add field suggestions phase and tests

mirego · Dec 5, 2023 · fcf9c2d · fcf9c2d
1 parent af707bd
commit fcf9c2d
Show file tree

Hide file tree

Showing 3 changed files with 85 additions and 1 deletion.
diff --git a/lib/absinthe_security/phase/disable_field_suggestions.ex b/lib/absinthe_security/phase/disable_field_suggestions.ex
@@ -0,0 +1,28 @@
+defmodule AbsintheSecurity.Phase.DisableFieldSuggestions do
+  def run(blueprint, options) do
+    if Keyword.get(options, :enable_field_suggestions, false) do
+      {:ok, blueprint}
+    else
+      do_run(blueprint)
+    end
+  end
+
+  defp do_run(blueprint) do
+    result =
+      case blueprint.result do
+        %{errors: errors} -> %{blueprint.result | errors: remove_field_suggestions(errors)}
+        _ -> blueprint.result
+      end
+
+    {:ok, %{blueprint | result: result}}
+  end
+
+  def remove_field_suggestions(errors) do
+    Enum.map(errors, fn error ->
+      case Regex.run(~r/ Did you mean.+/, error.message) do
+        [match] -> Map.put(error, :message, String.replace(error.message, match, ""))
+        _ -> error
+      end
+    end)
+  end
+end
diff --git a/test/absinthe_security/phase/disable_field_suggestions_test.exs b/test/absinthe_security/phase/disable_field_suggestions_test.exs
@@ -0,0 +1,52 @@
+defmodule AbsintheSecurity.Phase.DisableFieldSuggestionsTest do
+  use AbsintheSecurityTest.AbsinthePhaseCase,
+    phase: AbsintheSecurity.Phase.DisableFieldSuggestions,
+    schema: __MODULE__.Schema,
+    async: true
+
+  defmodule Schema do
+    use Absinthe.Schema
+
+    query do
+      field :foo_object, :foo do
+      end
+    end
+
+    object :foo do
+      field :bar, :string
+      field :buzz, :integer
+    end
+  end
+
+  describe "field suggestions" do
+    test "are returned when it's enabled" do
+      query = """
+      query FooObject {
+        fooObject {
+          buz
+        }
+      }
+      """
+
+      assert {:ok, result, _} = run_phase(query, operation_name: "FooObject", variables: %{}, enable_field_suggestions: true, jump_phases: true)
+
+      [error] = result.result.errors
+      assert error.message === "Cannot query field \"buz\" on type \"Foo\". Did you mean \"buzz\"?"
+    end
+
+    test "are not returned when it's disabled" do
+      query = """
+      query FooObject {
+        fooObject {
+          buz
+        }
+      }
+      """
+
+      assert {:ok, result, _} = run_phase(query, operation_name: "FooObject", variables: %{}, enable_field_suggestions: false, jump_phases: true)
+
+      [error] = result.result.errors
+      assert error.message === "Cannot query field \"buz\" on type \"Foo\"."
+    end
+  end
+end
diff --git a/test/support/absinthe_phase_case.ex b/test/support/absinthe_phase_case.ex
@@ -16,7 +16,7 @@ defmodule AbsintheSecurityTest.AbsinthePhaseCase do
 
       @spec run_phase(String.t(), Keyword.t()) :: Absinthe.Phase.result_t()
       def run_phase(query, options) do
-        options = Keyword.put(options, :jump_phases, false)
+        options = Keyword.put_new(options, :jump_phases, false)
 
         pipeline = pipeline(unquote(schema), options)
         Absinthe.Pipeline.run(query, Absinthe.Pipeline.upto(pipeline, unquote(phase)))
@@ -41,6 +41,10 @@ defmodule AbsintheSecurityTest.AbsinthePhaseCase do
             {AbsintheSecurity.Phase.IntrospectionCheck, options}
           ]
         )
+        |> Pipeline.insert_after(
+          Absinthe.Phase.Document.Result,
+          {AbsintheSecurity.Phase.DisableFieldSuggestions, options}
+        )
       end
     end
   end