From 6c43941429e7600f664a32f0fb3e081beb8dc1b9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" Date: Tue, 9 Apr 2019 04:54:12 +0000 Subject: [PATCH 01/10] Bump nodemon from 1.18.10 to 1.18.11 in /webapp Bumps [nodemon](https://github.com/remy/nodemon) from 1.18.10 to 1.18.11. - [Release notes](https://github.com/remy/nodemon/releases) - [Commits](https://github.com/remy/nodemon/compare/v1.18.10...v1.18.11) Signed-off-by: dependabot[bot] --- webapp/package.json | 2 +- webapp/yarn.lock | 25 +++++++++++++++---------- 2 files changed, 16 insertions(+), 11 deletions(-) diff --git a/webapp/package.json b/webapp/package.json index 935220cc8..76d7c3e76 100644 --- a/webapp/package.json +++ b/webapp/package.json @@ -75,7 +75,7 @@ "eslint-plugin-vue": "~5.2.2", "jest": "~24.7.1", "node-sass": "~4.11.0", - "nodemon": "~1.18.10", + "nodemon": "~1.18.11", "prettier": "~1.14.3", "sass-loader": "~7.1.0", "vue-jest": "~3.0.4", diff --git a/webapp/yarn.lock b/webapp/yarn.lock index 1c49748cf..e70646e9d 100644 --- a/webapp/yarn.lock +++ b/webapp/yarn.lock @@ -2867,10 +2867,10 @@ cheerio@^1.0.0-rc.2: lodash "^4.15.0" parse5 "^3.0.1" -chokidar@^2.0.2, chokidar@^2.0.4, chokidar@^2.1.0: - version "2.1.1" - resolved "https://registry.yarnpkg.com/chokidar/-/chokidar-2.1.1.tgz#adc39ad55a2adf26548bd2afa048f611091f9184" - integrity sha512-gfw3p2oQV2wEt+8VuMlNsPjCxDxvvgnm/kz+uATu805mWVF8IJN7uz9DN7iBz+RMJISmiVbCOBFs9qBGMjtPfQ== +chokidar@^2.0.2, chokidar@^2.0.4, chokidar@^2.1.5: + version "2.1.5" + resolved "https://registry.yarnpkg.com/chokidar/-/chokidar-2.1.5.tgz#0ae8434d962281a5f56c72869e79cb6d9d86ad4d" + integrity sha512-i0TprVWp+Kj4WRPtInjexJ8Q+BqTE909VpH8xVhXrJkoc5QC8VO9TryGOqTr+2hljzc1sC62t22h5tZePodM/A== dependencies: anymatch "^2.0.0" async-each "^1.0.1" @@ -2882,7 +2882,7 @@ chokidar@^2.0.2, chokidar@^2.0.4, chokidar@^2.1.0: normalize-path "^3.0.0" path-is-absolute "^1.0.0" readdirp "^2.2.1" - upath "^1.1.0" + upath "^1.1.1" optionalDependencies: fsevents "^1.2.7" @@ -7354,12 +7354,12 @@ node-sass@~4.11.0: stdout-stream "^1.4.0" "true-case-path" "^1.0.2" -nodemon@^1.18.9, nodemon@~1.18.10: - version "1.18.10" - resolved "https://registry.yarnpkg.com/nodemon/-/nodemon-1.18.10.tgz#3ba63f64eb4c283cf3e4f75f30817e9d4f393afe" - integrity sha512-we51yBb1TfEvZamFchRgcfLbVYgg0xlGbyXmOtbBzDwxwgewYS/YbZ5tnlnsH51+AoSTTsT3A2E/FloUbtH8cQ== +nodemon@^1.18.9, nodemon@~1.18.11: + version "1.18.11" + resolved "https://registry.yarnpkg.com/nodemon/-/nodemon-1.18.11.tgz#d836ab663776e7995570b963da5bfc807e53f6b8" + integrity sha512-KdN3tm1zkarlqNo4+W9raU3ihM4H15MVMSE/f9rYDZmFgDHAfAJsomYrHhApAkuUemYjFyEeXlpCOQ2v5gtBEw== dependencies: - chokidar "^2.1.0" + chokidar "^2.1.5" debug "^3.1.0" ignore-by-default "^1.0.1" minimatch "^3.0.4" @@ -10630,6 +10630,11 @@ upath@^1.1.0: resolved "https://registry.yarnpkg.com/upath/-/upath-1.1.0.tgz#35256597e46a581db4793d0ce47fa9aebfc9fabd" integrity sha512-bzpH/oBhoS/QI/YtbkqCg6VEiPYjSZtrHQM6/QnJS6OL9pKUFLqb3aFh4Scvwm45+7iAgiMkLhSbaZxUqmrprw== +upath@^1.1.1: + version "1.1.2" + resolved "https://registry.yarnpkg.com/upath/-/upath-1.1.2.tgz#3db658600edaeeccbe6db5e684d67ee8c2acd068" + integrity sha512-kXpym8nmDmlCBr7nKdIx8P2jNBa+pBpIUFRnKJ4dr8htyYGJFokkr2ZvERRtUN+9SY+JqXouNgUPtv6JQva/2Q== + update-notifier@^2.5.0: version "2.5.0" resolved "https://registry.yarnpkg.com/update-notifier/-/update-notifier-2.5.0.tgz#d0744593e13f161e406acb1d9408b72cad08aff6" From 89914f9a1a485f9caaaeeabda1e1e4b9b9e6d352 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Tue, 9 Apr 2019 23:47:13 +0200 Subject: [PATCH 02/10] Disabling activityPub middleware again I thought it might be a good thing to create RSA keys at least for cucumber testing. At least that's where we test activitityPub. But it caused too flaky tests and broken builds. @Mastercuber if you need to create a user and you need the RSA keys, don't create it through seeds but through the actual server. --- backend/package.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/backend/package.json b/backend/package.json index d03f35114..ddc1e83e3 100644 --- a/backend/package.json +++ b/backend/package.json @@ -16,8 +16,7 @@ "test:cucumber:cmd": "wait-on tcp:4001 tcp:4123 && cucumber-js --require-module @babel/register --exit test/", "test:jest:cmd:debug": "wait-on tcp:4001 tcp:4123 && node --inspect-brk ./node_modules/.bin/jest -i --forceExit --detectOpenHandles --runInBand", "test:jest": "run-p --race test:before:* 'test:jest:cmd {@}' --", - "test:cucumber": " cross-env CLIENT_URI=http://localhost:4123 run-p --race test:before:server test:cucumber:before:seeder 'test:cucumber:cmd {@}' --", - "test:cucumber:before:seeder": "cross-env GRAPHQL_URI=http://localhost:4001 GRAPHQL_PORT=4001 DISABLED_MIDDLEWARES=permissions yarn run dev", + "test:cucumber": " cross-env CLIENT_URI=http://localhost:4123 run-p --race test:before:* 'test:cucumber:cmd {@}' --", "test:jest:debug": "run-p --race test:before:* 'test:jest:cmd:debug {@}' --", "db:script:seed": "wait-on tcp:4001 && babel-node src/seed/seed-db.js", "db:reset": "babel-node src/seed/reset-db.js", From 4dead6e6f74faef26102a5f8d52632c950ba28dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Fri, 5 Apr 2019 14:35:41 +0200 Subject: [PATCH 03/10] Sketch test to create a notificaion for a mention --- .../src/middleware/notificationMiddleware.js | 0 .../middleware/notificationMiddleware.spec.js | 85 +++++++++++++++++++ 2 files changed, 85 insertions(+) create mode 100644 backend/src/middleware/notificationMiddleware.js create mode 100644 backend/src/middleware/notificationMiddleware.spec.js diff --git a/backend/src/middleware/notificationMiddleware.js b/backend/src/middleware/notificationMiddleware.js new file mode 100644 index 000000000..e69de29bb diff --git a/backend/src/middleware/notificationMiddleware.spec.js b/backend/src/middleware/notificationMiddleware.spec.js new file mode 100644 index 000000000..ccb38fcbf --- /dev/null +++ b/backend/src/middleware/notificationMiddleware.spec.js @@ -0,0 +1,85 @@ +import Factory from '../seed/factories' +import { GraphQLClient } from 'graphql-request' +import { host, login } from '../jest/helpers' + +const factory = Factory() +let client + +beforeEach(async () => { + await factory.create('User', { + id: 'you', + name: 'Al Capone', + slug: 'al-capone', + email: 'test@example.org', + password: '1234' + }) +}) + +afterEach(async () => { + await factory.cleanDatabase() +}) + +describe('currentUser { notifications }', () => { + const query = `query($read: Boolean) { + currentUser { + notifications(read: $read, orderBy: createdAt_desc) { + id + post { + id + } + } + } + }` + + describe('authenticated', () => { + let headers + beforeEach(async () => { + headers = await login({ email: 'test@example.org', password: '1234' }) + client = new GraphQLClient(host, { headers }) + }) + + describe('given another user', () => { + let authorClient + let authorParams + let authorHeaders + + beforeEach(async () => { + authorParams = { + email: 'author@example.org', + password: '1234', + id: 'author' + } + await factory.create('User', authorParams) + authorHeaders = await login(authorParams) + }) + + describe('who mentions me in a post', () => { + beforeEach(async () => { + const content = 'Hey @al-capone how do you do?' + const title = 'Mentioning Al Capone' + const createPostMutation = ` + mutation($title: String!, $content: String!) { + CreatePost(title: $title, content: $content) { + title + content + } + } + ` + authorClient = new GraphQLClient(host, authorHeaders) + await authorClient.request(createPostMutation, { title, content }) + }) + + it('sends you a notification', async () => { + const expected = { + currentUser: { + notifications: [ + { read: false, post: { content: 'Hey @al-capone how do you do?' } } + ] + } + } + await expect(client.request(query, { read: false })).resolves.toEqual(expected) + }) + }) + }) + }) +}) From bab748e5062044b30de3a90e259068acb98ad2d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Sat, 6 Apr 2019 00:33:10 +0200 Subject: [PATCH 04/10] Create notifications on CreatePost --- backend/src/middleware/index.js | 2 ++ .../src/middleware/notificationMiddleware.js | 0 .../src/middleware/notificationsMiddleware.js | 31 +++++++++++++++++++ ...pec.js => notificationsMiddleware.spec.js} | 4 ++- 4 files changed, 36 insertions(+), 1 deletion(-) delete mode 100644 backend/src/middleware/notificationMiddleware.js create mode 100644 backend/src/middleware/notificationsMiddleware.js rename backend/src/middleware/{notificationMiddleware.spec.js => notificationsMiddleware.spec.js} (94%) diff --git a/backend/src/middleware/index.js b/backend/src/middleware/index.js index 8f86a88e6..8d893a78b 100644 --- a/backend/src/middleware/index.js +++ b/backend/src/middleware/index.js @@ -10,6 +10,7 @@ import permissionsMiddleware from './permissionsMiddleware' import userMiddleware from './userMiddleware' import includedFieldsMiddleware from './includedFieldsMiddleware' import orderByMiddleware from './orderByMiddleware' +import notificationsMiddleware from './notificationsMiddleware' export default schema => { let middleware = [ @@ -19,6 +20,7 @@ export default schema => { excerptMiddleware, xssMiddleware, fixImageUrlsMiddleware, + notificationsMiddleware, softDeleteMiddleware, userMiddleware, includedFieldsMiddleware, diff --git a/backend/src/middleware/notificationMiddleware.js b/backend/src/middleware/notificationMiddleware.js deleted file mode 100644 index e69de29bb..000000000 diff --git a/backend/src/middleware/notificationsMiddleware.js b/backend/src/middleware/notificationsMiddleware.js new file mode 100644 index 000000000..1150ab0d9 --- /dev/null +++ b/backend/src/middleware/notificationsMiddleware.js @@ -0,0 +1,31 @@ +const MENTION_REGEX = /@(\S+)/g + +const notify = async (resolve, root, args, context, resolveInfo) => { + const post = await resolve(root, args, context, resolveInfo) + + const session = context.driver.session() + const { content, id: postId } = post + const slugs = [] + const createdAt = (new Date()).toISOString() + let match + while ((match = MENTION_REGEX.exec(content)) != null) { + slugs.push(match[1]) + } + const cypher = ` + match(u:User) where u.slug in $slugs + match(p:Post) where p.id = $postId + create(n:Notification{id: apoc.create.uuid(), read: false, createdAt: $createdAt}) + merge (n)-[:NOTIFIED]->(u) + merge (p)-[:NOTIFIED]->(n) + ` + await session.run(cypher, { slugs, createdAt, postId }) + session.close() + + return post +} + +export default { + Mutation: { + CreatePost: notify + } +} diff --git a/backend/src/middleware/notificationMiddleware.spec.js b/backend/src/middleware/notificationsMiddleware.spec.js similarity index 94% rename from backend/src/middleware/notificationMiddleware.spec.js rename to backend/src/middleware/notificationsMiddleware.spec.js index ccb38fcbf..9fed4a59a 100644 --- a/backend/src/middleware/notificationMiddleware.spec.js +++ b/backend/src/middleware/notificationsMiddleware.spec.js @@ -24,8 +24,10 @@ describe('currentUser { notifications }', () => { currentUser { notifications(read: $read, orderBy: createdAt_desc) { id + read post { id + content } } } @@ -65,7 +67,7 @@ describe('currentUser { notifications }', () => { } } ` - authorClient = new GraphQLClient(host, authorHeaders) + authorClient = new GraphQLClient(host, { headers: authorHeaders }) await authorClient.request(createPostMutation, { title, content }) }) From 771779348a8c83a5f3d7a338b23e8976b072c8a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Mon, 8 Apr 2019 10:19:57 +0200 Subject: [PATCH 05/10] Fix test --- backend/src/middleware/notificationsMiddleware.spec.js | 2 -- 1 file changed, 2 deletions(-) diff --git a/backend/src/middleware/notificationsMiddleware.spec.js b/backend/src/middleware/notificationsMiddleware.spec.js index 9fed4a59a..e6fc78c52 100644 --- a/backend/src/middleware/notificationsMiddleware.spec.js +++ b/backend/src/middleware/notificationsMiddleware.spec.js @@ -23,10 +23,8 @@ describe('currentUser { notifications }', () => { const query = `query($read: Boolean) { currentUser { notifications(read: $read, orderBy: createdAt_desc) { - id read post { - id content } } From 58019c8975d9fdd27418953b8d9abbef05ce4f23 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Mon, 8 Apr 2019 12:01:09 +0200 Subject: [PATCH 06/10] Avoid to send out notifications for email adresses --- backend/src/middleware/notifications/mentions.js | 10 ++++++++++ .../src/middleware/notifications/mentions.spec.js | 15 +++++++++++++++ backend/src/middleware/notificationsMiddleware.js | 8 ++------ 3 files changed, 27 insertions(+), 6 deletions(-) create mode 100644 backend/src/middleware/notifications/mentions.js create mode 100644 backend/src/middleware/notifications/mentions.spec.js diff --git a/backend/src/middleware/notifications/mentions.js b/backend/src/middleware/notifications/mentions.js new file mode 100644 index 000000000..fb4a049f2 --- /dev/null +++ b/backend/src/middleware/notifications/mentions.js @@ -0,0 +1,10 @@ +const MENTION_REGEX = /\s@(\S+)/g + +export function extractSlugs(content) { + let slugs = [] + let match + while ((match = MENTION_REGEX.exec(content)) != null) { + slugs.push(match[1]) + } + return slugs +} diff --git a/backend/src/middleware/notifications/mentions.spec.js b/backend/src/middleware/notifications/mentions.spec.js new file mode 100644 index 000000000..8fe9221b3 --- /dev/null +++ b/backend/src/middleware/notifications/mentions.spec.js @@ -0,0 +1,15 @@ +import { extractSlugs } from './mentions' + +describe('extract', () => { + describe('finds mentions in the form of', () => { + it('@user', () => { + const content = 'Hello @user' + expect(extractSlugs(content)).toEqual(['user']) + }) + }) + + it('ignores email addresses', () => { + const content = 'Hello somebody@example.org' + expect(extractSlugs(content)).toEqual([]) + }) +}) diff --git a/backend/src/middleware/notificationsMiddleware.js b/backend/src/middleware/notificationsMiddleware.js index 1150ab0d9..30205278b 100644 --- a/backend/src/middleware/notificationsMiddleware.js +++ b/backend/src/middleware/notificationsMiddleware.js @@ -1,16 +1,12 @@ -const MENTION_REGEX = /@(\S+)/g +import { extractSlugs } from './notifications/mentions' const notify = async (resolve, root, args, context, resolveInfo) => { const post = await resolve(root, args, context, resolveInfo) const session = context.driver.session() const { content, id: postId } = post - const slugs = [] + const slugs = extractSlugs(content) const createdAt = (new Date()).toISOString() - let match - while ((match = MENTION_REGEX.exec(content)) != null) { - slugs.push(match[1]) - } const cypher = ` match(u:User) where u.slug in $slugs match(p:Post) where p.id = $postId From 0476c151639f44db80f8d5d6055d490cc7d1d0f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Mon, 8 Apr 2019 12:08:49 +0200 Subject: [PATCH 07/10] Remove dots from matched @mention regex --- backend/src/middleware/notifications/mentions.js | 2 +- .../src/middleware/notifications/mentions.spec.js | 15 +++++++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/backend/src/middleware/notifications/mentions.js b/backend/src/middleware/notifications/mentions.js index fb4a049f2..7071c9313 100644 --- a/backend/src/middleware/notifications/mentions.js +++ b/backend/src/middleware/notifications/mentions.js @@ -1,4 +1,4 @@ -const MENTION_REGEX = /\s@(\S+)/g +const MENTION_REGEX = /\s@([\w_-]+)/g export function extractSlugs(content) { let slugs = [] diff --git a/backend/src/middleware/notifications/mentions.spec.js b/backend/src/middleware/notifications/mentions.spec.js index 8fe9221b3..0c70aae1c 100644 --- a/backend/src/middleware/notifications/mentions.spec.js +++ b/backend/src/middleware/notifications/mentions.spec.js @@ -6,6 +6,21 @@ describe('extract', () => { const content = 'Hello @user' expect(extractSlugs(content)).toEqual(['user']) }) + + it('@user-with-dash', () => { + const content = 'Hello @user-with-dash' + expect(extractSlugs(content)).toEqual(['user-with-dash']) + }) + + it('@user.', () => { + const content = 'Hello @user.' + expect(extractSlugs(content)).toEqual(['user']) + }) + + it('@user-With-Capital-LETTERS', () => { + const content = 'Hello @user-With-Capital-LETTERS' + expect(extractSlugs(content)).toEqual(['user-With-Capital-LETTERS']) + }) }) it('ignores email addresses', () => { From 26caff5a9b487e3befc84967d08adf1a5782e719 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Tue, 9 Apr 2019 20:51:17 +0200 Subject: [PATCH 08/10] Fix lint --- backend/src/middleware/notifications/mentions.js | 2 +- backend/src/middleware/notifications/mentions.spec.js | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/backend/src/middleware/notifications/mentions.js b/backend/src/middleware/notifications/mentions.js index 7071c9313..137c23f1c 100644 --- a/backend/src/middleware/notifications/mentions.js +++ b/backend/src/middleware/notifications/mentions.js @@ -1,6 +1,6 @@ const MENTION_REGEX = /\s@([\w_-]+)/g -export function extractSlugs(content) { +export function extractSlugs (content) { let slugs = [] let match while ((match = MENTION_REGEX.exec(content)) != null) { diff --git a/backend/src/middleware/notifications/mentions.spec.js b/backend/src/middleware/notifications/mentions.spec.js index 0c70aae1c..f12df7f07 100644 --- a/backend/src/middleware/notifications/mentions.spec.js +++ b/backend/src/middleware/notifications/mentions.spec.js @@ -24,7 +24,7 @@ describe('extract', () => { }) it('ignores email addresses', () => { - const content = 'Hello somebody@example.org' - expect(extractSlugs(content)).toEqual([]) + const content = 'Hello somebody@example.org' + expect(extractSlugs(content)).toEqual([]) }) }) From b63200ac8ee7815c7745befd11cf28e45944d0d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Wed, 10 Apr 2019 01:52:14 +0200 Subject: [PATCH 09/10] Authorize and whitelist Notifications --- backend/src/graphql-schema.js | 7 +- .../src/middleware/permissionsMiddleware.js | 16 +++++ backend/src/resolvers/notifications.js | 14 ++++ backend/src/resolvers/notifications.spec.js | 71 +++++++++++++++++-- backend/src/server.js | 4 +- 5 files changed, 103 insertions(+), 9 deletions(-) create mode 100644 backend/src/resolvers/notifications.js diff --git a/backend/src/graphql-schema.js b/backend/src/graphql-schema.js index 57b2ffb6c..c17b967d2 100644 --- a/backend/src/graphql-schema.js +++ b/backend/src/graphql-schema.js @@ -7,6 +7,7 @@ import reports from './resolvers/reports.js' import posts from './resolvers/posts.js' import moderation from './resolvers/moderation.js' import rewards from './resolvers/rewards.js' +import notifications from './resolvers/notifications' export const typeDefs = fs .readFileSync( @@ -17,13 +18,15 @@ export const typeDefs = fs export const resolvers = { Query: { ...statistics.Query, - ...userManagement.Query + ...userManagement.Query, + ...notifications.Query }, Mutation: { ...userManagement.Mutation, ...reports.Mutation, ...posts.Mutation, ...moderation.Mutation, - ...rewards.Mutation + ...rewards.Mutation, + ...notifications.Mutation } } diff --git a/backend/src/middleware/permissionsMiddleware.js b/backend/src/middleware/permissionsMiddleware.js index 495bc9145..4ff334806 100644 --- a/backend/src/middleware/permissionsMiddleware.js +++ b/backend/src/middleware/permissionsMiddleware.js @@ -20,6 +20,21 @@ const isMyOwn = rule({ cache: 'no_cache' })(async (parent, args, context, info) return context.user.id === parent.id }) +const belongsToMe = rule({ cache: 'no_cache' })(async (_, args, context) => { + const { driver, user: { id: userId } } = context + const { id: notificationId } = args + const session = driver.session() + const result = await session.run(` + MATCH (u:User {id: $userId})<-[:NOTIFIED]-(n:Notification {id: $notificationId}) + RETURN n + `, { userId, notificationId }) + const [notification] = result.records.map((record) => { + return record.get('n') + }) + session.close() + return Boolean(notification) +}) + const onlyEnabledContent = rule({ cache: 'strict' })(async (parent, args, ctx, info) => { const { disabled, deleted } = args return !(disabled || deleted) @@ -50,6 +65,7 @@ const permissions = shield({ Post: or(onlyEnabledContent, isModerator) }, Mutation: { + UpdateNotification: belongsToMe, CreatePost: isAuthenticated, UpdatePost: isAuthor, DeletePost: isAuthor, diff --git a/backend/src/resolvers/notifications.js b/backend/src/resolvers/notifications.js new file mode 100644 index 000000000..bc3da0acf --- /dev/null +++ b/backend/src/resolvers/notifications.js @@ -0,0 +1,14 @@ +import { neo4jgraphql } from 'neo4j-graphql-js' + +export default { + Query: { + Notification: (object, params, context, resolveInfo) => { + return neo4jgraphql(object, params, context, resolveInfo, false) + } + }, + Mutation: { + UpdateNotification: (object, params, context, resolveInfo) => { + return neo4jgraphql(object, params, context, resolveInfo, false) + } + } +} diff --git a/backend/src/resolvers/notifications.spec.js b/backend/src/resolvers/notifications.spec.js index 50ded7bc4..799bc1594 100644 --- a/backend/src/resolvers/notifications.spec.js +++ b/backend/src/resolvers/notifications.spec.js @@ -5,13 +5,14 @@ import { host, login } from '../jest/helpers' const factory = Factory() let client +let userParams = { + id: 'you', + email: 'test@example.org', + password: '1234' +} beforeEach(async () => { - await factory.create('User', { - id: 'you', - email: 'test@example.org', - password: '1234' - }) + await factory.create('User', userParams) }) afterEach(async () => { @@ -118,3 +119,63 @@ describe('currentUser { notifications }', () => { }) }) }) + +describe('UpdateNotification', () => { + const mutation = `mutation($id: ID!, $read: Boolean){ + UpdateNotification(id: $id, read: $read) { + id read + } + }` + const variables = { id: 'to-be-updated', read: true } + + describe('given a notifications', () => { + let headers + + beforeEach(async () => { + const mentionedParams = { + id: 'mentioned-1', + email: 'mentioned@example.org', + password: '1234', + slug: 'mentioned' + } + await factory.create('User', mentionedParams) + await factory.create('Notification', { id: 'to-be-updated' }) + await factory.authenticateAs(userParams) + await factory.create('Post', { id: 'p1' }) + await Promise.all([ + factory.relate('Notification', 'User', { from: 'to-be-updated', to: 'mentioned-1' }), + factory.relate('Notification', 'Post', { from: 'p1', to: 'to-be-updated' }) + ]) + }) + + describe('unauthenticated', () => { + it('throws authorization error', async () => { + client = new GraphQLClient(host) + await expect(client.request(mutation, variables)).rejects.toThrow('Not Authorised') + }) + }) + + describe('authenticated', () => { + beforeEach(async () => { + headers = await login({ email: 'test@example.org', password: '1234' }) + client = new GraphQLClient(host, { headers }) + }) + + it('throws authorization error', async () => { + await expect(client.request(mutation, variables)).rejects.toThrow('Not Authorised') + }) + + describe('and owner', () => { + beforeEach(async () => { + headers = await login({ email: 'mentioned@example.org', password: '1234' }) + client = new GraphQLClient(host, { headers }) + }) + + it('updates notification', async () => { + const expected = { UpdateNotification: { id: 'to-be-updated', read: true } } + await expect(client.request(mutation, variables)).resolves.toEqual(expected) + }) + }) + }) + }) +}) diff --git a/backend/src/server.js b/backend/src/server.js index efa9a17c0..fe0d4ee1d 100644 --- a/backend/src/server.js +++ b/backend/src/server.js @@ -28,10 +28,10 @@ let schema = makeAugmentedSchema({ resolvers, config: { query: { - exclude: ['Statistics', 'LoggedInUser'] + exclude: ['Notfication', 'Statistics', 'LoggedInUser'] }, mutation: { - exclude: ['Statistics', 'LoggedInUser'] + exclude: ['Notfication', 'Statistics', 'LoggedInUser'] }, debug: debug } From 8d8c75d6c1b8c12be45fab55e716a7d803012425 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" Date: Wed, 10 Apr 2019 08:58:34 +0000 Subject: [PATCH 10/10] Bump graphql-shield from 5.3.1 to 5.3.2 in /backend Bumps [graphql-shield](https://github.com/maticzav/graphql-shield) from 5.3.1 to 5.3.2. - [Release notes](https://github.com/maticzav/graphql-shield/releases) - [Commits](https://github.com/maticzav/graphql-shield/compare/v5.3.1...v5.3.2) Signed-off-by: dependabot[bot] --- backend/package.json | 2 +- backend/yarn.lock | 14 ++++++++++---- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/backend/package.json b/backend/package.json index d03f35114..a79123b2f 100644 --- a/backend/package.json +++ b/backend/package.json @@ -51,7 +51,7 @@ "graphql-custom-directives": "~0.2.14", "graphql-iso-date": "~3.6.1", "graphql-middleware": "~3.0.2", - "graphql-shield": "~5.3.1", + "graphql-shield": "~5.3.2", "graphql-tag": "~2.10.1", "graphql-yoga": "~1.17.4", "helmet": "~3.16.0", diff --git a/backend/yarn.lock b/backend/yarn.lock index a491398fc..a58f1f865 100644 --- a/backend/yarn.lock +++ b/backend/yarn.lock @@ -1104,6 +1104,11 @@ resolved "https://registry.yarnpkg.com/@types/yargs/-/yargs-12.0.9.tgz#693e76a52f61a2f1e7fb48c0eef167b95ea4ffd0" integrity sha512-sCZy4SxP9rN2w30Hlmg5dtdRwgYQfYRiLo9usw8X9cxlf+H4FqM1xX7+sNH7NNKVdbXMJWqva7iyy+fxh/V7fA== +"@types/yup@0.26.9": + version "0.26.9" + resolved "https://registry.yarnpkg.com/@types/yup/-/yup-0.26.9.tgz#8a619ac4d2b8dcacb0d81345746018303b479919" + integrity sha512-C7HdLLs1ZNPbYeNsSX++fMosxWAwzVeUs9wc76XlKJrKvLEyNwXMDUjag75EVAPxlZ36YiRJ6iTy4zc5Dbtndw== + "@types/zen-observable@^0.5.3": version "0.5.4" resolved "https://registry.yarnpkg.com/@types/zen-observable/-/zen-observable-0.5.4.tgz#b863a4191e525206819e008097ebf0fb2e3a1cdc" @@ -3738,11 +3743,12 @@ graphql-request@~1.8.2: dependencies: cross-fetch "2.2.2" -graphql-shield@~5.3.1: - version "5.3.1" - resolved "https://registry.yarnpkg.com/graphql-shield/-/graphql-shield-5.3.1.tgz#34cff4d1bfdcc3caa6fc348afb11503dde1893cd" - integrity sha512-vVJ7rjkR7miWi/Zspr7/ibmtdL2gEHagCtpsJY534DyRE70r+PurCp2kR/e1fZhb4JdmTYCS+sokyYfH974/+w== +graphql-shield@~5.3.2: + version "5.3.2" + resolved "https://registry.yarnpkg.com/graphql-shield/-/graphql-shield-5.3.2.tgz#2d47907ed9882a0636cb8ade6087123309d215ef" + integrity sha512-fib7rSr5aS/WHL3+Aa5LXhcCuPGEIDXmzfGtFjUXkUiZ6E5u+bDSL+9KRXo/p14A28GkJF+1Vu1hlg9H/QFG1w== dependencies: + "@types/yup" "0.26.9" lightercollective "^0.2.0" object-hash "^1.3.1" yup "^0.27.0"