diff --git a/backend/src/middleware/filterBubble/replaceParams.js b/backend/src/middleware/filterBubble/replaceParams.js index a0ced7b15..82d39d024 100644 --- a/backend/src/middleware/filterBubble/replaceParams.js +++ b/backend/src/middleware/filterBubble/replaceParams.js @@ -1,7 +1,13 @@ +import { UserInputError } from 'apollo-server' + export default async function replaceParams(args, context) { const { author = 'all' } = args.filterBubble || {} + const { user } = context if (author === 'followed') { + if (!user) + throw new UserInputError("You are unauthenticated - I don't know your followed users") + const session = context.driver.session() let { records } = await session.run( 'MATCH(followed:User)<-[:FOLLOWS]-(u {id: $userId}) RETURN followed.id', diff --git a/backend/src/middleware/filterBubble/replaceParams.spec.js b/backend/src/middleware/filterBubble/replaceParams.spec.js index 927a362cd..cd9e0a3da 100644 --- a/backend/src/middleware/filterBubble/replaceParams.spec.js +++ b/backend/src/middleware/filterBubble/replaceParams.spec.js @@ -15,7 +15,6 @@ describe('replaceParams', () => { records: [{ get: () => 1 }, { get: () => 2 }, { get: () => 3 }], }) context = { - user: { id: 'u4711' }, driver: { session: () => { return { @@ -27,28 +26,6 @@ describe('replaceParams', () => { } }) - describe('given any additional filter args', () => { - describe('merges', () => { - it('empty filter object', async () => { - args = { filter: {}, filterBubble: { author: 'followed' } } - const expected = { filter: { author: { id_in: [1, 2, 3] } } } - await expect(action()).resolves.toEqual(expected) - }) - - it('filter.title', async () => { - args = { filter: { title: 'bla' }, filterBubble: { author: 'followed' } } - const expected = { filter: { title: 'bla', author: { id_in: [1, 2, 3] } } } - await expect(action()).resolves.toEqual(expected) - }) - - it('filter.author', async () => { - args = { filter: { author: { name: 'bla' } }, filterBubble: { author: 'followed' } } - const expected = { filter: { author: { name: 'bla', id_in: [1, 2, 3] } } } - await expect(action()).resolves.toEqual(expected) - }) - }) - }) - describe('args == ', () => { describe('{}', () => { it('does not crash', async () => { @@ -56,43 +33,96 @@ describe('replaceParams', () => { }) }) - describe('{ filterBubble: { author: followed } }', () => { + describe('unauthenticated user', () => { beforeEach(() => { - args = { filterBubble: { author: 'followed' } } + context.user = null }) - it('returns args object with resolved ids of followed users', async () => { - const expected = { filter: { author: { id_in: [1, 2, 3] } } } - await expect(action()).resolves.toEqual(expected) + describe('{ filterBubble: { author: followed } }', () => { + it('throws error', async () => { + args = { filterBubble: { author: 'followed' } } + await expect(action()).rejects.toThrow('You are unauthenticated') + }) }) - it('makes database calls', async () => { - await action() - expect(run).toHaveBeenCalled() + describe('{ filterBubble: { author: all } }', () => { + it('removes filterBubble param', async () => { + const expected = {} + await expect(action()).resolves.toEqual(expected) + }) + + it('does not make database calls', async () => { + await action() + expect(run).not.toHaveBeenCalled() + }) }) }) - describe('{ filterBubble: { } }', () => { - it('removes filterBubble param', async () => { - const expected = {} - await expect(action()).resolves.toEqual(expected) + describe('authenticated user', () => { + beforeEach(() => { + context.user = { id: 'u4711' } }) - it('does not make database calls', async () => { - await action() - expect(run).not.toHaveBeenCalled() - }) - }) + describe('{ filterBubble: { author: followed } }', () => { + beforeEach(() => { + args = { filterBubble: { author: 'followed' } } + }) - describe('{ filterBubble: { author: all } }', () => { - it('removes filterBubble param', async () => { - const expected = {} - await expect(action()).resolves.toEqual(expected) + it('returns args object with resolved ids of followed users', async () => { + const expected = { filter: { author: { id_in: [1, 2, 3] } } } + await expect(action()).resolves.toEqual(expected) + }) + + it('makes database calls', async () => { + await action() + expect(run).toHaveBeenCalled() + }) + + describe('given any additional filter args', () => { + describe('merges', () => { + it('empty filter object', async () => { + args.filter = {} + const expected = { filter: { author: { id_in: [1, 2, 3] } } } + await expect(action()).resolves.toEqual(expected) + }) + + it('filter.title', async () => { + args.filter = { title: 'bla' } + const expected = { filter: { title: 'bla', author: { id_in: [1, 2, 3] } } } + await expect(action()).resolves.toEqual(expected) + }) + + it('filter.author', async () => { + args.filter = { author: { name: 'bla' } } + const expected = { filter: { author: { name: 'bla', id_in: [1, 2, 3] } } } + await expect(action()).resolves.toEqual(expected) + }) + }) + }) }) - it('does not make database calls', async () => { - await action() - expect(run).not.toHaveBeenCalled() + describe('{ filterBubble: { } }', () => { + it('removes filterBubble param', async () => { + const expected = {} + await expect(action()).resolves.toEqual(expected) + }) + + it('does not make database calls', async () => { + await action() + expect(run).not.toHaveBeenCalled() + }) + }) + + describe('{ filterBubble: { author: all } }', () => { + it('removes filterBubble param', async () => { + const expected = {} + await expect(action()).resolves.toEqual(expected) + }) + + it('does not make database calls', async () => { + await action() + expect(run).not.toHaveBeenCalled() + }) }) }) })