIG_PATH_DISABLE_INTROSPECTION = 'graphql/disable_introspection';
+
+    /**
+     * @var DeploymentConfig
+     */
+    private $deploymentConfig;
+
+    /**
+     * @param DeploymentConfig $deploymentConfig
+     */
+    public function __construct(
+        DeploymentConfig $deploymentConfig
+    ) {
+        $this->deploymentConfig = $deploymentConfig;
+    }
+
+    /**
+     * Check the the environment config to determine if introspection should be disabled.
+     *
+     * @return bool
+     */
+    public function isIntrospectionDisabled(): bool
+    {
+        return (bool)$this->deploymentConfig->get(self::CONFIG_PATH_DISABLE_INTROSPECTION);
+    }
+}

lib/internal/Magento/Framework/GraphQl/Query/QueryComplexityLimiter.php

@@ -33,16 +33,24 @@ class QueryComplexityLimiter
      */
     private $queryComplexity;
 
+    /**
+     * @var IntrospectionConfiguration
+     */
+    private $introspectionConfig;
+
     /**
      * @param int $queryDepth
      * @param int $queryComplexity
+     * @param IntrospectionConfiguration $introspectionConfig
      */
     public function __construct(
         int $queryDepth,
-        int $queryComplexity
+        int $queryComplexity,
+        IntrospectionConfiguration $introspectionConfig
     ) {
         $this->queryDepth = $queryDepth;
         $this->queryComplexity = $queryComplexity;
+        $this->introspectionConfig = $introspectionConfig;
     }
 
     /**
@@ -53,7 +61,9 @@ public function __construct(
     public function execute(): void
     {
         DocumentValidator::addRule(new QueryComplexity($this->queryComplexity));
-        DocumentValidator::addRule(new DisableIntrospection());
+        DocumentValidator::addRule(
+            new DisableIntrospection((int) $this->introspectionConfig->isIntrospectionDisabled())
+        );
         DocumentValidator::addRule(new QueryDepth($this->queryDepth));
     }
 }