cartodb/CartoDB-SQL-API
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add a couple of additional tests about forbidden INSERT attempts.

Browse Source 
These are:
 - NO api key used
 - INSERT in public table
Both tests are already passing
This commit is contained in:
Sandro Santilli 2012-09-17 11:11:10 +02:00
parent 167e1e1b51
commit 2d59de1b70
1 changed files with 24 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
test/acceptance/app.auth.test.js
View File

@ -45,4 +45,28 @@ test('invalid api key (old redis location) should NOT allow insert in protected
}, function() { done(); });
});
test('no api key should NOT allow insert in protected tables', function(done){
assert.response(app, {
// view prepare_db.sh to see where to set api_key
url: "/api/v1/sql?q=INSERT%20INTO%20private_table%20(name)%20VALUES%20('RAMBO')",
headers: {host: 'vizzuality.cartodb.com' },
method: 'GET'
},{
status: 400
}, function() { done(); });
});
test('no api key should NOT allow insert in public tables', function(done){
assert.response(app, {
// view prepare_db.sh to find public table name and structure
url: "/api/v1/sql?q=INSERT%20INTO%20untitle_table_4%20(name)%20VALUES%20('RAMBO')",
headers: {host: 'vizzuality.cartodb.com' },
method: 'GET'
},{
status: 400
}, function() { done(); });
});
});