Merge pull request #2295 from Human-Connection/2294_fix_email_filter

If an admin searches for a user by email, don't crash if no user can be found
2025-12-13 07:46:06 +00:00 · 2019-11-27 14:46:16 +01:00 · 2019-11-27 14:46:16 +01:00 · 62080a0afb
commit 62080a0afb
parent 2b1f0b1c4a b0d20ede71
3 changed files with 32 additions and 7 deletions
--- a/backend/src/middleware/permissionsMiddleware.js
+++ b/backend/src/middleware/permissionsMiddleware.js
@ -100,7 +100,7 @@ const noEmailFilter = rule({
 const publicRegistration = rule()(() => !!CONFIG.PUBLIC_REGISTRATION)
 // Permissions
-const permissions = shield(
+export default shield(
  {
    Query: {
      '*': deny,
@ -176,5 +176,3 @@ const permissions = shield(
    fallbackRule: allow,
  },
 )
 export default permissions
--- a/backend/src/schema/resolvers/users.js
+++ b/backend/src/schema/resolvers/users.js
@ -49,10 +49,22 @@ export default {
    User: async (object, args, context, resolveInfo) => {
      const { email } = args
      if (email) {
-        const e = await instance.first('EmailAddress', { email })
+        let session
-        let user = e.get('belongsTo')
+        try {
-        user = await user.toJson()
+          session = context.driver.session()
-        return [user.node]
+          const readTxResult = await session.readTransaction(txc => {
            const result = txc.run(
              `
            MATCH (user:User)-[:PRIMARY_EMAIL]->(e:EmailAddress {email: $args.email})
            RETURN user`,
              { args },
            )
            return result
          })
          return readTxResult.records.map(r => r.get('user').properties)
        } finally {
          session.close()
        }
      }
      return neo4jgraphql(object, args, context, resolveInfo)
    },
--- a/backend/src/schema/resolvers/users.spec.js
+++ b/backend/src/schema/resolvers/users.spec.js
@ -70,6 +70,21 @@ describe('User', () => {
          data: { User: [{ name: 'Johnny' }] },
        })
      })
      it('non-existing email address, issue #2294', async () => {
        // see: https://github.com/Human-Connection/Human-Connection/issues/2294
        await expect(
          query({
            query: userQuery,
            variables: {
              email: 'this-email-does-not-exist@example.org',
            },
          }),
        ).resolves.toMatchObject({
          data: { User: [] },
          errors: undefined,
        })
      })
    })
  })
 })