From 56c346e296f042ae27cab42ea22a8ea9b30e758b Mon Sep 17 00:00:00 2001
From: Hagai Cohen <hagai.co@gmail.com>
Date: Mon, 12 Jun 2017 22:07:28 +0300
Subject: [PATCH] fix(graphql-server-core): validation for get queries

---
 packages/graphql-server-core/src/runHttpQuery.ts           | 7 +------
 packages/graphql-server-core/src/runQuery.ts               | 1 +
 .../graphql-server-express/src/apolloServerHttp.test.ts    | 3 +--
 packages/graphql-server-restify/src/restifyApollo.test.ts  | 1 -
 test/tests.js                                              | 5 ++++-
 5 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/packages/graphql-server-core/src/runHttpQuery.ts b/packages/graphql-server-core/src/runHttpQuery.ts
index da28a7e7..e5815de4 100644
--- a/packages/graphql-server-core/src/runHttpQuery.ts
+++ b/packages/graphql-server-core/src/runHttpQuery.ts
@@ -74,12 +74,7 @@ export async function runHttpQuery(handlerArguments: Array<any>, request: HttpQu
     try {
       let query = requestParams.query;
       if ( isGetRequest ) {
-        if (typeof query === 'string') {
-          // preparse the query incase of GET so we can assert the operation.
-          query = parse(query);
-        }
-
-        if ( ! isQueryOperation(query, requestParams.operationName) ) {
+        if ( ! isQueryOperation(parse(query), requestParams.operationName) ) {
           throw new HttpQueryError(405, `GET supports only query operation`, false, {
             'Allow':  'POST',
           });
diff --git a/packages/graphql-server-core/src/runQuery.ts b/packages/graphql-server-core/src/runQuery.ts
index c25cf5c0..83b9f9ca 100644
--- a/packages/graphql-server-core/src/runQuery.ts
+++ b/packages/graphql-server-core/src/runQuery.ts
@@ -94,6 +94,7 @@ function doRunQuery(options: QueryOptions): Promise<ExecutionResult> {
     logFunction({action: LogAction.request, step: LogStep.status, key: 'operationName', data: options.operationName});
 
     // if query is already an AST, don't parse or validate
+    // XXX: This refers the operations-store flow.
     if (typeof options.query === 'string') {
         try {
             // TODO: time this with log function
diff --git a/packages/graphql-server-express/src/apolloServerHttp.test.ts b/packages/graphql-server-express/src/apolloServerHttp.test.ts
index 1d0500fa..f3a3e128 100644
--- a/packages/graphql-server-express/src/apolloServerHttp.test.ts
+++ b/packages/graphql-server-express/src/apolloServerHttp.test.ts
@@ -351,7 +351,6 @@ describe(`GraphQL-HTTP (apolloServer) tests for ${version} express`, () => {
     it('handles type validation (GET)', async () => {
       const app = express();
 
-      app.use(urlString(), bodyParser.json());
       app.use(urlString(), graphqlExpress({
         schema: TestSchema
       }));
@@ -359,7 +358,7 @@ describe(`GraphQL-HTTP (apolloServer) tests for ${version} express`, () => {
       const response = await request(app)
         .get(urlString({ query: '{notExists}' }))
 
-      expect(response.status).to.equal(200);
+      expect(response.status).to.equal(400);
       expect(JSON.parse(response.text)).to.deep.equal({
         errors: [ {
           message: 'Cannot query field \"notExists\" on type \"QueryRoot\".',
diff --git a/packages/graphql-server-restify/src/restifyApollo.test.ts b/packages/graphql-server-restify/src/restifyApollo.test.ts
index 6ed9442c..57f61dad 100644
--- a/packages/graphql-server-restify/src/restifyApollo.test.ts
+++ b/packages/graphql-server-restify/src/restifyApollo.test.ts
@@ -4,7 +4,6 @@ import { graphiqlRestify, graphqlRestify } from './restifyApollo';
 import testSuite, { schema, CreateAppOptions } from 'graphql-server-integration-testsuite';
 import { expect } from 'chai';
 import { GraphQLOptions } from 'graphql-server-core';
-import 'mocha';
 
 function createApp(options: CreateAppOptions = {}) {
   const server = restify.createServer({
diff --git a/test/tests.js b/test/tests.js
index 795e3b7d..a6d277da 100644
--- a/test/tests.js
+++ b/test/tests.js
@@ -9,6 +9,9 @@ require('../packages/graphql-server-express/dist/connectApollo.test');
 require('../packages/graphql-server-hapi/dist/hapiApollo.test');
 (NODE_MAJOR_VERSION >= 6) && require('../packages/graphql-server-micro/dist/microApollo.test');
 (NODE_MAJOR_VERSION >= 7) && require('../packages/graphql-server-koa/dist/koaApollo.test');
-require('../packages/graphql-server-restify/dist/restifyApollo.test');
 require('../packages/graphql-server-lambda/dist/lambdaApollo.test');
 require('../packages/graphql-server-express/dist/apolloServerHttp.test');
+
+// XXX: Running restify last as it breaks http.
+// for more info: https://github.com/restify/node-restify/issues/700
+require('../packages/graphql-server-restify/dist/restifyApollo.test');