From 418ec1304fb52e95c4182721d6ce0ec189e9033a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Garc=C3=ADa=20Aubert?= Date: Mon, 26 Feb 2018 18:13:49 +0100 Subject: [PATCH] Fix issue with auth fallback, it wasn't authenticated when apikey master was provided --- app/auth/apikey.js | 2 +- test/acceptance/auth-api.js | 28 ++++++++++++++++++++++++++-- test/support/sql/test.sql | 1 + test/support/test-client.js | 2 +- 4 files changed, 29 insertions(+), 4 deletions(-) diff --git a/app/auth/apikey.js b/app/auth/apikey.js index 44745a63..6a094290 100644 --- a/app/auth/apikey.js +++ b/app/auth/apikey.js @@ -35,7 +35,7 @@ ApikeyAuth.prototype.verifyCredentials = function (options, callback) { } // Auth API Fallback - this.metadataBackend.getAllUserDBParams(this.username, function (err, dbParams) { + this.metadataBackend.getAllUserDBParams(this.username, (err, dbParams) => { if (err) { err.http_status = 404; err.message = errorUserNotFoundMessageTemplate(this.username); diff --git a/test/acceptance/auth-api.js b/test/acceptance/auth-api.js index abf119a8..06d34ad8 100644 --- a/test/acceptance/auth-api.js +++ b/test/acceptance/auth-api.js @@ -18,7 +18,6 @@ describe('Auth API', function () { }); }); - // TODO: this is obviously a really dangerous sceneario, but in order to not break // some uses cases (i.e: new carto.js examples) and keep backwards compatiblity we will keep it during some time. // It should be fixed as soon as possible @@ -65,7 +64,6 @@ describe('Auth API', function () { }); }); - it('should get result from query using the master API key and public dataset', function (done) { this.testClient = new TestClient({ apiKey: 1234 }); this.testClient.getResult(publicSQL, (err, result) => { @@ -134,6 +132,32 @@ describe('Auth API', function () { done(); }); }); + + it('should insert and delete values on scoped datase using the master apikey', function (done) { + this.testClient = new TestClient({ apiKey: 4321, host: 'cartofante.cartodb.com' }); + + const insertSql = "INSERT INTO scoped_table_1(name) VALUES('wadus1')"; + + this.testClient.getResult(insertSql, (err, rows, body) => { + assert.ifError(err); + + assert.ok(body.hasOwnProperty('time')); + assert.equal(body.total_rows, 1); + assert.equal(rows.length, 0); + + const deleteSql = "DELETE FROM scoped_table_1 WHERE name = 'wadus1'"; + + this.testClient.getResult(deleteSql, (err, rows, body) => { + assert.ifError(err); + + assert.ok(body.hasOwnProperty('time')); + assert.equal(body.total_rows, 1); + assert.equal(rows.length, 0); + + done(); + }); + }); + }); }); describe('Batch API', function () { diff --git a/test/support/sql/test.sql b/test/support/sql/test.sql index 3dd4baf9..8f8f9316 100644 --- a/test/support/sql/test.sql +++ b/test/support/sql/test.sql @@ -178,6 +178,7 @@ ALTER ROLE regular_2 SET statement_timeout = 2000; DROP USER IF EXISTS test_cartodb_user_2; CREATE USER test_cartodb_user_2 WITH PASSWORD 'test_cartodb_user_2_pass'; GRANT ALL ON TABLE scoped_table_1 TO test_cartodb_user_2; +GRANT ALL ON SEQUENCE scoped_table_1_cartodb_id_seq TO test_cartodb_user_2; -- db owner role DROP USER IF EXISTS :TESTUSER; diff --git a/test/support/test-client.js b/test/support/test-client.js index 863d8226..bd1b163f 100644 --- a/test/support/test-client.js +++ b/test/support/test-client.js @@ -61,7 +61,7 @@ TestClient.prototype.getResult = function(query, override, callback) { return callback(null, result); } - return callback(null, result.rows || []); + return callback(null, result.rows || [], result); } ); };