From 22b521b93db3d20a190e2715688887f6228a93cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wolfgang=20Hu=C3=9F?= Date: Mon, 11 Mar 2019 17:02:31 +0100 Subject: [PATCH 1/2] Deleted a line in graphql.schema --- src/schema.graphql | 1 - 1 file changed, 1 deletion(-) diff --git a/src/schema.graphql b/src/schema.graphql index a542e1229..06a53afba 100644 --- a/src/schema.graphql +++ b/src/schema.graphql @@ -26,7 +26,6 @@ type Mutation { DELETE r RETURN COUNT(r) > 0 """) - "Follow the given Type and ID" follow(id: ID!, type: FollowTypeEnum): Boolean! @cypher(statement: """ MATCH (n {id: $id}), (u:User {id: $cypherParams.currentUserId}) From 460f94ea3f37929e27398abe9c65487a75851b2a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wolfgang=20Hu=C3=9F?= Date: Wed, 13 Mar 2019 14:32:15 +0100 Subject: [PATCH 2/2] Add unauthenticated test to follow and shout close #234 --- src/middleware/permissionsMiddleware.js | 5 +- src/resolvers/follow.spec.js | 86 +++++++++++------ src/resolvers/shout.spec.js | 121 ++++++++++++++---------- 3 files changed, 132 insertions(+), 80 deletions(-) diff --git a/src/middleware/permissionsMiddleware.js b/src/middleware/permissionsMiddleware.js index 7fb6e75b8..08feb1e5e 100644 --- a/src/middleware/permissionsMiddleware.js +++ b/src/middleware/permissionsMiddleware.js @@ -56,10 +56,13 @@ const permissions = shield({ CreateBadge: isAdmin, UpdateBadge: isAdmin, DeleteBadge: isAdmin, + follow: isAuthenticated, + unfollow: isAuthenticated, + shout: isAuthenticated, + unshout: isAuthenticated, enable: isModerator, disable: isModerator - // addFruitToBasket: isAuthenticated // CreateUser: allow, }, User: { diff --git a/src/resolvers/follow.spec.js b/src/resolvers/follow.spec.js index 3c16560e5..081e49081 100644 --- a/src/resolvers/follow.spec.js +++ b/src/resolvers/follow.spec.js @@ -4,6 +4,7 @@ import { host, login } from '../jest/helpers' const factory = Factory() let clientUser1 +let headersUser1 const mutationFollowUser = (id) => ` mutation { @@ -27,18 +28,25 @@ beforeEach(async () => { email: 'test2@example.org', password: '1234' }) + + headersUser1 = await login({ email: 'test@example.org', password: '1234' }) + clientUser1 = new GraphQLClient(host, { headers: headersUser1 }) }) afterEach(async () => { await factory.cleanDatabase() }) -describe('follow ', () => { - describe('(un)follow user', () => { - let headersUser1 - beforeEach(async () => { - headersUser1 = await login({ email: 'test@example.org', password: '1234' }) - clientUser1 = new GraphQLClient(host, { headers: headersUser1 }) +describe('follow', () => { + describe('follow user', () => { + describe('unauthenticated follow', () => { + it('throws authorization error', async () => { + let client + client = new GraphQLClient(host) + await expect( + client.request(mutationFollowUser('u2')) + ).rejects.toThrow('Not Authorised') + }) }) it('I can follow another user', async () => { @@ -65,31 +73,6 @@ describe('follow ', () => { expect(User[0]).toMatchObject(expected2) }) - it('I can unfollow a user', async () => { - // follow - await clientUser1.request( - mutationFollowUser('u2') - ) - const expected = { - unfollow: true - } - // unfollow - const res = await clientUser1.request(mutationUnfollowUser('u2')) - expect(res).toMatchObject(expected) - - const { User } = await clientUser1.request(`{ - User(id: "u2") { - followedBy { id } - followedByCurrentUser - } - }`) - const expected2 = { - followedBy: [], - followedByCurrentUser: false - } - expect(User[0]).toMatchObject(expected2) - }) - it('I can`t follow myself', async () => { const res = await clientUser1.request( mutationFollowUser('u1') @@ -112,4 +95,45 @@ describe('follow ', () => { expect(User[0]).toMatchObject(expected2) }) }) + describe('unfollow user', () => { + describe('unauthenticated follow', () => { + it('throws authorization error', async () => { + // follow + await clientUser1.request( + mutationFollowUser('u2') + ) + // unfollow + let client + client = new GraphQLClient(host) + await expect( + client.request(mutationUnfollowUser('u2')) + ).rejects.toThrow('Not Authorised') + }) + }) + + it('I can unfollow a user', async () => { + // follow + await clientUser1.request( + mutationFollowUser('u2') + ) + // unfollow + const expected = { + unfollow: true + } + const res = await clientUser1.request(mutationUnfollowUser('u2')) + expect(res).toMatchObject(expected) + + const { User } = await clientUser1.request(`{ + User(id: "u2") { + followedBy { id } + followedByCurrentUser + } + }`) + const expected2 = { + followedBy: [], + followedByCurrentUser: false + } + expect(User[0]).toMatchObject(expected2) + }) + }) }) diff --git a/src/resolvers/shout.spec.js b/src/resolvers/shout.spec.js index 490191c7a..88866a74f 100644 --- a/src/resolvers/shout.spec.js +++ b/src/resolvers/shout.spec.js @@ -4,6 +4,7 @@ import { host, login } from '../jest/helpers' const factory = Factory() let clientUser1, clientUser2 +let headersUser1, headersUser2 const mutationShoutPost = (id) => ` mutation { @@ -27,37 +28,44 @@ beforeEach(async () => { email: 'test2@example.org', password: '1234' }) + + headersUser1 = await login({ email: 'test@example.org', password: '1234' }) + headersUser2 = await login({ email: 'test2@example.org', password: '1234' }) + clientUser1 = new GraphQLClient(host, { headers: headersUser1 }) + clientUser2 = new GraphQLClient(host, { headers: headersUser2 }) + + await clientUser1.request(` + mutation { + CreatePost(id: "p1", title: "Post Title 1", content: "Some Post Content 1") { + id + title + } + } + `) + await clientUser2.request(` + mutation { + CreatePost(id: "p2", title: "Post Title 2", content: "Some Post Content 2") { + id + title + } + } + `) }) afterEach(async () => { await factory.cleanDatabase() }) -describe('shout ', () => { - describe('(un)shout foreign post', () => { - let headersUser1, headersUser2 - beforeEach(async () => { - headersUser1 = await login({ email: 'test@example.org', password: '1234' }) - headersUser2 = await login({ email: 'test2@example.org', password: '1234' }) - clientUser1 = new GraphQLClient(host, { headers: headersUser1 }) - clientUser2 = new GraphQLClient(host, { headers: headersUser2 }) - - await clientUser1.request(` - mutation { - CreatePost(id: "p1", title: "Post Title 1", content: "Some Post Content 1") { - id - title - } - } - `) - await clientUser2.request(` - mutation { - CreatePost(id: "p2", title: "Post Title 2", content: "Some Post Content 2") { - id - title - } - } - `) +describe('shout', () => { + describe('shout foreign post', () => { + describe('unauthenticated shout', () => { + it('throws authorization error', async () => { + let client + client = new GraphQLClient(host) + await expect( + client.request(mutationShoutPost('p1')) + ).rejects.toThrow('Not Authorised') + }) }) it('I shout a post of another user', async () => { @@ -80,29 +88,6 @@ describe('shout ', () => { expect(Post[0]).toMatchObject(expected2) }) - it('I unshout a post of another user', async () => { - // shout - await clientUser1.request( - mutationShoutPost('p2') - ) - const expected = { - unshout: true - } - // unshout - const res = await clientUser1.request(mutationUnshoutPost('p2')) - expect(res).toMatchObject(expected) - - const { Post } = await clientUser1.request(`{ - Post(id: "p2") { - shoutedByCurrentUser - } - }`) - const expected2 = { - shoutedByCurrentUser: false - } - expect(Post[0]).toMatchObject(expected2) - }) - it('I can`t shout my own post', async () => { const res = await clientUser1.request( mutationShoutPost('p1') @@ -123,4 +108,44 @@ describe('shout ', () => { expect(Post[0]).toMatchObject(expected2) }) }) + + describe('unshout foreign post', () => { + describe('unauthenticated shout', () => { + it('throws authorization error', async () => { + // shout + await clientUser1.request( + mutationShoutPost('p2') + ) + // unshout + let client + client = new GraphQLClient(host) + await expect( + client.request(mutationUnshoutPost('p2')) + ).rejects.toThrow('Not Authorised') + }) + }) + + it('I unshout a post of another user', async () => { + // shout + await clientUser1.request( + mutationShoutPost('p2') + ) + const expected = { + unshout: true + } + // unshout + const res = await clientUser1.request(mutationUnshoutPost('p2')) + expect(res).toMatchObject(expected) + + const { Post } = await clientUser1.request(`{ + Post(id: "p2") { + shoutedByCurrentUser + } + }`) + const expected2 = { + shoutedByCurrentUser: false + } + expect(Post[0]).toMatchObject(expected2) + }) + }) })