ocelot-Social-Community/Ocelot-Social
1
0
Fork 0
mirror of https://github.com/Ocelot-Social-Community/Ocelot-Social.git synced 2026-01-20 20:01:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix missing check if user is unauthenticated

Browse Source
This commit is contained in:
Robert Schäfer 2019-06-03 19:54:02 +02:00
parent b9b103b424
commit 8e9b0318da
2 changed files with 83 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
backend/src/middleware/filterBubble/replaceParams.js
View File

@ -1,7 +1,13 @@
import { UserInputError } from 'apollo-server'
export default async function replaceParams(args, context) {
const { author = 'all' } = args.filterBubble || {}
const { user } = context
if (author === 'followed') {
if (!user)
throw new UserInputError("You are unauthenticated - I don't know your followed users")
const session = context.driver.session()
let { records } = await session.run(
'MATCH(followed:User)<-[:FOLLOWS]-(u {id: $userId}) RETURN followed.id',

124
backend/src/middleware/filterBubble/replaceParams.spec.js
View File

@ -15,7 +15,6 @@ describe('replaceParams', () => {
records: [{ get: () => 1 }, { get: () => 2 }, { get: () => 3 }],
})
context = {
user: { id: 'u4711' },
driver: {
session: () => {
return {
@ -27,28 +26,6 @@ describe('replaceParams', () => {
}
})
describe('given any additional filter args', () => {
describe('merges', () => {
it('empty filter object', async () => {
args = { filter: {}, filterBubble: { author: 'followed' } }
const expected = { filter: { author: { id_in: [1, 2, 3] } } }
await expect(action()).resolves.toEqual(expected)
})
it('filter.title', async () => {
args = { filter: { title: 'bla' }, filterBubble: { author: 'followed' } }
const expected = { filter: { title: 'bla', author: { id_in: [1, 2, 3] } } }
await expect(action()).resolves.toEqual(expected)
})
it('filter.author', async () => {
args = { filter: { author: { name: 'bla' } }, filterBubble: { author: 'followed' } }
const expected = { filter: { author: { name: 'bla', id_in: [1, 2, 3] } } }
await expect(action()).resolves.toEqual(expected)
})
})
})
describe('args == ', () => {
describe('{}', () => {
it('does not crash', async () => {
@ -56,43 +33,96 @@ describe('replaceParams', () => {
})
})
describe('{ filterBubble: { author: followed } }', () => {
describe('unauthenticated user', () => {
beforeEach(() => {
args = { filterBubble: { author: 'followed' } }
context.user = null
})
it('returns args object with resolved ids of followed users', async () => {
const expected = { filter: { author: { id_in: [1, 2, 3] } } }
await expect(action()).resolves.toEqual(expected)
describe('{ filterBubble: { author: followed } }', () => {
it('throws error', async () => {
args = { filterBubble: { author: 'followed' } }
await expect(action()).rejects.toThrow('You are unauthenticated')
})
})
it('makes database calls', async () => {
await action()
expect(run).toHaveBeenCalled()
describe('{ filterBubble: { author: all } }', () => {
it('removes filterBubble param', async () => {
const expected = {}
await expect(action()).resolves.toEqual(expected)
})
it('does not make database calls', async () => {
await action()
expect(run).not.toHaveBeenCalled()
})
})
})
describe('{ filterBubble: { } }', () => {
it('removes filterBubble param', async () => {
const expected = {}
await expect(action()).resolves.toEqual(expected)
describe('authenticated user', () => {
beforeEach(() => {
context.user = { id: 'u4711' }
})
it('does not make database calls', async () => {
await action()
expect(run).not.toHaveBeenCalled()
})
})
describe('{ filterBubble: { author: followed } }', () => {
beforeEach(() => {
args = { filterBubble: { author: 'followed' } }
})
describe('{ filterBubble: { author: all } }', () => {
it('removes filterBubble param', async () => {
const expected = {}
await expect(action()).resolves.toEqual(expected)
it('returns args object with resolved ids of followed users', async () => {
const expected = { filter: { author: { id_in: [1, 2, 3] } } }
await expect(action()).resolves.toEqual(expected)
})
it('makes database calls', async () => {
await action()
expect(run).toHaveBeenCalled()
})
describe('given any additional filter args', () => {
describe('merges', () => {
it('empty filter object', async () => {
args.filter = {}
const expected = { filter: { author: { id_in: [1, 2, 3] } } }
await expect(action()).resolves.toEqual(expected)
})
it('filter.title', async () => {
args.filter = { title: 'bla' }
const expected = { filter: { title: 'bla', author: { id_in: [1, 2, 3] } } }
await expect(action()).resolves.toEqual(expected)
})
it('filter.author', async () => {
args.filter = { author: { name: 'bla' } }
const expected = { filter: { author: { name: 'bla', id_in: [1, 2, 3] } } }
await expect(action()).resolves.toEqual(expected)
})
})
})
})
it('does not make database calls', async () => {
await action()
expect(run).not.toHaveBeenCalled()
describe('{ filterBubble: { } }', () => {
it('removes filterBubble param', async () => {
const expected = {}
await expect(action()).resolves.toEqual(expected)
})
it('does not make database calls', async () => {
await action()
expect(run).not.toHaveBeenCalled()
})
})
describe('{ filterBubble: { author: all } }', () => {
it('removes filterBubble param', async () => {
const expected = {}
await expect(action()).resolves.toEqual(expected)
})
it('does not make database calls', async () => {
await action()
expect(run).not.toHaveBeenCalled()
})
})
})
})