honeymoose
/
hapi-fhir
mirror of https://github.com/hapifhir/hapi-fhir.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Allow GraphQL to work with RequestValidatingInterceptor (#3145) 

* Allow GraphQL to work with RequestValidatingInterceptor

* Add test

* Add changelog
This commit is contained in:
James Agnew 2021-11-08 17:47:56 -05:00 committed by GitHub
parent e29ad5179a
commit 106eb75dc6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 258 additions and 207 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
hapi-fhir-docs/src/main/resources/ca/uhn/hapi/fhir/changelog/5_7_0/3145-graphql-request-validating-interceptor.yaml Normal file
View File

@ -0,0 +1,5 @@
---
type: fix
issue: 3145
title: "RequestValidatingInteceptor incorrectly prevented GraphQL requests from being submitted using
the HTTP POST form of the GraphQL operation."

9
hapi-fhir-server/src/main/java/ca/uhn/fhir/rest/server/interceptor/BaseValidatingInterceptor.java
View File

@ -306,10 +306,17 @@ public abstract class BaseValidatingInterceptor<T> extends ValidationResultEnric
* Note: May return null
*/
protected ValidationResult validate(T theRequest, RequestDetails theRequestDetails) {
if (theRequest == null) {
if (theRequest == null || theRequestDetails == null) {
return null;
}
switch (theRequestDetails.getRestOperationType()) {
case GRAPHQL_REQUEST:
return null;
default:
break;
}
FhirValidator validator;
if (myValidator != null) {
validator = myValidator;

3
hapi-fhir-server/src/main/java/ca/uhn/fhir/rest/server/method/GraphQLMethodBinding.java
View File

@ -34,6 +34,7 @@ import ca.uhn.fhir.rest.api.server.ResponseDetails;
import ca.uhn.fhir.rest.param.ParameterUtil;
import ca.uhn.fhir.rest.server.exceptions.BaseServerResponseException;
import ca.uhn.fhir.rest.server.servlet.ServletRequestDetails;
import org.apache.commons.lang3.Validate;
import org.hl7.fhir.instance.model.api.IBaseResource;
import javax.annotation.Nonnull;
@ -109,8 +110,10 @@ public class GraphQLMethodBinding extends OperationMethodBinding {
private String getQueryValue(Object[] methodParams) {
switch (myMethodRequestType) {
case POST:
Validate.notNull(myQueryBodyParamIndex, "GraphQL method does not have @" + GraphQLQueryBody.class.getSimpleName() + " parameter");
return (String) methodParams[myQueryBodyParamIndex];
case GET:
Validate.notNull(myQueryUrlParamIndex, "GraphQL method does not have @" + GraphQLQueryUrl.class.getSimpleName() + " parameter");
return (String) methodParams[myQueryUrlParamIndex];
}
return null;

11
hapi-fhir-server/src/main/java/ca/uhn/fhir/rest/server/method/GraphQLQueryBodyParameter.java
View File

@ -44,6 +44,8 @@ import java.util.Collection;
import static ca.uhn.fhir.rest.api.Constants.CT_GRAPHQL;
import static ca.uhn.fhir.rest.api.Constants.CT_JSON;
import static ca.uhn.fhir.rest.server.method.ResourceParameter.createRequestReader;
import static org.apache.commons.lang3.StringUtils.defaultString;
import static org.apache.commons.lang3.StringUtils.trim;
public class GraphQLQueryBodyParameter implements IParameter {
@ -51,9 +53,16 @@ public class GraphQLQueryBodyParameter implements IParameter {
@Override
public Object translateQueryParametersIntoServerArgument(RequestDetails theRequest, BaseMethodBinding<?> theMethodBinding) throws InternalErrorException, InvalidRequestException {
String ctValue = theRequest.getHeader(Constants.HEADER_CONTENT_TYPE);
String ctValue = defaultString(theRequest.getHeader(Constants.HEADER_CONTENT_TYPE));
Reader requestReader = createRequestReader(theRequest);
// Trim off "; charset=FOO" from the content-type header
int semicolonIdx = ctValue.indexOf(';');
if (semicolonIdx != -1) {
ctValue = ctValue.substring(0, semicolonIdx);
}
ctValue = trim(ctValue);
if (CT_JSON.equals(ctValue)) {
try {
ObjectMapper mapper = new ObjectMapper();

14
hapi-fhir-test-utilities/src/main/java/ca/uhn/fhir/test/utilities/server/ResourceProviderExtension.java
View File

@ -20,19 +20,22 @@ package ca.uhn.fhir.test.utilities.server;
* #L%
*/
import org.apache.commons.lang3.Validate;
import org.junit.jupiter.api.extension.AfterEachCallback;
import org.junit.jupiter.api.extension.BeforeEachCallback;
import org.junit.jupiter.api.extension.ExtensionContext;
public class ResourceProviderExtension implements BeforeEachCallback, AfterEachCallback {
public class ResourceProviderExtension<T> implements BeforeEachCallback, AfterEachCallback {
private final RestfulServerExtension myRestfulServerExtension;
private Object myProvider;
private final T myProvider;
/**
* Constructor
*/
public ResourceProviderExtension(RestfulServerExtension theRestfulServerExtension, Object theProvider) {
public ResourceProviderExtension(RestfulServerExtension theRestfulServerExtension, T theProvider) {
Validate.notNull(theRestfulServerExtension);
Validate.notNull(theProvider);
myRestfulServerExtension = theRestfulServerExtension;
myProvider = theProvider;
}
@ -46,4 +49,9 @@ public class ResourceProviderExtension implements BeforeEachCallback, AfterEachC
public void beforeEach(ExtensionContext context) {
myRestfulServerExtension.getRestfulServer().registerProvider(myProvider);
}
public T getProvider() {
return myProvider;
}
}

4
hapi-fhir-test-utilities/src/main/java/ca/uhn/fhir/test/utilities/server/RestfulServerExtension.java
View File

@ -234,6 +234,10 @@ public class RestfulServerExtension implements BeforeEachCallback, AfterEachCall
return "http://localhost:" + myPort;
}
public void unregisterAllInterceptors() {
myServlet.getInterceptorService().unregisterAllInterceptors();
}
@Interceptor
private class ListenerExtension {

189
hapi-fhir-validation/src/test/java/ca/uhn/fhir/rest/server/RequestValidatingInterceptorR4Test.java
View File

@ -1,21 +1,27 @@
package ca.uhn.fhir.rest.server;
import ca.uhn.fhir.context.FhirContext;
import ca.uhn.fhir.model.api.IResource;
import ca.uhn.fhir.model.primitive.IdDt;
import ca.uhn.fhir.rest.annotation.Create;
import ca.uhn.fhir.rest.annotation.Delete;
import ca.uhn.fhir.rest.annotation.GraphQL;
import ca.uhn.fhir.rest.annotation.GraphQLQueryBody;
import ca.uhn.fhir.rest.annotation.GraphQLQueryUrl;
import ca.uhn.fhir.rest.annotation.IdParam;
import ca.uhn.fhir.rest.annotation.OptionalParam;
import ca.uhn.fhir.rest.annotation.ResourceParam;
import ca.uhn.fhir.rest.annotation.Search;
import ca.uhn.fhir.rest.api.Constants;
import ca.uhn.fhir.rest.api.MethodOutcome;
import ca.uhn.fhir.rest.api.RequestTypeEnum;
import ca.uhn.fhir.rest.param.StringParam;
import ca.uhn.fhir.rest.server.exceptions.InternalErrorException;
import ca.uhn.fhir.rest.server.interceptor.RequestValidatingInterceptor;
import ca.uhn.fhir.test.utilities.JettyUtil;
import ca.uhn.fhir.test.utilities.HttpClientExtension;
import ca.uhn.fhir.test.utilities.server.ResourceProviderExtension;
import ca.uhn.fhir.test.utilities.server.RestfulServerExtension;
import ca.uhn.fhir.util.TestUtil;
import ca.uhn.fhir.util.UrlUtil;
import ca.uhn.fhir.validation.IValidationContext;
import ca.uhn.fhir.validation.IValidatorModule;
import ca.uhn.fhir.validation.ResultSeverityEnum;
@ -28,29 +34,23 @@ import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.ContentType;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.servlet.ServletHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.hl7.fhir.common.hapi.validation.validator.FhirInstanceValidator;
import org.hl7.fhir.instance.model.api.IBaseResource;
import org.hl7.fhir.instance.model.api.IIdType;
import org.hl7.fhir.r4.model.Enumerations.AdministrativeGender;
import org.hl7.fhir.r4.model.IdType;
import org.hl7.fhir.r4.model.Narrative;
import org.hl7.fhir.r4.model.Patient;
import org.hl7.fhir.utilities.xhtml.XhtmlNode;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Order;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.RegisterExtension;
import org.mockito.Mockito;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.concurrent.TimeUnit;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.containsString;
@ -59,23 +59,27 @@ import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.mockito.Mockito.mock;
public class RequestValidatingInterceptorR4Test {
private static CloseableHttpClient ourClient;
private static FhirContext ourCtx = FhirContext.forR4();
private static boolean ourLastRequestWasSearch;
private static final org.slf4j.Logger ourLog = org.slf4j.LoggerFactory.getLogger(RequestValidatingInterceptorR4Test.class);
@RegisterExtension
static HttpClientExtension ourClient = new HttpClientExtension();
private static final FhirContext ourCtx = FhirContext.forR4Cached();
@RegisterExtension
@Order(0)
static RestfulServerExtension ourServlet = new RestfulServerExtension(ourCtx);
@RegisterExtension
@Order(1)
static ResourceProviderExtension<PatientProvider> ourProvider = new ResourceProviderExtension<>(ourServlet, new PatientProvider());
private static boolean ourLastRequestWasSearch;
private static int ourPort;
private static Server ourServer;
private static RestfulServer ourServlet;
private RequestValidatingInterceptor myInterceptor;
@BeforeEach
public void before() {
ourProvider.getProvider().ourLastGraphQlQueryGet = null;
ourProvider.getProvider().ourLastGraphQlQueryPost = null;
ourLastRequestWasSearch = false;
ourServlet.getInterceptorService().unregisterAllInterceptors();
ourServlet.unregisterAllInterceptors();
myInterceptor = new RequestValidatingInterceptor();
// myInterceptor.setFailOnSeverity(ResultSeverityEnum.ERROR);
@ -84,6 +88,7 @@ public class RequestValidatingInterceptorR4Test {
// myInterceptor.setResponseHeaderValue(RequestValidatingInterceptor.DEFAULT_RESPONSE_HEADER_VALUE);
ourServlet.registerInterceptor(myInterceptor);
ourPort = ourServlet.getPort();
}
@Test
@ -100,7 +105,7 @@ public class RequestValidatingInterceptorR4Test {
HttpPost httpPost = new HttpPost("http://localhost:" + ourPort + "/Patient");
httpPost.setEntity(new StringEntity(encoded, ContentType.create(Constants.CT_FHIR_JSON, "UTF-8")));
HttpResponse status = ourClient.execute(httpPost);
HttpResponse status = ourClient.getClient().execute(httpPost);
String responseContent = IOUtils.toString(status.getEntity().getContent(), Charsets.UTF_8);
IOUtils.closeQuietly(status.getEntity().getContent());
@ -113,6 +118,41 @@ public class RequestValidatingInterceptorR4Test {
assertThat(responseContent, not(containsString("<severity value=\"error\"/>")));
}
@Test
public void testGraphQlRequestResponse_GET() throws IOException {
HttpGet request = new HttpGet("http://localhost:" + ourPort + "/Patient/123/$graphql?query=" + UrlUtil.escapeUrlParam("{name}"));
try (CloseableHttpResponse status = ourClient.getClient().execute(request)) {
String responseContent = IOUtils.toString(status.getEntity().getContent(), Charsets.UTF_8);
ourLog.info("Response was:\n{}", status);
ourLog.info("Response was:\n{}", responseContent);
assertEquals(200, status.getStatusLine().getStatusCode());
assertEquals("{\"name\":{\"family\": \"foo\"}}", responseContent);
assertEquals("{name}", ourProvider.getProvider().ourLastGraphQlQueryGet);
}
}
@Test
public void testGraphQlRequestResponse_POST() throws IOException {
HttpPost request = new HttpPost("http://localhost:" + ourPort + "/Patient/123/$graphql");
request.setEntity(new StringEntity("{\"query\": \"{name}\"}", ContentType.APPLICATION_JSON));
try (CloseableHttpResponse status = ourClient.getClient().execute(request)) {
String responseContent = IOUtils.toString(status.getEntity().getContent(), Charsets.UTF_8);
ourLog.info("Response was:\n{}", status);
ourLog.info("Response was:\n{}", responseContent);
assertEquals(200, status.getStatusLine().getStatusCode());
assertEquals("{\"name\":{\"family\": \"foo\"}}", responseContent);
assertEquals("{name}", ourProvider.getProvider().ourLastGraphQlQueryPost);
}
}
@Test
public void testCreateJsonInvalidNoValidatorsSpecified() throws Exception {
myInterceptor.setAddResponseHeaderOnSeverity(ResultSeverityEnum.INFORMATION);
@ -126,7 +166,7 @@ public class RequestValidatingInterceptorR4Test {
HttpPost httpPost = new HttpPost("http://localhost:" + ourPort + "/Patient");
httpPost.setEntity(new StringEntity(encoded, ContentType.create(Constants.CT_FHIR_JSON, "UTF-8")));
HttpResponse status = ourClient.execute(httpPost);
HttpResponse status = ourClient.getClient().execute(httpPost);
String responseContent = IOUtils.toString(status.getEntity().getContent(), Charsets.UTF_8);
IOUtils.closeQuietly(status.getEntity().getContent());
@ -136,7 +176,7 @@ public class RequestValidatingInterceptorR4Test {
assertEquals(422, status.getStatusLine().getStatusCode());
assertThat(status.toString(), containsString("X-FHIR-Request-Validation"));
assertThat(responseContent, containsString("\"severity\":\"error\""));
assertThat(responseContent, containsString("\"severity\": \"error\""));
}
@Test
@ -150,7 +190,7 @@ public class RequestValidatingInterceptorR4Test {
HttpPost httpPost = new HttpPost("http://localhost:" + ourPort + "/Patient");
httpPost.setEntity(new StringEntity(encoded, ContentType.create(Constants.CT_FHIR_JSON, "UTF-8")));
HttpResponse status = ourClient.execute(httpPost);
HttpResponse status = ourClient.getClient().execute(httpPost);
String responseContent = IOUtils.toString(status.getEntity().getContent(), Charsets.UTF_8);
IOUtils.closeQuietly(status.getEntity().getContent());
@ -176,7 +216,7 @@ public class RequestValidatingInterceptorR4Test {
HttpPost httpPost = new HttpPost("http://localhost:" + ourPort + "/Patient");
httpPost.setEntity(new StringEntity(encoded, ContentType.create(Constants.CT_FHIR_JSON, "UTF-8")));
HttpResponse status = ourClient.execute(httpPost);
HttpResponse status = ourClient.getClient().execute(httpPost);
String responseContent = IOUtils.toString(status.getEntity().getContent(), Charsets.UTF_8);
IOUtils.closeQuietly(status.getEntity().getContent());
@ -188,8 +228,6 @@ public class RequestValidatingInterceptorR4Test {
assertThat(status.toString(), (containsString("X-FHIR-Request-Validation: NO ISSUES")));
}
@Test
public void testValidateXmlPayloadWithXxeDirective_InstanceValidator() throws IOException {
IValidatorModule module = new FhirInstanceValidator(ourCtx);
@ -213,7 +251,7 @@ public class RequestValidatingInterceptorR4Test {
HttpPost httpPost = new HttpPost("http://localhost:" + ourPort + "/Patient");
httpPost.setEntity(new StringEntity(encoded, ContentType.create(Constants.CT_FHIR_XML, "UTF-8")));
try (CloseableHttpResponse status = ourClient.execute(httpPost)) {
try (CloseableHttpResponse status = ourClient.getClient().execute(httpPost)) {
String responseContent = IOUtils.toString(status.getEntity().getContent(), Charsets.UTF_8);
ourLog.info("Response was:\n{}", status);
@ -225,7 +263,6 @@ public class RequestValidatingInterceptorR4Test {
}
@Test
public void testCreateXmlInvalidInstanceValidator() throws Exception {
IValidatorModule module = new FhirInstanceValidator(ourCtx);
@ -242,7 +279,7 @@ public class RequestValidatingInterceptorR4Test {
HttpPost httpPost = new HttpPost("http://localhost:" + ourPort + "/Patient");
httpPost.setEntity(new StringEntity(encoded, ContentType.create(Constants.CT_FHIR_XML, "UTF-8")));
try (CloseableHttpResponse status = ourClient.execute(httpPost)) {
try (CloseableHttpResponse status = ourClient.getClient().execute(httpPost)) {
String responseContent = IOUtils.toString(status.getEntity().getContent(), Charsets.UTF_8);
ourLog.info("Response was:\n{}", status);
@ -266,7 +303,7 @@ public class RequestValidatingInterceptorR4Test {
HttpPost httpPost = new HttpPost("http://localhost:" + ourPort + "/Patient");
httpPost.setEntity(new StringEntity(encoded, ContentType.create(Constants.CT_FHIR_XML, "UTF-8")));
HttpResponse status = ourClient.execute(httpPost);
HttpResponse status = ourClient.getClient().execute(httpPost);
String responseContent = IOUtils.toString(status.getEntity().getContent(), Charsets.UTF_8);
IOUtils.closeQuietly(status.getEntity().getContent());
@ -293,7 +330,7 @@ public class RequestValidatingInterceptorR4Test {
HttpPost httpPost = new HttpPost("http://localhost:" + ourPort + "/Patient");
httpPost.setEntity(new StringEntity(encoded, ContentType.create(Constants.CT_FHIR_XML, "UTF-8")));
HttpResponse status = ourClient.execute(httpPost);
HttpResponse status = ourClient.getClient().execute(httpPost);
String responseContent = IOUtils.toString(status.getEntity().getContent(), Charsets.UTF_8);
IOUtils.closeQuietly(status.getEntity().getContent());
@ -305,7 +342,6 @@ public class RequestValidatingInterceptorR4Test {
assertThat(status.toString(), containsString("X-FHIR-Request-Validation: {\"resourceType\":\"OperationOutcome"));
}
@SuppressWarnings("unchecked")
@Test
public void testInterceptorExceptionNpeNoIgnore() throws Exception {
@ -324,7 +360,7 @@ public class RequestValidatingInterceptorR4Test {
HttpPost httpPost = new HttpPost("http://localhost:" + ourPort + "/Patient");
httpPost.setEntity(new StringEntity(encoded, ContentType.create(Constants.CT_FHIR_XML, "UTF-8")));
HttpResponse status = ourClient.execute(httpPost);
HttpResponse status = ourClient.getClient().execute(httpPost);
String responseContent = IOUtils.toString(status.getEntity().getContent(), Charsets.UTF_8);
IOUtils.closeQuietly(status.getEntity().getContent());
@ -354,7 +390,7 @@ public class RequestValidatingInterceptorR4Test {
HttpPost httpPost = new HttpPost("http://localhost:" + ourPort + "/Patient");
httpPost.setEntity(new StringEntity(encoded, ContentType.create(Constants.CT_FHIR_XML, "UTF-8")));
HttpResponse status = ourClient.execute(httpPost);
HttpResponse status = ourClient.getClient().execute(httpPost);
String responseContent = IOUtils.toString(status.getEntity().getContent(), Charsets.UTF_8);
IOUtils.closeQuietly(status.getEntity().getContent());
@ -384,7 +420,7 @@ public class RequestValidatingInterceptorR4Test {
HttpPost httpPost = new HttpPost("http://localhost:" + ourPort + "/Patient");
httpPost.setEntity(new StringEntity(encoded, ContentType.create(Constants.CT_FHIR_XML, "UTF-8")));
HttpResponse status = ourClient.execute(httpPost);
HttpResponse status = ourClient.getClient().execute(httpPost);
String responseContent = IOUtils.toString(status.getEntity().getContent(), Charsets.UTF_8);
IOUtils.closeQuietly(status.getEntity().getContent());
@ -414,7 +450,7 @@ public class RequestValidatingInterceptorR4Test {
HttpPost httpPost = new HttpPost("http://localhost:" + ourPort + "/Patient");
httpPost.setEntity(new StringEntity(encoded, ContentType.create(Constants.CT_FHIR_XML, "UTF-8")));
HttpResponse status = ourClient.execute(httpPost);
HttpResponse status = ourClient.getClient().execute(httpPost);
String responseContent = IOUtils.toString(status.getEntity().getContent(), Charsets.UTF_8);
IOUtils.closeQuietly(status.getEntity().getContent());
@ -437,7 +473,7 @@ public class RequestValidatingInterceptorR4Test {
HttpPost httpPost = new HttpPost("http://localhost:" + ourPort + "/Patient");
httpPost.setEntity(new StringEntity(encoded, ContentType.create(Constants.CT_FHIR_XML, "UTF-8")));
HttpResponse status = ourClient.execute(httpPost);
HttpResponse status = ourClient.getClient().execute(httpPost);
String responseContent = IOUtils.toString(status.getEntity().getContent(), Charsets.UTF_8);
IOUtils.closeQuietly(status.getEntity().getContent());
@ -459,7 +495,7 @@ public class RequestValidatingInterceptorR4Test {
HttpDelete httpDelete = new HttpDelete("http://localhost:" + ourPort + "/Patient/123");
CloseableHttpResponse status = ourClient.execute(httpDelete);
CloseableHttpResponse status = ourClient.getClient().execute(httpDelete);
try {
ourLog.info("Response was:\n{}", status);
@ -479,7 +515,7 @@ public class RequestValidatingInterceptorR4Test {
// This header caused a crash
httpGet.addHeader("Content-Type", "application/xml+fhir");
HttpResponse status = ourClient.execute(httpGet);
HttpResponse status = ourClient.getClient().execute(httpGet);
String responseContent = IOUtils.toString(status.getEntity().getContent(), Charsets.UTF_8);
IOUtils.closeQuietly(status.getEntity().getContent());
@ -495,7 +531,7 @@ public class RequestValidatingInterceptorR4Test {
public void testSearch() throws Exception {
HttpGet httpPost = new HttpGet("http://localhost:" + ourPort + "/Patient?foo=bar");
HttpResponse status = ourClient.execute(httpPost);
HttpResponse status = ourClient.getClient().execute(httpPost);
String responseContent = IOUtils.toString(status.getEntity().getContent(), Charsets.UTF_8);
IOUtils.closeQuietly(status.getEntity().getContent());
@ -508,36 +544,13 @@ public class RequestValidatingInterceptorR4Test {
assertEquals(true, ourLastRequestWasSearch);
}
@AfterAll
public static void afterClassClearContext() throws Exception {
JettyUtil.closeServer(ourServer);
TestUtil.randomizeLocaleAndTimezone();
}
@BeforeAll
public static void beforeClass() throws Exception {
ourServer = new Server(0);
PatientProvider patientProvider = new PatientProvider();
ServletHandler proxyHandler = new ServletHandler();
ourServlet = new RestfulServer(ourCtx);
ourServlet.setResourceProviders(patientProvider);
ServletHolder servletHolder = new ServletHolder(ourServlet);
proxyHandler.addServletWithMapping(servletHolder, "/*");
ourServer.setHandler(proxyHandler);
JettyUtil.startServer(ourServer);
ourPort = JettyUtil.getPortForStartedServer(ourServer);
PoolingHttpClientConnectionManager connectionManager = new PoolingHttpClientConnectionManager(5000, TimeUnit.MILLISECONDS);
HttpClientBuilder builder = HttpClientBuilder.create();
builder.setConnectionManager(connectionManager);
ourClient = builder.build();
}
public static class PatientProvider implements IResourceProvider {
public String ourLastGraphQlQueryGet;
public String ourLastGraphQlQueryPost;
private IBaseResource myReturnResource;
@Create()
public MethodOutcome createPatient(@ResourceParam Patient thePatient, @IdParam IdType theIdParam) {
return new MethodOutcome(new IdDt("Patient/001/_history/002"));
@ -548,17 +561,45 @@ public class RequestValidatingInterceptorR4Test {
return new MethodOutcome(theId.withVersion("2"));
}
@GraphQL(type = RequestTypeEnum.GET)
public String graphQLGet(@IdParam IIdType theId, @GraphQLQueryUrl String theQueryUrl) {
ourLastGraphQlQueryGet = theQueryUrl;
return "{\"name\":{\"family\": \"foo\"}}";
}
@GraphQL(type = RequestTypeEnum.POST)
public String graphQLPost(@IdParam IIdType theId, @GraphQLQueryBody String theQueryUrl) {
ourLastGraphQlQueryPost = theQueryUrl;
return "{\"name\":{\"family\": \"foo\"}}";
}
@Override
public Class<? extends IBaseResource> getResourceType() {
return Patient.class;
}
@Search
public List<IResource> search(@OptionalParam(name = "foo") StringParam theString) {
ourLastRequestWasSearch = true;
return new ArrayList<IResource>();
public void setReturnResource(IBaseResource theReturnResource) {
myReturnResource = theReturnResource;
}
@Search
public ArrayList<IBaseResource> search(@OptionalParam(name = "foo") StringParam theString) {
ourLastRequestWasSearch = true;
ArrayList<IBaseResource> retVal = new ArrayList<>();
if (myReturnResource != null) {
myReturnResource.setId("1");
retVal.add(myReturnResource);
myReturnResource = null;
}
return retVal;
}
}
@AfterAll
public static void afterClassClearContext() throws Exception {
TestUtil.randomizeLocaleAndTimezone();
}
}

210
hapi-fhir-validation/src/test/java/ca/uhn/fhir/rest/server/ResponseValidatingInterceptorR4Test.java
View File

@ -1,18 +1,13 @@
package ca.uhn.fhir.rest.server;
import ca.uhn.fhir.context.FhirContext;
import ca.uhn.fhir.rest.annotation.Delete;
import ca.uhn.fhir.rest.annotation.IdParam;
import ca.uhn.fhir.rest.annotation.OptionalParam;
import ca.uhn.fhir.rest.annotation.Search;
import ca.uhn.fhir.rest.api.EncodingEnum;
import ca.uhn.fhir.rest.api.MethodOutcome;
import ca.uhn.fhir.rest.api.RestOperationTypeEnum;
import ca.uhn.fhir.rest.param.StringParam;
import ca.uhn.fhir.rest.server.exceptions.InternalErrorException;
import ca.uhn.fhir.rest.server.interceptor.ResponseValidatingInterceptor;
import ca.uhn.fhir.test.utilities.JettyUtil;
import ca.uhn.fhir.util.TestUtil;
import ca.uhn.fhir.test.utilities.HttpClientExtension;
import ca.uhn.fhir.test.utilities.server.ResourceProviderExtension;
import ca.uhn.fhir.test.utilities.server.RestfulServerExtension;
import ca.uhn.fhir.util.UrlUtil;
import ca.uhn.fhir.validation.IValidationContext;
import ca.uhn.fhir.validation.IValidatorModule;
import ca.uhn.fhir.validation.ResultSeverityEnum;
@ -22,28 +17,22 @@ import org.apache.http.HttpResponse;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpDelete;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.servlet.ServletHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.ContentType;
import org.apache.http.entity.StringEntity;
import org.hamcrest.Matchers;
import org.hl7.fhir.common.hapi.validation.validator.FhirInstanceValidator;
import org.hl7.fhir.instance.model.api.IBaseResource;
import org.hl7.fhir.r4.model.Enumerations.AdministrativeGender;
import org.hl7.fhir.r4.model.IdType;
import org.hl7.fhir.r4.model.Narrative;
import org.hl7.fhir.r4.model.Patient;
import org.hl7.fhir.utilities.xhtml.XhtmlNode;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Order;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.RegisterExtension;
import org.mockito.Mockito;
import java.util.ArrayList;
import java.util.concurrent.TimeUnit;
import java.io.IOException;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.containsString;
@ -54,20 +43,25 @@ import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.mockito.Mockito.mock;
public class ResponseValidatingInterceptorR4Test {
public static IBaseResource myReturnResource;
private static CloseableHttpClient ourClient;
private static FhirContext ourCtx = FhirContext.forR4();
private static final org.slf4j.Logger ourLog = org.slf4j.LoggerFactory.getLogger(ResponseValidatingInterceptorR4Test.class);
@RegisterExtension
static HttpClientExtension ourClient = new HttpClientExtension();
private static final FhirContext ourCtx = FhirContext.forR4Cached();
@RegisterExtension
@Order(0)
static RestfulServerExtension ourServlet = new RestfulServerExtension(ourCtx);
@RegisterExtension
@Order(1)
static ResourceProviderExtension<RequestValidatingInterceptorR4Test.PatientProvider> ourProvider = new ResourceProviderExtension<>(ourServlet, new RequestValidatingInterceptorR4Test.PatientProvider());
private static int ourPort;
private static Server ourServer;
private static RestfulServer ourServlet;
private ResponseValidatingInterceptor myInterceptor;
@BeforeEach
public void before() {
myReturnResource = null;
ourServlet.getInterceptorService().unregisterAllInterceptors();
ourProvider.getProvider().setReturnResource(null);
ourProvider.getProvider().ourLastGraphQlQueryGet = null;
ourProvider.getProvider().ourLastGraphQlQueryPost = null;
ourServlet.unregisterAllInterceptors();
myInterceptor = new ResponseValidatingInterceptor();
// myInterceptor.setFailOnSeverity(ResultSeverityEnum.ERROR);
@ -76,6 +70,7 @@ public class ResponseValidatingInterceptorR4Test {
// myInterceptor.setResponseHeaderValue(RequestValidatingInterceptor.DEFAULT_RESPONSE_HEADER_VALUE);
ourServlet.registerInterceptor(myInterceptor);
ourPort = ourServlet.getPort();
}
@SuppressWarnings("unchecked")
@ -84,7 +79,7 @@ public class ResponseValidatingInterceptorR4Test {
Patient patient = new Patient();
patient.addIdentifier().setValue("002");
patient.setGender(AdministrativeGender.MALE);
myReturnResource = patient;
ourProvider.getProvider().setReturnResource(patient);
myInterceptor.setAddResponseHeaderOnSeverity(null);
myInterceptor.setFailOnSeverity(null);
@ -96,7 +91,7 @@ public class ResponseValidatingInterceptorR4Test {
Mockito.doThrow(new NullPointerException("SOME MESSAGE")).when(module).validateResource(Mockito.any(IValidationContext.class));
HttpGet httpPost = new HttpGet("http://localhost:" + ourPort + "/Patient?foo=bar");
HttpResponse status = ourClient.execute(httpPost);
HttpResponse status = ourClient.getClient().execute(httpPost);
String responseContent = IOUtils.toString(status.getEntity().getContent(), Charsets.UTF_8);
IOUtils.closeQuietly(status.getEntity().getContent());
@ -105,7 +100,7 @@ public class ResponseValidatingInterceptorR4Test {
ourLog.info("Response was:\n{}", responseContent);
assertEquals(500, status.getStatusLine().getStatusCode());
assertThat(responseContent, containsString("<diagnostics value=\"SOME MESSAGE\"/>"));
assertThat(responseContent, containsString("\"diagnostics\": \"SOME MESSAGE\""));
}
@SuppressWarnings("unchecked")
@ -114,7 +109,7 @@ public class ResponseValidatingInterceptorR4Test {
Patient patient = new Patient();
patient.addIdentifier().setValue("002");
patient.setGender(AdministrativeGender.MALE);
myReturnResource = patient;
ourProvider.getProvider().setReturnResource(patient);
myInterceptor.setAddResponseHeaderOnSeverity(null);
myInterceptor.setFailOnSeverity(null);
@ -126,7 +121,7 @@ public class ResponseValidatingInterceptorR4Test {
Mockito.doThrow(NullPointerException.class).when(module).validateResource(Mockito.any(IValidationContext.class));
HttpGet httpPost = new HttpGet("http://localhost:" + ourPort + "/Patient?foo=bar");
HttpResponse status = ourClient.execute(httpPost);
HttpResponse status = ourClient.getClient().execute(httpPost);
String responseContent = IOUtils.toString(status.getEntity().getContent(), Charsets.UTF_8);
IOUtils.closeQuietly(status.getEntity().getContent());
@ -144,7 +139,7 @@ public class ResponseValidatingInterceptorR4Test {
Patient patient = new Patient();
patient.addIdentifier().setValue("002");
patient.setGender(AdministrativeGender.MALE);
myReturnResource = patient;
ourProvider.getProvider().setReturnResource(patient);
myInterceptor.setAddResponseHeaderOnSeverity(null);
myInterceptor.setFailOnSeverity(null);
@ -156,7 +151,7 @@ public class ResponseValidatingInterceptorR4Test {
Mockito.doThrow(new InternalErrorException("FOO")).when(module).validateResource(Mockito.any(IValidationContext.class));
HttpGet httpPost = new HttpGet("http://localhost:" + ourPort + "/Patient?foo=bar");
HttpResponse status = ourClient.execute(httpPost);
HttpResponse status = ourClient.getClient().execute(httpPost);
String responseContent = IOUtils.toString(status.getEntity().getContent(), Charsets.UTF_8);
IOUtils.closeQuietly(status.getEntity().getContent());
@ -165,7 +160,7 @@ public class ResponseValidatingInterceptorR4Test {
ourLog.info("Response was:\n{}", responseContent);
assertEquals(500, status.getStatusLine().getStatusCode());
assertThat(responseContent, containsString("<diagnostics value=\"FOO\"/>"));
assertThat(responseContent, containsString("\"diagnostics\": \"FOO\""));
}
@SuppressWarnings("unchecked")
@ -174,7 +169,7 @@ public class ResponseValidatingInterceptorR4Test {
Patient patient = new Patient();
patient.addIdentifier().setValue("002");
patient.setGender(AdministrativeGender.MALE);
myReturnResource = patient;
ourProvider.getProvider().setReturnResource(patient);
myInterceptor.setAddResponseHeaderOnSeverity(null);
myInterceptor.setFailOnSeverity(null);
@ -186,7 +181,7 @@ public class ResponseValidatingInterceptorR4Test {
Mockito.doThrow(InternalErrorException.class).when(module).validateResource(Mockito.any(IValidationContext.class));
HttpGet httpPost = new HttpGet("http://localhost:" + ourPort + "/Patient?foo=bar");
HttpResponse status = ourClient.execute(httpPost);
HttpResponse status = ourClient.getClient().execute(httpPost);
String responseContent = IOUtils.toString(status.getEntity().getContent(), Charsets.UTF_8);
IOUtils.closeQuietly(status.getEntity().getContent());
@ -209,7 +204,7 @@ public class ResponseValidatingInterceptorR4Test {
HttpDelete httpDelete = new HttpDelete("http://localhost:" + ourPort + "/Patient/123");
CloseableHttpResponse status = ourClient.execute(httpDelete);
CloseableHttpResponse status = ourClient.getClient().execute(httpDelete);
try {
ourLog.info("Response was:\n{}", status);
@ -220,6 +215,40 @@ public class ResponseValidatingInterceptorR4Test {
}
}
@Test
public void testGraphQlRequestResponse_GET() throws IOException {
HttpGet request = new HttpGet("http://localhost:" + ourPort + "/Patient/123/$graphql?query=" + UrlUtil.escapeUrlParam("{name}"));
try (CloseableHttpResponse status = ourClient.getClient().execute(request)) {
String responseContent = IOUtils.toString(status.getEntity().getContent(), Charsets.UTF_8);
ourLog.info("Response was:\n{}", status);
ourLog.info("Response was:\n{}", responseContent);
assertEquals(200, status.getStatusLine().getStatusCode());
assertEquals("{\"name\":{\"family\": \"foo\"}}", responseContent);
assertEquals("{name}", ourProvider.getProvider().ourLastGraphQlQueryGet);
}
}
@Test
public void testGraphQlRequestResponse_POST() throws IOException {
HttpPost request = new HttpPost("http://localhost:" + ourPort + "/Patient/123/$graphql");
request.setEntity(new StringEntity("{\"query\": \"{name}\"}", ContentType.APPLICATION_JSON));
try (CloseableHttpResponse status = ourClient.getClient().execute(request)) {
String responseContent = IOUtils.toString(status.getEntity().getContent(), Charsets.UTF_8);
ourLog.info("Response was:\n{}", status);
ourLog.info("Response was:\n{}", responseContent);
assertEquals(200, status.getStatusLine().getStatusCode());
assertEquals("{\"name\":{\"family\": \"foo\"}}", responseContent);
assertEquals("{name}", ourProvider.getProvider().ourLastGraphQlQueryPost);
}
}
@Test
public void testLongHeaderTruncated() throws Exception {
@ -233,12 +262,12 @@ public class ResponseValidatingInterceptorR4Test {
patient.addContact().setGender(AdministrativeGender.MALE);
}
patient.setGender(AdministrativeGender.MALE);
myReturnResource = patient;
ourProvider.getProvider().setReturnResource(patient);
HttpGet httpPost = new HttpGet("http://localhost:" + ourPort + "/Patient?foo=bar");
{
HttpResponse status = ourClient.execute(httpPost);
HttpResponse status = ourClient.getClient().execute(httpPost);
String responseContent = IOUtils.toString(status.getEntity().getContent(), Charsets.UTF_8);
IOUtils.closeQuietly(status.getEntity().getContent());
@ -252,7 +281,7 @@ public class ResponseValidatingInterceptorR4Test {
}
{
myInterceptor.setMaximumHeaderLength(100);
HttpResponse status = ourClient.execute(httpPost);
HttpResponse status = ourClient.getClient().execute(httpPost);
String responseContent = IOUtils.toString(status.getEntity().getContent(), Charsets.UTF_8);
IOUtils.closeQuietly(status.getEntity().getContent());
@ -273,11 +302,11 @@ public class ResponseValidatingInterceptorR4Test {
patient.getText().setDiv(new XhtmlNode().setValue("<div>AA</div>")).setStatus(Narrative.NarrativeStatus.GENERATED);
patient.addIdentifier().setValue("002");
patient.setGender(AdministrativeGender.MALE);
myReturnResource = patient;
ourProvider.getProvider().setReturnResource(patient);
HttpGet httpPost = new HttpGet("http://localhost:" + ourPort + "/Patient?foo=bar");
HttpResponse status = ourClient.execute(httpPost);
HttpResponse status = ourClient.getClient().execute(httpPost);
String responseContent = IOUtils.toString(status.getEntity().getContent(), Charsets.UTF_8);
IOUtils.closeQuietly(status.getEntity().getContent());
@ -287,23 +316,20 @@ public class ResponseValidatingInterceptorR4Test {
assertEquals(200, status.getStatusLine().getStatusCode());
assertThat(status.toString(), (containsString(
"X-FHIR-Response-Validation: {\"resourceType\":\"OperationOutcome\",\"issue\":[{\"severity\":\"information\",\"code\":\"informational\",\"diagnostics\":\"No issues detected\"}]}")));
"X-FHIR-Response-Validation: {\"resourceType\":\"OperationOutcome\",\"issue\":[{\"severity\":\"information\",\"code\":\"informational\",\"diagnostics\":\"No issues detected\"}]}")));
}
/**
* Ignored until #264 is fixed
*/
@Test
public void testSearchJsonInvalidNoValidatorsSpecified() throws Exception {
Patient patient = new Patient();
patient.addIdentifier().setValue("002");
patient.setGender(AdministrativeGender.MALE);
patient.addContact().addRelationship().setText("FOO");
myReturnResource = patient;
ourProvider.getProvider().setReturnResource(patient);
HttpGet httpPost = new HttpGet("http://localhost:" + ourPort + "/Patient?foo=bar");
HttpResponse status = ourClient.execute(httpPost);
HttpResponse status = ourClient.getClient().execute(httpPost);
String responseContent = IOUtils.toString(status.getEntity().getContent(), Charsets.UTF_8);
IOUtils.closeQuietly(status.getEntity().getContent());
@ -312,7 +338,7 @@ public class ResponseValidatingInterceptorR4Test {
ourLog.info("Response was:\n{}", responseContent);
assertEquals(422, status.getStatusLine().getStatusCode());
assertThat(responseContent, containsString("<severity value=\"error\"/>"));
assertThat(responseContent, containsString("\"severity\": \"error\""));
}
@Test
@ -321,11 +347,11 @@ public class ResponseValidatingInterceptorR4Test {
patient.getText().setDiv(new XhtmlNode().setValue("<div>AA</div>")).setStatus(Narrative.NarrativeStatus.GENERATED);
patient.addIdentifier().setValue("002");
patient.setGender(AdministrativeGender.MALE);
myReturnResource = patient;
ourProvider.getProvider().setReturnResource(patient);
HttpGet httpPost = new HttpGet("http://localhost:" + ourPort + "/Patient?foo=bar");
HttpResponse status = ourClient.execute(httpPost);
HttpResponse status = ourClient.getClient().execute(httpPost);
String responseContent = IOUtils.toString(status.getEntity().getContent(), Charsets.UTF_8);
IOUtils.closeQuietly(status.getEntity().getContent());
@ -346,11 +372,11 @@ public class ResponseValidatingInterceptorR4Test {
patient.getText().setDiv(new XhtmlNode().setValue("<div>AA</div>")).setStatus(Narrative.NarrativeStatus.GENERATED);
patient.addIdentifier().setValue("002");
patient.setGender(AdministrativeGender.MALE);
myReturnResource = patient;
ourProvider.getProvider().setReturnResource(patient);
HttpGet httpPost = new HttpGet("http://localhost:" + ourPort + "/Patient?foo=bar");
HttpResponse status = ourClient.execute(httpPost);
HttpResponse status = ourClient.getClient().execute(httpPost);
String responseContent = IOUtils.toString(status.getEntity().getContent(), Charsets.UTF_8);
IOUtils.closeQuietly(status.getEntity().getContent());
@ -372,11 +398,11 @@ public class ResponseValidatingInterceptorR4Test {
patient.addIdentifier().setValue("002");
patient.setGender(AdministrativeGender.MALE);
patient.addContact().addRelationship().setText("FOO");
myReturnResource = patient;
ourProvider.getProvider().setReturnResource(patient);
HttpGet httpPost = new HttpGet("http://localhost:" + ourPort + "/Patient?foo=bar");
HttpResponse status = ourClient.execute(httpPost);
HttpResponse status = ourClient.getClient().execute(httpPost);
String responseContent = IOUtils.toString(status.getEntity().getContent(), Charsets.UTF_8);
IOUtils.closeQuietly(status.getEntity().getContent());
@ -397,11 +423,11 @@ public class ResponseValidatingInterceptorR4Test {
patient.addIdentifier().setValue("002");
patient.setGender(AdministrativeGender.MALE);
patient.addContact().addRelationship().setText("FOO");
myReturnResource = patient;
ourProvider.getProvider().setReturnResource(patient);
HttpGet httpPost = new HttpGet("http://localhost:" + ourPort + "/Patient?foo=bar");
HttpResponse status = ourClient.execute(httpPost);
HttpResponse status = ourClient.getClient().execute(httpPost);
String responseContent = IOUtils.toString(status.getEntity().getContent(), Charsets.UTF_8);
IOUtils.closeQuietly(status.getEntity().getContent());
@ -410,7 +436,7 @@ public class ResponseValidatingInterceptorR4Test {
ourLog.info("Response was:\n{}", responseContent);
assertEquals(422, status.getStatusLine().getStatusCode());
assertThat(responseContent, Matchers.containsString("<severity value=\"error\"/>"));
assertThat(responseContent, Matchers.containsString("\"severity\": \"error\""));
}
@Test
@ -419,11 +445,11 @@ public class ResponseValidatingInterceptorR4Test {
patient.getText().setDiv(new XhtmlNode().setValue("<div>AA</div>")).setStatus(Narrative.NarrativeStatus.GENERATED);
patient.addIdentifier().setValue("002");
patient.setGender(AdministrativeGender.MALE);
myReturnResource = patient;
ourProvider.getProvider().setReturnResource(patient);
HttpGet httpPost = new HttpGet("http://localhost:" + ourPort + "/Patient?foo=bar");
HttpResponse status = ourClient.execute(httpPost);
HttpResponse status = ourClient.getClient().execute(httpPost);
String responseContent = IOUtils.toString(status.getEntity().getContent(), Charsets.UTF_8);
IOUtils.closeQuietly(status.getEntity().getContent());
@ -443,7 +469,7 @@ public class ResponseValidatingInterceptorR4Test {
myInterceptor.setResponseHeaderValueNoIssues("No issues");
HttpGet httpPost = new HttpGet("http://localhost:" + ourPort + "/metadata");
HttpResponse status = ourClient.execute(httpPost);
HttpResponse status = ourClient.getClient().execute(httpPost);
String responseContent = IOUtils.toString(status.getEntity().getContent(), Charsets.UTF_8);
IOUtils.closeQuietly(status.getEntity().getContent());
@ -463,7 +489,7 @@ public class ResponseValidatingInterceptorR4Test {
myInterceptor.setAddResponseHeaderOnSeverity(ResultSeverityEnum.INFORMATION);
HttpGet httpPost = new HttpGet("http://localhost:" + ourPort + "/metadata?_pretty=true");
HttpResponse status = ourClient.execute(httpPost);
HttpResponse status = ourClient.getClient().execute(httpPost);
String responseContent = IOUtils.toString(status.getEntity().getContent(), Charsets.UTF_8);
ourLog.info(responseContent);
@ -476,56 +502,4 @@ public class ResponseValidatingInterceptorR4Test {
assertThat(status.toString(), (containsString("X-FHIR-Response-Validation")));
}
@AfterAll
public static void afterClassClearContext() throws Exception {
JettyUtil.closeServer(ourServer);
TestUtil.randomizeLocaleAndTimezone();
}
@BeforeAll
public static void beforeClass() throws Exception {
ourServer = new Server(0);
PatientProvider patientProvider = new PatientProvider();
ServletHandler proxyHandler = new ServletHandler();
ourServlet = new RestfulServer(ourCtx);
ourServlet.setResourceProviders(patientProvider);
ourServlet.setDefaultResponseEncoding(EncodingEnum.XML);
ServletHolder servletHolder = new ServletHolder(ourServlet);
proxyHandler.addServletWithMapping(servletHolder, "/*");
ourServer.setHandler(proxyHandler);
JettyUtil.startServer(ourServer);
ourPort = JettyUtil.getPortForStartedServer(ourServer);
PoolingHttpClientConnectionManager connectionManager = new PoolingHttpClientConnectionManager(5000, TimeUnit.MILLISECONDS);
HttpClientBuilder builder = HttpClientBuilder.create();
builder.setConnectionManager(connectionManager);
ourClient = builder.build();
}
public static class PatientProvider implements IResourceProvider {
@Delete
public MethodOutcome delete(@IdParam IdType theId) {
return new MethodOutcome(theId.withVersion("2"));
}
@Override
public Class<? extends IBaseResource> getResourceType() {
return Patient.class;
}
@Search
public ArrayList<IBaseResource> search(@OptionalParam(name = "foo") StringParam theString) {
ArrayList<IBaseResource> retVal = new ArrayList<>();
myReturnResource.setId("1");
retVal.add(myReturnResource);
return retVal;
}
}
}