Merge pull request #935 from Human-Connection/fix_cypher_injection

Patch cypher injection vulnerability

backend/src/schema/resolvers/users.spec.js

@@ -143,7 +143,7 @@ describe('users', () => {
     let deleteUserVariables
     let asAuthor
     const deleteUserMutation = gql`
-      mutation($id: ID!, $resource: [String]) {
+      mutation($id: ID!, $resource: [Deletable]) {
         DeleteUser(id: $id, resource: $resource) {
           id
           contributions {

backend/src/schema/types/schema.gql

@@ -40,7 +40,7 @@ type Mutation {
   follow(id: ID!, type: FollowTypeEnum): Boolean!
   # Unfollow the given Type and ID
   unfollow(id: ID!, type: FollowTypeEnum): Boolean!
-  DeleteUser(id: ID!, resource: [String]): User
+  DeleteUser(id: ID!, resource: [Deletable]): User
 }
 
 type Statistics {
@@ -92,6 +92,11 @@ type Report {
   user: User @relation(name: "REPORTED", direction: "OUT")
 }
 
+enum Deletable {
+  Post
+  Comment
+}
+
 enum ShoutTypeEnum {
   Post
   Organization

webapp/components/DeleteData/DeleteData.vue

@@ -111,7 +111,7 @@ export default {
       this.$apollo
         .mutate({
           mutation: gql`
-            mutation($id: ID!, $resource: [String]) {
+            mutation($id: ID!, $resource: [Deletable]) {
               DeleteUser(id: $id, resource: $resource) {
                 id
               }