Whitelist queries/mutations, fix tests
Created by: Tirokk
Authored by roschaefer Merged
🍰 Pullrequest
This Pull Request throw an authorization error on all Queries/Mutations by default, unless we explicitly specifiy how authorization should behave.
The types on the other hand will be allowed by default. The types are checked after the resolver of the query/mutation has been called, the db requests have resolved and the response is on its way out. We e.g. have some extra checks on the email, password, and privateKey field of the user, so those attributes can never be read.
@Mastercuber there are two failing cucumber scenarios now. I disabled these cucumber scenarios for reasons I explained in the commit message.
Issues
- close #343 (closed)
Todo
-
Refactor ActivityPub middleware (will be done when we have a look into #541)