Commit 2e57c01c authored by Luke Duncalfe's avatar Luke Duncalfe

GlobalID handle GIDs with unknown resource names

Previously a GID with an invalid `model_name` portion would through an
unhandled `NameError` when being parsed by `GlobalIdType`.

The error was thrown when calling `model_class` on the GID:

    GlobalID.new("gid://gitlab/invalid_name/7").model_class
    # => NameError: wrong constant name invalid_name

Which was due to `.model_class` calling `constantize` on the `String`.

This change handles this situation as a `GraphQL::CoercionError`.
parent a75605ca
...@@ -67,7 +67,10 @@ module Types ...@@ -67,7 +67,10 @@ module Types
end end
self.define_singleton_method(:suitable?) do |gid| self.define_singleton_method(:suitable?) do |gid|
gid&.model_class&.ancestors&.include?(model_class) next false if gid.nil?
gid.model_name.safe_constantize.present? &&
gid.model_class.ancestors.include?(model_class)
end end
self.define_singleton_method(:coerce_input) do |string, ctx| self.define_singleton_method(:coerce_input) do |string, ctx|
......
---
title: Handle GlobalIDs with invalid resource names
merge_request: 54290
author:
type: fixed
...@@ -5,7 +5,6 @@ require 'spec_helper' ...@@ -5,7 +5,6 @@ require 'spec_helper'
RSpec.describe Types::GlobalIDType do RSpec.describe Types::GlobalIDType do
let_it_be(:project) { create(:project) } let_it_be(:project) { create(:project) }
let(:gid) { project.to_global_id } let(:gid) { project.to_global_id }
let(:foreign_gid) { GlobalID.new(::URI::GID.build(app: 'otherapp', model_name: 'Project', model_id: project.id, params: nil)) }
it 'is has the correct name' do it 'is has the correct name' do
expect(described_class.to_graphql.name).to eq('GlobalID') expect(described_class.to_graphql.name).to eq('GlobalID')
...@@ -41,16 +40,18 @@ RSpec.describe Types::GlobalIDType do ...@@ -41,16 +40,18 @@ RSpec.describe Types::GlobalIDType do
it 'rejects invalid input' do it 'rejects invalid input' do
expect { described_class.coerce_isolated_input('not valid') } expect { described_class.coerce_isolated_input('not valid') }
.to raise_error(GraphQL::CoercionError) .to raise_error(GraphQL::CoercionError, /not a valid Global ID/)
end end
it 'rejects nil' do it 'rejects nil' do
expect(described_class.coerce_isolated_input(nil)).to be_nil expect(described_class.coerce_isolated_input(nil)).to be_nil
end end
it 'rejects gids from different apps' do it 'rejects GIDs from different apps' do
expect { described_class.coerce_isolated_input(foreign_gid) } invalid_gid = GlobalID.new(::URI::GID.build(app: 'otherapp', model_name: 'Project', model_id: project.id, params: nil))
.to raise_error(GraphQL::CoercionError)
expect { described_class.coerce_isolated_input(invalid_gid) }
.to raise_error(GraphQL::CoercionError, /is not a Gitlab Global ID/)
end end
end end
...@@ -79,14 +80,22 @@ RSpec.describe Types::GlobalIDType do ...@@ -79,14 +80,22 @@ RSpec.describe Types::GlobalIDType do
let(:gid) { build_stubbed(:user).to_global_id } let(:gid) { build_stubbed(:user).to_global_id }
it 'raises errors when coercing results' do it 'raises errors when coercing results' do
expect { type.coerce_isolated_result(gid) }.to raise_error(GraphQL::CoercionError) expect { type.coerce_isolated_result(gid) }
.to raise_error(GraphQL::CoercionError, /Expected a Project ID/)
end end
it 'will not coerce invalid input, even if its a valid GID' do it 'will not coerce invalid input, even if its a valid GID' do
expect { type.coerce_isolated_input(gid.to_s) } expect { type.coerce_isolated_input(gid.to_s) }
.to raise_error(GraphQL::CoercionError) .to raise_error(GraphQL::CoercionError, /does not represent an instance of Project/)
end end
end end
it 'handles GIDs for invalid resource names gracefully' do
invalid_gid = GlobalID.new(::URI::GID.build(app: GlobalID.app, model_name: 'invalid', model_id: 1, params: nil))
expect { type.coerce_isolated_input(invalid_gid) }
.to raise_error(GraphQL::CoercionError, /does not represent an instance of Project/)
end
end end
describe 'a parameterized type with a namespace' do describe 'a parameterized type with a namespace' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment