Enforces input coercion rules. (#553)

* Enforces input coercion rules.

Before this diff, bad input to arguments and variables was often ignored and replaced with `null` rather than rejected. Now that `null` has a semantic meaning, and thanks to some recent changes to the spec (graphql/graphql-spec#221) - changes are necessary in order to enforce the stricter coercion rules.

This diff does the following:

* Implements the CoerceArgumentValues as described in the spec.
* Implements the CoerceVariablesValues as described in the spec.
* Alters valueFromAST and coerceValue (dual functions) to strictly enforce coercion, returning `undefined` implicitly when they fail to do so. It also fixes issues where undefined returns were being ignored as items in a list or fields in an input object.

* Fix most of the failing tests

* Fix missing data from errors

* fix lint issues

* Add full behavior test cases for valueFromAST

* additional value coercion tests

* Add appropriate list item behavior for missing vars

Author: leebyron

src/error/locatedError.js

@@ -23,7 +23,7 @@ export function locatedError(
 ): GraphQLError {
   // Note: this uses a brand-check to support GraphQL errors originating from
   // other contexts.
-  if (originalError && originalError.locations) {
+  if (originalError && originalError.path) {
     return (originalError: any);
   }
 
@@ -32,9 +32,9 @@ export function locatedError(
     'An unknown error occurred.';
   return new GraphQLError(
     message,
-    nodes,
-    undefined,
-    undefined,
+    originalError && (originalError: any).nodes || nodes,
+    originalError && (originalError: any).source,
+    originalError && (originalError: any).positions,
     path,
     originalError
   );

src/execution/__tests__/abstract-test.js

@@ -258,7 +258,8 @@ describe('Execute: Handles execution of abstract types', () => {
         {
           message:
             'Runtime Object type "Human" is not a possible type for "Pet".',
-          locations: [ { line: 2, column: 7 } ]
+          locations: [ { line: 2, column: 7 } ],
+          path: [ 'pets', 2 ]
         }
       ]
     });
@@ -347,7 +348,8 @@ describe('Execute: Handles execution of abstract types', () => {
         {
           message:
             'Runtime Object type "Human" is not a possible type for "Pet".',
-          locations: [ { line: 2, column: 7 } ]
+          locations: [ { line: 2, column: 7 } ],
+          path: [ 'pets', 2 ]
         }
       ]
     });

src/execution/__tests__/variables-test.js

@@ -199,24 +199,30 @@ describe('Execute: Handles inputs', () => {
 
         const result = await execute(schema, ast);
 
-        expect(result).to.deep.equal({
+        expect(result).to.containSubset({
           data: {
             fieldWithObjectInput: null
-          }
+          },
+          errors: [ {
+            message:
+              'Argument "input" got invalid value ["foo", "bar", "baz"].\n' +
+              'Expected "TestInputObject", found not an object.',
+            path: [ 'fieldWithObjectInput' ]
+          } ]
         });
       });
 
       it('properly runs parseLiteral on complex scalar types', async () => {
         const doc = `
         {
-          fieldWithObjectInput(input: {a: "foo", d: "SerializedValue"})
+          fieldWithObjectInput(input: {c: "foo", d: "SerializedValue"})
         }
         `;
         const ast = parse(doc);
 
         return expect(await execute(schema, ast)).to.deep.equal({
           data: {
-            fieldWithObjectInput: '{"a":"foo","d":"DeserializedValue"}',
+            fieldWithObjectInput: '{"c":"foo","d":"DeserializedValue"}',
           }
         });
       });
@@ -482,7 +488,21 @@ describe('Execute: Handles inputs', () => {
     });
   });
 
-  describe('Handles non-nullable scalars', () => {
+  describe('Handles non-nullable scalars', async () => {
+    it('allows non-nullable inputs to be omitted given a default', async () => {
+      const doc = `
+        query SetsNonNullable($value: String = "default") {
+          fieldWithNonNullableStringInput(input: $value)
+        }
+      `;
+
+      expect(await execute(schema, parse(doc))).to.deep.equal({
+        data: {
+          fieldWithNonNullableStringInput: '"default"'
+        }
+      });
+    });
+
     it('does not allow non-nullable inputs to be omitted in a variable', async () => {
       const doc = `
         query SetsNonNullable($value: String!) {
@@ -522,7 +542,8 @@ describe('Execute: Handles inputs', () => {
       expect(caughtError).to.containSubset({
         locations: [ { line: 2, column: 31 } ],
         message:
-          'Variable "$value" of required type "String!" was not provided.'
+          'Variable "$value" got invalid value null.\n' +
+          'Expected "String!", found null.'
       });
     });
 
@@ -558,7 +579,7 @@ describe('Execute: Handles inputs', () => {
       });
     });
 
-    it('passes along null for non-nullable inputs if explcitly set in the query', async () => {
+    it('reports error for missing non-nullable inputs', async () => {
       const doc = `
       {
         fieldWithNonNullableStringInput
@@ -569,7 +590,39 @@ describe('Execute: Handles inputs', () => {
       return expect(await execute(schema, ast)).to.deep.equal({
         data: {
           fieldWithNonNullableStringInput: null
-        }
+        },
+        errors: [ {
+          message: 'Argument "input" of required type "String!" was not provided.',
+          locations: [ { line: 3, column: 9 } ],
+          path: [ 'fieldWithNonNullableStringInput' ]
+        } ]
+      });
+    });
+
+    it('reports error for non-provided variables for non-nullable inputs', async () => {
+      // Note: this test would typically fail validation before encountering
+      // this execution error, however for queries which previously validated
+      // and are being run against a new schema which have introduced a breaking
+      // change to make a formerly non-required argument required, this asserts
+      // failure before allowing the underlying code to receive a non-null value.
+      const doc = `
+      {
+        fieldWithNonNullableStringInput(input: $foo)
+      }
+      `;
+      const ast = parse(doc);
+
+      return expect(await execute(schema, ast)).to.deep.equal({
+        data: {
+          fieldWithNonNullableStringInput: null
+        },
+        errors: [ {
+          message:
+            'Argument "input" of required type "String!" was provided the ' +
+            'variable "$foo" which was not provided a runtime value.',
+          locations: [ { line: 3, column: 48 } ],
+          path: [ 'fieldWithNonNullableStringInput' ]
+        } ]
       });
     });
   });
@@ -644,7 +697,8 @@ describe('Execute: Handles inputs', () => {
       expect(caughtError).to.containSubset({
         locations: [ { line: 2, column: 17 } ],
         message:
-          'Variable "$input" of required type "[String]!" was not provided.'
+          'Variable "$input" got invalid value null.\n' +
+          'Expected "[String]!", found null.'
       });
     });
 
@@ -758,7 +812,8 @@ describe('Execute: Handles inputs', () => {
       expect(caughtError).to.containSubset({
         locations: [ { line: 2, column: 17 } ],
         message:
-          'Variable "$input" of required type "[String!]!" was not provided.'
+          'Variable "$input" got invalid value null.\n' +
+          'Expected "[String!]!", found null.'
       });
     });
 
@@ -820,7 +875,7 @@ describe('Execute: Handles inputs', () => {
       }
 
       expect(caughtError).to.containSubset({
-        locations: [ { line: 2, column: 17 } ],
+        locations: [ { line: 2, column: 25 } ],
         message:
           'Variable "$input" expected value of type "TestType!" which cannot ' +
           'be used as an input type.'
@@ -844,7 +899,7 @@ describe('Execute: Handles inputs', () => {
       }
 
       expect(caughtError).to.containSubset({
-        locations: [ { line: 2, column: 17 } ],
+        locations: [ { line: 2, column: 25 } ],
         message:
           'Variable "$input" expected value of type "UnknownType!" which ' +
           'cannot be used as an input type.'
@@ -867,7 +922,7 @@ describe('Execute: Handles inputs', () => {
       });
     });
 
-    it('when nullable variable provided', async () => {
+    it('when omitted variable provided', async () => {
       const ast = parse(`query optionalVariable($optional: String) {
         fieldWithDefaultArgumentValue(input: $optional)
       }`);
@@ -879,15 +934,22 @@ describe('Execute: Handles inputs', () => {
       });
     });
 
-    it('when argument provided cannot be parsed', async () => {
+    it('not when argument cannot be coerced', async () => {
       const ast = parse(`{
         fieldWithDefaultArgumentValue(input: WRONG_TYPE)
       }`);
 
       return expect(await execute(schema, ast)).to.deep.equal({
         data: {
-          fieldWithDefaultArgumentValue: '"Hello World"'
-        }
+          fieldWithDefaultArgumentValue: null
+        },
+        errors: [ {
+          message:
+            'Argument "input" got invalid value WRONG_TYPE.\n' +
+            'Expected type "String", found WRONG_TYPE.',
+          locations: [ { line: 2, column: 46 } ],
+          path: [ 'fieldWithDefaultArgumentValue' ]
+        } ]
       });
     });
 

src/execution/execute.js

@@ -458,8 +458,8 @@ function shouldIncludeNode(
   );
   if (skipAST) {
     const { if: skipIf } = getArgumentValues(
-      GraphQLSkipDirective.args,
-      skipAST.arguments,
+      GraphQLSkipDirective,
+      skipAST,
       exeContext.variableValues
     );
     if (skipIf === true) {
@@ -473,8 +473,8 @@ function shouldIncludeNode(
   );
   if (includeAST) {
     const { if: includeIf } = getArgumentValues(
-      GraphQLIncludeDirective.args,
-      includeAST.arguments,
+      GraphQLIncludeDirective,
+      includeAST,
       exeContext.variableValues
     );
     if (includeIf === false) {
@@ -559,15 +559,6 @@ function resolveField(
   const returnType = fieldDef.type;
   const resolveFn = fieldDef.resolve || defaultResolveFn;
 
-  // Build a JS object of arguments from the field.arguments AST, using the
-  // variables scope to fulfill any variable references.
-  // TODO: find a way to memoize, in case this field is within a List type.
-  const args = getArgumentValues(
-    fieldDef.args,
-    fieldAST.arguments,
-    exeContext.variableValues
-  );
-
   // The resolve function's optional third argument is a context value that
   // is provided to every resolve function within an execution. It is commonly
   // used to represent an authenticated user, or request-specific caches.
@@ -590,7 +581,15 @@ function resolveField(
 
   // Get the resolve function, regardless of if its result is normal
   // or abrupt (error).
-  const result = resolveOrError(resolveFn, source, args, context, info);
+  const result = resolveOrError(
+    exeContext,
+    fieldDef,
+    fieldAST,
+    resolveFn,
+    source,
+    context,
+    info
+  );
 
   return completeValueCatchingError(
     exeContext,
@@ -605,13 +604,24 @@ function resolveField(
 // Isolates the "ReturnOrAbrupt" behavior to not de-opt the `resolveField`
 // function. Returns the result of resolveFn or the abrupt-return Error object.
 function resolveOrError(
+  exeContext: ExecutionContext,
+  fieldDef: GraphQLFieldDefinition,
+  fieldAST: Field,
   resolveFn: GraphQLFieldResolveFn<*>,
   source: mixed,
-  args: { [key: string]: mixed },
   context: mixed,
   info: GraphQLResolveInfo
 ): Error | mixed {
   try {
+    // Build a JS object of arguments from the field.arguments AST, using the
+    // variables scope to fulfill any variable references.
+    // TODO: find a way to memoize, in case this field is within a List type.
+    const args = getArgumentValues(
+      fieldDef,
+      fieldAST,
+      exeContext.variableValues
+    );
+
     return resolveFn(source, args, context, info);
   } catch (error) {
     // Sometimes a non-error is thrown, wrap it as an Error for a