Enhance request body check
Closes gh-726
This commit is contained in:
@@ -84,8 +84,7 @@ public class WebGraphQlRequest extends DefaultExecutionGraphQlRequest implements
|
||||
URI uri, HttpHeaders headers, @Nullable MultiValueMap<String, HttpCookie> cookies,
|
||||
Map<String, Object> attributes, Map<String, Object> body, String id, @Nullable Locale locale) {
|
||||
|
||||
super(getKey("query", body), getKey("operationName", body), getKey("variables", body),
|
||||
getKey("extensions", body), id, locale);
|
||||
super(getQuery(body), getOperation(body), getMap("variables", body), getMap("extensions", body), id, locale);
|
||||
|
||||
Assert.notNull(uri, "URI is required'");
|
||||
Assert.notNull(headers, "HttpHeaders is required'");
|
||||
@@ -96,12 +95,31 @@ public class WebGraphQlRequest extends DefaultExecutionGraphQlRequest implements
|
||||
this.attributes = Collections.unmodifiableMap(attributes);
|
||||
}
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
private static <T> T getKey(String key, Map<String, Object> body) {
|
||||
if (key.equals("query") && !StringUtils.hasText((String) body.get(key))) {
|
||||
throw new ServerWebInputException("No \"query\" in the request document");
|
||||
private static String getQuery(Map<String, Object> body) {
|
||||
Object value = body.get("query");
|
||||
if (!(value instanceof String query) || !StringUtils.hasText(query)) {
|
||||
throw new ServerWebInputException("Invalid value for 'query'");
|
||||
}
|
||||
return (T) body.get(key);
|
||||
return (String) value;
|
||||
}
|
||||
|
||||
@Nullable
|
||||
private static String getOperation(Map<String, Object> body) {
|
||||
Object value = body.get("operation");
|
||||
if (value != null && !(value instanceof String)) {
|
||||
throw new ServerWebInputException("Invalid value for 'operation'");
|
||||
}
|
||||
return (String) value;
|
||||
}
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
@Nullable
|
||||
private static Map<String, Object> getMap(String key, Map<String, Object> body) {
|
||||
Object value = body.get(key);
|
||||
if (value != null && !(value instanceof Map)) {
|
||||
throw new ServerWebInputException("Invalid value for '" + key + "'");
|
||||
}
|
||||
return (Map<String, Object>) value;
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -0,0 +1,56 @@
|
||||
/*
|
||||
* Copyright 2002-2023 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.graphql.server;
|
||||
|
||||
import java.net.URI;
|
||||
import java.util.Collections;
|
||||
import java.util.Map;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import org.springframework.http.HttpHeaders;
|
||||
import org.springframework.util.LinkedMultiValueMap;
|
||||
import org.springframework.web.server.ServerWebInputException;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThatThrownBy;
|
||||
|
||||
/**
|
||||
* Unit tests for {@link WebGraphQlRequest}.
|
||||
*
|
||||
* @author Rossen Stoyanchev
|
||||
*/
|
||||
public class WebGraphQlRequestTests {
|
||||
|
||||
@Test // gh-726
|
||||
void invalidBody() {
|
||||
testInvalidBody(Map.of());
|
||||
testInvalidBody(Map.of("query", Collections.emptyMap()));
|
||||
testInvalidBody(Map.of("query", "query { foo }", "operation", Collections.emptyMap()));
|
||||
testInvalidBody(Map.of("query", "query { foo }", "variables", "not-a-map"));
|
||||
testInvalidBody(Map.of("query", "query { foo }", "extensions", "not-a-map"));
|
||||
}
|
||||
|
||||
private void testInvalidBody(Map<String, Object> body) {
|
||||
assertThatThrownBy(() ->
|
||||
new WebGraphQlRequest(
|
||||
URI.create("/graphql"), new HttpHeaders(), new LinkedMultiValueMap<>(),
|
||||
Collections.emptyMap(), body, "1", null))
|
||||
.isInstanceOf(ServerWebInputException.class);
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user