From cac8745ec6b598a81a5e5f88f0d3ab8552a268f1 Mon Sep 17 00:00:00 2001
From: einhornimmond <info@einhornimmond.de>
Date: Fri, 8 Mar 2024 12:11:24 +0100
Subject: [PATCH 1/2] prevent updating alias backend-side

---
 backend/src/graphql/resolver/UserResolver.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/backend/src/graphql/resolver/UserResolver.ts b/backend/src/graphql/resolver/UserResolver.ts
index d980dabed..56bb5d0fc 100644
--- a/backend/src/graphql/resolver/UserResolver.ts
+++ b/backend/src/graphql/resolver/UserResolver.ts
@@ -569,7 +569,8 @@ export class UserResolver {
       user.lastName = lastName
     }
 
-    if (alias && (await validateAlias(alias))) {
+    // currently alias can only be set, not updated
+    if (alias && !user.alias && (await validateAlias(alias))) {
       user.alias = alias
     }
 

From 93637f908f8b9095d41c4ed0890d1a0f3dca9ae2 Mon Sep 17 00:00:00 2001
From: einhornimmond <info@einhornimmond.de>
Date: Fri, 8 Mar 2024 13:55:03 +0100
Subject: [PATCH 2/2] update tests

---
 backend/src/graphql/resolver/TransactionResolver.test.ts | 2 ++
 backend/src/graphql/resolver/UserResolver.test.ts        | 4 ++++
 2 files changed, 6 insertions(+)

diff --git a/backend/src/graphql/resolver/TransactionResolver.test.ts b/backend/src/graphql/resolver/TransactionResolver.test.ts
index 97e210dfa..4bf5ab493 100644
--- a/backend/src/graphql/resolver/TransactionResolver.test.ts
+++ b/backend/src/graphql/resolver/TransactionResolver.test.ts
@@ -528,6 +528,8 @@ describe('send coins', () => {
 
     describe('send coins via alias', () => {
       beforeAll(async () => {
+        // first set alias to null, because updating alias isn't allowed
+        await User.update({ alias: 'MeisterBob' }, { alias: () => 'NULL' })
         await mutate({
           mutation: updateUserInfos,
           variables: {
diff --git a/backend/src/graphql/resolver/UserResolver.test.ts b/backend/src/graphql/resolver/UserResolver.test.ts
index 430aad2f5..e7c873fc4 100644
--- a/backend/src/graphql/resolver/UserResolver.test.ts
+++ b/backend/src/graphql/resolver/UserResolver.test.ts
@@ -1258,6 +1258,8 @@ describe('UserResolver', () => {
 
         describe('valid alias', () => {
           it('updates the user in DB', async () => {
+            // first empty alias, because currently updating alias isn't allowed
+            await User.update({ alias: 'BBB' }, { alias: () => 'NULL' })
             await mutate({
               mutation: updateUserInfos,
               variables: {
@@ -2674,6 +2676,8 @@ describe('UserResolver', () => {
           mutation: login,
           variables: { email: 'bibi@bloxberg.de', password: 'Aa12345_' },
         })
+        // first set alias to null, because updating alias isn't currently allowed
+        await User.update({ alias: 'BBB' }, { alias: () => 'NULL' })
         await mutate({
           mutation: updateUserInfos,
           variables: {