NRT (#181)

Author: sungam3r

src/BasicSample/Program.cs

@@ -14,7 +14,6 @@ namespace BasicSample
 {
     internal class Program
     {
-        [System.Diagnostics.CodeAnalysis.SuppressMessage("Style", "IDE1006:Naming Styles", Justification = "main")]
         private static async Task Main()
         {
             using var serviceProvider = new ServiceCollection()
@@ -61,10 +60,10 @@ type Query {
     /// <summary>
     /// Custom context class that implements <see cref="IProvideClaimsPrincipal"/>.
     /// </summary>
-    public class GraphQLUserContext : Dictionary<string, object>, IProvideClaimsPrincipal
+    public class GraphQLUserContext : Dictionary<string, object?>, IProvideClaimsPrincipal
     {
         /// <inheritdoc />
-        public ClaimsPrincipal User { get; set; }
+        public ClaimsPrincipal? User { get; set; }
     }
 
     /// <summary>
@@ -92,11 +91,11 @@ public class User
         /// <summary>
         /// Resolver for 'User.id' field. Just a simple property.
         /// </summary>
-        public string Id { get; set; }
+        public string? Id { get; set; }
 
         /// <summary>
         /// Resolver for 'User.name' field. Just a simple property.
         /// </summary>
-        public string Name { get; set; }
+        public string? Name { get; set; }
     }
 }

src/Directory.Build.props

@@ -16,6 +16,7 @@
     <DebugType>embedded</DebugType>
     <EmbedUntrackedSources>true</EmbedUntrackedSources>
     <EnableNETAnalyzers>true</EnableNETAnalyzers>
+    <Nullable>enable</Nullable>
   </PropertyGroup>
 
   <ItemGroup>

src/GraphQL.Authorization.ApiTests/GraphQL.Authorization.approved.txt

@@ -10,15 +10,15 @@ namespace GraphQL.Authorization
         public AuthorizationContext() { }
         public System.Collections.Generic.IEnumerable<string> Errors { get; }
         public bool HasErrors { get; }
-        public System.Collections.Generic.IReadOnlyDictionary<string, object> Inputs { get; set; }
-        public System.Security.Claims.ClaimsPrincipal User { get; set; }
-        public System.Collections.Generic.IDictionary<string, object> UserContext { get; set; }
+        public System.Collections.Generic.IReadOnlyDictionary<string, object>? Inputs { get; set; }
+        public System.Security.Claims.ClaimsPrincipal? User { get; set; }
+        public System.Collections.Generic.IDictionary<string, object?>? UserContext { get; set; }
         public void ReportError(string error) { }
     }
     public class AuthorizationEvaluator : GraphQL.Authorization.IAuthorizationEvaluator
     {
         public AuthorizationEvaluator(GraphQL.Authorization.AuthorizationSettings settings) { }
-        public System.Threading.Tasks.Task<GraphQL.Authorization.AuthorizationResult> Evaluate(System.Security.Claims.ClaimsPrincipal principal, System.Collections.Generic.IDictionary<string, object> userContext, System.Collections.Generic.IReadOnlyDictionary<string, object> inputs, System.Collections.Generic.IEnumerable<string> requiredPolicies) { }
+        public System.Threading.Tasks.Task<GraphQL.Authorization.AuthorizationResult> Evaluate(System.Security.Claims.ClaimsPrincipal? principal, System.Collections.Generic.IDictionary<string, object?>? userContext, System.Collections.Generic.IReadOnlyDictionary<string, object>? inputs, System.Collections.Generic.IEnumerable<string>? requiredPolicies) { }
     }
     public class AuthorizationPolicy : GraphQL.Authorization.IAuthorizationPolicy
     {
@@ -33,12 +33,12 @@ namespace GraphQL.Authorization
         public GraphQL.Authorization.AuthorizationPolicyBuilder RequireAuthenticatedUser() { }
         public GraphQL.Authorization.AuthorizationPolicyBuilder RequireClaim(string claimType) { }
         public GraphQL.Authorization.AuthorizationPolicyBuilder RequireClaim(string claimType, params string[] allowedValues) { }
-        public GraphQL.Authorization.AuthorizationPolicyBuilder RequireClaim(string claimType, System.Collections.Generic.IEnumerable<string> allowedValues, System.Collections.Generic.IEnumerable<string> displayValues) { }
+        public GraphQL.Authorization.AuthorizationPolicyBuilder RequireClaim(string claimType, System.Collections.Generic.IEnumerable<string>? allowedValues, System.Collections.Generic.IEnumerable<string>? displayValues) { }
     }
     public class AuthorizationResult
     {
         public AuthorizationResult() { }
-        public System.Collections.Generic.IEnumerable<string> Errors { get; }
+        public System.Collections.Generic.IEnumerable<string>? Errors { get; }
         public bool Succeeded { get; }
         public static GraphQL.Authorization.AuthorizationResult Fail(System.Collections.Generic.IEnumerable<string> errors) { }
         public static GraphQL.Authorization.AuthorizationResult Success() { }
@@ -50,27 +50,27 @@ namespace GraphQL.Authorization
         public void AddPolicy(string name, GraphQL.Authorization.IAuthorizationPolicy policy) { }
         public void AddPolicy(string name, System.Action<GraphQL.Authorization.AuthorizationPolicyBuilder> configure) { }
         public System.Collections.Generic.IEnumerable<GraphQL.Authorization.IAuthorizationPolicy> GetPolicies(System.Collections.Generic.IEnumerable<string> policies) { }
-        public GraphQL.Authorization.IAuthorizationPolicy GetPolicy(string name) { }
+        public GraphQL.Authorization.IAuthorizationPolicy? GetPolicy(string name) { }
     }
     public class AuthorizationValidationRule : GraphQL.Validation.IValidationRule
     {
         public AuthorizationValidationRule(GraphQL.Authorization.IAuthorizationEvaluator evaluator) { }
-        public System.Threading.Tasks.ValueTask<GraphQL.Validation.INodeVisitor> ValidateAsync(GraphQL.Validation.ValidationContext context) { }
+        public System.Threading.Tasks.ValueTask<GraphQL.Validation.INodeVisitor?> ValidateAsync(GraphQL.Validation.ValidationContext context) { }
     }
     public class ClaimAuthorizationRequirement : GraphQL.Authorization.IAuthorizationRequirement
     {
         public ClaimAuthorizationRequirement(string claimType) { }
         public ClaimAuthorizationRequirement(string claimType, System.Collections.Generic.IEnumerable<string> allowedValues) { }
         public ClaimAuthorizationRequirement(string claimType, params string[] allowedValues) { }
-        public ClaimAuthorizationRequirement(string claimType, System.Collections.Generic.IEnumerable<string> allowedValues, System.Collections.Generic.IEnumerable<string> displayValues) { }
+        public ClaimAuthorizationRequirement(string claimType, System.Collections.Generic.IEnumerable<string>? allowedValues, System.Collections.Generic.IEnumerable<string>? displayValues) { }
         public System.Collections.Generic.IEnumerable<string> AllowedValues { get; }
         public string ClaimType { get; }
-        public System.Collections.Generic.IEnumerable<string> DisplayValues { get; }
+        public System.Collections.Generic.IEnumerable<string>? DisplayValues { get; }
         public System.Threading.Tasks.Task Authorize(GraphQL.Authorization.AuthorizationContext context) { }
     }
     public interface IAuthorizationEvaluator
     {
-        System.Threading.Tasks.Task<GraphQL.Authorization.AuthorizationResult> Evaluate(System.Security.Claims.ClaimsPrincipal principal, System.Collections.Generic.IDictionary<string, object> userContext, System.Collections.Generic.IReadOnlyDictionary<string, object> inputs, System.Collections.Generic.IEnumerable<string> requiredPolicies);
+        System.Threading.Tasks.Task<GraphQL.Authorization.AuthorizationResult> Evaluate(System.Security.Claims.ClaimsPrincipal? principal, System.Collections.Generic.IDictionary<string, object?>? userContext, System.Collections.Generic.IReadOnlyDictionary<string, object>? inputs, System.Collections.Generic.IEnumerable<string>? requiredPolicies);
     }
     public interface IAuthorizationPolicy
     {
@@ -82,6 +82,6 @@ namespace GraphQL.Authorization
     }
     public interface IProvideClaimsPrincipal
     {
-        System.Security.Claims.ClaimsPrincipal User { get; }
+        System.Security.Claims.ClaimsPrincipal? User { get; }
     }
 }

src/GraphQL.Authorization.Tests/AuthorizationSchemaBuilderTests.cs

@@ -20,13 +20,13 @@ type Query {
 
             schema.Initialize();
 
-            var query = schema.AllTypes["Query"] as IObjectGraphType;
+            var query = (IObjectGraphType)schema.AllTypes["Query"]!;
             query.RequiresAuthorization().ShouldBeTrue();
-            query.GetPolicies().Single().ShouldBe("ClassPolicy");
+            query.GetPolicies()!.Single().ShouldBe("ClassPolicy");
 
             var field = query.Fields.Single(x => x.Name == "post");
             field.RequiresAuthorization().ShouldBeTrue();
-            field.GetPolicies().Single().ShouldBe("FieldPolicy");
+            field.GetPolicies()!.Single().ShouldBe("FieldPolicy");
         }
 
         [GraphQLMetadata("Query")]

src/GraphQL.Authorization.Tests/AuthorizationValidationRuleTests.cs

@@ -2,6 +2,7 @@
 using System.Linq;
 using GraphQL.Types;
 using GraphQL.Types.Relay.DataObjects;
+using Shouldly;
 using Xunit;
 
 namespace GraphQL.Authorization.Tests
@@ -246,6 +247,30 @@ public void passes_with_claim_on_variable_type()
             });
         }
 
+        [Fact]
+        public void passes_with_claim_on_variable_type_without_inputs_but_fails_later_either()
+        {
+            Settings.AddPolicy("FieldPolicy", builder => builder.RequireClaim("admin"));
+
+            ShouldFailRule(config =>
+            {
+                config.ValidateResult = result =>
+                {
+                    // no auth error on null inputs, only INVALID_VALUE
+                    result.Errors.Count.ShouldBe(1);
+                    result.Errors[0].Code.ShouldBe("INVALID_VALUE");
+                    result.Errors[0].Message.ShouldBe("Variable '$input' is invalid. No value provided for a non-null variable.");
+                };
+                config.Query = @"query Author($input: AuthorInputType!) { author(input: $input) }";
+                config.Schema = TypedSchema();
+                config.Inputs = null;
+                config.User = CreatePrincipal(claims: new Dictionary<string, string>
+                {
+                    { "Admin", "true" }
+                });
+            });
+        }
+
         [Fact]
         public void fails_on_missing_claim_on_variable_type()
         {
@@ -340,19 +365,19 @@ type Post {
         public class NestedQueryWithAttributes
         {
             [System.Diagnostics.CodeAnalysis.SuppressMessage("Style", "IDE0060:Remove unused parameter", Justification = "test")]
-            public Post Post(string id) => null;
+            public Post? Post(string id) => null;
 
-            public IEnumerable<Post> Posts() => null;
+            public IEnumerable<Post>? Posts() => null;
 
-            public IEnumerable<Post> PostsNonNull() => null;
+            public IEnumerable<Post>? PostsNonNull() => null;
 
-            public string Comment() => null;
+            public string? Comment() => null;
         }
 
         [GraphQLAuthorize("PostPolicy")]
         public class Post
         {
-            public string Id { get; set; }
+            public string? Id { get; set; }
         }
 
         public class PostGraphType : ObjectGraphType<Post>
@@ -365,11 +390,11 @@ public PostGraphType()
 
         public class Article
         {
-            public string Id { get; set; }
+            public string? Id { get; set; }
 
-            public string Author { get; set; }
+            public string? Author { get; set; }
 
-            public string Content { get; set; }
+            public string? Content { get; set; }
         }
 
         public class ArticleGraphType : ObjectGraphType<Article>
@@ -384,7 +409,7 @@ public ArticleGraphType()
 
         public class Author
         {
-            public string Name { get; set; }
+            public string? Name { get; set; }
         }
 
         private static ISchema TypedSchema()

src/GraphQL.Authorization.Tests/GraphQLUserContext.cs

@@ -3,8 +3,8 @@
 
 namespace GraphQL.Authorization.Tests
 {
-    internal class GraphQLUserContext : Dictionary<string, object>, IProvideClaimsPrincipal
+    internal class GraphQLUserContext : Dictionary<string, object?>, IProvideClaimsPrincipal
     {
-        public ClaimsPrincipal User { get; set; }
+        public ClaimsPrincipal? User { get; set; }
     }
 }

src/GraphQL.Authorization.Tests/ValidationTestBase.cs

@@ -66,7 +66,7 @@ private static IValidationResult Validate(ValidationTestConfig config)
             return validator.ValidateAsync(config.Schema, document, document.Operations.First().Variables, config.Rules, userContext, config.Inputs, config.OperationName).GetAwaiter().GetResult().validationResult;
         }
 
-        internal static ClaimsPrincipal CreatePrincipal(string authenticationType = null, IDictionary<string, string> claims = null)
+        internal static ClaimsPrincipal CreatePrincipal(string? authenticationType = null, IDictionary<string, string>? claims = null)
         {
             var claimsList = new List<Claim>();
 

src/GraphQL.Authorization.Tests/ValidationTestConfig.cs

@@ -8,17 +8,17 @@ namespace GraphQL.Authorization.Tests
 {
     public class ValidationTestConfig
     {
-        public string OperationName { get; set; }
+        public string OperationName { get; set; } = null!;
 
-        public string Query { get; set; }
+        public string Query { get; set; } = null!;
 
-        public ISchema Schema { get; set; }
+        public ISchema Schema { get; set; } = null!;
 
         public List<IValidationRule> Rules { get; set; } = new List<IValidationRule>();
 
-        public ClaimsPrincipal User { get; set; }
+        public ClaimsPrincipal? User { get; set; }
 
-        public Inputs Inputs { get; set; }
+        public Inputs? Inputs { get; set; }
 
         public Action<IValidationResult> ValidateResult = _ => { };
     }

src/GraphQL.Authorization/AuthorizationContext.cs

@@ -9,22 +9,22 @@ namespace GraphQL.Authorization
     /// </summary>
     public class AuthorizationContext
     {
-        private List<string> _errors;
+        private List<string>? _errors;
 
         /// <summary>
         /// Current user.
         /// </summary>
-        public ClaimsPrincipal User { get; set; }
+        public ClaimsPrincipal? User { get; set; }
 
         /// <summary>
         /// Arbitrary user defined context represented as dictionary.
         /// </summary>
-        public IDictionary<string, object> UserContext { get; set; }
+        public IDictionary<string, object?>? UserContext { get; set; }
 
         /// <summary>
         /// Represents a readonly dictionary of variable inputs to an executed document.
         /// </summary>
-        public IReadOnlyDictionary<string, object> Inputs { get; set; }
+        public IReadOnlyDictionary<string, object>? Inputs { get; set; }
 
         /// <summary>
         /// Returns a set of authorization errors.

src/GraphQL.Authorization/AuthorizationEvaluator.cs

@@ -22,10 +22,10 @@ public AuthorizationEvaluator(AuthorizationSettings settings)
 
         /// <inheritdoc />
         public async Task<AuthorizationResult> Evaluate(
-            ClaimsPrincipal principal,
-            IDictionary<string, object> userContext,
-            IReadOnlyDictionary<string, object> inputs,
-            IEnumerable<string> requiredPolicies)
+            ClaimsPrincipal? principal,
+            IDictionary<string, object?>? userContext,
+            IReadOnlyDictionary<string, object>? inputs,
+            IEnumerable<string>? requiredPolicies)
         {
             if (requiredPolicies == null)
                 return AuthorizationResult.Success();