joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

GraphQL: Improve session token error messages (#5753)

Browse Source 
* GraphQL: Improve session token error message

Fixes the session token related error messages during GraphQL operations. If any authentication error were thrown, it was not correctly handled by the GraphQL express middleware, and ended responding the request with a JSON parsing error.

* Refactor handleError usage

* Use handleParseErrors middleware to handle invalid session token error

* fix: Status code 400 when session token is invalid

* fix: Undo handleParseErrors middleware change
This commit is contained in:
Douglas Muraoka
2019-07-12 17:58:47 -03:00
committed by Antonio Davi Macedo Coelho de Castro
parent 1c62ab6f49
commit f91034ab8c
4 changed files with 125 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

111
spec/ParseGraphQLServer.spec.js
View File

@@ -3248,8 +3248,8 @@ describe('ParseGraphQLServer', () => {
});
expect(logOut.data.users.logOut).toBeTruthy();
await expectAsync(
apolloClient.query({
try {
await apolloClient.query({
query: gql`
query GetCurrentUser {
users {
@@ -3264,8 +3264,111 @@ describe('ParseGraphQLServer', () => {
'X-Parse-Session-Token': sessionToken,
},
},
})
).toBeRejected();
});
fail('should not retrieve current user due to session token');
} catch (err) {
const { statusCode, result } = err.networkError;
expect(statusCode).toBe(400);
expect(result).toEqual({
code: 209,
error: 'Invalid session token',
});
}
});
});
describe('Session Token', () => {
it('should fail due to invalid session token', async () => {
try {
await apolloClient.query({
query: gql`
query GetCurrentUser {
users {
me {
username
}
}
}
`,
context: {
headers: {
'X-Parse-Session-Token': 'foo',
},
},
});
fail('should not retrieve current user due to session token');
} catch (err) {
const { statusCode, result } = err.networkError;
expect(statusCode).toBe(400);
expect(result).toEqual({
code: 209,
error: 'Invalid session token',
});
}
});
it('should fail due to empty session token', async () => {
try {
await apolloClient.query({
query: gql`
query GetCurrentUser {
users {
me {
username
}
}
}
`,
context: {
headers: {
'X-Parse-Session-Token': '',
},
},
});
fail('should not retrieve current user due to session token');
} catch (err) {
const { graphQLErrors } = err;
expect(graphQLErrors.length).toBe(1);
expect(graphQLErrors[0].message).toBe('Invalid session token');
}
});
it('should find a user and fail due to empty session token', async () => {
const car = new Parse.Object('Car');
await car.save();
await parseGraphQLServer.parseGraphQLSchema.databaseController.schemaCache.clear();
try {
await apolloClient.query({
query: gql`
query GetCurrentUser {
users {
me {
username
}
}
objects {
findCar {
results {
objectId
}
}
}
}
`,
context: {
headers: {
'X-Parse-Session-Token': '',
},
},
});
fail('should not retrieve current user due to session token');
} catch (err) {
const { graphQLErrors } = err;
expect(graphQLErrors.length).toBe(1);
expect(graphQLErrors[0].message).toBe('Invalid session token');
}
});
});

9
src/GraphQL/ParseGraphQLSchema.js
View File

@@ -1,6 +1,5 @@
import Parse from 'parse/node';
import { GraphQLSchema, GraphQLObjectType } from 'graphql';
import { ApolloError } from 'apollo-server-core';
import requiredParameter from '../requiredParameter';
import * as defaultGraphQLTypes from './loaders/defaultGraphQLTypes';
import * as parseClassTypes from './loaders/parseClassTypes';
@@ -8,6 +7,7 @@ import * as parseClassQueries from './loaders/parseClassQueries';
import * as parseClassMutations from './loaders/parseClassMutations';
import * as defaultGraphQLQueries from './loaders/defaultGraphQLQueries';
import * as defaultGraphQLMutations from './loaders/defaultGraphQLMutations';
import { toGraphQLError } from './parseGraphQLUtils';
class ParseGraphQLSchema {
constructor(databaseController, log) {
@@ -100,17 +100,12 @@ class ParseGraphQLSchema {
}
handleError(error) {
let code, message;
if (error instanceof Parse.Error) {
this.log.error('Parse error: ', error);
code = error.code;
message = error.message;
} else {
this.log.error('Uncaught internal server error.', error, error.stack);
code = Parse.Error.INTERNAL_SERVER_ERROR;
message = 'Internal server error.';
}
throw new ApolloError(message, code);
throw toGraphQLError(error);
}
}

3
src/GraphQL/ParseGraphQLServer.js
View File

@@ -5,7 +5,7 @@ import { graphqlExpress } from 'apollo-server-express/dist/expressApollo';
import { renderPlaygroundPage } from '@apollographql/graphql-playground-html';
import { execute, subscribe } from 'graphql';
import { SubscriptionServer } from 'subscriptions-transport-ws';
import { handleParseHeaders } from '../middlewares';
import { handleParseErrors, handleParseHeaders } from '../middlewares';
import requiredParameter from '../requiredParameter';
import defaultLogger from '../logger';
import { ParseGraphQLSchema } from './ParseGraphQLSchema';
@@ -55,6 +55,7 @@ class ParseGraphQLServer {
app.use(this.config.graphQLPath, corsMiddleware());
app.use(this.config.graphQLPath, bodyParser.json());
app.use(this.config.graphQLPath, handleParseHeaders);
app.use(this.config.graphQLPath, handleParseErrors);
app.use(
this.config.graphQLPath,
graphqlExpress(async req => await this._getGraphQLOptions(req))

14
src/GraphQL/parseGraphQLUtils.js Normal file
View File

@@ -0,0 +1,14 @@
import Parse from 'parse/node';
import { ApolloError } from 'apollo-server-core';
export function toGraphQLError(error) {
let code, message;
if (error instanceof Parse.Error) {
code = error.code;
message = error.message;
} else {
code = Parse.Error.INTERNAL_SERVER_ERROR;
message = 'Internal server error';
}
return new ApolloError(message, code);
}