fix wrong db query in create user helper, improve isAuthorized, delete token to simulate unauthenticated

2025-12-13 07:45:54 +00:00 · 2022-03-14 16:17:11 +01:00 · 2022-03-14 16:17:11 +01:00 · bc29e3d6a6
commit bc29e3d6a6
parent ed84a1dd56
3 changed files with 14 additions and 9 deletions
--- a/backend/src/graphql/directive/isAuthorized.ts
+++ b/backend/src/graphql/directive/isAuthorized.ts
@ -36,11 +36,15 @@ const isAuthorized: AuthChecker<any> = async ({ context }, rights) => {
    // TODO - load from database dynamically & admin - maybe encode this in the token to prevent many database requests
    // TODO this implementation is bullshit - two database queries cause our user identifiers are not aligned and vary between email, id and pubKey
    const userRepository = await getCustomRepository(UserRepository)
-    const user = await userRepository.findByPubkeyHex(context.pubKey)
-    const countServerUsers = await ServerUser.count({ email: user.email })
-    context.role = countServerUsers > 0 ? ROLE_ADMIN : ROLE_USER
+    try {
+      const user = await userRepository.findByPubkeyHex(context.pubKey)
+      const countServerUsers = await ServerUser.count({ email: user.email })
+      context.role = countServerUsers > 0 ? ROLE_ADMIN : ROLE_USER

-    context.setHeaders.push({ key: 'token', value: encode(decoded.pubKey) })
+      context.setHeaders.push({ key: 'token', value: encode(decoded.pubKey) })
+    } catch {
+      throw new Error('401 Unauthorized')
+    }
  }

  // check for correct rights
--- a/backend/src/graphql/resolver/UserResolver.test.ts
+++ b/backend/src/graphql/resolver/UserResolver.test.ts
@ -1,7 +1,7 @@
 /* eslint-disable @typescript-eslint/no-explicit-any */
 /* eslint-disable @typescript-eslint/explicit-module-boundary-types */

-import { testEnvironment, createUser, headerPushMock, cleanDB } from '@test/helpers'
+import { testEnvironment, createUser, headerPushMock, cleanDB, resetToken } from '@test/helpers'
 import { createUserMutation, setPasswordMutation } from '@test/graphql'
 import gql from 'graphql-tag'
 import { GraphQLError } from 'graphql'
@ -407,6 +407,7 @@ describe('UserResolver', () => {

    describe('unauthenticated', () => {
      it('throws an error', async () => {
+        resetToken()
        await expect(query({ query: logoutQuery })).resolves.toEqual(
          expect.objectContaining({
            errors: [new GraphQLError('401 Unauthorized')],
--- a/backend/test/helpers.ts
+++ b/backend/test/helpers.ts
@ -39,7 +39,7 @@ export const testEnvironment = async () => {
 }

 export const resetEntity = async (entity: any) => {
-  const items = await entity.find()
+  const items = await entity.find({ withDeleted: true })
  if (items.length > 0) {
    const ids = items.map((i: any) => i.id)
    await entity.delete(ids)
@ -47,11 +47,11 @@ export const resetEntity = async (entity: any) => {
 }

 export const createUser = async (mutate: any, user: any) => {
-  resetToken()
+  // resetToken()
  await mutate({ mutation: createUserMutation, variables: user })
  const dbUser = await User.findOne({ where: { email: user.email } })
  if (!dbUser) throw new Error('Ups, no user found')
-  const optin = await LoginEmailOptIn.findOne(dbUser.id)
+  const optin = await LoginEmailOptIn.findOne({ where: { userId: dbUser.id } })
  if (!optin) throw new Error('Ups, no optin found')
  await mutate({
    mutation: setPasswordMutation,
@ -59,6 +59,6 @@ export const createUser = async (mutate: any, user: any) => {
  })
 }

-const resetToken = () => {
+export const resetToken = () => {
  context.token = ''
 }