Merge branch 'ACP2E-3467' of https://github.com/adobe-commerce-tier-4/magento2ce into PR-VK-2024-12-17-CE

vkolesny · vkolesny · commit 7b651ed68843 · 2024-12-24T18:38:28.000-06:00
diff --git a/app/code/Magento/GraphQl/Controller/GraphQl.php b/app/code/Magento/GraphQl/Controller/GraphQl.php
@@ -1,14 +1,14 @@
 <?php
-
 /**
- * Copyright © Magento, Inc. All rights reserved.
- * See COPYING.txt for license details.
+ * Copyright 2017 Adobe
+ * All Rights Reserved.
  */
-
 declare(strict_types=1);
 
 namespace Magento\GraphQl\Controller;
 
+use GraphQL\Error\FormattedError;
+use GraphQL\Error\SyntaxError;
 use Magento\Framework\App\Area;
 use Magento\Framework\App\AreaList;
 use Magento\Framework\App\FrontControllerInterface;
@@ -19,6 +19,7 @@
 use Magento\Framework\App\ResponseInterface;
 use Magento\Framework\Controller\Result\JsonFactory;
 use Magento\Framework\GraphQl\Exception\ExceptionFormatter;
+use Magento\Framework\GraphQl\Exception\GraphQlInputException;
 use Magento\Framework\GraphQl\Query\Fields as QueryFields;
 use Magento\Framework\GraphQl\Query\QueryParser;
 use Magento\Framework\GraphQl\Query\QueryProcessor;
@@ -183,36 +184,49 @@ public function dispatch(RequestInterface $request): ResponseInterface
 
         $statusCode = 200;
         $jsonResult = $this->jsonFactory->create();
-        $data = $this->getDataFromRequest($request);
-        $result = [];
-
+        $data = [];
+        $result = null;
         $schema = null;
-        $query = $data['query'] ?? '';
+        $query = '';
+
         try {
+            $data = $this->getDataFromRequest($request);
+            $query = $data['query'] ?? '';
+
             /** @var Http $request */
             $this->requestProcessor->validateRequest($request);
-            $parsedQuery = $this->queryParser->parse($query);
-            $data['parsedQuery'] = $parsedQuery;
-
-            // We must extract queried field names to avoid instantiation of unnecessary fields in webonyx schema
-            // Temporal coupling is required for performance optimization
-            $this->queryFields->setQuery($parsedQuery, $data['variables'] ?? null);
-            $schema = $this->schemaGenerator->generate();
-
-            $result = $this->queryProcessor->process(
-                $schema,
-                $parsedQuery,
-                $this->contextFactory->create(),
-                $data['variables'] ?? []
-            );
+            if ($request->isGet() || $request->isPost()) {
+                $parsedQuery = $this->queryParser->parse($query);
+                $data['parsedQuery'] = $parsedQuery;
+
+                // We must extract queried field names to avoid instantiation of unnecessary fields in webonyx schema
+                // Temporal coupling is required for performance optimization
+                $this->queryFields->setQuery($parsedQuery, $data['variables'] ?? null);
+                $schema = $this->schemaGenerator->generate();
+
+                $result = $this->queryProcessor->process(
+                    $schema,
+                    $parsedQuery,
+                    $this->contextFactory->create(),
+                    $data['variables'] ?? []
+                );
+            }
+        } catch (SyntaxError|GraphQlInputException $error) {
+            $result = [
+                'errors' => [FormattedError::createFromException($error)],
+            ];
+            $statusCode = 400;
         } catch (\Exception $error) {
-            $result['errors'] = isset($result['errors']) ? $result['errors'] : [];
-            $result['errors'][] = $this->graphQlError->create($error);
+            $result = [
+                'errors' => [$this->graphQlError->create($error)],
+            ];
             $statusCode = ExceptionFormatter::HTTP_GRAPH_QL_SCHEMA_ERROR_STATUS;
         }
 
         $jsonResult->setHttpResponseCode($statusCode);
-        $jsonResult->setData($result);
+        if ($result !== null) {
+            $jsonResult->setData($result);
+        }
         $jsonResult->renderResult($this->httpResponse);
 
         // log information about the query, unless it is an introspection query
@@ -229,20 +243,25 @@ public function dispatch(RequestInterface $request): ResponseInterface
      *
      * @param RequestInterface $request
      * @return array
+     * @throws GraphQlInputException
      */
     private function getDataFromRequest(RequestInterface $request): array
     {
-        /** @var Http $request */
-        if ($request->isPost()) {
-            $data = $this->jsonSerializer->unserialize($request->getContent());
-        } elseif ($request->isGet()) {
-            $data = $request->getParams();
-            $data['variables'] = isset($data['variables']) ?
-                $this->jsonSerializer->unserialize($data['variables']) : null;
-            $data['variables'] = is_array($data['variables']) ?
-                $data['variables'] : null;
-        } else {
-            return [];
+        try {
+            /** @var Http $request */
+            if ($request->isPost()) {
+                $data = $request->getContent() ? $this->jsonSerializer->unserialize($request->getContent()) : [];
+            } elseif ($request->isGet()) {
+                $data = $request->getParams();
+                $data['variables'] = isset($data['variables']) ?
+                    $this->jsonSerializer->unserialize($data['variables']) : null;
+                $data['variables'] = is_array($data['variables']) ?
+                    $data['variables'] : null;
+            } else {
+                $data = [];
+            }
+        } catch (\InvalidArgumentException $e) {
+            throw new GraphQlInputException(__('Unable to parse the request.'), $e);
         }
 
         return $data;
diff --git a/dev/tests/integration/testsuite/Magento/GraphQl/Controller/GraphQlControllerTest.php b/dev/tests/integration/testsuite/Magento/GraphQl/Controller/GraphQlControllerTest.php
@@ -1,7 +1,7 @@
 <?php
 /**
- * Copyright © Magento, Inc. All rights reserved.
- * See COPYING.txt for license details.
+ * Copyright 2018 Adobe
+ * All Rights Reserved.
  */
 declare(strict_types=1);
 
@@ -24,8 +24,6 @@
  */
 class GraphQlControllerTest extends \Magento\TestFramework\Indexer\TestCase
 {
-    const CONTENT_TYPE = 'application/json';
-
     /** @var \Magento\Framework\ObjectManagerInterface */
     private $objectManager;
 
@@ -175,7 +173,7 @@ public function testDispatchGetWithParameterizedVariables() : void
             id
             name
             sku
-        }  
+        }
     }
 }
 QUERY;
@@ -223,12 +221,12 @@ public function testError() : void
     }
   ])
     {
-      items{        
+      items{
       attribute_code
       attribute_type
       entity_type
-    }      
-    }  
+    }
+    }
   }
 QUERY;
 
@@ -265,4 +263,119 @@ public function testError() : void
             }
         }
     }
+
+    public function testDispatchOptions(): void
+    {
+        $this->request->setPathInfo('/graphql');
+        $this->request->setMethod('OPTIONS');
+        $response = $this->graphql->dispatch($this->request);
+        self::assertEquals(200, $response->getStatusCode());
+        self::assertEmpty($response->getContent());
+    }
+
+    public function testDispatchGetWithoutQuery(): void
+    {
+        $this->request->setPathInfo('/graphql');
+        $this->request->setMethod('GET');
+        $response = $this->graphql->dispatch($this->request);
+        self::assertEquals(400, $response->getStatusCode());
+        $output = $this->jsonSerializer->unserialize($response->getContent());
+        self::assertArrayHasKey('errors', $output);
+        self::assertNotEmpty($output['errors']);
+        self::assertArrayHasKey('message', $output['errors'][0]);
+        self::assertStringStartsWith('Syntax Error:', $output['errors'][0]['message']);
+    }
+
+    public function testDispatchGetWithInvalidQuery(): void
+    {
+        $query = <<<QUERY
+{
+    products(filter: {sku: {eq: "simple1"}
+}
+QUERY;
+
+        $this->request->setPathInfo('/graphql');
+        $this->request->setMethod('GET');
+        $this->request->setQueryValue('query', $query);
+        $response = $this->graphql->dispatch($this->request);
+        self::assertEquals(400, $response->getStatusCode());
+        $output = $this->jsonSerializer->unserialize($response->getContent());
+        self::assertArrayHasKey('errors', $output);
+        self::assertNotEmpty($output['errors']);
+        self::assertArrayHasKey('message', $output['errors'][0]);
+        self::assertStringStartsWith('Syntax Error:', $output['errors'][0]['message']);
+    }
+
+    public function testDispatchPostWithoutQuery(): void
+    {
+        $this->request->setPathInfo('/graphql');
+        $this->request->setMethod('POST');
+        $headers = $this->objectManager->create(\Laminas\Http\Headers::class)
+            ->addHeaders(['Content-Type' => 'application/json']);
+        $this->request->setHeaders($headers);
+        $response = $this->graphql->dispatch($this->request);
+        self::assertEquals(400, $response->getStatusCode());
+        $output = $this->jsonSerializer->unserialize($response->getContent());
+        self::assertArrayHasKey('errors', $output);
+        self::assertNotEmpty($output['errors']);
+        self::assertArrayHasKey('message', $output['errors'][0]);
+        self::assertStringStartsWith('Syntax Error:', $output['errors'][0]['message']);
+    }
+
+    public function testDispatchPostWithInvalidJson(): void
+    {
+        $query = <<<QUERY
+{
+    products(filter: {sku: {eq: "simple1"}}) {
+        items {
+            id
+            name
+            sku
+        }
+    }
+}
+QUERY;
+        $postData = ['query' => $query];
+
+        $this->request->setPathInfo('/graphql');
+        $this->request->setMethod('POST');
+        $this->request->setContent(http_build_query($postData));
+        $headers = $this->objectManager->create(\Laminas\Http\Headers::class)
+            ->addHeaders(['Content-Type' => 'application/json']);
+        $this->request->setHeaders($headers);
+        $response = $this->graphql->dispatch($this->request);
+        self::assertEquals(400, $response->getStatusCode());
+        $output = $this->jsonSerializer->unserialize($response->getContent());
+        self::assertArrayHasKey('errors', $output);
+        self::assertNotEmpty($output['errors']);
+        self::assertArrayHasKey('message', $output['errors'][0]);
+        self::assertEquals('Unable to parse the request.', $output['errors'][0]['message']);
+    }
+
+    public function testDispatchPostWithWrongContentType(): void
+    {
+        $query = <<<QUERY
+{
+    products(filter: {sku: {eq: "simple1"}}) {
+        items {
+            id
+            name
+            sku
+        }
+    }
+}
+QUERY;
+        $postData = ['query' => $query];
+
+        $this->request->setPathInfo('/graphql');
+        $this->request->setMethod('POST');
+        $this->request->setContent(json_encode($postData));
+        $response = $this->graphql->dispatch($this->request);
+        self::assertEquals(400, $response->getStatusCode());
+        $output = $this->jsonSerializer->unserialize($response->getContent());
+        self::assertArrayHasKey('errors', $output);
+        self::assertNotEmpty($output['errors']);
+        self::assertArrayHasKey('message', $output['errors'][0]);
+        self::assertEquals('Request content type must be application/json', $output['errors'][0]['message']);
+    }
 }
