Merge branch 'master' into 2049-remove-image-entries-in-docker-compose-files

2025-12-13 07:45:54 +00:00 · 2022-07-21 11:35:10 +02:00 · 2022-07-21 11:35:10 +02:00 · 3e259b049a
commit 3e259b049a
parent d7a907b41e 47fb530725
10 changed files with 520 additions and 272 deletions
--- a/backend/.env.dist
+++ b/backend/.env.dist
@ -1,60 +1,60 @@
-CONFIG_VERSION=v9.2022-07-07
-
-# Server
-PORT=4000
-JWT_SECRET=secret123
-JWT_EXPIRES_IN=10m
-GRAPHIQL=false
-GDT_API_URL=https://gdt.gradido.net
-
-# Database
-DB_HOST=localhost
-DB_PORT=3306
-DB_USER=root
-DB_PASSWORD=
-DB_DATABASE=gradido_community
-TYPEORM_LOGGING_RELATIVE_PATH=typeorm.backend.log
-
-# Klicktipp
-KLICKTIPP=false
-KLICKTTIPP_API_URL=https://api.klicktipp.com
-KLICKTIPP_USER=gradido_test
-KLICKTIPP_PASSWORD=secret321
-KLICKTIPP_APIKEY_DE=SomeFakeKeyDE
-KLICKTIPP_APIKEY_EN=SomeFakeKeyEN
-
-# Community
-COMMUNITY_NAME=Gradido Entwicklung
-COMMUNITY_URL=http://localhost/
-COMMUNITY_REGISTER_URL=http://localhost/register
-COMMUNITY_REDEEM_URL=http://localhost/redeem/{code}
-COMMUNITY_REDEEM_CONTRIBUTION_URL=http://localhost/redeem/CL-{code}
-COMMUNITY_DESCRIPTION=Die lokale Entwicklungsumgebung von Gradido.
-
-# Login Server
-LOGIN_APP_SECRET=21ffbbc616fe
-LOGIN_SERVER_KEY=a51ef8ac7ef1abf162fb7a65261acd7a
-
-# EMail
-EMAIL=false
-EMAIL_USERNAME=gradido_email
-EMAIL_SENDER=info@gradido.net
-EMAIL_PASSWORD=xxx
-EMAIL_SMTP_URL=gmail.com
-EMAIL_SMTP_PORT=587
-EMAIL_LINK_VERIFICATION=http://localhost/checkEmail/{optin}{code}
-EMAIL_LINK_SETPASSWORD=http://localhost/reset-password/{optin}
-EMAIL_LINK_FORGOTPASSWORD=http://localhost/forgot-password
-EMAIL_LINK_OVERVIEW=http://localhost/overview
-EMAIL_CODE_VALID_TIME=1440
-EMAIL_CODE_REQUEST_TIME=10
-
-# Webhook
-WEBHOOK_ELOPAGE_SECRET=secret
-
-# EventProtocol
-EVENT_PROTOCOL_DISABLED=false
-
-# SET LOG LEVEL AS NEEDED IN YOUR .ENV
-# POSSIBLE VALUES: all | trace | debug | info | warn | error | fatal
-# LOG_LEVEL=info
+CONFIG_VERSION=v9.2022-07-07
+
+# Server
+PORT=4000
+JWT_SECRET=secret123
+JWT_EXPIRES_IN=10m
+GRAPHIQL=false
+GDT_API_URL=https://gdt.gradido.net
+
+# Database
+DB_HOST=localhost
+DB_PORT=3306
+DB_USER=root
+DB_PASSWORD=
+DB_DATABASE=gradido_community
+TYPEORM_LOGGING_RELATIVE_PATH=typeorm.backend.log
+
+# Klicktipp
+KLICKTIPP=false
+KLICKTTIPP_API_URL=https://api.klicktipp.com
+KLICKTIPP_USER=gradido_test
+KLICKTIPP_PASSWORD=secret321
+KLICKTIPP_APIKEY_DE=SomeFakeKeyDE
+KLICKTIPP_APIKEY_EN=SomeFakeKeyEN
+
+# Community
+COMMUNITY_NAME=Gradido Entwicklung
+COMMUNITY_URL=http://localhost/
+COMMUNITY_REGISTER_URL=http://localhost/register
+COMMUNITY_REDEEM_URL=http://localhost/redeem/{code}
+COMMUNITY_REDEEM_CONTRIBUTION_URL=http://localhost/redeem/CL-{code}
+COMMUNITY_DESCRIPTION=Die lokale Entwicklungsumgebung von Gradido.
+
+# Login Server
+LOGIN_APP_SECRET=21ffbbc616fe
+LOGIN_SERVER_KEY=a51ef8ac7ef1abf162fb7a65261acd7a
+
+# EMail
+EMAIL=false
+EMAIL_USERNAME=gradido_email
+EMAIL_SENDER=info@gradido.net
+EMAIL_PASSWORD=xxx
+EMAIL_SMTP_URL=gmail.com
+EMAIL_SMTP_PORT=587
+EMAIL_LINK_VERIFICATION=http://localhost/checkEmail/{optin}{code}
+EMAIL_LINK_SETPASSWORD=http://localhost/reset-password/{optin}
+EMAIL_LINK_FORGOTPASSWORD=http://localhost/forgot-password
+EMAIL_LINK_OVERVIEW=http://localhost/overview
+EMAIL_CODE_VALID_TIME=1440
+EMAIL_CODE_REQUEST_TIME=10
+
+# Webhook
+WEBHOOK_ELOPAGE_SECRET=secret
+
+# EventProtocol
+EVENT_PROTOCOL_DISABLED=false
+
+# SET LOG LEVEL AS NEEDED IN YOUR .ENV
+# POSSIBLE VALUES: all | trace | debug | info | warn | error | fatal
+# LOG_LEVEL=info
--- a/backend/src/auth/RIGHTS.ts
+++ b/backend/src/auth/RIGHTS.ts
@ -26,6 +26,7 @@ export enum RIGHTS {
  LIST_TRANSACTION_LINKS = 'LIST_TRANSACTION_LINKS',
  GDT_BALANCE = 'GDT_BALANCE',
  CREATE_CONTRIBUTION = 'CREATE_CONTRIBUTION',
+  DELETE_CONTRIBUTION = 'DELETE_CONTRIBUTION',
  LIST_CONTRIBUTIONS = 'LIST_CONTRIBUTIONS',
  LIST_ALL_CONTRIBUTIONS = 'LIST_ALL_CONTRIBUTIONS',
  UPDATE_CONTRIBUTION = 'UPDATE_CONTRIBUTION',
--- a/backend/src/auth/ROLES.ts
+++ b/backend/src/auth/ROLES.ts
@ -24,6 +24,7 @@ export const ROLE_USER = new Role('user', [
  RIGHTS.LIST_TRANSACTION_LINKS,
  RIGHTS.GDT_BALANCE,
  RIGHTS.CREATE_CONTRIBUTION,
+  RIGHTS.DELETE_CONTRIBUTION,
  RIGHTS.LIST_CONTRIBUTIONS,
  RIGHTS.LIST_ALL_CONTRIBUTIONS,
  RIGHTS.UPDATE_CONTRIBUTION,
--- a/backend/src/config/index.ts
+++ b/backend/src/config/index.ts
@ -1,129 +1,129 @@
-// ATTENTION: DO NOT PUT ANY SECRETS IN HERE (or the .env)
-
-import dotenv from 'dotenv'
-import Decimal from 'decimal.js-light'
-dotenv.config()
-
-Decimal.set({
-  precision: 25,
-  rounding: Decimal.ROUND_HALF_UP,
-})
-
-const constants = {
-  DB_VERSION: '0043-add_event_protocol_table',
-  DECAY_START_TIME: new Date('2021-05-13 17:46:31-0000'), // GMT+0
-  LOG4JS_CONFIG: 'log4js-config.json',
-  // default log level on production should be info
-  LOG_LEVEL: process.env.LOG_LEVEL || 'info',
-  CONFIG_VERSION: {
-    DEFAULT: 'DEFAULT',
-    EXPECTED: 'v9.2022-07-07',
-    CURRENT: '',
-  },
-}
-
-const server = {
-  PORT: process.env.PORT || 4000,
-  JWT_SECRET: process.env.JWT_SECRET || 'secret123',
-  JWT_EXPIRES_IN: process.env.JWT_EXPIRES_IN || '10m',
-  GRAPHIQL: process.env.GRAPHIQL === 'true' || false,
-  GDT_API_URL: process.env.GDT_API_URL || 'https://gdt.gradido.net',
-  PRODUCTION: process.env.NODE_ENV === 'production' || false,
-}
-
-const database = {
-  DB_HOST: process.env.DB_HOST || 'localhost',
-  DB_PORT: process.env.DB_PORT ? parseInt(process.env.DB_PORT) : 3306,
-  DB_USER: process.env.DB_USER || 'root',
-  DB_PASSWORD: process.env.DB_PASSWORD || '',
-  DB_DATABASE: process.env.DB_DATABASE || 'gradido_community',
-  TYPEORM_LOGGING_RELATIVE_PATH: process.env.TYPEORM_LOGGING_RELATIVE_PATH || 'typeorm.backend.log',
-}
-
-const klicktipp = {
-  KLICKTIPP: process.env.KLICKTIPP === 'true' || false,
-  KLICKTTIPP_API_URL: process.env.KLICKTIPP_API_URL || 'https://api.klicktipp.com',
-  KLICKTIPP_USER: process.env.KLICKTIPP_USER || 'gradido_test',
-  KLICKTIPP_PASSWORD: process.env.KLICKTIPP_PASSWORD || 'secret321',
-  KLICKTIPP_APIKEY_DE: process.env.KLICKTIPP_APIKEY_DE || 'SomeFakeKeyDE',
-  KLICKTIPP_APIKEY_EN: process.env.KLICKTIPP_APIKEY_EN || 'SomeFakeKeyEN',
-}
-
-const community = {
-  COMMUNITY_NAME: process.env.COMMUNITY_NAME || 'Gradido Entwicklung',
-  COMMUNITY_URL: process.env.COMMUNITY_URL || 'http://localhost/',
-  COMMUNITY_REGISTER_URL: process.env.COMMUNITY_REGISTER_URL || 'http://localhost/register',
-  COMMUNITY_REDEEM_URL: process.env.COMMUNITY_REDEEM_URL || 'http://localhost/redeem/{code}',
-  COMMUNITY_REDEEM_CONTRIBUTION_URL:
-    process.env.COMMUNITY_REDEEM_CONTRIBUTION_URL || 'http://localhost/redeem/CL-{code}',
-  COMMUNITY_DESCRIPTION:
-    process.env.COMMUNITY_DESCRIPTION || 'Die lokale Entwicklungsumgebung von Gradido.',
-}
-
-const loginServer = {
-  LOGIN_APP_SECRET: process.env.LOGIN_APP_SECRET || '21ffbbc616fe',
-  LOGIN_SERVER_KEY: process.env.LOGIN_SERVER_KEY || 'a51ef8ac7ef1abf162fb7a65261acd7a',
-}
-
-const email = {
-  EMAIL: process.env.EMAIL === 'true' || false,
-  EMAIL_USERNAME: process.env.EMAIL_USERNAME || 'gradido_email',
-  EMAIL_SENDER: process.env.EMAIL_SENDER || 'info@gradido.net',
-  EMAIL_PASSWORD: process.env.EMAIL_PASSWORD || 'xxx',
-  EMAIL_SMTP_URL: process.env.EMAIL_SMTP_URL || 'gmail.com',
-  EMAIL_SMTP_PORT: process.env.EMAIL_SMTP_PORT || '587',
-  EMAIL_LINK_VERIFICATION:
-    process.env.EMAIL_LINK_VERIFICATION || 'http://localhost/checkEmail/{optin}{code}',
-  EMAIL_LINK_SETPASSWORD:
-    process.env.EMAIL_LINK_SETPASSWORD || 'http://localhost/reset-password/{optin}',
-  EMAIL_LINK_FORGOTPASSWORD:
-    process.env.EMAIL_LINK_FORGOTPASSWORD || 'http://localhost/forgot-password',
-  EMAIL_LINK_OVERVIEW: process.env.EMAIL_LINK_OVERVIEW || 'http://localhost/overview',
-  // time in minutes a optin code is valid
-  EMAIL_CODE_VALID_TIME: process.env.EMAIL_CODE_VALID_TIME
-    ? parseInt(process.env.EMAIL_CODE_VALID_TIME) || 1440
-    : 1440,
-  // time in minutes that must pass to request a new optin code
-  EMAIL_CODE_REQUEST_TIME: process.env.EMAIL_CODE_REQUEST_TIME
-    ? parseInt(process.env.EMAIL_CODE_REQUEST_TIME) || 10
-    : 10,
-}
-
-const webhook = {
-  // Elopage
-  WEBHOOK_ELOPAGE_SECRET: process.env.WEBHOOK_ELOPAGE_SECRET || 'secret',
-}
-
-const eventProtocol = {
-  // global switch to enable writing of EventProtocol-Entries
-  EVENT_PROTOCOL_DISABLED: process.env.EVENT_PROTOCOL_DISABLED === 'true' || false,
-}
-
-// This is needed by graphql-directive-auth
-process.env.APP_SECRET = server.JWT_SECRET
-
-// Check config version
-constants.CONFIG_VERSION.CURRENT = process.env.CONFIG_VERSION || constants.CONFIG_VERSION.DEFAULT
-if (
-  ![constants.CONFIG_VERSION.EXPECTED, constants.CONFIG_VERSION.DEFAULT].includes(
-    constants.CONFIG_VERSION.CURRENT,
-  )
-) {
-  throw new Error(
-    `Fatal: Config Version incorrect - expected "${constants.CONFIG_VERSION.EXPECTED}" or "${constants.CONFIG_VERSION.DEFAULT}", but found "${constants.CONFIG_VERSION.CURRENT}"`,
-  )
-}
-
-const CONFIG = {
-  ...constants,
-  ...server,
-  ...database,
-  ...klicktipp,
-  ...community,
-  ...email,
-  ...loginServer,
-  ...webhook,
-  ...eventProtocol,
-}
-
-export default CONFIG
+// ATTENTION: DO NOT PUT ANY SECRETS IN HERE (or the .env)
+
+import dotenv from 'dotenv'
+import Decimal from 'decimal.js-light'
+dotenv.config()
+
+Decimal.set({
+  precision: 25,
+  rounding: Decimal.ROUND_HALF_UP,
+})
+
+const constants = {
+  DB_VERSION: '0043-add_event_protocol_table',
+  DECAY_START_TIME: new Date('2021-05-13 17:46:31-0000'), // GMT+0
+  LOG4JS_CONFIG: 'log4js-config.json',
+  // default log level on production should be info
+  LOG_LEVEL: process.env.LOG_LEVEL || 'info',
+  CONFIG_VERSION: {
+    DEFAULT: 'DEFAULT',
+    EXPECTED: 'v9.2022-07-07',
+    CURRENT: '',
+  },
+}
+
+const server = {
+  PORT: process.env.PORT || 4000,
+  JWT_SECRET: process.env.JWT_SECRET || 'secret123',
+  JWT_EXPIRES_IN: process.env.JWT_EXPIRES_IN || '10m',
+  GRAPHIQL: process.env.GRAPHIQL === 'true' || false,
+  GDT_API_URL: process.env.GDT_API_URL || 'https://gdt.gradido.net',
+  PRODUCTION: process.env.NODE_ENV === 'production' || false,
+}
+
+const database = {
+  DB_HOST: process.env.DB_HOST || 'localhost',
+  DB_PORT: process.env.DB_PORT ? parseInt(process.env.DB_PORT) : 3306,
+  DB_USER: process.env.DB_USER || 'root',
+  DB_PASSWORD: process.env.DB_PASSWORD || '',
+  DB_DATABASE: process.env.DB_DATABASE || 'gradido_community',
+  TYPEORM_LOGGING_RELATIVE_PATH: process.env.TYPEORM_LOGGING_RELATIVE_PATH || 'typeorm.backend.log',
+}
+
+const klicktipp = {
+  KLICKTIPP: process.env.KLICKTIPP === 'true' || false,
+  KLICKTTIPP_API_URL: process.env.KLICKTIPP_API_URL || 'https://api.klicktipp.com',
+  KLICKTIPP_USER: process.env.KLICKTIPP_USER || 'gradido_test',
+  KLICKTIPP_PASSWORD: process.env.KLICKTIPP_PASSWORD || 'secret321',
+  KLICKTIPP_APIKEY_DE: process.env.KLICKTIPP_APIKEY_DE || 'SomeFakeKeyDE',
+  KLICKTIPP_APIKEY_EN: process.env.KLICKTIPP_APIKEY_EN || 'SomeFakeKeyEN',
+}
+
+const community = {
+  COMMUNITY_NAME: process.env.COMMUNITY_NAME || 'Gradido Entwicklung',
+  COMMUNITY_URL: process.env.COMMUNITY_URL || 'http://localhost/',
+  COMMUNITY_REGISTER_URL: process.env.COMMUNITY_REGISTER_URL || 'http://localhost/register',
+  COMMUNITY_REDEEM_URL: process.env.COMMUNITY_REDEEM_URL || 'http://localhost/redeem/{code}',
+  COMMUNITY_REDEEM_CONTRIBUTION_URL:
+    process.env.COMMUNITY_REDEEM_CONTRIBUTION_URL || 'http://localhost/redeem/CL-{code}',
+  COMMUNITY_DESCRIPTION:
+    process.env.COMMUNITY_DESCRIPTION || 'Die lokale Entwicklungsumgebung von Gradido.',
+}
+
+const loginServer = {
+  LOGIN_APP_SECRET: process.env.LOGIN_APP_SECRET || '21ffbbc616fe',
+  LOGIN_SERVER_KEY: process.env.LOGIN_SERVER_KEY || 'a51ef8ac7ef1abf162fb7a65261acd7a',
+}
+
+const email = {
+  EMAIL: process.env.EMAIL === 'true' || false,
+  EMAIL_USERNAME: process.env.EMAIL_USERNAME || 'gradido_email',
+  EMAIL_SENDER: process.env.EMAIL_SENDER || 'info@gradido.net',
+  EMAIL_PASSWORD: process.env.EMAIL_PASSWORD || 'xxx',
+  EMAIL_SMTP_URL: process.env.EMAIL_SMTP_URL || 'gmail.com',
+  EMAIL_SMTP_PORT: process.env.EMAIL_SMTP_PORT || '587',
+  EMAIL_LINK_VERIFICATION:
+    process.env.EMAIL_LINK_VERIFICATION || 'http://localhost/checkEmail/{optin}{code}',
+  EMAIL_LINK_SETPASSWORD:
+    process.env.EMAIL_LINK_SETPASSWORD || 'http://localhost/reset-password/{optin}',
+  EMAIL_LINK_FORGOTPASSWORD:
+    process.env.EMAIL_LINK_FORGOTPASSWORD || 'http://localhost/forgot-password',
+  EMAIL_LINK_OVERVIEW: process.env.EMAIL_LINK_OVERVIEW || 'http://localhost/overview',
+  // time in minutes a optin code is valid
+  EMAIL_CODE_VALID_TIME: process.env.EMAIL_CODE_VALID_TIME
+    ? parseInt(process.env.EMAIL_CODE_VALID_TIME) || 1440
+    : 1440,
+  // time in minutes that must pass to request a new optin code
+  EMAIL_CODE_REQUEST_TIME: process.env.EMAIL_CODE_REQUEST_TIME
+    ? parseInt(process.env.EMAIL_CODE_REQUEST_TIME) || 10
+    : 10,
+}
+
+const webhook = {
+  // Elopage
+  WEBHOOK_ELOPAGE_SECRET: process.env.WEBHOOK_ELOPAGE_SECRET || 'secret',
+}
+
+const eventProtocol = {
+  // global switch to enable writing of EventProtocol-Entries
+  EVENT_PROTOCOL_DISABLED: process.env.EVENT_PROTOCOL_DISABLED === 'true' || false,
+}
+
+// This is needed by graphql-directive-auth
+process.env.APP_SECRET = server.JWT_SECRET
+
+// Check config version
+constants.CONFIG_VERSION.CURRENT = process.env.CONFIG_VERSION || constants.CONFIG_VERSION.DEFAULT
+if (
+  ![constants.CONFIG_VERSION.EXPECTED, constants.CONFIG_VERSION.DEFAULT].includes(
+    constants.CONFIG_VERSION.CURRENT,
+  )
+) {
+  throw new Error(
+    `Fatal: Config Version incorrect - expected "${constants.CONFIG_VERSION.EXPECTED}" or "${constants.CONFIG_VERSION.DEFAULT}", but found "${constants.CONFIG_VERSION.CURRENT}"`,
+  )
+}
+
+const CONFIG = {
+  ...constants,
+  ...server,
+  ...database,
+  ...klicktipp,
+  ...community,
+  ...email,
+  ...loginServer,
+  ...webhook,
+  ...eventProtocol,
+}
+
+export default CONFIG
--- a/backend/src/graphql/model/Contribution.ts
+++ b/backend/src/graphql/model/Contribution.ts
@ -15,6 +15,7 @@ export class Contribution {
    this.deletedAt = contribution.deletedAt
    this.confirmedAt = contribution.confirmedAt
    this.confirmedBy = contribution.confirmedBy
+    this.contributionDate = contribution.contributionDate
  }

  @Field(() => Number)
@ -43,6 +44,9 @@ export class Contribution {

  @Field(() => Number, { nullable: true })
  confirmedBy: number | null
+
+  @Field(() => Date)
+  contributionDate: Date
 }

@ObjectType()
--- a/backend/src/graphql/resolver/ContributionResolver.test.ts
+++ b/backend/src/graphql/resolver/ContributionResolver.test.ts
@ -4,7 +4,9 @@
 import { bibiBloxberg } from '@/seeds/users/bibi-bloxberg'
 import {
  adminUpdateContribution,
+  confirmContribution,
  createContribution,
+  deleteContribution,
  updateContribution,
 } from '@/seeds/graphql/mutations'
 import { listAllContributions, listContributions, login } from '@/seeds/graphql/queries'
@ -487,6 +489,11 @@ describe('ContributionResolver', () => {
        })
      })

+      afterAll(async () => {
+        await cleanDB()
+        resetToken()
+      })
+
      it('returns allCreation', async () => {
        await expect(
          query({
@ -522,4 +529,129 @@ describe('ContributionResolver', () => {
      })
    })
  })
+
+  describe('deleteContribution', () => {
+    describe('unauthenticated', () => {
+      it('returns an error', async () => {
+        await expect(
+          query({
+            query: deleteContribution,
+            variables: {
+              id: -1,
+            },
+          }),
+        ).resolves.toEqual(
+          expect.objectContaining({
+            errors: [new GraphQLError('401 Unauthorized')],
+          }),
+        )
+      })
+    })
+
+    describe('authenticated', () => {
+      beforeAll(async () => {
+        await userFactory(testEnv, bibiBloxberg)
+        await userFactory(testEnv, peterLustig)
+        await query({
+          query: login,
+          variables: { email: 'bibi@bloxberg.de', password: 'Aa12345_' },
+        })
+        result = await mutate({
+          mutation: createContribution,
+          variables: {
+            amount: 100.0,
+            memo: 'Test env contribution',
+            creationDate: new Date().toString(),
+          },
+        })
+      })
+
+      afterAll(async () => {
+        await cleanDB()
+        resetToken()
+      })
+
+      describe('wrong contribution id', () => {
+        it('returns an error', async () => {
+          await expect(
+            mutate({
+              mutation: deleteContribution,
+              variables: {
+                id: -1,
+              },
+            }),
+          ).resolves.toEqual(
+            expect.objectContaining({
+              errors: [new GraphQLError('Contribution not found for given id.')],
+            }),
+          )
+        })
+      })
+
+      describe('other user sends a deleteContribtuion', () => {
+        it('returns an error', async () => {
+          await query({
+            query: login,
+            variables: { email: 'peter@lustig.de', password: 'Aa12345_' },
+          })
+          await expect(
+            mutate({
+              mutation: deleteContribution,
+              variables: {
+                id: result.data.createContribution.id,
+              },
+            }),
+          ).resolves.toEqual(
+            expect.objectContaining({
+              errors: [new GraphQLError('Can not delete contribution of another user')],
+            }),
+          )
+        })
+      })
+
+      describe('User deletes own contribution', () => {
+        it('deletes successfully', async () => {
+          await expect(
+            mutate({
+              mutation: deleteContribution,
+              variables: {
+                id: result.data.createContribution.id,
+              },
+            }),
+          ).resolves.toBeTruthy()
+        })
+      })
+
+      describe('User deletes already confirmed contribution', () => {
+        it('throws an error', async () => {
+          await query({
+            query: login,
+            variables: { email: 'peter@lustig.de', password: 'Aa12345_' },
+          })
+          await mutate({
+            mutation: confirmContribution,
+            variables: {
+              id: result.data.createContribution.id,
+            },
+          })
+          await query({
+            query: login,
+            variables: { email: 'bibi@bloxberg.de', password: 'Aa12345_' },
+          })
+          await expect(
+            mutate({
+              mutation: deleteContribution,
+              variables: {
+                id: result.data.createContribution.id,
+              },
+            }),
+          ).resolves.toEqual(
+            expect.objectContaining({
+              errors: [new GraphQLError('A confirmed contribution can not be deleted')],
+            }),
+          )
+        })
+      })
+    })
+  })
 })
--- a/backend/src/graphql/resolver/ContributionResolver.ts
+++ b/backend/src/graphql/resolver/ContributionResolver.ts
@ -38,6 +38,27 @@ export class ContributionResolver {
    return new UnconfirmedContribution(contribution, user, creations)
  }

+  @Authorized([RIGHTS.DELETE_CONTRIBUTION])
+  @Mutation(() => Boolean)
+  async deleteContribution(
+    @Arg('id', () => Int) id: number,
+    @Ctx() context: Context,
+  ): Promise<boolean> {
+    const user = getUser(context)
+    const contribution = await dbContribution.findOne(id)
+    if (!contribution) {
+      throw new Error('Contribution not found for given id.')
+    }
+    if (contribution.userId !== user.id) {
+      throw new Error('Can not delete contribution of another user')
+    }
+    if (contribution.confirmedAt) {
+      throw new Error('A confirmed contribution can not be deleted')
+    }
+    const res = await contribution.softRemove()
+    return !!res
+  }
+
  @Authorized([RIGHTS.LIST_CONTRIBUTIONS])
  @Query(() => ContributionListResult)
  async listContributions(
--- a/backend/src/seeds/graphql/mutations.ts
+++ b/backend/src/seeds/graphql/mutations.ts
@ -255,3 +255,9 @@ export const updateContribution = gql`
    }
  }
 `
+
+export const deleteContribution = gql`
+  mutation ($id: Int!) {
+    deleteContribution(id: $id)
+  }
+`
--- a/database/entity/0039-contributions_table/User.ts
+++ b/database/entity/0039-contributions_table/User.ts
@ -0,0 +1,83 @@
+import {
+  BaseEntity,
+  Entity,
+  PrimaryGeneratedColumn,
+  Column,
+  DeleteDateColumn,
+  OneToMany,
+  JoinColumn,
+} from 'typeorm'
+import { Contribution } from '../Contribution'
+
+@Entity('users', { engine: 'InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci' })
+export class User extends BaseEntity {
+  @PrimaryGeneratedColumn('increment', { unsigned: true })
+  id: number
+
+  @Column({ name: 'public_key', type: 'binary', length: 32, default: null, nullable: true })
+  pubKey: Buffer
+
+  @Column({ name: 'privkey', type: 'binary', length: 80, default: null, nullable: true })
+  privKey: Buffer
+
+  @Column({ length: 255, unique: true, nullable: false, collation: 'utf8mb4_unicode_ci' })
+  email: string
+
+  @Column({
+    name: 'first_name',
+    length: 255,
+    nullable: true,
+    default: null,
+    collation: 'utf8mb4_unicode_ci',
+  })
+  firstName: string
+
+  @Column({
+    name: 'last_name',
+    length: 255,
+    nullable: true,
+    default: null,
+    collation: 'utf8mb4_unicode_ci',
+  })
+  lastName: string
+
+  @DeleteDateColumn()
+  deletedAt: Date | null
+
+  @Column({ type: 'bigint', default: 0, unsigned: true })
+  password: BigInt
+
+  @Column({ name: 'email_hash', type: 'binary', length: 32, default: null, nullable: true })
+  emailHash: Buffer
+
+  @Column({ name: 'created', default: () => 'CURRENT_TIMESTAMP', nullable: false })
+  createdAt: Date
+
+  @Column({ name: 'email_checked', type: 'bool', nullable: false, default: false })
+  emailChecked: boolean
+
+  @Column({ length: 4, default: 'de', collation: 'utf8mb4_unicode_ci', nullable: false })
+  language: string
+
+  @Column({ name: 'is_admin', type: 'datetime', nullable: true, default: null })
+  isAdmin: Date | null
+
+  @Column({ name: 'referrer_id', type: 'int', unsigned: true, nullable: true, default: null })
+  referrerId?: number | null
+
+  @Column({ name: 'publisher_id', default: 0 })
+  publisherId: number
+
+  @Column({
+    type: 'text',
+    name: 'passphrase',
+    collation: 'utf8mb4_unicode_ci',
+    nullable: true,
+    default: null,
+  })
+  passphrase: string
+
+  @OneToMany(() => Contribution, (contribution) => contribution.user)
+  @JoinColumn({ name: 'user_id' })
+  contributions?: Contribution[]
+}
--- a/deployment/bare_metal/.env.dist
+++ b/deployment/bare_metal/.env.dist
@ -1,84 +1,84 @@
-GRADIDO_LOG_PATH=/home/gradido/gradido/deployment/bare_metal/log
-
-# start script
-DEPLOY_SEED_DATA=false
-
-# nginx
-NGINX_REWRITE_LEGACY_URLS=true
-NGINX_SSL=true
-NGINX_SERVER_NAME=stage1.gradido.net
-NGINX_SSL_CERTIFICATE=/etc/letsencrypt/live/stage1.gradido.net/fullchain.pem
-NGINX_SSL_CERTIFICATE_KEY=/etc/letsencrypt/live/stage1.gradido.net/privkey.pem
-NGINX_SSL_DHPARAM=/etc/letsencrypt/ssl-dhparams.pem
-NGINX_SSL_INCLUDE=/etc/letsencrypt/options-ssl-nginx.conf
-NGINX_UPDATE_PAGE_ROOT=/home/gradido/gradido/deployment/bare_metal/nginx/update-page
-
-# webhook
-WEBHOOK_GITHUB_SECRET=secret
-WEBHOOK_GITHUB_BRANCH=master
-
-# community
-COMMUNITY_NAME="Gradido Development Stage1"
-COMMUNITY_URL=https://stage1.gradido.net/
-COMMUNITY_REGISTER_URL=https://stage1.gradido.net/register
-COMMUNITY_REDEEM_URL=https://stage1.gradido.net/redeem/{code}
-COMMUNITY_REDEEM_CONTRIBUTION_URL=https://stage1.gradido.net/redeem/CL-{code}
-COMMUNITY_DESCRIPTION="Gradido Development Stage1 Test Community"
-
-# backend
-BACKEND_CONFIG_VERSION=v9.2022-07-07
-
-JWT_EXPIRES_IN=10m
-GDT_API_URL=https://gdt.gradido.net
-
-TYPEORM_LOGGING_RELATIVE_PATH=../deployment/bare_metal/log/typeorm.backend.log
-
-KLICKTIPP=false
-KLICKTIPP_USER=
-KLICKTIPP_PASSWORD=
-KLICKTIPP_APIKEY_DE=
-KLICKTIPP_APIKEY_EN=
-
-EMAIL=true
-EMAIL_USERNAME=peter@lustig.de
-EMAIL_SENDER=peter@lustig.de
-EMAIL_PASSWORD=1234
-EMAIL_SMTP_URL=smtp.lustig.de
-EMAIL_LINK_VERIFICATION=https://stage1.gradido.net/checkEmail/{optin}{code}
-EMAIL_LINK_SETPASSWORD=https://stage1.gradido.net/reset-password/{optin}
-EMAIL_LINK_FORGOTPASSWORD=https://stage1.gradido.net/forgot-password
-EMAIL_LINK_OVERVIEW=https://stage1.gradido.net/overview
-EMAIL_CODE_VALID_TIME=1440
-EMAIL_CODE_REQUEST_TIME=10
-
-WEBHOOK_ELOPAGE_SECRET=secret
-
-# EventProtocol
-EVENT_PROTOCOL_DISABLED=false
-
-
-# database
-DATABASE_CONFIG_VERSION=v1.2022-03-18
-
-# frontend
-FRONTEND_CONFIG_VERSION=v2.2022-04-07
-
-GRAPHQL_URI=https://stage1.gradido.net/graphql
-ADMIN_AUTH_URL=https://stage1.gradido.net/admin/authenticate?token={token}
-
-DEFAULT_PUBLISHER_ID=2896
-
-META_URL=http://localhost
-META_TITLE_DE="Gradido – Dein Dankbarkeitskonto"
-META_TITLE_EN="Gradido - Your gratitude account"
-META_DESCRIPTION_DE="Dankbarkeit ist die Währung der neuen Zeit. Immer mehr Menschen entfalten ihr Potenzial und gestalten eine gute Zukunft für alle."
-META_DESCRIPTION_EN="Gratitude is the currency of the new age. More and more people are unleashing their potential and shaping a good future for all."
-META_KEYWORDS_DE="Grundeinkommen, Währung, Dankbarkeit, Schenk-Ökonomie, Natürliche Ökonomie des Lebens, Ökonomie, Ökologie, Potenzialentfaltung, Schenken und Danken, Kreislauf des Lebens, Geldsystem"
-META_KEYWORDS_EN="Basic Income, Currency, Gratitude, Gift Economy, Natural Economy of Life, Economy, Ecology, Potential Development, Giving and Thanking, Cycle of Life, Monetary System"
-META_AUTHOR="Bernd Hückstädt - Gradido-Akademie"
-
-# admin
-ADMIN_CONFIG_VERSION=v1.2022-03-18
-
-WALLET_AUTH_URL=https://stage1.gradido.net/authenticate?token={token}
+GRADIDO_LOG_PATH=/home/gradido/gradido/deployment/bare_metal/log
+
+# start script
+DEPLOY_SEED_DATA=false
+
+# nginx
+NGINX_REWRITE_LEGACY_URLS=true
+NGINX_SSL=true
+NGINX_SERVER_NAME=stage1.gradido.net
+NGINX_SSL_CERTIFICATE=/etc/letsencrypt/live/stage1.gradido.net/fullchain.pem
+NGINX_SSL_CERTIFICATE_KEY=/etc/letsencrypt/live/stage1.gradido.net/privkey.pem
+NGINX_SSL_DHPARAM=/etc/letsencrypt/ssl-dhparams.pem
+NGINX_SSL_INCLUDE=/etc/letsencrypt/options-ssl-nginx.conf
+NGINX_UPDATE_PAGE_ROOT=/home/gradido/gradido/deployment/bare_metal/nginx/update-page
+
+# webhook
+WEBHOOK_GITHUB_SECRET=secret
+WEBHOOK_GITHUB_BRANCH=master
+
+# community
+COMMUNITY_NAME="Gradido Development Stage1"
+COMMUNITY_URL=https://stage1.gradido.net/
+COMMUNITY_REGISTER_URL=https://stage1.gradido.net/register
+COMMUNITY_REDEEM_URL=https://stage1.gradido.net/redeem/{code}
+COMMUNITY_REDEEM_CONTRIBUTION_URL=https://stage1.gradido.net/redeem/CL-{code}
+COMMUNITY_DESCRIPTION="Gradido Development Stage1 Test Community"
+
+# backend
+BACKEND_CONFIG_VERSION=v9.2022-07-07
+
+JWT_EXPIRES_IN=10m
+GDT_API_URL=https://gdt.gradido.net
+
+TYPEORM_LOGGING_RELATIVE_PATH=../deployment/bare_metal/log/typeorm.backend.log
+
+KLICKTIPP=false
+KLICKTIPP_USER=
+KLICKTIPP_PASSWORD=
+KLICKTIPP_APIKEY_DE=
+KLICKTIPP_APIKEY_EN=
+
+EMAIL=true
+EMAIL_USERNAME=peter@lustig.de
+EMAIL_SENDER=peter@lustig.de
+EMAIL_PASSWORD=1234
+EMAIL_SMTP_URL=smtp.lustig.de
+EMAIL_LINK_VERIFICATION=https://stage1.gradido.net/checkEmail/{optin}{code}
+EMAIL_LINK_SETPASSWORD=https://stage1.gradido.net/reset-password/{optin}
+EMAIL_LINK_FORGOTPASSWORD=https://stage1.gradido.net/forgot-password
+EMAIL_LINK_OVERVIEW=https://stage1.gradido.net/overview
+EMAIL_CODE_VALID_TIME=1440
+EMAIL_CODE_REQUEST_TIME=10
+
+WEBHOOK_ELOPAGE_SECRET=secret
+
+# EventProtocol
+EVENT_PROTOCOL_DISABLED=false
+
+
+# database
+DATABASE_CONFIG_VERSION=v1.2022-03-18
+
+# frontend
+FRONTEND_CONFIG_VERSION=v2.2022-04-07
+
+GRAPHQL_URI=https://stage1.gradido.net/graphql
+ADMIN_AUTH_URL=https://stage1.gradido.net/admin/authenticate?token={token}
+
+DEFAULT_PUBLISHER_ID=2896
+
+META_URL=http://localhost
+META_TITLE_DE="Gradido – Dein Dankbarkeitskonto"
+META_TITLE_EN="Gradido - Your gratitude account"
+META_DESCRIPTION_DE="Dankbarkeit ist die Währung der neuen Zeit. Immer mehr Menschen entfalten ihr Potenzial und gestalten eine gute Zukunft für alle."
+META_DESCRIPTION_EN="Gratitude is the currency of the new age. More and more people are unleashing their potential and shaping a good future for all."
+META_KEYWORDS_DE="Grundeinkommen, Währung, Dankbarkeit, Schenk-Ökonomie, Natürliche Ökonomie des Lebens, Ökonomie, Ökologie, Potenzialentfaltung, Schenken und Danken, Kreislauf des Lebens, Geldsystem"
+META_KEYWORDS_EN="Basic Income, Currency, Gratitude, Gift Economy, Natural Economy of Life, Economy, Ecology, Potential Development, Giving and Thanking, Cycle of Life, Monetary System"
+META_AUTHOR="Bernd Hückstädt - Gradido-Akademie"
+
+# admin
+ADMIN_CONFIG_VERSION=v1.2022-03-18
+
+WALLET_AUTH_URL=https://stage1.gradido.net/authenticate?token={token}
 WALLET_URL=https://stage1.gradido.net/login