Throw exception if cursor value is set, but empty. (#3360)

Author: NikoGrano

CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog
 
+## 2.5.5
+
+* GraphQL: Do not allow empty cursor values on `before` or `after`
+
 ## 2.5.4
 
 * Add a local cache in `ResourceClassResolver::getResourceClass()`

src/GraphQl/Resolver/Stage/SerializeStage.php

@@ -126,15 +126,17 @@ private function serializePaginatedCollection(iterable $collection, array $norma
         $nbPageItems = $collection->count();
         if (isset($args['after'])) {
             $after = base64_decode($args['after'], true);
-            if (false === $after) {
-                throw Error::createLocatedError(sprintf('Cursor %s is invalid', $args['after']), $info->fieldNodes, $info->path);
+            if (false === $after || '' === $args['after']) {
+                $msg = '' === $args['after'] ? 'Empty cursor is invalid' : sprintf('Cursor %s is invalid', $args['after']);
+                throw Error::createLocatedError($msg, $info->fieldNodes, $info->path);
             }
             $offset = 1 + (int) $after;
         }
         if (isset($args['before'])) {
             $before = base64_decode($args['before'], true);
-            if (false === $before) {
-                throw Error::createLocatedError(sprintf('Cursor %s is invalid', $args['before']), $info->fieldNodes, $info->path);
+            if (false === $before || '' === $args['before']) {
+                $msg = '' === $args['before'] ? 'Empty cursor is invalid' : sprintf('Cursor %s is invalid', $args['before']);
+                throw Error::createLocatedError($msg, $info->fieldNodes, $info->path);
             }
             $offset = (int) $before - $nbPageItems;
         }

tests/GraphQl/Resolver/Stage/SerializeStageTest.php

@@ -145,8 +145,10 @@ public function applyCollectionWithPaginationProvider(): array
             'paginator' => [new ArrayPaginator([new \stdClass(), new \stdClass(), new \stdClass()], 0, 2), [], ['totalCount' => 3., 'edges' => [['node' => ['normalized_item'], 'cursor' => 'MA=='], ['node' => ['normalized_item'], 'cursor' => 'MQ==']], 'pageInfo' => ['startCursor' => 'MA==', 'endCursor' => 'MQ==', 'hasNextPage' => true, 'hasPreviousPage' => false]]],
             'paginator with after cursor' => [new ArrayPaginator([new \stdClass(), new \stdClass(), new \stdClass()], 1, 2), ['after' => 'MA=='], ['totalCount' => 3., 'edges' => [['node' => ['normalized_item'], 'cursor' => 'MQ=='], ['node' => ['normalized_item'], 'cursor' => 'Mg==']], 'pageInfo' => ['startCursor' => 'MQ==', 'endCursor' => 'Mg==', 'hasNextPage' => false, 'hasPreviousPage' => true]]],
             'paginator with bad after cursor' => [new ArrayPaginator([], 0, 0), ['after' => '-'], null, Error::class, 'Cursor - is invalid'],
+            'paginator with empty after cursor' => [new ArrayPaginator([], 0, 0), ['after' => ''], null, Error::class, 'Empty cursor is invalid'],
             'paginator with before cursor' => [new ArrayPaginator([new \stdClass(), new \stdClass(), new \stdClass()], 1, 1), ['before' => 'Mg=='], ['totalCount' => 3., 'edges' => [['node' => ['normalized_item'], 'cursor' => 'MQ==']], 'pageInfo' => ['startCursor' => 'MQ==', 'endCursor' => 'MQ==', 'hasNextPage' => true, 'hasPreviousPage' => true]]],
             'paginator with bad before cursor' => [new ArrayPaginator([], 0, 0), ['before' => '-'], null, Error::class, 'Cursor - is invalid'],
+            'paginator with empty before cursor' => [new ArrayPaginator([], 0, 0), ['before' => ''], null, Error::class, 'Empty cursor is invalid'],
             'paginator with last' => [new ArrayPaginator([new \stdClass(), new \stdClass(), new \stdClass()], 1, 2), ['last' => 2], ['totalCount' => 3., 'edges' => [['node' => ['normalized_item'], 'cursor' => 'MQ=='], ['node' => ['normalized_item'], 'cursor' => 'Mg==']], 'pageInfo' => ['startCursor' => 'MQ==', 'endCursor' => 'Mg==', 'hasNextPage' => false, 'hasPreviousPage' => true]]],
         ];
     }