Validate enum values in input variables (#4753)

apollographql · May 3, 2024 · 9aee4c3 · 9aee4c3
1 parent 0860da3
commit 9aee4c3
Show file tree

Hide file tree

Showing 6 changed files with 118 additions and 6 deletions.
diff --git a/.changesets/fix_geal_input_enum_validation.md b/.changesets/fix_geal_input_enum_validation.md
@@ -0,0 +1,5 @@
+### Validate enum values in input variables ([Issue #4633](https://github.com/apollographql/router/issues/4633))
+
+The Router will now validate enum values provided in JSON variables.
+
+By [@Geal](https://github.com/Geal) in https://github.com/apollographql/router/pull/4753
diff --git a/...upergraph/snapshots/apollo_router__services__supergraph__tests__invalid_input_enum-2.snap b/...upergraph/snapshots/apollo_router__services__supergraph__tests__invalid_input_enum-2.snap
@@ -0,0 +1,15 @@
+---
+source: apollo-router/src/services/supergraph/tests.rs
+expression: response
+---
+{
+  "errors": [
+    {
+      "message": "invalid type for variable: 'input'",
+      "extensions": {
+        "name": "input",
+        "code": "VALIDATION_INVALID_TYPE_VARIABLE"
+      }
+    }
+  ]
+}
diff --git a/.../supergraph/snapshots/apollo_router__services__supergraph__tests__invalid_input_enum.snap b/.../supergraph/snapshots/apollo_router__services__supergraph__tests__invalid_input_enum.snap
@@ -0,0 +1,20 @@
+---
+source: apollo-router/src/services/supergraph/tests.rs
+expression: response
+---
+{
+  "errors": [
+    {
+      "message": "Value \"C does not exist in \"InputEnum\" enum.",
+      "locations": [
+        {
+          "line": 1,
+          "column": 21
+        }
+      ],
+      "extensions": {
+        "code": "GRAPHQL_VALIDATION_FAILED"
+      }
+    }
+  ]
+}
diff --git a/...upergraph/snapshots/apollo_router__services__supergraph__tests__query_reconstruction.snap b/...upergraph/snapshots/apollo_router__services__supergraph__tests__query_reconstruction.snap
@@ -1,5 +1,5 @@
 ---
-source: apollo-router/src/services/supergraph_service.rs
+source: apollo-router/src/services/supergraph/tests.rs
 expression: stream.next_response().await.unwrap()
 ---
 {

diff --git a/apollo-router/src/services/supergraph/tests.rs b/apollo-router/src/services/supergraph/tests.rs
@@ -3549,3 +3549,76 @@ async fn abstract_types_in_requires() {
     let mut stream = service.oneshot(request).await.unwrap();
     insta::assert_json_snapshot!(stream.next_response().await.unwrap());
 }
+
+const ENUM_SCHEMA: &str = r#"schema
+        @core(feature: "https://specs.apollo.dev/core/v0.1")
+        @core(feature: "https://specs.apollo.dev/join/v0.1")
+        @core(feature: "https://specs.apollo.dev/inaccessible/v0.1")
+         {
+        query: Query
+   }
+   directive @core(feature: String!) repeatable on SCHEMA
+   directive @join__field(graph: join__Graph, requires: join__FieldSet, provides: join__FieldSet) on FIELD_DEFINITION
+   directive @join__type(graph: join__Graph!, key: join__FieldSet) repeatable on OBJECT | INTERFACE
+   directive @join__owner(graph: join__Graph!) on OBJECT | INTERFACE
+   directive @join__graph(name: String!, url: String!) on ENUM_VALUE
+   directive @inaccessible on OBJECT | FIELD_DEFINITION | INTERFACE | UNION
+   scalar join__FieldSet
+   enum join__Graph {
+       USER @join__graph(name: "user", url: "http://localhost:4001/graphql")
+       ORGA @join__graph(name: "orga", url: "http://localhost:4002/graphql")
+   }
+   type Query {
+      test(input: InputEnum): String @join__field(graph: USER)
+   }
+
+   enum InputEnum {
+    A
+    B
+  }"#;
+
+#[tokio::test]
+async fn invalid_input_enum() {
+    let service = TestHarness::builder()
+        .configuration_json(serde_json::json!({"include_subgraph_errors": { "all": true } }))
+        .unwrap()
+        .schema(ENUM_SCHEMA)
+        //.extra_plugin(subgraphs)
+        .build_supergraph()
+        .await
+        .unwrap();
+
+    let request = supergraph::Request::fake_builder()
+        .query("query { test(input: C) }")
+        .context(defer_context())
+        // Request building here
+        .build()
+        .unwrap();
+    let response = service
+        .clone()
+        .oneshot(request)
+        .await
+        .unwrap()
+        .next_response()
+        .await
+        .unwrap();
+
+    insta::assert_json_snapshot!(response);
+
+    let request = supergraph::Request::fake_builder()
+        .query("query($input: InputEnum) { test(input: $input) }")
+        .variable("input", "INVALID")
+        .context(defer_context())
+        // Request building here
+        .build()
+        .unwrap();
+    let response = service
+        .oneshot(request)
+        .await
+        .unwrap()
+        .next_response()
+        .await
+        .unwrap();
+
+    insta::assert_json_snapshot!(response);
+}
diff --git a/apollo-router/src/spec/field_type.rs b/apollo-router/src/spec/field_type.rs
@@ -134,11 +134,10 @@ fn validate_input_value(
         // Custom scalar: accept any JSON value
         (schema::ExtendedType::Scalar(_), _) => Ok(()),
 
-        // TODO: check enum value?
-        // (schema::ExtendedType::Enum(def), Value::String(s)) => {
-        //     from_bool(def.values.contains_key(s))
-        // },
-        (schema::ExtendedType::Enum(_), _) => Ok(()),
+        (schema::ExtendedType::Enum(def), Value::String(s)) => {
+            from_bool(def.values.contains_key(s.as_str()))
+        }
+        (schema::ExtendedType::Enum(_), _) => Err(InvalidValue),
 
         (schema::ExtendedType::InputObject(def), Value::Object(obj)) => {
             // TODO: check keys in `obj` but not in `def.fields`?