2018-02-15 00:31:05 +08:00
|
|
|
const assert = require('../../support/assert');
|
|
|
|
const testHelper = require('../../support/test_helper');
|
|
|
|
const CartodbWindshaft = require('../../../lib/cartodb/server');
|
|
|
|
const serverOptions = require('../../../lib/cartodb/server_options');
|
|
|
|
var LayergroupToken = require('../../../lib/cartodb/models/layergroup-token');
|
|
|
|
|
|
|
|
function singleLayergroupConfig(sql, cartocss) {
|
|
|
|
return {
|
|
|
|
version: '1.7.0',
|
|
|
|
layers: [
|
|
|
|
{
|
|
|
|
type: 'mapnik',
|
|
|
|
options: {
|
|
|
|
sql: sql,
|
|
|
|
cartocss: cartocss,
|
|
|
|
cartocss_version: '2.3.0'
|
|
|
|
}
|
|
|
|
}
|
|
|
|
]
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
|
|
|
function createRequest(layergroup, userHost, apiKey) {
|
|
|
|
var url = layergroupUrl;
|
|
|
|
if (apiKey) {
|
|
|
|
url += '?api_key=' + apiKey;
|
|
|
|
}
|
|
|
|
return {
|
|
|
|
url: url,
|
|
|
|
method: 'POST',
|
|
|
|
headers: {
|
|
|
|
host: userHost || 'localhost',
|
|
|
|
'Content-Type': 'application/json'
|
|
|
|
},
|
|
|
|
data: JSON.stringify(layergroup)
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
|
|
|
var layergroupUrl = '/api/v1/map';
|
|
|
|
var pointSqlMaster = "select * from test_table_private_1";
|
|
|
|
var pointSqlPublic = "select * from test_table";
|
|
|
|
var keysToDelete;
|
|
|
|
|
2018-05-07 22:07:28 +08:00
|
|
|
describe('Basic authorization use cases', function () {
|
2018-04-16 22:16:23 +08:00
|
|
|
var server;
|
|
|
|
|
|
|
|
before(function () {
|
|
|
|
server = new CartodbWindshaft(serverOptions);
|
|
|
|
});
|
2018-04-16 20:09:24 +08:00
|
|
|
|
2018-02-15 00:31:05 +08:00
|
|
|
beforeEach(function () {
|
|
|
|
keysToDelete = {};
|
|
|
|
});
|
|
|
|
|
|
|
|
afterEach(function (done) {
|
|
|
|
testHelper.deleteRedisKeys(keysToDelete, done);
|
|
|
|
});
|
|
|
|
|
|
|
|
it("succeed with master", function (done) {
|
|
|
|
var layergroup = singleLayergroupConfig(pointSqlMaster, '#layer { marker-fill:red; }');
|
2018-04-16 20:09:24 +08:00
|
|
|
|
2018-02-15 00:31:05 +08:00
|
|
|
assert.response(server,
|
2018-05-07 21:44:44 +08:00
|
|
|
createRequest(layergroup, 'localhost', '1234'),
|
2018-02-15 00:31:05 +08:00
|
|
|
{
|
|
|
|
status: 200
|
|
|
|
},
|
|
|
|
function (res, err) {
|
|
|
|
assert.ifError(err);
|
|
|
|
|
|
|
|
var parsed = JSON.parse(res.body);
|
|
|
|
assert.ok(parsed.layergroupid);
|
|
|
|
assert.equal(res.headers['x-layergroup-id'], parsed.layergroupid);
|
|
|
|
|
|
|
|
keysToDelete['map_cfg|' + LayergroupToken.parse(parsed.layergroupid).token] = 0;
|
2018-05-07 21:44:44 +08:00
|
|
|
keysToDelete['user:localhost:mapviews:global'] = 5;
|
2018-02-15 00:31:05 +08:00
|
|
|
|
|
|
|
done();
|
|
|
|
}
|
|
|
|
);
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
it("succeed with default - sending default_public", function (done) {
|
|
|
|
var layergroup = singleLayergroupConfig(pointSqlPublic, '#layer { marker-fill:red; }');
|
|
|
|
|
|
|
|
assert.response(server,
|
2018-05-07 21:44:44 +08:00
|
|
|
createRequest(layergroup, 'localhost', 'default_public'),
|
2018-02-15 00:31:05 +08:00
|
|
|
{
|
|
|
|
status: 200
|
|
|
|
},
|
|
|
|
function (res, err) {
|
|
|
|
assert.ifError(err);
|
|
|
|
|
|
|
|
var parsed = JSON.parse(res.body);
|
|
|
|
assert.ok(parsed.layergroupid);
|
|
|
|
assert.equal(res.headers['x-layergroup-id'], parsed.layergroupid);
|
|
|
|
|
|
|
|
keysToDelete['map_cfg|' + LayergroupToken.parse(parsed.layergroupid).token] = 0;
|
2018-05-07 21:44:44 +08:00
|
|
|
keysToDelete['user:localhost:mapviews:global'] = 5;
|
2018-02-15 00:31:05 +08:00
|
|
|
|
|
|
|
done();
|
|
|
|
}
|
|
|
|
);
|
|
|
|
});
|
|
|
|
|
2018-05-07 21:44:44 +08:00
|
|
|
it("fail with non-existent api key", function (done) {
|
2018-02-16 18:20:04 +08:00
|
|
|
var layergroup = singleLayergroupConfig(pointSqlPublic, '#layer { marker-fill:red; }');
|
2018-02-15 00:31:05 +08:00
|
|
|
|
|
|
|
assert.response(server,
|
2018-05-07 21:44:44 +08:00
|
|
|
createRequest(layergroup, 'localhost', 'THIS-API-KEY-DOESNT-EXIST'),
|
2018-02-15 00:31:05 +08:00
|
|
|
{
|
2018-05-07 21:44:44 +08:00
|
|
|
status: 401
|
2018-02-15 00:31:05 +08:00
|
|
|
},
|
|
|
|
function (res, err) {
|
|
|
|
assert.ifError(err);
|
2018-02-16 18:20:04 +08:00
|
|
|
var parsed = JSON.parse(res.body);
|
2018-05-07 21:44:44 +08:00
|
|
|
assert.ok(parsed.hasOwnProperty('errors'));
|
|
|
|
assert.equal(parsed.errors.length, 1);
|
|
|
|
assert.ok(parsed.errors[0].match(/Unauthorized/));
|
2018-02-15 00:31:05 +08:00
|
|
|
done();
|
|
|
|
}
|
|
|
|
);
|
|
|
|
});
|
|
|
|
|
|
|
|
it("fail with default", function (done) {
|
|
|
|
var layergroup = singleLayergroupConfig(pointSqlMaster, '#layer { marker-fill:red; }');
|
|
|
|
|
|
|
|
assert.response(server,
|
2018-05-07 21:44:44 +08:00
|
|
|
createRequest(layergroup, 'localhost', 'default_public'),
|
2018-02-16 18:20:04 +08:00
|
|
|
{
|
|
|
|
status: 403
|
|
|
|
},
|
|
|
|
function (res, err) {
|
|
|
|
assert.ifError(err);
|
|
|
|
|
|
|
|
done();
|
|
|
|
}
|
|
|
|
);
|
|
|
|
});
|
2018-05-08 20:32:44 +08:00
|
|
|
|
2018-05-08 20:41:16 +08:00
|
|
|
describe('No api key provided - fallback to default_public', function () {
|
|
|
|
it("succeed with default - public dataset", function (done) {
|
2018-05-08 20:32:44 +08:00
|
|
|
var layergroup = singleLayergroupConfig(pointSqlPublic, '#layer { marker-fill:red; }');
|
|
|
|
|
|
|
|
assert.response(server,
|
|
|
|
createRequest(layergroup, 'localhost'),
|
|
|
|
{
|
|
|
|
status: 200
|
|
|
|
},
|
|
|
|
function (res, err) {
|
|
|
|
assert.ifError(err);
|
|
|
|
|
|
|
|
var parsed = JSON.parse(res.body);
|
|
|
|
assert.ok(parsed.layergroupid);
|
|
|
|
assert.equal(res.headers['x-layergroup-id'], parsed.layergroupid);
|
|
|
|
|
|
|
|
keysToDelete['map_cfg|' + LayergroupToken.parse(parsed.layergroupid).token] = 0;
|
|
|
|
keysToDelete['user:localhost:mapviews:global'] = 5;
|
|
|
|
|
|
|
|
done();
|
|
|
|
}
|
|
|
|
);
|
|
|
|
});
|
|
|
|
|
2018-05-08 20:41:16 +08:00
|
|
|
it("fail with default - private dataset", function (done) {
|
2018-05-08 20:32:44 +08:00
|
|
|
var layergroup = singleLayergroupConfig(pointSqlMaster, '#layer { marker-fill:red; }');
|
|
|
|
|
|
|
|
assert.response(server,
|
|
|
|
createRequest(layergroup, 'localhost'),
|
|
|
|
{
|
|
|
|
status: 403
|
|
|
|
},
|
|
|
|
function (res, err) {
|
|
|
|
assert.ifError(err);
|
|
|
|
|
|
|
|
done();
|
|
|
|
}
|
|
|
|
);
|
|
|
|
});
|
|
|
|
});
|
2018-02-16 18:20:04 +08:00
|
|
|
});
|