Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Invalid column name errors #358

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

kangabru
Copy link

@kangabru kangabru commented Apr 1, 2022

This PR will make the composer throw errors if a query tries to use invalid column names.

Reasoning

Queries currently ignore invalid column names which makes it easy to write queries that break unexpectedly.
This can lead to errors such as when a 'where' clause returns more records than it should. This change will ensure the developer is aware of a bad query and fix the issue.

Example

  • A model has fields like author_id and is_admin
  • The developer writes a query like Model.query().where({ user_id: user.id, is_admin: false }).destroyAll(...)
  • The developer made an easy mistake and used the column user_id. This doesn't exist on the model so Nodal silently ignores it. This query then selects and deletes all users by accident.
  • This PR will fix issues like this by making a query like this throw an error to ensure this is never pushed to a deployed environment.

@kangabru kangabru force-pushed the bad-column-name-errors branch from ee69b68 to 0e2618a Compare April 8, 2022 12:03
@@ -1225,23 +1225,23 @@ module.exports = Nodal => {
children__is_favorite: true,
children__license: null,
pets__name: 'Oliver',
pets__alive: true,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would write a new test case here instead of adapting an old one

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is actually an issue with the existing tests since the column active doesn't exist (it's is_active). I had to update them because my new changes would break the tests otherwise. This column doesn't seem to affect the result of the test anyway since they still pass like this.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah gotcha. Makes sense then

Parent.query()
.join('pets')
.where({ active: true })
.end();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Keep the style consistent with other tests (use the callback and catch the error)

Copy link
Author

@kangabru kangabru Apr 8, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The way I wrote the code is such that it throws an error outside of the end() call. I did this is because it's more of a developer error, not a DB one. If I did it inside the end call then it might be less obvious.

Would you prefer me to have it throw the error inside the end() call?

name: 'Zoolander',
pets__animal__in: ['Cat']
},
{
children__is_favorite: true,
children__license__not_null: true,
pets__name: 'Oliver',
pets__alive: true,
pets__is_alive: true,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add a test for comparators too (pets__name__ilike or __lt)

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah I could add those if you like but this change was just to fix the bad column name used in the original test.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants