Merge pull request #12725 from luanorlandi/fix/sanitize-date-query-param

Fix sanitization of datetime type in query param

packages/core/utils/lib/convert-query-params.js

@@ -4,7 +4,7 @@
  * Converts the standard Strapi REST query params to a more usable format for querying
  * You can read more here: https://docs.strapi.io/developer-docs/latest/developer-resources/database-apis-reference/rest-api.html#filters
  */
-const { has, isEmpty, isObject, cloneDeep, get } = require('lodash/fp');
+const { has, isEmpty, isObject, isPlainObject, cloneDeep, get } = require('lodash/fp');
 const _ = require('lodash');
 const parseType = require('./parse-type');
 const contentTypesUtils = require('./content-types');
@@ -286,7 +286,7 @@ const convertFiltersQueryParams = (filters, schema) => {
 };
 
 const convertAndSanitizeFilters = (filters, schema) => {
-  if (!isObject(filters)) {
+  if (!isPlainObject(filters)) {
     return filters;
   }
 
@@ -349,7 +349,7 @@ const convertAndSanitizeFilters = (filters, schema) => {
     }
 
     // Remove empty objects & arrays
-    if (isObject(filters[key]) && isEmpty(filters[key])) {
+    if (isPlainObject(filters[key]) && isEmpty(filters[key])) {
       removeOperator(key);
     }
   }

packages/plugins/graphql/tests/fields/date.test.e2e.js

@@ -113,5 +113,35 @@ describe('Test Graphql API End to End', () => {
         });
       }
     );
+
+    test.each(['2022-03-17'])('Can filter query with date: %s', async value => {
+      const res = await graphqlQuery({
+        query: /* GraphQL */ `
+          query posts($myDate: Date!) {
+            posts(filters: { myDate: { gt: $myDate } }) {
+              data {
+                attributes {
+                  myDate
+                }
+              }
+            }
+          }
+        `,
+        variables: {
+          myDate: value,
+        },
+      });
+
+      const { body } = res;
+
+      expect(res.statusCode).toBe(200);
+      expect(body).toEqual({
+        data: {
+          posts: {
+            data: [],
+          },
+        },
+      });
+    });
   });
 });

packages/plugins/graphql/tests/fields/datetime.test.e2e.js

@@ -0,0 +1,150 @@
+'use strict';
+
+// Helpers.
+const { createTestBuilder } = require('../../../../../test/helpers/builder');
+const { createStrapiInstance } = require('../../../../../test/helpers/strapi');
+const { createAuthRequest } = require('../../../../../test/helpers/request');
+
+const builder = createTestBuilder();
+let strapi;
+let rq;
+let graphqlQuery;
+
+const postModel = {
+  attributes: {
+    myDatetime: {
+      type: 'datetime',
+    },
+  },
+  singularName: 'post',
+  pluralName: 'posts',
+  displayName: 'Post',
+  description: '',
+  collectionName: '',
+};
+
+describe('Test Graphql API End to End', () => {
+  beforeAll(async () => {
+    await builder.addContentType(postModel).build();
+
+    strapi = await createStrapiInstance();
+    rq = await createAuthRequest({ strapi });
+
+    graphqlQuery = body => {
+      return rq({
+        url: '/graphql',
+        method: 'POST',
+        body,
+      });
+    };
+  });
+
+  afterAll(async () => {
+    await strapi.destroy();
+    await builder.cleanup();
+  });
+
+  describe('GraphQL - Datetime field', () => {
+    test.each(['2022-03-17T15:06:57.000Z', null])(
+      'Can create an entity with datetime equals: %s',
+      async value => {
+        const res = await graphqlQuery({
+          query: /* GraphQL */ `
+            mutation createPost($data: PostInput!) {
+              createPost(data: $data) {
+                data {
+                  attributes {
+                    myDatetime
+                  }
+                }
+              }
+            }
+          `,
+          variables: {
+            data: {
+              myDatetime: value,
+            },
+          },
+        });
+
+        const { body } = res;
+
+        expect(res.statusCode).toBe(200);
+        expect(body).toEqual({
+          data: {
+            createPost: {
+              data: {
+                attributes: { myDatetime: value },
+              },
+            },
+          },
+        });
+      }
+    );
+
+    test.each(['2022-03-17', {}, [], 'something'])(
+      'Cannot create an entity with datetime equals: %s',
+      async value => {
+        const res = await graphqlQuery({
+          query: /* GraphQL */ `
+            mutation createPost($data: PostInput!) {
+              createPost(data: $data) {
+                data {
+                  attributes {
+                    myDatetime
+                  }
+                }
+              }
+            }
+          `,
+          variables: {
+            data: {
+              myDatetime: value,
+            },
+          },
+        });
+
+        const { body } = res;
+
+        expect(res.statusCode).toBe(400);
+        expect(body).toMatchObject({
+          errors: [
+            {
+              extensions: { code: 'BAD_USER_INPUT' },
+            },
+          ],
+        });
+      }
+    );
+
+    test.each(['2022-03-17T15:06:57.878Z'])('Can filter query with datetime: %s', async value => {
+      const res = await graphqlQuery({
+        query: /* GraphQL */ `
+          query posts($myDatetime: DateTime!) {
+            posts(filters: { myDatetime: { gt: $myDatetime } }) {
+              data {
+                attributes {
+                  myDatetime
+                }
+              }
+            }
+          }
+        `,
+        variables: {
+          myDatetime: value,
+        },
+      });
+
+      const { body } = res;
+
+      expect(res.statusCode).toBe(200);
+      expect(body).toEqual({
+        data: {
+          posts: {
+            data: [],
+          },
+        },
+      });
+    });
+  });
+});