diff --git a/server/models/Trust.js b/server/models/Trust.js index 0de17c20..d6e98ad6 100644 --- a/server/models/Trust.js +++ b/server/models/Trust.js @@ -292,8 +292,8 @@ class Trust { if (!trustRelationship) { throw new HttpError( - 403, - 'Have no permission to accept this relationship', + 404, + 'No such trust relationship exists or it is not associated with the current wallet.', ); } await this.checkManageCircle({ walletId, trustRelationship }); @@ -320,8 +320,8 @@ class Trust { if (!trustRelationship) { throw new HttpError( - 403, - 'Have no permission to decline this relationship', + 404, + 'No such trust relationship exists or it is not associated with the current wallet.', ); } @@ -339,6 +339,14 @@ class Trust { 'wallet_trust.id': trustRelationshipId, }); const [trustRelationship] = trustRelationships; + + if(!trustRelationship){ + throw new HttpError( + 404, + 'No such trust relationship exists or it is not associated with the current wallet.' + ) + } + if (trustRelationship?.originator_wallet_id !== walletId) { throw new HttpError( 403, diff --git a/server/models/Trust.spec.js b/server/models/Trust.spec.js index 45183afd..482a49c1 100644 --- a/server/models/Trust.spec.js +++ b/server/models/Trust.spec.js @@ -629,9 +629,9 @@ describe('Trust Model', () => { error = e; } - expect(error.code).eql(403); + expect(error.code).eql(404); expect(error.message).eql( - 'Have no permission to accept this relationship', + 'No such trust relationship exists or it is not associated with the current wallet.', ); expect(getTrustRelationshipsRequestedToMeStub).calledOnceWithExactly( walletId, @@ -696,9 +696,9 @@ describe('Trust Model', () => { error = e; } - expect(error.code).eql(403); + expect(error.code).eql(404); expect(error.message).eql( - 'Have no permission to decline this relationship', + 'No such trust relationship exists or it is not associated with the current wallet.', ); expect(getTrustRelationshipsRequestedToMeStub).calledOnceWithExactly( walletId, @@ -743,6 +743,7 @@ describe('Trust Model', () => { trustRepositoryStub.getByFilter.resolves([]); const trustRelationshipId = uuid(); const walletId = uuid(); + let error; try { await trustModel.cancelTrustRequest({ @@ -753,9 +754,9 @@ describe('Trust Model', () => { error = e; } - expect(error.code).eql(403); + expect(error.code).eql(404); expect(error.message).eql( - 'Have no permission to cancel this relationship', + 'No such trust relationship exists or it is not associated with the current wallet.', ); expect(trustRepositoryStub.getByFilter).calledOnceWithExactly({ 'wallet_trust.id': trustRelationshipId, diff --git a/server/services/TrustService.js b/server/services/TrustService.js index 205b0c86..e88ff3ce 100644 --- a/server/services/TrustService.js +++ b/server/services/TrustService.js @@ -17,6 +17,11 @@ class TrustService { offset = 0, limit, }) { + // check if wallet exists first + // throws error if no wallet matching walletId exists + const walletService = new WalletService() + await walletService.getWallet(walletId) + return this._trust.getTrustRelationships({ walletId, state, diff --git a/server/services/TrustService.spec.js b/server/services/TrustService.spec.js index c616de4a..0cd664c0 100644 --- a/server/services/TrustService.spec.js +++ b/server/services/TrustService.spec.js @@ -23,6 +23,10 @@ describe('TrustService', () => { .stub(Trust.prototype, 'getTrustRelationships') .resolves(['trustRelationships']); + const getWalletStub = sinon + .stub(WalletService.prototype, 'getWallet') + .resolves({id: 'walletId'}) + const trustRelationship = await trustService.getTrustRelationships({ walletId: 'walletId', state: 'state', @@ -32,6 +36,9 @@ describe('TrustService', () => { }); expect(trustRelationship).eql(['trustRelationships']); + expect(getWalletStub.calledOnceWithExactly({ + walletId: 'walletId', + })) expect( getTrustRelationshipsStub.calledOnceWithExactly({ walletId: 'walletId',