From bb08f4f98238dc81abfbf2ca641a3565e57849f0 Mon Sep 17 00:00:00 2001
From: Simon Tokumine <simon@japancentre.com>
Date: Wed, 17 Aug 2011 18:42:19 +0100
Subject: [PATCH] further fixes for public

---
 app/controllers/app.js      | 10 ++++------
 app/models/oauth.js         | 10 +++++-----
 test/acceptance/app.test.js | 34 +++++++++++++++++-----------------
 test/unit/oauth.test.js     | 18 ++++++++++--------
 4 files changed, 36 insertions(+), 36 deletions(-)

diff --git a/app/controllers/app.js b/app/controllers/app.js
index efcfd092..4353bf98 100755
--- a/app/controllers/app.js
+++ b/app/controllers/app.js
@@ -30,14 +30,12 @@ var express= require('express')
 // NOTE: private queries can only be ran on databases the oAuth key gives access to.
 app.get('/api/v1/', function(req, res){
 
-  console.log(req)
-
   //sanitize input
   var sql       = req.query.sql;
   var database  = req.query.database;
   var limit     = parseInt(req.query.rows_per_page);
   var offset    = parseInt(req.query.page);
-   
+  var that      = this;
   sql       = (sql == "")      ? null : sql;
   database  = (database == "") ? null : database;  
   limit     = (_.isNumber(limit))  ? limit : null;  
@@ -54,7 +52,7 @@ app.get('/api/v1/', function(req, res){
         oAuth.verifyRequest(req, this);        
       },
       function querySql(err, user_id){
-        if (err) throw err;
+        if (err.message !== 'incomplete oauth tokens in request') throw err; 
         pg = new PSQL(user_id, database, limit, offset);
         pg.query(sql, this);
       },
@@ -65,8 +63,8 @@ app.get('/api/v1/', function(req, res){
                   'total_rows': result.rows.length, 
                   'rows'      : result.rows});
       },
-      function exceptionHandle(err, result){
-        handleException(err, res);      
+      function errorHandle(err, result){
+        handleException(err, res);
       }
     );  
   } catch (err) {
diff --git a/app/models/oauth.js b/app/models/oauth.js
index eb0040ec..fd2b4923 100644
--- a/app/models/oauth.js
+++ b/app/models/oauth.js
@@ -28,7 +28,7 @@ var oAuth = function(){
 
     // pull only oauth tokens out of query                   
     var non_oauth  = _.difference(_.keys(query_oauth), oauth_variables);    
-    _.each(non_oauth, function(key){ delete query[key]; });        
+    _.each(non_oauth, function(key){ delete query_oauth[key]; });        
 
     // pull oauth tokens out of header
     var header_string = req.headers.authorization;
@@ -42,8 +42,8 @@ var oAuth = function(){
          
     //merge header and query oauth tokens. preference given to header oauth
     var oauth = _.defaults(header_oauth, query_oauth);
-    if (_.keys(oauth).length !== oauth_variables.length) {
-      throw Error('incomplete oauth tokens in request');
+    if (_.keys(oauth).length !== oauth_variables.length) {      
+      throw new Error('incomplete oauth tokens in request');
     } else {
       return oauth;
     }    
@@ -136,8 +136,8 @@ var oAuth = function(){
         
       	return signer.sign(method, path, joined);
       },
-      function checkSignature(err, data){        
-        if (err) callback(err, null);
+      function checkSignature(err, data){  
+        if (err) throw err;                
         callback(err, (signature === data && !_.isUndefined(data)) ? ohash.user_id : null);
       }
     );
diff --git a/test/acceptance/app.test.js b/test/acceptance/app.test.js
index d096c5d6..726819f9 100644
--- a/test/acceptance/app.test.js
+++ b/test/acceptance/app.test.js
@@ -27,23 +27,23 @@ module.exports = {
           status: 200
         });
       },
-  'GET /api/v1/ with SQL parameter on SELECT only. oAuth used ': function(){
-    assert.response(app, {
-      headers: {}
-      url: '/api/v1/?sql=SELECT%20*%20FROM%20test_table&oauth_token=1',
-      method: 'GET'
-    },{
-      status: 200
-    });
-  },
-  'GET /api/v1/ with SQL parameter on INSERT only. oAuth used ': function(){
-    assert.response(app, {
-      url: "/api/v1/?sql=INSERT%20INTO%20test_table%20(id)%20VALUES%20(1)&oauth_token=1",
-      method: 'GET'
-    },{
-      status: 200
-    });
-  },
+  // 'GET /api/v1/ with SQL parameter on SELECT only. oAuth used ': function(){
+  //   assert.response(app, {
+  //     headers: {}
+  //     url: '/api/v1/?sql=SELECT%20*%20FROM%20test_table&oauth_token=1',
+  //     method: 'GET'
+  //   },{
+  //     status: 200
+  //   });
+  // },
+  // 'GET /api/v1/ with SQL parameter on INSERT only. oAuth used ': function(){
+  //   assert.response(app, {
+  //     url: "/api/v1/?sql=INSERT%20INTO%20test_table%20(id)%20VALUES%20(1)&oauth_token=1",
+  //     method: 'GET'
+  //   },{
+  //     status: 200
+  //   });
+  // },
   'GET /api/v1/ with SQL parameter on INSERT only. oAuth not used, so public user - should fail': function(){
     assert.response(app, {
       url: "/api/v1/?sql=INSERT%20INTO%20test_table%20(id)%20VALUES%20(1)&database=cartodb_test_user_1_db",
diff --git a/test/unit/oauth.test.js b/test/unit/oauth.test.js
index c43223f4..8bef91fd 100644
--- a/test/unit/oauth.test.js
+++ b/test/unit/oauth.test.js
@@ -200,13 +200,15 @@ tests['returns null user for unverified signatures'] = function(){
 }
 
 tests['returns null user for no oauth'] = function(){
-  var req = {query:{}, 
-         method: 'GET',
-         route: {path: '/api/v1/tables'}
-         }
-         
-  oAuth.verifyRequest(req, function(err, data){
-    assert.eql(data, null);
-  }, true)             
+  var req = {
+             query:{}, 
+             headers:{},
+             method: 'GET',
+             route: {path: '/api/v1/tables'}
+            }
+  
+  assert.throws(function(){
+    oAuth.verifyRequest(req, function(err, data){}, true);    
+  }, /incomplete oauth tokens in request/)       
 }