graphql 1.12.15 → 1.12.19

data/lib/graphql/schema/member/has_arguments.rb

@@ -37,6 +37,40 @@ module GraphQL
           end
           arg_defn = self.argument_class.new(*args, **kwargs, &block)
           add_argument(arg_defn)
+
+          if self.is_a?(Class) && !method_defined?(:"load_#{arg_defn.keyword}")
+            method_owner = if self < GraphQL::Schema::InputObject || self < GraphQL::Schema::Directive
+              "self."
+            elsif self < GraphQL::Schema::Resolver
+              ""
+            else
+              raise "Unexpected argument owner: #{self}"
+            end
+            if loads && arg_defn.type.list?
+              class_eval <<-RUBY, __FILE__, __LINE__ + 1
+              def #{method_owner}load_#{arg_defn.keyword}(values, context = nil)
+                argument = get_argument("#{arg_defn.graphql_name}")
+                (context || self.context).schema.after_lazy(values) do |values2|
+                  GraphQL::Execution::Lazy.all(values2.map { |value| load_application_object(argument, value, context || self.context) })
+                end
+              end
+              RUBY
+            elsif loads
+              class_eval <<-RUBY, __FILE__, __LINE__ + 1
+              def #{method_owner}load_#{arg_defn.keyword}(value, context = nil)
+                argument = get_argument("#{arg_defn.graphql_name}")
+                load_application_object(argument, value, context || self.context)
+              end
+              RUBY
+            else
+              class_eval <<-RUBY, __FILE__, __LINE__ + 1
+              def #{method_owner}load_#{arg_defn.keyword}(value, _context = nil)
+                value
+              end
+              RUBY
+            end
+          end
+          arg_defn
         end
 
         # Register this argument with the class.
@@ -94,54 +128,52 @@ module GraphQL
           arg_defns = self.arguments
           total_args_count = arg_defns.size
 
-          if total_args_count == 0
-            final_args = GraphQL::Execution::Interpreter::Arguments::EMPTY
-            if block_given?
-              block.call(final_args)
-              nil
+          finished_args = nil
+          prepare_finished_args = -> {
+            if total_args_count == 0
+              finished_args = GraphQL::Execution::Interpreter::Arguments::EMPTY
+              if block_given?
+                block.call(finished_args)
+              end
             else
-              final_args
-            end
-          else
-            finished_args = nil
-            argument_values = {}
-            resolved_args_count = 0
-            raised_error = false
-            arg_defns.each do |arg_name, arg_defn|
-              context.dataloader.append_job do
-                begin
-                  arg_defn.coerce_into_values(parent_object, values, context, argument_values)
-                rescue GraphQL::ExecutionError, GraphQL::UnauthorizedError => err
-                  raised_error = true
-                  if block_given?
-                    block.call(err)
-                  else
+              argument_values = {}
+              resolved_args_count = 0
+              raised_error = false
+              arg_defns.each do |arg_name, arg_defn|
+                context.dataloader.append_job do
+                  begin
+                    arg_defn.coerce_into_values(parent_object, values, context, argument_values)
+                  rescue GraphQL::ExecutionError, GraphQL::UnauthorizedError => err
+                    raised_error = true
                     finished_args = err
+                    if block_given?
+                      block.call(finished_args)
+                    end
                   end
-                end
-
-                resolved_args_count += 1
-                if resolved_args_count == total_args_count && !raised_error
-                  finished_args = context.schema.after_any_lazies(argument_values.values) {
-                    GraphQL::Execution::Interpreter::Arguments.new(
-                      argument_values: argument_values,
-                    )
-                  }
 
-                  if block_given?
-                    block.call(finished_args)
+                  resolved_args_count += 1
+                  if resolved_args_count == total_args_count && !raised_error
+                    finished_args = context.schema.after_any_lazies(argument_values.values) {
+                      GraphQL::Execution::Interpreter::Arguments.new(
+                        argument_values: argument_values,
+                      )
+                    }
+                    if block_given?
+                      block.call(finished_args)
+                    end
                   end
                 end
               end
             end
+          }
 
-            if block_given?
-              nil
-            else
-              # This API returns eagerly, gotta run it now
-              context.dataloader.run
-              finished_args
-            end
+          if block_given?
+            prepare_finished_args.call
+            nil
+          else
+            # This API returns eagerly, gotta run it now
+            context.dataloader.run_isolated(&prepare_finished_args)
+            finished_args
           end
         end
 
@@ -186,12 +218,20 @@ module GraphQL
             context.schema.object_from_id(id, context)
           end
 
-          def load_application_object(argument, lookup_as_type, id, context)
+          def load_application_object(argument, id, context)
             # See if any object can be found for this ID
             if id.nil?
               return nil
             end
-            loaded_application_object = object_from_id(lookup_as_type, id, context)
+            object_from_id(argument.loads, id, context)
+          end
+
+          def load_and_authorize_application_object(argument, id, context)
+            loaded_application_object = load_application_object(argument, id, context)
+            authorize_application_object(argument, id, context, loaded_application_object)
+          end
+
+          def authorize_application_object(argument, id, context, loaded_application_object)
             context.schema.after_lazy(loaded_application_object) do |application_object|
               if application_object.nil?
                 err = GraphQL::LoadApplicationObjectFailedError.new(argument: argument, id: id, object: application_object)
@@ -199,9 +239,9 @@ module GraphQL
               end
               # Double-check that the located object is actually of this type
               # (Don't want to allow arbitrary access to objects this way)
-              resolved_application_object_type = context.schema.resolve_type(lookup_as_type, application_object, context)
+              resolved_application_object_type = context.schema.resolve_type(argument.loads, application_object, context)
               context.schema.after_lazy(resolved_application_object_type) do |application_object_type|
-                possible_object_types = context.warden.possible_types(lookup_as_type)
+                possible_object_types = context.warden.possible_types(argument.loads)
                 if !possible_object_types.include?(application_object_type)
                   err = GraphQL::LoadApplicationObjectFailedError.new(argument: argument, id: id, object: application_object)
                   load_application_object_failed(err)
@@ -214,11 +254,17 @@ module GraphQL
                       if authed
                         application_object
                       else
-                        raise GraphQL::UnauthorizedError.new(
+                        err = GraphQL::UnauthorizedError.new(
                           object: application_object,
                           type: class_based_type,
                           context: context,
                         )
+                        if self.respond_to?(:unauthorized_object)
+                          err.set_backtrace(caller)
+                          unauthorized_object(err)
+                        else
+                          raise err
+                        end
                       end
                     end
                   else

data/lib/graphql/schema/resolver.rb

@@ -28,7 +28,7 @@ module GraphQL
       include Schema::Member::HasPath
       extend Schema::Member::HasPath
 
-      # @param object [Object] the initialize object, pass to {Query.initialize} as `root_value`
+      # @param object [Object] The application object that this field is being resolved on
       # @param context [GraphQL::Query::Context]
       # @param field [GraphQL::Schema::Field]
       def initialize(object:, context:, field:)
@@ -40,7 +40,6 @@ module GraphQL
         self.class.arguments.each do |name, arg|
           @arguments_by_keyword[arg.keyword] = arg
         end
-        @arguments_loads_as_type = self.class.arguments_loads_as_type
         @prepared_arguments = nil
       end
 
@@ -110,7 +109,7 @@ module GraphQL
                     public_send(self.class.resolve_method)
                   end
                 else
-                  nil
+                  raise GraphQL::UnauthorizedFieldError.new(context: context, object: object, type: field.owner, field: field)
                 end
               end
             end
@@ -161,6 +160,16 @@ module GraphQL
         end
       end
 
+      # Called when an object loaded by `loads:` fails the `.authorized?` check for its resolved GraphQL object type.
+      #
+      # By default, the error is re-raised and passed along to {{Schema.unauthorized_object}}.
+      #
+      # Any value returned here will be used _instead of_ of the loaded object.
+      # @param err [GraphQL::UnauthorizedError]
+      def unauthorized_object(err)
+        raise err
+      end
+
       private
 
       def load_arguments(args)
@@ -170,18 +179,14 @@ module GraphQL
         args.each do |key, value|
           arg_defn = @arguments_by_keyword[key]
           if arg_defn
-            if value.nil?
-              prepared_args[key] = value
-            else
-              prepped_value = prepared_args[key] = load_argument(key, value)
-              if context.schema.lazy?(prepped_value)
-                prepare_lazies << context.schema.after_lazy(prepped_value) do |finished_prepped_value|
-                  prepared_args[key] = finished_prepped_value
-                end
+            prepped_value = prepared_args[key] = arg_defn.load_and_authorize_value(self, value, context)
+            if context.schema.lazy?(prepped_value)
+              prepare_lazies << context.schema.after_lazy(prepped_value) do |finished_prepped_value|
+                prepared_args[key] = finished_prepped_value
               end
             end
           else
-            # These are `extras: [...]`
+            # these are `extras:`
             prepared_args[key] = value
           end
         end
@@ -194,8 +199,8 @@ module GraphQL
         end
       end
 
-      def load_argument(name, value)
-        public_send("load_#{name}", value)
+      def get_argument(name)
+        self.class.get_argument(name)
       end
 
       class << self
@@ -218,8 +223,10 @@ module GraphQL
           own_extras + (superclass.respond_to?(:extras) ? superclass.extras : [])
         end
 
-        # Specifies whether or not the field is nullable. Defaults to `true`
-        # TODO unify with {#type}
+        # If `true` (default), then the return type for this resolver will be nullable.
+        # If `false`, then the return type is non-null.
+        #
+        # @see #type which sets the return type of this field and accepts a `null:` option
         # @param allow_null [Boolean] Whether or not the response can be null
         def null(allow_null = nil)
           if !allow_null.nil?
@@ -332,47 +339,9 @@ module GraphQL
         # also add some preparation hook methods which will be used for this argument
         # @see {GraphQL::Schema::Argument#initialize} for the signature
         def argument(*args, **kwargs, &block)
-          loads = kwargs[:loads]
           # Use `from_resolver: true` to short-circuit the InputObject's own `loads:` implementation
           # so that we can support `#load_{x}` methods below.
-          arg_defn = super(*args, from_resolver: true, **kwargs)
-          own_arguments_loads_as_type[arg_defn.keyword] = loads if loads
-
-          if !method_defined?(:"load_#{arg_defn.keyword}")
-            if loads && arg_defn.type.list?
-              class_eval <<-RUBY, __FILE__, __LINE__ + 1
-              def load_#{arg_defn.keyword}(values)
-                argument = @arguments_by_keyword[:#{arg_defn.keyword}]
-                lookup_as_type = @arguments_loads_as_type[:#{arg_defn.keyword}]
-                context.schema.after_lazy(values) do |values2|
-                  GraphQL::Execution::Lazy.all(values2.map { |value| load_application_object(argument, lookup_as_type, value, context) })
-                end
-              end
-              RUBY
-            elsif loads
-              class_eval <<-RUBY, __FILE__, __LINE__ + 1
-              def load_#{arg_defn.keyword}(value)
-                argument = @arguments_by_keyword[:#{arg_defn.keyword}]
-                lookup_as_type = @arguments_loads_as_type[:#{arg_defn.keyword}]
-                load_application_object(argument, lookup_as_type, value, context)
-              end
-              RUBY
-            else
-              class_eval <<-RUBY, __FILE__, __LINE__ + 1
-              def load_#{arg_defn.keyword}(value)
-                value
-              end
-              RUBY
-            end
-          end
-
-          arg_defn
-        end
-
-        # @api private
-        def arguments_loads_as_type
-          inherited_lookups = superclass.respond_to?(:arguments_loads_as_type) ? superclass.arguments_loads_as_type : {}
-          inherited_lookups.merge(own_arguments_loads_as_type)
+          super(*args, from_resolver: true, **kwargs)
         end
 
         # Registers new extension
@@ -408,10 +377,6 @@ module GraphQL
         def own_extensions
           @own_extensions
         end
-
-        def own_arguments_loads_as_type
-          @own_arguments_loads_as_type ||= {}
-        end
       end
     end
   end

data/lib/graphql/schema/subscription.rb

@@ -14,7 +14,7 @@ module GraphQL
     class Subscription < GraphQL::Schema::Resolver
       extend GraphQL::Schema::Resolver::HasPayloadType
       extend GraphQL::Schema::Member::HasFields
-
+      NO_UPDATE = :no_update
       # The generated payload type is required; If there's no payload,
       # propagate null.
       null false
@@ -58,11 +58,9 @@ module GraphQL
         end
       end
 
-      # Default implementation returns the root object.
+      # The default implementation returns nothing on subscribe.
       # Override it to return an object or
-      # `:no_response` to return nothing.
-      #
-      # The default is `:no_response`.
+      # `:no_response` to (explicitly) return nothing.
       def subscribe(args = {})
         :no_response
       end
@@ -70,7 +68,7 @@ module GraphQL
       # Wrap the user-provided `#update` hook
       def resolve_update(**args)
         ret_val = args.any? ? update(**args) : update
-        if ret_val == :no_update
+        if ret_val == NO_UPDATE
           context.namespace(:subscriptions)[:no_update] = true
           context.skip
         else
@@ -79,7 +77,7 @@ module GraphQL
       end
 
       # The default implementation returns the root object.
-      # Override it to return `:no_update` if you want to
+      # Override it to return {NO_UPDATE} if you want to
       # skip updates sometimes. Or override it to return a different object.
       def update(args = {})
         object
@@ -116,6 +114,26 @@ module GraphQL
         end
       end
 
+      # This is called during initial subscription to get a "name" for this subscription.
+      # Later, when `.trigger` is called, this will be called again to build another "name".
+      # Any subscribers with matching topic will begin the update flow.
+      #
+      # The default implementation creates a string using the field name, subscription scope, and argument keys and values.
+      # In that implementation, only `.trigger` calls with _exact matches_ result in updates to subscribers.
+      #
+      # To implement a filtered stream-type subscription flow, override this method to return a string with field name and subscription scope.
+      # Then, implement {#update} to compare its arguments to the current `object` and return {NO_UPDATE} when an
+      # update should be filtered out.
+      #
+      # @see {#update} for how to skip updates when an event comes with a matching topic.
+      # @param arguments [Hash<String => Object>] The arguments for this topic, in GraphQL-style (camelized strings)
+      # @param field [GraphQL::Schema::Field]
+      # @param scope [Object, nil] A value corresponding to `.trigger(... scope:)` (for updates) or the `subscription_scope` found in `context` (for initial subscriptions).
+      # @return [String] An identifier corresponding to a stream of updates
+      def self.topic_for(arguments:, field:, scope:)
+        Subscriptions::Serialize.dump_recursive([scope, field.graphql_name, arguments])
+      end
+
       # Overriding Resolver#field_options to include subscription_scope
       def self.field_options
         super.merge(

data/lib/graphql/schema/validator/allow_blank_validator.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module GraphQL
+  class Schema
+    class Validator
+      # Use this to specifically reject values that respond to `.blank?` and respond truthy for that method.
+      #
+      # @example Require a non-empty string for an argument
+      #   argument :name, String, required: true, validate: { allow_blank: false }
+      class AllowBlankValidator < Validator
+        def initialize(allow_blank_positional, allow_blank: nil, message: "%{validated} can't be blank", **default_options)
+          @message = message
+          super(**default_options)
+          @allow_blank = allow_blank.nil? ? allow_blank_positional : allow_blank
+        end
+
+        def validate(_object, _context, value)
+          if value.respond_to?(:blank?) && value.blank?
+            if (value.nil? && @allow_null) || @allow_blank
+              # pass
+            else
+              @message
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/graphql/schema/validator/allow_null_validator.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module GraphQL
+  class Schema
+    class Validator
+      # Use this to specifically reject or permit `nil` values (given as `null` from GraphQL).
+      #
+      # @example require a non-null value for an argument if it is provided
+      #   argument :name, String, required: false, validates: { allow_null: false }
+      class AllowNullValidator < Validator
+        MESSAGE = "%{validated} can't be null"
+        def initialize(allow_null_positional, allow_null: nil, message: MESSAGE, **default_options)
+          @message = message
+          super(**default_options)
+          @allow_null = allow_null.nil? ? allow_null_positional : allow_null
+        end
+
+        def validate(_object, _context, value)
+          if value.nil? && !@allow_null
+            @message
+          end
+        end
+      end
+    end
+  end
+end

data/lib/graphql/schema/validator/exclusion_validator.rb

@@ -21,7 +21,9 @@ module GraphQL
         end
 
         def validate(_object, _context, value)
-          if @in_list.include?(value)
+          if permitted_empty_value?(value)
+            # pass
+          elsif @in_list.include?(value)
             @message
           end
         end

data/lib/graphql/schema/validator/format_validator.rb

@@ -38,7 +38,8 @@ module GraphQL
         end
 
         def validate(_object, _context, value)
-          if (@with_pattern && !value.match?(@with_pattern)) ||
+          if value.nil? ||
+              (@with_pattern && !value.match?(@with_pattern)) ||
               (@without_pattern && value.match?(@without_pattern))
             @message
           end

data/lib/graphql/schema/validator/inclusion_validator.rb

@@ -23,7 +23,9 @@ module GraphQL
         end
 
         def validate(_object, _context, value)
-          if !@in_list.include?(value)
+          if permitted_empty_value?(value)
+            # pass
+          elsif !@in_list.include?(value)
             @message
           end
         end

data/lib/graphql/schema/validator/length_validator.rb

@@ -43,11 +43,13 @@ module GraphQL
         end
 
         def validate(_object, _context, value)
-          if @maximum && value.length > @maximum
+          return if permitted_empty_value?(value) # pass in this case
+          length = value.nil? ? 0 : value.length
+          if @maximum && length > @maximum
             partial_format(@too_long, { count: @maximum })
-          elsif @minimum && value.length < @minimum
+          elsif @minimum && length < @minimum
             partial_format(@too_short, { count: @minimum })
-          elsif @is && value.length != @is
+          elsif @is && length != @is
             partial_format(@wrong_length, { count: @is })
           end
         end

data/lib/graphql/schema/validator/numericality_validator.rb

@@ -24,13 +24,15 @@ module GraphQL
         # @param other_than [Integer]
         # @param odd [Boolean]
         # @param even [Boolean]
+        # @param within [Range]
         # @param message [String] used for all validation failures
         def initialize(
             greater_than: nil, greater_than_or_equal_to: nil,
             less_than: nil, less_than_or_equal_to: nil,
             equal_to: nil, other_than: nil,
-            odd: nil, even: nil,
+            odd: nil, even: nil, within: nil,
             message: "%{validated} must be %{comparison} %{target}",
+            null_message: Validator::AllowNullValidator::MESSAGE,
             **default_options
           )
 
@@ -42,12 +44,18 @@ module GraphQL
           @other_than = other_than
           @odd = odd
           @even = even
+          @within = within
           @message = message
+          @null_message = null_message
           super(**default_options)
         end
 
         def validate(object, context, value)
-          if @greater_than && value <= @greater_than
+          if permitted_empty_value?(value)
+            # pass in this case
+          elsif value.nil? # @allow_null is handled in the parent class
+            @null_message
+          elsif @greater_than && value <= @greater_than
             partial_format(@message, { comparison: "greater than", target: @greater_than })
           elsif @greater_than_or_equal_to && value < @greater_than_or_equal_to
             partial_format(@message, { comparison: "greater than or equal to", target: @greater_than_or_equal_to })
@@ -63,6 +71,8 @@ module GraphQL
             (partial_format(@message, { comparison: "even", target: "" })).strip
           elsif @odd && !value.odd?
             (partial_format(@message, { comparison: "odd", target: "" })).strip
+          elsif @within && !@within.include?(value)
+            partial_format(@message, { comparison: "within", target: @within })
           end
         end
       end

data/lib/graphql/schema/validator.rb

@@ -7,7 +7,6 @@ module GraphQL
       # @return [GraphQL::Schema::Argument, GraphQL::Schema::Field, GraphQL::Schema::Resolver, Class<GraphQL::Schema::InputObject>]
       attr_reader :validated
 
-      # TODO should this implement `if:` and `unless:` ?
       # @param validated [GraphQL::Schema::Argument, GraphQL::Schema::Field, GraphQL::Schema::Resolver, Class<GraphQL::Schema::InputObject>] The argument or argument owner this validator is attached to
       # @param allow_blank [Boolean] if `true`, then objects that respond to `.blank?` and return true for `.blank?` will skip this validation
       # @param allow_null [Boolean] if `true`, then incoming `null`s will skip this validation
@@ -25,26 +24,6 @@ module GraphQL
         raise GraphQL::RequiredImplementationMissingError, "Validator classes should implement #validate"
       end
 
-      # This is called by the validation system and eventually calls {#validate}.
-      # @api private
-      def apply(object, context, value)
-        if value.nil?
-          if @allow_null
-            nil # skip this
-          else
-            "%{validated} can't be null"
-          end
-        elsif value.respond_to?(:blank?) && value.blank?
-          if @allow_blank
-            nil # skip this
-          else
-            "%{validated} can't be blank"
-          end
-        else
-          validate(object, context, value)
-        end
-      end
-
       # This is like `String#%`, but it supports the case that only some of `string`'s
       # values are present in `substitutions`
       def partial_format(string, substitutions)
@@ -55,6 +34,12 @@ module GraphQL
         string
       end
 
+      # @return [Boolean] `true` if `value` is `nil` and this validator has `allow_null: true` or if value is `.blank?` and this validator has `allow_blank: true`
+      def permitted_empty_value?(value)
+        (value.nil? && @allow_null) ||
+          (@allow_blank && value.respond_to?(:blank?) && value.blank?)
+      end
+
       # @param schema_member [GraphQL::Schema::Field, GraphQL::Schema::Argument, Class<GraphQL::Schema::InputObject>]
       # @param validates_hash [Hash{Symbol => Hash}, Hash{Class => Hash} nil] A configuration passed as `validates:`
       # @return [Array<Validator>]
@@ -62,6 +47,24 @@ module GraphQL
         if validates_hash.nil? || validates_hash.empty?
           EMPTY_ARRAY
         else
+          validates_hash = validates_hash.dup
+          allow_null = validates_hash.delete(:allow_null)
+          allow_blank = validates_hash.delete(:allow_blank)
+
+          # This could be {...}.compact on Ruby 2.4+
+          default_options = {}
+          if !allow_null.nil?
+            default_options[:allow_null] = allow_null
+          end
+          if !allow_blank.nil?
+            default_options[:allow_blank] = allow_blank
+          end
+
+          # allow_nil or allow_blank are the _only_ validations:
+          if validates_hash.empty?
+            validates_hash = default_options
+          end
+
           validates_hash.map do |validator_name, options|
             validator_class = case validator_name
             when Class
@@ -69,7 +72,11 @@ module GraphQL
             else
               all_validators[validator_name] || raise(ArgumentError, "unknown validation: #{validator_name.inspect}")
             end
-            validator_class.new(validated: schema_member, **options)
+            if options.is_a?(Hash)
+              validator_class.new(validated: schema_member, **(default_options.merge(options)))
+            else
+              validator_class.new(options, validated: schema_member, **default_options)
+            end
           end
         end
       end
@@ -122,10 +129,10 @@ module GraphQL
 
         validators.each do |validator|
           validated = as || validator.validated
-          errors = validator.apply(object, context, value)
+          errors = validator.validate(object, context, value)
           if errors &&
-            (errors.is_a?(Array) && errors != EMPTY_ARRAY) ||
-            (errors.is_a?(String))
+              (errors.is_a?(Array) && errors != EMPTY_ARRAY) ||
+              (errors.is_a?(String))
             if all_errors.frozen? # It's empty
               all_errors = []
             end
@@ -161,3 +168,7 @@ require "graphql/schema/validator/exclusion_validator"
 GraphQL::Schema::Validator.install(:exclusion, GraphQL::Schema::Validator::ExclusionValidator)
 require "graphql/schema/validator/required_validator"
 GraphQL::Schema::Validator.install(:required, GraphQL::Schema::Validator::RequiredValidator)
+require "graphql/schema/validator/allow_null_validator"
+GraphQL::Schema::Validator.install(:allow_null, GraphQL::Schema::Validator::AllowNullValidator)
+require "graphql/schema/validator/allow_blank_validator"
+GraphQL::Schema::Validator.install(:allow_blank, GraphQL::Schema::Validator::AllowBlankValidator)