CartoDB-SQL-API/test/acceptance/app.test.js

require('../helper');

// Requires the database and tables setup in config/environments/test.js to exist
// Ensure the user is present in the pgbouncer auth file too

var app    = require(global.settings.app_root + '/app/controllers/app')
  , assert = require('assert');

module.exports = {
  'GET /api/v1/': function(){
    assert.response(app, {
        url: '/api/v1/',
        method: 'GET'
    },{
        body: '{"error":["You must indicate a sql query"]}',
        status: 400
    });
  },
  'GET /api/v1/ with SQL parameter on SELECT only. No oAuth included ': function(){
    assert.response(app, {
      url: '/api/v1/?sql=SELECT%20*%20FROM%20test_table&database=cartodb_test_user_1_db',
      method: 'GET'
    },{
      status: 200
    });
  },
  'GET /api/v1/ with SQL parameter on SELECT only. oAuth used ': function(){
    assert.response(app, {
      url: '/api/v1/?sql=SELECT%20*%20FROM%20test_table&oauth_token=1',
      method: 'GET'
    },{
      status: 200
    });
  },
  'GET /api/v1/ with SQL parameter on INSERT only. oAuth used ': function(){
    assert.response(app, {
      url: "/api/v1/?sql=INSERT%20INTO%20test_table%20(id)%20VALUES%20(1)&oauth_token=1",
      method: 'GET'
    },{
      status: 200
    });
  },
  'GET /api/v1/ with SQL parameter on INSERT only. oAuth not used, so public user - should fail': function(){
    assert.response(app, {
      url: "/api/v1/?sql=INSERT%20INTO%20test_table%20(id)%20VALUES%20(1)&database=cartodb_test_user_1_db",
      method: 'GET'
    },{
      status: 400
    });
  },
  'GET /api/v1/ with SQL parameter on DROP DATABASE nly. oAuth not used, so public user - should fail': function(){
    assert.response(app, {
      url: "/api/v1/?sql=DROP%20TABLE%20cartodb_test_user_1_db&database=cartodb_test_user_1_db",
      method: 'GET'
    },{
      status: 400
    });
  }

};
first draft, tidied, unit tests, modules, refactor, environments, see TODO for next steps" 2011-06-13 11:23:02 +08:00			`require('../helper');`

oauth 2011-06-20 21:39:12 +08:00			`// Requires the database and tables setup in config/environments/test.js to exist`
			`// Ensure the user is present in the pgbouncer auth file too`

first draft, tidied, unit tests, modules, refactor, environments, see TODO for next steps" 2011-06-13 11:23:02 +08:00			`var app = require(global.settings.app_root + '/app/controllers/app')`
First version of the API server with some TODOs to solve 2011-06-10 00:34:02 +08:00			`, assert = require('assert');`

			`module.exports = {`
Change request path from /v1 to /api/v1 2011-07-04 23:28:39 +08:00			`'GET /api/v1/': function(){`
First version of the API server with some TODOs to solve 2011-06-10 00:34:02 +08:00			`assert.response(app, {`
Change request path from /v1 to /api/v1 2011-07-04 23:28:39 +08:00			`url: '/api/v1/',`
First version of the API server with some TODOs to solve 2011-06-10 00:34:02 +08:00			`method: 'GET'`
			`},{`
			`body: '{"error":["You must indicate a sql query"]}',`
			`status: 400`
			`});`
oauth 2011-06-20 21:39:12 +08:00			`},`
Change request path from /v1 to /api/v1 2011-07-04 23:28:39 +08:00			`'GET /api/v1/ with SQL parameter on SELECT only. No oAuth included ': function(){`
oauth 2011-06-20 21:39:12 +08:00			`assert.response(app, {`
Change request path from /v1 to /api/v1 2011-07-04 23:28:39 +08:00			`url: '/api/v1/?sql=SELECT%20*%20FROM%20test_table&database=cartodb_test_user_1_db',`
oauth 2011-06-20 21:39:12 +08:00			`method: 'GET'`
			`},{`
			`status: 200`
			`});`
			`},`
Change request path from /v1 to /api/v1 2011-07-04 23:28:39 +08:00			`'GET /api/v1/ with SQL parameter on SELECT only. oAuth used ': function(){`
oauth 2011-06-20 21:39:12 +08:00			`assert.response(app, {`
Change request path from /v1 to /api/v1 2011-07-04 23:28:39 +08:00			`url: '/api/v1/?sql=SELECT%20*%20FROM%20test_table&oauth_token=1',`
oauth 2011-06-20 21:39:12 +08:00			`method: 'GET'`
			`},{`
			`status: 200`
			`});`
			`},`
Change request path from /v1 to /api/v1 2011-07-04 23:28:39 +08:00			`'GET /api/v1/ with SQL parameter on INSERT only. oAuth used ': function(){`
oauth 2011-06-20 21:39:12 +08:00			`assert.response(app, {`
Change request path from /v1 to /api/v1 2011-07-04 23:28:39 +08:00			`url: "/api/v1/?sql=INSERT%20INTO%20test_table%20(id)%20VALUES%20(1)&oauth_token=1",`
oauth 2011-06-20 21:39:12 +08:00			`method: 'GET'`
			`},{`
			`status: 200`
			`});`
added public user shouldn't insert test 2011-06-21 00:03:29 +08:00			`},`
Change request path from /v1 to /api/v1 2011-07-04 23:28:39 +08:00			`'GET /api/v1/ with SQL parameter on INSERT only. oAuth not used, so public user - should fail': function(){`
added public user shouldn't insert test 2011-06-21 00:03:29 +08:00			`assert.response(app, {`
Change request path from /v1 to /api/v1 2011-07-04 23:28:39 +08:00			`url: "/api/v1/?sql=INSERT%20INTO%20test_table%20(id)%20VALUES%20(1)&database=cartodb_test_user_1_db",`
added public user shouldn't insert test 2011-06-21 00:03:29 +08:00			`method: 'GET'`
			`},{`
			`status: 400`
			`});`
added dangerous test 2011-06-21 00:22:46 +08:00			`},`
Change request path from /v1 to /api/v1 2011-07-04 23:28:39 +08:00			`'GET /api/v1/ with SQL parameter on DROP DATABASE nly. oAuth not used, so public user - should fail': function(){`
added dangerous test 2011-06-21 00:22:46 +08:00			`assert.response(app, {`
Change request path from /v1 to /api/v1 2011-07-04 23:28:39 +08:00			`url: "/api/v1/?sql=DROP%20TABLE%20cartodb_test_user_1_db&database=cartodb_test_user_1_db",`
added dangerous test 2011-06-21 00:22:46 +08:00			`method: 'GET'`
			`},{`
			`status: 400`
			`});`
oauth 2011-06-20 21:39:12 +08:00			`}`
added dangerous test 2011-06-21 00:22:46 +08:00
first draft, tidied, unit tests, modules, refactor, environments, see TODO for next steps" 2011-06-13 11:23:02 +08:00			`};`