CartoDB-SQL-API/test/acceptance/app.auth.test.js
Sandro Santilli 6c47537f47 Honour the 'node_socket_timeout' configuration directive
Closes #128
Includes testcase, which required enhancing assert.response to
handle errors.
Changes app controller to a function that only reads configuration
when executed (rather than when only require'd).
2014-01-31 10:58:19 +01:00

72 lines
2.3 KiB
JavaScript

require('../helper');
require('../support/assert');
var app = require(global.settings.app_root + '/app/controllers/app')()
, assert = require('assert')
, tests = module.exports = {}
, querystring = require('querystring');
suite('app.auth', function() {
test('valid api key should allow insert in protected tables', function(done){
assert.response(app, {
// view prepare_db.sh to see where to set api_key
url: "/api/v1/sql?api_key=1234&q=INSERT%20INTO%20private_table%20(name)%20VALUES%20('app_auth_test1')",
headers: {host: 'vizzuality.localhost.lan:8080' },
method: 'GET'
},{}, function(res) {
assert.equal(res.statusCode, 200, res.body);
done();
});
});
test('invalid api key should NOT allow insert in protected tables', function(done){
assert.response(app, {
// view prepare_db.sh to see where to set api_key
url: "/api/v1/sql?api_key=RAMBO&q=INSERT%20INTO%20private_table%20(name)%20VALUES%20('RAMBO')",
headers: {host: 'vizzuality.cartodb.com' },
method: 'GET'
},{
status: 400
}, function() { done(); });
});
test('invalid api key (old redis location) should NOT allow insert in protected tables', function(done){
assert.response(app, {
// view prepare_db.sh to see where to set api_key
url: "/api/v1/sql?api_key=1235&q=INSERT%20INTO%20private_table%20(name)%20VALUES%20('RAMBO')",
headers: {host: 'vizzuality.cartodb.com' },
method: 'GET'
},{
status: 400
}, function() { done(); });
});
test('no api key should NOT allow insert in protected tables', function(done){
assert.response(app, {
// view prepare_db.sh to see where to set api_key
url: "/api/v1/sql?q=INSERT%20INTO%20private_table%20(name)%20VALUES%20('RAMBO')",
headers: {host: 'vizzuality.cartodb.com' },
method: 'GET'
},{
status: 400
}, function() { done(); });
});
test('no api key should NOT allow insert in public tables', function(done){
assert.response(app, {
// view prepare_db.sh to find public table name and structure
url: "/api/v1/sql?q=INSERT%20INTO%20untitle_table_4%20(name)%20VALUES%20('RAMBO')",
headers: {host: 'vizzuality.cartodb.com' },
method: 'GET'
},{
status: 400
}, function() { done(); });
});
});