IT4Change/Ocelot-Social
3
0
Fork 0
mirror of https://github.com/IT4Change/Ocelot-Social.git synced 2025-12-13 07:45:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into 27_disable_posts

Browse Source
This commit is contained in:
Robert Schäfer 2019-03-17 14:24:04 +01:00 committed by GitHub
commit a20a8d09a2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 52 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/jwt/decode.js
View File

@ -13,7 +13,7 @@ export default async (driver, authorizationHeader) => {
const session = driver.session() const session = driver.session()
const query = ` const query = `
MATCH (user:User {id: {id} }) MATCH (user:User {id: {id} })
RETURN user {.id, .slug, .name, .avatar, .email, .role} as user RETURN user {.id, .slug, .name, .avatar, .email, .role, .disabled}
LIMIT 1 LIMIT 1
` `
const result = await session.run(query, { id }) const result = await session.run(query, { id })
@ -22,6 +22,7 @@ export default async (driver, authorizationHeader) => {
return record.get('user') return record.get('user')
}) })
if (!currentUser) return null if (!currentUser) return null
if (currentUser.disabled) return null
return { return {
token, token,
...currentUser ...currentUser

9
src/resolvers/user_management.js
View File

@ -32,7 +32,7 @@ export default {
const session = driver.session() const session = driver.session()
const result = await session.run( const result = await session.run(
'MATCH (user:User {email: $userEmail}) ' + 'MATCH (user:User {email: $userEmail}) ' +
'RETURN user {.id, .slug, .name, .avatar, .email, .password, .role} as user LIMIT 1', 'RETURN user {.id, .slug, .name, .avatar, .email, .password, .role, .disabled} as user LIMIT 1',
{ {
userEmail: email userEmail: email
} }
@ -45,10 +45,15 @@ export default {
if ( if (
currentUser && currentUser &&
(await bcrypt.compareSync(password, currentUser.password)) (await bcrypt.compareSync(password, currentUser.password)) &&
!currentUser.disabled
) { ) {
delete currentUser.password delete currentUser.password
return encode(currentUser) return encode(currentUser)
} else if (currentUser &&
currentUser.disabled
) {
throw new AuthenticationError('Your account has been disabled.')
} else { } else {
throw new AuthenticationError('Incorrect email address or password.') throw new AuthenticationError('Incorrect email address or password.')
} }

38
src/resolvers/user_management.spec.js
View File

@ -26,6 +26,14 @@ const jennyRostocksHeaders = {
'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoidXNlciIsImxvY2F0aW9uTmFtZSI6bnVsbCwibmFtZSI6Ikplbm55IFJvc3RvY2siLCJhYm91dCI6bnVsbCwiYXZhdGFyIjoiaHR0cHM6Ly9zMy5hbWF6b25hd3MuY29tL3VpZmFjZXMvZmFjZXMvdHdpdHRlci9zYXNoYV9zaGVzdGFrb3YvMTI4LmpwZyIsImlkIjoidTMiLCJlbWFpbCI6InVzZXJAZXhhbXBsZS5vcmciLCJzbHVnIjoiamVubnktcm9zdG9jayIsImlhdCI6MTU1MDg0NjY4MCwiZXhwIjoxNjM3MjQ2NjgwLCJhdWQiOiJodHRwOi8vbG9jYWxob3N0OjMwMDAiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjQwMDAiLCJzdWIiOiJ1MyJ9.eZ_mVKas4Wzoc_JrQTEWXyRn7eY64cdIg4vqQ-F_7Jc' 'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoidXNlciIsImxvY2F0aW9uTmFtZSI6bnVsbCwibmFtZSI6Ikplbm55IFJvc3RvY2siLCJhYm91dCI6bnVsbCwiYXZhdGFyIjoiaHR0cHM6Ly9zMy5hbWF6b25hd3MuY29tL3VpZmFjZXMvZmFjZXMvdHdpdHRlci9zYXNoYV9zaGVzdGFrb3YvMTI4LmpwZyIsImlkIjoidTMiLCJlbWFpbCI6InVzZXJAZXhhbXBsZS5vcmciLCJzbHVnIjoiamVubnktcm9zdG9jayIsImlhdCI6MTU1MDg0NjY4MCwiZXhwIjoxNjM3MjQ2NjgwLCJhdWQiOiJodHRwOi8vbG9jYWxob3N0OjMwMDAiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjQwMDAiLCJzdWIiOiJ1MyJ9.eZ_mVKas4Wzoc_JrQTEWXyRn7eY64cdIg4vqQ-F_7Jc'
} }
const disable = async (id) => {
const moderatorParams = { email: 'moderator@example.org', role: 'moderator', password: '1234' }
const asModerator = Factory()
await asModerator.create('User', moderatorParams)
await asModerator.authenticateAs(moderatorParams)
await asModerator.mutate('mutation($id: ID!) { disable(id: $id) }', { id })
}
beforeEach(async () => { beforeEach(async () => {
await factory.create('User', { await factory.create('User', {
avatar: 'https://s3.amazonaws.com/uifaces/faces/twitter/jimmuirhead/128.jpg', avatar: 'https://s3.amazonaws.com/uifaces/faces/twitter/jimmuirhead/128.jpg',
@ -73,6 +81,7 @@ describe('isLoggedIn', () => {
}) })
describe('and a corresponding user in the database', () => { describe('and a corresponding user in the database', () => {
describe('user is enabled', () => {
it('returns true', async () => { it('returns true', async () => {
// see the decoded token above // see the decoded token above
await factory.create('User', { id: 'u3' }) await factory.create('User', { id: 'u3' })
@ -81,6 +90,20 @@ describe('isLoggedIn', () => {
}) })
}) })
}) })
describe('user is disabled', () => {
beforeEach(async () => {
await factory.create('User', { id: 'u3' })
await disable('u3')
})
it('returns false', async () => {
await expect(client.request(query)).resolves.toEqual({
isLoggedIn: false
})
})
})
})
}) })
}) })
@ -168,6 +191,21 @@ describe('login', () => {
}) })
}) })
describe('valid email/password but user is disabled', () => {
it('responds with "Your account has been disabled."', async () => {
await disable('acb2d923-f3af-479e-9f00-61b12e864666')
await expect(
request(
host,
mutation({
email: 'test@example.org',
password: '1234'
})
)
).rejects.toThrow('Your account has been disabled.')
})
})
describe('with a valid email but incorrect password', () => { describe('with a valid email but incorrect password', () => {
it('responds with "Incorrect email address or password."', async () => { it('responds with "Incorrect email address or password."', async () => {
await expect( await expect(