diff --git a/src/Plugin/GraphQL/DataProducer/User/CurrentUser.php b/src/Plugin/GraphQL/DataProducer/User/CurrentUser.php index 8f4d6ab37..b3fb27986 100644 --- a/src/Plugin/GraphQL/DataProducer/User/CurrentUser.php +++ b/src/Plugin/GraphQL/DataProducer/User/CurrentUser.php @@ -42,7 +42,7 @@ public static function create(ContainerInterface $container, array $configuratio } /** - * CurrentUser constructor. + * Constructs a new CurrentUser data producer. * * @param array $configuration * A configuration array containing information about the plugin instance. @@ -59,7 +59,7 @@ public function __construct(array $configuration, string $plugin_id, array $plug } /** - * Returns current user. + * Returns the current user. * * @param \Drupal\graphql\GraphQL\Execution\FieldContext $field_context * Field context. @@ -68,9 +68,9 @@ public function __construct(array $configuration, string $plugin_id, array $plug * The current user. */ public function resolve(FieldContext $field_context): AccountInterface { - // Response must be cached based on current user as a cache context, - // otherwise a new user would became a previous user. - $field_context->addCacheableDependency($this->currentUser); + // Response must be cached per user so that information from previously + // logged in users will not leak to newly logged in users. + $field_context->addCacheContexts(['user']); return $this->currentUser; } diff --git a/tests/src/Kernel/DataProducer/CurrentUserTest.php b/tests/src/Kernel/DataProducer/CurrentUserTest.php new file mode 100644 index 000000000..872f2c6dd --- /dev/null +++ b/tests/src/Kernel/DataProducer/CurrentUserTest.php @@ -0,0 +1,92 @@ +users = [ + $this->createUser(), + $this->createUser(), + ]; + + // Log out initially. + $this->container->get('current_user')->setAccount(User::getAnonymousUser()); + } + + /** + * @covers \Drupal\graphql\Plugin\GraphQL\DataProducer\User\CurrentUser::resolve + */ + public function testCurrentUser(): void { + // Initially no user is logged in. + $result = $this->executeDataProducer('current_user'); + $this->assertInstanceOf(AccountInterface::class, $result); + $this->assertEquals(0, $result->id()); + + // Log in as the first user. + $this->container->get('current_user')->setAccount($this->users[0]); + $result = $this->executeDataProducer('current_user'); + $this->assertInstanceOf(AccountInterface::class, $result); + $this->assertEquals($this->users[0]->id(), $result->id()); + + // Log in as the second user. + $this->container->get('current_user')->setAccount($this->users[1]); + $result = $this->executeDataProducer('current_user'); + $this->assertInstanceOf(AccountInterface::class, $result); + $this->assertEquals($this->users[1]->id(), $result->id()); + + // Log out again. + $this->container->get('current_user')->setAccount(User::getAnonymousUser()); + $result = $this->executeDataProducer('current_user'); + $this->assertInstanceOf(AccountInterface::class, $result); + $this->assertEquals(0, $result->id()); + } + + /** + * {@inheritdoc} + */ + protected function executeDataProducer($id, array $contexts = []) { + /** @var \Drupal\graphql\Plugin\DataProducerPluginManager $manager */ + $manager = $this->container->get('plugin.manager.graphql.data_producer'); + + /** @var \Drupal\graphql\Plugin\DataProducerPluginInterface $plugin */ + $plugin = $manager->createInstance($id); + + // The 'user' cache context should be added so that the results will be + // cached per user. + $context = $this->prophesize(FieldContext::class); + $context->addCacheContexts(['user'])->willReturn($context->reveal())->shouldBeCalled(); + + return $plugin->resolveField($context->reveal()); + } + +}