const assert = require('../support/assert'); const TestClient = require('../support/test-client'); describe('PG entities access validator', function () { const forbiddenQueries = [ 'select * from information_schema.tables', 'select * from pg_catalog.pg_auth_members' ]; const testClientApiKey = new TestClient({ apiKey: 1234 }); const testClientAuthorized = new TestClient({ authorization: 'vizzuality:regular1' }); const expectedResponse = { response: { status: 403 } }; function assertQuery(query, testClient, done) { testClient.getResult(query, expectedResponse, (err, result) => { assert.ifError(err); assert.equal(result.error, 'system tables are forbidden'); done(); }); } describe('validatePGEntitiesAccess enabled', function() { before(function(){ global.settings.validatePGEntitiesAccess = true; }); forbiddenQueries.forEach(query => { it(`testClientApiKey: query: ${query}`, function(done) { assertQuery(query, testClientApiKey, done); }); it(`testClientAuthorized: query: ${query}`, function(done) { assertQuery(query, testClientAuthorized, done); }); }); }); describe('validatePGEntitiesAccess disabled', function() { before(function(){ global.settings.validatePGEntitiesAccess = false; }); forbiddenQueries.forEach(query => { it(`testClientApiKey: query: ${query}`, function(done) { testClientApiKey.getResult(query, err => { assert.ifError(err); done(); }); }); it(`testClientAuthorized: query: ${query}`, function(done) { testClientAuthorized.getResult(query, err => { assert.ifError(err); done(); }); }); }); }); });