pass test for unauthorised use of me query

5 years ago · 1d1e5230d8
parent 586efd5581
commit 1d1e5230d8
3 changed files with 96 additions and 48 deletions
--- a/src/modules/User/UserResolver.spec.ts
+++ b/src/modules/User/UserResolver.spec.ts
@ -1,4 +1,3 @@
-
 import faker = require("faker")
 import { createConnection, getConnection } from "typeorm"
 import { callSchema } from "../../utils/callSchema"
@ -29,62 +28,78 @@ afterEach(async () => {
 })

 describe("resolver of user", () => {
-    it("returns email as it creates user with mutation", async () => {
-
-        const fakeEmail = faker.internet.email()
-        const fakePassword = faker.internet.password(6)
-        const createUserMutation = `mutation {
-            createUser(email: "${fakeEmail}", password: "${fakePassword}") {
-                email
-            }
-        }`
-
-        const response = await callSchema(createUserMutation)
-
-        expect(response).toMatchObject({
-            data: {
+    describe("createUser mutation should", () => {
+        it("return email as it creates user with mutation", async () => {
+            const fakeEmail = faker.internet.email()
+            const fakePassword = faker.internet.password(8)
+            const createUserMutation = `mutation {
+                createUser(email: "${fakeEmail}", password: "${fakePassword}") {
+                    email
+                }
+            }`
+
+            const response = await callSchema(createUserMutation)
+
+            expect(response.errors).toBeUndefined()
+            expect(response.data).toMatchObject({
                createUser: { email: fakeEmail },
-            },
+            })
        })
    })

-    it("should return emails of registered users", async () => {
-
-        const usersQuery = `{
-            users {
-                email
-            }
-        }`
+    describe("users query should", () => {
+        it("return emails of registered users", async () => {
+            const usersQuery = `{
+                users {
+                    email
+                }
+            }`

-        const user = await User.create({
-            email: faker.internet.email(),
-        }).save()
+            const user = await User.create({
+                email: faker.internet.email(),
+            }).save()

-        const response = await callSchema(usersQuery)
+            const response = await callSchema(usersQuery)

-        expect(response).toMatchObject({
-            data: {
+            expect(response.errors).toBeUndefined()
+            expect(response.data).toMatchObject({
                users: [{ email: user.email }],
-            },
+            })
        })
    })

-    it("should return a valid login token", async () => {
+    describe("loginToken query should", () => {
+        it("return a valid login token", async () => {
+            const fakeEmail = faker.internet.email()
+            const fakePassword = faker.internet.password(6)
+            await User.create({
+                email: fakeEmail,
+                password: fakePassword,
+            }).save()

-        const fakeEmail = faker.internet.email()
-        const fakePassword = faker.internet.password(6)
-        await User.create({
-            email: fakeEmail,
-            password: fakePassword,
-        }).save()
+            const loginTokenQuery = `{
+                loginToken(email: "${fakeEmail}", password: "${fakePassword}") 
+            }`

-        const loginTokenQuery = `{
-            loginToken(email: "${fakeEmail}", password: "${fakePassword}") 
-        }`
-        
-        const response = await callSchema(loginTokenQuery)
-        const token = response.data!.loginToken;
+            const response = await callSchema(loginTokenQuery)
+            const token = response.data!.loginToken

-        expect(jwt.verify(token, jwt.PUBLIC_KEY)).toBeTruthy()
+            expect(jwt.verify(token, jwt.PUBLIC_KEY)).toBeTruthy()
+        })
+    })
+
+    describe("me query should", () => {
+        it("return an error and null data without a valid jwt token", async () => {
+            const meQuery = `{
+                me {
+                    email
+                }
+            }`
+
+            const response = await callSchema(meQuery)
+
+            expect(response.errors).not.toBeUndefined()
+            expect(response.data).toBeNull()
+        })
    })
 })
--- a/src/modules/User/UserResolver.ts
+++ b/src/modules/User/UserResolver.ts
@ -1,5 +1,5 @@
 import "reflect-metadata"
-import { Arg, Mutation, Query, Resolver } from "type-graphql"
+import { Arg, Authorized, Mutation, Query, Resolver } from "type-graphql"
 import * as argon2 from "../../utils/argon2"
 import * as jwt from "../../utils/jwt"
 import { User } from "../User"
@ -32,6 +32,15 @@ export class UserResolver {
        return token
    }

+    @Query(() => User)
+    @Authorized()
+    async me() {
+        const user = User.create({
+            email: "asddsf@fdsfs.sk",
+        })
+        return user
+    }
+
    @Mutation(() => User)
    async createUser(
        @Arg("email") email: string,
--- a/src/utils/createSchema.ts
+++ b/src/utils/createSchema.ts
@ -1,7 +1,8 @@
-import { buildSchema, MiddlewareFn } from "type-graphql"
+import { AuthChecker, buildSchema, MiddlewareFn } from "type-graphql"
+// import { User } from "../modules/User"
 import { UserResolver } from "../modules/User/UserResolver"

-const ErrorInterceptor: MiddlewareFn<any> = async ({}, next) => {
+const errorInterceptor: MiddlewareFn<any> = async ({}, next) => {
    try {
        return await next()
    } catch (err) {
@ -9,8 +10,31 @@ const ErrorInterceptor: MiddlewareFn<any> = async ({}, next) => {
    }
 }

+const customAuthChecker: AuthChecker<any> = () => false
+//     { root, args, context, info },
+//     roles,
+//   ) => {
+//       console.log(`root: `)
+//       console.log(root)
+//       console.log(`args: `)
+//       console.log(args)
+//       console.log(`context: `)
+//       console.log(context)
+//       console.log(`info: `)
+//       console.log(info)
+//       console.log(`roles: `)
+//       console.log(roles)
+//     // here we can read the user from context
+//     // and check his permission in the db against the `roles` argument
+//     // that comes from the `@Authorized` decorator, eg. ["ADMIN", "MODERATOR"]
+  
+//     return false; // or false if access is denied
+//   };
+
 export const createSchema = () =>
    buildSchema({
        resolvers: [UserResolver],
-        globalMiddlewares: [ErrorInterceptor],
+        globalMiddlewares: [errorInterceptor],
+        authChecker: customAuthChecker,
+        // authMode: "null"
    })