CartoDB-SQL-API/test/acceptance/app-auth-test.js

66 lines
2.3 KiB
JavaScript
Raw Normal View History

2018-10-24 21:42:33 +08:00
'use strict';
2011-12-27 02:16:41 +08:00
require('../helper');
var server = require('../../lib/server')();
2015-05-13 17:21:44 +08:00
var assert = require('../support/assert');
2011-12-27 02:16:41 +08:00
2019-12-24 01:19:08 +08:00
describe('app.auth', function () {
var scenarios = [
2018-05-30 19:28:50 +08:00
{
desc: 'no api key should fallback to default api key',
2019-12-24 01:19:08 +08:00
url: '/api/v1/sql?q=SELECT%20*%20FROM%20untitle_table_4',
2018-05-30 19:28:50 +08:00
statusCode: 200
},
{
desc: 'invalid api key should return 401',
2019-12-24 01:19:08 +08:00
url: '/api/v1/sql?api_key=THIS_API_KEY_NOT_EXIST&q=SELECT%20*%20FROM%20untitle_table_4',
2018-05-30 19:28:50 +08:00
statusCode: 401
},
{
desc: 'valid api key should allow insert in protected tables',
url: "/api/v1/sql?api_key=1234&q=INSERT%20INTO%20private_table%20(name)%20VALUES%20('app_auth_test1')",
statusCode: 200
2015-05-13 17:21:44 +08:00
},
{
desc: 'valid api key should allow delete in protected tables',
url: "/api/v1/sql?api_key=1234&q=DELETE%20FROM%20private_table%20WHERE%20name%3d'app_auth_test1'",
statusCode: 200
2015-05-13 17:21:44 +08:00
},
{
desc: 'invalid api key should NOT allow insert in protected tables',
url: "/api/v1/sql?api_key=THIS_API_KEY_NOT_EXIST&q=INSERT%20INTO%20private_table%20(name)%20VALUES%20('R')",
statusCode: 401
2015-05-13 17:21:44 +08:00
},
{
desc: 'no api key should NOT allow insert in protected tables',
url: "/api/v1/sql?q=INSERT%20INTO%20private_table%20(name)%20VALUES%20('RAMBO')",
statusCode: 403
2015-05-13 17:21:44 +08:00
},
{
desc: 'no api key should NOT allow insert in public tables',
url: "/api/v1/sql?q=INSERT%20INTO%20untitle_table_4%20(name)%20VALUES%20('RAMBO')",
statusCode: 403
}
];
2019-12-24 01:19:08 +08:00
scenarios.forEach(function (scenario) {
it(scenario.desc, function (done) {
assert.response(server, {
2019-12-24 01:19:08 +08:00
// view prepare_db.sh to find public table name and structure
url: scenario.url,
headers: {
host: 'vizzuality.cartodb.com'
},
2019-12-24 01:19:08 +08:00
method: 'GET'
},
{},
function (err, res) {
2019-12-26 21:01:18 +08:00
assert.strictEqual(res.statusCode, scenario.statusCode, res.statusCode + ': ' + res.body);
2019-12-24 01:19:08 +08:00
done();
}
);
});
});
2012-07-13 04:54:12 +08:00
});