65 lines
2.0 KiB
JavaScript
65 lines
2.0 KiB
JavaScript
const assert = require('../support/assert');
|
|
const TestClient = require('../support/test-client');
|
|
|
|
describe('PG entities access validator', function () {
|
|
const forbiddenQueries = [
|
|
'select * from information_schema.tables',
|
|
'select * from pg_catalog.pg_auth_members'
|
|
];
|
|
|
|
const testClientApiKey = new TestClient({ apiKey: 1234 });
|
|
const testClientAuthorized = new TestClient({ authorization: 'vizzuality:regular1' });
|
|
|
|
const expectedResponse = {
|
|
response: {
|
|
status: 403
|
|
}
|
|
};
|
|
|
|
function assertQuery(query, testClient, done) {
|
|
testClient.getResult(query, expectedResponse, (err, result) => {
|
|
assert.ifError(err);
|
|
assert.equal(result.error, 'system tables are forbidden');
|
|
done();
|
|
});
|
|
}
|
|
|
|
describe('validatePGEntitiesAccess enabled', function() {
|
|
before(function(){
|
|
global.settings.validatePGEntitiesAccess = true;
|
|
});
|
|
|
|
forbiddenQueries.forEach(query => {
|
|
it(`testClientApiKey: query: ${query}`, function(done) {
|
|
assertQuery(query, testClientApiKey, done);
|
|
});
|
|
|
|
it(`testClientAuthorized: query: ${query}`, function(done) {
|
|
assertQuery(query, testClientAuthorized, done);
|
|
});
|
|
});
|
|
});
|
|
|
|
describe('validatePGEntitiesAccess disabled', function() {
|
|
before(function(){
|
|
global.settings.validatePGEntitiesAccess = false;
|
|
});
|
|
|
|
forbiddenQueries.forEach(query => {
|
|
it(`testClientApiKey: query: ${query}`, function(done) {
|
|
testClientApiKey.getResult(query, err => {
|
|
assert.ifError(err);
|
|
done();
|
|
});
|
|
});
|
|
|
|
it(`testClientAuthorized: query: ${query}`, function(done) {
|
|
testClientAuthorized.getResult(query, err => {
|
|
assert.ifError(err);
|
|
done();
|
|
});
|
|
});
|
|
});
|
|
});
|
|
});
|