AC-1120: Turn off the input limit for RESTful endpoints by default and create a CLI command to turn them on

Author: nathanjosiah

app/code/Magento/GraphQl/etc/adminhtml/system.xml

@@ -9,19 +9,18 @@
 -->
 <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Config:etc/system_file.xsd">
     <system>
-        <section id="graphql" translate="label" type="text" sortOrder="103" showInDefault="1" showInWebsite="1" showInStore="1">
-            <label>Magento GraphQl</label>
-            <tab>service</tab>
-            <resource>Magento_GraphQl::config_graphql</resource>
-            <group id="validation" translate="label" type="text" sortOrder="10" showInDefault="1" showInWebsite="1" showInStore="1">
-                <label>Input Limits</label>
+        <section id="webapi">
+            <group id="graphql_validation" translate="label" type="text" sortOrder="10" showInDefault="1" showInWebsite="1" showInStore="1">
+                <label>GraphQl Input Limits</label>
                 <field id="input_limit_enabled" translate="label" type="select" sortOrder="5" showInDefault="1" showInWebsite="1" showInStore="1">
                     <source_model>Magento\Config\Model\Config\Source\Yesno</source_model>
                     <label>Enable Input Limits</label>
+                    <config_path>graphql/validation/input_limit_enabled</config_path>
                 </field>
                 <field id="maximum_page_size" translate="label comment" type="text" sortOrder="15" showInDefault="1" showInWebsite="1" showInStore="1">
                     <label>Maximum Page Size</label>
                     <comment>Maximum number of items allowed in a paginated search result.</comment>
+                    <config_path>graphql/validation/maximum_page_size</config_path>
                     <depends>
                         <field id="input_limit_enabled">1</field>
                     </depends>

app/code/Magento/Webapi/etc/adminhtml/system.xml

@@ -21,13 +21,13 @@
                 </field>
             </group>
             <group id="validation" translate="label" type="text" sortOrder="10" showInDefault="1" showInWebsite="1" showInStore="1">
-                <label>Input Limits</label>
+                <label>Web Api Input Limits</label>
                 <field id="input_limit_enabled" translate="label" type="select" sortOrder="5" showInDefault="1" showInWebsite="1" showInStore="1">
                     <source_model>Magento\Config\Model\Config\Source\Yesno</source_model>
                     <label>Enable Input Limits</label>
                 </field>
                 <field id="complex_array_limit" translate="label comment" type="text" sortOrder="10" showInDefault="1" showInWebsite="1" showInStore="1">
-                    <label>Complex Array Limit</label>
+                    <label>Input List Limit</label>
                     <comment>Maximum number of items allowed in an entity's array property.</comment>
                     <depends>
                         <field id="input_limit_enabled">1</field>

lib/internal/Magento/Framework/GraphQl/Query/Resolver/Argument/Validator/ConfigProvider.php renamed to lib/internal/Magento/Framework/GraphQl/Query/Resolver/Argument/Validator/IOLimit/IOLimitConfigProvider.php

@@ -6,15 +6,15 @@
 
 declare(strict_types=1);
 
-namespace Magento\Framework\GraphQl\Query\Resolver\Argument\Validator;
+namespace Magento\Framework\GraphQl\Query\Resolver\Argument\Validator\IOLimit;
 
 use Magento\Framework\App\Config\ScopeConfigInterface;
 use Magento\Store\Model\ScopeInterface;
 
 /**
  * Provides configuration related to the GraphQL input limit validation
  */
-class ConfigProvider
+class IOLimitConfigProvider
 {
     /**
      * Path to the configuration setting for if the input limiting is enabled
@@ -40,7 +40,7 @@ public function __construct(ScopeConfigInterface $scopeConfig)
     }
 
     /**
-     * @inheritDoc
+     * Get the stored configuration for if the input limiting is enabled
      */
     public function isInputLimitingEnabled(): bool
     {
@@ -51,7 +51,7 @@ public function isInputLimitingEnabled(): bool
     }
 
     /**
-     * @inheritDoc
+     * Get the stored configuration for the maximum page size
      */
     public function getMaximumPageSize(): ?int
     {

lib/internal/Magento/Framework/GraphQl/Query/Resolver/Argument/Validator/SearchCriteriaValidator.php

@@ -11,6 +11,7 @@
 use Magento\Framework\App\ObjectManager;
 use Magento\Framework\GraphQl\Config\Element\Field;
 use Magento\Framework\GraphQl\Exception\GraphQlInputException;
+use Magento\Framework\GraphQl\Query\Resolver\Argument\Validator\IOLimit\IOLimitConfigProvider;
 use Magento\Framework\GraphQl\Query\Resolver\Argument\ValidatorInterface;
 
 /**
@@ -24,19 +25,19 @@ class SearchCriteriaValidator implements ValidatorInterface
     private $maxPageSize;
 
     /**
-     * @var ConfigProvider|null
+     * @var IOLimitConfigProvider|null
      */
     private $configProvider;
 
     /**
      * @param int $maxPageSize
-     * @param ConfigProvider|null $configProvider
+     * @param IOLimitConfigProvider|null $configProvider
      */
-    public function __construct(int $maxPageSize, ?ConfigProvider $configProvider = null)
+    public function __construct(int $maxPageSize, ?IOLimitConfigProvider $configProvider = null)
     {
         $this->maxPageSize = $maxPageSize;
         $this->configProvider = $configProvider ?? ObjectManager::getInstance()
-            ->get(ConfigProvider::class);
+            ->get(IOLimitConfigProvider::class);
     }
 
     /**

lib/internal/Magento/Framework/GraphQl/Test/Unit/Query/Resolver/Argument/Validator/SearchCriteriaValidatorTest.php

@@ -10,7 +10,7 @@
 
 use Magento\Framework\GraphQl\Config\Element\Field;
 use Magento\Framework\GraphQl\Exception\GraphQlInputException;
-use Magento\Framework\GraphQl\Query\Resolver\Argument\Validator\ConfigProvider;
+use Magento\Framework\GraphQl\Query\Resolver\Argument\Validator\IOLimit\IOLimitConfigProvider;
 use Magento\Framework\GraphQl\Query\Resolver\Argument\Validator\SearchCriteriaValidator;
 use PHPUnit\Framework\MockObject\MockObject;
 use PHPUnit\Framework\TestCase;
@@ -21,7 +21,7 @@
 class SearchCriteriaValidatorTest extends TestCase
 {
     /**
-     * @var ConfigProvider|MockObject
+     * @var IOLimitConfigProvider|MockObject
      */
     private $configProvider;
 
@@ -32,7 +32,7 @@ class SearchCriteriaValidatorTest extends TestCase
 
     protected function setUp(): void
     {
-        $this->configProvider = self::getMockBuilder(ConfigProvider::class)
+        $this->configProvider = self::getMockBuilder(IOLimitConfigProvider::class)
             ->disableOriginalConstructor()
             ->getMock();
         $this->validator = new SearchCriteriaValidator(3, $this->configProvider);

lib/internal/Magento/Framework/Webapi/ServiceInputProcessor.php

@@ -24,7 +24,7 @@
 use Magento\Framework\Webapi\Exception as WebapiException;
 use Magento\Framework\Webapi\CustomAttribute\PreprocessorInterface;
 use Laminas\Code\Reflection\ClassReflection;
-use Magento\Framework\Webapi\InputLimit\DefaultPageSizeSetter;
+use Magento\Framework\Webapi\Validator\IOLimit\DefaultPageSizeSetter;
 use Magento\Framework\Webapi\Validator\ServiceInputValidatorInterface;
 
 /**

lib/internal/Magento/Framework/Webapi/Test/Unit/InputLimit/DefaultPageSizeSetterTest.php

@@ -9,8 +9,8 @@
 namespace Magento\Framework\Webapi\Test\Unit\InputLimit;
 
 use Magento\Framework\Api\Search\SearchCriteriaInterface;
-use Magento\Framework\Webapi\InputLimit\DefaultPageSizeSetter;
-use Magento\Framework\Webapi\Validator\ConfigProvider;
+use Magento\Framework\Webapi\Validator\IOLimit\DefaultPageSizeSetter;
+use Magento\Framework\Webapi\Validator\IOLimit\IOLimitConfigProvider;
 use PHPUnit\Framework\MockObject\MockObject;
 use PHPUnit\Framework\TestCase;
 
@@ -20,7 +20,7 @@
 class DefaultPageSizeSetterTest extends TestCase
 {
     /**
-     * @var ConfigProvider|MockObject
+     * @var IOLimitConfigProvider|MockObject
      */
     private $configProvider;
 
@@ -31,7 +31,7 @@ class DefaultPageSizeSetterTest extends TestCase
 
     protected function setUp(): void
     {
-        $this->configProvider = $this->getMockBuilder(ConfigProvider::class)
+        $this->configProvider = $this->getMockBuilder(IOLimitConfigProvider::class)
             ->disableOriginalConstructor()
             ->getMock();
         $this->setter = new DefaultPageSizeSetter($this->configProvider);

lib/internal/Magento/Framework/Webapi/Test/Unit/ServiceInputProcessorTest.php

@@ -20,9 +20,9 @@
 use Magento\Framework\Reflection\TypeProcessor;
 use Magento\Framework\Serialize\SerializerInterface;
 use Magento\Framework\TestFramework\Unit\Helper\ObjectManager;
-use Magento\Framework\Webapi\InputLimit\DefaultPageSizeSetter;
+use Magento\Framework\Webapi\Validator\IOLimit\DefaultPageSizeSetter;
 use Magento\Framework\Webapi\ServiceInputProcessor;
-use Magento\Framework\Webapi\Validator\ConfigProvider;
+use Magento\Framework\Webapi\Validator\IOLimit\IOLimitConfigProvider;
 use Magento\Framework\Webapi\Validator\EntityArrayValidator;
 use Magento\Framework\Webapi\ServiceTypeToEntityTypeMap;
 use Magento\Framework\Webapi\Test\Unit\ServiceInputProcessor\AssociativeArray;
@@ -74,7 +74,7 @@ class ServiceInputProcessorTest extends TestCase
     private $serviceTypeToEntityTypeMap;
 
     /**
-     * @var ConfigProvider|MockObject
+     * @var IOLimitConfigProvider|MockObject
      */
     private $inputLimitConfig;
 
@@ -163,7 +163,7 @@ function () use ($objectManager) {
             ->disableOriginalConstructor()
             ->getMock();
 
-        $this->inputLimitConfig = self::getMockBuilder(ConfigProvider::class)
+        $this->inputLimitConfig = self::getMockBuilder(IOLimitConfigProvider::class)
             ->disableOriginalConstructor()
             ->getMock();
 

lib/internal/Magento/Framework/Webapi/Test/Unit/Validator/EntityArrayValidatorTest.php

@@ -9,7 +9,7 @@
 namespace Magento\Framework\Webapi\Test\Unit\Validator;
 
 use Magento\Framework\Exception\InvalidArgumentException;
-use Magento\Framework\Webapi\Validator\ConfigProvider;
+use Magento\Framework\Webapi\Validator\IOLimit\IOLimitConfigProvider;
 use Magento\Framework\Webapi\Validator\EntityArrayValidator;
 use PHPUnit\Framework\MockObject\MockObject;
 use PHPUnit\Framework\TestCase;
@@ -20,7 +20,7 @@
 class EntityArrayValidatorTest extends TestCase
 {
     /**
-     * @var ConfigProvider|MockObject
+     * @var IOLimitConfigProvider|MockObject
      */
     private $config;
 
@@ -31,7 +31,7 @@ class EntityArrayValidatorTest extends TestCase
 
     protected function setUp(): void
     {
-        $this->config = self::getMockBuilder(ConfigProvider::class)
+        $this->config = self::getMockBuilder(IOLimitConfigProvider::class)
             ->disableOriginalConstructor()
             ->getMock();
         $this->validator = new EntityArrayValidator(3, $this->config);

lib/internal/Magento/Framework/Webapi/Test/Unit/Validator/SearchCriteriaValidatorTest.php

@@ -10,7 +10,7 @@
 
 use Magento\Framework\Api\SearchCriteria;
 use Magento\Framework\Exception\InvalidArgumentException;
-use Magento\Framework\Webapi\Validator\ConfigProvider;
+use Magento\Framework\Webapi\Validator\IOLimit\IOLimitConfigProvider;
 use Magento\Framework\Webapi\Validator\SearchCriteriaValidator;
 use PHPUnit\Framework\MockObject\MockObject;
 use PHPUnit\Framework\TestCase;
@@ -21,7 +21,7 @@
 class SearchCriteriaValidatorTest extends TestCase
 {
     /**
-     * @var ConfigProvider|MockObject
+     * @var IOLimitConfigProvider|MockObject
      */
     private $config;
 
@@ -32,7 +32,7 @@ class SearchCriteriaValidatorTest extends TestCase
 
     protected function setUp(): void
     {
-        $this->config = self::getMockBuilder(ConfigProvider::class)
+        $this->config = self::getMockBuilder(IOLimitConfigProvider::class)
             ->disableOriginalConstructor()
             ->getMock();
         $this->validator = new SearchCriteriaValidator(3, $this->config);