From 43505906978e14a93adc0827aba3343185f6cdd7 Mon Sep 17 00:00:00 2001 From: kachulio1 Date: Sat, 9 Mar 2019 13:36:27 +0300 Subject: [PATCH 1/9] add changePasssword mutation --- src/middleware/permissionsMiddleware.js | 3 +- src/resolvers/user_management.js | 69 ++++++++++++++++++++++--- src/schema.graphql | 1 + 3 files changed, 64 insertions(+), 9 deletions(-) diff --git a/src/middleware/permissionsMiddleware.js b/src/middleware/permissionsMiddleware.js index c40803e00..15c4d1a9b 100644 --- a/src/middleware/permissionsMiddleware.js +++ b/src/middleware/permissionsMiddleware.js @@ -55,7 +55,8 @@ const permissions = shield({ report: isAuthenticated, CreateBadge: isAdmin, UpdateBadge: isAdmin, - DeleteBadge: isAdmin + DeleteBadge: isAdmin, + changePassword: isAuthenticated // addFruitToBasket: isAuthenticated // CreateUser: allow, }, diff --git a/src/resolvers/user_management.js b/src/resolvers/user_management.js index ec4ae7ce2..3a7698e24 100644 --- a/src/resolvers/user_management.js +++ b/src/resolvers/user_management.js @@ -30,22 +30,75 @@ export default { // throw new Error('Already logged in.') // } const session = driver.session() - return session.run( - 'MATCH (user:User {email: $userEmail}) ' + - 'RETURN user {.id, .slug, .name, .avatar, .email, .password, .role} as user LIMIT 1', { - userEmail: email - }) - .then(async (result) => { + return session + .run( + 'MATCH (user:User {email: $userEmail}) ' + + 'RETURN user {.id, .slug, .name, .avatar, .email, .password, .role} as user LIMIT 1', + { + userEmail: email + } + ) + .then(async result => { session.close() const [currentUser] = await result.records.map(function (record) { return record.get('user') }) - if (currentUser && await bcrypt.compareSync(password, currentUser.password)) { + if ( + currentUser && + (await bcrypt.compareSync(password, currentUser.password)) + ) { delete currentUser.password return encode(currentUser) - } else throw new AuthenticationError('Incorrect email address or password.') + } else { + throw new AuthenticationError( + 'Incorrect email address or password.' + ) + } }) + }, + changePassword: async ( + _, + { oldPassword, newPassword }, + { driver, user } + ) => { + const session = driver.session() + let result = await session.run( + `MATCH (user:User {email: $userEmail}) + RETURN user {.id, .email, .password}`, + { + userEmail: user.email + } + ) + + const [currentUser] = result.records.map(function (record) { + return record.get('user') + }) + + if (!(await bcrypt.compareSync(oldPassword, currentUser.password))) { + throw new AuthenticationError('Old password isn\'t valid') + } + + if (await bcrypt.compareSync(newPassword, currentUser.password)) { + throw new AuthenticationError( + 'Old password and New password should not be same' + ) + } else { + const newHashedPassword = await bcrypt.hashSync(newPassword, 10) + session.run( + `MATCH (user:User {email: $userEmail}) + SET user.password = $newHashedPassword + RETURN user + `, + { + userEmail: user.email, + newHashedPassword + } + ) + session.close() + + return encode(currentUser) + } } } } diff --git a/src/schema.graphql b/src/schema.graphql index 1f9bcb477..127b9ced2 100644 --- a/src/schema.graphql +++ b/src/schema.graphql @@ -6,6 +6,7 @@ type Query { type Mutation { login(email: String!, password: String!): String! signup(email: String!, password: String!): Boolean! + changePassword(oldPassword:String!, newPassword: String!): String! report(resource: Resource!, description: String): Report } From 8fcefc63bc37d190b404ce93e3b6ffa615b4c43a Mon Sep 17 00:00:00 2001 From: kachulio1 Date: Sat, 9 Mar 2019 14:47:12 +0300 Subject: [PATCH 2/9] add changePassword mutation test --- src/resolvers/user_management.spec.js | 314 ++++++++++++++++---------- 1 file changed, 197 insertions(+), 117 deletions(-) diff --git a/src/resolvers/user_management.spec.js b/src/resolvers/user_management.spec.js index a3bf6fdd0..98574f0ac 100644 --- a/src/resolvers/user_management.spec.js +++ b/src/resolvers/user_management.spec.js @@ -1,9 +1,9 @@ -import Factory from '../seed/factories' -import { GraphQLClient, request } from 'graphql-request' -import jwt from 'jsonwebtoken' -import { host, login } from '../jest/helpers' +import Factory from "../seed/factories"; +import { GraphQLClient, request } from "graphql-request"; +import jwt from "jsonwebtoken"; +import { host, login } from "../jest/helpers"; -const factory = Factory() +const factory = Factory(); // here is the decoded JWT token: // { @@ -21,59 +21,71 @@ const factory = Factory() // iss: 'http://localhost:4000', // sub: 'u3' // } -const jennyRostocksHeaders = { authorization: 'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoidXNlciIsImxvY2F0aW9uTmFtZSI6bnVsbCwibmFtZSI6Ikplbm55IFJvc3RvY2siLCJhYm91dCI6bnVsbCwiYXZhdGFyIjoiaHR0cHM6Ly9zMy5hbWF6b25hd3MuY29tL3VpZmFjZXMvZmFjZXMvdHdpdHRlci9zYXNoYV9zaGVzdGFrb3YvMTI4LmpwZyIsImlkIjoidTMiLCJlbWFpbCI6InVzZXJAZXhhbXBsZS5vcmciLCJzbHVnIjoiamVubnktcm9zdG9jayIsImlhdCI6MTU1MDg0NjY4MCwiZXhwIjoxNjM3MjQ2NjgwLCJhdWQiOiJodHRwOi8vbG9jYWxob3N0OjMwMDAiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjQwMDAiLCJzdWIiOiJ1MyJ9.eZ_mVKas4Wzoc_JrQTEWXyRn7eY64cdIg4vqQ-F_7Jc' } +const jennyRostocksHeaders = { + authorization: + "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoidXNlciIsImxvY2F0aW9uTmFtZSI6bnVsbCwibmFtZSI6Ikplbm55IFJvc3RvY2siLCJhYm91dCI6bnVsbCwiYXZhdGFyIjoiaHR0cHM6Ly9zMy5hbWF6b25hd3MuY29tL3VpZmFjZXMvZmFjZXMvdHdpdHRlci9zYXNoYV9zaGVzdGFrb3YvMTI4LmpwZyIsImlkIjoidTMiLCJlbWFpbCI6InVzZXJAZXhhbXBsZS5vcmciLCJzbHVnIjoiamVubnktcm9zdG9jayIsImlhdCI6MTU1MDg0NjY4MCwiZXhwIjoxNjM3MjQ2NjgwLCJhdWQiOiJodHRwOi8vbG9jYWxob3N0OjMwMDAiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjQwMDAiLCJzdWIiOiJ1MyJ9.eZ_mVKas4Wzoc_JrQTEWXyRn7eY64cdIg4vqQ-F_7Jc" +}; beforeEach(async () => { - await factory.create('User', { - avatar: 'https://s3.amazonaws.com/uifaces/faces/twitter/seyedhossein1/128.jpg', - id: 'acb2d923-f3af-479e-9f00-61b12e864666', - name: 'Matilde Hermiston', - slug: 'matilde-hermiston', - role: 'user', - email: 'test@example.org', - password: '1234' - }) -}) + await factory.create("User", { + avatar: + "https://s3.amazonaws.com/uifaces/faces/twitter/seyedhossein1/128.jpg", + id: "acb2d923-f3af-479e-9f00-61b12e864666", + name: "Matilde Hermiston", + slug: "matilde-hermiston", + role: "user", + email: "test@example.org", + password: "1234" + }); +}); afterEach(async () => { - await factory.cleanDatabase() -}) + await factory.cleanDatabase(); +}); -describe('isLoggedIn', () => { - const query = '{ isLoggedIn }' - describe('unauthenticated', () => { - it('returns false', async () => { - await expect(request(host, query)).resolves.toEqual({ isLoggedIn: false }) - }) - }) +describe("isLoggedIn", () => { + const query = "{ isLoggedIn }"; + describe("unauthenticated", () => { + it("returns false", async () => { + await expect(request(host, query)).resolves.toEqual({ + isLoggedIn: false + }); + }); + }); - describe('with malformed JWT Bearer token', () => { - const headers = { authorization: 'blah' } - const client = new GraphQLClient(host, { headers }) + describe("with malformed JWT Bearer token", () => { + const headers = { authorization: "blah" }; + const client = new GraphQLClient(host, { headers }); - it('returns false', async () => { - await expect(client.request(query)).resolves.toEqual({ isLoggedIn: false }) - }) - }) + it("returns false", async () => { + await expect(client.request(query)).resolves.toEqual({ + isLoggedIn: false + }); + }); + }); - describe('with valid JWT Bearer token', () => { - const client = new GraphQLClient(host, { headers: jennyRostocksHeaders }) + describe("with valid JWT Bearer token", () => { + const client = new GraphQLClient(host, { headers: jennyRostocksHeaders }); - it('returns false', async () => { - await expect(client.request(query)).resolves.toEqual({ isLoggedIn: false }) - }) + it("returns false", async () => { + await expect(client.request(query)).resolves.toEqual({ + isLoggedIn: false + }); + }); - describe('and a corresponding user in the database', () => { - it('returns true', async () => { + describe("and a corresponding user in the database", () => { + it("returns true", async () => { // see the decoded token above - await factory.create('User', { id: 'u3' }) - await expect(client.request(query)).resolves.toEqual({ isLoggedIn: true }) - }) - }) - }) -}) + await factory.create("User", { id: "u3" }); + await expect(client.request(query)).resolves.toEqual({ + isLoggedIn: true + }); + }); + }); + }); +}); -describe('currentUser', () => { +describe("currentUser", () => { const query = `{ currentUser { id @@ -83,97 +95,165 @@ describe('currentUser', () => { email role } - }` + }`; - describe('unauthenticated', () => { - it('returns null', async () => { - const expected = { currentUser: null } - await expect(request(host, query)).resolves.toEqual(expected) - }) - }) + describe("unauthenticated", () => { + it("returns null", async () => { + const expected = { currentUser: null }; + await expect(request(host, query)).resolves.toEqual(expected); + }); + }); - describe('with valid JWT Bearer Token', () => { - let client - let headers + describe("with valid JWT Bearer Token", () => { + let client; + let headers; - describe('but no corresponding user in the database', () => { + describe("but no corresponding user in the database", () => { beforeEach(async () => { - client = new GraphQLClient(host, { headers: jennyRostocksHeaders }) - }) + client = new GraphQLClient(host, { headers: jennyRostocksHeaders }); + }); - it('returns null', async () => { - const expected = { currentUser: null } - await expect(client.request(query)).resolves.toEqual(expected) - }) - }) + it("returns null", async () => { + const expected = { currentUser: null }; + await expect(client.request(query)).resolves.toEqual(expected); + }); + }); - describe('and corresponding user in the database', () => { + describe("and corresponding user in the database", () => { beforeEach(async () => { - headers = await login({ email: 'test@example.org', password: '1234' }) - client = new GraphQLClient(host, { headers }) - }) + headers = await login({ email: "test@example.org", password: "1234" }); + client = new GraphQLClient(host, { headers }); + }); - it('returns the whole user object', async () => { + it("returns the whole user object", async () => { const expected = { currentUser: { - avatar: 'https://s3.amazonaws.com/uifaces/faces/twitter/seyedhossein1/128.jpg', - email: 'test@example.org', - id: 'acb2d923-f3af-479e-9f00-61b12e864666', - name: 'Matilde Hermiston', - slug: 'matilde-hermiston', - role: 'user' + avatar: + "https://s3.amazonaws.com/uifaces/faces/twitter/seyedhossein1/128.jpg", + email: "test@example.org", + id: "acb2d923-f3af-479e-9f00-61b12e864666", + name: "Matilde Hermiston", + slug: "matilde-hermiston", + role: "user" } - } - await expect(client.request(query)).resolves.toEqual(expected) - }) - }) - }) -}) + }; + await expect(client.request(query)).resolves.toEqual(expected); + }); + }); + }); +}); -describe('login', () => { - const mutation = (params) => { - const { email, password } = params +describe("login", () => { + const mutation = params => { + const { email, password } = params; return ` mutation { login(email:"${email}", password:"${password}") - }` - } + }`; + }; - describe('ask for a `token`', () => { - describe('with valid email/password combination', () => { - it('responds with a JWT token', async () => { - const data = await request(host, mutation({ - email: 'test@example.org', - password: '1234' - })) - const token = data.login + describe("ask for a `token`", () => { + describe("with valid email/password combination", () => { + it("responds with a JWT token", async () => { + const data = await request( + host, + mutation({ + email: "test@example.org", + password: "1234" + }) + ); + const token = data.login; jwt.verify(token, process.env.JWT_SECRET, (err, data) => { - expect(data.email).toEqual('test@example.org') - expect(err).toBeNull() - }) - }) - }) + expect(data.email).toEqual("test@example.org"); + expect(err).toBeNull(); + }); + }); + }); - describe('with a valid email but incorrect password', () => { + describe("with a valid email but incorrect password", () => { it('responds with "Incorrect email address or password."', async () => { await expect( - request(host, mutation({ - email: 'test@example.org', - password: 'wrong' - })) - ).rejects.toThrow('Incorrect email address or password.') - }) - }) + request( + host, + mutation({ + email: "test@example.org", + password: "wrong" + }) + ) + ).rejects.toThrow("Incorrect email address or password."); + }); + }); - describe('with a non-existing email', () => { + describe("with a non-existing email", () => { it('responds with "Incorrect email address or password."', async () => { await expect( - request(host, mutation({ - email: 'non-existent@example.org', - password: 'wrong' - })) - ).rejects.toThrow('Incorrect email address or password.') - }) - }) - }) -}) + request( + host, + mutation({ + email: "non-existent@example.org", + password: "wrong" + }) + ) + ).rejects.toThrow("Incorrect email address or password."); + }); + }); + }); +}); + +describe("change password", () => { + let headers; + let client; + + beforeEach(async () => { + headers = await login({ email: "test@example.org", password: "1234" }); + client = new GraphQLClient(host, { headers }); + }); + + const mutation = params => { + const { oldPassword, newPassword } = params; + return ` + mutation { + changePassword(oldPassword:"${oldPassword}", newPassword:"${newPassword}") + }`; + }; + + describe("should be authenticated before changing password", () => { + it('should throw not "Not Authorised!', async () => { + await expect( + request( + host, + mutation({ + oldPassword: "1234", + newPassword: "1234" + }) + ) + ).rejects.toThrow("Not Authorised!"); + }); + }); + + describe("old and new password should not match", () => { + it('responds with "Old password and New password should not be same"', async () => { + await expect( + client.request( + mutation({ + oldPassword: "1234", + newPassword: "1234" + }) + ) + ).rejects.toThrow("Old password and New password should not be same"); + }); + }); + + describe("incorrect old password", () => { + it('responds with "Old password isn\'t valid"', async () => { + await expect( + client.request( + mutation({ + oldPassword: "notOldPassword", + newPassword: "12345" + }) + ) + ).rejects.toThrow("Old password isn't valid"); + }); + }); +}); From 82ae81d8fe24f3c88c238d7f9a458145e9fe0ec6 Mon Sep 17 00:00:00 2001 From: kachulio1 Date: Sat, 9 Mar 2019 13:36:27 +0300 Subject: [PATCH 3/9] add changePasssword mutation --- src/middleware/permissionsMiddleware.js | 4 +- src/resolvers/user_management.js | 69 ++++++++++++++++++++++--- src/schema.graphql | 1 + 3 files changed, 64 insertions(+), 10 deletions(-) diff --git a/src/middleware/permissionsMiddleware.js b/src/middleware/permissionsMiddleware.js index 7fb6e75b8..434b97200 100644 --- a/src/middleware/permissionsMiddleware.js +++ b/src/middleware/permissionsMiddleware.js @@ -56,9 +56,9 @@ const permissions = shield({ CreateBadge: isAdmin, UpdateBadge: isAdmin, DeleteBadge: isAdmin, - enable: isModerator, - disable: isModerator + disable: isModerator, + changePassword: isAuthenticated // addFruitToBasket: isAuthenticated // CreateUser: allow, }, diff --git a/src/resolvers/user_management.js b/src/resolvers/user_management.js index ec4ae7ce2..3a7698e24 100644 --- a/src/resolvers/user_management.js +++ b/src/resolvers/user_management.js @@ -30,22 +30,75 @@ export default { // throw new Error('Already logged in.') // } const session = driver.session() - return session.run( - 'MATCH (user:User {email: $userEmail}) ' + - 'RETURN user {.id, .slug, .name, .avatar, .email, .password, .role} as user LIMIT 1', { - userEmail: email - }) - .then(async (result) => { + return session + .run( + 'MATCH (user:User {email: $userEmail}) ' + + 'RETURN user {.id, .slug, .name, .avatar, .email, .password, .role} as user LIMIT 1', + { + userEmail: email + } + ) + .then(async result => { session.close() const [currentUser] = await result.records.map(function (record) { return record.get('user') }) - if (currentUser && await bcrypt.compareSync(password, currentUser.password)) { + if ( + currentUser && + (await bcrypt.compareSync(password, currentUser.password)) + ) { delete currentUser.password return encode(currentUser) - } else throw new AuthenticationError('Incorrect email address or password.') + } else { + throw new AuthenticationError( + 'Incorrect email address or password.' + ) + } }) + }, + changePassword: async ( + _, + { oldPassword, newPassword }, + { driver, user } + ) => { + const session = driver.session() + let result = await session.run( + `MATCH (user:User {email: $userEmail}) + RETURN user {.id, .email, .password}`, + { + userEmail: user.email + } + ) + + const [currentUser] = result.records.map(function (record) { + return record.get('user') + }) + + if (!(await bcrypt.compareSync(oldPassword, currentUser.password))) { + throw new AuthenticationError('Old password isn\'t valid') + } + + if (await bcrypt.compareSync(newPassword, currentUser.password)) { + throw new AuthenticationError( + 'Old password and New password should not be same' + ) + } else { + const newHashedPassword = await bcrypt.hashSync(newPassword, 10) + session.run( + `MATCH (user:User {email: $userEmail}) + SET user.password = $newHashedPassword + RETURN user + `, + { + userEmail: user.email, + newHashedPassword + } + ) + session.close() + + return encode(currentUser) + } } } } diff --git a/src/schema.graphql b/src/schema.graphql index 0cf099411..b6abd8f81 100644 --- a/src/schema.graphql +++ b/src/schema.graphql @@ -9,6 +9,7 @@ type Mutation { "Get a JWT Token for the given Email and password" login(email: String!, password: String!): String! signup(email: String!, password: String!): Boolean! + changePassword(oldPassword:String!, newPassword: String!): String! report(resource: Resource!, description: String): Report "Shout the given Type and ID" shout(id: ID!, type: ShoutTypeEnum): Boolean! @cypher(statement: """ From 35339b4674ec46b483f16174554d94d2cd2e4187 Mon Sep 17 00:00:00 2001 From: kachulio1 Date: Sat, 9 Mar 2019 14:47:12 +0300 Subject: [PATCH 4/9] add changePassword mutation test --- src/resolvers/user_management.spec.js | 314 ++++++++++++++++---------- 1 file changed, 197 insertions(+), 117 deletions(-) diff --git a/src/resolvers/user_management.spec.js b/src/resolvers/user_management.spec.js index a3bf6fdd0..98574f0ac 100644 --- a/src/resolvers/user_management.spec.js +++ b/src/resolvers/user_management.spec.js @@ -1,9 +1,9 @@ -import Factory from '../seed/factories' -import { GraphQLClient, request } from 'graphql-request' -import jwt from 'jsonwebtoken' -import { host, login } from '../jest/helpers' +import Factory from "../seed/factories"; +import { GraphQLClient, request } from "graphql-request"; +import jwt from "jsonwebtoken"; +import { host, login } from "../jest/helpers"; -const factory = Factory() +const factory = Factory(); // here is the decoded JWT token: // { @@ -21,59 +21,71 @@ const factory = Factory() // iss: 'http://localhost:4000', // sub: 'u3' // } -const jennyRostocksHeaders = { authorization: 'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoidXNlciIsImxvY2F0aW9uTmFtZSI6bnVsbCwibmFtZSI6Ikplbm55IFJvc3RvY2siLCJhYm91dCI6bnVsbCwiYXZhdGFyIjoiaHR0cHM6Ly9zMy5hbWF6b25hd3MuY29tL3VpZmFjZXMvZmFjZXMvdHdpdHRlci9zYXNoYV9zaGVzdGFrb3YvMTI4LmpwZyIsImlkIjoidTMiLCJlbWFpbCI6InVzZXJAZXhhbXBsZS5vcmciLCJzbHVnIjoiamVubnktcm9zdG9jayIsImlhdCI6MTU1MDg0NjY4MCwiZXhwIjoxNjM3MjQ2NjgwLCJhdWQiOiJodHRwOi8vbG9jYWxob3N0OjMwMDAiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjQwMDAiLCJzdWIiOiJ1MyJ9.eZ_mVKas4Wzoc_JrQTEWXyRn7eY64cdIg4vqQ-F_7Jc' } +const jennyRostocksHeaders = { + authorization: + "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoidXNlciIsImxvY2F0aW9uTmFtZSI6bnVsbCwibmFtZSI6Ikplbm55IFJvc3RvY2siLCJhYm91dCI6bnVsbCwiYXZhdGFyIjoiaHR0cHM6Ly9zMy5hbWF6b25hd3MuY29tL3VpZmFjZXMvZmFjZXMvdHdpdHRlci9zYXNoYV9zaGVzdGFrb3YvMTI4LmpwZyIsImlkIjoidTMiLCJlbWFpbCI6InVzZXJAZXhhbXBsZS5vcmciLCJzbHVnIjoiamVubnktcm9zdG9jayIsImlhdCI6MTU1MDg0NjY4MCwiZXhwIjoxNjM3MjQ2NjgwLCJhdWQiOiJodHRwOi8vbG9jYWxob3N0OjMwMDAiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjQwMDAiLCJzdWIiOiJ1MyJ9.eZ_mVKas4Wzoc_JrQTEWXyRn7eY64cdIg4vqQ-F_7Jc" +}; beforeEach(async () => { - await factory.create('User', { - avatar: 'https://s3.amazonaws.com/uifaces/faces/twitter/seyedhossein1/128.jpg', - id: 'acb2d923-f3af-479e-9f00-61b12e864666', - name: 'Matilde Hermiston', - slug: 'matilde-hermiston', - role: 'user', - email: 'test@example.org', - password: '1234' - }) -}) + await factory.create("User", { + avatar: + "https://s3.amazonaws.com/uifaces/faces/twitter/seyedhossein1/128.jpg", + id: "acb2d923-f3af-479e-9f00-61b12e864666", + name: "Matilde Hermiston", + slug: "matilde-hermiston", + role: "user", + email: "test@example.org", + password: "1234" + }); +}); afterEach(async () => { - await factory.cleanDatabase() -}) + await factory.cleanDatabase(); +}); -describe('isLoggedIn', () => { - const query = '{ isLoggedIn }' - describe('unauthenticated', () => { - it('returns false', async () => { - await expect(request(host, query)).resolves.toEqual({ isLoggedIn: false }) - }) - }) +describe("isLoggedIn", () => { + const query = "{ isLoggedIn }"; + describe("unauthenticated", () => { + it("returns false", async () => { + await expect(request(host, query)).resolves.toEqual({ + isLoggedIn: false + }); + }); + }); - describe('with malformed JWT Bearer token', () => { - const headers = { authorization: 'blah' } - const client = new GraphQLClient(host, { headers }) + describe("with malformed JWT Bearer token", () => { + const headers = { authorization: "blah" }; + const client = new GraphQLClient(host, { headers }); - it('returns false', async () => { - await expect(client.request(query)).resolves.toEqual({ isLoggedIn: false }) - }) - }) + it("returns false", async () => { + await expect(client.request(query)).resolves.toEqual({ + isLoggedIn: false + }); + }); + }); - describe('with valid JWT Bearer token', () => { - const client = new GraphQLClient(host, { headers: jennyRostocksHeaders }) + describe("with valid JWT Bearer token", () => { + const client = new GraphQLClient(host, { headers: jennyRostocksHeaders }); - it('returns false', async () => { - await expect(client.request(query)).resolves.toEqual({ isLoggedIn: false }) - }) + it("returns false", async () => { + await expect(client.request(query)).resolves.toEqual({ + isLoggedIn: false + }); + }); - describe('and a corresponding user in the database', () => { - it('returns true', async () => { + describe("and a corresponding user in the database", () => { + it("returns true", async () => { // see the decoded token above - await factory.create('User', { id: 'u3' }) - await expect(client.request(query)).resolves.toEqual({ isLoggedIn: true }) - }) - }) - }) -}) + await factory.create("User", { id: "u3" }); + await expect(client.request(query)).resolves.toEqual({ + isLoggedIn: true + }); + }); + }); + }); +}); -describe('currentUser', () => { +describe("currentUser", () => { const query = `{ currentUser { id @@ -83,97 +95,165 @@ describe('currentUser', () => { email role } - }` + }`; - describe('unauthenticated', () => { - it('returns null', async () => { - const expected = { currentUser: null } - await expect(request(host, query)).resolves.toEqual(expected) - }) - }) + describe("unauthenticated", () => { + it("returns null", async () => { + const expected = { currentUser: null }; + await expect(request(host, query)).resolves.toEqual(expected); + }); + }); - describe('with valid JWT Bearer Token', () => { - let client - let headers + describe("with valid JWT Bearer Token", () => { + let client; + let headers; - describe('but no corresponding user in the database', () => { + describe("but no corresponding user in the database", () => { beforeEach(async () => { - client = new GraphQLClient(host, { headers: jennyRostocksHeaders }) - }) + client = new GraphQLClient(host, { headers: jennyRostocksHeaders }); + }); - it('returns null', async () => { - const expected = { currentUser: null } - await expect(client.request(query)).resolves.toEqual(expected) - }) - }) + it("returns null", async () => { + const expected = { currentUser: null }; + await expect(client.request(query)).resolves.toEqual(expected); + }); + }); - describe('and corresponding user in the database', () => { + describe("and corresponding user in the database", () => { beforeEach(async () => { - headers = await login({ email: 'test@example.org', password: '1234' }) - client = new GraphQLClient(host, { headers }) - }) + headers = await login({ email: "test@example.org", password: "1234" }); + client = new GraphQLClient(host, { headers }); + }); - it('returns the whole user object', async () => { + it("returns the whole user object", async () => { const expected = { currentUser: { - avatar: 'https://s3.amazonaws.com/uifaces/faces/twitter/seyedhossein1/128.jpg', - email: 'test@example.org', - id: 'acb2d923-f3af-479e-9f00-61b12e864666', - name: 'Matilde Hermiston', - slug: 'matilde-hermiston', - role: 'user' + avatar: + "https://s3.amazonaws.com/uifaces/faces/twitter/seyedhossein1/128.jpg", + email: "test@example.org", + id: "acb2d923-f3af-479e-9f00-61b12e864666", + name: "Matilde Hermiston", + slug: "matilde-hermiston", + role: "user" } - } - await expect(client.request(query)).resolves.toEqual(expected) - }) - }) - }) -}) + }; + await expect(client.request(query)).resolves.toEqual(expected); + }); + }); + }); +}); -describe('login', () => { - const mutation = (params) => { - const { email, password } = params +describe("login", () => { + const mutation = params => { + const { email, password } = params; return ` mutation { login(email:"${email}", password:"${password}") - }` - } + }`; + }; - describe('ask for a `token`', () => { - describe('with valid email/password combination', () => { - it('responds with a JWT token', async () => { - const data = await request(host, mutation({ - email: 'test@example.org', - password: '1234' - })) - const token = data.login + describe("ask for a `token`", () => { + describe("with valid email/password combination", () => { + it("responds with a JWT token", async () => { + const data = await request( + host, + mutation({ + email: "test@example.org", + password: "1234" + }) + ); + const token = data.login; jwt.verify(token, process.env.JWT_SECRET, (err, data) => { - expect(data.email).toEqual('test@example.org') - expect(err).toBeNull() - }) - }) - }) + expect(data.email).toEqual("test@example.org"); + expect(err).toBeNull(); + }); + }); + }); - describe('with a valid email but incorrect password', () => { + describe("with a valid email but incorrect password", () => { it('responds with "Incorrect email address or password."', async () => { await expect( - request(host, mutation({ - email: 'test@example.org', - password: 'wrong' - })) - ).rejects.toThrow('Incorrect email address or password.') - }) - }) + request( + host, + mutation({ + email: "test@example.org", + password: "wrong" + }) + ) + ).rejects.toThrow("Incorrect email address or password."); + }); + }); - describe('with a non-existing email', () => { + describe("with a non-existing email", () => { it('responds with "Incorrect email address or password."', async () => { await expect( - request(host, mutation({ - email: 'non-existent@example.org', - password: 'wrong' - })) - ).rejects.toThrow('Incorrect email address or password.') - }) - }) - }) -}) + request( + host, + mutation({ + email: "non-existent@example.org", + password: "wrong" + }) + ) + ).rejects.toThrow("Incorrect email address or password."); + }); + }); + }); +}); + +describe("change password", () => { + let headers; + let client; + + beforeEach(async () => { + headers = await login({ email: "test@example.org", password: "1234" }); + client = new GraphQLClient(host, { headers }); + }); + + const mutation = params => { + const { oldPassword, newPassword } = params; + return ` + mutation { + changePassword(oldPassword:"${oldPassword}", newPassword:"${newPassword}") + }`; + }; + + describe("should be authenticated before changing password", () => { + it('should throw not "Not Authorised!', async () => { + await expect( + request( + host, + mutation({ + oldPassword: "1234", + newPassword: "1234" + }) + ) + ).rejects.toThrow("Not Authorised!"); + }); + }); + + describe("old and new password should not match", () => { + it('responds with "Old password and New password should not be same"', async () => { + await expect( + client.request( + mutation({ + oldPassword: "1234", + newPassword: "1234" + }) + ) + ).rejects.toThrow("Old password and New password should not be same"); + }); + }); + + describe("incorrect old password", () => { + it('responds with "Old password isn\'t valid"', async () => { + await expect( + client.request( + mutation({ + oldPassword: "notOldPassword", + newPassword: "12345" + }) + ) + ).rejects.toThrow("Old password isn't valid"); + }); + }); +}); From 3fbe4cb2e6e32555adb00daf08b2ed0177c800f0 Mon Sep 17 00:00:00 2001 From: kachulio1 Date: Sun, 10 Mar 2019 00:48:16 +0300 Subject: [PATCH 5/9] add use single quotes --- src/resolvers/user_management.spec.js | 280 +++++++++++++------------- 1 file changed, 140 insertions(+), 140 deletions(-) diff --git a/src/resolvers/user_management.spec.js b/src/resolvers/user_management.spec.js index 98574f0ac..5aaadfeed 100644 --- a/src/resolvers/user_management.spec.js +++ b/src/resolvers/user_management.spec.js @@ -1,9 +1,9 @@ -import Factory from "../seed/factories"; -import { GraphQLClient, request } from "graphql-request"; -import jwt from "jsonwebtoken"; -import { host, login } from "../jest/helpers"; +import Factory from '../seed/factories' +import { GraphQLClient, request } from 'graphql-request' +import jwt from 'jsonwebtoken' +import { host, login } from '../jest/helpers' -const factory = Factory(); +const factory = Factory() // here is the decoded JWT token: // { @@ -23,69 +23,69 @@ const factory = Factory(); // } const jennyRostocksHeaders = { authorization: - "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoidXNlciIsImxvY2F0aW9uTmFtZSI6bnVsbCwibmFtZSI6Ikplbm55IFJvc3RvY2siLCJhYm91dCI6bnVsbCwiYXZhdGFyIjoiaHR0cHM6Ly9zMy5hbWF6b25hd3MuY29tL3VpZmFjZXMvZmFjZXMvdHdpdHRlci9zYXNoYV9zaGVzdGFrb3YvMTI4LmpwZyIsImlkIjoidTMiLCJlbWFpbCI6InVzZXJAZXhhbXBsZS5vcmciLCJzbHVnIjoiamVubnktcm9zdG9jayIsImlhdCI6MTU1MDg0NjY4MCwiZXhwIjoxNjM3MjQ2NjgwLCJhdWQiOiJodHRwOi8vbG9jYWxob3N0OjMwMDAiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjQwMDAiLCJzdWIiOiJ1MyJ9.eZ_mVKas4Wzoc_JrQTEWXyRn7eY64cdIg4vqQ-F_7Jc" -}; + 'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoidXNlciIsImxvY2F0aW9uTmFtZSI6bnVsbCwibmFtZSI6Ikplbm55IFJvc3RvY2siLCJhYm91dCI6bnVsbCwiYXZhdGFyIjoiaHR0cHM6Ly9zMy5hbWF6b25hd3MuY29tL3VpZmFjZXMvZmFjZXMvdHdpdHRlci9zYXNoYV9zaGVzdGFrb3YvMTI4LmpwZyIsImlkIjoidTMiLCJlbWFpbCI6InVzZXJAZXhhbXBsZS5vcmciLCJzbHVnIjoiamVubnktcm9zdG9jayIsImlhdCI6MTU1MDg0NjY4MCwiZXhwIjoxNjM3MjQ2NjgwLCJhdWQiOiJodHRwOi8vbG9jYWxob3N0OjMwMDAiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjQwMDAiLCJzdWIiOiJ1MyJ9.eZ_mVKas4Wzoc_JrQTEWXyRn7eY64cdIg4vqQ-F_7Jc' +} beforeEach(async () => { - await factory.create("User", { + await factory.create('User', { avatar: - "https://s3.amazonaws.com/uifaces/faces/twitter/seyedhossein1/128.jpg", - id: "acb2d923-f3af-479e-9f00-61b12e864666", - name: "Matilde Hermiston", - slug: "matilde-hermiston", - role: "user", - email: "test@example.org", - password: "1234" - }); -}); + 'https://s3.amazonaws.com/uifaces/faces/twitter/seyedhossein1/128.jpg', + id: 'acb2d923-f3af-479e-9f00-61b12e864666', + name: 'Matilde Hermiston', + slug: 'matilde-hermiston', + role: 'user', + email: 'test@example.org', + password: '1234' + }) +}) afterEach(async () => { - await factory.cleanDatabase(); -}); + await factory.cleanDatabase() +}) -describe("isLoggedIn", () => { - const query = "{ isLoggedIn }"; - describe("unauthenticated", () => { - it("returns false", async () => { +describe('isLoggedIn', () => { + const query = '{ isLoggedIn }' + describe('unauthenticated', () => { + it('returns false', async () => { await expect(request(host, query)).resolves.toEqual({ isLoggedIn: false - }); - }); - }); + }) + }) + }) - describe("with malformed JWT Bearer token", () => { - const headers = { authorization: "blah" }; - const client = new GraphQLClient(host, { headers }); + describe('with malformed JWT Bearer token', () => { + const headers = { authorization: 'blah' } + const client = new GraphQLClient(host, { headers }) - it("returns false", async () => { + it('returns false', async () => { await expect(client.request(query)).resolves.toEqual({ isLoggedIn: false - }); - }); - }); + }) + }) + }) - describe("with valid JWT Bearer token", () => { - const client = new GraphQLClient(host, { headers: jennyRostocksHeaders }); + describe('with valid JWT Bearer token', () => { + const client = new GraphQLClient(host, { headers: jennyRostocksHeaders }) - it("returns false", async () => { + it('returns false', async () => { await expect(client.request(query)).resolves.toEqual({ isLoggedIn: false - }); - }); + }) + }) - describe("and a corresponding user in the database", () => { - it("returns true", async () => { + describe('and a corresponding user in the database', () => { + it('returns true', async () => { // see the decoded token above - await factory.create("User", { id: "u3" }); + await factory.create('User', { id: 'u3' }) await expect(client.request(query)).resolves.toEqual({ isLoggedIn: true - }); - }); - }); - }); -}); + }) + }) + }) + }) +}) -describe("currentUser", () => { +describe('currentUser', () => { const query = `{ currentUser { id @@ -95,165 +95,165 @@ describe("currentUser", () => { email role } - }`; + }` - describe("unauthenticated", () => { - it("returns null", async () => { - const expected = { currentUser: null }; - await expect(request(host, query)).resolves.toEqual(expected); - }); - }); + describe('unauthenticated', () => { + it('returns null', async () => { + const expected = { currentUser: null } + await expect(request(host, query)).resolves.toEqual(expected) + }) + }) - describe("with valid JWT Bearer Token", () => { - let client; - let headers; + describe('with valid JWT Bearer Token', () => { + let client + let headers - describe("but no corresponding user in the database", () => { + describe('but no corresponding user in the database', () => { beforeEach(async () => { - client = new GraphQLClient(host, { headers: jennyRostocksHeaders }); - }); + client = new GraphQLClient(host, { headers: jennyRostocksHeaders }) + }) - it("returns null", async () => { - const expected = { currentUser: null }; - await expect(client.request(query)).resolves.toEqual(expected); - }); - }); + it('returns null', async () => { + const expected = { currentUser: null } + await expect(client.request(query)).resolves.toEqual(expected) + }) + }) - describe("and corresponding user in the database", () => { + describe('and corresponding user in the database', () => { beforeEach(async () => { - headers = await login({ email: "test@example.org", password: "1234" }); - client = new GraphQLClient(host, { headers }); - }); + headers = await login({ email: 'test@example.org', password: '1234' }) + client = new GraphQLClient(host, { headers }) + }) - it("returns the whole user object", async () => { + it('returns the whole user object', async () => { const expected = { currentUser: { avatar: - "https://s3.amazonaws.com/uifaces/faces/twitter/seyedhossein1/128.jpg", - email: "test@example.org", - id: "acb2d923-f3af-479e-9f00-61b12e864666", - name: "Matilde Hermiston", - slug: "matilde-hermiston", - role: "user" + 'https://s3.amazonaws.com/uifaces/faces/twitter/seyedhossein1/128.jpg', + email: 'test@example.org', + id: 'acb2d923-f3af-479e-9f00-61b12e864666', + name: 'Matilde Hermiston', + slug: 'matilde-hermiston', + role: 'user' } - }; - await expect(client.request(query)).resolves.toEqual(expected); - }); - }); - }); -}); + } + await expect(client.request(query)).resolves.toEqual(expected) + }) + }) + }) +}) -describe("login", () => { +describe('login', () => { const mutation = params => { - const { email, password } = params; + const { email, password } = params return ` mutation { login(email:"${email}", password:"${password}") - }`; - }; + }` + } - describe("ask for a `token`", () => { - describe("with valid email/password combination", () => { - it("responds with a JWT token", async () => { + describe('ask for a `token`', () => { + describe('with valid email/password combination', () => { + it('responds with a JWT token', async () => { const data = await request( host, mutation({ - email: "test@example.org", - password: "1234" + email: 'test@example.org', + password: '1234' }) - ); - const token = data.login; + ) + const token = data.login jwt.verify(token, process.env.JWT_SECRET, (err, data) => { - expect(data.email).toEqual("test@example.org"); - expect(err).toBeNull(); - }); - }); - }); + expect(data.email).toEqual('test@example.org') + expect(err).toBeNull() + }) + }) + }) - describe("with a valid email but incorrect password", () => { + describe('with a valid email but incorrect password', () => { it('responds with "Incorrect email address or password."', async () => { await expect( request( host, mutation({ - email: "test@example.org", - password: "wrong" + email: 'test@example.org', + password: 'wrong' }) ) - ).rejects.toThrow("Incorrect email address or password."); - }); - }); + ).rejects.toThrow('Incorrect email address or password.') + }) + }) - describe("with a non-existing email", () => { + describe('with a non-existing email', () => { it('responds with "Incorrect email address or password."', async () => { await expect( request( host, mutation({ - email: "non-existent@example.org", - password: "wrong" + email: 'non-existent@example.org', + password: 'wrong' }) ) - ).rejects.toThrow("Incorrect email address or password."); - }); - }); - }); -}); + ).rejects.toThrow('Incorrect email address or password.') + }) + }) + }) +}) -describe("change password", () => { - let headers; - let client; +describe('change password', () => { + let headers + let client beforeEach(async () => { - headers = await login({ email: "test@example.org", password: "1234" }); - client = new GraphQLClient(host, { headers }); - }); + headers = await login({ email: 'test@example.org', password: '1234' }) + client = new GraphQLClient(host, { headers }) + }) const mutation = params => { - const { oldPassword, newPassword } = params; + const { oldPassword, newPassword } = params return ` mutation { changePassword(oldPassword:"${oldPassword}", newPassword:"${newPassword}") - }`; - }; + }` + } - describe("should be authenticated before changing password", () => { + describe('should be authenticated before changing password', () => { it('should throw not "Not Authorised!', async () => { await expect( request( host, mutation({ - oldPassword: "1234", - newPassword: "1234" + oldPassword: '1234', + newPassword: '1234' }) ) - ).rejects.toThrow("Not Authorised!"); - }); - }); + ).rejects.toThrow('Not Authorised!') + }) + }) - describe("old and new password should not match", () => { + describe('old and new password should not match', () => { it('responds with "Old password and New password should not be same"', async () => { await expect( client.request( mutation({ - oldPassword: "1234", - newPassword: "1234" + oldPassword: '1234', + newPassword: '1234' }) ) - ).rejects.toThrow("Old password and New password should not be same"); - }); - }); + ).rejects.toThrow('Old password and New password should not be same') + }) + }) - describe("incorrect old password", () => { + describe('incorrect old password', () => { it('responds with "Old password isn\'t valid"', async () => { await expect( client.request( mutation({ - oldPassword: "notOldPassword", - newPassword: "12345" + oldPassword: 'notOldPassword', + newPassword: '12345' }) ) - ).rejects.toThrow("Old password isn't valid"); - }); - }); -}); + ).rejects.toThrow('Old password isn\'t valid') + }) + }) +}) From 6cba9f1fd8f584b5b53ecaf32f3feac276f99b99 Mon Sep 17 00:00:00 2001 From: kachulio1 Date: Sun, 10 Mar 2019 00:50:16 +0300 Subject: [PATCH 6/9] remove image url --- src/resolvers/user_management.spec.js | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/resolvers/user_management.spec.js b/src/resolvers/user_management.spec.js index 5aaadfeed..8007737f0 100644 --- a/src/resolvers/user_management.spec.js +++ b/src/resolvers/user_management.spec.js @@ -28,8 +28,6 @@ const jennyRostocksHeaders = { beforeEach(async () => { await factory.create('User', { - avatar: - 'https://s3.amazonaws.com/uifaces/faces/twitter/seyedhossein1/128.jpg', id: 'acb2d923-f3af-479e-9f00-61b12e864666', name: 'Matilde Hermiston', slug: 'matilde-hermiston', From 0a31e5278c35911691bac5d24a500178027f262f Mon Sep 17 00:00:00 2001 From: kachulio1 Date: Sun, 10 Mar 2019 01:44:41 +0300 Subject: [PATCH 7/9] add test for correct credentials --- src/resolvers/user_management.js | 50 ++++++++++++--------------- src/resolvers/user_management.spec.js | 28 +++++++++++---- 2 files changed, 45 insertions(+), 33 deletions(-) diff --git a/src/resolvers/user_management.js b/src/resolvers/user_management.js index 3a7698e24..36865646f 100644 --- a/src/resolvers/user_management.js +++ b/src/resolvers/user_management.js @@ -30,32 +30,28 @@ export default { // throw new Error('Already logged in.') // } const session = driver.session() - return session - .run( - 'MATCH (user:User {email: $userEmail}) ' + - 'RETURN user {.id, .slug, .name, .avatar, .email, .password, .role} as user LIMIT 1', - { - userEmail: email - } - ) - .then(async result => { - session.close() - const [currentUser] = await result.records.map(function (record) { - return record.get('user') - }) + const result = await session.run( + 'MATCH (user:User {email: $userEmail}) ' + + 'RETURN user {.id, .slug, .name, .avatar, .email, .password, .role} as user LIMIT 1', + { + userEmail: email + } + ) - if ( - currentUser && - (await bcrypt.compareSync(password, currentUser.password)) - ) { - delete currentUser.password - return encode(currentUser) - } else { - throw new AuthenticationError( - 'Incorrect email address or password.' - ) - } - }) + session.close() + const [currentUser] = await result.records.map(function (record) { + return record.get('user') + }) + + if ( + currentUser && + (await bcrypt.compareSync(password, currentUser.password)) + ) { + delete currentUser.password + return encode(currentUser) + } else { + throw new AuthenticationError('Incorrect email address or password.') + } }, changePassword: async ( _, @@ -76,12 +72,12 @@ export default { }) if (!(await bcrypt.compareSync(oldPassword, currentUser.password))) { - throw new AuthenticationError('Old password isn\'t valid') + throw new AuthenticationError('Old password is not correct') } if (await bcrypt.compareSync(newPassword, currentUser.password)) { throw new AuthenticationError( - 'Old password and New password should not be same' + 'Old password and new password should be different' ) } else { const newHashedPassword = await bcrypt.hashSync(newPassword, 10) diff --git a/src/resolvers/user_management.spec.js b/src/resolvers/user_management.spec.js index 8007737f0..c4b09df37 100644 --- a/src/resolvers/user_management.spec.js +++ b/src/resolvers/user_management.spec.js @@ -28,6 +28,7 @@ const jennyRostocksHeaders = { beforeEach(async () => { await factory.create('User', { + avatar: 'https://s3.amazonaws.com/uifaces/faces/twitter/jimmuirhead/128.jpg', id: 'acb2d923-f3af-479e-9f00-61b12e864666', name: 'Matilde Hermiston', slug: 'matilde-hermiston', @@ -126,8 +127,7 @@ describe('currentUser', () => { it('returns the whole user object', async () => { const expected = { currentUser: { - avatar: - 'https://s3.amazonaws.com/uifaces/faces/twitter/seyedhossein1/128.jpg', + avatar: 'https://s3.amazonaws.com/uifaces/faces/twitter/jimmuirhead/128.jpg', email: 'test@example.org', id: 'acb2d923-f3af-479e-9f00-61b12e864666', name: 'Matilde Hermiston', @@ -216,7 +216,7 @@ describe('change password', () => { } describe('should be authenticated before changing password', () => { - it('should throw not "Not Authorised!', async () => { + it('throws not "Not Authorised!', async () => { await expect( request( host, @@ -230,7 +230,7 @@ describe('change password', () => { }) describe('old and new password should not match', () => { - it('responds with "Old password and New password should not be same"', async () => { + it('responds with "Old password and new password should be different"', async () => { await expect( client.request( mutation({ @@ -238,7 +238,7 @@ describe('change password', () => { newPassword: '1234' }) ) - ).rejects.toThrow('Old password and New password should not be same') + ).rejects.toThrow('Old password and new password should be different') }) }) @@ -251,7 +251,23 @@ describe('change password', () => { newPassword: '12345' }) ) - ).rejects.toThrow('Old password isn\'t valid') + ).rejects.toThrow('Old password is not correct') + }) + }) + + describe('correct password', () => { + it('changes the password if given correct credentials "', async () => { + let response = await client.request( + mutation({ + oldPassword: '1234', + newPassword: '12345' + }) + ) + await expect( + response + ).toEqual(expect.objectContaining({ + changePassword: expect.any(String) + })) }) }) }) From e9e0c84cb2776f60aa8ad068ae38e537ee559f72 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Wed, 13 Mar 2019 16:48:56 +0100 Subject: [PATCH 8/9] Fixed merge error CC @Lulalaby --- src/schema.graphql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/schema.graphql b/src/schema.graphql index 752532d8b..4e0347cc7 100644 --- a/src/schema.graphql +++ b/src/schema.graphql @@ -10,7 +10,7 @@ type Mutation { login(email: String!, password: String!): String! signup(email: String!, password: String!): Boolean! changePassword(oldPassword:String!, newPassword: String!): String! - report(resource: Resource!, description: String): Report + report(id: ID!, description: String): Report disable(id: ID!): ID enable(id: ID!): ID "Shout the given Type and ID" From 57fc99fc3f5b76be6c9531025f83c4a2059d2030 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Wed, 13 Mar 2019 17:01:49 +0100 Subject: [PATCH 9/9] Fix merge error again cc @Lulaby pay attention when merging `master` --- src/middleware/permissionsMiddleware.js | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/middleware/permissionsMiddleware.js b/src/middleware/permissionsMiddleware.js index 9e1bc6fbe..62999c235 100644 --- a/src/middleware/permissionsMiddleware.js +++ b/src/middleware/permissionsMiddleware.js @@ -56,8 +56,6 @@ const permissions = shield({ CreateBadge: isAdmin, UpdateBadge: isAdmin, DeleteBadge: isAdmin, - enable: isModerator, - disable: isModerator, // addFruitToBasket: isAuthenticated follow: isAuthenticated, unfollow: isAuthenticated,