Merge pull request #3120 from rmosolgo/validate-input-types

Assert valid input types when adding arguments to schema

Author: Robert Mosolgo

lib/graphql/schema/argument.rb

@@ -146,12 +146,21 @@ def to_graphql
         argument
       end
 
-      attr_writer :type
+      def type=(new_type)
+        validate_input_type(new_type)
+        @type = new_type
+      end
 
       def type
-        @type ||= Member::BuildType.parse_type(@type_expr, null: @null)
-      rescue StandardError => err
-        raise ArgumentError, "Couldn't build type for Argument #{@owner.name}.#{name}: #{err.class.name}: #{err.message}", err.backtrace
+        @type ||= begin
+          parsed_type = begin
+            Member::BuildType.parse_type(@type_expr, null: @null)
+          rescue StandardError => err
+            raise ArgumentError, "Couldn't build type for Argument #{@owner.name}.#{name}: #{err.class.name}: #{err.message}", err.backtrace
+          end
+          validate_input_type(parsed_type)
+          parsed_type
+        end
       end
 
       def statically_coercible?
@@ -186,6 +195,18 @@ def prepare_value(obj, value, context: nil)
           raise "Invalid prepare for #{@owner.name}.name: #{@prepare.inspect}"
         end
       end
+
+      def validate_input_type(input_type)
+        if input_type.is_a?(String) || input_type.is_a?(GraphQL::Schema::LateBoundType)
+          # Do nothing; assume this will be validated later
+        elsif input_type.kind.non_null? || input_type.kind.list?
+          validate_input_type(input_type.unwrap)
+        elsif !input_type.kind.input?
+          raise ArgumentError, "Invalid input type for #{path}: #{input_type.graphql_name}. Must be scalar, enum, or input object, not #{input_type.kind.name}."
+        else
+          # It's an input type, we're OK
+        end
+      end
     end
   end
 end

spec/graphql/schema/argument_spec.rb

@@ -266,4 +266,46 @@ def self.object_from_id(id, ctx)
       assert_nil res5["data"].fetch("nullableEnsemble")
     end
   end
+
+  describe "invalid input types" do
+    class InvalidArgumentTypeSchema < GraphQL::Schema
+      class InvalidArgumentType < GraphQL::Schema::Object
+      end
+
+      class InvalidArgumentObject < GraphQL::Schema::Object
+        field :invalid, Boolean, null: false do
+          argument :object_ref, InvalidArgumentType, required: false
+        end
+      end
+
+      class InvalidLazyArgumentObject < GraphQL::Schema::Object
+        field :invalid, Boolean, null: false do
+          argument :lazy_object_ref, "InvalidArgumentTypeSchema::InvalidArgumentType", required: false
+        end
+      end
+
+      use GraphQL::Execution::Interpreter
+      use GraphQL::Analysis::AST
+    end
+
+    it "rejects them" do
+      err = assert_raises ArgumentError do
+        Class.new(InvalidArgumentTypeSchema) do
+          query(InvalidArgumentTypeSchema::InvalidArgumentObject)
+        end
+      end
+
+      expected_message = "Invalid input type for InvalidArgumentObject.invalid.objectRef: InvalidArgument. Must be scalar, enum, or input object, not OBJECT."
+      assert_equal expected_message, err.message
+
+      err = assert_raises ArgumentError do
+        Class.new(InvalidArgumentTypeSchema) do
+          query(InvalidArgumentTypeSchema::InvalidLazyArgumentObject)
+        end
+      end
+
+      expected_message = "Invalid input type for InvalidLazyArgumentObject.invalid.lazyObjectRef: InvalidArgument. Must be scalar, enum, or input object, not OBJECT."
+      assert_equal expected_message, err.message
+    end
+  end
 end