graphql-query-complexity icon indicating copy to clipboard operation
graphql-query-complexity copied to clipboard

Published 20 hours ago verified publisher icon slicknode

Weird error when running mutations with invalid inputs

Open adamors opened this issue 3 years ago • 5 comments

Hey, I've encountered a bug when running mutations and providing an invalid input.

Given the following schema

type Query {
  hello: String
}

input AddFavoriteFoodInput {
  id: ID!
  comment: String!
  foodNames: [String!]!
}

type Mutation {
  addFavoriteFood(input: AddFavoriteFoodInput!): Boolean!
}

if you run the mutation

mutation AddFavoriteFood($input: AddFavoriteFoodInput!) {
  addFavoriteFood(input: $input)
}

with variables

{
  "input": {
    "id": "123",
    "comment": "Hello",
    "foodNames": [
      "Pizza",
      "Apple",
       null,
      "Pineapple"
    ]
  }
}

the expected error message is:

"Variable \"$input\" got invalid value null at \"input.foodNames[2]\";
Expected non-nullable type \"String!\" not to be null."

However with GraphQL Complexity enabled, this turns into

"Argument \"input\" of required type \"AddFavoriteFoodInput!\" was provided the
variable \"$input\" which was not provided a runtime value."

Here's a repo reproducing the issue: https://github.com/adamors/graphql-complexity-bug

adamors avatar Dec 10 '21 18:12 adamors

Hello @adamors, I'm getting the same error as well. have you found any workarounds? thank you.

ahrbil avatar Dec 21 '21 13:12 ahrbil

@ahrbil not really, currently any code that calls the graphql complexity methods is wrapped in a try/catch and the error is discarded.

adamors avatar Dec 21 '21 13:12 adamors

This library does not implement query and input validation to not duplicate the functionality and increase execution costs. So the error messages can vary. One option would be to validate the query and input arguments using the functions from the graphql-js library before running the complexity calculation.

ivome avatar Jan 21 '22 16:01 ivome

~~I'm actually seeing this when valid input is given. Feels like a bug in the library itself.~~

Taking this back - any error is obscured by this cryptic error when using this library. In development it'd be nice to have the actual errors sent to the client.

jjm340 avatar Feb 03 '22 17:02 jjm340

This library does not implement query and input validation to not duplicate the functionality and increase execution costs. So the error messages can vary. One option would be to validate the query and input arguments using the functions from the graphql-js library before running the complexity calculation.

@ivome I don't understand your work-around - can you elaborate?

jjm340 avatar Feb 03 '22 22:02 jjm340

This should be fixed by the changes from #78

ivome avatar Aug 27 '22 14:08 ivome