graphql 2.3.7 → 2.3.8

data/lib/graphql/schema/input_object.rb

@@ -23,7 +23,8 @@ module GraphQL
         @ruby_style_hash = ruby_kwargs
         @arguments = arguments
         # Apply prepares, not great to have it duplicated here.
-        self.class.arguments(context).each_value do |arg_defn|
+        arg_defns = context ? context.types.arguments(self.class) : self.class.arguments(context).each_value
+        arg_defns.each do |arg_defn|
           ruby_kwargs_key = arg_defn.keyword
           if @ruby_style_hash.key?(ruby_kwargs_key)
             # Weirdly, procs are applied during coercion, but not methods.
@@ -58,7 +59,7 @@ module GraphQL
       def self.authorized?(obj, value, ctx)
         # Authorize each argument (but this doesn't apply if `prepare` is implemented):
         if value.respond_to?(:key?)
-          arguments(ctx).each do |_name, input_obj_arg|
+          ctx.types.arguments(self).each do |input_obj_arg|
             if value.key?(input_obj_arg.keyword) &&
               !input_obj_arg.authorized?(obj, value[input_obj_arg.keyword], ctx)
               return false
@@ -149,7 +150,7 @@ module GraphQL
         INVALID_OBJECT_MESSAGE = "Expected %{object} to be a key-value object."
 
         def validate_non_null_input(input, ctx, max_errors: nil)
-          warden = ctx.warden
+          types = ctx.types
 
           if input.is_a?(Array)
             return GraphQL::Query::InputValidationResult.from_problem(INVALID_OBJECT_MESSAGE % { object: JSON.generate(input, quirks_mode: true) })
@@ -161,9 +162,9 @@ module GraphQL
           end
 
           # Inject missing required arguments
-          missing_required_inputs = self.arguments(ctx).reduce({}) do |m, (argument_name, argument)|
-            if !input.key?(argument_name) && argument.type.non_null? && warden.get_argument(self, argument_name)
-              m[argument_name] = nil
+          missing_required_inputs = ctx.types.arguments(self).reduce({}) do |m, (argument)|
+            if !input.key?(argument.graphql_name) && argument.type.non_null? && types.argument(self, argument.graphql_name)
+              m[argument.graphql_name] = nil
             end
 
             m
@@ -172,7 +173,7 @@ module GraphQL
           result = nil
           [input, missing_required_inputs].each do |args_to_validate|
             args_to_validate.each do |argument_name, value|
-              argument = warden.get_argument(self, argument_name)
+              argument = types.argument(self, argument_name)
               # Items in the input that are unexpected
               if argument.nil?
                 result ||= Query::InputValidationResult.new

data/lib/graphql/schema/introspection_system.rb

@@ -69,7 +69,7 @@ module GraphQL
       def resolve_late_bindings
         @types.each do |name, t|
           if t.kind.fields?
-            t.fields.each do |_name, field_defn|
+            t.all_field_definitions.each do |field_defn|
               field_defn.type = resolve_late_binding(field_defn.type)
             end
           end
@@ -113,19 +113,7 @@ module GraphQL
 
       def get_fields_from_class(class_sym:)
         object_type_defn = load_constant(class_sym)
-
-        if object_type_defn.is_a?(Module)
-          object_type_defn.fields
-        else
-          extracted_field_defns = {}
-          object_class = object_type_defn.metadata[:type_class]
-          object_type_defn.all_fields.each do |field_defn|
-            inner_resolve = field_defn.resolve_proc
-            resolve_with_instantiate = PerFieldProxyResolve.new(object_class: object_class, inner_resolve: inner_resolve)
-            extracted_field_defns[field_defn.name] = field_defn.redefine(resolve: resolve_with_instantiate)
-          end
-          extracted_field_defns
-        end
+        object_type_defn.fields
       end
 
       # This is probably not 100% robust -- but it has to be good enough to avoid modifying the built-in introspection types

data/lib/graphql/schema/member/has_arguments.rb

@@ -135,10 +135,11 @@ module GraphQL
 
             def get_argument(argument_name, context = GraphQL::Query::NullContext.instance)
               warden = Warden.from_context(context)
+              skip_visible = context.respond_to?(:types) && context.types.is_a?(GraphQL::Schema::Subset)
               for ancestor in ancestors
                 if ancestor.respond_to?(:own_arguments) &&
                   (a = ancestor.own_arguments[argument_name]) &&
-                  (a = Warden.visible_entry?(:visible_argument?, a, context, warden))
+                  (skip_visible || (a = Warden.visible_entry?(:visible_argument?, a, context, warden)))
                   return a
                 end
               end
@@ -205,8 +206,8 @@ module GraphQL
         # @return [GraphQL::Schema::Argument, nil] Argument defined on this thing, fetched by name.
         def get_argument(argument_name, context = GraphQL::Query::NullContext.instance)
           warden = Warden.from_context(context)
-          if (arg_config = own_arguments[argument_name]) && (visible_arg = Warden.visible_entry?(:visible_argument?, arg_config, context, warden))
-            visible_arg
+          if (arg_config = own_arguments[argument_name]) && ((context.respond_to?(:types) && context.types.is_a?(GraphQL::Schema::Subset)) || (visible_arg = Warden.visible_entry?(:visible_argument?, arg_config, context, warden)))
+            visible_arg || arg_config
           elsif defined?(@resolver_class) && @resolver_class
             @resolver_class.get_field_argument(argument_name, context)
           else
@@ -230,7 +231,7 @@ module GraphQL
         # @return [Interpreter::Arguments, Execution::Lazy<Interpreter::Arguments>]
         def coerce_arguments(parent_object, values, context, &block)
           # Cache this hash to avoid re-merging it
-          arg_defns = context.warden.arguments(self)
+          arg_defns = context.types.arguments(self)
           total_args_count = arg_defns.size
 
           finished_args = nil
@@ -364,8 +365,8 @@ module GraphQL
                   end
 
                   if !(
-                      context.warden.possible_types(argument.loads).include?(application_object_type) ||
-                      context.warden.loadable?(argument.loads, context)
+                      context.types.possible_types(argument.loads).include?(application_object_type) ||
+                      context.types.loadable?(argument.loads, context)
                     )
                     err = GraphQL::LoadApplicationObjectFailedError.new(context: context, argument: argument, id: id, object: application_object)
                     application_object = load_application_object_failed(err)

data/lib/graphql/schema/member/has_fields.rb

@@ -99,11 +99,12 @@ module GraphQL
         module InterfaceMethods
           def get_field(field_name, context = GraphQL::Query::NullContext.instance)
             warden = Warden.from_context(context)
+            skip_visible = context.respond_to?(:types) && context.types.is_a?(GraphQL::Schema::Subset)
             for ancestor in ancestors
               if ancestor.respond_to?(:own_fields) &&
                   (f_entry = ancestor.own_fields[field_name]) &&
-                  (f = Warden.visible_entry?(:visible_field?, f_entry, context, warden))
-                return f
+                  (skip_visible || (f_entry = Warden.visible_entry?(:visible_field?, f_entry, context, warden)))
+                return f_entry
               end
             end
             nil
@@ -134,13 +135,14 @@ module GraphQL
             # Objects need to check that the interface implementation is visible, too
             warden = Warden.from_context(context)
             ancs = ancestors
+            skip_visible = context.respond_to?(:types) && context.types.is_a?(GraphQL::Schema::Subset)
             i = 0
             while (ancestor = ancs[i])
               if ancestor.respond_to?(:own_fields) &&
                   visible_interface_implementation?(ancestor, context, warden) &&
                   (f_entry = ancestor.own_fields[field_name]) &&
-                  (f = Warden.visible_entry?(:visible_field?, f_entry, context, warden))
-                return f
+                  (skip_visible || (f_entry = Warden.visible_entry?(:visible_field?, f_entry, context, warden)))
+                return f_entry
               end
               i += 1
             end

data/lib/graphql/schema/resolver.rb

@@ -36,7 +36,7 @@ module GraphQL
         @field = field
         # Since this hash is constantly rebuilt, cache it for this call
         @arguments_by_keyword = {}
-        self.class.arguments(context).each do |name, arg|
+        context.types.arguments(self.class).each do |arg|
           @arguments_by_keyword[arg.keyword] = arg
         end
         @prepared_arguments = nil
@@ -152,7 +152,7 @@ module GraphQL
       # @return [Boolean, early_return_data] If `false`, execution will stop (and `early_return_data` will be returned instead, if present.)
       def authorized?(**inputs)
         arg_owner = @field # || self.class
-        args = arg_owner.arguments(context)
+        args = context.types.arguments(arg_owner)
         authorize_arguments(args, inputs)
       end
 
@@ -169,7 +169,7 @@ module GraphQL
       private
 
       def authorize_arguments(args, inputs)
-        args.each_value do |argument|
+        args.each do |argument|
           arg_keyword = argument.keyword
           if inputs.key?(arg_keyword) && !(arg_value = inputs[arg_keyword]).nil? && (arg_value != argument.default_value)
             auth_result = argument.authorized?(self, arg_value, context)
@@ -182,10 +182,9 @@ module GraphQL
             elsif auth_result == false
               return auth_result
             end
-          else
-            true
           end
         end
+        true
       end
 
       def load_arguments(args)

data/lib/graphql/schema/subset.rb

@@ -0,0 +1,397 @@
+# frozen_string_literal: true
+
+module GraphQL
+  class Schema
+    class Subset
+      def initialize(query)
+        @query = query
+        @context = query.context
+        @schema = query.schema
+        @all_types = {}
+        @all_types_loaded = false
+        @unvisited_types = []
+        @referenced_types = Hash.new { |h, type_defn| h[type_defn] = [] }.compare_by_identity
+        @cached_possible_types = nil
+        @cached_visible = Hash.new { |h, member|
+          h[member] = @schema.visible?(member, @context)
+        }.compare_by_identity
+
+        @cached_visible_fields = Hash.new { |h, owner|
+          h[owner] = Hash.new do |h2, field|
+            h2[field] = if @cached_visible[field] &&
+                (ret_type = field.type.unwrap) &&
+                @cached_visible[ret_type] &&
+                reachable_type?(ret_type.graphql_name) &&
+                (owner == field.owner || (!owner.kind.object?) || field_on_visible_interface?(field, owner))
+
+              if !field.introspection?
+                # The problem is that some introspection fields may have references
+                # to non-custom introspection types.
+                # If those were added here, they'd cause a DuplicateNamesError.
+                # This is basically a bug -- those fields _should_ reference the custom types.
+                add_type(ret_type, field)
+              end
+              true
+            else
+              false
+            end
+          end.compare_by_identity
+        }.compare_by_identity
+
+        @cached_visible_arguments = Hash.new do |h, arg|
+          h[arg] = if @cached_visible[arg] && (arg_type = arg.type.unwrap) && @cached_visible[arg_type]
+            add_type(arg_type, arg)
+            true
+          else
+            false
+          end
+        end.compare_by_identity
+
+        @unfiltered_pt = Hash.new do |hash, type|
+          hash[type] = @schema.possible_types(type)
+        end.compare_by_identity
+      end
+
+      def field_on_visible_interface?(field, owner)
+        ints = owner.interface_type_memberships.map(&:abstract_type)
+        field_name = field.graphql_name
+        filtered_ints = interfaces(owner)
+        any_interface_has_field = false
+        any_interface_has_visible_field = false
+        ints.each do |int_t|
+          if (_int_f_defn = int_t.get_field(field_name, @context))
+            any_interface_has_field = true
+
+            if filtered_ints.include?(int_t) # TODO cycles, or maybe not necessary since previously checked? && @cached_visible_fields[owner][field]
+              any_interface_has_visible_field = true
+              break
+            end
+          end
+        end
+
+        if any_interface_has_field
+          any_interface_has_visible_field
+        else
+          true
+        end
+      end
+
+      def type(type_name)
+        t = if (loaded_t = @all_types[type_name])
+          loaded_t
+       elsif !@all_types_loaded
+         load_all_types
+          @all_types[type_name]
+        end
+
+        if t
+          if t.is_a?(Array)
+            vis_t = nil
+            t.each do |t_defn|
+              if @cached_visible[t_defn]
+                if vis_t.nil?
+                  vis_t = t_defn
+                else
+                  raise_duplicate_definition(vis_t, t_defn)
+                end
+              end
+            end
+            vis_t
+          else
+            if t && @cached_visible[t]
+              t
+            else
+              nil
+            end
+          end
+        end
+      end
+
+      def field(owner, field_name)
+        f = if owner.kind.fields? && (field = owner.get_field(field_name, @context))
+          field
+        elsif owner == query_root && (entry_point_field = @schema.introspection_system.entry_point(name: field_name))
+          entry_point_field
+        elsif (dynamic_field = @schema.introspection_system.dynamic_field(name: field_name))
+          dynamic_field
+        else
+          nil
+        end
+        if f.is_a?(Array)
+          visible_f = nil
+          f.each do |f_defn|
+            if @cached_visible_fields[owner][f_defn]
+
+              if visible_f.nil?
+                visible_f = f_defn
+              else
+                raise_duplicate_definition(visible_f, f_defn)
+              end
+            end
+          end
+          visible_f
+        else
+          if f && @cached_visible_fields[owner][f]
+            f
+          else
+            nil
+          end
+        end
+      end
+
+      def fields(owner)
+        non_duplicate_items(owner.all_field_definitions, @cached_visible_fields[owner])
+      end
+
+      def arguments(owner)
+        non_duplicate_items(owner.all_argument_definitions, @cached_visible_arguments)
+      end
+
+      def argument(owner, arg_name)
+        # TODO this makes a Warden.visible_entry call down the stack
+        # I need a non-Warden implementation
+        arg = owner.get_argument(arg_name, @context)
+        if arg.is_a?(Array)
+          visible_arg = nil
+          arg.each do |arg_defn|
+            if @cached_visible_arguments[arg_defn]
+              if arg_defn&.loads
+                add_type(arg_defn.loads, arg_defn)
+              end
+              if visible_arg.nil?
+                visible_arg = arg_defn
+              else
+                raise_duplicate_definition(visible_arg, arg_defn)
+              end
+            end
+          end
+          visible_arg
+        else
+          if arg && @cached_visible_arguments[arg]
+            if arg&.loads
+              add_type(arg.loads, arg)
+            end
+            arg
+          else
+            nil
+          end
+        end
+      end
+
+      def possible_types(type)
+        @cached_possible_types ||= Hash.new do |h, type|
+          pt = case type.kind.name
+          when "INTERFACE"
+            # TODO this requires the global map
+            @unfiltered_pt[type]
+          when "UNION"
+            type.type_memberships.select { |tm| @cached_visible[tm] && @cached_visible[tm.object_type] }.map!(&:object_type)
+          else
+            [type]
+          end
+
+          # TODO use `select!` when possible, skip it for `[type]`
+          h[type] = pt.select { |t|
+            @cached_visible[t] && referenced?(t)
+          }
+        end.compare_by_identity
+        @cached_possible_types[type]
+      end
+
+      def interfaces(obj_or_int_type)
+        ints = obj_or_int_type.interface_type_memberships
+          .select { |itm| @cached_visible[itm] && @cached_visible[itm.abstract_type] }
+          .map!(&:abstract_type)
+        ints.uniq! # Remove any duplicate interfaces implemented via other interfaces
+        ints
+      end
+
+      def query_root
+        add_if_visible(@schema.query)
+      end
+
+      def mutation_root
+        add_if_visible(@schema.mutation)
+      end
+
+      def subscription_root
+        add_if_visible(@schema.subscription)
+      end
+
+      def all_types
+        @all_types_filtered ||= begin
+          load_all_types
+          at = []
+          @all_types.each do |_name, type_defn|
+            if possible_types(type_defn).any? || referenced?(type_defn)
+              at << type_defn
+            end
+          end
+          at
+        end
+      end
+
+      def enum_values(owner)
+        values = non_duplicate_items(owner.all_enum_value_definitions, @cached_visible)
+        if values.size == 0
+          raise GraphQL::Schema::Enum::MissingValuesError.new(owner)
+        end
+        values
+      end
+
+      def directive_exists?(dir_name)
+        dir = @schema.directives[dir_name]
+        dir && @cached_visible[dir]
+      end
+
+      def directives
+        @schema.directives.each_value.select { |d| @cached_visible[d] }
+      end
+
+      def loadable?(t, _ctx)
+        !@all_types[t.graphql_name] # TODO make sure t is not reachable but t is visible
+      end
+
+      # TODO rename this to indicate that it is called with a typename
+      def reachable_type?(type_name)
+        load_all_types
+        !!((t = @all_types[type_name]) && referenced?(t))
+      end
+
+      def loaded_types
+        @all_types.values
+      end
+
+      private
+
+      def add_if_visible(t)
+        (t && @cached_visible[t]) ? (add_type(t, true); t) : nil
+      end
+
+      def add_type(t, by_member)
+        if t && @cached_visible[t]
+          n = t.graphql_name
+          if (prev_t = @all_types[n])
+            if !prev_t.equal?(t)
+              raise_duplicate_definition(prev_t, t)
+            end
+            false
+          else
+            @referenced_types[t] << by_member
+            @all_types[n] = t
+            @unvisited_types << t
+            true
+          end
+        else
+          false
+        end
+      end
+
+      def non_duplicate_items(definitions, visibility_cache)
+        non_dups = []
+        definitions.each do |defn|
+          if visibility_cache[defn]
+            if (dup_defn = non_dups.find { |d| d.graphql_name == defn.graphql_name })
+              raise_duplicate_definition(dup_defn, defn)
+            end
+            non_dups << defn
+          end
+        end
+        non_dups
+      end
+
+      def raise_duplicate_definition(first_defn, second_defn)
+        raise DuplicateNamesError.new(duplicated_name: first_defn.path, duplicated_definition_1: first_defn.inspect, duplicated_definition_2: second_defn.inspect)
+      end
+
+      def referenced?(t)
+        load_all_types
+        res = if @referenced_types[t].any? { |member| (member == true) || @cached_visible[member] }
+          if t.kind.abstract?
+            possible_types(t).any?
+          else
+            true
+          end
+        end
+        res
+      end
+
+      def load_all_types
+        return if @all_types_loaded
+        @all_types_loaded = true
+        schema_types = [
+          query_root,
+          mutation_root,
+          subscription_root,
+          *@schema.introspection_system.types.values,
+        ]
+
+        # Don't include any orphan_types whose interfaces aren't visible.
+        @schema.orphan_types.each do |orphan_type|
+          if @cached_visible[orphan_type] &&
+            orphan_type.interface_type_memberships.any? { |tm| @cached_visible[tm] && @cached_visible[tm.abstract_type] }
+            schema_types << orphan_type
+          end
+        end
+        schema_types.compact! # TODO why is this necessary?!
+        schema_types.flatten! # handle multiple defns
+        schema_types.each { |t| add_type(t, true) }
+
+        while t = @unvisited_types.pop
+          # These have already been checked for `.visible?`
+          visit_type(t)
+        end
+
+        @all_types.delete_if { |type_name, type_defn| !referenced?(type_defn) }
+        nil
+      end
+
+      def visit_type(type)
+        if type.kind.input_object?
+          # recurse into visible arguments
+          arguments(type).each do |argument|
+            add_type(argument.type.unwrap, argument)
+          end
+        elsif type.kind.union?
+          # recurse into visible possible types
+          type.type_memberships.each do |tm|
+            if @cached_visible[tm] && @cached_visible[tm.object_type]
+              add_type(tm.object_type, tm)
+            end
+          end
+        elsif type.kind.fields?
+          if type.kind.object?
+            # recurse into visible implemented interfaces
+            interfaces(type).each do |interface|
+              add_type(interface, type)
+            end
+          end
+
+          # recurse into visible fields
+          t_f = type.all_field_definitions
+          t_f.each do |field|
+            if @cached_visible[field]
+              field_type = field.type.unwrap
+              if field_type.kind.interface?
+                pt = @unfiltered_pt[field_type]
+                pt.each do |obj_type|
+                  if @cached_visible[obj_type] &&
+                      (tm = obj_type.interface_type_memberships.find { |tm| tm.abstract_type == field_type }) &&
+                      @cached_visible[tm]
+                    add_type(obj_type, tm)
+                  end
+                end
+              end
+              add_type(field_type, field)
+
+              # recurse into visible arguments
+              arguments(field).each do |argument|
+                add_type(argument.type.unwrap, argument)
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/graphql/schema/type_expression.rb

@@ -5,13 +5,13 @@ module GraphQL
     module TypeExpression
       # Fetch a type from a type map by its AST specification.
       # Return `nil` if not found.
-      # @param type_owner [#get_type] A thing for looking up types by name
+      # @param type_owner [#type] A thing for looking up types by name
       # @param ast_node [GraphQL::Language::Nodes::AbstractNode]
       # @return [Class, GraphQL::Schema::NonNull, GraphQL::Schema:List]
       def self.build_type(type_owner, ast_node)
         case ast_node
         when GraphQL::Language::Nodes::TypeName
-          type_owner.get_type(ast_node.name) # rubocop:disable Development/ContextIsPassedCop -- this is a `context` or `warden`, it's already query-aware
+          type_owner.type(ast_node.name) # rubocop:disable Development/ContextIsPassedCop -- this is a `context` or `warden`, it's already query-aware
         when GraphQL::Language::Nodes::NonNullType
           ast_inner_type = ast_node.of_type
           inner_type = build_type(type_owner, ast_inner_type)

data/lib/graphql/schema/validator/all_validator.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+module GraphQL
+  class Schema
+    class Validator
+      # Use this to validate each member of an array value.
+      #
+      # @example validate format of all strings in an array
+      #
+      #   argument :handles, [String],
+      #     validates: { all: { format: { with: /\A[a-z0-9_]+\Z/ } } }
+      #
+      # @example multiple validators can be combined
+      #
+      #   argument :handles, [String],
+      #     validates: { all: { format: { with: /\A[a-z0-9_]+\Z/ }, length: { maximum: 32 } } }
+      #
+      # @example any type can be used
+      #
+      #   argument :choices, [Integer],
+      #     validates: { all: { inclusion: { in: 1..12 } } }
+      #
+      class AllValidator < Validator
+        def initialize(validated:, allow_blank: false, allow_null: false, **validators)
+          super(validated: validated, allow_blank: allow_blank, allow_null: allow_null)
+
+          @validators = Validator.from_config(validated, validators)
+        end
+
+        def validate(object, context, value)
+          all_errors = EMPTY_ARRAY
+
+          value.each do |subvalue|
+            @validators.each do |validator|
+              errors = validator.validate(object, context, subvalue)
+              if errors &&
+                  (errors.is_a?(Array) && errors != EMPTY_ARRAY) ||
+                  (errors.is_a?(String))
+                if all_errors.frozen? # It's empty
+                  all_errors = []
+                end
+                if errors.is_a?(String)
+                  all_errors << errors
+                else
+                  all_errors.concat(errors)
+                end
+              end
+            end
+          end
+
+          unless all_errors.frozen?
+            all_errors.uniq!
+          end
+
+          all_errors
+        end
+      end
+    end
+  end
+end

data/lib/graphql/schema/validator.rb

@@ -169,3 +169,5 @@ require "graphql/schema/validator/allow_null_validator"
 GraphQL::Schema::Validator.install(:allow_null, GraphQL::Schema::Validator::AllowNullValidator)
 require "graphql/schema/validator/allow_blank_validator"
 GraphQL::Schema::Validator.install(:allow_blank, GraphQL::Schema::Validator::AllowBlankValidator)
+require "graphql/schema/validator/all_validator"
+GraphQL::Schema::Validator.install(:all, GraphQL::Schema::Validator::AllValidator)