diff --git a/backend/src/graphql/directive/isAuthorized.ts b/backend/src/graphql/directive/isAuthorized.ts index f2d646cad..2c003d818 100644 --- a/backend/src/graphql/directive/isAuthorized.ts +++ b/backend/src/graphql/directive/isAuthorized.ts @@ -36,11 +36,15 @@ const isAuthorized: AuthChecker = async ({ context }, rights) => { // TODO - load from database dynamically & admin - maybe encode this in the token to prevent many database requests // TODO this implementation is bullshit - two database queries cause our user identifiers are not aligned and vary between email, id and pubKey const userRepository = await getCustomRepository(UserRepository) - const user = await userRepository.findByPubkeyHex(context.pubKey) - const countServerUsers = await ServerUser.count({ email: user.email }) - context.role = countServerUsers > 0 ? ROLE_ADMIN : ROLE_USER + try { + const user = await userRepository.findByPubkeyHex(context.pubKey) + const countServerUsers = await ServerUser.count({ email: user.email }) + context.role = countServerUsers > 0 ? ROLE_ADMIN : ROLE_USER - context.setHeaders.push({ key: 'token', value: encode(decoded.pubKey) }) + context.setHeaders.push({ key: 'token', value: encode(decoded.pubKey) }) + } catch { + throw new Error('401 Unauthorized') + } } // check for correct rights diff --git a/backend/src/graphql/resolver/UserResolver.test.ts b/backend/src/graphql/resolver/UserResolver.test.ts index 4b20f035d..947636aa4 100644 --- a/backend/src/graphql/resolver/UserResolver.test.ts +++ b/backend/src/graphql/resolver/UserResolver.test.ts @@ -1,7 +1,7 @@ /* eslint-disable @typescript-eslint/no-explicit-any */ /* eslint-disable @typescript-eslint/explicit-module-boundary-types */ -import { testEnvironment, createUser, headerPushMock, cleanDB } from '@test/helpers' +import { testEnvironment, createUser, headerPushMock, cleanDB, resetToken } from '@test/helpers' import { createUserMutation, setPasswordMutation } from '@test/graphql' import gql from 'graphql-tag' import { GraphQLError } from 'graphql' @@ -407,6 +407,7 @@ describe('UserResolver', () => { describe('unauthenticated', () => { it('throws an error', async () => { + resetToken() await expect(query({ query: logoutQuery })).resolves.toEqual( expect.objectContaining({ errors: [new GraphQLError('401 Unauthorized')], diff --git a/backend/test/helpers.ts b/backend/test/helpers.ts index f5a6c902c..edb4eb3e4 100644 --- a/backend/test/helpers.ts +++ b/backend/test/helpers.ts @@ -39,7 +39,7 @@ export const testEnvironment = async () => { } export const resetEntity = async (entity: any) => { - const items = await entity.find() + const items = await entity.find({ withDeleted: true }) if (items.length > 0) { const ids = items.map((i: any) => i.id) await entity.delete(ids) @@ -47,11 +47,11 @@ export const resetEntity = async (entity: any) => { } export const createUser = async (mutate: any, user: any) => { - resetToken() + // resetToken() await mutate({ mutation: createUserMutation, variables: user }) const dbUser = await User.findOne({ where: { email: user.email } }) if (!dbUser) throw new Error('Ups, no user found') - const optin = await LoginEmailOptIn.findOne(dbUser.id) + const optin = await LoginEmailOptIn.findOne({ where: { userId: dbUser.id } }) if (!optin) throw new Error('Ups, no optin found') await mutate({ mutation: setPasswordMutation, @@ -59,6 +59,6 @@ export const createUser = async (mutate: any, user: any) => { }) } -const resetToken = () => { +export const resetToken = () => { context.token = '' }