cartodb/CartoDB-SQL-API
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
63d41e4843
CartoDB-SQL-API/test/acceptance/app.test.js

1443 lines
54 KiB
JavaScript
Raw Normal View History

updated acceptance tests for host name based public api and made work :)
2011-08-25 03:47:10 +08:00
/**
*
* Requires the database and tables setup in config/environments/test.js to exist
* Ensure the user is present in the pgbouncer auth file too
* TODO: Add OAuth tests.
*
Add REINDEX to the list of uncacheable queries
2013-07-25 00:43:38 +08:00
* To run this test, ensure that cartodb_test_user_1_db metadata exists
* in Redis for the vizzuality.cartodb.com domain
updated acceptance tests for host name based public api and made work :)
2011-08-25 03:47:10 +08:00
*
* SELECT 5
* HSET rails:users:vizzuality id 1
Really fix the tests for unauthorized attempts to write db It was not about specifying the db trough headers but rather about referencing the _wrong_ database via params. Also fixes the expected result (which was indeed wrong).
2013-04-11 19:35:11 +08:00
* HSET rails:users:vizzuality database_name cartodb_test_user_1_db
updated acceptance tests for host name based public api and made work :)
2011-08-25 03:47:10 +08:00
*
*/
first draft, tidied, unit tests, modules, refactor, environments, see TODO for next steps"
2011-06-13 11:23:02 +08:00
require('../helper');
Port tests to mocha. Closes #35.
2012-07-13 04:54:12 +08:00
require('../support/assert');
updated to post
2011-09-07 19:05:10 +08:00
Add support for specifying a filename for exports. Closes #64 Sets release target to 1.3.0, due to parameter addition
2012-11-12 19:37:34 +08:00
Honour the 'node_socket_timeout' configuration directive Closes #128 Includes testcase, which required enhancing assert.response to handle errors. Changes app controller to a function that only reads configuration when executed (rather than when only require'd).
2014-01-31 17:55:30 +08:00
var app = require(global.settings.app_root + '/app/controllers/app')()
updated acceptance tests for host name based public api and made work :)
2011-08-25 03:47:10 +08:00
, assert = require('assert')
Fix INSERT and UPDATE with RETURNING clause. Closes #50 Includes regression test
2012-09-17 17:50:19 +08:00
, querystring = require('querystring')
Add support for specifying a filename for exports. Closes #64 Sets release target to 1.3.0, due to parameter addition
2012-11-12 19:37:34 +08:00
, _ = require('underscore')
, zipfile = require('zipfile')
, fs = require('fs')
Support for specifying a list of fields to skip from output. Closes #63
2012-11-13 00:10:16 +08:00
, libxmljs = require('libxmljs')
Make using SET or querying system catalogues harder An hack to "prevent" querying system tables already existed but was pretty weak. This commits makes that a bit stronger. The filter for SET is new.
2013-04-09 17:49:05 +08:00
, Step = require('step')
Add support for specifying a filename for exports. Closes #64 Sets release target to 1.3.0, due to parameter addition
2012-11-12 19:37:34 +08:00
;
first draft, tidied, unit tests, modules, refactor, environments, see TODO for next steps"
2011-06-13 11:23:02 +08:00
node v0.6 compatibility
2012-03-16 20:50:07 +08:00
Port tests to mocha. Closes #35.
2012-07-13 04:54:12 +08:00
suite('app.test', function() {
Review cache-control headers: * Raise max-age to one year for all cacheable queries * Set max-age to 0 for uncacheable (mutating) queries
2013-07-22 23:21:38 +08:00
var expected_cache_control = 'no-cache,max-age=31536000,must-revalidate,public';
var expected_rw_cache_control = 'no-cache,max-age=0,must-revalidate,public';
Add 'cache_policy' parameter. Closes #62
2012-11-13 02:14:20 +08:00
var expected_cache_control_persist = 'public,max-age=31536000';
Add '/version' endpoint Closes #138 Includes testcase
2014-03-13 20:40:56 +08:00
test('GET /api/v1/version', function(done){
assert.response(app, {
url: '/api/v1/version',
method: 'GET'
},{}, function(res) {
assert.equal(res.statusCode, 200);
var parsed = JSON.parse(res.body);
var sqlapi_version = require(__dirname + '/../../package.json').version;
assert.ok(parsed.hasOwnProperty('cartodb_sql_api'), "No 'cartodb_sql_api' version in " + parsed);
assert.equal(parsed.cartodb_sql_api, sqlapi_version);
done();
});
});
oauth
2011-06-20 21:39:12 +08:00
Expect correct JSON, never mind formatting of it This is because express-3.0.0beta6 send indented JSON ...
2012-07-16 23:16:28 +08:00
test('GET /api/v1/sql', function(done){
updated acceptance tests for host name based public api and made work :)
2011-08-25 03:47:10 +08:00
assert.response(app, {
updated to post
2011-09-07 19:05:10 +08:00
url: '/api/v1/sql',
updated acceptance tests for host name based public api and made work :)
2011-08-25 03:47:10 +08:00
method: 'GET'
},{
add system table sanitizer
2011-11-22 08:06:14 +08:00
status: 400
Expect correct JSON, never mind formatting of it This is because express-3.0.0beta6 send indented JSON ...
2012-07-16 23:16:28 +08:00
}, function(res) {
Fix Content-Disposition for error responses. Closes #82
2013-02-13 20:32:34 +08:00
assert.deepEqual(res.headers['content-type'], 'application/json; charset=utf-8');
Make base url configurable, use a wildcard in the example config
2013-05-23 17:49:23 +08:00
assert.deepEqual(res.headers['content-disposition'], 'inline');
assert.deepEqual(JSON.parse(res.body), {"error":["You must indicate a sql query"]});
done();
});
});
// Test base_url setting
test('GET /api/whatever/sql', function(done){
assert.response(app, {
Fix test for custom base_url
2013-05-24 19:51:39 +08:00
url: '/api/whatever/sql?q=SELECT%201',
headers: {host: 'vizzuality.cartodb.com'},
Make base url configurable, use a wildcard in the example config
2013-05-23 17:49:23 +08:00
method: 'GET'
},{
}, function(res) {
Fix test for custom base_url
2013-05-24 19:51:39 +08:00
assert.equal(res.statusCode, 200, res.body);
Expect correct JSON, never mind formatting of it This is because express-3.0.0beta6 send indented JSON ...
2012-07-16 23:16:28 +08:00
done();
updated acceptance tests for host name based public api and made work :)
2011-08-25 03:47:10 +08:00
});
Port tests to mocha. Closes #35.
2012-07-13 04:54:12 +08:00
});
First version of the API server with some TODOs to solve
2011-06-10 00:34:02 +08:00
Do not execute queries on OPTIONS. Closes #94
2013-05-24 20:21:13 +08:00
// Test CORS headers with GET
test('GET /api/whatever/sql', function(done){
assert.response(app, {
url: '/api/whatever/sql?q=SELECT%201',
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
},{
}, function(res) {
assert.equal(res.statusCode, 200, res.body);
assert.equal(res.headers['access-control-allow-headers'], 'X-Requested-With, X-Prototype-Version, X-CSRF-Token');
assert.equal(res.headers['access-control-allow-origin'], '*');
done();
});
});
Changes authentication to start using public user if it is defined in redis.
2014-07-04 22:47:59 +08:00
// Test that OPTIONS does not run queries
Do not execute queries on OPTIONS. Closes #94
2013-05-24 20:21:13 +08:00
test('OPTIONS /api/x/sql', function(done){
assert.response(app, {
url: '/api/x/sql?q=syntax%20error',
headers: {host: 'vizzuality.cartodb.com'},
method: 'OPTIONS'
},{}, function(res) {
assert.equal(res.statusCode, 200, res.body);
assert.equal(res.body, '');
assert.equal(res.headers['access-control-allow-headers'], 'X-Requested-With, X-Prototype-Version, X-CSRF-Token');
assert.equal(res.headers['access-control-allow-origin'], '*');
done();
});
});
added test fixtures
2011-10-05 23:49:54 +08:00
Print body on unexpected non-200 response status
2012-07-13 17:01:32 +08:00
test('GET /api/v1/sql with SQL parameter on SELECT only. No oAuth included ', function(done){
updated acceptance tests for host name based public api and made work :)
2011-08-25 03:47:10 +08:00
assert.response(app, {
added test fixtures
2011-10-05 23:49:54 +08:00
url: '/api/v1/sql?q=SELECT%20*%20FROM%20untitle_table_4&database=cartodb_test_user_1_db',
Changes authentication to start using public user if it is defined in redis.
2014-07-04 22:47:59 +08:00
headers: {host: 'vizzuality.cartodb.com'},
updated acceptance tests for host name based public api and made work :)
2011-08-25 03:47:10 +08:00
method: 'GET'
Print body on unexpected non-200 response status
2012-07-13 17:01:32 +08:00
},{ }, function(res) {
assert.equal(res.statusCode, 200, res.body);
Set X-Cache-Channel to NONE when the SQL may write to the database Note that "may write" allows for false positive, so there could be less cache hits than possibly allowable. If this will be a problem for any real use case we could still improve the regular expression used to detect "writing" queries. Automated tests are added to check for the X-Cache-Channel header with both writing and read-only queries performed by authenticated requests. Closes #27 Closes #43
2012-10-15 19:20:37 +08:00
// Check cache headers
Updates CDB_QueryTables to match the one from the extension. Fixes some tests to show the schema presence. Skip some tests that we need to review because with the current implementation of CDB_QueryTables dont make sense. CDB_QueryTables should be used from the extension as a dependency.
2014-06-26 17:22:40 +08:00
assert.equal(res.headers['x-cache-channel'], 'cartodb_test_user_1_db:public.untitle_table_4');
Set X-Cache-Channel to NONE when the SQL may write to the database Note that "may write" allows for false positive, so there could be less cache hits than possibly allowable. If this will be a problem for any real use case we could still improve the regular expression used to detect "writing" queries. Automated tests are added to check for the X-Cache-Channel header with both writing and read-only queries performed by authenticated requests. Closes #27 Closes #43
2012-10-15 19:20:37 +08:00
assert.equal(res.headers['cache-control'], expected_cache_control);
Print body on unexpected non-200 response status
2012-07-13 17:01:32 +08:00
done();
updated acceptance tests for host name based public api and made work :)
2011-08-25 03:47:10 +08:00
});
Port tests to mocha. Closes #35.
2012-07-13 04:54:12 +08:00
});
added true oauth to application. got rid of bogus
2011-08-18 00:27:45 +08:00
Add 'cache_policy' parameter. Closes #62
2012-11-13 02:14:20 +08:00
test('cache_policy=persist', function(done){
assert.response(app, {
url: '/api/v1/sql?q=SELECT%20*%20FROM%20untitle_table_4&database=cartodb_test_user_1_db&cache_policy=persist',
Changes authentication to start using public user if it is defined in redis.
2014-07-04 22:47:59 +08:00
headers: {host: 'vizzuality.cartodb.com'},
Add 'cache_policy' parameter. Closes #62
2012-11-13 02:14:20 +08:00
method: 'GET'
},{ }, function(res) {
assert.equal(res.statusCode, 200, res.body);
// Check cache headers
Review cache-control headers: * Raise max-age to one year for all cacheable queries * Set max-age to 0 for uncacheable (mutating) queries
2013-07-22 23:21:38 +08:00
assert.ok(res.headers.hasOwnProperty('x-cache-channel'));
Set a meaningful X-Cache-Channel with cache_policy=persist Closes #105
2013-10-18 19:29:06 +08:00
// See https://github.com/CartoDB/CartoDB-SQL-API/issues/105
Updates CDB_QueryTables to match the one from the extension. Fixes some tests to show the schema presence. Skip some tests that we need to review because with the current implementation of CDB_QueryTables dont make sense. CDB_QueryTables should be used from the extension as a dependency.
2014-06-26 17:22:40 +08:00
assert.equal(res.headers['x-cache-channel'], 'cartodb_test_user_1_db:public.untitle_table_4');
Add 'cache_policy' parameter. Closes #62
2012-11-13 02:14:20 +08:00
assert.equal(res.headers['cache-control'], expected_cache_control_persist);
done();
});
});
Print body on unexpected non-200 response status
2012-07-13 17:01:32 +08:00
test('GET /api/v1/sql with SQL parameter on SELECT only. no database param, just id using headers', function(done){
updated acceptance tests for host name based public api and made work :)
2011-08-25 03:47:10 +08:00
assert.response(app, {
updated to post
2011-09-07 19:05:10 +08:00
url: '/api/v1/sql?q=SELECT%20*%20FROM%20untitle_table_4',
updated acceptance tests for host name based public api and made work :)
2011-08-25 03:47:10 +08:00
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
Print body on unexpected non-200 response status
2012-07-13 17:01:32 +08:00
},{ }, function(res) {
assert.equal(res.statusCode, 200, res.body);
done();
updated acceptance tests for host name based public api and made work :)
2011-08-25 03:47:10 +08:00
});
Port tests to mocha. Closes #35.
2012-07-13 04:54:12 +08:00
});
updated acceptance tests for host name based public api and made work :)
2011-08-25 03:47:10 +08:00
Optionally read user-specific database_password from redis Follows CartoDB-2.5.0 model. Includes testcase. Closes #120 -- Jira ref CDB-870
2013-11-18 20:31:11 +08:00
// See https://github.com/CartoDB/CartoDB-SQL-API/issues/121
Optionally read user-specific database_host from redis Follows CartoDB-2.5.0 model. Includes testcase. Closes #121 -- Jire ref CDB-870
2013-11-18 19:21:30 +08:00
test('SELECT from user-specific database', function(done){
var backupDBHost = global.settings.db_host;
global.settings.db_host = '6.6.6.6';
assert.response(app, {
url: '/api/v1/sql?q=SELECT+2+as+n',
headers: {host: 'cartodb250user.cartodb.com'},
method: 'GET'
},{}, function(res) {
global.settings.db_host = backupDBHost;
var err = null;
try {
assert.equal(res.statusCode, 200, res.statusCode + ": " + res.body);
var parsed = JSON.parse(res.body);
assert.equal(parsed.rows.length, 1);
assert.equal(parsed.rows[0].n, 2);
} catch (e) {
err = e;
}
done(err);
});
});
Optionally read user-specific database_password from redis Follows CartoDB-2.5.0 model. Includes testcase. Closes #120 -- Jira ref CDB-870
2013-11-18 20:31:11 +08:00
// See https://github.com/CartoDB/CartoDB-SQL-API/issues/120
test('SELECT with user-specific password', function(done){
var backupDBUserPass = global.settings.db_user_pass;
global.settings.db_user_pass = '<%= user_password %>';
assert.response(app, {
url: '/api/v1/sql?q=SELECT+2+as+n&api_key=1234',
headers: {host: 'cartodb250user.cartodb.com'},
method: 'GET'
},{}, function(res) {
global.settings.db_user_pass = backupDBUserPass;
var err = null;
try {
assert.equal(res.statusCode, 200, res.statusCode + ": " + res.body);
var parsed = JSON.parse(res.body);
assert.equal(parsed.rows.length, 1);
assert.equal(parsed.rows[0].n, 2);
} catch (e) {
err = e;
}
done(err);
});
});
Set X-Cache-Channel to NONE when the SQL may write to the database Note that "may write" allows for false positive, so there could be less cache hits than possibly allowable. If this will be a problem for any real use case we could still improve the regular expression used to detect "writing" queries. Automated tests are added to check for the X-Cache-Channel header with both writing and read-only queries performed by authenticated requests. Closes #27 Closes #43
2012-10-15 19:20:37 +08:00
test('GET /api/v1/sql with SQL parameter on SELECT only. no database param, just id using headers. Authenticated.',
function(done){
assert.response(app, {
url: '/api/v1/sql?q=SELECT%20cartodb_id*2%20FROM%20untitle_table_4&api_key=1234',
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
},{ }, function(res) {
assert.equal(res.statusCode, 200, res.body);
// Check cache headers
Updates CDB_QueryTables to match the one from the extension. Fixes some tests to show the schema presence. Skip some tests that we need to review because with the current implementation of CDB_QueryTables dont make sense. CDB_QueryTables should be used from the extension as a dependency.
2014-06-26 17:22:40 +08:00
assert.equal(res.headers['x-cache-channel'], 'cartodb_test_user_1_db:public.untitle_table_4');
Set X-Cache-Channel to NONE when the SQL may write to the database Note that "may write" allows for false positive, so there could be less cache hits than possibly allowable. If this will be a problem for any real use case we could still improve the regular expression used to detect "writing" queries. Automated tests are added to check for the X-Cache-Channel header with both writing and read-only queries performed by authenticated requests. Closes #27 Closes #43
2012-10-15 19:20:37 +08:00
assert.equal(res.headers['cache-control'], expected_cache_control);
done();
});
});
Fix X-Cache-Channel computation with paging parameters. Closes #85.
2013-02-18 23:14:15 +08:00
// Test for https://github.com/Vizzuality/CartoDB-SQL-API/issues/85
Changes authentication to start using public user if it is defined in redis.
2014-07-04 22:47:59 +08:00
test("paging doesn't break x-cache-channel",
Fix X-Cache-Channel computation with paging parameters. Closes #85.
2013-02-18 23:14:15 +08:00
function(done){
assert.response(app, {
url: '/api/v1/sql?' + querystring.stringify({
Bubble paging UI hack up from model to controller ... one day we'll need to completely drop this hack!
2013-05-24 16:22:17 +08:00
// note: select casing intentionally mixed
q: 'selECT cartodb_id*3 FROM untitle_table_4',
Fix X-Cache-Channel computation with paging parameters. Closes #85.
2013-02-18 23:14:15 +08:00
api_key: '1234',
rows_per_page: 1,
page: 2
}),
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
},{ }, function(res) {
assert.equal(res.statusCode, 200, res.body);
Updates CDB_QueryTables to match the one from the extension. Fixes some tests to show the schema presence. Skip some tests that we need to review because with the current implementation of CDB_QueryTables dont make sense. CDB_QueryTables should be used from the extension as a dependency.
2014-06-26 17:22:40 +08:00
assert.equal(res.headers['x-cache-channel'], 'cartodb_test_user_1_db:public.untitle_table_4');
Fix windowing support for non-uppercased SELECT queries
2013-06-06 21:24:57 +08:00
var parsed = JSON.parse(res.body);
assert.equal(parsed.rows.length, 1);
Fix X-Cache-Channel computation with paging parameters. Closes #85.
2013-02-18 23:14:15 +08:00
done();
});
});
Document and test "page" and "rows_per_page" parameters. Closes #123
2013-12-03 23:52:55 +08:00
// Test page and rows_per_page params
test("paging", function(done){
Extend paging test Tests page=0, POST and authentication
2014-03-27 18:18:02 +08:00
var sql = 'SELECT * FROM (VALUES(1),(2),(3),(4),(5),(6),(7),(8),(9)) t(v)';
var pr = [ [2,3], [0,4] ]; // page and rows
var methods = [ 'GET', 'POST' ];
var authorized = 0;
var testing = 0;
var method = 0;
var testNext = function() {
if ( testing >= pr.length ) {
if ( method+1 >= methods.length ) {
if ( authorized ) {
done();
return;
} else {
authorized = 1;
method = 0;
testing = 0;
}
} else {
testing = 0;
++method;
}
}
var prcur = pr[testing++];
console.log("Test " + testing + "/" + pr.length
+ " method " + methods[method] + " "
+ ( authorized ? "authenticated" : "" ) );
var page = prcur[0];
var nrows = prcur[1];
var data_obj = {
q: sql,
rows_per_page: nrows,
page: page
};
if ( authorized ) data_obj['api_key'] = '1234';
var data = querystring.stringify(data_obj);
var req = {
url: '/api/v1/sql',
headers: {host: 'vizzuality.cartodb.com'}
};
if ( methods[method] == 'GET' ) {
req.method = 'GET';
req.url += '?' + data;
} else {
req.method = 'POST';
req.headers['Content-Type'] = 'application/x-www-form-urlencoded';
req.data = data;
}
assert.response(app, req, {}, function(res) {
assert.equal(res.statusCode, 200, res.body);
var parsed = JSON.parse(res.body);
assert.equal(parsed.rows.length, nrows);
for (var i=0; i<nrows; ++i) {
var obt = parsed.rows[i].v;
var exp = page * nrows + i + 1;
assert.equal(obt, exp, "Value " + i + " in page " + page + " is " + obt + ", expected " + exp);
}
testNext();
});
};
testNext();
Document and test "page" and "rows_per_page" parameters. Closes #123
2013-12-03 23:52:55 +08:00
});
Fix paging with queries starting with comments Closes #144 Includes testcase
2014-03-27 19:47:34 +08:00
// Test paging with WITH queries
test("paging starting with comment", function(done){
var sql = "-- this is a comment\n" +
"SELECT * FROM (VALUES(1),(2),(3),(4),(5),(6),(7),(8),(9)) t(v)";
var nrows = 3;
var page = 2;
assert.response(app, {
url: '/api/v1/sql?' + querystring.stringify({
q: sql,
rows_per_page: nrows,
page: page
}),
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
}, {}, function(res) {
assert.equal(res.statusCode, 200, res.body);
var parsed = JSON.parse(res.body);
assert.equal(parsed.rows.length, 3);
for (var i=0; i<nrows; ++i) {
var obt = parsed.rows[i].v;
var exp = page * nrows + i + 1;
assert.equal(obt, exp, "Value " + i + " in page " + page + " is " + obt + ", expected " + exp);
}
done();
});
});
Print body on unexpected non-200 response status
2012-07-13 17:01:32 +08:00
test('POST /api/v1/sql with SQL parameter on SELECT only. no database param, just id using headers', function(done){
updated to post
2011-09-07 19:05:10 +08:00
assert.response(app, {
url: '/api/v1/sql',
data: querystring.stringify({q: "SELECT * FROM untitle_table_4"}),
headers: {host: 'vizzuality.cartodb.com', 'Content-Type': 'application/x-www-form-urlencoded' },
method: 'POST'
Print body on unexpected non-200 response status
2012-07-13 17:01:32 +08:00
},{ }, function(res) {
assert.equal(res.statusCode, 200, res.body);
done();
updated to post
2011-09-07 19:05:10 +08:00
});
Port tests to mocha. Closes #35.
2012-07-13 04:54:12 +08:00
});
updated to post
2011-09-07 19:05:10 +08:00
Fix Content-Disposition for error responses. Closes #82
2013-02-13 20:32:34 +08:00
test('GET /api/v1/sql with INSERT. oAuth not used, so public user - should fail', function(done){
updated acceptance tests for host name based public api and made work :)
2011-08-25 03:47:10 +08:00
assert.response(app, {
Really fix the tests for unauthorized attempts to write db It was not about specifying the db trough headers but rather about referencing the _wrong_ database via params. Also fixes the expected result (which was indeed wrong).
2013-04-11 19:35:11 +08:00
url: "/api/v1/sql?q=INSERT%20INTO%20untitle_table_4%20(cartodb_id)%20VALUES%20(1e4)&database=cartodb_test_user_1_db",
Changes authentication to start using public user if it is defined in redis.
2014-07-04 22:47:59 +08:00
headers: {host: 'vizzuality.cartodb.com'},
updated acceptance tests for host name based public api and made work :)
2011-08-25 03:47:10 +08:00
method: 'GET'
},{
Fix Content-Disposition for error responses. Closes #82
2013-02-13 20:32:34 +08:00
}, function(res) {
assert.equal(res.statusCode, 400, res.statusCode + ': ' + res.body);
assert.deepEqual(res.headers['content-type'], 'application/json; charset=utf-8');
assert.deepEqual(res.headers['content-disposition'], 'inline');
Changes authentication to start using public user if it is defined in redis.
2014-07-04 22:47:59 +08:00
assert.deepEqual(JSON.parse(res.body),
{"error":["permission denied for relation untitle_table_4"]}
Fix Content-Disposition for error responses. Closes #82
2013-02-13 20:32:34 +08:00
);
done();
updated acceptance tests for host name based public api and made work :)
2011-08-25 03:47:10 +08:00
});
Port tests to mocha. Closes #35.
2012-07-13 04:54:12 +08:00
});
added true oauth to application. got rid of bogus
2011-08-18 00:27:45 +08:00
Fix test using wrong hostname (thus connecting to wrong db)
2013-04-11 19:00:13 +08:00
test('GET /api/v1/sql with DROP TABLE. oAuth not used, so public user - should fail', function(done){
added public user shouldn't insert test
2011-06-21 00:03:29 +08:00
assert.response(app, {
Really fix the tests for unauthorized attempts to write db It was not about specifying the db trough headers but rather about referencing the _wrong_ database via params. Also fixes the expected result (which was indeed wrong).
2013-04-11 19:35:11 +08:00
url: "/api/v1/sql?q=DROP%20TABLE%20untitle_table_4&database=cartodb_test_user_1_db",
Changes authentication to start using public user if it is defined in redis.
2014-07-04 22:47:59 +08:00
headers: {host: 'vizzuality.cartodb.com'},
updated acceptance tests for host name based public api and made work :)
2011-08-25 03:47:10 +08:00
method: 'GET'
added public user shouldn't insert test
2011-06-21 00:03:29 +08:00
},{
Fix Content-Disposition for error responses. Closes #82
2013-02-13 20:32:34 +08:00
}, function(res) {
assert.equal(res.statusCode, 400, res.statusCode + ': ' + res.body);
assert.deepEqual(res.headers['content-type'], 'application/json; charset=utf-8');
assert.deepEqual(res.headers['content-disposition'], 'inline');
Changes authentication to start using public user if it is defined in redis.
2014-07-04 22:47:59 +08:00
assert.deepEqual(JSON.parse(res.body),
Really fix the tests for unauthorized attempts to write db It was not about specifying the db trough headers but rather about referencing the _wrong_ database via params. Also fixes the expected result (which was indeed wrong).
2013-04-11 19:35:11 +08:00
{"error":["must be owner of relation untitle_table_4"]}
Fix Content-Disposition for error responses. Closes #82
2013-02-13 20:32:34 +08:00
);
done();
added public user shouldn't insert test
2011-06-21 00:03:29 +08:00
});
Port tests to mocha. Closes #35.
2012-07-13 04:54:12 +08:00
});
updated acceptance tests for host name based public api and made work :)
2011-08-25 03:47:10 +08:00
Fix Content-Disposition for error responses. Closes #82
2013-02-13 20:32:34 +08:00
test('GET /api/v1/sql with INSERT. header based db - should fail', function(){
added dangerous test
2011-06-21 00:22:46 +08:00
assert.response(app, {
updated to post
2011-09-07 19:05:10 +08:00
url: "/api/v1/sql?q=INSERT%20INTO%20untitle_table_4%20(id)%20VALUES%20(1)",
updated acceptance tests for host name based public api and made work :)
2011-08-25 03:47:10 +08:00
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
added dangerous test
2011-06-21 00:22:46 +08:00
},{
add system table sanitizer
2011-11-22 08:06:14 +08:00
status: 400
added dangerous test
2011-06-21 00:22:46 +08:00
});
Port tests to mocha. Closes #35.
2012-07-13 04:54:12 +08:00
});
updated acceptance tests for host name based public api and made work :)
2011-08-25 03:47:10 +08:00
Changes authentication to start using public user if it is defined in redis.
2014-07-04 22:47:59 +08:00
// Check results from INSERT
Add tests for INSERT/UPDATE/DELETE and _no_ RETURNING (#13)
2012-09-17 22:56:25 +08:00
//
// See https://github.com/Vizzuality/CartoDB-SQL-API/issues/13
test('INSERT returns affected rows', function(done){
assert.response(app, {
// view prepare_db.sh to see where to set api_key
url: "/api/v1/sql?api_key=1234&"
+ querystring.stringify({q:
"INSERT INTO private_table(name) VALUES('noret1') UNION VALUES('noret2')"
}),
headers: {host: 'vizzuality.localhost.lan:8080' },
method: 'GET'
},{}, function(res) {
assert.equal(res.statusCode, 200, res.statusCode + ': ' + res.body);
var out = JSON.parse(res.body);
assert.ok(out.hasOwnProperty('time'));
assert.equal(out.total_rows, 2);
assert.equal(out.rows.length, 0);
Set X-Cache-Channel to NONE when the SQL may write to the database Note that "may write" allows for false positive, so there could be less cache hits than possibly allowable. If this will be a problem for any real use case we could still improve the regular expression used to detect "writing" queries. Automated tests are added to check for the X-Cache-Channel header with both writing and read-only queries performed by authenticated requests. Closes #27 Closes #43
2012-10-15 19:20:37 +08:00
// Check cache headers
// See https://github.com/Vizzuality/CartoDB-SQL-API/issues/43
Review cache-control headers: * Raise max-age to one year for all cacheable queries * Set max-age to 0 for uncacheable (mutating) queries
2013-07-22 23:21:38 +08:00
assert.ok(!res.hasOwnProperty('x-cache-channel'));
assert.equal(res.headers['cache-control'], expected_rw_cache_control);
Add tests for INSERT/UPDATE/DELETE and _no_ RETURNING (#13)
2012-09-17 22:56:25 +08:00
done();
});
});
// Check results from UPDATE
//
// See https://github.com/Vizzuality/CartoDB-SQL-API/issues/13
test('UPDATE returns affected rows', function(done){
assert.response(app, {
// view prepare_db.sh to see where to set api_key
url: "/api/v1/sql?api_key=1234&"
+ querystring.stringify({q:
"UPDATE private_table SET name = upper(name) WHERE name in ('noret1', 'noret2')"
}),
headers: {host: 'vizzuality.localhost.lan:8080' },
method: 'GET'
},{}, function(res) {
assert.equal(res.statusCode, 200, res.statusCode + ': ' + res.body);
var out = JSON.parse(res.body);
assert.ok(out.hasOwnProperty('time'));
assert.equal(out.total_rows, 2);
assert.equal(out.rows.length, 0);
Set X-Cache-Channel to NONE when the SQL may write to the database Note that "may write" allows for false positive, so there could be less cache hits than possibly allowable. If this will be a problem for any real use case we could still improve the regular expression used to detect "writing" queries. Automated tests are added to check for the X-Cache-Channel header with both writing and read-only queries performed by authenticated requests. Closes #27 Closes #43
2012-10-15 19:20:37 +08:00
// Check cache headers
// See https://github.com/Vizzuality/CartoDB-SQL-API/issues/43
Review cache-control headers: * Raise max-age to one year for all cacheable queries * Set max-age to 0 for uncacheable (mutating) queries
2013-07-22 23:21:38 +08:00
assert.ok(!res.hasOwnProperty('x-cache-channel'));
assert.equal(res.headers['cache-control'], expected_rw_cache_control);
Add tests for INSERT/UPDATE/DELETE and _no_ RETURNING (#13)
2012-09-17 22:56:25 +08:00
done();
});
});
// Check results from DELETE
//
// See https://github.com/Vizzuality/CartoDB-SQL-API/issues/13
test('DELETE returns affected rows', function(done){
assert.response(app, {
// view prepare_db.sh to see where to set api_key
url: "/api/v1/sql?api_key=1234&"
+ querystring.stringify({q:
"DELETE FROM private_table WHERE name in ('NORET1', 'NORET2')"
}),
headers: {host: 'vizzuality.localhost.lan:8080' },
method: 'GET'
},{}, function(res) {
assert.equal(res.statusCode, 200, res.statusCode + ': ' + res.body);
var out = JSON.parse(res.body);
assert.ok(out.hasOwnProperty('time'));
assert.equal(out.total_rows, 2);
assert.equal(out.rows.length, 0);
Set X-Cache-Channel to NONE when the SQL may write to the database Note that "may write" allows for false positive, so there could be less cache hits than possibly allowable. If this will be a problem for any real use case we could still improve the regular expression used to detect "writing" queries. Automated tests are added to check for the X-Cache-Channel header with both writing and read-only queries performed by authenticated requests. Closes #27 Closes #43
2012-10-15 19:20:37 +08:00
// Check cache headers
// See https://github.com/Vizzuality/CartoDB-SQL-API/issues/43
Review cache-control headers: * Raise max-age to one year for all cacheable queries * Set max-age to 0 for uncacheable (mutating) queries
2013-07-22 23:21:38 +08:00
assert.ok(!res.hasOwnProperty('x-cache-channel'));
assert.equal(res.headers['cache-control'], expected_rw_cache_control);
Add tests for INSERT/UPDATE/DELETE and _no_ RETURNING (#13)
2012-09-17 22:56:25 +08:00
done();
});
});
Fix INSERT and UPDATE with RETURNING clause. Closes #50 Includes regression test
2012-09-17 17:50:19 +08:00
// Check results from INSERT .. RETURNING
//
// See https://github.com/Vizzuality/CartoDB-SQL-API/issues/50
test('INSERT with RETURNING returns all results', function(done){
assert.response(app, {
// view prepare_db.sh to see where to set api_key
url: "/api/v1/sql?api_key=1234&"
+ querystring.stringify({q:
"INSERT INTO private_table(name) VALUES('test') RETURNING upper(name), reverse(name)"
}),
headers: {host: 'vizzuality.localhost.lan:8080' },
method: 'GET'
},{}, function(res) {
assert.equal(res.statusCode, 200, res.statusCode + ': ' + res.body);
var out = JSON.parse(res.body);
assert.ok(out.hasOwnProperty('time'));
assert.equal(out.total_rows, 1);
assert.equal(out.rows.length, 1);
assert.equal(_.keys(out.rows[0]).length, 2);
assert.equal(out.rows[0].upper, 'TEST');
assert.equal(out.rows[0].reverse, 'tset');
done();
});
});
// Check results from UPDATE .. RETURNING
//
// See https://github.com/Vizzuality/CartoDB-SQL-API/issues/50
test('UPDATE with RETURNING returns all results', function(done){
assert.response(app, {
// view prepare_db.sh to see where to set api_key
url: "/api/v1/sql?api_key=1234&"
+ querystring.stringify({q:
"UPDATE private_table SET name = 'tost' WHERE name = 'test' RETURNING upper(name), reverse(name)"
}),
headers: {host: 'vizzuality.localhost.lan:8080' },
method: 'GET'
},{}, function(res) {
assert.equal(res.statusCode, 200, res.statusCode + ': ' + res.body);
var out = JSON.parse(res.body);
assert.ok(out.hasOwnProperty('time'));
assert.equal(out.total_rows, 1);
assert.equal(out.rows.length, 1);
assert.equal(_.keys(out.rows[0]).length, 2);
assert.equal(out.rows[0].upper, 'TOST');
assert.equal(out.rows[0].reverse, 'tsot');
done();
});
});
Add test for DELETE .. RETURNING (#50)
2012-09-17 22:50:15 +08:00
// Check results from DELETE .. RETURNING
//
// See https://github.com/Vizzuality/CartoDB-SQL-API/issues/50
test('DELETE with RETURNING returns all results', function(done){
assert.response(app, {
// view prepare_db.sh to see where to set api_key
url: "/api/v1/sql?api_key=1234&"
+ querystring.stringify({q:
"DELETE FROM private_table WHERE name = 'tost' RETURNING name"
}),
headers: {host: 'vizzuality.localhost.lan:8080' },
method: 'GET'
},{}, function(res) {
assert.equal(res.statusCode, 200, res.statusCode + ': ' + res.body);
var out = JSON.parse(res.body);
assert.ok(out.hasOwnProperty('time'));
assert.equal(out.total_rows, 1);
assert.equal(out.rows.length, 1);
assert.equal(_.keys(out.rows[0]).length, 1);
assert.equal(out.rows[0].name, 'tost');
done();
});
});
Fix Content-Disposition for error responses. Closes #82
2013-02-13 20:32:34 +08:00
test('GET /api/v1/sql with SQL parameter on DROP TABLE. should fail', function(done){
updated acceptance tests for host name based public api and made work :)
2011-08-25 03:47:10 +08:00
assert.response(app, {
updated to post
2011-09-07 19:05:10 +08:00
url: "/api/v1/sql?q=DROP%20TABLE%20untitle_table_4",
updated acceptance tests for host name based public api and made work :)
2011-08-25 03:47:10 +08:00
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
Fix Content-Disposition for error responses. Closes #82
2013-02-13 20:32:34 +08:00
},{}, function(res) {
assert.equal(res.statusCode, 400, res.statusCode + ': ' + res.body);
assert.deepEqual(res.headers['content-type'], 'application/json; charset=utf-8');
assert.deepEqual(res.headers['content-disposition'], 'inline');
Changes authentication to start using public user if it is defined in redis.
2014-07-04 22:47:59 +08:00
assert.deepEqual(JSON.parse(res.body),
{"error":["must be owner of relation untitle_table_4"]}
Fix Content-Disposition for error responses. Closes #82
2013-02-13 20:32:34 +08:00
);
done();
updated acceptance tests for host name based public api and made work :)
2011-08-25 03:47:10 +08:00
});
Port tests to mocha. Closes #35.
2012-07-13 04:54:12 +08:00
});
added test fixtures
2011-10-05 23:49:54 +08:00
Don't assume SELECT "updated_at" may write to the database. Closes #99
2013-07-08 23:36:53 +08:00
// Check X-Cache-Channel when querying "updated_at" fields
//
// See https://github.com/Vizzuality/CartoDB-SQL-API/issues/99
test('Field name is not confused with UPDATE operation', function(done){
assert.response(app, {
// view prepare_db.sh to see where to set api_key
url: "/api/v1/sql?api_key=1234&"
+ querystring.stringify({q:
"SELECT min(updated_at) FROM private_table"
}),
headers: {host: 'vizzuality.localhost.lan:8080' },
method: 'GET'
},{}, function(res) {
assert.equal(res.statusCode, 200, res.statusCode + ': ' + res.body);
Updates CDB_QueryTables to match the one from the extension. Fixes some tests to show the schema presence. Skip some tests that we need to review because with the current implementation of CDB_QueryTables dont make sense. CDB_QueryTables should be used from the extension as a dependency.
2014-06-26 17:22:40 +08:00
assert.equal(res.headers['x-cache-channel'], 'cartodb_test_user_1_db:public.private_table');
Don't assume SELECT "updated_at" may write to the database. Closes #99
2013-07-08 23:36:53 +08:00
done();
});
});
Set X-Cache-Channel to NONE when the SQL may write to the database Note that "may write" allows for false positive, so there could be less cache hits than possibly allowable. If this will be a problem for any real use case we could still improve the regular expression used to detect "writing" queries. Automated tests are added to check for the X-Cache-Channel header with both writing and read-only queries performed by authenticated requests. Closes #27 Closes #43
2012-10-15 19:20:37 +08:00
test('CREATE TABLE with GET and auth', function(done){
assert.response(app, {
url: "/api/v1/sql?" + querystring.stringify({
Recognize ALTER as a writing query
2012-10-15 19:40:04 +08:00
q: 'CREATE TABLE test_table(a int)',
Set X-Cache-Channel to NONE when the SQL may write to the database Note that "may write" allows for false positive, so there could be less cache hits than possibly allowable. If this will be a problem for any real use case we could still improve the regular expression used to detect "writing" queries. Automated tests are added to check for the X-Cache-Channel header with both writing and read-only queries performed by authenticated requests. Closes #27 Closes #43
2012-10-15 19:20:37 +08:00
api_key: 1234
}),
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
},{}, function(res) {
assert.equal(res.statusCode, 200, res.statusCode + ': ' + res.body);
// Check cache headers
// See https://github.com/Vizzuality/CartoDB-SQL-API/issues/43
Review cache-control headers: * Raise max-age to one year for all cacheable queries * Set max-age to 0 for uncacheable (mutating) queries
2013-07-22 23:21:38 +08:00
assert.ok(!res.hasOwnProperty('x-cache-channel'));
assert.equal(res.headers['cache-control'], expected_rw_cache_control);
Set X-Cache-Channel to NONE when the SQL may write to the database Note that "may write" allows for false positive, so there could be less cache hits than possibly allowable. If this will be a problem for any real use case we could still improve the regular expression used to detect "writing" queries. Automated tests are added to check for the X-Cache-Channel header with both writing and read-only queries performed by authenticated requests. Closes #27 Closes #43
2012-10-15 19:20:37 +08:00
done();
});
});
Fix use of "SELECT .. INTO" with windowing params Includes testcase. Closes #127
2014-01-10 00:24:48 +08:00
// See http://github.com/CartoDB/CartoDB-SQL-API/issues/127
test('SELECT INTO with paging ', function(done){
var esc_tabname = 'test ""select into""'; // escaped ident
Step(
function select_into() {
var next = this;
assert.response(app, {
url: "/api/v1/sql?" + querystring.stringify({
q: 'SELECT generate_series(1,10) InTO "' + esc_tabname + '"',
rows_per_page: 1, page: 1,
api_key: 1234
}),
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
},{}, function(res) { next(null, res); });
},
function check_res_test_fake_into_1(err, res) {
if ( err ) throw err;
assert.equal(res.statusCode, 200, res.statusCode + ': ' + res.body);
var next = this;
assert.response(app, {
url: "/api/v1/sql?" + querystring.stringify({
q: 'SELECT \' INTO "c"\' FROM "' + esc_tabname + '"',
rows_per_page: 1, page: 1,
api_key: 1234
}),
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
},{}, function(res) { next(null, res); });
},
function check_res_drop_table(err, res) {
if ( err ) throw err;
assert.equal(res.statusCode, 200, res.statusCode + ': ' + res.body);
var out = JSON.parse(res.body);
assert.equal(out.total_rows, 1); // windowing works
var next = this;
assert.response(app, {
url: "/api/v1/sql?" + querystring.stringify({
q: 'DROP TABLE "' + esc_tabname + '"',
api_key: 1234
}),
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
},{}, function(res) { next(null, res); });
},
function check_drop(err, res) {
if ( err ) throw err;
assert.equal(res.statusCode, 200, res.statusCode + ': ' + res.body);
return null;
},
function finish(err) {
done(err)
}
);
});
Fix crash when issuing SQL "COPY" command This involved upgrade of node-postgresql module. See https://github.com/brianc/node-postgres/issues/242
2013-01-17 16:59:48 +08:00
// Test effects of COPY
// See https://github.com/Vizzuality/cartodb-management/issues/1502
test('COPY TABLE with GET and auth', function(done){
assert.response(app, {
url: "/api/v1/sql?" + querystring.stringify({
q: 'COPY test_table FROM stdin;',
api_key: 1234
}),
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
},{}, function(res) {
// We expect a problem, actually
assert.equal(res.statusCode, 400, res.statusCode + ': ' + res.body);
Fix Content-Disposition for error responses. Closes #82
2013-02-13 20:32:34 +08:00
assert.deepEqual(res.headers['content-type'], 'application/json; charset=utf-8');
assert.deepEqual(res.headers['content-disposition'], 'inline');
Fix crash when issuing SQL "COPY" command This involved upgrade of node-postgresql module. See https://github.com/brianc/node-postgres/issues/242
2013-01-17 16:59:48 +08:00
assert.deepEqual(JSON.parse(res.body), {"error":["COPY from stdin failed: No source stream defined"]});
done();
});
});
Set X-Cache-Channel to NONE when the SQL may write to the database Note that "may write" allows for false positive, so there could be less cache hits than possibly allowable. If this will be a problem for any real use case we could still improve the regular expression used to detect "writing" queries. Automated tests are added to check for the X-Cache-Channel header with both writing and read-only queries performed by authenticated requests. Closes #27 Closes #43
2012-10-15 19:20:37 +08:00
Add a test for COPY TO file
2013-01-22 00:39:07 +08:00
test('COPY TABLE with GET and auth', function(done){
assert.response(app, {
url: "/api/v1/sql?" + querystring.stringify({
q: "COPY test_table to '/tmp/x';",
api_key: 1234
}),
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
},{}, function(res) {
// We expect a problem, actually
assert.equal(res.statusCode, 400, res.statusCode + ': ' + res.body);
Fix Content-Disposition for error responses. Closes #82
2013-02-13 20:32:34 +08:00
assert.deepEqual(res.headers['content-type'], 'application/json; charset=utf-8');
assert.deepEqual(res.headers['content-disposition'], 'inline');
Add a test for COPY TO file
2013-01-22 00:39:07 +08:00
assert.deepEqual(JSON.parse(res.body), {"error":["must be superuser to COPY to or from a file"]});
done();
});
});
Recognize ALTER as a writing query
2012-10-15 19:40:04 +08:00
test('ALTER TABLE with GET and auth', function(done){
assert.response(app, {
url: "/api/v1/sql?" + querystring.stringify({
q: 'ALTER TABLE test_table ADD b int',
api_key: 1234
}),
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
},{}, function(res) {
assert.equal(res.statusCode, 200, res.statusCode + ': ' + res.body);
// Check cache headers
// See https://github.com/Vizzuality/CartoDB-SQL-API/issues/43
Review cache-control headers: * Raise max-age to one year for all cacheable queries * Set max-age to 0 for uncacheable (mutating) queries
2013-07-22 23:21:38 +08:00
assert.ok(!res.hasOwnProperty('x-cache-channel'));
assert.equal(res.headers['cache-control'], expected_rw_cache_control);
Recognize ALTER as a writing query
2012-10-15 19:40:04 +08:00
done();
});
});
Add test for multi-statement and begin/commit
2013-02-19 01:39:09 +08:00
test('multistatement insert, alter, select, begin, commit', function(done){
assert.response(app, {
url: "/api/v1/sql?" + querystring.stringify({
Upgrade node-postgresql to ~1.1.3 fixing evented query model
2013-06-06 23:06:06 +08:00
q: 'BEGIN; DELETE FROM test_table; COMMIT; BEGIN; INSERT INTO test_table(b) values (5); COMMIT; ALTER TABLE test_table ALTER b TYPE float USING b::float/2; SELECT b FROM test_table;',
Add test for multi-statement and begin/commit
2013-02-19 01:39:09 +08:00
api_key: 1234
}),
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
},{}, function(res) {
assert.equal(res.statusCode, 200, res.statusCode + ': ' + res.body);
var parsedBody = JSON.parse(res.body);
assert.equal(parsedBody.total_rows, 1);
assert.deepEqual(parsedBody.rows[0], {b:2.5});
done();
});
});
Do not request caching of TRUNCATE queries
2013-05-07 00:21:22 +08:00
test('TRUNCATE TABLE with GET and auth', function(done){
assert.response(app, {
url: "/api/v1/sql?" + querystring.stringify({
q: 'TRUNCATE TABLE test_table',
api_key: 1234
}),
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
},{}, function(res) {
assert.equal(res.statusCode, 200, res.statusCode + ': ' + res.body);
Review cache-control headers: * Raise max-age to one year for all cacheable queries * Set max-age to 0 for uncacheable (mutating) queries
2013-07-22 23:21:38 +08:00
assert.ok(!res.hasOwnProperty('x-cache-channel'));
assert.equal(res.headers['cache-control'], expected_rw_cache_control);
Do not request caching of TRUNCATE queries
2013-05-07 00:21:22 +08:00
var pbody = JSON.parse(res.body);
assert.equal(pbody.rows.length, 0);
assert.response(app, {
url: "/api/v1/sql?" + querystring.stringify({
q: 'SELECT count(*) FROM test_table',
api_key: 1234
}),
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
},{}, function(res) {
assert.equal(res.statusCode, 200, res.statusCode + ': ' + res.body);
Updates CDB_QueryTables to match the one from the extension. Fixes some tests to show the schema presence. Skip some tests that we need to review because with the current implementation of CDB_QueryTables dont make sense. CDB_QueryTables should be used from the extension as a dependency.
2014-06-26 17:22:40 +08:00
assert.equal(res.headers['x-cache-channel'], 'cartodb_test_user_1_db:public.test_table');
Do not request caching of TRUNCATE queries
2013-05-07 00:21:22 +08:00
assert.equal(res.headers['cache-control'], expected_cache_control);
var pbody = JSON.parse(res.body);
assert.equal(pbody.total_rows, 1);
assert.equal(pbody.rows[0]['count'], 0);
done();
});
});
});
Add REINDEX to the list of uncacheable queries
2013-07-25 00:43:38 +08:00
test('REINDEX TABLE with GET and auth', function(done){
assert.response(app, {
url: "/api/v1/sql?" + querystring.stringify({
q: ' ReINdEX TABLE test_table',
api_key: 1234
}),
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
},{}, function(res) {
assert.equal(res.statusCode, 200, res.statusCode + ': ' + res.body);
assert.ok(!res.hasOwnProperty('x-cache-channel'));
assert.equal(res.headers['cache-control'], expected_rw_cache_control);
var pbody = JSON.parse(res.body);
assert.equal(pbody.rows.length, 0);
done();
});
});
Set X-Cache-Channel to NONE when the SQL may write to the database Note that "may write" allows for false positive, so there could be less cache hits than possibly allowable. If this will be a problem for any real use case we could still improve the regular expression used to detect "writing" queries. Automated tests are added to check for the X-Cache-Channel header with both writing and read-only queries performed by authenticated requests. Closes #27 Closes #43
2012-10-15 19:20:37 +08:00
test('DROP TABLE with GET and auth', function(done){
assert.response(app, {
url: "/api/v1/sql?" + querystring.stringify({
Recognize ALTER as a writing query
2012-10-15 19:40:04 +08:00
q: 'DROP TABLE test_table',
Set X-Cache-Channel to NONE when the SQL may write to the database Note that "may write" allows for false positive, so there could be less cache hits than possibly allowable. If this will be a problem for any real use case we could still improve the regular expression used to detect "writing" queries. Automated tests are added to check for the X-Cache-Channel header with both writing and read-only queries performed by authenticated requests. Closes #27 Closes #43
2012-10-15 19:20:37 +08:00
api_key: 1234
}),
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
},{}, function(res) {
assert.equal(res.statusCode, 200, res.statusCode + ': ' + res.body);
// Check cache headers
// See https://github.com/Vizzuality/CartoDB-SQL-API/issues/43
Review cache-control headers: * Raise max-age to one year for all cacheable queries * Set max-age to 0 for uncacheable (mutating) queries
2013-07-22 23:21:38 +08:00
assert.ok(!res.hasOwnProperty('x-cache-channel'));
assert.equal(res.headers['cache-control'], expected_rw_cache_control);
Set X-Cache-Channel to NONE when the SQL may write to the database Note that "may write" allows for false positive, so there could be less cache hits than possibly allowable. If this will be a problem for any real use case we could still improve the regular expression used to detect "writing" queries. Automated tests are added to check for the X-Cache-Channel header with both writing and read-only queries performed by authenticated requests. Closes #27 Closes #43
2012-10-15 19:20:37 +08:00
done();
});
});
test('CREATE FUNCTION with GET and auth', function(done){
assert.response(app, {
url: "/api/v1/sql?" + querystring.stringify({
q: 'CREATE FUNCTION create_func_test(a int) RETURNS INT AS \'SELECT 1\' LANGUAGE \'sql\'',
api_key: 1234
}),
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
},{}, function(res) {
assert.equal(res.statusCode, 200, res.statusCode + ': ' + res.body);
// Check cache headers
// See https://github.com/Vizzuality/CartoDB-SQL-API/issues/43
Review cache-control headers: * Raise max-age to one year for all cacheable queries * Set max-age to 0 for uncacheable (mutating) queries
2013-07-22 23:21:38 +08:00
assert.ok(!res.hasOwnProperty('x-cache-channel'));
assert.equal(res.headers['cache-control'], expected_rw_cache_control);
Set X-Cache-Channel to NONE when the SQL may write to the database Note that "may write" allows for false positive, so there could be less cache hits than possibly allowable. If this will be a problem for any real use case we could still improve the regular expression used to detect "writing" queries. Automated tests are added to check for the X-Cache-Channel header with both writing and read-only queries performed by authenticated requests. Closes #27 Closes #43
2012-10-15 19:20:37 +08:00
done();
});
});
test('DROP FUNCTION with GET and auth', function(done){
assert.response(app, {
url: "/api/v1/sql?" + querystring.stringify({
q: 'DROP FUNCTION create_func_test(a int)',
api_key: 1234
}),
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
},{}, function(res) {
assert.equal(res.statusCode, 200, res.statusCode + ': ' + res.body);
// Check cache headers
// See https://github.com/Vizzuality/CartoDB-SQL-API/issues/43
Review cache-control headers: * Raise max-age to one year for all cacheable queries * Set max-age to 0 for uncacheable (mutating) queries
2013-07-22 23:21:38 +08:00
assert.ok(!res.hasOwnProperty('x-cache-channel'));
assert.equal(res.headers['cache-control'], expected_rw_cache_control);
Set X-Cache-Channel to NONE when the SQL may write to the database Note that "may write" allows for false positive, so there could be less cache hits than possibly allowable. If this will be a problem for any real use case we could still improve the regular expression used to detect "writing" queries. Automated tests are added to check for the X-Cache-Channel header with both writing and read-only queries performed by authenticated requests. Closes #27 Closes #43
2012-10-15 19:20:37 +08:00
done();
});
});
Use "attachment" Content-Disposition for all output formats. Closes #61, includes tests NOTE: this includes the default "json" format.
2012-10-25 19:34:06 +08:00
test('sends a 400 when an unsupported format is requested', function(done){
tidy geojson, add content-disposition and remove KML for now. Closes #7
2011-10-28 19:11:18 +08:00
assert.response(app, {
Use "attachment" Content-Disposition for all output formats. Closes #61, includes tests NOTE: this includes the default "json" format.
2012-10-25 19:34:06 +08:00
url: '/api/v1/sql?q=SELECT%20*%20FROM%20untitle_table_4&format=unknown',
Survive multiple "format" parameters, only using last one
2012-10-12 17:42:03 +08:00
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
},{ }, function(res){
Use "attachment" Content-Disposition for all output formats. Closes #61, includes tests NOTE: this includes the default "json" format.
2012-10-25 19:34:06 +08:00
assert.equal(res.statusCode, 400, res.body);
Fix Content-Disposition for error responses. Closes #82
2013-02-13 20:32:34 +08:00
assert.deepEqual(res.headers['content-type'], 'application/json; charset=utf-8');
assert.deepEqual(res.headers['content-disposition'], 'inline');
Use "attachment" Content-Disposition for all output formats. Closes #61, includes tests NOTE: this includes the default "json" format.
2012-10-25 19:34:06 +08:00
assert.deepEqual(JSON.parse(res.body), {"error":[ "Invalid format: unknown" ]});
Survive multiple "format" parameters, only using last one
2012-10-12 17:42:03 +08:00
done();
});
});
Use "attachment" Content-Disposition for all output formats. Closes #61, includes tests NOTE: this includes the default "json" format.
2012-10-25 19:34:06 +08:00
test('GET /api/v1/sql with SQL parameter and no format, ensuring content-disposition set to json', function(done){
Survive multiple "format" parameters, only using last one
2012-10-12 17:42:03 +08:00
assert.response(app, {
Use "attachment" Content-Disposition for all output formats. Closes #61, includes tests NOTE: this includes the default "json" format.
2012-10-25 19:34:06 +08:00
url: '/api/v1/sql?q=SELECT%20*%20FROM%20untitle_table_4',
tidy geojson, add content-disposition and remove KML for now. Closes #7
2011-10-28 19:11:18 +08:00
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
Print body on unexpected non-200 response status
2012-07-13 17:01:32 +08:00
},{ }, function(res){
assert.equal(res.statusCode, 200, res.body);
Use inline disposition when no format and no filename are given See #61
2012-11-13 02:44:16 +08:00
var ct = res.header('Content-Type');
assert.ok(/json/.test(ct), 'Default format is not JSON: ' + ct);
tidy geojson, add content-disposition and remove KML for now. Closes #7
2011-10-28 19:11:18 +08:00
var cd = res.header('Content-Disposition');
Use inline disposition when no format and no filename are given See #61
2012-11-13 02:44:16 +08:00
assert.equal(true, /^inline/.test(cd), 'Default format is not disposed inline: ' + cd);
Add support for specifying a filename for exports. Closes #64 Sets release target to 1.3.0, due to parameter addition
2012-11-12 19:37:34 +08:00
assert.equal(true, /filename=cartodb-query.json/gi.test(cd), 'Unexpected JSON filename: ' + cd);
Port tests to mocha. Closes #35.
2012-07-13 04:54:12 +08:00
done();
tidy geojson, add content-disposition and remove KML for now. Closes #7
2011-10-28 19:11:18 +08:00
});
Port tests to mocha. Closes #35.
2012-07-13 04:54:12 +08:00
});
tidy geojson, add content-disposition and remove KML for now. Closes #7
2011-10-28 19:11:18 +08:00
Never dispose "inline" when using POST.
2012-11-14 02:26:36 +08:00
test('POST /api/v1/sql with SQL parameter and no format, ensuring content-disposition set to json', function(done){
assert.response(app, {
Changes authentication to start using public user if it is defined in redis.
2014-07-04 22:47:59 +08:00
url: '/api/v1/sql',
Never dispose "inline" when using POST.
2012-11-14 02:26:36 +08:00
data: querystring.stringify({q: "SELECT * FROM untitle_table_4" }),
headers: {host: 'vizzuality.cartodb.com', 'Content-Type': 'application/x-www-form-urlencoded' },
method: 'POST'
},{ }, function(res){
assert.equal(res.statusCode, 200, res.body);
var ct = res.header('Content-Type');
assert.ok(/json/.test(ct), 'Default format is not JSON: ' + ct);
var cd = res.header('Content-Disposition');
Use inline attachment also with POST, if format isn't given
2012-11-14 23:30:18 +08:00
assert.equal(true, /^inline/.test(cd), 'Default format is not disposed inline: ' + cd);
Never dispose "inline" when using POST.
2012-11-14 02:26:36 +08:00
assert.equal(true, /filename=cartodb-query.json/gi.test(cd), 'Unexpected JSON filename: ' + cd);
done();
});
});
Use inline disposition when no format and no filename are given See #61
2012-11-13 02:44:16 +08:00
test('GET /api/v1/sql with SQL parameter and no format, but a filename', function(done){
assert.response(app, {
url: '/api/v1/sql?q=SELECT%20*%20FROM%20untitle_table_4&filename=x',
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
},{ }, function(res){
assert.equal(res.statusCode, 200, res.body);
var ct = res.header('Content-Type');
assert.ok(/json/.test(ct), 'Default format is not JSON: ' + ct);
var cd = res.header('Content-Disposition');
assert.equal(true, /^attachment/.test(cd), 'Format with filename is not disposed as attachment: ' + cd);
assert.equal(true, /filename=x.json/gi.test(cd), 'Unexpected JSON filename: ' + cd);
done();
});
});
Support for specifying a list of fields to skip from output. Closes #63
2012-11-13 00:10:16 +08:00
test('field named "the_geom_webmercator" is not skipped by default', function(done){
assert.response(app, {
url: '/api/v1/sql?q=SELECT%20*%20FROM%20untitle_table_4',
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
},{ }, function(res){
assert.equal(res.statusCode, 200, res.body);
var row0 = JSON.parse(res.body).rows[0];
var checkfields = {'name':1, 'cartodb_id':1, 'the_geom':1, 'the_geom_webmercator':1};
for ( var f in checkfields ) {
if ( checkfields[f] ) {
assert.ok(row0.hasOwnProperty(f), "result does not include '" + f + "'");
} else {
assert.ok(!row0.hasOwnProperty(f), "result includes '" + f + "'");
}
}
done();
});
});
test('skipfields controls included fields', function(done){
assert.response(app, {
url: '/api/v1/sql?q=SELECT%20*%20FROM%20untitle_table_4&skipfields=the_geom_webmercator,cartodb_id,unexistant',
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
},{ }, function(res){
assert.equal(res.statusCode, 200, res.body);
var row0 = JSON.parse(res.body).rows[0];
var checkfields = {'name':1, 'cartodb_id':0, 'the_geom':1, 'the_geom_webmercator':0};
for ( var f in checkfields ) {
if ( checkfields[f] ) {
assert.ok(row0.hasOwnProperty(f), "result does not include '" + f + "'");
} else {
assert.ok(!row0.hasOwnProperty(f), "result includes '" + f + "'");
}
}
done();
});
});
Do not choke on multiple `skipfields` parameter
2013-05-06 18:30:32 +08:00
test('multiple skipfields parameter do not kill the backend', function(done){
assert.response(app, {
url: '/api/v1/sql?q=SELECT%20*%20FROM%20untitle_table_4&skipfields=unexistent,the_geom_webmercator&skipfields=cartodb_id,unexistant',
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
},{ }, function(res){
assert.equal(res.statusCode, 200, res.body);
var row0 = JSON.parse(res.body).rows[0];
var checkfields = {'name':1, 'cartodb_id':0, 'the_geom':1, 'the_geom_webmercator':0};
for ( var f in checkfields ) {
if ( checkfields[f] ) {
assert.ok(row0.hasOwnProperty(f), "result does not include '" + f + "'");
} else {
assert.ok(!row0.hasOwnProperty(f), "result includes '" + f + "'");
}
}
done();
});
});
Updates CDB_QueryTables to match the one from the extension. Fixes some tests to show the schema presence. Skip some tests that we need to review because with the current implementation of CDB_QueryTables dont make sense. CDB_QueryTables should be used from the extension as a dependency.
2014-06-26 17:22:40 +08:00
test.skip('GET /api/v1/sql ensure cross domain set on errors', function(done){
Send a 404 on unsupported format requested
2012-10-12 18:17:35 +08:00
assert.response(app, {
Use "attachment" Content-Disposition for all output formats. Closes #61, includes tests NOTE: this includes the default "json" format.
2012-10-25 19:34:06 +08:00
url: '/api/v1/sql?q=SELECT%20*gadfgadfg%20FROM%20untitle_table_4',
Send a 404 on unsupported format requested
2012-10-12 18:17:35 +08:00
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
Use "attachment" Content-Disposition for all output formats. Closes #61, includes tests NOTE: this includes the default "json" format.
2012-10-25 19:34:06 +08:00
},{
status: 400
}, function(res){
var cd = res.header('Access-Control-Allow-Origin');
Fix Content-Disposition for error responses. Closes #82
2013-02-13 20:32:34 +08:00
assert.deepEqual(res.headers['content-type'], 'application/json; charset=utf-8');
assert.deepEqual(res.headers['content-disposition'], 'inline');
Use "attachment" Content-Disposition for all output formats. Closes #61, includes tests NOTE: this includes the default "json" format.
2012-10-25 19:34:06 +08:00
assert.equal(cd, '*');
Send a 404 on unsupported format requested
2012-10-12 18:17:35 +08:00
done();
});
});
Use "attachment" Content-Disposition for all output formats. Closes #61, includes tests NOTE: this includes the default "json" format.
2012-10-25 19:34:06 +08:00
test('cannot GET system tables', function(done){
Make using SET or querying system catalogues harder An hack to "prevent" querying system tables already existed but was pretty weak. This commits makes that a bit stronger. The filter for SET is new.
2013-04-09 17:49:05 +08:00
var req = { headers: {host: 'vizzuality.cartodb.com'},
method: 'GET' };
var pre = '/api/v1/sql?';
Step(
function trySysTable1() {
req.url = pre + querystring.stringify({q: 'SELECT * FROM pg_attribute'});
var next = this;
assert.response( app, req, function(res) { next(null, res); } );
},
function chkSysTable1_trySysTable2(err, res) {
if ( err ) throw err;
var next = this;
assert.equal(res.statusCode, 403);
req.url = pre + querystring.stringify({q: 'SELECT * FROM PG_attribute'});
assert.response(app, req, function(res) { next(null, res); });
},
function chkSysTable2_trySysTable3(err, res) {
if ( err ) throw err;
var next = this;
assert.equal(res.statusCode, 403);
req.url = pre + querystring.stringify({q: 'SELECT * FROM "pg_attribute"'});
assert.response(app, req, function(res) { next(null, res); });
},
Another bit of improvement for the system-table query prevention This work is more important for the testcases than the actual code
2013-04-09 18:20:27 +08:00
function chkSysTable3_trySysTable4(err, res) {
if ( err ) throw err;
var next = this;
assert.equal(res.statusCode, 403);
req.url = pre + querystring.stringify({q: 'SELECT a.* FROM untitle_table_4 a,pg_attribute'});
assert.response(app, req, function(res) { next(null, res); });
},
Rework system catalogue prevention access check to use CDB_QueryTables This change reduces the chances of false positive (forbidding legit queries). Doesn't solve the problem of false negative (allowing illegit queries).
2013-04-09 18:36:37 +08:00
function chkSysTable4_tryValidPg1(err, res) {
Make using SET or querying system catalogues harder An hack to "prevent" querying system tables already existed but was pretty weak. This commits makes that a bit stronger. The filter for SET is new.
2013-04-09 17:49:05 +08:00
if ( err ) throw err;
var next = this;
assert.equal(res.statusCode, 403);
Rework system catalogue prevention access check to use CDB_QueryTables This change reduces the chances of false positive (forbidding legit queries). Doesn't solve the problem of false negative (allowing illegit queries).
2013-04-09 18:36:37 +08:00
req.url = pre + querystring.stringify({q: "SELECT 'pg_'"});
assert.response(app, req, function(res) { next(null, res); });
},
function chkValidPg1_tryValidPg2(err, res) {
if ( err ) throw err;
var next = this;
assert.equal(res.statusCode, 200);
req.url = pre + querystring.stringify({q: "SELECT pg_attribute FROM ( select 1 as pg_attribute ) as f"});
assert.response(app, req, function(res) { next(null, res); });
},
Allow access to tables whose name contains "pg_" (but not at beginning) Closes #118
2013-11-07 17:16:58 +08:00
// See http://github.com/CartoDB/CartoDB-SQL-API/issues/118
function chkValidPg1_tryValidPg3_b(err, res) {
if ( err ) throw err;
var next = this;
assert.equal(res.statusCode, 200, res.statusCode + ':' + res.body);
req.url = pre + querystring.stringify({q: "SELECT * FROM cpg_test"});
assert.response(app, req, function(res) { next(null, res); });
},
Rework system catalogue prevention access check to use CDB_QueryTables This change reduces the chances of false positive (forbidding legit queries). Doesn't solve the problem of false negative (allowing illegit queries).
2013-04-09 18:36:37 +08:00
function chkValidPg2_trySet1(err, res) {
if ( err ) throw err;
var next = this;
Allow access to tables whose name contains "pg_" (but not at beginning) Closes #118
2013-11-07 17:16:58 +08:00
assert.equal(res.statusCode, 200, res.statusCode + ':' + res.body);
Make using SET or querying system catalogues harder An hack to "prevent" querying system tables already existed but was pretty weak. This commits makes that a bit stronger. The filter for SET is new.
2013-04-09 17:49:05 +08:00
req.url = pre + querystring.stringify({q: ' set statement_timeout TO 400'});
assert.response(app, req, function(res) { next(null, res); });
},
function chkSet1_trySet2(err, res) {
if ( err ) throw err;
var next = this;
assert.equal(res.statusCode, 403);
req.url = pre + querystring.stringify({q: ' SET work_mem TO 80000'});
assert.response(app, req, function(res) { next(null, res); });
},
function chkSet2(err, res) {
if ( err ) throw err;
var next = this;
return true;
},
function finish(err) {
done(err);
}
);
Initial support for SVG output (#49) This version only dumps the geometries with no identifier. Scales geometries to fit in a 1024x768 pixels area, using a circle radius of 5 pixels, a stroke-width of 1 pixel and no fill. Supports trimming number of decimals. Adds a viewBox tag to fit the drawing to the output device window. Includes an automated testcase.
2012-09-11 18:22:27 +08:00
});
Use "attachment" Content-Disposition for all output formats. Closes #61, includes tests NOTE: this includes the default "json" format.
2012-10-25 19:34:06 +08:00
test('GET decent error if domain is incorrect', function(done){
Initial support for SVG output (#49) This version only dumps the geometries with no identifier. Scales geometries to fit in a 1024x768 pixels area, using a circle radius of 5 pixels, a stroke-width of 1 pixel and no fill. Supports trimming number of decimals. Adds a viewBox tag to fit the drawing to the output device window. Includes an automated testcase.
2012-09-11 18:22:27 +08:00
assert.response(app, {
Use "attachment" Content-Disposition for all output formats. Closes #61, includes tests NOTE: this includes the default "json" format.
2012-10-25 19:34:06 +08:00
url: '/api/v1/sql?q=SELECT%20*%20FROM%20untitle_table_4&format=geojson',
headers: {host: 'vizzualinot.cartodb.com'},
Initial support for SVG output (#49) This version only dumps the geometries with no identifier. Scales geometries to fit in a 1024x768 pixels area, using a circle radius of 5 pixels, a stroke-width of 1 pixel and no fill. Supports trimming number of decimals. Adds a viewBox tag to fit the drawing to the output device window. Includes an automated testcase.
2012-09-11 18:22:27 +08:00
method: 'GET'
CartoDB redis interaction delegated to "cartodb-redis" module
2013-11-16 01:36:49 +08:00
}, {}, function(res){
assert.equal(res.statusCode, 404, res.statusCode + ( res.statusCode != 200 ? ( ': ' + res.body ) : ''));
Fix Content-Disposition for error responses. Closes #82
2013-02-13 20:32:34 +08:00
assert.deepEqual(res.headers['content-type'], 'application/json; charset=utf-8');
assert.deepEqual(res.headers['content-disposition'], 'inline');
Use "attachment" Content-Disposition for all output formats. Closes #61, includes tests NOTE: this includes the default "json" format.
2012-10-25 19:34:06 +08:00
var result = JSON.parse(res.body);
Enhance error message on unknown cartodb username Closes #126
2013-12-18 19:02:51 +08:00
assert.equal(result.error[0],"Sorry, we can't find CartoDB user 'vizzualinot'. Please check that you have entered the correct domain.");
Initial support for SVG output (#49) This version only dumps the geometries with no identifier. Scales geometries to fit in a 1024x768 pixels area, using a circle radius of 5 pixels, a stroke-width of 1 pixel and no fill. Supports trimming number of decimals. Adds a viewBox tag to fit the drawing to the output device window. Includes an automated testcase.
2012-09-11 18:22:27 +08:00
done();
});
});
Updates CDB_QueryTables to match the one from the extension. Fixes some tests to show the schema presence. Skip some tests that we need to review because with the current implementation of CDB_QueryTables dont make sense. CDB_QueryTables should be used from the extension as a dependency.
2014-06-26 17:22:40 +08:00
// this test does not make sense with the current CDB_QueryTables implementation
test.skip('GET decent error if SQL is broken', function(done){
Initial support for SVG output (#49) This version only dumps the geometries with no identifier. Scales geometries to fit in a 1024x768 pixels area, using a circle radius of 5 pixels, a stroke-width of 1 pixel and no fill. Supports trimming number of decimals. Adds a viewBox tag to fit the drawing to the output device window. Includes an automated testcase.
2012-09-11 18:22:27 +08:00
assert.response(app, {
Use "attachment" Content-Disposition for all output formats. Closes #61, includes tests NOTE: this includes the default "json" format.
2012-10-25 19:34:06 +08:00
url: '/api/v1/sql?' + querystring.stringify({q:
'SELECT star FROM this and that'
}),
Initial support for SVG output (#49) This version only dumps the geometries with no identifier. Scales geometries to fit in a 1024x768 pixels area, using a circle radius of 5 pixels, a stroke-width of 1 pixel and no fill. Supports trimming number of decimals. Adds a viewBox tag to fit the drawing to the output device window. Includes an automated testcase.
2012-09-11 18:22:27 +08:00
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
Use "attachment" Content-Disposition for all output formats. Closes #61, includes tests NOTE: this includes the default "json" format.
2012-10-25 19:34:06 +08:00
},{}, function(res){
assert.equal(res.statusCode, 400, res.statusCode + ': ' + res.body);
Fix Content-Disposition for error responses. Closes #82
2013-02-13 20:32:34 +08:00
assert.deepEqual(res.headers['content-type'], 'application/json; charset=utf-8');
assert.deepEqual(res.headers['content-disposition'], 'inline');
Use "attachment" Content-Disposition for all output formats. Closes #61, includes tests NOTE: this includes the default "json" format.
2012-10-25 19:34:06 +08:00
var result = JSON.parse(res.body);
// NOTE: actual error message may be slighly different, possibly worth a regexp here
assert.equal(result.error[0], 'syntax error at or near "and"');
done();
Initial support for SVG output (#49) This version only dumps the geometries with no identifier. Scales geometries to fit in a 1024x768 pixels area, using a circle radius of 5 pixels, a stroke-width of 1 pixel and no fill. Supports trimming number of decimals. Adds a viewBox tag to fit the drawing to the output device window. Includes an automated testcase.
2012-09-11 18:22:27 +08:00
});
});
Fix parsing of numeric arrays. Closes #88. Includes testcase, requires using a fork of node-postgresql.
2013-03-14 18:41:07 +08:00
// See https://github.com/Vizzuality/CartoDB-SQL-API/issues/88
test('numeric arrays are rendered as such', function(done){
assert.response(app, {
url: "/api/v1/sql?"
+ querystring.stringify({q:
"SELECT ARRAY[8.7,4.3]::numeric[] as x"
}),
headers: {host: 'vizzuality.localhost.lan:8080' },
method: 'GET'
},{}, function(res) {
assert.equal(res.statusCode, 200, res.statusCode + ': ' + res.body);
var out = JSON.parse(res.body);
assert.ok(out.hasOwnProperty('time'));
assert.equal(out.total_rows, 1);
assert.equal(out.rows.length, 1);
assert.ok(out.rows[0].hasOwnProperty('x'));
assert.equal(out.rows[0].x.length, 2);
assert.equal(out.rows[0].x[0], '8.7');
assert.equal(out.rows[0].x[1], '4.3');
assert.equal(res.headers['x-cache-channel'], 'cartodb_test_user_1_db:'); // keep forever
done();
});
});
Add "fields" member in JSON return. Closes #97
2013-06-15 00:35:04 +08:00
// See https://github.com/Vizzuality/CartoDB-SQL-API/issues/97
test('field names and types are exposed', function(done){
assert.response(app, {
url: '/api/v1/sql?' + querystring.stringify({
q: "SELECT 1::int as a, 2::float8 as b, 3::varchar as c, " +
JSON format: correctly recognize "date" type columns Closes #117 -- includes testcase
2013-11-06 18:43:56 +08:00
"4::char as d, now() as e, 'a'::text as f" +
", 1::bool as g" +
", 'POINT(0 0)'::geometry as h" +
// See https://github.com/CartoDB/CartoDB-SQL-API/issues/117
", now()::date as i" +
Changes authentication to start using public user if it is defined in redis.
2014-07-04 22:47:59 +08:00
", '1'::numeric as j" +
JSON format: correctly recognize "date" type columns Closes #117 -- includes testcase
2013-11-06 18:43:56 +08:00
" LIMIT 0"
Add "fields" member in JSON return. Closes #97
2013-06-15 00:35:04 +08:00
}),
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
},{ }, function(res) {
assert.equal(res.statusCode, 200, res.body);
var parsedBody = JSON.parse(res.body);
fixed #119
2013-11-09 23:55:40 +08:00
assert.equal(_.keys(parsedBody.fields).length, 10);
Add "fields" member in JSON return. Closes #97
2013-06-15 00:35:04 +08:00
assert.equal(parsedBody.fields.a.type, 'number');
assert.equal(parsedBody.fields.b.type, 'number');
assert.equal(parsedBody.fields.c.type, 'string');
assert.equal(parsedBody.fields.d.type, 'string');
assert.equal(parsedBody.fields.e.type, 'date');
Add support for "text" datatypes in json output format
2013-07-04 22:03:05 +08:00
assert.equal(parsedBody.fields.f.type, 'string');
Report boolean values as of boolean type, not string. Closes #106
2013-08-22 19:44:21 +08:00
assert.equal(parsedBody.fields.g.type, 'boolean');
Improve recognition of non-standard field types names by db lookup Closes #112. Only looks up "geometry" and "raster" types for now, can be improved over time.
2013-10-02 16:22:13 +08:00
assert.equal(parsedBody.fields.h.type, 'geometry');
JSON format: correctly recognize "date" type columns Closes #117 -- includes testcase
2013-11-06 18:43:56 +08:00
assert.equal(parsedBody.fields.i.type, 'date');
fixed #119
2013-11-09 23:55:40 +08:00
assert.equal(parsedBody.fields.j.type, 'number');
Add "fields" member in JSON return. Closes #97
2013-06-15 00:35:04 +08:00
done();
});
});
Honour skipfields in JSON schema response. Closes #109
2013-09-26 19:26:45 +08:00
// See https://github.com/CartoDB/CartoDB-SQL-API/issues/109
test('schema response takes skipfields into account', function(done){
assert.response(app, {
url: '/api/v1/sql?' + querystring.stringify({
q: "SELECT 1 as a, 2 as b, 3 as c ",
skipfields: 'b'
}),
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
},{ }, function(res) {
assert.equal(res.statusCode, 200, res.body);
var parsedBody = JSON.parse(res.body);
assert.equal(_.keys(parsedBody.fields).length, 2);
assert.ok(parsedBody.fields.hasOwnProperty('a'));
assert.ok(!parsedBody.fields.hasOwnProperty('b'));
assert.ok(parsedBody.fields.hasOwnProperty('c'));
done();
});
});
Parse all numbers as floats. Closes #100
2013-07-10 03:50:28 +08:00
// See https://github.com/Vizzuality/CartoDB-SQL-API/issues/100
test('numeric fields are rendered as numbers in JSON', function(done){
assert.response(app, {
url: '/api/v1/sql?' + querystring.stringify({
q: "WITH inp AS ( SELECT 1::int2 as a, 2::int4 as b, " +
"3::int8 as c, 4::float4 as d, " +
"5::float8 as e, 6::numeric as f" +
") SELECT a,b,c,d,e,f," +
" ARRAY[a] AS _a, " +
" ARRAY[b] AS _b, " +
" ARRAY[c] AS _c, " +
" ARRAY[d] AS _d, " +
" ARRAY[e] AS _e, " +
" ARRAY[f] AS _f " +
"FROM inp"
}),
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
},{ }, function(res) {
assert.equal(res.statusCode, 200, res.body);
var parsedBody = JSON.parse(res.body);
var row = parsedBody.rows[0];
assert.equal(typeof(row.a), 'number');
assert.equal(typeof(row.b), 'number');
assert.equal(typeof(row.c), 'number');
assert.equal(typeof(row.d), 'number');
assert.equal(typeof(row.e), 'number');
assert.equal(typeof(row.f), 'number');
assert.equal(typeof(row._a[0]), 'number');
assert.equal(typeof(row._b[0]), 'number');
assert.equal(typeof(row._c[0]), 'number');
assert.equal(typeof(row._d[0]), 'number');
assert.equal(typeof(row._e[0]), 'number');
assert.equal(typeof(row._f[0]), 'number');
done();
});
});
Retain UTC offset in JSON output for dates Hopefully helps reducing confusion when using timezone-less with postgresql, in that the time that comes out of JSON output matches the one input by user, except it may be in an unexpected timezone (the server's one)
2013-06-19 18:24:04 +08:00
// Timezone information is retained with JSON output
//
// NOTE: results of these tests rely on the TZ env variable
// being set to 'Europe/Rome'. The env variable cannot
Changes authentication to start using public user if it is defined in redis.
2014-07-04 22:47:59 +08:00
// be set within this test in a reliable way, see
Retain UTC offset in JSON output for dates Hopefully helps reducing confusion when using timezone-less with postgresql, in that the time that comes out of JSON output matches the one input by user, except it may be in an unexpected timezone (the server's one)
2013-06-19 18:24:04 +08:00
// https://github.com/joyent/node/issues/3286
//
// FIXME: we'd like to also test UTC outputs of these
// numbers, but it'd currently take running the
// test again (new mocha run) with a different TZ
//
test('timezone info in JSON output', function(done){
Step(
function testEuropeRomeExplicit() {
var next = this;
assert.response(app, {
url: '/api/v1/sql?' + querystring.stringify({
q: "SET timezone TO 'Europe/Rome'; SELECT '2000-01-01T00:00:00+01'::timestamptz as d"
}),
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
},{ }, function(res) {
try {
assert.equal(res.statusCode, 200, res.body);
var parsedBody = JSON.parse(res.body);
assert.equal(parsedBody.rows[0].d, '2000-01-01T00:00:00+0100');
next();
} catch (err) {
next(err);
}
});
},
function testEuropeRomeImplicit(err) {
if ( err ) throw err;
var next = this;
assert.response(app, {
url: '/api/v1/sql?' + querystring.stringify({
q: "SET timezone TO 'Europe/Rome'; SELECT '2000-01-01T00:00:00'::timestamp as d"
}),
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
},{ }, function(res) {
try {
assert.equal(res.statusCode, 200, res.body);
var parsedBody = JSON.parse(res.body);
assert.equal(parsedBody.rows[0].d, '2000-01-01T00:00:00+0100');
next();
} catch (err) {
next(err);
}
});
},
function testUTCExplicit(err) {
if ( err ) throw err;
var next = this;
assert.response(app, {
url: '/api/v1/sql?' + querystring.stringify({
q: "SET timezone TO 'UTC'; SELECT '2000-01-01T00:00:00+00'::timestamptz as d"
}),
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
},{ }, function(res) {
try {
assert.equal(res.statusCode, 200, res.body);
var parsedBody = JSON.parse(res.body);
assert.equal(parsedBody.rows[0].d, '2000-01-01T01:00:00+0100');
next();
} catch (err) {
next(err);
}
});
},
function testUTCImplicit(err) {
if ( err ) throw err;
var next = this;
assert.response(app, {
url: '/api/v1/sql?' + querystring.stringify({
q: "SET timezone TO 'UTC'; SELECT '2000-01-01T00:00:00'::timestamp as d"
}),
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
},{ }, function(res) {
try {
assert.equal(res.statusCode, 200, res.body);
var parsedBody = JSON.parse(res.body);
assert.equal(parsedBody.rows[0].d, '2000-01-01T00:00:00+0100');
next();
} catch (err) {
next(err);
}
});
},
function finish(err) {
done(err);
}
);
});
Add warnings and notices to JSON response. Closes #104.
2013-11-19 00:01:06 +08:00
// WARNING and NOTICE in JSON output
// See https://github.com/CartoDB/CartoDB-SQL-API/issues/104
test('notice and warning info in JSON output', function(done){
Step(
function addRaiseFunction() {
var next = this;
assert.response(app, {
url: '/api/v1/sql?' + querystring.stringify({
q: "create or replace function raise(lvl text, msg text) returns void as $$ begin if lvl = 'notice' then raise notice '%', msg; elsif lvl = 'warning' then raise warning '%', msg; else raise exception '%', msg; end if; end; $$ language plpgsql;",
api_key: '1234'
}),
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
},{ }, function(res) {
var err = null;
try {
assert.equal(res.statusCode, 200, res.statusCode + ': ' + res.body);
} catch (e) { err = e; }
next(err);
});
},
function raiseNotice(err) {
if ( err ) throw err;
var next = this;
assert.response(app, {
url: '/api/v1/sql?' + querystring.stringify({
Request that notices are sent to client while testing them See https://travis-ci.org/CartoDB/CartoDB-SQL-API/builds/14146134
2013-11-19 00:09:27 +08:00
q: "SET client_min_messages TO 'notice'; select raise('notice', 'hello notice')"
Add warnings and notices to JSON response. Closes #104.
2013-11-19 00:01:06 +08:00
}),
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
},{}, function(res) {
var err = null;
try {
assert.equal(res.statusCode, 200, res.body);
var parsedBody = JSON.parse(res.body);
assert.ok(parsedBody.hasOwnProperty('notices'), 'Missing notices from result');
assert.equal(parsedBody.notices.length, 1);
assert.equal(parsedBody.notices[0], 'hello notice');
} catch (e) { err = e; }
next(err);
});
},
function raiseWarning(err) {
if ( err ) throw err;
var next = this;
assert.response(app, {
url: '/api/v1/sql?' + querystring.stringify({
Request that notices are sent to client while testing them See https://travis-ci.org/CartoDB/CartoDB-SQL-API/builds/14146134
2013-11-19 00:09:27 +08:00
q: "SET client_min_messages TO 'notice'; select raise('warning', 'hello warning')"
Add warnings and notices to JSON response. Closes #104.
2013-11-19 00:01:06 +08:00
}),
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
},{}, function(res) {
var err = null;
try {
assert.equal(res.statusCode, 200, res.body);
var parsedBody = JSON.parse(res.body);
assert.ok(parsedBody.hasOwnProperty('warnings'), 'Missing warnings from result');
assert.equal(parsedBody.warnings.length, 1);
assert.equal(parsedBody.warnings[0], 'hello warning');
} catch (e) { err = e; }
next(err);
});
},
function raiseBothWarningAndNotice(err) {
if ( err ) throw err;
var next = this;
assert.response(app, {
url: '/api/v1/sql?' + querystring.stringify({
Request that notices are sent to client while testing them See https://travis-ci.org/CartoDB/CartoDB-SQL-API/builds/14146134
2013-11-19 00:09:27 +08:00
q: "SET client_min_messages TO 'notice'; select raise('warning', 'hello again warning'), raise('notice', 'hello again notice');"
Add warnings and notices to JSON response. Closes #104.
2013-11-19 00:01:06 +08:00
}),
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
},{}, function(res) {
var err = null;
try {
assert.equal(res.statusCode, 200, res.body);
var parsedBody = JSON.parse(res.body);
assert.ok(parsedBody.hasOwnProperty('warnings'), 'Missing warnings from result');
assert.equal(parsedBody.warnings.length, 1);
assert.equal(parsedBody.warnings[0], 'hello again warning');
assert.ok(parsedBody.hasOwnProperty('notices'), 'Missing notices from result');
assert.equal(parsedBody.notices.length, 1);
assert.equal(parsedBody.notices[0], 'hello again notice');
} catch (e) { err = e; }
next(err);
});
},
function delRaiseFunction(err) {
var next = this;
assert.response(app, {
url: '/api/v1/sql?' + querystring.stringify({
q: "DROP function raise(text, text)",
api_key: '1234'
}),
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
},{ }, function(res) {
try {
assert.equal(res.statusCode, 200, res.body);
var parsedBody = JSON.parse(res.body);
} catch (e) { err = new Error(err + ',' + e); }
next(err);
});
},
function finish(err) {
done(err);
}
);
});
Add "fields" member in JSON return. Closes #97
2013-06-15 00:35:04 +08:00
added the needed headers for CORS
2012-11-01 20:16:46 +08:00
/**
* CORS
*/
test('GET /api/v1/sql with SQL parameter on SELECT only should return CORS headers ', function(done){
assert.response(app, {
url: '/api/v1/sql?q=SELECT%20*%20FROM%20untitle_table_4&database=cartodb_test_user_1_db',
Changes authentication to start using public user if it is defined in redis.
2014-07-04 22:47:59 +08:00
headers: {host: 'vizzuality.cartodb.com'},
added the needed headers for CORS
2012-11-01 20:16:46 +08:00
method: 'GET'
},{ }, function(res) {
assert.equal(res.statusCode, 200, res.body);
// Check cache headers
Updates CDB_QueryTables to match the one from the extension. Fixes some tests to show the schema presence. Skip some tests that we need to review because with the current implementation of CDB_QueryTables dont make sense. CDB_QueryTables should be used from the extension as a dependency.
2014-06-26 17:22:40 +08:00
assert.equal(res.headers['x-cache-channel'], 'cartodb_test_user_1_db:public.untitle_table_4');
added the needed headers for CORS
2012-11-01 20:16:46 +08:00
assert.equal(res.headers['cache-control'], expected_cache_control);
assert.equal(res.headers['access-control-allow-origin'], '*');
assert.equal(res.headers['access-control-allow-headers'], "X-Requested-With, X-Prototype-Version, X-CSRF-Token");
done();
});
});
Adds test to cover jsonp callbacks wrapped responses
2014-07-31 02:01:43 +08:00
test('GET with callback param returns wrapped result set with callback as jsonp', function(done) {
assert.response(app, {
url: '/api/v1/sql?q=SELECT%20*%20FROM%20untitle_table_4&callback=foo_jsonp',
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
},{ }, function(res) {
assert.equal(res.statusCode, 200, res.body);
assert.ok(res.body.match(/foo\_jsonp\(.*\)/));
done();
});
});
Callback requests send 200 status error even if the query failed
2014-08-04 21:56:43 +08:00
test('GET with callback must return 200 status error even if it is an error', function(done){
assert.response(app, {
url: "/api/v1/sql?q=DROP%20TABLE%20untitle_table_4&callback=foo_jsonp",
headers: {host: 'vizzuality.cartodb.com'},
method: 'GET'
},{}, function(res) {
assert.equal(res.statusCode, 200, res.statusCode + ': ' + res.body);
CDB-3255 More secure test
2014-08-05 06:57:09 +08:00
var didRunJsonCallback = false;
Callback requests send 200 status error even if the query failed
2014-08-04 21:56:43 +08:00
function foo_jsonp(body) {
assert.deepEqual(body, {"error":["must be owner of relation untitle_table_4"]});
CDB-3255 More secure test
2014-08-05 06:57:09 +08:00
didRunJsonCallback = true;
Callback requests send 200 status error even if the query failed
2014-08-04 21:56:43 +08:00
}
eval(res.body);
CDB-3255 More secure test
2014-08-05 06:57:09 +08:00
assert.ok(didRunJsonCallback);
Callback requests send 200 status error even if the query failed
2014-08-04 21:56:43 +08:00
done();
});
});
Port tests to mocha. Closes #35.
2012-07-13 04:54:12 +08:00
});
Reference in New Issue Copy Permalink