2011-12-27 02:16:41 +08:00
|
|
|
require('../helper');
|
2012-07-13 04:54:12 +08:00
|
|
|
require('../support/assert');
|
2011-12-27 02:16:41 +08:00
|
|
|
|
|
|
|
|
var app = require(global.settings.app_root + '/app/controllers/app')
|
|
|
|
|
, assert = require('assert')
|
|
|
|
|
, tests = module.exports = {}
|
|
|
|
|
, querystring = require('querystring');
|
|
|
|
|
|
2012-07-13 04:54:12 +08:00
|
|
|
suite('app.auth', function() {
|
|
|
|
|
|
|
|
|
|
test('valid api key should allow insert in protected tables', function(done){
|
2011-12-27 02:16:41 +08:00
|
|
|
assert.response(app, {
|
|
|
|
|
// view prepare_db.sh to see where to set api_key
|
2012-05-08 22:25:19 +08:00
|
|
|
url: "/api/v1/sql?api_key=1234&q=INSERT%20INTO%20private_table%20(name)%20VALUES%20('test')",
|
2011-12-27 02:16:41 +08:00
|
|
|
|
2012-05-08 22:25:19 +08:00
|
|
|
headers: {host: 'vizzuality.localhost.lan:8080' },
|
2011-12-27 02:16:41 +08:00
|
|
|
method: 'GET'
|
2012-07-13 04:09:14 +08:00
|
|
|
},{}, function(res) {
|
|
|
|
|
assert.equal(res.statusCode, 200, res.body);
|
2012-07-16 19:41:44 +08:00
|
|
|
done();
|
|
|
|
|
});
|
2012-07-13 04:54:12 +08:00
|
|
|
});
|
2011-12-27 02:16:41 +08:00
|
|
|
|
2012-07-13 04:54:12 +08:00
|
|
|
test('invalid api key should NOT allow insert in protected tables', function(done){
|
2011-12-27 02:16:41 +08:00
|
|
|
assert.response(app, {
|
|
|
|
|
// view prepare_db.sh to see where to set api_key
|
2012-07-13 04:09:14 +08:00
|
|
|
url: "/api/v1/sql?api_key=RAMBO&q=INSERT%20INTO%20private_table%20(name)%20VALUES%20('RAMBO')",
|
2011-12-27 02:16:41 +08:00
|
|
|
|
|
|
|
|
headers: {host: 'vizzuality.cartodb.com' },
|
|
|
|
|
method: 'GET'
|
|
|
|
|
},{
|
|
|
|
|
status: 400
|
2012-07-13 04:54:12 +08:00
|
|
|
}, function() { done(); });
|
|
|
|
|
});
|
2011-12-27 02:16:41 +08:00
|
|
|
|
2012-08-02 18:18:54 +08:00
|
|
|
test('invalid api key (old redis location) should NOT allow insert in protected tables', function(done){
|
|
|
|
|
assert.response(app, {
|
|
|
|
|
// view prepare_db.sh to see where to set api_key
|
|
|
|
|
url: "/api/v1/sql?api_key=1235&q=INSERT%20INTO%20private_table%20(name)%20VALUES%20('RAMBO')",
|
|
|
|
|
|
|
|
|
|
headers: {host: 'vizzuality.cartodb.com' },
|
|
|
|
|
method: 'GET'
|
|
|
|
|
},{
|
|
|
|
|
status: 400
|
|
|
|
|
}, function() { done(); });
|
|
|
|
|
});
|
2011-12-27 02:16:41 +08:00
|
|
|
|
2012-09-17 17:11:10 +08:00
|
|
|
test('no api key should NOT allow insert in protected tables', function(done){
|
|
|
|
|
assert.response(app, {
|
|
|
|
|
// view prepare_db.sh to see where to set api_key
|
|
|
|
|
url: "/api/v1/sql?q=INSERT%20INTO%20private_table%20(name)%20VALUES%20('RAMBO')",
|
|
|
|
|
|
|
|
|
|
headers: {host: 'vizzuality.cartodb.com' },
|
|
|
|
|
method: 'GET'
|
|
|
|
|
},{
|
|
|
|
|
status: 400
|
|
|
|
|
}, function() { done(); });
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('no api key should NOT allow insert in public tables', function(done){
|
|
|
|
|
assert.response(app, {
|
|
|
|
|
// view prepare_db.sh to find public table name and structure
|
|
|
|
|
url: "/api/v1/sql?q=INSERT%20INTO%20untitle_table_4%20(name)%20VALUES%20('RAMBO')",
|
|
|
|
|
|
|
|
|
|
headers: {host: 'vizzuality.cartodb.com' },
|
|
|
|
|
method: 'GET'
|
|
|
|
|
},{
|
|
|
|
|
status: 400
|
|
|
|
|
}, function() { done(); });
|
|
|
|
|
});
|
|
|
|
|
|
2012-07-13 04:54:12 +08:00
|
|
|
});
|
