remove auth fallback
This commit is contained in:
parent
efa765a9fc
commit
534c827904
@ -1,5 +1,3 @@
|
||||
var _ = require('underscore'); // AUTH_FALLBACK
|
||||
|
||||
/**
|
||||
*
|
||||
* @param {PgConnection} pgConnection
|
||||
@ -77,11 +75,6 @@ AuthApi.prototype.authorizedByAPIKey = function(user, res, callback) {
|
||||
return callback(err);
|
||||
}
|
||||
|
||||
//Remove this block when Auth fallback is not used anymore
|
||||
// AUTH_FALLBACK
|
||||
apikey.databaseRole = composeUserDatabase(apikey);
|
||||
apikey.databasePassword = composeDatabasePassword(apikey);
|
||||
|
||||
if ( !isValidApiKey(apikey)) {
|
||||
const error = new Error('Unauthorized');
|
||||
error.type = 'auth';
|
||||
@ -113,38 +106,6 @@ AuthApi.prototype.authorizedByAPIKey = function(user, res, callback) {
|
||||
});
|
||||
};
|
||||
|
||||
//Remove this block when Auth fallback is not used anymore
|
||||
// AUTH_FALLBACK
|
||||
function composeUserDatabase (apikey) {
|
||||
if (shouldComposeUserDatabase(apikey)) {
|
||||
return _.template(global.environment.postgres_auth_user, apikey);
|
||||
}
|
||||
|
||||
return apikey.databaseRole;
|
||||
}
|
||||
|
||||
//Remove this block when Auth fallback is not used anymore
|
||||
// AUTH_FALLBACK
|
||||
function composeDatabasePassword (apikey) {
|
||||
if (shouldComposeDatabasePassword(apikey)) {
|
||||
return global.environment.postgres.password;
|
||||
}
|
||||
|
||||
return apikey.databasePassword;
|
||||
}
|
||||
|
||||
//Remove this block when Auth fallback is not used anymore
|
||||
// AUTH_FALLBACK
|
||||
function shouldComposeDatabasePassword (apikey) {
|
||||
return !apikey.databasePassword && global.environment.postgres.password;
|
||||
}
|
||||
|
||||
//Remove this block when Auth fallback is not used anymore
|
||||
// AUTH_FALLBACK
|
||||
function shouldComposeUserDatabase(apikey) {
|
||||
return !apikey.databaseRole && apikey.user_id && global.environment.postgres_auth_user;
|
||||
}
|
||||
|
||||
function isNameNotFoundError (err) {
|
||||
return err.message && -1 !== err.message.indexOf('name not found');
|
||||
}
|
||||
|
@ -32,12 +32,6 @@ PgConnection.prototype.setDBAuth = function(username, params, apikeyType, callba
|
||||
params.dbuser = apikey.databaseRole;
|
||||
params.dbpassword = apikey.databasePassword;
|
||||
|
||||
//Remove this block when Auth fallback is not used anymore
|
||||
// AUTH_FALLBACK
|
||||
if (!params.dbuser && apikey.user_id && global.environment.postgres_auth_user) {
|
||||
params.dbuser = _.template(global.environment.postgres_auth_user, apikey);
|
||||
}
|
||||
|
||||
return callback();
|
||||
});
|
||||
} else if (apikeyType === 'regular') { //Actually it can be any type of api key
|
||||
@ -52,20 +46,6 @@ PgConnection.prototype.setDBAuth = function(username, params, apikeyType, callba
|
||||
params.dbuser = apikey.databaseRole;
|
||||
params.dbpassword = apikey.databasePassword;
|
||||
|
||||
//Remove this block when Auth fallback is not used anymore
|
||||
// AUTH_FALLBACK
|
||||
// master apikey has been recreated from user's metadata
|
||||
if (!params.dbuser && apikey.user_id && apikey.type === 'master' && global.environment.postgres_auth_user) {
|
||||
params.dbuser = _.template(global.environment.postgres_auth_user, apikey);
|
||||
}
|
||||
|
||||
//Remove this block when Auth fallback is not used anymore
|
||||
// AUTH_FALLBACK
|
||||
// default apikey has been recreated from user's metadata
|
||||
if (!params.dbpassword && global.environment.postgres.password) {
|
||||
params.dbpassword = global.environment.postgres.password;
|
||||
}
|
||||
|
||||
return callback();
|
||||
});
|
||||
} else if (apikeyType === 'default') {
|
||||
@ -80,12 +60,6 @@ PgConnection.prototype.setDBAuth = function(username, params, apikeyType, callba
|
||||
params.dbuser = apikey.databaseRole;
|
||||
params.dbpassword = apikey.databasePassword;
|
||||
|
||||
//Remove this block when Auth fallback is not used anymore
|
||||
// AUTH_FALLBACK
|
||||
if (!params.dbpassword && global.environment.postgres.password) {
|
||||
params.dbpassword = global.environment.postgres.password;
|
||||
}
|
||||
|
||||
return callback();
|
||||
});
|
||||
} else {
|
||||
|
@ -108,7 +108,7 @@ function authorizedByAPIKey ({ authApi, action, label }) {
|
||||
}
|
||||
|
||||
if (!authenticated) {
|
||||
const error = new Error(`Only authenticated user can ${action} templated maps`);
|
||||
const error = new Error(`Only authenticated users can ${action} templated maps`);
|
||||
error.http_status = 403;
|
||||
error.label = label;
|
||||
return next(error);
|
||||
|
@ -1,6 +1,3 @@
|
||||
//Remove this file when Auth fallback is not used anymore
|
||||
// AUTH_FALLBACK
|
||||
|
||||
const assert = require('../../support/assert');
|
||||
const testHelper = require('../../support/test_helper');
|
||||
const CartodbWindshaft = require('../../../lib/cartodb/server');
|
||||
@ -44,7 +41,7 @@ var pointSqlMaster = "select * from test_table_private_1";
|
||||
var pointSqlPublic = "select * from test_table";
|
||||
var keysToDelete;
|
||||
|
||||
describe('authorization fallback', function () {
|
||||
describe.only('Basic authorization use cases', function () {
|
||||
var server;
|
||||
|
||||
before(function () {
|
||||
@ -63,7 +60,7 @@ describe('authorization fallback', function () {
|
||||
var layergroup = singleLayergroupConfig(pointSqlMaster, '#layer { marker-fill:red; }');
|
||||
|
||||
assert.response(server,
|
||||
createRequest(layergroup, 'user_previous_to_project_auth', '4444'),
|
||||
createRequest(layergroup, 'localhost', '1234'),
|
||||
{
|
||||
status: 200
|
||||
},
|
||||
@ -75,7 +72,7 @@ describe('authorization fallback', function () {
|
||||
assert.equal(res.headers['x-layergroup-id'], parsed.layergroupid);
|
||||
|
||||
keysToDelete['map_cfg|' + LayergroupToken.parse(parsed.layergroupid).token] = 0;
|
||||
keysToDelete['user:user_previous_to_project_auth:mapviews:global'] = 5;
|
||||
keysToDelete['user:localhost:mapviews:global'] = 5;
|
||||
|
||||
done();
|
||||
}
|
||||
@ -87,7 +84,7 @@ describe('authorization fallback', function () {
|
||||
var layergroup = singleLayergroupConfig(pointSqlPublic, '#layer { marker-fill:red; }');
|
||||
|
||||
assert.response(server,
|
||||
createRequest(layergroup, 'user_previous_to_project_auth', 'default_public'),
|
||||
createRequest(layergroup, 'localhost', 'default_public'),
|
||||
{
|
||||
status: 200
|
||||
},
|
||||
@ -99,7 +96,7 @@ describe('authorization fallback', function () {
|
||||
assert.equal(res.headers['x-layergroup-id'], parsed.layergroupid);
|
||||
|
||||
keysToDelete['map_cfg|' + LayergroupToken.parse(parsed.layergroupid).token] = 0;
|
||||
keysToDelete['user:user_previous_to_project_auth:mapviews:global'] = 5;
|
||||
keysToDelete['user:localhost:mapviews:global'] = 5;
|
||||
|
||||
done();
|
||||
}
|
||||
@ -110,7 +107,7 @@ describe('authorization fallback', function () {
|
||||
var layergroup = singleLayergroupConfig(pointSqlPublic, '#layer { marker-fill:red; }');
|
||||
|
||||
assert.response(server,
|
||||
createRequest(layergroup, 'user_previous_to_project_auth'),
|
||||
createRequest(layergroup, 'localhost'),
|
||||
{
|
||||
status: 200
|
||||
},
|
||||
@ -122,31 +119,27 @@ describe('authorization fallback', function () {
|
||||
assert.equal(res.headers['x-layergroup-id'], parsed.layergroupid);
|
||||
|
||||
keysToDelete['map_cfg|' + LayergroupToken.parse(parsed.layergroupid).token] = 0;
|
||||
keysToDelete['user:user_previous_to_project_auth:mapviews:global'] = 5;
|
||||
keysToDelete['user:localhost:mapviews:global'] = 5;
|
||||
|
||||
done();
|
||||
}
|
||||
);
|
||||
});
|
||||
|
||||
it("succeed with non-existent api key - defaults to default", function (done) {
|
||||
it("fail with non-existent api key", function (done) {
|
||||
var layergroup = singleLayergroupConfig(pointSqlPublic, '#layer { marker-fill:red; }');
|
||||
|
||||
assert.response(server,
|
||||
createRequest(layergroup, 'user_previous_to_project_auth', 'THIS-API-KEY-DOESNT-EXIST'),
|
||||
createRequest(layergroup, 'localhost', 'THIS-API-KEY-DOESNT-EXIST'),
|
||||
{
|
||||
status: 200
|
||||
status: 401
|
||||
},
|
||||
function (res, err) {
|
||||
assert.ifError(err);
|
||||
|
||||
var parsed = JSON.parse(res.body);
|
||||
assert.ok(parsed.layergroupid);
|
||||
assert.equal(res.headers['x-layergroup-id'], parsed.layergroupid);
|
||||
|
||||
keysToDelete['map_cfg|' + LayergroupToken.parse(parsed.layergroupid).token] = 0;
|
||||
keysToDelete['user:user_previous_to_project_auth:mapviews:global'] = 5;
|
||||
|
||||
assert.ok(parsed.hasOwnProperty('errors'));
|
||||
assert.equal(parsed.errors.length, 1);
|
||||
assert.ok(parsed.errors[0].match(/Unauthorized/));
|
||||
done();
|
||||
}
|
||||
);
|
||||
@ -156,23 +149,7 @@ describe('authorization fallback', function () {
|
||||
var layergroup = singleLayergroupConfig(pointSqlMaster, '#layer { marker-fill:red; }');
|
||||
|
||||
assert.response(server,
|
||||
createRequest(layergroup, 'user_previous_to_project_auth', 'default_public'),
|
||||
{
|
||||
status: 403
|
||||
},
|
||||
function (res, err) {
|
||||
assert.ifError(err);
|
||||
|
||||
done();
|
||||
}
|
||||
);
|
||||
});
|
||||
|
||||
it("fail with non-existent api key - defaults to default", function (done) {
|
||||
var layergroup = singleLayergroupConfig(pointSqlMaster, '#layer { marker-fill:red; }');
|
||||
|
||||
assert.response(server,
|
||||
createRequest(layergroup, 'user_previous_to_project_auth', 'THIS-API-KEY-DOESNT-EXIST'),
|
||||
createRequest(layergroup, 'localhost', 'default_public'),
|
||||
{
|
||||
status: 403
|
||||
},
|
@ -132,18 +132,6 @@ HMSET rails:users:cartodb250user id ${TESTUSERID} \
|
||||
EOF
|
||||
|
||||
|
||||
# Remove this block when Auth fallback is not used anymore
|
||||
# AUTH_FALLBACK
|
||||
# A user to test auth fallback to no api keys mode
|
||||
cat <<EOF | redis-cli -p ${REDIS_PORT} -n 5
|
||||
HMSET rails:users:user_previous_to_project_auth id ${TESTUSERID} \
|
||||
database_name "${TEST_DB}" \
|
||||
database_host "localhost" \
|
||||
database_password "${TESTPASS}" \
|
||||
database_publicuser "${PUBLICUSER}"\
|
||||
map_key 4444
|
||||
EOF
|
||||
|
||||
cat <<EOF | redis-cli -p ${REDIS_PORT} -n 0
|
||||
HSET rails:${TEST_DB}:my_table infowindow "this, that, the other"
|
||||
HSET rails:${TEST_DB}:test_table_private_1 privacy "0"
|
||||
|
@ -109,7 +109,6 @@ afterEach(function(done) {
|
||||
'rails:users:localhost:map_key': true,
|
||||
'rails:users:cartodb250user': true,
|
||||
'rails:users:localhost': true,
|
||||
'rails:users:user_previous_to_project_auth': true, // AUTH_FALLBACK
|
||||
'api_keys:localhost:1234': true,
|
||||
'api_keys:localhost:default_public': true,
|
||||
'api_keys:cartodb250user:4321': true,
|
||||
|
Loading…
Reference in New Issue
Block a user