IT4Change/gradido
3
0
Fork 0
mirror of https://github.com/IT4Change/gradido.git synced 2025-12-13 07:45:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(backend): critical bug

Browse Source
This commit is contained in:
Moriz Wahl 2022-11-30 12:15:47 +01:00
parent e00fe51017
commit c0096aa26c
2 changed files with 6 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
backend/src/graphql/resolver/TransactionResolver.test.ts
View File

@ -291,7 +291,6 @@ describe('send coins', () => {
await cleanDB() await cleanDB()
}) })
/*
describe('trying to send negative amount', () => { describe('trying to send negative amount', () => {
it('throws an error', async () => { it('throws an error', async () => {
expect( expect(
@ -305,18 +304,15 @@ describe('send coins', () => {
}), }),
).toEqual( ).toEqual(
expect.objectContaining({ expect.objectContaining({
errors: [new GraphQLError(`user hasn't enough GDD or amount is < 0`)], errors: [new GraphQLError(`Amount to send must be positive`)],
}), }),
) )
}) })
it('logs the error thrown', () => { it('logs the error thrown', () => {
expect(logger.error).toBeCalledWith( expect(logger.error).toBeCalledWith(`Amount to send must be positive`)
`user hasn't enough GDD or amount is < 0 : balance=null`,
)
}) })
}) })
*/
describe('good transaction', () => { describe('good transaction', () => {
it('sends the coins', async () => { it('sends the coins', async () => {

19
backend/src/graphql/resolver/TransactionResolver.ts
View File

@ -314,6 +314,10 @@ export class TransactionResolver {
@Ctx() context: Context, @Ctx() context: Context,
): Promise<boolean> { ): Promise<boolean> {
logger.info(`sendCoins(email=${email}, amount=${amount}, memo=${memo})`) logger.info(`sendCoins(email=${email}, amount=${amount}, memo=${memo})`)
if (amount.lte(0)) {
logger.error(`Amount to send must be positive`)
throw new Error('Amount to send must be positive')
}
// TODO this is subject to replay attacks // TODO this is subject to replay attacks
const senderUser = getUser(context) const senderUser = getUser(context)
@ -324,22 +328,7 @@ export class TransactionResolver {
// validate recipient user // validate recipient user
const recipientUser = await findUserByEmail(email) const recipientUser = await findUserByEmail(email)
/*
const emailContact = await UserContact.findOne({ email }, { withDeleted: true })
if (!emailContact) {
logger.error(`Could not find UserContact with email: ${email}`)
throw new Error(`Could not find UserContact with email: ${email}`)
}
*/
// const recipientUser = await dbUser.findOne({ id: emailContact.userId })
/* Code inside this if statement is unreachable (useless by so),
in findUserByEmail() an error is already thrown if the user is not found
*/
if (!recipientUser) {
logger.error(`unknown recipient to UserContact: email=${email}`)
throw new Error('unknown recipient')
}
if (recipientUser.deletedAt) { if (recipientUser.deletedAt) {
logger.error(`The recipient account was deleted: recipientUser=${recipientUser}`) logger.error(`The recipient account was deleted: recipientUser=${recipientUser}`)
throw new Error('The recipient account was deleted') throw new Error('The recipient account was deleted')