IT4Change/gradido
3
0
Fork 0
mirror of https://github.com/IT4Change/gradido.git synced 2025-12-13 07:45:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix wrong db query in create user helper, improve isAuthorized, delete token to simulate unauthenticated

Browse Source
This commit is contained in:
Moriz Wahl 2022-03-14 16:17:11 +01:00
parent ed84a1dd56
commit bc29e3d6a6
3 changed files with 14 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
backend/src/graphql/directive/isAuthorized.ts
View File

@ -36,11 +36,15 @@ const isAuthorized: AuthChecker<any> = async ({ context }, rights) => {
// TODO - load from database dynamically & admin - maybe encode this in the token to prevent many database requests // TODO - load from database dynamically & admin - maybe encode this in the token to prevent many database requests
// TODO this implementation is bullshit - two database queries cause our user identifiers are not aligned and vary between email, id and pubKey // TODO this implementation is bullshit - two database queries cause our user identifiers are not aligned and vary between email, id and pubKey
const userRepository = await getCustomRepository(UserRepository) const userRepository = await getCustomRepository(UserRepository)
const user = await userRepository.findByPubkeyHex(context.pubKey) try {
const countServerUsers = await ServerUser.count({ email: user.email }) const user = await userRepository.findByPubkeyHex(context.pubKey)
context.role = countServerUsers > 0 ? ROLE_ADMIN : ROLE_USER const countServerUsers = await ServerUser.count({ email: user.email })
context.role = countServerUsers > 0 ? ROLE_ADMIN : ROLE_USER
context.setHeaders.push({ key: 'token', value: encode(decoded.pubKey) }) context.setHeaders.push({ key: 'token', value: encode(decoded.pubKey) })
} catch {
throw new Error('401 Unauthorized')
}
} }
// check for correct rights // check for correct rights

3
backend/src/graphql/resolver/UserResolver.test.ts
View File

@ -1,7 +1,7 @@
/* eslint-disable @typescript-eslint/no-explicit-any */ /* eslint-disable @typescript-eslint/no-explicit-any */
/* eslint-disable @typescript-eslint/explicit-module-boundary-types */ /* eslint-disable @typescript-eslint/explicit-module-boundary-types */
import { testEnvironment, createUser, headerPushMock, cleanDB } from '@test/helpers' import { testEnvironment, createUser, headerPushMock, cleanDB, resetToken } from '@test/helpers'
import { createUserMutation, setPasswordMutation } from '@test/graphql' import { createUserMutation, setPasswordMutation } from '@test/graphql'
import gql from 'graphql-tag' import gql from 'graphql-tag'
import { GraphQLError } from 'graphql' import { GraphQLError } from 'graphql'
@ -407,6 +407,7 @@ describe('UserResolver', () => {
describe('unauthenticated', () => { describe('unauthenticated', () => {
it('throws an error', async () => { it('throws an error', async () => {
resetToken()
await expect(query({ query: logoutQuery })).resolves.toEqual( await expect(query({ query: logoutQuery })).resolves.toEqual(
expect.objectContaining({ expect.objectContaining({
errors: [new GraphQLError('401 Unauthorized')], errors: [new GraphQLError('401 Unauthorized')],

8
backend/test/helpers.ts
View File

@ -39,7 +39,7 @@ export const testEnvironment = async () => {
} }
export const resetEntity = async (entity: any) => { export const resetEntity = async (entity: any) => {
const items = await entity.find() const items = await entity.find({ withDeleted: true })
if (items.length > 0) { if (items.length > 0) {
const ids = items.map((i: any) => i.id) const ids = items.map((i: any) => i.id)
await entity.delete(ids) await entity.delete(ids)
@ -47,11 +47,11 @@ export const resetEntity = async (entity: any) => {
} }
export const createUser = async (mutate: any, user: any) => { export const createUser = async (mutate: any, user: any) => {
resetToken() // resetToken()
await mutate({ mutation: createUserMutation, variables: user }) await mutate({ mutation: createUserMutation, variables: user })
const dbUser = await User.findOne({ where: { email: user.email } }) const dbUser = await User.findOne({ where: { email: user.email } })
if (!dbUser) throw new Error('Ups, no user found') if (!dbUser) throw new Error('Ups, no user found')
const optin = await LoginEmailOptIn.findOne(dbUser.id) const optin = await LoginEmailOptIn.findOne({ where: { userId: dbUser.id } })
if (!optin) throw new Error('Ups, no optin found') if (!optin) throw new Error('Ups, no optin found')
await mutate({ await mutate({
mutation: setPasswordMutation, mutation: setPasswordMutation,
@ -59,6 +59,6 @@ export const createUser = async (mutate: any, user: any) => {
}) })
} }
const resetToken = () => { export const resetToken = () => {
context.token = '' context.token = ''
} }