Windshaft-cartodb/test/unit/cartodb/prepare-context.test.js

251 lines
8.6 KiB
JavaScript
Raw Normal View History

2015-03-24 00:54:37 +08:00
var assert = require('assert');
var _ = require('underscore');
var RedisPool = require('redis-mpool');
var cartodbRedis = require('cartodb-redis');
var PgConnection = require('../../../lib/cartodb/backends/pg_connection');
var AuthApi = require('../../../lib/cartodb/api/auth_api');
var TemplateMaps = require('../../../lib/cartodb/backends/template_maps');
const cleanUpQueryParamsMiddleware = require('../../../lib/cartodb/middleware/context/clean-up-query-params');
const authorizeMiddleware = require('../../../lib/cartodb/middleware/context/authorize');
const dbConnSetupMiddleware = require('../../../lib/cartodb/middleware/context/db-conn-setup');
const apikeyCredentialsMiddleware = require('../../../lib/cartodb/middleware/context/apikey-credentials');
const localsMiddleware = require('../../../lib/cartodb/middleware/context/locals');
var windshaft = require('windshaft');
2017-09-22 23:56:47 +08:00
describe('prepare-context', function() {
var test_user = _.template(global.environment.postgres_auth_user, {user_id:1});
var test_pubuser = global.environment.postgres.user;
var test_database = test_user + '_db';
let cleanUpQueryParams;
let dbConnSetup;
let authorize;
let setApikeyCredentials;
before(function() {
var redisPool = new RedisPool(global.environment.redis);
var mapStore = new windshaft.storage.MapStore();
var metadataBackend = cartodbRedis({pool: redisPool});
var pgConnection = new PgConnection(metadataBackend);
var templateMaps = new TemplateMaps(redisPool);
var authApi = new AuthApi(pgConnection, metadataBackend, mapStore, templateMaps);
cleanUpQueryParams = cleanUpQueryParamsMiddleware();
authorize = authorizeMiddleware(authApi);
dbConnSetup = dbConnSetupMiddleware(pgConnection);
setApikeyCredentials = apikeyCredentialsMiddleware();
});
2016-01-29 02:44:25 +08:00
2015-09-25 19:31:51 +08:00
it('can be found in server_options', function(){
assert.ok(_.isFunction(authorize));
assert.ok(_.isFunction(dbConnSetup));
assert.ok(_.isFunction(cleanUpQueryParams));
});
function prepareRequest(req) {
req.profiler = {
done: function() {}
};
2017-10-03 23:47:57 +08:00
return req;
}
function prepareResponse(res) {
2017-10-03 23:47:57 +08:00
if(!res.locals) {
res.locals = {};
}
res.locals.user = 'localhost';
2018-03-06 22:26:35 +08:00
res.set = function () {};
return res;
2015-07-08 21:34:46 +08:00
}
it('res.locals are created', function(done) {
let req = {};
let res = {};
localsMiddleware(prepareRequest(req), prepareResponse(res), function(err) {
if ( err ) { done(err); return; }
assert.ok(res.hasOwnProperty('locals'), 'response has locals');
done();
});
});
2015-09-25 19:31:51 +08:00
it('cleans up request', function(done){
2017-10-05 17:35:49 +08:00
var req = {headers: { host:'localhost' }, query: {dbuser:'hacker',dbname:'secret'}};
var res = {};
cleanUpQueryParams(prepareRequest(req), prepareResponse(res), function(err) {
if ( err ) { done(err); return; }
assert.ok(_.isObject(req.query), 'request has query');
assert.ok(!req.query.hasOwnProperty('dbuser'), 'dbuser was removed from query');
assert.ok(res.hasOwnProperty('locals'), 'response has locals');
assert.ok(!res.locals.hasOwnProperty('interactivity'), 'response locals do not have interactivity');
done();
});
});
2015-09-25 19:31:51 +08:00
it('sets dbname from redis metadata', function(done){
2017-10-05 17:35:49 +08:00
var req = {headers: { host:'localhost' }, query: {} };
var res = { set: function () {} };
2017-10-05 17:35:49 +08:00
dbConnSetup(prepareRequest(req), prepareResponse(res), function(err) {
if ( err ) { done(err); return; }
assert.ok(_.isObject(req.query), 'request has query');
assert.ok(!req.query.hasOwnProperty('dbuser'), 'dbuser was removed from query');
assert.ok(res.hasOwnProperty('locals'), 'response has locals');
assert.ok(!res.locals.hasOwnProperty('interactivity'), 'response locals do not have interactivity');
assert.equal(res.locals.dbname, test_database);
assert.ok(res.locals.dbuser === test_pubuser, 'could inject dbuser ('+res.locals.dbuser+')');
done();
});
});
2015-09-25 19:31:51 +08:00
it('sets also dbuser for authenticated requests', function(done){
2018-02-08 00:14:46 +08:00
var req = {
headers: {
host: 'localhost'
},
query: {
api_key: '1234'
}
};
var res = {
set: function () {},
locals: {
api_key: '1234'
}
};
// FIXME: review authorize-pgconnsetup workflow, It might we are doing authorization twice.
authorize(prepareRequest(req), prepareResponse(res), function (err) {
if (err) { done(err); return; }
dbConnSetup(req, res, function(err) {
if ( err ) { done(err); return; }
assert.ok(_.isObject(req.query), 'request has query');
assert.ok(!req.query.hasOwnProperty('dbuser'), 'dbuser was removed from query');
assert.ok(res.hasOwnProperty('locals'), 'response has locals');
assert.ok(!res.locals.hasOwnProperty('interactivity'), 'request params do not have interactivity');
assert.equal(res.locals.dbname, test_database);
assert.equal(res.locals.dbuser, test_user);
req = {
headers: {
host:'localhost'
},
query: {
map_key: '1235'
2017-10-02 18:28:29 +08:00
}
};
res = { set: function () {} };
2017-10-03 23:47:57 +08:00
dbConnSetup(prepareRequest(req), prepareResponse(res), function() {
// wrong key resets params to no user
assert.ok(res.locals.dbuser === test_pubuser, 'could inject dbuser ('+res.locals.dbuser+')');
done();
});
});
});
});
it('it should remove invalid params', function(done) {
var config = {
version: '1.3.0'
};
var req = {
headers: {
host:'localhost'
},
query: {
non_included: 'toberemoved',
api_key: 'test',
style: 'override',
config: config
}
2015-03-24 00:54:37 +08:00
};
var res = {};
cleanUpQueryParams(prepareRequest(req), prepareResponse(res), function (err) {
if ( err ) {
return done(err);
}
var query = res.locals;
assert.deepEqual(config, query.config);
assert.equal('test', query.api_key);
assert.equal(undefined, query.non_included);
done();
});
});
2015-03-24 00:54:37 +08:00
2018-02-15 19:53:01 +08:00
describe('Set apikey token', function(){
2018-02-15 19:50:42 +08:00
it('from query param', function (done) {
var req = {
headers: {
host: 'localhost'
},
query: {
2018-02-15 19:53:01 +08:00
api_key: '1234',
2018-02-15 19:50:42 +08:00
}
};
var res = {};
setApikeyCredentials(prepareRequest(req), prepareResponse(res), function (err) {
2018-02-15 19:50:42 +08:00
if (err) {
return done(err);
}
var query = res.locals;
assert.equal('1234', query.api_key);
done();
});
});
it('from body param', function (done) {
var req = {
headers: {
host: 'localhost'
},
body: {
api_key: '1234',
}
};
var res = {};
setApikeyCredentials(prepareRequest(req), prepareResponse(res), function (err) {
if (err) {
return done(err);
}
var query = res.locals;
assert.equal('1234', query.api_key);
done();
});
});
it('from http header', function (done) {
var req = {
headers: {
host: 'localhost',
authorization: 'Basic bG9jYWxob3N0OjEyMzQ=', // user: localhost, password: 1234
}
};
var res = {};
setApikeyCredentials(prepareRequest(req), prepareResponse(res), function (err) {
if (err) {
return done(err);
}
var query = res.locals;
assert.equal('1234', query.api_key);
done();
});
});
2018-02-15 19:50:42 +08:00
});
});