Merge pull request #206 from moufmouf/http400forclientaware

moufmouf · web-flow · commit 022e0b6fd8bd · 2019-12-26T16:11:42.000+01:00
ClientAware exceptions now trigger HTTP 400 errors
diff --git a/src/Http/HttpCodeDecider.php b/src/Http/HttpCodeDecider.php
@@ -4,6 +4,7 @@
 
 namespace TheCodingMachine\GraphQLite\Http;
 
+use GraphQL\Error\ClientAware;
 use GraphQL\Executor\ExecutionResult;
 use function max;
 
@@ -28,8 +29,15 @@ public function decideHttpStatusCode(ExecutionResult $result): int
             if ($wrappedException !== null) {
                 $code = $wrappedException->getCode();
                 if ($code < 400 || $code >= 600) {
-                    // The exception code is not a valid HTTP code. Let's ignore it
-                    continue;
+                    if (! ($wrappedException instanceof ClientAware) || $wrappedException->isClientSafe() !== true) {
+                        // The exception code is not a valid HTTP code. Let's ignore it
+                        continue;
+                    }
+
+                    // A "client aware" exception is almost certainly targeting the client (there is
+                    // no need to pass a server exception error message to the client).
+                    // So a ClientAware exception is almost certainly a HTTP 400 code
+                    $code = 400;
                 }
             } else {
                 $code = 400;
diff --git a/tests/Http/HttpCodeDeciderTest.php b/tests/Http/HttpCodeDeciderTest.php
@@ -3,6 +3,7 @@
 namespace TheCodingMachine\GraphQLite\Http;
 
 use Exception;
+use GraphQL\Error\ClientAware;
 use GraphQL\Error\Error;
 use GraphQL\Executor\ExecutionResult;
 use PHPUnit\Framework\TestCase;
@@ -32,6 +33,19 @@ public function testDecideHttpStatusCode(): void
         $exception600 = new Exception('foo', 600);
         $errorCode600 = new Error('Foo', null, null, null, null, $exception600);
 
+        $clientAwareException = new class extends Exception implements ClientAware {
+            public function isClientSafe()
+            {
+                return true;
+            }
+
+            public function getCategory()
+            {
+                return 'foo';
+            }
+        };
+        $clientAwareError = new Error('Foo', null, null, null, null, $clientAwareException);
+
         $executionResult = new ExecutionResult(null, [ $errorCode0 ]);
         $this->assertSame(500, $codeDecider->decideHttpStatusCode($executionResult));
 
@@ -40,5 +54,8 @@ public function testDecideHttpStatusCode(): void
 
         $executionResult = new ExecutionResult(null, [ $graphqlError ]);
         $this->assertSame(400, $codeDecider->decideHttpStatusCode($executionResult));
+
+        $executionResult = new ExecutionResult(null, [ $clientAwareError ]);
+        $this->assertSame(400, $codeDecider->decideHttpStatusCode($executionResult));
     }
 }
