From ed84a1dd56bed2dcd0d5afdfac6d32e7b2599ed4 Mon Sep 17 00:00:00 2001
From: Moriz Wahl <moriz.wahl@gmx.de>
Date: Mon, 14 Mar 2022 15:35:39 +0100
Subject: [PATCH] no resetDB and test for inalienable rights first

---
 backend/src/graphql/directive/isAuthorized.ts | 23 ++++---------------
 backend/test/helpers.ts                       |  2 +-
 2 files changed, 5 insertions(+), 20 deletions(-)

diff --git a/backend/src/graphql/directive/isAuthorized.ts b/backend/src/graphql/directive/isAuthorized.ts
index c72a52ac4..f2d646cad 100644
--- a/backend/src/graphql/directive/isAuthorized.ts
+++ b/backend/src/graphql/directive/isAuthorized.ts
@@ -13,31 +13,16 @@ import { ServerUser } from '@entity/ServerUser'
 const isAuthorized: AuthChecker<any> = async ({ context }, rights) => {
   context.role = ROLE_UNAUTHORIZED // unauthorized user
 
-  // moriz: I think it is better to check the INALIENABLE_RIGHTS here
-  /* 
-  if ((<RIGHTS[]>rights).reduce(
-    (acc, right) => acc && INALIENABLE_RIGHTS.includes(right),
-    true,
-  )) return true
-  */
+  // is rights an inalienable right?
+  if ((<RIGHTS[]>rights).reduce((acc, right) => acc && INALIENABLE_RIGHTS.includes(right), true))
+    return true
 
   // Do we have a token?
   if (context.token) {
     // Decode the token
     const decoded = decode(context.token)
     if (!decoded) {
-      // Are all rights requested public?
-      const isInalienable = (<RIGHTS[]>rights).reduce(
-        (acc, right) => acc && INALIENABLE_RIGHTS.includes(right),
-        true,
-      )
-      if (isInalienable) {
-        // If public dont throw and permit access
-        return true
-      } else {
-        // Throw on a protected route
-        throw new Error('403.13 - Client certificate revoked')
-      }
+      throw new Error('403.13 - Client certificate revoked')
     }
     // Set context pubKey
     context.pubKey = Buffer.from(decoded.pubKey).toString('hex')
diff --git a/backend/test/helpers.ts b/backend/test/helpers.ts
index 74addae3d..f5a6c902c 100644
--- a/backend/test/helpers.ts
+++ b/backend/test/helpers.ts
@@ -3,7 +3,7 @@
 
 import { createTestClient } from 'apollo-server-testing'
 import createServer from '../src/server/createServer'
-import { resetDB, initialize } from '@dbTools/helpers'
+import { initialize } from '@dbTools/helpers'
 import { createUserMutation, setPasswordMutation } from './graphql'
 import { LoginEmailOptIn } from '@entity/LoginEmailOptIn'
 import { User } from '@entity/User'