Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Gql can give an 500 Internal Server Error on missing Token permission #4999

Closed
narration-sd opened this issue Sep 26, 2019 · 2 comments
Closed

Gql can give an 500 Internal Server Error on missing Token permission #4999

narration-sd opened this issue Sep 26, 2019 · 2 comments

Comments

@narration-sd
Copy link
Contributor

narration-sd commented Sep 26, 2019
edited
Loading

Description

If no token is provided, only the Public Schema is available, which defaults importantly to no permissions.

This, or missing permissions on a proper token, should normally result in a message like Cannot query field \"entries\" on type \"Query\"., in inimitable GraphQL style.

In Gql, that's what you get for a very simple query. But if the query has a normal inline fragment, you'll instead get 500 - An internal server error occurred..

Whether the normal message should be more informative is another discussion, brought up in another issue, but the 500 etc. shouldn't happen, imagine we can agree.

Steps to reproduce

  1. Have a Gql server with default no-permission Public Schema
  2. query it with { ping } to show it's alive
  3. send a simple query involving abstract Element fields only, like:
query {
    entries {
       id
    }
 }
  1. note that you get the presently expected 'Not authorized'
  2. now send a query which adds the normal kind of inline fragment for any specific Element type:
      query  {
        entries {
          id
          ...on cards_cards_Entry {
            title
          }
        }
      }
  1. note that you get the 500, "An internal server error occurred' error.

Additional info

PHP version 7.2.21
OS version Linux 4.15.0-58-generic
Database driver & version MySQL 5.7.27
Image driver & version Imagick 3.4.4 (ImageMagick 6.9.7-4)
Craft edition & version Craft Pro 3.3.5
Yii version 2.0.21
Twig version 2.11.3
Guzzle version 6.3.3
Imagine version 1.2.3-dev
@andris-sevcenko
Copy link
Contributor

Yeah, ideally the GraphQL library would just catch that when parsing the entries field on query, but for some reason, it wants to analyze the entire query before that. Made it so that either a generic, but informative, message or the exception message is returned, depending on the devMode setting.

@narration-sd
Copy link
Contributor Author

Yes, that seems to work nicely, even gave the correct 403 code, better than some :)

There's still a kind of nearby problem, at least in result, on my quiet Saturday. I'll make another issue as imagine you'd prefer for that. If you were @brandonkelly, anyway 🐟

andris-sevcenko added a commit that referenced this issue Oct 8, 2019
@andris-sevcenko
Fixed #4999
944ba5b
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@narration-sd @andris-sevcenko