- This test, though I understand why it was added, is not necessary in
my opinion. It's more difficult to get this test to pass since we don't
call session.run, we call session.writeTransaction which has a callback
that calls transaction.run...
- I think we don't need to test that our third party library does what
it was added to do... they have their own tests, which can be found here
@roschaefer, which I think are sufficient https://github.com/validatorjs/validator.js/blob/master/test/sanitizers.js
- We can always add another type of test, if you feel necessary, maybe
an e2e?
- the test is broken, can you have a look @roschaefer??
- I tried to get it to work, but it's complicated with multiple
promises... I'm ok if we remove this test as well as it's only testing
that normalizeEmail works as it's supposed to... but that hopefully is
tested on the side of the validator library
We had this error in our neo4j pod recently:
```
2019-12-02 08:29:42.680+0000 ERROR Unable to schedule bolt session 'bolt-1018230' for execution since there are no available threads to serve it at the moment. You can retry at a later time or consider increasing max thread pool size for bolt connector(s).
2019-12-02 08:29:42.680+0000 ERROR Unable to schedule bolt session 'bolt-1018224' for execution since there are no available threads to serve it at the moment. You can retry at a later time or consider increasing max thread pool size for bolt connector(s).
2019-12-02 08:29:42.681+0000 ERROR Unable to schedule bolt session 'bolt-1018352' for execution since there are no available threads to serve it at the moment. You can retry at a later time or consider increasing max thread pool size for bolt connector(s).
2019-12-02 08:29:42.682+0000 ERROR Unable to schedule bolt session 'bolt-1018243' for execution since there are no available threads to serve it at the moment. You can retry at a later time or consider increasing max thread pool size for bolt connector(s).
```
Apparently the default is 400 threads. So we must have a leak somewhere.
I had a chat with our moderator Daniel. He asks us to remove dots from
gmail accounts. He finds it more consistent and he has no problem to
write a mail to a gmail address without dots. He is OK to save the
email address different from how a user memorizes it.
- it's good to return the pinnedAt date for ordering
- move test to a better describe block
- remove unneeded outdated variables from graphql/PostQuery UpdatePost
- fix indentation in Post.gql
- fix pinnedAt to return pinned.createdAt, not post.createdAt
Co-authored-by: Mike Aono <aonomike@gmail.com>
`BELONGS_TO` means a user owns an email address. `PRIMARY_EMAIL` means a
user authenticates with that email.
So right now, you get a proper error message if you try to change your
email back to your old email address (because you own it already).
I will make sure to delete the old email so this will be no problem
anymore. But maybe in the future we might have multiple email addresses
per user and then it makes a big difference to use `PRIMARY_EMAIL` or
`BELONGS_TO`.
It might be that people try to register email addresses that they don't own. Then if the actual owner tries to add this email address, she should not get a unique constraint violation. Instead the email will be re-used.
Is this a security issue? Because we re-use the nonce? 🤔
Ok, so here are multiple issues:
1. In cypher, `NOT NULL` will return `NULL` not `FALSE`. If we want
`FALSE` to be set in the database import, we should use `COAELESCE`
to find the first not-null value.
See:
https://neo4j.com/docs/cypher-manual/current/syntax/working-with-null/https://markhneedham.com/blog/2017/02/22/neo4j-null-values-even-work/
2. I removed the `disabled` and `deleted` checks on the commented
counter. With `neo4j-graphql-js` it is not possible to filter on the
join models (at least not without a lot of complexity) for disabled or
deleted items. Let's live with the fact that the list of commented posts
will include those posts, where the user has deleted his comment or where
the user's comment was disabled. It's being displayed as "not available"
so I think this is OK for now.
3. De-couple the pagination counters from the "commented", "shouted"
etc. counters. It might be that the list of posts is different for
different users. E.g. if the user has blocked you, the "posts" list
will be empty. The "shouted" or "commented" list will not have the
posts of the author. If you are a moderator, the list will include
disabled posts. So the counters are not in sync with the actual list
coming from the backend. Therefore I implemented "fetch and check if
resultSet < pageSize" instead of a global counter.
