mirror of
https://github.com/IT4Change/Ocelot-Social.git
synced 2025-12-13 07:45:56 +00:00
Query of users "publicKey" 'throws "Not Authorised!"'
Changes password and permission middleware. Thanks for your big help @roschaefer !
This commit is contained in:
Wolfgang Huß
parent
6794156c86
commit
95a0567e69
@ -4,12 +4,12 @@ import { request } from 'graphql-request'
|
|||||||
// not to be confused with the seeder host
|
// not to be confused with the seeder host
|
||||||
export const host = 'http://127.0.0.1:4123'
|
export const host = 'http://127.0.0.1:4123'
|
||||||
|
|
||||||
export async function login ({ email, password }, hostParam = host) {
|
export async function login ({ email, password }) {
|
||||||
const mutation = `
|
const mutation = `
|
||||||
mutation {
|
mutation {
|
||||||
login(email:"${email}", password:"${password}")
|
login(email:"${email}", password:"${password}")
|
||||||
}`
|
}`
|
||||||
const response = await request(hostParam, mutation)
|
const response = await request(host, mutation)
|
||||||
return {
|
return {
|
||||||
authorization: `Bearer ${response.login}`
|
authorization: `Bearer ${response.login}`
|
||||||
}
|
}
|
||||||
|
|||||||
@ -12,14 +12,10 @@ export default {
|
|||||||
},
|
},
|
||||||
Query: async (resolve, root, args, context, info) => {
|
Query: async (resolve, root, args, context, info) => {
|
||||||
let result = await resolve(root, args, context, info)
|
let result = await resolve(root, args, context, info)
|
||||||
result = walkRecursive(result, ['password'], () => {
|
result = walkRecursive(result, ['password', 'privatKey'], () => {
|
||||||
// replace password with asterisk
|
// replace password with asterisk
|
||||||
return '*****'
|
return '*****'
|
||||||
})
|
})
|
||||||
// result = walkRecursive(result, ['privateKey'], () => {
|
|
||||||
// // replace password with asterisk
|
|
||||||
// return '*****'
|
|
||||||
// })
|
|
||||||
return result
|
return result
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -90,8 +90,8 @@ const permissions = shield({
|
|||||||
},
|
},
|
||||||
User: {
|
User: {
|
||||||
email: isMyOwn,
|
email: isMyOwn,
|
||||||
password: isMyOwn
|
password: isMyOwn,
|
||||||
// privateKey: isMyOwn
|
privateKey: isMyOwn
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
|
|||||||
@ -311,108 +311,57 @@ describe('change password', () => {
|
|||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
describe('don\'t expose private RSA key', () => {
|
describe('do not expose private RSA key', () => {
|
||||||
const queryUser = params => {
|
let client
|
||||||
const { queriedUserSlug } = params
|
|
||||||
|
const queryUser = () => {
|
||||||
return gql`
|
return gql`
|
||||||
{
|
query($queriedUserSlug: String) {
|
||||||
User(slug:"${queriedUserSlug}") {
|
User(slug: $queriedUserSlug) {
|
||||||
id
|
id
|
||||||
privateKey
|
privateKey
|
||||||
}
|
}
|
||||||
}`
|
}`
|
||||||
}
|
}
|
||||||
|
|
||||||
// describe('unauthenticated query of "privateKey"', () => {
|
const action = async () => {
|
||||||
// it('throws "Not Authorised!"', async () => {
|
// Generate user with "privateKey" via 'CreateUser' mutation instead of using the factories "factory.create('User', {...})", see above.
|
||||||
// const host = 'http://127.0.0.1:4001' // To have a "privateKey" generated.
|
const variables = {
|
||||||
// let client
|
id: 'bcb2d923-f3af-479e-9f00-61b12e864667',
|
||||||
// client = new GraphQLClient(host)
|
password: 'xYz',
|
||||||
// await expect(
|
slug: 'apfel-strudel',
|
||||||
// client.request(queryUser({ queriedUserSlug: 'matilde-hermiston' }))
|
name: 'Apfel Strudel',
|
||||||
// ).rejects.toThrow('Not Authorised')
|
email: 'apfel-strudel@test.org'
|
||||||
// })
|
}
|
||||||
// })
|
|
||||||
|
|
||||||
describe('authenticated query of "privateKey"', () => {
|
|
||||||
it('gives "null" as return', async () => {
|
|
||||||
const hostPrivateKey = 'http://127.0.0.1:4001' // To have a "privateKey" generated.
|
|
||||||
// const hostPrivateKey = 'http://127.0.0.1:4123'
|
|
||||||
let client
|
|
||||||
|
|
||||||
// logged out
|
|
||||||
client = new GraphQLClient(hostPrivateKey)
|
|
||||||
// Generate user with "privateKey".
|
|
||||||
const id = 'bcb2d923-f3af-479e-9f00-61b12e864667'
|
|
||||||
const name = 'Apfel Strudel'
|
|
||||||
const slug = 'apfel-strudel'
|
|
||||||
const password = 'xYz'
|
|
||||||
await client.request(gql`
|
await client.request(gql`
|
||||||
mutation {
|
mutation($id: ID, $password: String!, $slug: String, $name: String, $email: String) {
|
||||||
CreateUser(id: "${id}", password: "${password}", slug:"${slug}", name: "${name}", email: "${slug}@test.org") {
|
CreateUser(id: $id, password: $password, slug: $slug, name: $name, email: $email) {
|
||||||
id
|
id
|
||||||
}
|
}
|
||||||
}`
|
}`, variables
|
||||||
)
|
)
|
||||||
|
}
|
||||||
|
|
||||||
// logged in
|
describe('unauthenticated query of "privateKey"', () => {
|
||||||
const headers = await login({ email: 'test@example.org', password: '1234' }, hostPrivateKey)
|
it('throws "Not Authorised!"', async () => {
|
||||||
client = new GraphQLClient(hostPrivateKey, { headers })
|
client = new GraphQLClient(host)
|
||||||
|
|
||||||
let response = await client.request(
|
await action()
|
||||||
queryUser({ queriedUserSlug: 'apfel-strudel' })
|
|
||||||
)
|
|
||||||
await expect(
|
await expect(
|
||||||
response
|
client.request(queryUser(), { queriedUserSlug: 'apfel-strudel' })
|
||||||
).toEqual({
|
).rejects.toThrow('Not Authorised')
|
||||||
User: [{
|
|
||||||
id: 'bcb2d923-f3af-479e-9f00-61b12e864667',
|
|
||||||
privateKey: 'XXX'
|
|
||||||
// privateKey: null
|
|
||||||
}]
|
|
||||||
})
|
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
// describe('old and new password should not match', () => {
|
describe('authenticated query of "privateKey"', () => {
|
||||||
// it('responds with "Old password and new password should be different"', async () => {
|
it('throws "Not Authorised!"', async () => {
|
||||||
// await expect(
|
const headers = await login({ email: 'test@example.org', password: '1234' })
|
||||||
// client.request(
|
client = new GraphQLClient(host, { headers })
|
||||||
// mutation({
|
|
||||||
// oldPassword: '1234',
|
|
||||||
// newPassword: '1234'
|
|
||||||
// })
|
|
||||||
// )
|
|
||||||
// ).rejects.toThrow('Old password and new password should be different')
|
|
||||||
// })
|
|
||||||
// })
|
|
||||||
|
|
||||||
// describe('incorrect old password', () => {
|
await action()
|
||||||
// it('responds with "Old password isn\'t valid"', async () => {
|
await expect(
|
||||||
// await expect(
|
client.request(queryUser(), { queriedUserSlug: 'apfel-strudel' })
|
||||||
// client.request(
|
).rejects.toThrow('Not Authorised')
|
||||||
// mutation({
|
})
|
||||||
// oldPassword: 'notOldPassword',
|
})
|
||||||
// newPassword: '12345'
|
|
||||||
// })
|
|
||||||
// )
|
|
||||||
// ).rejects.toThrow('Old password is not correct')
|
|
||||||
// })
|
|
||||||
// })
|
|
||||||
|
|
||||||
// describe('correct password', () => {
|
|
||||||
// it('changes the password if given correct credentials "', async () => {
|
|
||||||
// let response = await client.request(
|
|
||||||
// mutation({
|
|
||||||
// oldPassword: '1234',
|
|
||||||
// newPassword: '12345'
|
|
||||||
// })
|
|
||||||
// )
|
|
||||||
// await expect(
|
|
||||||
// response
|
|
||||||
// ).toEqual(expect.objectContaining({
|
|
||||||
// changePassword: expect.any(String)
|
|
||||||
// }))
|
|
||||||
// })
|
|
||||||
// })
|
|
||||||
})
|
})
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user