From ba874be0e4b24ae324152d0eb33d45bee31abdb0 Mon Sep 17 00:00:00 2001 From: Dimitrie Stefanescu Date: Sun, 26 Apr 2020 13:15:48 +0100 Subject: [PATCH] feat(graphql): consolidated some responses, and improved some resolver behaviour --- modules/core/graph/resolvers/apitoken.js | 3 +- modules/core/graph/resolvers/streams.js | 3 +- modules/core/tests/graph.spec.js | 96 ++++++++++++++---------- modules/core/users/services.js | 2 - 4 files changed, 60 insertions(+), 44 deletions(-) diff --git a/modules/core/graph/resolvers/apitoken.js b/modules/core/graph/resolvers/apitoken.js index 86badf6c5..90e32ff3d 100644 --- a/modules/core/graph/resolvers/apitoken.js +++ b/modules/core/graph/resolvers/apitoken.js @@ -9,8 +9,7 @@ module.exports = { Query: {}, User: { async apiTokens( parent, args, context, info ) { - return await getUserTokens( context.userId ) - } + } }, Mutation: { async apiTokenCreate( parent, args, context, info ) { diff --git a/modules/core/graph/resolvers/streams.js b/modules/core/graph/resolvers/streams.js index baa2d1720..a903a30b8 100644 --- a/modules/core/graph/resolvers/streams.js +++ b/modules/core/graph/resolvers/streams.js @@ -45,7 +45,8 @@ module.exports = { await validateScopes( context.scopes, 'streams:write' ) await authorizeResolver( context.userId, args.id, 'stream_acl', 'streams', 'owner' ) - return await deleteStream( args.id ) + await deleteStream( args.id ) + return true }, async streamClone( parent, args, context, info ) { throw new ApolloError( 'Not implemented yet :)' ) diff --git a/modules/core/tests/graph.spec.js b/modules/core/tests/graph.spec.js index 80cfaee20..8ccc2b56f 100644 --- a/modules/core/tests/graph.spec.js +++ b/modules/core/tests/graph.spec.js @@ -66,7 +66,7 @@ describe( 'GraphQL API Core', ( ) => { it( 'Should create some api tokens', async ( ) => { const res1 = await sendRequest( userA.token, { query: `mutation { apiTokenCreate(name:"Token 1", scopes: ["streams:read"]) }` } ) expect( res1 ).to.be.json - expect( res1 ).to.have.status( 200 ) + expect( res1.body.errors ).to.not.exist expect( res1.body.data.apiTokenCreate ).to.be.a( 'string' ) token1 = `Bearer ${res1.body.data.apiTokenCreate}` @@ -80,9 +80,8 @@ describe( 'GraphQL API Core', ( ) => { it( 'Should revoke an api token that the user owns', async ( ) => { const res = await sendRequest( userA.token, { query: `mutation{ apiTokenRevoke(token:"${token2}")}` } ) - console.log( res.body ) expect( res ).to.be.json - expect( res ).to.have.status( 200 ) + expect( res.body.errors ).to.not.exist expect( res.body.data.apiTokenRevoke ).to.equal( true ) } ) @@ -90,7 +89,7 @@ describe( 'GraphQL API Core', ( ) => { const res = await sendRequest( userA.token, { query: `mutation{ apiTokenRevoke(token:"${token3}")}` } ) expect( res ).to.be.json expect( res.body.errors ).to.exist - } ) + } ) it( 'Should fail to create a stream with an invalid scope token', async ( ) => { // Note: token1 has only stream read access @@ -101,7 +100,7 @@ describe( 'GraphQL API Core', ( ) => { it( 'Should create some streams', async ( ) => { const resS1 = await sendRequest( userA.token, { query: `mutation { streamCreate(stream: { name: "TS1 (u A) Private", description: "Hello World", isPublic:false } ) }` } ) expect( resS1 ).to.be.json - expect( resS1 ).to.have.status( 200 ) + expect( resS1.body.errors ).to.not.exist expect( resS1.body.data ).to.have.property( 'streamCreate' ) expect( resS1.body.data.streamCreate ).to.be.a( 'string' ) ts1 = resS1.body.data.streamCreate @@ -120,7 +119,7 @@ describe( 'GraphQL API Core', ( ) => { const resS1 = await sendRequest( userA.token, { query: `mutation { streamUpdate(stream: {id:"${ts1}" name: "TS1 (u A) Private UPDATED", description: "Hello World, Again!", isPublic:false } ) }` } ) expect( resS1 ).to.be.json - expect( resS1 ).to.have.status( 200 ) + expect( resS1.body.errors ).to.not.exist expect( resS1.body.data ).to.have.property( 'streamUpdate' ) expect( resS1.body.data.streamUpdate ).to.equal( true ) } ) @@ -129,15 +128,22 @@ describe( 'GraphQL API Core', ( ) => { const res = await sendRequest( userA.token, { query: `mutation{ streamGrantPermission( streamId: "${ts1}", userId: "${userB.id}" role: WRITE) }` } ) expect( res ).to.be.json - expect( res ).to.have.status( 200 ) + expect( res.body.errors ).to.not.exist expect( res.body.data.streamGrantPermission ).to.equal( true ) } ) + it( 'Should fail to grant myself permissions', async ( ) => { + const res = await sendRequest( userA.token, { query: `mutation{ streamGrantPermission( streamId: "${ts1}", userId: "${userA.id}" role: WRITE) }` } ) + + expect( res ).to.be.json + expect( res.body.errors ).to.exist + } ) + it( 'Should update permissions', async ( ) => { const res = await sendRequest( userA.token, { query: `mutation{ streamGrantPermission( streamId: "${ts1}", userId: "${userB.id}" role: READ) }` } ) expect( res ).to.be.json - expect( res ).to.have.status( 200 ) + expect( res.body.errors ).to.not.exist expect( res.body.data.streamGrantPermission ).to.equal( true ) } ) @@ -164,7 +170,7 @@ describe( 'GraphQL API Core', ( ) => { const res = await sendRequest( userA.token, { query: `mutation($objs:[JSONObject]!) { objectCreate(streamId:"${ts1}", objects: $objs) }`, variables: { objs: objs } } ) expect( res ).to.be.json - expect( res ).to.have.status( 200 ) + expect( res.body.errors ).to.not.exist expect( res.body.data.objectCreate ).to.have.lengthOf( objs.length ) objIds = res.body.data.objectCreate @@ -175,7 +181,7 @@ describe( 'GraphQL API Core', ( ) => { let res = await sendRequest( userA.token, { query: `mutation($commit:JSONObject!) { commitCreate(streamId:"${ts1}", commit:$commit) }`, variables: { commit: c1 } } ) expect( res ).to.be.json - expect( res ).to.have.status( 200 ) + expect( res.body.errors ).to.not.exist expect( res.body.data ).to.have.property( 'commitCreate' ) expect( res.body.data.commitCreate ).to.be.a( 'string' ) c1.id = res.body.data.commitCreate @@ -192,7 +198,7 @@ describe( 'GraphQL API Core', ( ) => { mutation($tag: TagCreateInput){tagCreate(streamId:"${ts1}", tag: $tag) }`, variables: { tag: tag1 } } ) expect( res ).to.be.json - expect( res ).to.have.status( 200 ) + expect( res.body.errors ).to.not.exist expect( res.body.data ).to.have.property( 'tagCreate' ) tag1.id = res.body.data.tagCreate @@ -200,7 +206,7 @@ describe( 'GraphQL API Core', ( ) => { res = await sendRequest( userA.token, { query: ` mutation($tag: TagCreateInput){tagCreate(streamId:"${ts1}", tag: $tag)}`, variables: { tag: tag2 } } ) expect( res ).to.be.json - expect( res ).to.have.status( 200 ) + expect( res.body.errors ).to.not.exist expect( res.body.data ).to.have.property( 'tagCreate' ) tag2.id = res.body.data.tagCreate @@ -214,7 +220,7 @@ describe( 'GraphQL API Core', ( ) => { const res = await sendRequest( userA.token, { query: ` mutation($tag: TagUpdateInput){tagUpdate(streamId:"${ts1}", tag: $tag)}`, variables: { tag: { id: tag2.id, description: 'Cool description!' } } } ) expect( res ).to.be.json - expect( res ).to.have.status( 200 ) + expect( res.body.errors ).to.not.exist expect( res.body.data ).to.have.property( 'tagUpdate' ) expect( res.body.data.tagUpdate ).to.equal( true ) } ) @@ -222,7 +228,7 @@ describe( 'GraphQL API Core', ( ) => { it( 'Should delete a tag', async ( ) => { const res = await sendRequest( userA.token, { query: `mutation{ tagDelete(streamId:"${ts1}", tagId:"${tag3.id}")}` } ) expect( res ).to.be.json - expect( res ).to.have.status( 200 ) + expect( res.body.errors ).to.not.exist expect( res.body.data ).to.have.property( 'tagDelete' ) expect( res.body.data.tagDelete ).to.equal( true ) } ) @@ -234,7 +240,7 @@ describe( 'GraphQL API Core', ( ) => { it( 'Should create several branches', async ( ) => { const res1 = await sendRequest( userA.token, { query: `mutation($branch:BranchCreateInput!) { branchCreate(streamId:"${ts1}", branch:$branch) }`, variables: { branch: b1 } } ) expect( res1 ).to.be.json - expect( res1 ).to.have.status( 200 ) + expect( res1.body.errors ).to.not.exist expect( res1.body.data ).to.have.property( 'branchCreate' ) expect( res1.body.data.branchCreate ).to.be.a( 'string' ) b1.id = res1.body.data.branchCreate @@ -249,7 +255,7 @@ describe( 'GraphQL API Core', ( ) => { it( 'Should update a branch', async ( ) => { const res1 = await sendRequest( userA.token, { query: `mutation($branch:BranchUpdateInput!) { branchUpdate(streamId:"${ts1}", branch:$branch) }`, variables: { branch: { id: b1.id, commits: [ c1.id ] } } } ) expect( res1 ).to.be.json - expect( res1 ).to.have.status( 200 ) + expect( res1.body.errors ).to.not.exist expect( res1.body.data ).to.have.property( 'branchUpdate' ) expect( res1.body.data.branchUpdate ).to.equal( true ) } ) @@ -257,44 +263,56 @@ describe( 'GraphQL API Core', ( ) => { it( 'Should delete a branch', async ( ) => { const res = await sendRequest( userA.token, { query: `mutation { branchDelete(streamId:"${ts1}", branchId:"${b2.id}")}` } ) expect( res ).to.be.json - expect( res ).to.have.status( 200 ) + expect( res.body.errors ).to.not.exist expect( res.body.data ).to.have.property( 'branchDelete' ) expect( res.body.data.branchDelete ).to.equal( true ) + } ) + + it( 'Should fail to delete a stream because of permissions', async ( ) => { + const res = await sendRequest( userB.token, { query: `mutation { streamDelete( id:"${ts1}")}` } ) + expect( res ).to.be.json + + expect( res.body.errors ).to.exist + expect( res.body.errors[ 0 ].extensions.code ).to.equal( 'FORBIDDEN' ) + } ) + + it( 'Should delete a stream', async ( ) => { + const res = await sendRequest( userB.token, { query: `mutation { streamDelete( id:"${ts4}")}` } ) + expect( res ).to.be.json + expect( res.body.errors ).to.not.exist + expect( res.body.data ).to.have.property( 'streamDelete' ) + expect( res.body.data.streamDelete ).to.equal( true ) } ) } ) describe( 'Queries', ( ) => { - describe( 'Users', ( ) => { - it( 'Should retrieve my profile', async ( ) => { - const res = await sendRequest( userA.token, { - query: `{ user { id name email } }` - } ) - expect( res ).to.be.json - expect( res ).to.have.status( 200 ) - expect( res.body.data ).to.have.property( 'user' ) - expect( res.body.data.user.name ).to.equal( 'd1' ) - expect( res.body.data.user.email ).to.equal( 'd.1@speckle.systems' ) + it( 'Should retrieve my profile', async ( ) => { + const res = await sendRequest( userA.token, { + query: `{ user { id name email } }` } ) - it( 'Should retrieve a different profile profile', async ( ) => { - const res = await sendRequest( userA.token, { - query: ` { user(id:"${userB.id}") { id name email } }` - } ) + expect( res ).to.be.json + expect( res.body.errors ).to.not.exist + expect( res.body.data ).to.have.property( 'user' ) + expect( res.body.data.user.name ).to.equal( 'd1' ) + expect( res.body.data.user.email ).to.equal( 'd.1@speckle.systems' ) + } ) - expect( res ).to.be.json - expect( res ).to.have.status( 200 ) - expect( res.body.data ).to.have.property( 'user' ) - expect( res.body.data.user.name ).to.equal( 'd2' ) - expect( res.body.data.user.email ).to.equal( 'd.2@speckle.systems' ) + it( 'Should retrieve a different profile profile', async ( ) => { + const res = await sendRequest( userA.token, { + query: ` { user(id:"${userB.id}") { id name email } }` } ) + + expect( res ).to.be.json + expect( res.body.errors ).to.not.exist + expect( res.body.data ).to.have.property( 'user' ) + expect( res.body.data.user.name ).to.equal( 'd2' ) + expect( res.body.data.user.email ).to.equal( 'd.2@speckle.systems' ) } ) - describe( 'Streams', ( ) => { - - } ) } ) } ) diff --git a/modules/core/users/services.js b/modules/core/users/services.js index b40f89ed1..4f5272259 100644 --- a/modules/core/users/services.js +++ b/modules/core/users/services.js @@ -97,8 +97,6 @@ module.exports = { async revokeToken( tokenId, userId ) { tokenId = tokenId.slice( 0, 10 ) let token = await Keys().where({id: tokenId}).select("*") - console.log( tokenId ) - console.log( userId ) let delCount = await Keys( ).where( { id: tokenId, owner: userId } ).del( ) if ( delCount === 0 )