cartodb/CartoDB-SQL-API
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix issue with auth fallback, it wasn't authenticated when apikey master was provided

Browse Source
This commit is contained in:
Daniel García Aubert 2018-02-26 18:13:49 +01:00
parent cf0214f5c3
commit 418ec1304f
4 changed files with 29 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/auth/apikey.js
View File

@ -35,7 +35,7 @@ ApikeyAuth.prototype.verifyCredentials = function (options, callback) {
}
// Auth API Fallback
this.metadataBackend.getAllUserDBParams(this.username, function (err, dbParams) {
this.metadataBackend.getAllUserDBParams(this.username, (err, dbParams) => {
if (err) {
err.http_status = 404;
err.message = errorUserNotFoundMessageTemplate(this.username);

28
test/acceptance/auth-api.js
View File

@ -18,7 +18,6 @@ describe('Auth API', function () {
});
});
// TODO: this is obviously a really dangerous sceneario, but in order to not break
// some uses cases (i.e: new carto.js examples) and keep backwards compatiblity we will keep it during some time.
// It should be fixed as soon as possible
@ -65,7 +64,6 @@ describe('Auth API', function () {
});
});
it('should get result from query using the master API key and public dataset', function (done) {
this.testClient = new TestClient({ apiKey: 1234 });
this.testClient.getResult(publicSQL, (err, result) => {
@ -134,6 +132,32 @@ describe('Auth API', function () {
done();
});
});
it('should insert and delete values on scoped datase using the master apikey', function (done) {
this.testClient = new TestClient({ apiKey: 4321, host: 'cartofante.cartodb.com' });
const insertSql = "INSERT INTO scoped_table_1(name) VALUES('wadus1')";
this.testClient.getResult(insertSql, (err, rows, body) => {
assert.ifError(err);
assert.ok(body.hasOwnProperty('time'));
assert.equal(body.total_rows, 1);
assert.equal(rows.length, 0);
const deleteSql = "DELETE FROM scoped_table_1 WHERE name = 'wadus1'";
this.testClient.getResult(deleteSql, (err, rows, body) => {
assert.ifError(err);
assert.ok(body.hasOwnProperty('time'));
assert.equal(body.total_rows, 1);
assert.equal(rows.length, 0);
done();
});
});
});
});
describe('Batch API', function () {

1
test/support/sql/test.sql
View File

@ -178,6 +178,7 @@ ALTER ROLE regular_2 SET statement_timeout = 2000;
DROP USER IF EXISTS test_cartodb_user_2;
CREATE USER test_cartodb_user_2 WITH PASSWORD 'test_cartodb_user_2_pass';
GRANT ALL ON TABLE scoped_table_1 TO test_cartodb_user_2;
GRANT ALL ON SEQUENCE scoped_table_1_cartodb_id_seq TO test_cartodb_user_2;
-- db owner role
DROP USER IF EXISTS :TESTUSER;

2
test/support/test-client.js
View File

@ -61,7 +61,7 @@ TestClient.prototype.getResult = function(query, override, callback) {
return callback(null, result);
}
return callback(null, result.rows || []);
return callback(null, result.rows || [], result);
}
);
};