From 8713f617340663ba9a553cfd251061de3d844160 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wolfgang=20Hu=C3=9F?= Date: Fri, 5 Apr 2019 17:44:43 +0200 Subject: [PATCH] Added Tests to "user_management.spec.js" Implemented suppression of "publicKey", now commented out for testing approach. Use port 4001 for querying, but forgot that I have to generate the user on the same port, before I can query it with generated "publicKey". Do this in next commit. --- backend/src/jest/helpers.js | 4 +- backend/src/middleware/passwordMiddleware.js | 5 +- .../src/middleware/permissionsMiddleware.js | 1 + backend/src/resolvers/user_management.spec.js | 91 ++++++++++++++++++- 4 files changed, 96 insertions(+), 5 deletions(-) diff --git a/backend/src/jest/helpers.js b/backend/src/jest/helpers.js index 0d358ed40..4b62a6cc8 100644 --- a/backend/src/jest/helpers.js +++ b/backend/src/jest/helpers.js @@ -4,12 +4,12 @@ import { request } from 'graphql-request' // not to be confused with the seeder host export const host = 'http://127.0.0.1:4123' -export async function login ({ email, password }) { +export async function login ({ email, password }, hostParam = host) { const mutation = ` mutation { login(email:"${email}", password:"${password}") }` - const response = await request(host, mutation) + const response = await request(hostParam, mutation) return { authorization: `Bearer ${response.login}` } diff --git a/backend/src/middleware/passwordMiddleware.js b/backend/src/middleware/passwordMiddleware.js index 0aff222c8..18cdfcf6c 100644 --- a/backend/src/middleware/passwordMiddleware.js +++ b/backend/src/middleware/passwordMiddleware.js @@ -12,8 +12,9 @@ export default { }, Query: async (resolve, root, args, context, info) => { const result = await resolve(root, args, context, info) - return walkRecursive(result, ['password'], () => { - // replace password with asterisk + // eslint-disable-next-line spaced-comment + return walkRecursive(result, ['password'/*, 'privateKey'*/], () => { + // replace "password" and "privatKey" with asterisk return '*****' }) } diff --git a/backend/src/middleware/permissionsMiddleware.js b/backend/src/middleware/permissionsMiddleware.js index 495bc9145..8cf3b2f8e 100644 --- a/backend/src/middleware/permissionsMiddleware.js +++ b/backend/src/middleware/permissionsMiddleware.js @@ -75,6 +75,7 @@ const permissions = shield({ User: { email: isMyOwn, password: isMyOwn + // privateKey: isMyOwn } }) diff --git a/backend/src/resolvers/user_management.spec.js b/backend/src/resolvers/user_management.spec.js index 1c21adac1..2098a64de 100644 --- a/backend/src/resolvers/user_management.spec.js +++ b/backend/src/resolvers/user_management.spec.js @@ -254,7 +254,7 @@ describe('change password', () => { } describe('should be authenticated before changing password', () => { - it('throws not "Not Authorised!', async () => { + it('throws not "Not Authorised!"', async () => { await expect( request( host, @@ -309,3 +309,92 @@ describe('change password', () => { }) }) }) + +describe('don\'t expose private RSA key', () => { + const queryUser = params => { + const { queriedUserSlug } = params + return ` + { + User(slug:"${queriedUserSlug}") { + id + privateKey + } + }` + } + + // describe('unauthenticated query of "privateKey"', () => { + // it('throws "Not Authorised!"', async () => { + // const host = 'http://127.0.0.1:4001' // To have a "privateKey" generated. + // let client + // client = new GraphQLClient(host) + // await expect( + // client.request(queryUser({ queriedUserSlug: 'matilde-hermiston' })) + // ).rejects.toThrow('Not Authorised') + // }) + // }) + + describe('authenticated query of "privateKey"', () => { + it('gives "null" as return', async () => { + const hostPrivateKey = 'http://127.0.0.1:4001' // To have a "privateKey" generated. + // const hostPrivateKey = 'http://127.0.0.1:4123' + let client + const headers = await login({ email: 'test@example.org', password: '1234' }, hostPrivateKey) + client = new GraphQLClient(hostPrivateKey, { headers }) + + let response = await client.request( + queryUser({ queriedUserSlug: 'matilde-hermiston' }) + ) + await expect( + response + ).toEqual({ + User: [{ + id: 'acb2d923-f3af-479e-9f00-61b12e864666', + privateKey: 'XXX' + // privateKey: null + }] + }) + }) + }) + + // describe('old and new password should not match', () => { + // it('responds with "Old password and new password should be different"', async () => { + // await expect( + // client.request( + // mutation({ + // oldPassword: '1234', + // newPassword: '1234' + // }) + // ) + // ).rejects.toThrow('Old password and new password should be different') + // }) + // }) + + // describe('incorrect old password', () => { + // it('responds with "Old password isn\'t valid"', async () => { + // await expect( + // client.request( + // mutation({ + // oldPassword: 'notOldPassword', + // newPassword: '12345' + // }) + // ) + // ).rejects.toThrow('Old password is not correct') + // }) + // }) + + // describe('correct password', () => { + // it('changes the password if given correct credentials "', async () => { + // let response = await client.request( + // mutation({ + // oldPassword: '1234', + // newPassword: '12345' + // }) + // ) + // await expect( + // response + // ).toEqual(expect.objectContaining({ + // changePassword: expect.any(String) + // })) + // }) + // }) +})