search

ChilliCream / graphql-platform

Welcome to the home of the Hot Chocolate GraphQL server for .NET, the Strawberry Shake GraphQL client for .NET and Banana Cake Pop the awesome Monaco based GraphQL IDE.
https://chillicream.com
MIT License
5.16k stars 736 forks source link

AddAuthorization adds unused ApplyPolicy enum to schema, and [Authorize] adds no @authorize directives #6903

Open cmeeren opened 7 months ago

cmeeren commented 7 months ago

Product

Hot Chocolate

Version

13.8.1

Link to minimal reproduction

See zip below

Steps to reproduce

Repro zip: HotChocolateBugRepro.zip

It's possible this is two separate bugs, but they are at least related:

  1. Calling .AddGraphQLServer().AddAuthorization() will make an unused ApplyPolicy enum show up in the schema. This is the case even if .TrimTypes() is used.
  2. When using [Authorize], no @authorize directive appears in the schema. Based on the docs and the v13 blog post, it is my understanding that this directive should appear in the schema.

What is expected?

When the @authorize directive is not used in the schema, I expect also the ApplyPolicy enum to not be present.

When using [Authorize], I expect the ´@authorize´ directive to be present.

What is actually happening?

The ApplyPolicy enum is present in the schema even if it not used, and even it TrimTypes is used.

The @authorize directive to be present even when using [Authorize].

Relevant log output

No response

Additional context

No response

cmeeren commented 4 months ago

This is mistakenly labelled Area: F#. The repro code is C#.

Cyberboss commented 1 week ago

Any update on this? I'm trying to design a schema with non-nullable authorized fields and not being able to communicate that is a big issue.

If someone could point me to the problem area (i.e. where the directives are supposed to be added) I could have a crack at fixing it.

Cyberboss commented 1 week ago

Found the issue. The directive is marked as internal. It shows up when using ISchema.Print() but not in the API. I couldn't find any way to override this behavior either.

https://github.com/ChilliCream/graphql-platform/blob/99e38a7594324af03efa5ac45c2f7be04a4bd275/src/HotChocolate/Core/src/Authorization/AuthorizeDirectiveType.cs#L26

Cyberboss commented 1 week ago

Got a workaround:

public sealed class PublicAuthorizeDirectiveTypeInterceptor : TypeInterceptor
{
    /// <inhertidoc />
    public override void OnBeforeRegisterDependencies(ITypeDiscoveryContext discoveryContext, DefinitionBase definition)
    {
        if (definition is DirectiveTypeDefinition dtd
            && dtd.Name == "authorize")
        {
            dtd.IsPublic = true;
        }

        base.OnBeforeRegisterDependencies(discoveryContext, definition);
    }
}
services
    .AddGraphQLServer()
    .AddAuthorization()
    .TryAddTypeInterceptor<PublicAuthorizeDirectiveTypeInterceptor>()
    ...
Cyberboss commented 1 week ago

Pardon me, I've been commenting on the wrong issue.