Skip to content

Add audit for variable coercion failure #58

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Mar 29, 2023
Merged

Add audit for variable coercion failure #58

merged 6 commits into from
Mar 29, 2023

Conversation

trevor-scheer
Copy link
Contributor

From the spec:

If CoerceVariableValues() raises a GraphQL request error, the server SHOULD NOT execute the request and SHOULD return a status code of 400 (Bad Request).

Fixes #57

Should I be also "should not"ing the request execution (and how can I accomplish that)?
I'm assuming I don't update the audit results (it looks like that's in a GH workflow) but let me know if there are any other changes that should come with PR.

@enisdenjo
Copy link
Member

Hey sorry, I haven't forgotten about this. Am currently on a break until next week - I'll review this properly then, thanks!

@glasser glasser mentioned this pull request Mar 23, 2023
Closed
enisdenjo
enisdenjo requested changes Mar 28, 2023
View reviewed changes
Copy link
Member

@enisdenjo enisdenjo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please rebase this PR on main because #29 should be fixed now.

@trevor-scheer trevor-scheer force-pushed the trevor/variable-coercion-audit branch from 44f503b to 3f73b45 Compare March 28, 2023 17:32
@trevor-scheer trevor-scheer requested a review from enisdenjo March 28, 2023 17:33
@trevor-scheer
Copy link
Contributor Author

@enisdenjo looks like the same needs to be done here as well?

graphql-http/.github/workflows/continuous-integration.yml

Line 7 in a51dffb

pull_request:

@enisdenjo
Copy link
Member

Not really, the CI does not change anything - its just checks.

@trevor-scheer
Copy link
Contributor Author

@enisdenjo ok. I only said that because the some of the statuses were expected but didn't seem to be running. It looks like everything's passed now.

@enisdenjo
Copy link
Member

I only said that because the some of the statuses were expected but didn't seem to be running

Yeah, the workflows have to be triggered manually for first-time contributors. But I think I'll add it still to avoid having the WFs manipulated by PRs. 🤔

@enisdenjo enisdenjo force-pushed the trevor/variable-coercion-audit branch from e38aac3 to 9ad1f96 Compare March 29, 2023 09:27
@enisdenjo enisdenjo merged commit 5ccedd7 into graphql:main Mar 29, 2023
@enisdenjo
Copy link
Member

Thank you! This is great, I just added the same test but for application/json.

@enisdenjo
Copy link
Member

🎉 This PR is included in version 1.17.1 🎉

The release is available on:

Your semantic-release bot 📦🚀

@enisdenjo enisdenjo added the released Has been released and published label Mar 31, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@enisdenjo enisdenjo Awaiting requested review from enisdenjo

Assignees
No one assigned
Labels
released Has been released and published
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Missing variable coercion failure audit
2 participants
@trevor-scheer @enisdenjo