Added Tests to "user_management.spec.js"

Implemented suppression of "publicKey", now commented out for testing approach. Use port 4001 for querying, but forgot that I have to generate the user on the same port, before I can query it with generated "publicKey". Do this in next commit.
2026-01-16 18:01:28 +00:00 · 2019-04-05 17:44:43 +02:00 · 2019-04-05 17:44:43 +02:00 · 8713f61734
commit 8713f61734
parent c3b320380a
4 changed files with 96 additions and 5 deletions
--- a/backend/src/jest/helpers.js
+++ b/backend/src/jest/helpers.js
@ -4,12 +4,12 @@ import { request } from 'graphql-request'
 // not to be confused with the seeder host
 export const host = 'http://127.0.0.1:4123'

-export async function login ({ email, password }) {
+export async function login ({ email, password }, hostParam = host) {
  const mutation = `
      mutation {
        login(email:"${email}", password:"${password}")
      }`
-  const response = await request(host, mutation)
+  const response = await request(hostParam, mutation)
  return {
    authorization: `Bearer ${response.login}`
  }
--- a/backend/src/middleware/passwordMiddleware.js
+++ b/backend/src/middleware/passwordMiddleware.js
@ -12,8 +12,9 @@ export default {
  },
  Query: async (resolve, root, args, context, info) => {
    const result = await resolve(root, args, context, info)
-    return walkRecursive(result, ['password'], () => {
-      // replace password with asterisk
+    // eslint-disable-next-line spaced-comment
+    return walkRecursive(result, ['password'/*, 'privateKey'*/], () => {
+      // replace "password" and "privatKey" with asterisk
      return '*****'
    })
  }
--- a/backend/src/middleware/permissionsMiddleware.js
+++ b/backend/src/middleware/permissionsMiddleware.js
@ -75,6 +75,7 @@ const permissions = shield({
  User: {
    email: isMyOwn,
    password: isMyOwn
+    // privateKey: isMyOwn
  }
 })

--- a/backend/src/resolvers/user_management.spec.js
+++ b/backend/src/resolvers/user_management.spec.js
@ -254,7 +254,7 @@ describe('change password', () => {
  }

  describe('should be authenticated before changing password', () => {
-    it('throws not "Not Authorised!', async () => {
+    it('throws not "Not Authorised!"', async () => {
      await expect(
        request(
          host,
@ -309,3 +309,92 @@ describe('change password', () => {
    })
  })
 })
+
+describe('don\'t expose private RSA key', () => {
+  const queryUser = params => {
+    const { queriedUserSlug } = params
+    return `
+      {
+        User(slug:"${queriedUserSlug}") {
+          id
+          privateKey
+        }
+      }`
+  }
+
+  // describe('unauthenticated query of "privateKey"', () => {
+  //   it('throws "Not Authorised!"', async () => {
+  //     const host = 'http://127.0.0.1:4001' // To have a "privateKey" generated.
+  //     let client
+  //     client = new GraphQLClient(host)
+  //     await expect(
+  //       client.request(queryUser({ queriedUserSlug: 'matilde-hermiston' }))
+  //     ).rejects.toThrow('Not Authorised')
+  //   })
+  // })
+
+  describe('authenticated query of "privateKey"', () => {
+    it('gives "null" as return', async () => {
+      const hostPrivateKey = 'http://127.0.0.1:4001' // To have a "privateKey" generated.
+      // const hostPrivateKey = 'http://127.0.0.1:4123'
+      let client
+      const headers = await login({ email: 'test@example.org', password: '1234' }, hostPrivateKey)
+      client = new GraphQLClient(hostPrivateKey, { headers })
+
+      let response = await client.request(
+        queryUser({ queriedUserSlug: 'matilde-hermiston' })
+      )
+      await expect(
+        response
+      ).toEqual({
+        User: [{
+          id: 'acb2d923-f3af-479e-9f00-61b12e864666',
+          privateKey: 'XXX'
+          // privateKey: null
+        }]
+      })
+    })
+  })
+
+  // describe('old and new password should not match', () => {
+  //   it('responds with "Old password and new password should be different"', async () => {
+  //     await expect(
+  //       client.request(
+  //         mutation({
+  //           oldPassword: '1234',
+  //           newPassword: '1234'
+  //         })
+  //       )
+  //     ).rejects.toThrow('Old password and new password should be different')
+  //   })
+  // })
+
+  // describe('incorrect old password', () => {
+  //   it('responds with "Old password isn\'t valid"', async () => {
+  //     await expect(
+  //       client.request(
+  //         mutation({
+  //           oldPassword: 'notOldPassword',
+  //           newPassword: '12345'
+  //         })
+  //       )
+  //     ).rejects.toThrow('Old password is not correct')
+  //   })
+  // })
+
+  // describe('correct password', () => {
+  //   it('changes the password if given correct credentials "', async () => {
+  //     let response = await client.request(
+  //       mutation({
+  //         oldPassword: '1234',
+  //         newPassword: '12345'
+  //       })
+  //     )
+  //     await expect(
+  //       response
+  //     ).toEqual(expect.objectContaining({
+  //       changePassword: expect.any(String)
+  //     }))
+  //   })
+  // })
+})