Variables aren't coerced.

[dylanahsmith]

Here is an example script that shows the problem:

require 'graphql'
require 'json'

QueryRoot = GraphQL::ObjectType.define do
  name "Query"

  field :foo, types.String do
    argument :input, types.Int
    resolve -> (obj, args, ctx) {
      args['input'].inspect
    }
  end
end

Schema = GraphQL::Schema.new(query: QueryRoot)

variables = { "input" => "not a int" }
result = Schema.execute(<<GRAPHQL, variables: variables)
query Q($input: Int) {
  foo(input: $input)
}
GRAPHQL

puts JSON.pretty_generate(result)

outputs

{
  "data": {
    "foo": "\"not a int\""
  }
}

despite the fact that a string variable value was accepted in an Int typed argument.

There is a check to make sure the declared variables type matches the argument type, but no coercion of the variable values themselves.

[dylanahsmith]

Oh, it actually looks like values are also not coerced. E.g.

require 'graphql'
require 'json'

QueryRoot = GraphQL::ObjectType.define do
  name "Query"

  field :add, types.String do
    argument :a, types.Int
    argument :b, types.Int
    resolve ->(obj, args, ctx) {
      "#{args['a'].inspect} + #{args['b'].inspect}"
    }
  end
end

Schema = GraphQL::Schema.new(query: QueryRoot)
result = Schema.execute('{ add(a: 1.2, b: 2.3) }')
puts JSON.pretty_generate(result)

outputs

{
  "data": {
    "add": "1.2 + 2.3"
  }
}

because the static validator coerces the inputs, but the result isn't used, so the original float values get passed in as integer arguments.

[rmosolgo]

Here we go: fa7a2db

You can see where it was just reading the value and not coercing it at all, now it's coercing it!

Also it will raise if it fails to coerce