Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Possible Bug: Output fields from DjangoFormMutation

See original GitHub issue

In the initialization of the Meta class of a DjangoFormMutation, the output fields are declared similar to the input fields of the mutation, like:

input_fields = fields_for_form(form, only_fields, exclude_fields)
output_fields = fields_for_form(form, only_fields, exclude_fields)

For example, if we have a form for authentication, like the one provided by django:

class AuthenticationForm(forms.Form):
    """
    Base class for authenticating users. Extend this to get a form that accepts
    username/password logins.
    """
    username = UsernameField(
        max_length=254,
        widget=forms.TextInput(attrs={'autofocus': True}),
    )
    password = forms.CharField(
        label=_("Password"),
        strip=False,
        widget=forms.PasswordInput,
    )
    ...

And we link it to a mutation:

class AuthMutation(DjangoFormMutation):
    """
    Mutation to login a user
    """
    class Meta:
        form_class = AuthenticationForm
    ...

generates a mutation that requires a username and a password on the response.

AuthMutationPayload{
    username: String!
    password: String!
    clientMutationId: String
}

Is this right? Is sending back the password to the user secure? I think the output fields should be initialized as an OrderedDict().

Issue Analytics

State:
Created 5 years ago
Comments:11

Top GitHub Comments

3reactions

maarcingebalacommented, Jul 24, 2018

We tried those form-based mutations in our project before it was merged to master in graphene-django, but it turned out that some parts of our logic had to placed inside the form classes and some other parts in mutate functions. Also, when we had to include or exclude particular fields, we had to do it either at the form level or the mutation Meta-class level. Everything started to become a bit messy and we eventually gave up this approach and came up with our solution - model based mutations. We use it for CRUD-like mutations based on models and for all other cases such as authentication, upload etc we have simple BaseMutations that unify the way we return user errors. Although we reimplemented some logic of model forms, we find this approach more convenient so far.

2reactions

jarcoalcommented, Sep 19, 2018

It would be nice to be able to specify output fields as there are many cases where values going out will not match values going in. Even just exposing separate methods like get_input_fields() and get_output_fields() would make it easy to do this.

Top Results From Across the Web

How to get Django Graphene ModelForm Mutation to apply

According to django-graphene documentation, I'm using DjangoModelForm to handle the input into the db. My schema.py: class SubjectMarkType( ...

Graphene Documentation - Read the Docs

Graphene-Django comes with mutation classes that will convert the fields on Django forms into inputs on a mutation. DjangoFormMutation from ...

Mutations - Graphene-Python

Graphene-Django comes with mutation classes that will convert the fields on Django forms into inputs on a mutation. DjangoFormMutation¶. from graphene_django.

graphene-django Changelog - PyUp.io

Make v3 django choice field enum naming default (in v3) by DoctorJohn in ... Extract query function from GraphQLTestCase making it possible to...

graphene-django mutation, graphene-django-subscriptions ...

Graphene-Django comes with mutation classes that will convert the fields ... graphene_django.forms.mutation import DjangoFormMutation class MyForm ( forms .