Merge pull request #235 from Human-Connection/234-test-follow-and-shout-unauthenticated

Add unauthenticated test to follow and shout
2025-12-13 07:45:56 +00:00 · 2019-03-13 16:20:51 +01:00 · 2019-03-13 16:20:51 +01:00 · 5308c3bff2
commit 5308c3bff2
parent 0dce83b55f 460f94ea3f
4 changed files with 132 additions and 81 deletions
--- a/src/middleware/permissionsMiddleware.js
+++ b/src/middleware/permissionsMiddleware.js
@ -56,10 +56,13 @@ const permissions = shield({
    CreateBadge: isAdmin,
    UpdateBadge: isAdmin,
    DeleteBadge: isAdmin,
+    follow: isAuthenticated,
+    unfollow: isAuthenticated,
+    shout: isAuthenticated,
+    unshout: isAuthenticated,

    enable: isModerator,
    disable: isModerator
-    // addFruitToBasket: isAuthenticated
    // CreateUser: allow,
  },
  User: {
--- a/src/resolvers/follow.spec.js
+++ b/src/resolvers/follow.spec.js
@ -4,6 +4,7 @@ import { host, login } from '../jest/helpers'

 const factory = Factory()
 let clientUser1
+let headersUser1

 const mutationFollowUser = (id) => `
  mutation {
@ -27,18 +28,25 @@ beforeEach(async () => {
    email: 'test2@example.org',
    password: '1234'
  })
+
+  headersUser1 = await login({ email: 'test@example.org', password: '1234' })
+  clientUser1 = new GraphQLClient(host, { headers: headersUser1 })
 })

 afterEach(async () => {
  await factory.cleanDatabase()
 })

-describe('follow ', () => {
-  describe('(un)follow user', () => {
-    let headersUser1
-    beforeEach(async () => {
-      headersUser1 = await login({ email: 'test@example.org', password: '1234' })
-      clientUser1 = new GraphQLClient(host, { headers: headersUser1 })
+describe('follow', () => {
+  describe('follow user', () => {
+    describe('unauthenticated follow', () => {
+      it('throws authorization error', async () => {
+        let client
+        client = new GraphQLClient(host)
+        await expect(
+          client.request(mutationFollowUser('u2'))
+        ).rejects.toThrow('Not Authorised')
+      })
    })

    it('I can follow another user', async () => {
@ -65,31 +73,6 @@ describe('follow ', () => {
      expect(User[0]).toMatchObject(expected2)
    })

-    it('I can unfollow a user', async () => {
-      // follow
-      await clientUser1.request(
-        mutationFollowUser('u2')
-      )
-      const expected = {
-        unfollow: true
-      }
-      // unfollow
-      const res = await clientUser1.request(mutationUnfollowUser('u2'))
-      expect(res).toMatchObject(expected)
-
-      const { User } = await clientUser1.request(`{
-        User(id: "u2") {
-          followedBy { id }
-          followedByCurrentUser
-        }
-      }`)
-      const expected2 = {
-        followedBy: [],
-        followedByCurrentUser: false
-      }
-      expect(User[0]).toMatchObject(expected2)
-    })
-
    it('I can`t follow myself', async () => {
      const res = await clientUser1.request(
        mutationFollowUser('u1')
@ -112,4 +95,45 @@ describe('follow ', () => {
      expect(User[0]).toMatchObject(expected2)
    })
  })
+  describe('unfollow user', () => {
+    describe('unauthenticated follow', () => {
+      it('throws authorization error', async () => {
+        // follow
+        await clientUser1.request(
+          mutationFollowUser('u2')
+        )
+        // unfollow
+        let client
+        client = new GraphQLClient(host)
+        await expect(
+          client.request(mutationUnfollowUser('u2'))
+        ).rejects.toThrow('Not Authorised')
+      })
+    })
+
+    it('I can unfollow a user', async () => {
+      // follow
+      await clientUser1.request(
+        mutationFollowUser('u2')
+      )
+      // unfollow
+      const expected = {
+        unfollow: true
+      }
+      const res = await clientUser1.request(mutationUnfollowUser('u2'))
+      expect(res).toMatchObject(expected)
+
+      const { User } = await clientUser1.request(`{
+        User(id: "u2") {
+          followedBy { id }
+          followedByCurrentUser
+        }
+      }`)
+      const expected2 = {
+        followedBy: [],
+        followedByCurrentUser: false
+      }
+      expect(User[0]).toMatchObject(expected2)
+    })
+  })
 })
--- a/src/resolvers/shout.spec.js
+++ b/src/resolvers/shout.spec.js
@ -4,6 +4,7 @@ import { host, login } from '../jest/helpers'

 const factory = Factory()
 let clientUser1, clientUser2
+let headersUser1, headersUser2

 const mutationShoutPost = (id) => `
  mutation {
@ -27,37 +28,44 @@ beforeEach(async () => {
    email: 'test2@example.org',
    password: '1234'
  })
+
+  headersUser1 = await login({ email: 'test@example.org', password: '1234' })
+  headersUser2 = await login({ email: 'test2@example.org', password: '1234' })
+  clientUser1 = new GraphQLClient(host, { headers: headersUser1 })
+  clientUser2 = new GraphQLClient(host, { headers: headersUser2 })
+
+  await clientUser1.request(`
+    mutation {
+      CreatePost(id: "p1", title: "Post Title 1", content: "Some Post Content 1") {
+        id
+        title
+      }
+    }
+  `)
+  await clientUser2.request(`
+  mutation {
+      CreatePost(id: "p2", title: "Post Title 2", content: "Some Post Content 2") {
+        id
+        title
+      }
+    }
+  `)
 })

 afterEach(async () => {
  await factory.cleanDatabase()
 })

-describe('shout ', () => {
-  describe('(un)shout foreign post', () => {
-    let headersUser1, headersUser2
-    beforeEach(async () => {
-      headersUser1 = await login({ email: 'test@example.org', password: '1234' })
-      headersUser2 = await login({ email: 'test2@example.org', password: '1234' })
-      clientUser1 = new GraphQLClient(host, { headers: headersUser1 })
-      clientUser2 = new GraphQLClient(host, { headers: headersUser2 })
-
-      await clientUser1.request(`
-        mutation {
-          CreatePost(id: "p1", title: "Post Title 1", content: "Some Post Content 1") {
-            id
-            title
-          }
-        }
-      `)
-      await clientUser2.request(`
-        mutation {
-          CreatePost(id: "p2", title: "Post Title 2", content: "Some Post Content 2") {
-            id
-            title
-          }
-        }
-      `)
+describe('shout', () => {
+  describe('shout foreign post', () => {
+    describe('unauthenticated shout', () => {
+      it('throws authorization error', async () => {
+        let client
+        client = new GraphQLClient(host)
+        await expect(
+          client.request(mutationShoutPost('p1'))
+        ).rejects.toThrow('Not Authorised')
+      })
    })

    it('I shout a post of another user', async () => {
@ -80,29 +88,6 @@ describe('shout ', () => {
      expect(Post[0]).toMatchObject(expected2)
    })

-    it('I unshout a post of another user', async () => {
-      // shout
-      await clientUser1.request(
-        mutationShoutPost('p2')
-      )
-      const expected = {
-        unshout: true
-      }
-      // unshout
-      const res = await clientUser1.request(mutationUnshoutPost('p2'))
-      expect(res).toMatchObject(expected)
-
-      const { Post } = await clientUser1.request(`{
-        Post(id: "p2") {
-          shoutedByCurrentUser
-        }
-      }`)
-      const expected2 = {
-        shoutedByCurrentUser: false
-      }
-      expect(Post[0]).toMatchObject(expected2)
-    })
-
    it('I can`t shout my own post', async () => {
      const res = await clientUser1.request(
        mutationShoutPost('p1')
@ -123,4 +108,44 @@ describe('shout ', () => {
      expect(Post[0]).toMatchObject(expected2)
    })
  })
+
+  describe('unshout foreign post', () => {
+    describe('unauthenticated shout', () => {
+      it('throws authorization error', async () => {
+        // shout
+        await clientUser1.request(
+          mutationShoutPost('p2')
+        )
+        // unshout
+        let client
+        client = new GraphQLClient(host)
+        await expect(
+          client.request(mutationUnshoutPost('p2'))
+        ).rejects.toThrow('Not Authorised')
+      })
+    })
+
+    it('I unshout a post of another user', async () => {
+      // shout
+      await clientUser1.request(
+        mutationShoutPost('p2')
+      )
+      const expected = {
+        unshout: true
+      }
+      // unshout
+      const res = await clientUser1.request(mutationUnshoutPost('p2'))
+      expect(res).toMatchObject(expected)
+
+      const { Post } = await clientUser1.request(`{
+        Post(id: "p2") {
+          shoutedByCurrentUser
+        }
+      }`)
+      const expected2 = {
+        shoutedByCurrentUser: false
+      }
+      expect(Post[0]).toMatchObject(expected2)
+    })
+  })
 })
--- a/src/schema.graphql
+++ b/src/schema.graphql
@ -38,7 +38,6 @@ type Mutation {
    DELETE r
    RETURN COUNT(r) > 0
  """)
-
  "Follow the given Type and ID"
  follow(id: ID!, type: FollowTypeEnum): Boolean! @cypher(statement: """
    MATCH (n {id: $id}), (u:User {id: $cypherParams.currentUserId})