ENGCOM-3957: Allow introspection by default in production mode magento#308

 - Merge Pull Request magento/graphql-ce#308 from pmclain/graphql-ce:issue/232
 - Merged commits:
   1. 410b012
   2. 0b4e017
   3. b6fe3ff
   4. 5b53536

Author: magento-engcom-team

dev/tests/api-functional/testsuite/Magento/GraphQl/IntrospectionQueryTest.php

@@ -12,10 +12,10 @@
 class IntrospectionQueryTest extends GraphQlAbstract
 {
     /**
-     * Tests that Introspection is disabled when not in developer mode
+     * Tests that Introspection is allowed by default
      * @SuppressWarnings(PHPMD.ExcessiveMethodLength)
      */
-    public function testIntrospectionQueryWithFieldArgs()
+    public function testIntrospectionQuery()
     {
         $query
             = <<<QUERY
@@ -54,11 +54,6 @@ public function testIntrospectionQueryWithFieldArgs()
 }
 QUERY;
 
-        $this->expectException(\Exception::class);
-        $this->expectExceptionMessage(
-            'GraphQL response contains errors: GraphQL introspection is not allowed, but ' .
-            'the query contained __schema or __type'
-        );
-        $this->graphQlQuery($query);
+        $this->assertArrayHasKey('__schema', $this->graphQlQuery($query));
     }
 }

lib/internal/Magento/Framework/GraphQl/Query/IntrospectionConfiguration.php

@@ -0,0 +1,42 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\Framework\GraphQl\Query;
+
+use Magento\Framework\App\DeploymentConfig;
+
+/**
+ * Class for fetching the availability of introspection queries
+ */
+class IntrospectionConfiguration
+{
+    private const CONFIG_PATH_DISABLE_INTROSPECTION = 'graphql/disable_introspection';
+
+    /**
+     * @var DeploymentConfig
+     */
+    private $deploymentConfig;
+
+    /**
+     * @param DeploymentConfig $deploymentConfig
+     */
+    public function __construct(
+        DeploymentConfig $deploymentConfig
+    ) {
+        $this->deploymentConfig = $deploymentConfig;
+    }
+
+    /**
+     * Check the the environment config to determine if introspection should be disabled.
+     *
+     * @return bool
+     */
+    public function isIntrospectionDisabled(): bool
+    {
+        return (bool)$this->deploymentConfig->get(self::CONFIG_PATH_DISABLE_INTROSPECTION);
+    }
+}

lib/internal/Magento/Framework/GraphQl/Query/QueryComplexityLimiter.php

@@ -33,16 +33,24 @@ class QueryComplexityLimiter
      */
     private $queryComplexity;
 
+    /**
+     * @var IntrospectionConfiguration
+     */
+    private $introspectionConfig;
+
     /**
      * @param int $queryDepth
      * @param int $queryComplexity
+     * @param IntrospectionConfiguration $introspectionConfig
      */
     public function __construct(
         int $queryDepth,
-        int $queryComplexity
+        int $queryComplexity,
+        IntrospectionConfiguration $introspectionConfig
     ) {
         $this->queryDepth = $queryDepth;
         $this->queryComplexity = $queryComplexity;
+        $this->introspectionConfig = $introspectionConfig;
     }
 
     /**
@@ -53,7 +61,7 @@ public function __construct(
     public function execute(): void
     {
         DocumentValidator::addRule(new QueryComplexity($this->queryComplexity));
-        DocumentValidator::addRule(new DisableIntrospection());
+        DocumentValidator::addRule(new DisableIntrospection((int) $this->introspectionConfig->isIntrospectionDisabled()));
         DocumentValidator::addRule(new QueryDepth($this->queryDepth));
     }
 }