import { create, cleanDatabase } from '../seed/factories' import { testServerHost as host, authenticatedHeaders } from '../jest/helpers' import { GraphQLClient } from 'graphql-request' describe('authorization', () => { describe('given two existing users', () => { beforeEach(async () => { await create('user', { email: 'owner@example.org', name: 'Owner', password: 'iamtheowner' }) await create('user', { email: 'someone@example.org', name: 'Someone else', password: 'else' }) }) afterEach(async () => { await cleanDatabase() }) describe('access email address', () => { let headers = {} const action = async (headers) => { const graphQLClient = new GraphQLClient(host, { headers }) return graphQLClient.request(`{ User(name: "Owner") { email } }`) } describe('not logged in', async () => { it('rejects', async () => { await expect(action(headers)).rejects.toThrow('Not Authorised!') }) it('does not expose the owner\'s email address', async () => { try { await action(headers) } catch (error) { expect(error.response.data).toEqual({ User: [ { email: null } ] }) } }) }) describe('as owner', () => { it('exposes the owner\'s email address', async () => { headers = await authenticatedHeaders({ email: 'owner@example.org', password: 'iamtheowner' }) expect(await action(headers)).toEqual({ User: [ { email: 'owner@example.org' } ] }) }) }) describe('as someone else', () => { beforeEach(async () => { headers = await authenticatedHeaders({ email: 'someone@example.org', password: 'else' }) }) it('rejects', async () => { await expect(action(headers)).rejects.toThrow('Not Authorised!') }) it('does not expose the owner\'s email address', async () => { try { await action(headers) } catch (error) { expect(error.response.data).toEqual({ User: [ { email: null } ] }) } }) }) }) }) })