Fix bug when parsing query variables sent by the GraphiQL desktop client

app/controllers/graphql_controller.rb

@@ -12,6 +12,8 @@ class GraphqlController < ApplicationController
       render json: response, status: :ok
     rescue GraphqlController::QueryStringError
       render json: { message: 'Query string not present' }, status: :bad_request
+    rescue JSON::ParserError
+      render json: { message: 'Error parsing JSON' }, status: :bad_request
     rescue GraphQL::ParseError
       render json: { message: 'Query string is not valid JSON' }, status: :bad_request
     rescue
@@ -40,6 +42,10 @@ class GraphqlController < ApplicationController
     end
 
     def query_variables
-      params[:variables].blank? ? {} : JSON.parse(params[:variables])
+      if params[:variables].blank? || params[:variables] == 'null'
+        {}
+      else
+        JSON.parse(params[:variables])
+      end
     end
 end

spec/controllers/graphql_controller_spec.rb

@@ -8,18 +8,21 @@ describe GraphqlController, type: :request do
   describe "handles GET request" do
     specify "with query string inside query params" do
       get '/graphql', query: "{ proposal(id: #{proposal.id}) { title } }"
+
       expect(response).to have_http_status(:ok)
       expect(JSON.parse(response.body)['data']['proposal']['title']).to eq(proposal.title)
     end
 
     specify "with malformed query string" do
       get '/graphql', query: 'Malformed query string'
+
       expect(response).to have_http_status(:bad_request)
       expect(JSON.parse(response.body)['message']).to eq('Query string is not valid JSON')
     end
 
     specify "without query string" do
       get '/graphql'
+
       expect(response).to have_http_status(:bad_request)
       expect(JSON.parse(response.body)['message']).to eq('Query string not present')
     end
@@ -30,6 +33,7 @@ describe GraphqlController, type: :request do
 
     specify "with json-encoded query string inside body" do
       post '/graphql', { query: "{ proposal(id: #{proposal.id}) { title } }" }.to_json, json_headers
+
       expect(response).to have_http_status(:ok)
       expect(JSON.parse(response.body)['data']['proposal']['title']).to eq(proposal.title)
     end
@@ -37,20 +41,45 @@ describe GraphqlController, type: :request do
     specify "with raw query string inside body" do
       graphql_headers = { "CONTENT_TYPE" => "application/graphql" }
       post '/graphql', "{ proposal(id: #{proposal.id}) { title } }", graphql_headers
+
       expect(response).to have_http_status(:ok)
       expect(JSON.parse(response.body)['data']['proposal']['title']).to eq(proposal.title)
     end
 
     specify "with malformed query string" do
       post '/graphql', { query: "Malformed query string" }.to_json, json_headers
+
       expect(response).to have_http_status(:bad_request)
       expect(JSON.parse(response.body)['message']).to eq('Query string is not valid JSON')
     end
 
     it "without query string" do
       post '/graphql', json_headers
+
       expect(response).to have_http_status(:bad_request)
       expect(JSON.parse(response.body)['message']).to eq('Query string not present')
     end
   end
+
+  describe "correctly parses query variables" do
+    let(:query_string) { "{ proposal(id: #{proposal.id}) { title } }" }
+
+    specify "when absent" do
+      get '/graphql', { query: query_string }
+
+      expect(response).to have_http_status(:ok)
+    end
+
+    specify "when specified as the 'null' string" do
+      get '/graphql', { query: query_string, variables: 'null' }
+
+      expect(response).to have_http_status(:ok)
+    end
+
+    specify "when specified as an empty string" do
+      get '/graphql', { query: query_string, variables: '' }
+
+      expect(response).to have_http_status(:ok)
+    end
+  end
 end