Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GraphQL: Improve Error Message for Unauthorized Page Request #29270

Closed
1 task
fmontes opened this issue Jul 18, 2024 · 2 comments · Fixed by #29521
Closed
1 task

GraphQL: Improve Error Message for Unauthorized Page Request #29270

fmontes opened this issue Jul 18, 2024 · 2 comments · Fixed by #29521
Labels
Gardening Day Merged OKR : Core Features Owned by Will Priority : 3 Average QA : Approved QA : Passed Internal Release : 24.08.20 AI Fixed Team : Scout Type : Defect

Comments

@fmontes
Copy link
Member

fmontes commented Jul 18, 2024
edited
Loading

Problem Statement

When making a GraphQL request for a working page (edit mode) without authentication, dotCMS returns a 500 error without providing any useful error message.

Steps to Reproduce

gql-permission-error.mp4

Acceptance Criteria
Beta Give feedback

An example error could be:

Unauthorized: You do not have the necessary permissions to request this page in edit mode. Please contact your administrator for assistance or try again with appropriate writing permissions.

External Links

N/A

Assumptions & Initiation Needs

N/A

Quality Assurance Notes & Workarounds

Currently, there is no workaround for this issue. QA testing should focus on verifying that the error message is improved when making unauthorized GraphQL requests for working pages.
@valentinogiardino valentinogiardino self-assigned this Aug 8, 2024
valentinogiardino added a commit that referenced this issue Aug 9, 2024
@valentinogiardino
#29270 add graphql custom exception class
16d9ab2
valentinogiardino added a commit that referenced this issue Aug 9, 2024
@valentinogiardino
#29270 add PermissionDeniedGraphQLException
b745015
valentinogiardino added a commit that referenced this issue Aug 9, 2024
@valentinogiardino
#29270 fix error message for Unauthorized Page Request
68e3828
valentinogiardino added a commit that referenced this issue Aug 9, 2024
@valentinogiardino
#29270 add postman test
76ad731
@valentinogiardino valentinogiardino mentioned this issue Aug 9, 2024
Merged
1 task
valentinogiardino added a commit that referenced this issue Aug 12, 2024
@valentinogiardino
#29270 use GraphqlErrorException as base class for custom graphql exc…
50ed74a 
…eptions
valentinogiardino added a commit that referenced this issue Aug 12, 2024
@valentinogiardino
#29270 fix postman test
9d2cd11
valentinogiardino added a commit that referenced this issue Aug 12, 2024
@valentinogiardino
#29270 Rollback to CustomGraphQLException as Base Class
5213a35 
**Reason for Rollback**:
- The change to use `GraphQLErrorException` as the base class for `PermissionDeniedGraphQLException` caused a violation of the SonarQube rule "Inheritance tree of classes should not be too deep."
- The inheritance tree depth exceeded the allowed limit, leading to maintainability issues flagged by SonarQube.
github-merge-queue bot pushed a commit that referenced this issue Aug 12, 2024
@valentinogiardino
fix(GraphQL) Refs #29270 Improve error message for unauthorized page …
a7ced0d 
…request (#29521)

### Proposed Changes
Enhance the error handling capabilities of our GraphQL API by
introducing a custom exception class that aligns with the GraphQL error
handling guidelines.
* Added a custom GraphQL exception class that implements `GraphQLError`.
* Introduced `PermissionDeniedGraphQLException` for unauthorized access.
* Fixed error message for unauthorized page requests.
* Added Postman test for exception handling.

### Checklist
- [x] Unauthorized query request should return a correct error message

### Screenshots
#### Before:

![image](https://github.com/user-attachments/assets/8ee2cd67-af11-4616-abec-534dd2b56b88)
#### After:

![image](https://github.com/user-attachments/assets/8dd74fb9-d0ee-4c80-8d99-6056ade8eac5)

This PR fixes #29270
@valentinogiardino valentinogiardino removed their assignment Aug 13, 2024
@rjvelazco rjvelazco self-assigned this Aug 13, 2024
@rjvelazco
Copy link
Contributor

Passed Internal QA

  • Tested on docker image: [dotcms/dotcms:trunk_2e54089]

Video

iqa-29270-graphql-improve-error-message-for-unauthorized-page-request-1.mov

Test Case

Query:

query {
  page( url: "/index", pageMode: "WORKING") {
    title
  }
}

Response

{
  "errors": [
    {
      "message": "Exception while fetching data (/page) : Unauthorized: You do not have the necessary permissions to request this page in edit mode.",
      "locations": [
        {
          "line": 2,
          "column": 3
        }
      ],
      "path": [
        "page"
      ],
      "extensions": {
        "classification": "DataFetchingException"
      }
    }
  ],
  "data": {
    "page": null
  }
}

@rjvelazco rjvelazco removed their assignment Aug 13, 2024
@bryanboza
Copy link
Member

Fixed and tested in the latest trunk, and now we have a clearer error message.

Image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Gardening Day Merged OKR : Core Features Owned by Will Priority : 3 Average QA : Approved QA : Passed Internal Release : 24.08.20 AI Fixed Team : Scout Type : Defect
Projects
dotCMS - Product Planning
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(GraphQL) Refs #29270 Improve error message for unauthorized page request dotCMS/core
5 participants
@fmontes @bryanboza @nollymar @rjvelazco @valentinogiardino