Add validation at document parse time

dondonz · dondonz · commit 9a69970ca86e · 2024-12-22T17:14:08.000+11:00
diff --git a/src/main/java/graphql/validation/ValidationErrorType.java b/src/main/java/graphql/validation/ValidationErrorType.java
@@ -43,5 +43,6 @@ public enum ValidationErrorType implements ValidationErrorClassification {
     NullValueForNonNullArgument,
     SubscriptionMultipleRootFields,
     SubscriptionIntrospectionRootField,
-    UniqueObjectFieldName
+    UniqueObjectFieldName,
+    UnknownOperation
 }
diff --git a/src/main/java/graphql/validation/Validator.java b/src/main/java/graphql/validation/Validator.java
@@ -1,7 +1,6 @@
 package graphql.validation;
 
 
-import graphql.ExperimentalApi;
 import graphql.Internal;
 import graphql.i18n.I18n;
 import graphql.language.Document;
@@ -10,6 +9,7 @@
 import graphql.validation.rules.DeferDirectiveLabel;
 import graphql.validation.rules.DeferDirectiveOnRootLevel;
 import graphql.validation.rules.DeferDirectiveOnValidOperation;
+import graphql.validation.rules.KnownOperationTypes;
 import graphql.validation.rules.UniqueObjectFieldName;
 import graphql.validation.rules.ExecutableDefinitions;
 import graphql.validation.rules.FieldsOnCorrectType;
@@ -52,7 +52,7 @@ public class Validator {
      * `graphql-java` will stop validation after a maximum number of validation messages has been reached.  Attackers
      * can send pathologically invalid queries to induce a Denial of Service attack and fill memory with 10000s of errors
      * and burn CPU in process.
-     *
+     * <p>
      * By default, this is set to 100 errors.  You can set a new JVM wide value as the maximum allowed validation errors.
      *
      * @param maxValidationErrors the maximum validation errors allow JVM wide
@@ -169,6 +169,10 @@ public List<AbstractRule> createRules(ValidationContext validationContext, Valid
 
         DeferDirectiveLabel deferDirectiveLabel = new DeferDirectiveLabel(validationContext, validationErrorCollector);
         rules.add(deferDirectiveLabel);
+
+        KnownOperationTypes knownOperationTypes = new KnownOperationTypes(validationContext, validationErrorCollector);
+        rules.add(knownOperationTypes);
+
         return rules;
     }
 }
diff --git a/src/main/java/graphql/validation/rules/KnownOperationTypes.java b/src/main/java/graphql/validation/rules/KnownOperationTypes.java
@@ -0,0 +1,43 @@
+package graphql.validation.rules;
+
+import graphql.Internal;
+import graphql.language.OperationDefinition;
+import graphql.schema.GraphQLSchema;
+import graphql.validation.AbstractRule;
+import graphql.validation.ValidationContext;
+import graphql.validation.ValidationErrorCollector;
+
+import static graphql.validation.ValidationErrorType.UnknownOperation;
+
+/**
+ * Unique variable names
+ * <p>
+ * A GraphQL operation is only valid if all its variables are uniquely named.
+ */
+@Internal
+public class KnownOperationTypes extends AbstractRule {
+
+    public KnownOperationTypes(ValidationContext validationContext, ValidationErrorCollector validationErrorCollector) {
+        super(validationContext, validationErrorCollector);
+    }
+
+    @Override
+    public void checkOperationDefinition(OperationDefinition operationDefinition) {
+        OperationDefinition.Operation documentOperation = operationDefinition.getOperation();
+        GraphQLSchema graphQLSchema = getValidationContext().getSchema();
+        if (documentOperation == OperationDefinition.Operation.MUTATION
+                && graphQLSchema.getMutationType() == null) {
+            String message = i18n(UnknownOperation, "KnownOperationTypes.noOperation", documentOperation.name());
+            addError(UnknownOperation, operationDefinition.getSourceLocation(), message);
+        } else if (documentOperation == OperationDefinition.Operation.SUBSCRIPTION
+                && graphQLSchema.getSubscriptionType() == null) {
+            String message = i18n(UnknownOperation, "KnownOperationTypes.noOperation", documentOperation.name());
+            addError(UnknownOperation, operationDefinition.getSourceLocation(), message);
+        } else if (documentOperation == OperationDefinition.Operation.QUERY
+                && graphQLSchema.getQueryType() == null) {
+            // This is unlikely to happen, as a validated GraphQLSchema must have a Query type by definition
+            String message = i18n(UnknownOperation, "KnownOperationTypes.noOperation", documentOperation.name());
+            addError(UnknownOperation, operationDefinition.getSourceLocation(), message);
+        }
+    }
+}
diff --git a/src/main/resources/i18n/Validation.properties b/src/main/resources/i18n/Validation.properties
@@ -38,6 +38,8 @@ KnownFragmentNames.undefinedFragment=Validation error ({0}) : Undefined fragment
 #
 KnownTypeNames.unknownType=Validation error ({0}) : Unknown type ''{1}''
 #
+KnownOperationTypes.noOperation=Validation error ({0}): The ''{1}'' operation is not supported by the schema
+#
 LoneAnonymousOperation.withOthers=Validation error ({0}) : Anonymous operation with other operations
 LoneAnonymousOperation.namedOperation=Validation error ({0}) : Operation ''{1}'' is following anonymous operation
 #
diff --git a/src/test/groovy/graphql/ParseAndValidateTest.groovy b/src/test/groovy/graphql/ParseAndValidateTest.groovy
@@ -1,11 +1,10 @@
 package graphql
 
 import graphql.language.Document
+import graphql.language.SourceLocation
 import graphql.parser.InvalidSyntaxException
 import graphql.parser.Parser
-import graphql.schema.GraphQLSchema
 import graphql.schema.idl.SchemaParser
-import graphql.schema.idl.TypeDefinitionRegistry
 import graphql.schema.idl.UnExecutableSchemaGenerator
 import graphql.validation.ValidationError
 import graphql.validation.ValidationErrorType
@@ -162,29 +161,50 @@ class ParseAndValidateTest extends Specification {
         !rs.errors.isEmpty() // all rules apply - we have errors
     }
 
-    def "issue 2740 - evidence of not working"() {
+    def "validation error raised if mutation operation does not exist in schema"() {
         def sdl = '''
         type Query {
-            myquery : String!
+            myQuery : String!
         }
         '''
 
         def registry = new SchemaParser().parse(sdl)
         def schema = UnExecutableSchemaGenerator.makeUnExecutableSchema(registry)
-        def graphQL = GraphQL.newGraphQL(schema).build()
-
-        String request = "mutation MyMutation { mymutation }"
+        String request = "mutation MyMutation { myMutation }"
 
         when:
-        def er = graphQL.execute(request)
+        Document inputDocument = new Parser().parseDocument(request)
+        List<ValidationError> errors = ParseAndValidate.validate(schema, inputDocument)
+
         then:
-        er.errors.size() == 1
+        errors.size() == 1
+        def error = errors.first()
+        error.validationErrorType == ValidationErrorType.UnknownOperation
+        error.message == "Validation error (UnknownOperation): The 'MUTATION' operation is not supported by the schema"
+        error.locations == [new SourceLocation(1, 1)]
+    }
+
+    def "validation error raised if subscription operation does not exist in schema"() {
+        def sdl = '''
+        type Query {
+            myQuery : String!
+        }
+        '''
+
+        def registry = new SchemaParser().parse(sdl)
+        def schema = UnExecutableSchemaGenerator.makeUnExecutableSchema(registry)
+
+        String request = "subscription MySubscription { mySubscription }"
 
         when:
         Document inputDocument = new Parser().parseDocument(request)
         List<ValidationError> errors = ParseAndValidate.validate(schema, inputDocument)
 
         then:
         errors.size() == 1
+        def error = errors.first()
+        error.validationErrorType == ValidationErrorType.UnknownOperation
+        error.message == "Validation error (UnknownOperation): The 'SUBSCRIPTION' operation is not supported by the schema"
+        error.locations == [new SourceLocation(1, 1)]
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -43,5 +43,6 @@ public enum ValidationErrorType implements ValidationErrorClassification {`
`43`	`43`	`NullValueForNonNullArgument,`
`44`	`44`	`SubscriptionMultipleRootFields,`
`45`	`45`	`SubscriptionIntrospectionRootField,`
`46`		`- UniqueObjectFieldName`
	`46`	`+ UniqueObjectFieldName,`
	`47`	`+ UnknownOperation`
`47`	`48`	`}`
Original file line number	Diff line number	Diff line change
`@@ -38,6 +38,8 @@ KnownFragmentNames.undefinedFragment=Validation error ({0}) : Undefined fragment`
`38`	`38`	`#`
`39`	`39`	`KnownTypeNames.unknownType=Validation error ({0}) : Unknown type ''{1}''`
`40`	`40`	`#`
	`41`	`+KnownOperationTypes.noOperation=Validation error ({0}): The ''{1}'' operation is not supported by the schema`
	`42`	`+#`
`41`	`43`	`LoneAnonymousOperation.withOthers=Validation error ({0}) : Anonymous operation with other operations`
`42`	`44`	`LoneAnonymousOperation.namedOperation=Validation error ({0}) : Operation ''{1}'' is following anonymous operation`
`43`	`45`	`#`