fix api key tests

app/controllers/app.js

@@ -65,7 +65,7 @@ function handleQuery(req, res){
 
     try {
         if (!_.isString(sql)) throw new Error("You must indicate a sql query");
-        var pg, explain_result;
+        var pg;
 
         // 1. Get database from redis via the username stored in the host header subdomain
         // 2. Run the request through OAuth to get R/W user id if signed
@@ -79,6 +79,7 @@ function handleQuery(req, res){
             function setDBGetUser(err, data) {
                 if (err) throw err;
                 database = (data == "" || _.isNull(data)) ? database : data;
+
                 if(api_key) {
                     ApiKeyAuth.verifyRequest(req, this);
                 } else {

test/acceptance/app.auth.test.js

@@ -8,9 +8,9 @@ var app    = require(global.settings.app_root + '/app/controllers/app')
 tests['valid api key should allow insert in protected tables'] = function(){
     assert.response(app, {
         // view prepare_db.sh to see where to set api_key
-        url: "/api/v1/sql?api_key=1234&q=INSERT%20INTO%20private_table%20(name)%20VALUES%20('test')&database=cartodb_dev_user_1_db",
+        url: "/api/v1/sql?api_key=1234&q=INSERT%20INTO%20private_table%20(name)%20VALUES%20('test')",
 
-        headers: {host: 'vizzuality.cartodb.com' },
+        headers: {host: 'vizzuality.localhost.lan:8080' },
         method: 'GET'
     },{
         status: 200
@@ -20,7 +20,7 @@ tests['valid api key should allow insert in protected tables'] = function(){
 tests['invalid api key should NOT allow insert in protected tables'] = function(){
     assert.response(app, {
         // view prepare_db.sh to see where to set api_key
-        url: "/api/v1/sql?api_key=RAMBO&q=INSERT%20INTO%20private_table%20(name)%20VALUES%20('test')&database=cartodb_dev_user_1_db",
+        url: "/api/v1/sql?api_key=RAMBO&q=INSERT%20INTO%20private_table%20(name)%20VALUES%20('test')",
 
         headers: {host: 'vizzuality.cartodb.com' },
         method: 'GET'

test/test.sql

@@ -7,7 +7,7 @@
 -- > createdb -Upostgres -hlocalhost -Ttemplate_postgis -Opostgres -EUTF8 cartodb_test_user_1_db
 -- > psql -Upostgres -hlocalhost cartodb_test_user_1_db < test.sql
 --
--- NOTE: requires a postgis template called template_postgis
+-- NOTE: requires a postgis template called template_postgis with CDB functions included
 --
 
 SET statement_timeout = 0;
@@ -21,7 +21,32 @@ SET default_tablespace = '';
 SET default_with_oids = false;
 
 
+-- Return an array of table names used by a given query
+CREATE OR REPLACE FUNCTION CDB_QueryTables(query text)
+RETURNS name[]
+AS $$
+DECLARE
+  exp XML;
+  tables NAME[];
+BEGIN
+
+  EXECUTE 'EXPLAIN (FORMAT XML) ' || query INTO STRICT exp;
+
+  -- Now need to extract all values of <Relation-Name>
+
+  --RAISE DEBUG 'Explain: %', exp;
+
+  tables := xpath('//x:Relation-Name/text()', exp, ARRAY[ARRAY['x', 'http://www.postgresql.org/2009/explain']]);
+
+  --RAISE DEBUG 'Tables: %', tables;
+
+  return tables;
+END
+$$ LANGUAGE 'plpgsql' VOLATILE STRICT;
+
+
 -- first table
+DROP TABLE IF EXISTS untitle_table_4;
 CREATE TABLE untitle_table_4 (
     updated_at timestamp without time zone DEFAULT now(),
     created_at timestamp without time zone DEFAULT now(),
@@ -62,6 +87,7 @@ ALTER TABLE ONLY untitle_table_4 ADD CONSTRAINT test_table_pkey PRIMARY KEY (car
 CREATE INDEX test_table_the_geom_idx ON untitle_table_4 USING gist (the_geom);
 CREATE INDEX test_table_the_geom_webmercator_idx ON untitle_table_4 USING gist (the_geom_webmercator);
 
+DROP TABLE IF EXISTS private_table;
 CREATE TABLE private_table (
     updated_at timestamp without time zone DEFAULT now(),
     created_at timestamp without time zone DEFAULT now(),