[backend] Prevent sending or receiving friend requests between users …

…who have blocked each other (#294) * Add block-related test to friend request test * Fix to prevent sending or receiving friend requests between users who have blocked each other
usatie · Mar 4, 2024 · f606b66 · f606b66
1 parent 3e515ec
commit f606b66
Show file tree

Hide file tree

Showing 2 changed files with 50 additions and 0 deletions.
diff --git a/backend/src/friend-request/friend-request.service.ts b/backend/src/friend-request/friend-request.service.ts
@@ -19,6 +19,7 @@ export class FriendRequestService {
       await this.expectNotRequesting(recipientId, user, tx);
       await this.expectNotFriends(recipientId, user, tx);
       await this.expectNotBlockedBy(recipientId, user, tx);
+      await this.expectNotBlocking(recipientId, user, tx);
       return tx.user
         .update({
           where: { id: user.id },
@@ -100,6 +101,19 @@ export class FriendRequestService {
     }
   }
 
+  private async expectNotBlocking(blockedId: number, user: User, tx) {
+    const blocking = await tx.user
+      .findFirstOrThrow({
+        where: { id: user.id },
+      })
+      .blocking({
+        where: { id: blockedId },
+      });
+    if (blocking.length > 0) {
+      throw new ConflictException('Blocking user');
+    }
+  }
+
   private async expectNotFriends(friendId: number, user: User, tx) {
     const u = tx.user.findFirstOrThrow({
       where: {
@@ -121,6 +135,8 @@ export class FriendRequestService {
     return this.prisma.$transaction(async (tx) => {
       // Check if user is requested by requester
       await this.expectRequestedBy(requesterId, user, tx);
+      await this.expectNotBlockedBy(requesterId, user, tx);
+      await this.expectNotBlocking(requesterId, user, tx);
 
       // Remove the friend request and add the requester to friends
       return tx.user.update({

diff --git a/backend/test/user.e2e-spec.ts b/backend/test/user.e2e-spec.ts
@@ -537,6 +537,40 @@ describe('UserController (e2e)', () => {
         .expect(409);
     });
 
+    it('Should not send request to blocking user', async () => {
+      // user1 blocks user2
+      await app.blockUser(user1.id, user2.id, user1.accessToken).expect(200);
+
+      // user1 sends request to user2
+      await app
+        .sendFriendRequest(user1.id, user2.id, user1.accessToken)
+        .expect(409);
+    });
+
+    it('Should not accept request from blocked user', async () => {
+      await app
+        .sendFriendRequest(user1.id, user2.id, user1.accessToken)
+        .expect(201);
+
+      // user1 blocks user2
+      await app.blockUser(user1.id, user2.id, user1.accessToken).expect(200);
+      await app
+        .acceptFriendRequest(user2.id, user1.id, user2.accessToken)
+        .expect(409);
+    });
+
+    it('Should not accept request from blocking user', async () => {
+      await app
+        .sendFriendRequest(user1.id, user2.id, user1.accessToken)
+        .expect(201);
+
+      // user2 blocks user1
+      await app.blockUser(user2.id, user1.id, user2.accessToken).expect(200);
+      await app
+        .acceptFriendRequest(user2.id, user1.id, user2.accessToken)
+        .expect(409);
+    });
+
     it('Should not send requests to self', async () => {
       await app
         .sendFriendRequest(user1.id, user1.id, user1.accessToken)