Patch cypher injection vulnerability

@mattwr18 this patches the vulnerability. However we should never do string interpolation with user input.
2025-12-13 07:46:06 +00:00 · 2019-06-29 13:45:37 +02:00 · 2019-06-29 13:45:37 +02:00 · 4e687a06ea
commit 4e687a06ea
parent 7763083bd6
2 changed files with 7 additions and 2 deletions
--- a/backend/src/schema/resolvers/users.spec.js
+++ b/backend/src/schema/resolvers/users.spec.js
@ -143,7 +143,7 @@ describe('users', () => {
    let deleteUserVariables
    let asAuthor
    const deleteUserMutation = gql`
-      mutation($id: ID!, $resource: [String]) {
+      mutation($id: ID!, $resource: [Deletable]) {
        DeleteUser(id: $id, resource: $resource) {
          id
          contributions {
--- a/backend/src/schema/types/schema.gql
+++ b/backend/src/schema/types/schema.gql
@ -40,7 +40,7 @@ type Mutation {
  follow(id: ID!, type: FollowTypeEnum): Boolean!
  # Unfollow the given Type and ID
  unfollow(id: ID!, type: FollowTypeEnum): Boolean!
-  DeleteUser(id: ID!, resource: [String]): User
+  DeleteUser(id: ID!, resource: [Deletable]): User
 }

 type Statistics {
@ -92,6 +92,11 @@ type Report {
  user: User @relation(name: "REPORTED", direction: "OUT")
 }

+enum Deletable {
+  Post
+  Comment
+}
+
 enum ShoutTypeEnum {
  Post
  Organization