tabshift/payload
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0c19afcf91b4df82c9c6315b0dc645af8a2bfd2b
payload/packages/graphql/src
History
Manuel Leitold 58441c2bcc fix(graphql): avoid adding extra password fields when running mutations (#8032) (#8845) 
<!--

Thank you for the PR! Please go through the checklist below and make
sure you've completed all the steps.

Please review the
[CONTRIBUTING.md](https://github.com/payloadcms/payload/blob/main/CONTRIBUTING.md)
document in this repository if you haven't already.

The following items will ensure that your PR is handled as smoothly as
possible:

- PR Title must follow conventional commits format. For example, `feat:
my new feature`, `fix(plugin-seo): my fix`.
- Minimal description explained as if explained to someone not
immediately familiar with the code.
- Provide before/after screenshots or code diffs if applicable.
- Link any related issues/discussions from GitHub or Discord.
- Add review comments if necessary to explain to the reviewer the logic
behind a change

### What?

### Why?

### How?

Fixes #

-->

### What?
`auth` enabled collections show "Password" fields whenever a GraphQL
query is performed or the GraphQL playground is opened (see #8032)

You can reproduce this behavior by spinning up the `admin` test with
PostgreSQL:
```bash
pnpm dev:postgres admin
```

Open the admin UI and navigate to the `dev@payloadcms.com` document in
the `Users` collection (see screenshot below)
<img width="915" alt="image"
src="https://github.com/user-attachments/assets/40624a8f-80b7-412b-b851-5e3643ffcae1">

Open the [GraphQL
playground](http://localhost:3000/api/graphql-playground)
Open the admin UI and select the user again. The password field appears
multiple times.
Subsequent GraphQL playground page refreshes lead to even more password
fields in the admin UI.

<img width="1086" alt="image"
src="https://github.com/user-attachments/assets/009264bd-b153-4bf7-8fc9-8e465fc27247">

The current behavior has an impact during development and even on
production. Since the password field is added to the collection, payload
tries to add this field to the database as well (at least I could
observe at in my own project)

### Why?
In the `packages/graphql/src/schema/initCollections.ts` file, the
`initCollections` function mutates the config object by adding the
password field for the GraphQL schema (line 128). This mutation adds the
field multiple times, depending how often you open the playground. In
addition, this added field is also shown in the UI since the config
object is shared (see screenshot above).

### How?
By creating a deep copy of the object, the mutation of the configuration
does not leak additional fields to the UI or other parts of the code.
2024-10-31 00:45:07 +00:00
..
bin
feat!: beta-next (#7620)
2024-08-13 12:54:33 -04:00
exports
fix: export default was not found in graphql (#6975)
2024-07-29 11:37:58 -04:00
packages
chore: significantly improve eslint performance, lint and prettier everything
2024-08-29 21:25:50 -04:00
resolvers
feat: select fields (#8550)
2024-10-29 21:47:18 +00:00
schema
fix(graphql): avoid adding extra password fields when running mutations (#8032) (#8845)
2024-10-31 00:45:07 +00:00
utilities
chore(graphql): adjust default exports (#7946)
2024-08-29 03:51:03 +00:00
index.ts
chore: significantly improve eslint performance, lint and prettier everything
2024-08-29 21:25:50 -04:00