Fixes tests related to send 401 status code for unauthorized requests

2014-09-16 23:57:11 +02:00 · 2014-09-16 23:57:11 +02:00 · 386c236760
commit 386c236760
parent 445820ff1a
2 changed files with 46 additions and 63 deletions
--- a/test/acceptance/app.auth.test.js
+++ b/test/acceptance/app.auth.test.js
@ -8,68 +8,51 @@ var app    = require(global.settings.app_root + '/app/controllers/app')()

 suite('app.auth', function() {

-test('valid api key should allow insert in protected tables', function(done){
-    assert.response(app, {
-        // view prepare_db.sh to see where to set api_key
-        url: "/api/v1/sql?api_key=1234&q=INSERT%20INTO%20private_table%20(name)%20VALUES%20('app_auth_test1')",
-        headers: {host: 'vizzuality.localhost.lan:8080' },
-        method: 'GET'
-    },{}, function(res) {
-        assert.equal(res.statusCode, 200, res.body);
-        done();
+    var scenarios = [
+        {
+            desc: 'valid api key should allow insert in protected tables',
+            url: "/api/v1/sql?api_key=1234&q=INSERT%20INTO%20private_table%20(name)%20VALUES%20('app_auth_test1')",
+            statusCode: 200
+        }
+        ,{
+            desc: 'invalid api key should NOT allow insert in protected tables',
+            url: "/api/v1/sql?api_key=RAMBO&q=INSERT%20INTO%20private_table%20(name)%20VALUES%20('RAMBO')",
+            statusCode: 401
+        }
+        ,{
+            desc: 'invalid api key (old redis location) should NOT allow insert in protected tables',
+            url: "/api/v1/sql?api_key=1235&q=INSERT%20INTO%20private_table%20(name)%20VALUES%20('RAMBO')",
+            statusCode: 401
+        }
+        ,{
+            desc: 'no api key should NOT allow insert in protected tables',
+            url: "/api/v1/sql?q=INSERT%20INTO%20private_table%20(name)%20VALUES%20('RAMBO')",
+            statusCode: 401
+        }
+        ,{
+            desc: 'no api key should NOT allow insert in public tables',
+            url: "/api/v1/sql?q=INSERT%20INTO%20untitle_table_4%20(name)%20VALUES%20('RAMBO')",
+            statusCode: 401
+        }
+    ];
+
+    scenarios.forEach(function(scenario) {
+        test(scenario.desc, function(done) {
+            assert.response(app, {
+                    // view prepare_db.sh to find public table name and structure
+                    url: scenario.url,
+                    headers: {
+                        host: 'vizzuality.cartodb.com'
+                    },
+                    method: 'GET'
+                },
+                {},
+                function(res) {
+                    assert.equal(res.statusCode, scenario.statusCode, res.statusCode + ': ' + res.body);
+                    done();
+                }
+            );
+        });
    });
-});
-
-test('invalid api key should NOT allow insert in protected tables', function(done){
-    assert.response(app, {
-        // view prepare_db.sh to see where to set api_key
-        url: "/api/v1/sql?api_key=RAMBO&q=INSERT%20INTO%20private_table%20(name)%20VALUES%20('RAMBO')",
-
-        headers: {host: 'vizzuality.cartodb.com' },
-        method: 'GET'
-    },{}, function(res) {
-        assert.equal(res.statusCode, 400, res.statusCode + ': ' + res.body);
-        done();
-    });
-});
-
-test('invalid api key (old redis location) should NOT allow insert in protected tables', function(done){
-    assert.response(app, {
-        // view prepare_db.sh to see where to set api_key
-        url: "/api/v1/sql?api_key=1235&q=INSERT%20INTO%20private_table%20(name)%20VALUES%20('RAMBO')",
-
-        headers: {host: 'vizzuality.cartodb.com' },
-        method: 'GET'
-    },{}, function(res) {
-        assert.equal(res.statusCode, 400, res.statusCode + ': ' + res.body);
-        done();
-    });
-});
-
-test('no api key should NOT allow insert in protected tables', function(done){
-    assert.response(app, {
-        // view prepare_db.sh to see where to set api_key
-        url: "/api/v1/sql?q=INSERT%20INTO%20private_table%20(name)%20VALUES%20('RAMBO')",
-
-        headers: {host: 'vizzuality.cartodb.com' },
-        method: 'GET'
-    },{}, function(res) {
-        assert.equal(res.statusCode, 400, res.statusCode + ': ' + res.body);
-        done();
-    });
-});
-
-test('no api key should NOT allow insert in public tables', function(done){
-    assert.response(app, {
-        // view prepare_db.sh to find public table name and structure
-        url: "/api/v1/sql?q=INSERT%20INTO%20untitle_table_4%20(name)%20VALUES%20('RAMBO')",
-
-        headers: {host: 'vizzuality.cartodb.com' },
-        method: 'GET'
-    },{}, function(res) {
-        assert.equal(res.statusCode, 400, res.statusCode + ': ' + res.body);
-        done();
-    });
-});

 });
--- a/test/acceptance/app.test.js
+++ b/test/acceptance/app.test.js
@ -340,7 +340,7 @@ test('GET /api/v1/sql with INSERT. oAuth not used, so public user - should fail'
        method: 'GET'
    },{
    }, function(res) {
-        assert.equal(res.statusCode, 400, res.statusCode + ': ' + res.body);
+        assert.equal(res.statusCode, 401, res.statusCode + ': ' + res.body);
        assert.deepEqual(res.headers['content-type'], 'application/json; charset=utf-8');
        assert.deepEqual(res.headers['content-disposition'], 'inline');
        assert.deepEqual(JSON.parse(res.body),