Remove the From<Dispaly> trait for FieldError #469
Description
Is your feature request related to a problem? Please describe.
This may be a wild, breaking change, but I found it error-prone for FieldError to implement From<Display> trait.
According to the document, FieldError now implements From<Display> trait, which can transform anything implementing Display into FieldError. This is dangerous with the ? operator.
For example, I may have something like
impl Mutation {
fn some_mutation(context: &Ctx) -> Result<bool, FieldError> {
do_the_mutation()?; // Danger!!
// Something else...
Ok(true)
}
}
fn do_the_mutation() -> Result<(), SuperSecretError> {
// implementation
}where SuperSecretError implements Display trait, and contains some critical information I don't like users to know.
However, when i use the ? operator in some_mutaion function, rust will automatically transform SuperSecretError into FieldError, and send it to users. There WON'T be any compile error or warning. Such transformation simply relies on format! macro.
As a backend programmer, I implement the Display trait for better logging, not for web users. The leakage of information is counter-intuitive. Even if there's no critical information leakage, such transformation is not what a programmer would expect.
Describe the solution you'd like
Remove the From<Dispaly> trait for FieldError
Describe alternatives you've considered
Now in my own project, I use the trait IntoFieldError, and strictly forbid anyone to use the raw FieldError.
We can document the danger of FieldError + Display, so people can still take advantage of such transformation, while it is encouraged not to do so.