Only allow explicit subscriptions via allow_subscriptions=True

Author: syrusakbary

graphql/__init__.py

@@ -120,6 +120,7 @@
 # Execute GraphQL queries.
 from .execution import (  # no import order
     execute,
+    subscribe,
     ResolveInfo,
     MiddlewareManager,
     middlewares
@@ -254,6 +255,7 @@
     'print_ast',
     'visit',
     'execute',
+    'subscribe',
     'ResolveInfo',
     'MiddlewareManager',
     'middlewares',

graphql/execution/__init__.py

@@ -18,13 +18,14 @@
 2) fragment "spreads" e.g. "...c"
 3) inline fragment "spreads" e.g. "...on Type { a }"
 """
-from .executor import execute
+from .executor import execute, subscribe
 from .base import ExecutionResult, ResolveInfo
 from .middleware import middlewares, MiddlewareManager
 
 
 __all__ = [
     'execute',
+    'subscribe',
     'ExecutionResult',
     'ResolveInfo',
     'MiddlewareManager',

graphql/execution/base.py

@@ -19,9 +19,9 @@ class ExecutionContext(object):
     and the fragments defined in the query document"""
 
     __slots__ = 'schema', 'fragments', 'root_value', 'operation', 'variable_values', 'errors', 'context_value', \
-                'argument_values_cache', 'executor', 'middleware', '_subfields_cache'
+                'argument_values_cache', 'executor', 'middleware', 'allow_subscriptions', '_subfields_cache'
 
-    def __init__(self, schema, document_ast, root_value, context_value, variable_values, operation_name, executor, middleware):
+    def __init__(self, schema, document_ast, root_value, context_value, variable_values, operation_name, executor, middleware, allow_subscriptions):
         """Constructs a ExecutionContext object from the arguments passed
         to execute, which we will pass throughout the other execution
         methods."""
@@ -69,6 +69,7 @@ def __init__(self, schema, document_ast, root_value, context_value, variable_val
         self.argument_values_cache = {}
         self.executor = executor
         self.middleware = middleware
+        self.allow_subscriptions = allow_subscriptions
         self._subfields_cache = {}
 
     def get_field_resolver(self, field_resolver):

graphql/execution/executor.py

@@ -23,9 +23,14 @@
 logger = logging.getLogger(__name__)
 
 
+def subscribe(*args, **kwargs):
+    allow_subscriptions = kwargs.pop('allow_subscriptions', True)
+    return execute(*args, allow_subscriptions=allow_subscriptions, **kwargs)
+
+
 def execute(schema, document_ast, root_value=None, context_value=None,
             variable_values=None, operation_name=None, executor=None,
-            return_promise=False, middleware=None):
+            return_promise=False, middleware=None, allow_subscriptions=False):
     assert schema, 'Must provide schema'
     assert isinstance(schema, GraphQLSchema), (
         'Schema must be an instance of GraphQLSchema. Also ensure that there are ' +
@@ -51,7 +56,8 @@ def execute(schema, document_ast, root_value=None, context_value=None,
         variable_values,
         operation_name,
         executor,
-        middleware
+        middleware,
+        allow_subscriptions
     )
 
     def executor(v):
@@ -93,6 +99,12 @@ def execute_operation(exe_context, operation, root_value):
         return execute_fields_serially(exe_context, type, root_value, fields)
 
     if operation.operation == 'subscription':
+        if not exe_context.allow_subscriptions:
+            raise Exception(
+                "Subscriptions are not allowed. "
+                "You will need to either use the subscribe function "
+                "or pass allow_subscriptions=True"
+            )
         return subscribe_fields(exe_context, type, root_value, fields)
 
     return execute_fields(exe_context, type, root_value, fields)

graphql/execution/tests/test_executor.py

@@ -395,7 +395,7 @@ class Data(object):
         'a': GraphQLField(GraphQLString, resolver=lambda root, info: Observable.from_(['b']))
     })
     result = execute(GraphQLSchema(Q, subscription=S),
-                     ast, Data(), operation_name='S')
+                     ast, Data(), operation_name='S', allow_subscriptions=True)
     assert isinstance(result, Observable)
     l = []
     result.subscribe(l.append)

graphql/execution/tests/test_subscribe.py

@@ -1,7 +1,7 @@
 from collections import OrderedDict, namedtuple
 from rx import Observable, Observer
 from rx.subjects import Subject
-from graphql import parse, GraphQLObjectType, GraphQLString, GraphQLBoolean, GraphQLInt, GraphQLField, GraphQLList, GraphQLSchema, graphql, execute
+from graphql import parse, GraphQLObjectType, GraphQLString, GraphQLBoolean, GraphQLInt, GraphQLField, GraphQLList, GraphQLSchema, graphql, subscribe
 
 Email = namedtuple('Email', 'from_,subject,message,unread')
 
@@ -126,7 +126,8 @@ def send_important_email(new_email):
         ast or default_ast,
         Root,
         None,
-        vars
+        vars,
+        allow_subscriptions=True,
     )
 
 
@@ -136,7 +137,7 @@ def test_accepts_an_object_with_named_properties_as_arguments():
         importantEmail
       }
   ''')
-    result = execute(
+    result = subscribe(
         email_schema,
         document,
         root_value=None
@@ -231,7 +232,7 @@ def thrower(root, info):
         raise exc
 
     erroring_email_schema = email_schema_with_resolvers(thrower)
-    result = execute(erroring_email_schema, parse('''
+    result = subscribe(erroring_email_schema, parse('''
         subscription {
           importantEmail
         }
@@ -389,5 +390,6 @@ def test_event_order_is_correct_for_multiple_publishes():
     }
 
     assert len(payload) == 2
+    print(payload)
     assert payload[0].data == expected_payload1
     assert payload[1].data == expected_payload2

graphql/graphql.py

@@ -40,7 +40,7 @@ def graphql(*args, **kwargs):
 
 def execute_graphql(schema, request_string='', root_value=None, context_value=None,
                     variable_values=None, operation_name=None, executor=None,
-                    return_promise=False, middleware=None):
+                    return_promise=False, middleware=None, allow_subscriptions=False):
     try:
         if isinstance(request_string, Document):
             ast = request_string
@@ -62,7 +62,8 @@ def execute_graphql(schema, request_string='', root_value=None, context_value=No
             variable_values=variable_values or {},
             executor=executor,
             middleware=middleware,
-            return_promise=return_promise
+            return_promise=return_promise,
+            allow_subscriptions=allow_subscriptions,
         )
     except Exception as e:
         return ExecutionResult(

graphql/type/tests/test_enum_type.py

@@ -151,7 +151,7 @@ def test_accepts_enum_literals_as_input_arguments_to_mutations():
 def test_accepts_enum_literals_as_input_arguments_to_subscriptions():
     result = graphql(
         Schema, 'subscription x($color: Color!) { subscribeToEnum(color: $color) }', variable_values={
-            'color': 'GREEN'})
+            'color': 'GREEN'}, allow_subscriptions=True)
     assert isinstance(result, Observable)
     l = []
     result.subscribe(l.append)