Upgrade apollo_upload_server gem to 2.0.2

This picks up changes in the gem introduced to throw an error if the client submits Strings as input rather than images. https://gitlab.com/gitlab-org/gitlab/-/issues/228657

Upgrade apollo_upload_server gem to 2.0.2
This picks up changes in the gem introduced to throw an error if the client submits Strings as input rather than images. https://gitlab.com/gitlab-org/gitlab/-/issues/228657
8dd505a5 · Luke Duncalfe · Mark Chao · 85d475bf · 8dd505a5 · 8dd505a5
Commit 8dd505a5 authored Sep 02, 2020 by Luke Duncalfe Committed by Mark Chao Sep 02, 2020
5 changed files
--- a/Gemfile
+++ b/Gemfile
@@ -93,7 +93,7 @@ gem 'graphql', '~> 1.10.5'
 # TODO: remove app/views/graphiql/rails/editors/show.html.erb when https://github.com/rmosolgo/graphiql-rails/pull/71 is released:
 # https://gitlab.com/gitlab-org/gitlab/issues/31747
 gem 'graphiql-rails', '~> 1.4.10'
-gem 'apollo_upload_server', '~> 2.0.0.beta3'
+gem 'apollo_upload_server', '~> 2.0.2'
 gem 'graphql-docs', '~> 1.6.0', group: [:development, :test]

 # Disable strong_params so that Mash does not respond to :permitted?

--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -73,7 +73,7 @@ GEM
      public_suffix (>= 2.0.2, < 5.0)
    aes_key_wrap (1.0.1)
    akismet (3.0.0)
-    apollo_upload_server (2.0.0.beta.3)
+    apollo_upload_server (2.0.2)
      graphql (>= 1.8)
      rails (>= 4.2)
    asana (0.10.0)
@@ -1220,7 +1220,7 @@ DEPENDENCIES
  acts-as-taggable-on (~> 6.0)
  addressable (~> 2.7)
  akismet (~> 3.0)
-  apollo_upload_server (~> 2.0.0.beta3)
+  apollo_upload_server (~> 2.0.2)
  asana (= 0.10.0)
  asciidoctor (~> 2.0.10)
  asciidoctor-include-ext (~> 0.3.1)

--- a/changelogs/unreleased/228657-version-bump-apollo_upload_server-gem.yml
+++ b/changelogs/unreleased/228657-version-bump-apollo_upload_server-gem.yml
+---
+title: Bug fix GraphQL file uploads accepting non-file input
+merge_request: 39763
+author:
+type: fixed
--- a/spec/requests/api/graphql/mutations/design_management/upload_spec.rb
+++ b/spec/requests/api/graphql/mutations/design_management/upload_spec.rb
@@ -12,11 +12,11 @@ RSpec.describe "uploading designs" do
  let(:files) { [fixture_file_upload("spec/fixtures/dk.png")] }
  let(:variables) { {} }

-  let(:mutation) do
+  def mutation
    input = {
      project_path: project.full_path,
      iid: issue.iid,
-      files: files
+      files: files.dup
    }.merge(variables)
    graphql_mutation(:design_management_upload, input)
  end
@@ -30,31 +30,15 @@ RSpec.describe "uploading designs" do
  end

  it "returns an error if the user is not allowed to upload designs" do
-    post_graphql_mutation(mutation, current_user: create(:user))
+    post_graphql_mutation_with_uploads(mutation, current_user: create(:user))

    expect(graphql_errors).to be_present
  end

-  it "succeeds (backward compatibility)" do
-    post_graphql_mutation(mutation, current_user: current_user)
+  it "succeeds, and responds with the created designs" do
+    post_graphql_mutation_with_uploads(mutation, current_user: current_user)

    expect(graphql_errors).not_to be_present
-  end
-
-  it 'succeeds' do
-    file_path_in_params = ['designManagementUploadInput', 'files', 0]
-    params = mutation_to_apollo_uploads_param(mutation, files: [file_path_in_params])
-
-    workhorse_post_with_file(api('/', current_user, version: 'graphql'),
-                             params: params,
-                             file_key: '1'
-                            )
-
-    expect(graphql_errors).not_to be_present
-  end
-
-  it "responds with the created designs" do
-    post_graphql_mutation(mutation, current_user: current_user)

    expect(mutation_response).to include(
      "designs" => a_collection_containing_exactly(
@@ -65,7 +49,7 @@ RSpec.describe "uploading designs" do

  it "can respond with skipped designs" do
    2.times do
-      post_graphql_mutation(mutation, current_user: current_user)
+      post_graphql_mutation_with_uploads(mutation, current_user: current_user)
      files.each(&:rewind)
    end

@@ -80,7 +64,7 @@ RSpec.describe "uploading designs" do
    let(:variables) { { iid: "123" } }

    it "returns an error" do
-      post_graphql_mutation(mutation, current_user: create(:user))
+      post_graphql_mutation_with_uploads(mutation, current_user: create(:user))

      expect(graphql_errors).not_to be_empty
    end
@@ -92,7 +76,7 @@ RSpec.describe "uploading designs" do
        expect(service).to receive(:execute).and_return({ status: :error, message: "Something went wrong" })
      end

-      post_graphql_mutation(mutation, current_user: current_user)
+      post_graphql_mutation_with_uploads(mutation, current_user: current_user)
      expect(mutation_response["errors"].first).to eq("Something went wrong")
    end
  end

--- a/spec/support/helpers/graphql_helpers.rb
+++ b/spec/support/helpers/graphql_helpers.rb
@@ -241,6 +241,39 @@ module GraphqlHelpers
    post_graphql(mutation.query, current_user: current_user, variables: mutation.variables)
  end

+  def post_graphql_mutation_with_uploads(mutation, current_user: nil)
+    file_paths = file_paths_in_mutation(mutation)
+    params = mutation_to_apollo_uploads_param(mutation, files: file_paths)
+
+    workhorse_post_with_file(api('/', current_user, version: 'graphql'),
+                             params: params,
+                             file_key: '1'
+                            )
+  end
+
+  def file_paths_in_mutation(mutation)
+    paths = []
+    find_uploads(paths, [], mutation.variables)
+
+    paths
+  end
+
+  # Depth first search for UploadedFile values
+  def find_uploads(paths, path, value)
+    case value
+    when Rack::Test::UploadedFile
+      paths << path
+    when Hash
+      value.each do |k, v|
+        find_uploads(paths, path + [k], v)
+      end
+    when Array
+      value.each_with_index do |v, i|
+        find_uploads(paths, path + [i], v)
+      end
+    end
+  end
+
  # this implements GraphQL multipart request v2
  # https://github.com/jaydenseric/graphql-multipart-request-spec/tree/v2.0.0-alpha.2
  # this is simplified and do not support file deduplication