Skip to content

input validation too loose for string and boolean #771

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
itajaja opened this issue Mar 29, 2017 · 3 comments
Closed

input validation too loose for string and boolean #771

itajaja opened this issue Mar 29, 2017 · 3 comments
Assignees
@robzhu
Labels
bug

Comments

@itajaja
Copy link

itajaja commented Mar 29, 2017

this

{ "foo": [1, 2, 3]}

is a correct payload for the muation

export default mutationWithClientMutationId({
  name: 'Test',

  inputFields: {
    foo: { type: new GraphQLNonNull(GraphQLString) },
  },
...

happening beacuse of this.

Clearly [1, 2, 3] is not a string and this should probably be rejected. This kind of coercion makes sense for output types, but for mutation input this seems very odd, even more so considering that other things are validated (non-nullness, integers). I mean, if [1, 2, 3] is a string, then why isn't "foo" a valid integer? I am seeing a disparity here. Is there a reason for that?
@leebyron leebyron added the bug label Apr 29, 2017
@leebyron
Copy link
Contributor

This looks like a bug similar to #827

https://facebook.github.io/graphql/#sec-String

@robzhu robzhu self-assigned this Jun 12, 2017
@robzhu robzhu mentioned this issue Jun 21, 2017
Merged
@vladar
Copy link

vladar commented Sep 20, 2017

Coercion of booleans also seems invalid:

{"foo": "false"}

will be coerced to true by GraphQL Boolean Type without raising errors (here) even if specs explicitly says:

When expected as an input type, only boolean input values are accepted. 
All other input values must raise a query error indicating an incorrect type.

@vladar vladar mentioned this issue Sep 20, 2017
Closed
@leebyron
Copy link
Contributor

leebyron commented Dec 7, 2017

Now fixed in master and will be included in the next release

@leebyron leebyron closed this as completed Dec 7, 2017
@Mark-K Mark-K mentioned this issue Dec 14, 2017
Closed
@vladar vladar mentioned this issue Mar 3, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@robzhu robzhu

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@leebyron @vladar @itajaja @robzhu