graphql 1.13.1 → 1.13.5

data/lib/graphql/language/parser.y

@@ -147,6 +147,7 @@ rule
   name_without_on:
       IDENTIFIER
     | FRAGMENT
+    | REPEATABLE
     | TRUE
     | FALSE
     | operation_type
@@ -155,6 +156,7 @@ rule
   enum_name: /* any identifier, but not "true", "false" or "null" */
       IDENTIFIER
     | FRAGMENT
+    | REPEATABLE
     | ON
     | operation_type
     | schema_keyword
@@ -422,10 +424,14 @@ rule
       }
 
   directive_definition:
-      description_opt DIRECTIVE DIR_SIGN name arguments_definitions_opt ON directive_locations {
-        result = make_node(:DirectiveDefinition, name: val[3], arguments: val[4], locations: val[6], description: val[0] || get_description(val[1]), definition_line: val[1].line, position_source: val[0] || val[1])
+      description_opt DIRECTIVE DIR_SIGN name arguments_definitions_opt directive_repeatable_opt ON directive_locations {
+        result = make_node(:DirectiveDefinition, name: val[3], arguments: val[4], locations: val[7], repeatable: !!val[5], description: val[0] || get_description(val[1]), definition_line: val[1].line, position_source: val[0] || val[1])
       }
 
+  directive_repeatable_opt:
+    /* nothing */
+    | REPEATABLE
+
   directive_locations:
       name                          { result = [make_node(:DirectiveLocation, name: val[0].to_s, position_source: val[0])] }
     | directive_locations PIPE name { val[0] << make_node(:DirectiveLocation, name: val[2].to_s, position_source: val[2]) }

data/lib/graphql/language/printer.rb

@@ -252,6 +252,10 @@ module GraphQL
           out << print_arguments(directive.arguments)
         end
 
+        if directive.repeatable
+          out << " repeatable"
+        end
+
         out << " on #{directive.locations.map(&:name).join(' | ')}"
       end
 

data/lib/graphql/pagination/active_record_relation_connection.rb

@@ -7,13 +7,18 @@ module GraphQL
     class ActiveRecordRelationConnection < Pagination::RelationConnection
       private
 
-      def relation_larger_than(relation, size)
-        initial_offset = relation.offset_value || 0
-        relation.offset(initial_offset + size).exists?
+      def relation_larger_than(relation, initial_offset, size)
+        if already_loaded?(relation)
+          (relation.size + initial_offset) > size
+        else
+          set_offset(sliced_nodes, initial_offset + size).exists?
+        end
       end
 
       def relation_count(relation)
-        int_or_hash = if relation.respond_to?(:unscope)
+        int_or_hash = if already_loaded?(relation)
+          relation.size
+        elsif relation.respond_to?(:unscope)
           relation.unscope(:order).count(:all)
         else
           # Rails 3
@@ -28,11 +33,19 @@ module GraphQL
       end
 
       def relation_limit(relation)
-        relation.limit_value
+        if relation.is_a?(Array)
+          nil
+        else
+          relation.limit_value
+        end
       end
 
       def relation_offset(relation)
-        relation.offset_value
+        if relation.is_a?(Array)
+          nil
+        else
+          relation.offset_value
+        end
       end
 
       def null_relation(relation)
@@ -43,6 +56,30 @@ module GraphQL
           relation.where("1=2")
         end
       end
+
+      def set_limit(nodes, limit)
+        if already_loaded?(nodes)
+          nodes.take(limit)
+        else
+          super
+        end
+      end
+
+      def set_offset(nodes, offset)
+        if already_loaded?(nodes)
+          # If the client sent a bogus cursor beyond the size of the relation,
+          # it might get `nil` from `#[...]`, so return an empty array in that case
+          nodes[offset..-1] || []
+        else
+          super
+        end
+      end
+
+      private
+
+      def already_loaded?(relation)
+        relation.is_a?(Array) || relation.loaded?
+      end
     end
   end
 end

data/lib/graphql/pagination/relation_connection.rb

@@ -35,7 +35,7 @@ module GraphQL
             if @nodes && @nodes.count < first
               false
             else
-              relation_larger_than(sliced_nodes, first)
+              relation_larger_than(sliced_nodes, @sliced_nodes_offset, first)
             end
           else
             false
@@ -54,9 +54,10 @@ module GraphQL
       private
 
       # @param relation [Object] A database query object
+      # @param _initial_offset [Integer] The number of items already excluded from the relation
       # @param size [Integer] The value against which we check the relation size
       # @return [Boolean] True if the number of items in this relation is larger than `size`
-      def relation_larger_than(relation, size)
+      def relation_larger_than(relation, _initial_offset, size)
         relation_count(set_limit(relation, size + 1)) == size + 1
       end
 
@@ -111,30 +112,51 @@ module GraphQL
         end
       end
 
-      # Apply `before` and `after` to the underlying `items`,
-      # returning a new relation.
-      def sliced_nodes
-        @sliced_nodes ||= begin
-          paginated_nodes = items
-
+      def calculate_sliced_nodes_parameters
+        if defined?(@sliced_nodes_limit)
+          return
+        else
           if after_offset
             previous_offset = relation_offset(items) || 0
-            paginated_nodes = set_offset(paginated_nodes, previous_offset + after_offset)
+            relation_offset = previous_offset + after_offset
           end
 
           if before_offset && after_offset
             if after_offset < before_offset
               # Get the number of items between the two cursors
               space_between = before_offset - after_offset - 1
-              paginated_nodes = set_limit(paginated_nodes, space_between)
+              relation_limit = space_between
             else
-              # TODO I think this is untested
               # The cursors overextend one another to an empty set
-              paginated_nodes = null_relation(paginated_nodes)
+              @sliced_nodes_null_relation = true
             end
           elsif before_offset
             # Use limit to cut off the tail of the relation
-            paginated_nodes = set_limit(paginated_nodes, before_offset - 1)
+            relation_limit = before_offset - 1
+          end
+
+          @sliced_nodes_limit = relation_limit
+          @sliced_nodes_offset = relation_offset || 0
+        end
+      end
+
+      # Apply `before` and `after` to the underlying `items`,
+      # returning a new relation.
+      def sliced_nodes
+        @sliced_nodes ||= begin
+          calculate_sliced_nodes_parameters
+          paginated_nodes = items
+
+          if @sliced_nodes_null_relation
+            paginated_nodes = null_relation(paginated_nodes)
+          else
+            if @sliced_nodes_limit
+              paginated_nodes = set_limit(paginated_nodes, @sliced_nodes_limit)
+            end
+
+            if @sliced_nodes_offset
+              paginated_nodes = set_offset(paginated_nodes, @sliced_nodes_offset)
+            end
           end
 
           paginated_nodes
@@ -155,32 +177,40 @@ module GraphQL
       # returning a new relation
       def limited_nodes
         @limited_nodes ||= begin
-          paginated_nodes = sliced_nodes
-          previous_limit = relation_limit(paginated_nodes)
+          calculate_sliced_nodes_parameters
+          if @sliced_nodes_null_relation
+            # it's an empty set
+            return sliced_nodes
+          end
+          relation_limit = @sliced_nodes_limit
+          relation_offset = @sliced_nodes_offset
 
-          if first && (previous_limit.nil? || previous_limit > first)
+          if first && (relation_limit.nil? || relation_limit > first)
             # `first` would create a stricter limit that the one already applied, so add it
-            paginated_nodes = set_limit(paginated_nodes, first)
+            relation_limit = first
           end
 
           if last
-            if (lv = relation_limit(paginated_nodes))
-              if last <= lv
+            if relation_limit
+              if last <= relation_limit
                 # `last` is a smaller slice than the current limit, so apply it
-                offset = (relation_offset(paginated_nodes) || 0) + (lv - last)
-                paginated_nodes = set_offset(paginated_nodes, offset)
-                paginated_nodes = set_limit(paginated_nodes, last)
+                relation_offset += (relation_limit - last)
+                relation_limit = last
               end
             else
               # No limit, so get the last items
-              sliced_nodes_count = relation_count(@sliced_nodes)
-              offset = (relation_offset(paginated_nodes) || 0) + sliced_nodes_count - [last, sliced_nodes_count].min
-              paginated_nodes = set_offset(paginated_nodes, offset)
-              paginated_nodes = set_limit(paginated_nodes, last)
+              sliced_nodes_count = relation_count(sliced_nodes)
+              relation_offset += (sliced_nodes_count - [last, sliced_nodes_count].min)
+              relation_limit = last
             end
           end
 
-          @paged_nodes_offset = relation_offset(paginated_nodes)
+          @paged_nodes_offset = relation_offset
+          paginated_nodes = items
+          paginated_nodes = set_offset(paginated_nodes, relation_offset)
+          if relation_limit
+            paginated_nodes = set_limit(paginated_nodes, relation_limit)
+          end
           paginated_nodes
         end
       end

data/lib/graphql/schema/argument.rb

@@ -37,7 +37,7 @@ module GraphQL
       # @param arg_name [Symbol]
       # @param type_expr
       # @param desc [String]
-      # @param required [Boolean] if true, this argument is non-null; if false, this argument is nullable
+      # @param required [Boolean, :nullable] if true, this argument is non-null; if false, this argument is nullable. If `:nullable`, then the argument must be provided, though it may be `null`.
       # @param description [String]
       # @param default_value [Object]
       # @param as [Symbol] Override the keyword name when passed to a method
@@ -53,7 +53,7 @@ module GraphQL
         @name = -(camelize ? Member::BuildType.camelize(arg_name.to_s) : arg_name.to_s)
         @type_expr = type_expr || type
         @description = desc || description
-        @null = !required
+        @null = required != true
         @default_value = default_value
         @owner = owner
         @as = as
@@ -72,6 +72,9 @@ module GraphQL
         end
 
         self.validates(validates)
+        if required == :nullable
+          self.owner.validates(required: { argument: arg_name })
+        end
 
         if definition_block
           if definition_block.arity == 1
@@ -147,14 +150,7 @@ module GraphQL
             end
           end
         elsif as_type.kind.input_object?
-          as_type.arguments(ctx).each do |_name, input_obj_arg|
-            input_obj_arg = input_obj_arg.type_class
-            # TODO: this skips input objects whose values were alread replaced with application objects.
-            # See: https://github.com/rmosolgo/graphql-ruby/issues/2633
-            if value.is_a?(InputObject) && value.key?(input_obj_arg.keyword) && !input_obj_arg.authorized?(obj, value[input_obj_arg.keyword], ctx)
-              return false
-            end
-          end
+          return as_type.authorized?(obj, value, ctx)
         end
         # None of the early-return conditions were activated,
         # so this is authorized.

data/lib/graphql/schema/build_from_definition.rb

@@ -377,6 +377,7 @@ module GraphQL
           Class.new(GraphQL::Schema::Directive) do
             graphql_name(directive_definition.name)
             description(directive_definition.description)
+            repeatable(directive_definition.repeatable)
             locations(*directive_definition.locations.map { |location| location.name.to_sym })
             ast_node(directive_definition)
             builder.build_arguments(self, directive_definition.arguments, type_resolver)

data/lib/graphql/schema/directive.rb

@@ -101,6 +101,14 @@ module GraphQL
         def on_operation?
           locations.include?(QUERY) && locations.include?(MUTATION) && locations.include?(SUBSCRIPTION)
         end
+
+        def repeatable?
+          !!@repeatable
+        end
+
+        def repeatable(new_value)
+          @repeatable = new_value
+        end
       end
 
       # @return [GraphQL::Schema::Field, GraphQL::Schema::Argument, Class, Module]

data/lib/graphql/schema/field.rb

@@ -16,6 +16,8 @@ module GraphQL
       include GraphQL::Schema::Member::HasDirectives
       include GraphQL::Schema::Member::HasDeprecationReason
 
+      class FieldImplementationFailed < GraphQL::Error; end
+
       # @return [String] the GraphQL name for this field, camelized unless `camelize: false` is provided
       attr_reader :name
       alias :graphql_name :name
@@ -617,13 +619,10 @@ module GraphQL
       end
 
       def authorized?(object, args, context)
-        resolver_authed = if @resolver_class
+        if @resolver_class
           # The resolver _instance_ will check itself during `resolve()`
           @resolver_class.authorized?(object, context)
         else
-          true
-        end
-        resolver_authed && begin
           if (arg_values = context[:current_arguments])
             # ^^ that's provided by the interpreter at runtime, and includes info about whether the default value was used or not.
             using_arg_values = true
@@ -795,51 +794,103 @@ module GraphQL
 
       def public_send_field(unextended_obj, unextended_ruby_kwargs, query_ctx)
         with_extensions(unextended_obj, unextended_ruby_kwargs, query_ctx) do |obj, ruby_kwargs|
-          if @resolver_class
-            if obj.is_a?(GraphQL::Schema::Object)
-              obj = obj.object
-            end
-            obj = @resolver_class.new(object: obj, context: query_ctx, field: self)
-          end
-
-          # Find a way to resolve this field, checking:
-          #
-          # - A method on the type instance;
-          # - Hash keys, if the wrapped object is a hash;
-          # - A method on the wrapped object;
-          # - Or, raise not implemented.
-          #
-          if obj.respond_to?(@resolver_method)
-            # Call the method with kwargs, if there are any
-            if ruby_kwargs.any?
-              obj.public_send(@resolver_method, **ruby_kwargs)
-            else
-              obj.public_send(@resolver_method)
+          begin
+            method_receiver = nil
+            method_to_call = nil
+            if @resolver_class
+              if obj.is_a?(GraphQL::Schema::Object)
+                obj = obj.object
+              end
+              obj = @resolver_class.new(object: obj, context: query_ctx, field: self)
             end
-          elsif obj.object.is_a?(Hash)
-            inner_object = obj.object
-            if inner_object.key?(@method_sym)
-              inner_object[@method_sym]
+
+            # Find a way to resolve this field, checking:
+            #
+            # - A method on the type instance;
+            # - Hash keys, if the wrapped object is a hash;
+            # - A method on the wrapped object;
+            # - Or, raise not implemented.
+            #
+            if obj.respond_to?(@resolver_method)
+              method_to_call = @resolver_method
+              method_receiver = obj
+              # Call the method with kwargs, if there are any
+              if ruby_kwargs.any?
+                obj.public_send(@resolver_method, **ruby_kwargs)
+              else
+                obj.public_send(@resolver_method)
+              end
+            elsif obj.object.is_a?(Hash)
+              inner_object = obj.object
+              if inner_object.key?(@method_sym)
+                inner_object[@method_sym]
+              else
+                inner_object[@method_str]
+              end
+            elsif obj.object.respond_to?(@method_sym)
+              method_to_call = @method_sym
+              method_receiver = obj.object
+              if ruby_kwargs.any?
+                obj.object.public_send(@method_sym, **ruby_kwargs)
+              else
+                obj.object.public_send(@method_sym)
+              end
             else
-              inner_object[@method_str]
+              raise <<-ERR
+            Failed to implement #{@owner.graphql_name}.#{@name}, tried:
+
+            - `#{obj.class}##{@resolver_method}`, which did not exist
+            - `#{obj.object.class}##{@method_sym}`, which did not exist
+            - Looking up hash key `#{@method_sym.inspect}` or `#{@method_str.inspect}` on `#{obj.object}`, but it wasn't a Hash
+
+            To implement this field, define one of the methods above (and check for typos)
+            ERR
             end
-          elsif obj.object.respond_to?(@method_sym)
-            if ruby_kwargs.any?
-              obj.object.public_send(@method_sym, **ruby_kwargs)
+          rescue ArgumentError
+            assert_satisfactory_implementation(method_receiver, method_to_call, ruby_kwargs)
+            # if the line above doesn't raise, re-raise
+            raise
+          end
+        end
+      end
+
+      def assert_satisfactory_implementation(receiver, method_name, ruby_kwargs)
+        method_defn = receiver.method(method_name)
+        unsatisfied_ruby_kwargs = ruby_kwargs.dup
+        unsatisfied_method_params = []
+        encountered_keyrest = false
+        method_defn.parameters.each do |(param_type, param_name)|
+          case param_type
+          when :key
+            unsatisfied_ruby_kwargs.delete(param_name)
+          when :keyreq
+            if unsatisfied_ruby_kwargs.key?(param_name)
+              unsatisfied_ruby_kwargs.delete(param_name)
             else
-              obj.object.public_send(@method_sym)
+              unsatisfied_method_params << "- `#{param_name}:` is required by Ruby, but not by GraphQL. Consider `#{param_name}: nil` instead, or making this argument required in GraphQL."
             end
-          else
-            raise <<-ERR
-          Failed to implement #{@owner.graphql_name}.#{@name}, tried:
+          when :keyrest
+            encountered_keyrest = true
+          when :req
+            unsatisfied_method_params << "- `#{param_name}` is required by Ruby, but GraphQL doesn't pass positional arguments. If it's meant to be a GraphQL argument, use `#{param_name}:` instead. Otherwise, remove it."
+          when :opt, :rest
+            # This is fine, although it will never be present
+          end
+        end
 
-          - `#{obj.class}##{@resolver_method}`, which did not exist
-          - `#{obj.object.class}##{@method_sym}`, which did not exist
-          - Looking up hash key `#{@method_sym.inspect}` or `#{@method_str.inspect}` on `#{obj.object}`, but it wasn't a Hash
+        if encountered_keyrest
+          unsatisfied_ruby_kwargs.clear
+        end
 
-          To implement this field, define one of the methods above (and check for typos)
-          ERR
-          end
+        if unsatisfied_ruby_kwargs.any? || unsatisfied_method_params.any?
+          raise FieldImplementationFailed.new, <<-ERR
+Failed to call #{method_name} on #{receiver.inspect} because the Ruby method params were incompatible with the GraphQL arguments:
+
+#{ unsatisfied_ruby_kwargs
+    .map { |key, value| "- `#{key}: #{value}` was given by GraphQL but not defined in the Ruby method. Add `#{key}:` to the method parameters." }
+    .concat(unsatisfied_method_params)
+    .join("\n") }
+ERR
         end
       end
 
@@ -853,8 +904,12 @@ module GraphQL
           # This is a hack to get the _last_ value for extended obj and args,
           # in case one of the extensions doesn't `yield`.
           # (There's another implementation that uses multiple-return, but I'm wary of the perf cost of the extra arrays)
-          extended = { args: args, obj: obj, memos: nil }
+          extended = { args: args, obj: obj, memos: nil, added_extras: nil }
           value = run_extensions_before_resolve(obj, args, ctx, extended) do |obj, args|
+            if (added_extras = extended[:added_extras])
+              args = args.dup
+              added_extras.each { |e| args.delete(e) }
+            end
             yield(obj, args)
           end
 
@@ -883,6 +938,12 @@ module GraphQL
               memos = extended[:memos] ||= {}
               memos[idx] = memo
             end
+
+            if (extras = extension.added_extras)
+              ae = extended[:added_extras] ||= []
+              ae.concat(extras)
+            end
+
             extended[:obj] = extended_obj
             extended[:args] = extended_args
             run_extensions_before_resolve(extended_obj, extended_args, ctx, extended, idx: idx + 1) { |o, a| yield(o, a) }

data/lib/graphql/schema/field_extension.rb

@@ -49,8 +49,36 @@ module GraphQL
           configs = @own_default_argument_configurations ||= []
           configs << [argument_args, argument_kwargs]
         end
+
+        # If configured, these `extras` will be added to the field if they aren't already present,
+        # but removed by from `arguments` before the field's `resolve` is called.
+        # (The extras _will_ be present for other extensions, though.)
+        #
+        # @param new_extras [Array<Symbol>] If provided, assign extras used by this extension
+        # @return [Array<Symbol>] any extras assigned to this extension
+        def extras(new_extras = nil)
+          if new_extras
+            @own_extras = new_extras
+          end
+
+          inherited_extras = self.superclass.respond_to?(:extras) ? superclass.extras : nil
+          if @own_extras
+            if inherited_extras
+              inherited_extras + @own_extras
+            else
+              @own_extras
+            end
+          elsif inherited_extras
+            inherited_extras
+          else
+            NO_EXTRAS
+          end
+        end
       end
 
+      NO_EXTRAS = [].freeze
+      private_constant :NO_EXTRAS
+
       # Called when this extension is attached to a field.
       # The field definition may be extended during this method.
       # @return [void]
@@ -79,9 +107,18 @@ module GraphQL
             end
           end
         end
+        if (extras = self.class.extras).any?
+          @added_extras = extras - field.extras
+          field.extras(@added_extras)
+        else
+          @added_extras = nil
+        end
         freeze
       end
 
+      # @api private
+      attr_reader :added_extras
+
       # Called before resolving {#field}. It should either:
       #
       # - `yield` values to continue execution; OR

data/lib/graphql/schema/input_object.rb

@@ -79,6 +79,21 @@ module GraphQL
         end
       end
 
+      def self.authorized?(obj, value, ctx)
+        # Authorize each argument (but this doesn't apply if `prepare` is implemented):
+        if value.is_a?(InputObject)
+          arguments(ctx).each do |_name, input_obj_arg|
+            input_obj_arg = input_obj_arg.type_class
+            if value.key?(input_obj_arg.keyword) &&
+              !input_obj_arg.authorized?(obj, value[input_obj_arg.keyword], ctx)
+              return false
+            end
+          end
+        end
+        # It didn't early-return false:
+        true
+      end
+
       def unwrap_value(value)
         case value
         when Array

data/lib/graphql/schema/non_null.rb

@@ -53,6 +53,10 @@ module GraphQL
       end
 
       def coerce_input(value, ctx)
+        # `.validate_input` above is used for variables, but this method is used for arguments
+        if value.nil?
+          raise GraphQL::ExecutionError, "`null` is not a valid input for `#{to_type_signature}`, please provide a value for this argument."
+        end
         of_type.coerce_input(value, ctx)
       end
 

data/lib/graphql/schema/relay_classic_mutation.rb

@@ -155,6 +155,14 @@ module GraphQL
           end
         end
       end
+
+      private
+
+      def authorize_arguments(args, values)
+        # remove the `input` wrapper to match values
+        input_args = args["input"].type.unwrap.arguments(context)
+        super(input_args, values)
+      end
     end
   end
 end

data/lib/graphql/schema/resolver.rb

@@ -145,19 +145,9 @@ module GraphQL
       # @raise [GraphQL::UnauthorizedError] To signal an authorization failure
       # @return [Boolean, early_return_data] If `false`, execution will stop (and `early_return_data` will be returned instead, if present.)
       def authorized?(**inputs)
-        self.class.arguments(context).each_value do |argument|
-          arg_keyword = argument.keyword
-          if inputs.key?(arg_keyword) && !(arg_value = inputs[arg_keyword]).nil? && (arg_value != argument.default_value)
-            arg_auth, err = argument.authorized?(self, arg_value, context)
-            if !arg_auth
-              return arg_auth, err
-            else
-              true
-            end
-          else
-            true
-          end
-        end
+        arg_owner = @field # || self.class
+        args = arg_owner.arguments(context)
+        authorize_arguments(args, inputs)
       end
 
       # Called when an object loaded by `loads:` fails the `.authorized?` check for its resolved GraphQL object type.
@@ -172,6 +162,22 @@ module GraphQL
 
       private
 
+      def authorize_arguments(args, inputs)
+        args.each_value do |argument|
+          arg_keyword = argument.keyword
+          if inputs.key?(arg_keyword) && !(arg_value = inputs[arg_keyword]).nil? && (arg_value != argument.default_value)
+            arg_auth, err = argument.authorized?(self, arg_value, context)
+            if !arg_auth
+              return arg_auth, err
+            else
+              true
+            end
+          else
+            true
+          end
+        end
+      end
+
       def load_arguments(args)
         prepared_args = {}
         prepare_lazies = []