Visiting /admin/graphql/types triggers an error

[lekoala]

Affected Version

V4

Description

Visiting /admin/graphql/types triggers an error if not logged in.
This happens from time to time in my logs and is reported as an error when in reality, the request should simply be denied and avoid logging errors.

Suggested fix: return a http response or catching the exception in order to return a http response

Steps to Reproduce

Visit https://www.silverstripe.com/admin/graphql/types and see a server error

[maxime-rainville]

@unclecheese Got any views on this?

[unclecheese]

It shouldn't be locked down. You can configure this to be statically generated, and in v4, it's only statically generated, so to hide this behind auth doesn't seem appropriate. I'd be much more keen to learn what the error is and just resolve that.

[kinglozzer]

GraphQL v3 error

[Emergency] Uncaught Exception: Authentication required
GET /admin/graphql/types
Line 440 in .../vendor/silverstripe/graphql/src/Controller.php

Source
431 
432         // Check authorisation
433         $permissions = $request->param('Permissions');
434         if (!$permissions) {
435             return $member;
436         }
437 
438         // If permissions requested require authentication
439         if (!$member) {
440 *           throw new Exception("Authentication required");
441         }
442 
443         // Check authorisation for this member
444         $allowed = Permission::checkMember($member, $permissions);
445         if (!$allowed) {
446             throw new Exception("Not authorised");
Trace
SilverStripe\GraphQL\Controller->getRequestUser(SilverStripe\Control\HTTPRequest)
Controller.php:326
SilverStripe\GraphQL\Controller->applyManagerContext(SilverStripe\GraphQL\Manager, SilverStripe\Control\HTTPRequest)
Controller.php:163
SilverStripe\GraphQL\Controller->getManager()
IntrospectionProvider.php:25
SilverStripe\GraphQL\Extensions\IntrospectionProvider->types(SilverStripe\Control\HTTPRequest)
call_user_func_array(Array, Array)
Extensible.php:144
SilverStripe\View\ViewableData->SilverStripe\Core\{closure}(SilverStripe\GraphQL\Controller, Array)
CustomMethods.php:61
SilverStripe\View\ViewableData->__call(types, Array)
RequestHandler.php:323
SilverStripe\Control\RequestHandler->handleAction(SilverStripe\Control\HTTPRequest, types)
Controller.php:286
SilverStripe\Control\Controller->handleAction(SilverStripe\Control\HTTPRequest, types)
RequestHandler.php:202
SilverStripe\Control\RequestHandler->handleRequest(SilverStripe\Control\HTTPRequest)
Controller.php:212
SilverStripe\Control\Controller->handleRequest(SilverStripe\Control\HTTPRequest)
Director.php:360
SilverStripe\Control\Director->SilverStripe\Control\{closure}(SilverStripe\Control\HTTPRequest)
VersionedHTTPMiddleware.php:41
SilverStripe\Versioned\VersionedHTTPMiddleware->process(SilverStripe\Control\HTTPRequest, Closure)
HTTPMiddlewareAware.php:62
SilverStripe\Control\Director->SilverStripe\Control\Middleware\{closure}(SilverStripe\Control\HTTPRequest)
ExecMetricMiddleware.php:20
SilverStripe\Control\Middleware\ExecMetricMiddleware->process(SilverStripe\Control\HTTPRequest, Closure)
HTTPMiddlewareAware.php:62
SilverStripe\Control\Director->SilverStripe\Control\Middleware\{closure}(SilverStripe\Control\HTTPRequest)
ConfirmationMiddleware.php:254
SilverStripe\Control\Middleware\ConfirmationMiddleware->process(SilverStripe\Control\HTTPRequest, Closure)
HTTPMiddlewareAware.php:62
SilverStripe\Control\Director->SilverStripe\Control\Middleware\{closure}(SilverStripe\Control\HTTPRequest)
ConfirmationMiddleware.php:254
SilverStripe\Control\Middleware\ConfirmationMiddleware->process(SilverStripe\Control\HTTPRequest, Closure)
HTTPMiddlewareAware.php:62
SilverStripe\Control\Director->SilverStripe\Control\Middleware\{closure}(SilverStripe\Control\HTTPRequest)
PasswordExpirationMiddleware.php:84
SilverStripe\Security\PasswordExpirationMiddleware->process(SilverStripe\Control\HTTPRequest, Closure)
HTTPMiddlewareAware.php:62
SilverStripe\Control\Director->SilverStripe\Control\Middleware\{closure}(SilverStripe\Control\HTTPRequest)
BasicAuthMiddleware.php:68
SilverStripe\Security\BasicAuthMiddleware->process(SilverStripe\Control\HTTPRequest, Closure)
HTTPMiddlewareAware.php:62
SilverStripe\Control\Director->SilverStripe\Control\Middleware\{closure}(SilverStripe\Control\HTTPRequest)
AuthenticationMiddleware.php:61
SilverStripe\Security\AuthenticationMiddleware->process(SilverStripe\Control\HTTPRequest, Closure)
HTTPMiddlewareAware.php:62
SilverStripe\Control\Director->SilverStripe\Control\Middleware\{closure}(SilverStripe\Control\HTTPRequest)
CanonicalURLMiddleware.php:190
SilverStripe\Control\Middleware\CanonicalURLMiddleware->process(SilverStripe\Control\HTTPRequest, Closure)
HTTPMiddlewareAware.php:62
SilverStripe\Control\Director->SilverStripe\Control\Middleware\{closure}(SilverStripe\Control\HTTPRequest)
HTTPCacheControlMiddleware.php:42
SilverStripe\Control\Middleware\HTTPCacheControlMiddleware->process(SilverStripe\Control\HTTPRequest, Closure)
HTTPMiddlewareAware.php:62
SilverStripe\Control\Director->SilverStripe\Control\Middleware\{closure}(SilverStripe\Control\HTTPRequest)
ChangeDetectionMiddleware.php:28
SilverStripe\Control\Middleware\ChangeDetectionMiddleware->process(SilverStripe\Control\HTTPRequest, Closure)
HTTPMiddlewareAware.php:62
SilverStripe\Control\Director->SilverStripe\Control\Middleware\{closure}(SilverStripe\Control\HTTPRequest)
FlushMiddleware.php:27
SilverStripe\Control\Middleware\FlushMiddleware->process(SilverStripe\Control\HTTPRequest, Closure)
HTTPMiddlewareAware.php:62
SilverStripe\Control\Director->SilverStripe\Control\Middleware\{closure}(SilverStripe\Control\HTTPRequest)
RequestProcessor.php:66
SilverStripe\Control\RequestProcessor->process(SilverStripe\Control\HTTPRequest, Closure)
HTTPMiddlewareAware.php:62
SilverStripe\Control\Director->SilverStripe\Control\Middleware\{closure}(SilverStripe\Control\HTTPRequest)
SessionMiddleware.php:20
SilverStripe\Control\Middleware\SessionMiddleware->process(SilverStripe\Control\HTTPRequest, Closure)
HTTPMiddlewareAware.php:62
SilverStripe\Control\Director->SilverStripe\Control\Middleware\{closure}(SilverStripe\Control\HTTPRequest)
AllowedHostsMiddleware.php:60
SilverStripe\Control\Middleware\AllowedHostsMiddleware->process(SilverStripe\Control\HTTPRequest, Closure)
HTTPMiddlewareAware.php:62
SilverStripe\Control\Director->SilverStripe\Control\Middleware\{closure}(SilverStripe\Control\HTTPRequest)
TrustedProxyMiddleware.php:176
SilverStripe\Control\Middleware\TrustedProxyMiddleware->process(SilverStripe\Control\HTTPRequest, Closure)
HTTPMiddlewareAware.php:62
SilverStripe\Control\Director->SilverStripe\Control\Middleware\{closure}(SilverStripe\Control\HTTPRequest)
GoogleTagManagerMiddleware.php:18
Bigfork\SilverStripeGoogleTagManager\Control\GoogleTagManagerMiddleware->process(SilverStripe\Control\HTTPRequest, Closure)
HTTPMiddlewareAware.php:62
SilverStripe\Control\Director->SilverStripe\Control\Middleware\{closure}(SilverStripe\Control\HTTPRequest)
HTTPMiddlewareAware.php:65
SilverStripe\Control\Director->callMiddleware(SilverStripe\Control\HTTPRequest, Closure)
Director.php:369
SilverStripe\Control\Director->handleRequest(SilverStripe\Control\HTTPRequest)
HTTPApplication.php:117
SilverStripe\Control\HTTPApplication::SilverStripe\Control\{closure}(SilverStripe\Control\HTTPRequest)
call_user_func(Closure, SilverStripe\Control\HTTPRequest)
HTTPApplication.php:136
SilverStripe\Control\HTTPApplication->SilverStripe\Control\{closure}(SilverStripe\Control\HTTPRequest)
call_user_func(Closure, SilverStripe\Control\HTTPRequest)
ErrorControlChainMiddleware.php:67
SilverStripe\Core\Startup\ErrorControlChainMiddleware->process(SilverStripe\Control\HTTPRequest, Closure)
HTTPMiddlewareAware.php:62
SilverStripe\Control\HTTPApplication->SilverStripe\Control\Middleware\{closure}(SilverStripe\Control\HTTPRequest)
HTTPMiddlewareAware.php:65
SilverStripe\Control\HTTPApplication->callMiddleware(SilverStripe\Control\HTTPRequest, Closure)
HTTPApplication.php:137
SilverStripe\Control\HTTPApplication->execute(SilverStripe\Control\HTTPRequest, Closure, )
HTTPApplication.php:116
SilverStripe\Control\HTTPApplication->handle(SilverStripe\Control\HTTPRequest)
index.php:26

GraphQL v4 seems to 404 as expected

[lekoala]

@kinglozzer how to use graphql v4 ? anyway, I think it deserves a fix as basically all ss4 installations have this issue. In my case i think it's bots visiting that url and i can easily imagine how bad it can become if someone decide to send lots of requests to an url that triggers errors.

[lerni]

@lekoala is this what you're looking for? https://docs.silverstripe.org/en/4/changelogs/4.8.0/#start-using-silverstripe-graphql-v4-today

[lekoala]

@lerni thanks ! not sure it's recommended yet since its in alpha stage if I read correctly ?
anyway, seems easy enough to fix , even a simple try catch would do the job in the IntrospectionProvider. I'm happy to do the PR if that solution works for the team

[lerni]

@lekoala may you join #graphql on #slack?
I think it's not that far from stable but cos of semantic versioning they hesitate to call the API stable. Ingo said "The best way to progress this module to stable is early adopters putting it through its paces, giving us feedback, and helping us improve the state of the module."
https://silverstripe-users.slack.com/archives/C39NVTQNQ/p1619692997080200?thread_ts=1618923965.078000&cid=C39NVTQNQ

[lekoala]

@lerni i'll give the new module a try on a less critical project ;-) i'm not a regular user of slack so i might drop by on the channel but probably not the best way to have a good follow up on this

[lekoala]

ahah so i got tired of these errors pilling up in my logs and made a PR