From bd497af89b8f6cf3e9118d588c9b61b5df8c67df Mon Sep 17 00:00:00 2001
From: Faruk AYDIN <omerfaruk26@gmail.com>
Date: Wed, 4 Oct 2023 20:45:55 +0200
Subject: [PATCH] test: Add case to getUser to not return user password

---
 .../src/graphql/queries/get-user.test.ts      | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/packages/backend/src/graphql/queries/get-user.test.ts b/packages/backend/src/graphql/queries/get-user.test.ts
index 071fce5b..a9ba4ea4 100644
--- a/packages/backend/src/graphql/queries/get-user.test.ts
+++ b/packages/backend/src/graphql/queries/get-user.test.ts
@@ -101,6 +101,25 @@ describe('getUser', () => {
       expect(response.body).toEqual(expectedResponsePayload);
     });
 
+    it('should not return user password for a valid user id', async () => {
+      const query = `
+        query {
+          getUser(id: "${anotherUser.id}") {
+            id
+            email
+            password
+          }
+        }
+      `;
+
+      const response = await requestObject.send({ query }).expect(400);
+
+      expect(response.body.errors).toBeDefined();
+      expect(response.body.errors[0].message).toEqual(
+        'Cannot query field "password" on type "User".'
+      );
+    });
+
     it('should return not found for invalid user id', async () => {
       const invalidUserId = Crypto.randomUUID();