[英]Cannot query field 'password' on type 'User' graphql
I'm using graphql and prisma.我正在使用graphql和prisma。
datamodel.prisma数据模型.prisma
type User {
id: ID! @id
createdAt: DateTime! @createdAt
updatedAt: DateTime! @updatedAt
email: String! @unique
password: String!
first_name: String
}
schema.graphql模式.graphql
scalar Date
type Query {
users: [User!]!
}
type User {
id: ID!
createdAt: Date!
updatedAt: Date!
email: String!
first_name: String
}
resolver解析器
users: (parent, args, context) => {
return context.prisma.users();
}
I expected to get a user list, but received the error: query我希望得到一个用户列表,但收到错误:查询
{
users {
email
}
}
error错误
"Cannot query field 'password' on type 'User'. (line 7, column 5):\\n password\\n ^"
UPDATE 1 Tried to use a fragment, but got the same:更新 1尝试使用片段,但结果相同:
{
users {
...userFields
}
}
fragment userFields on User {
email
}
I'd like to also add a scenario that can very easily cause this same issue that took me a while to debug and I'm sure others will encounter, because it took me quite some time to realize the issue was actually being caused in my FRONTEND code where I was defining my auth-related Mutations.我还想添加一个场景,它很容易导致同样的问题,我花了一段时间来调试,我相信其他人会遇到,因为我花了很长时间才意识到问题实际上是在我的我在其中定义与身份验证相关的突变的前端代码。
Here's what that looked like while developing much of my application:这是开发我的大部分应用程序时的样子:
datamodel.prisma
(I've omitted some fields for simplicity sake) datamodel.prisma
(为了简单起见,我省略了一些字段)
type User {
id: ID! @id
name: String!
email: String! @unique
password: String!
}
schema.graphql
(just showing the signUp
Mutation for simplicity) schema.graphql
(为简单起见仅显示signUp
Mutation)
type Mutation {
signUp(email: String!, password: String!, name: String!): User!
}
SignUp.js
(where I access the signUp
Mutation exposed in schema.graphql
) SignUp.js
(其中我访问signUp
突变暴露schema.graphql
)
const SIGNUP_MUTATION = gql`
mutation SIGNUP_MUTATION(
$email: String!
$name: String!
$password: String!
) {
signUp(email: $email, name: $name, password: $password) {
id
email
name
password
}
}
`
Notice that I am returning id
, email
, name
, and password
- this was because I wanted to make sure everything was working in development.请注意,我正在返回id
、 email
、 name
和password
- 这是因为我想确保一切都在开发中工作。
Cannot query field 'password' on type 'User'
error Cannot query field 'password' on type 'User'
错误中引入Cannot query field 'password' on type 'User'
Once I began working on security and created a special User
type in schema.graphql
so that I could hide protected fields such as password
, that's when I got this issue:一旦我开始研究安全性并在schema.graphql
创建了一个特殊的User
类型,以便我可以隐藏受保护的字段,例如password
,那是我遇到这个问题的时候:
schema.graphql
(notice that I am now not exposing the password
field on this frontend-facing User type) schema.graphql
(请注意,我现在没有在面向前端的用户类型上公开password
字段)
type Mutation {
signUp(email: String!, password: String!, name: String!): User!
}
type User {
id: ID!
name: String!
email: String!
}
Because of the nature of this error message, I spent most of my morning puzzling over my backend code.由于此错误消息的性质,我上午的大部分时间都在对后端代码感到困惑。 But it turned out that the error was actually being caused in SignUp.js
, where I was RETURNING the password
field.但事实证明,错误实际上是在SignUp.js
中引起的,我正在返回password
字段。
The solution was to simply remove that line from the list of return fields like so:解决方案是简单地从返回字段列表中删除该行,如下所示:
const SIGNUP_MUTATION = gql`
mutation SIGNUP_MUTATION(
$email: String!
$name: String!
$password: String!
) {
signUp(email: $email, name: $name, password: $password) {
id
email
name
}
}
`
So if you're experiencing this issue, please check ALL of your relevant mutations and make sure that you're not returning any fields that you have protected as I described here.因此,如果您遇到此问题,请检查您的所有相关突变,并确保您没有返回任何已保护的字段,如我在此处所述。
Be sure to also check your frontend code and make sure you aren't trying to return fields that you have now protected and are no longer exposing to the frontend.请务必同时检查您的前端代码,并确保您没有尝试返回您现在受保护且不再向前端公开的字段。
I hope this is helpful and saves people some time!我希望这会有所帮助并为人们节省一些时间!
... aaah Prisma ... ...啊啊棱镜...
I don't know if interfaces, unions or input types are supported.我不知道是否支持接口、联合或输入类型。 Graphql docs Graphql文档
Prisma generates almost everything ... but defining password as required (as type for DBB generation) for datamodel should not block querying for a type subset or type defined on existing model without using all fields. Prisma 生成几乎所有内容......但为数据模型定义所需的密码(作为 DBB 生成的类型)不应阻止对现有模型上定义的类型子集或类型的查询,而不使用所有字段。
For me it's a bit missleading error message.对我来说,这有点误导性的错误信息。 It can be resolver related.它可能与解析器有关。
Try to match
types in resolver, don't return direct prisma query (operates on model types), but map queried data (an array) to filter out password field/property (to be query type compatible).尝试match
解析器match
类型,不要直接返回prisma 查询(对模型类型进行操作),而是映射查询数据(数组)以过滤掉密码字段/属性(与查询类型兼容)。 It's a security concern, too - passwords shouldn't be read from outside.这也是一个安全问题 - 不应从外部读取密码。
我创建了自定义查询,它返回一个片段,似乎错误消失了。
只需在您的控制台中运行(在 Prisma 文件夹中):
PRISMA_MANAGEMENT_API_SECRET=mysecret42 prisma deploy
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.