Merge branch 'master' into 27_disable_posts

2025-12-13 07:45:56 +00:00 · 2019-03-17 14:24:04 +01:00 · 2019-03-17 14:24:04 +01:00 · a20a8d09a2
commit a20a8d09a2
parent 71ed58de3a dbe28d2118
3 changed files with 52 additions and 8 deletions
--- a/src/jwt/decode.js
+++ b/src/jwt/decode.js
@ -13,7 +13,7 @@ export default async (driver, authorizationHeader) => {
  const session = driver.session()
  const query = `
    MATCH (user:User {id: {id} })
-    RETURN user {.id, .slug, .name, .avatar, .email, .role} as user
+    RETURN user {.id, .slug, .name, .avatar, .email, .role, .disabled}
    LIMIT 1
  `
  const result = await session.run(query, { id })
@ -22,6 +22,7 @@ export default async (driver, authorizationHeader) => {
    return record.get('user')
  })
  if (!currentUser) return null
+  if (currentUser.disabled) return null
  return {
    token,
    ...currentUser
--- a/src/resolvers/user_management.js
+++ b/src/resolvers/user_management.js
@ -32,7 +32,7 @@ export default {
      const session = driver.session()
      const result = await session.run(
        'MATCH (user:User {email: $userEmail}) ' +
-          'RETURN user {.id, .slug, .name, .avatar, .email, .password, .role} as user LIMIT 1',
+          'RETURN user {.id, .slug, .name, .avatar, .email, .password, .role, .disabled} as user LIMIT 1',
        {
          userEmail: email
        }
@ -45,10 +45,15 @@ export default {

      if (
        currentUser &&
-        (await bcrypt.compareSync(password, currentUser.password))
+        (await bcrypt.compareSync(password, currentUser.password)) &&
+        !currentUser.disabled
      ) {
        delete currentUser.password
        return encode(currentUser)
+      } else if (currentUser &&
+        currentUser.disabled
+      ) {
+        throw new AuthenticationError('Your account has been disabled.')
      } else {
        throw new AuthenticationError('Incorrect email address or password.')
      }
--- a/src/resolvers/user_management.spec.js
+++ b/src/resolvers/user_management.spec.js
@ -26,6 +26,14 @@ const jennyRostocksHeaders = {
    'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoidXNlciIsImxvY2F0aW9uTmFtZSI6bnVsbCwibmFtZSI6Ikplbm55IFJvc3RvY2siLCJhYm91dCI6bnVsbCwiYXZhdGFyIjoiaHR0cHM6Ly9zMy5hbWF6b25hd3MuY29tL3VpZmFjZXMvZmFjZXMvdHdpdHRlci9zYXNoYV9zaGVzdGFrb3YvMTI4LmpwZyIsImlkIjoidTMiLCJlbWFpbCI6InVzZXJAZXhhbXBsZS5vcmciLCJzbHVnIjoiamVubnktcm9zdG9jayIsImlhdCI6MTU1MDg0NjY4MCwiZXhwIjoxNjM3MjQ2NjgwLCJhdWQiOiJodHRwOi8vbG9jYWxob3N0OjMwMDAiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjQwMDAiLCJzdWIiOiJ1MyJ9.eZ_mVKas4Wzoc_JrQTEWXyRn7eY64cdIg4vqQ-F_7Jc'
 }

+const disable = async (id) => {
+  const moderatorParams = { email: 'moderator@example.org', role: 'moderator', password: '1234' }
+  const asModerator = Factory()
+  await asModerator.create('User', moderatorParams)
+  await asModerator.authenticateAs(moderatorParams)
+  await asModerator.mutate('mutation($id: ID!) { disable(id: $id) }', { id })
+}
+
 beforeEach(async () => {
  await factory.create('User', {
    avatar: 'https://s3.amazonaws.com/uifaces/faces/twitter/jimmuirhead/128.jpg',
@ -73,11 +81,26 @@ describe('isLoggedIn', () => {
    })

    describe('and a corresponding user in the database', () => {
-      it('returns true', async () => {
-        // see the decoded token above
-        await factory.create('User', { id: 'u3' })
-        await expect(client.request(query)).resolves.toEqual({
-          isLoggedIn: true
+      describe('user is enabled', () => {
+        it('returns true', async () => {
+          // see the decoded token above
+          await factory.create('User', { id: 'u3' })
+          await expect(client.request(query)).resolves.toEqual({
+            isLoggedIn: true
+          })
+        })
+      })
+
+      describe('user is disabled', () => {
+        beforeEach(async () => {
+          await factory.create('User', { id: 'u3' })
+          await disable('u3')
+        })
+
+        it('returns false', async () => {
+          await expect(client.request(query)).resolves.toEqual({
+            isLoggedIn: false
+          })
        })
      })
    })
@ -168,6 +191,21 @@ describe('login', () => {
      })
    })

+    describe('valid email/password but user is disabled', () => {
+      it('responds with "Your account has been disabled."', async () => {
+        await disable('acb2d923-f3af-479e-9f00-61b12e864666')
+        await expect(
+          request(
+            host,
+            mutation({
+              email: 'test@example.org',
+              password: '1234'
+            })
+          )
+        ).rejects.toThrow('Your account has been disabled.')
+      })
+    })
+
    describe('with a valid email but incorrect password', () => {
      it('responds with "Incorrect email address or password."', async () => {
        await expect(