CartoDB-SQL-API/test/acceptance/pg-entities-access-validator-test.js

67 lines
2.0 KiB
JavaScript
Raw Normal View History

2018-10-24 21:42:33 +08:00
'use strict';
2018-04-24 16:10:09 +08:00
const assert = require('../support/assert');
const TestClient = require('../support/test-client');
describe('PG entities access validator', function () {
const forbiddenQueries = [
'select * from information_schema.tables',
'select * from pg_catalog.pg_auth_members'
];
2018-04-24 19:22:15 +08:00
const testClientApiKey = new TestClient({ apiKey: 1234 });
const testClientAuthorized = new TestClient({ authorization: 'vizzuality:regular1' });
2018-04-24 16:10:09 +08:00
2018-04-24 19:22:15 +08:00
const expectedResponse = {
response: {
status: 403
2018-04-24 23:24:13 +08:00
}
2018-04-24 19:22:15 +08:00
};
2019-12-24 01:19:08 +08:00
function assertQuery (query, testClient, done) {
2018-04-24 19:22:15 +08:00
testClient.getResult(query, expectedResponse, (err, result) => {
assert.ifError(err);
2019-12-26 21:01:18 +08:00
assert.deepStrictEqual(result.error, ['system tables are forbidden']);
2018-04-24 19:22:15 +08:00
done();
});
}
2019-12-24 01:19:08 +08:00
describe('validatePGEntitiesAccess enabled', function () {
before(function () {
2018-10-24 21:42:33 +08:00
global.settings.validatePGEntitiesAccess = true;
2018-04-24 19:22:15 +08:00
});
forbiddenQueries.forEach(query => {
2019-12-24 01:19:08 +08:00
it(`testClientApiKey: query: ${query}`, function (done) {
2018-04-24 19:22:15 +08:00
assertQuery(query, testClientApiKey, done);
2018-04-24 16:10:09 +08:00
});
2018-10-24 21:42:33 +08:00
2019-12-24 01:19:08 +08:00
it(`testClientAuthorized: query: ${query}`, function (done) {
2018-04-24 19:22:15 +08:00
assertQuery(query, testClientAuthorized, done);
2018-10-24 21:42:33 +08:00
});
2018-04-24 19:22:15 +08:00
});
});
2018-10-24 21:42:33 +08:00
2019-12-24 01:19:08 +08:00
describe('validatePGEntitiesAccess disabled', function () {
before(function () {
2018-10-24 21:42:33 +08:00
global.settings.validatePGEntitiesAccess = false;
2018-04-24 19:22:15 +08:00
});
2018-10-24 21:42:33 +08:00
2018-04-24 19:22:15 +08:00
forbiddenQueries.forEach(query => {
2019-12-24 01:19:08 +08:00
it(`testClientApiKey: query: ${query}`, function (done) {
2018-04-24 23:24:13 +08:00
testClientApiKey.getResult(query, err => {
assert.ifError(err);
done();
});
2018-04-24 19:22:15 +08:00
});
2018-10-24 21:42:33 +08:00
2019-12-24 01:19:08 +08:00
it(`testClientAuthorized: query: ${query}`, function (done) {
2018-04-24 19:22:15 +08:00
testClientAuthorized.getResult(query, err => {
assert.ifError(err);
done();
});
2018-10-24 21:42:33 +08:00
});
2018-04-24 16:10:09 +08:00
});
});
2018-04-24 21:56:35 +08:00
});