Remove req2params from BaseController and update related test to use the middleware

This commit is contained in:
Daniel García Aubert 2017-09-22 01:08:46 +02:00
parent 8139cdf8b2
commit 9bd862ffaf
2 changed files with 9 additions and 20 deletions

View File

@ -7,17 +7,6 @@ function BaseController(authApi, pgConnection) {
module.exports = BaseController; module.exports = BaseController;
// jshint maxcomplexity:10
/**
* Whitelist input and get database name & default geometry type from
* subdomain/user metadata held in CartoDB Redis
* @param req - standard express request obj. Should have host & table
* @param callback
*/
BaseController.prototype.req2params = function(req, res, next) {
this.req2paramsMiddleware(req, res, next);
};
// jshint maxcomplexity:6 // jshint maxcomplexity:6
// jshint maxcomplexity:9 // jshint maxcomplexity:9

View File

@ -8,7 +8,7 @@ var PgConnection = require('../../../lib/cartodb/backends/pg_connection');
var AuthApi = require('../../../lib/cartodb/api/auth_api'); var AuthApi = require('../../../lib/cartodb/api/auth_api');
var TemplateMaps = require('../../../lib/cartodb/backends/template_maps'); var TemplateMaps = require('../../../lib/cartodb/backends/template_maps');
var BaseController = require('../../../lib/cartodb/controllers/base'); var req2paramsMiddleware = require('../../../lib/cartodb/middleware/req2params-middleware');
var windshaft = require('windshaft'); var windshaft = require('windshaft');
describe('req2params', function() { describe('req2params', function() {
@ -18,7 +18,7 @@ describe('req2params', function() {
var test_database = test_user + '_db'; var test_database = test_user + '_db';
var baseController; var req2params;
before(function() { before(function() {
var redisPool = new RedisPool(global.environment.redis); var redisPool = new RedisPool(global.environment.redis);
var mapStore = new windshaft.storage.MapStore(); var mapStore = new windshaft.storage.MapStore();
@ -27,12 +27,12 @@ describe('req2params', function() {
var templateMaps = new TemplateMaps(redisPool); var templateMaps = new TemplateMaps(redisPool);
var authApi = new AuthApi(pgConnection, metadataBackend, mapStore, templateMaps); var authApi = new AuthApi(pgConnection, metadataBackend, mapStore, templateMaps);
baseController = new BaseController(authApi, pgConnection); req2params = req2paramsMiddleware(authApi, pgConnection);
}); });
it('can be found in server_options', function(){ it('can be found in server_options', function(){
assert.ok(_.isFunction(baseController.req2params)); assert.ok(_.isFunction(req2params));
}); });
function prepareRequest(req) { function prepareRequest(req) {
@ -46,7 +46,7 @@ describe('req2params', function() {
it('cleans up request', function(done){ it('cleans up request', function(done){
var req = {headers: { host:'localhost' }, query: {dbuser:'hacker',dbname:'secret'}}; var req = {headers: { host:'localhost' }, query: {dbuser:'hacker',dbname:'secret'}};
var res = {}; var res = {};
baseController.req2params(prepareRequest(req), res, function(err, req) { req2params(prepareRequest(req), res, function(err, req) {
if ( err ) { done(err); return; } if ( err ) { done(err); return; }
assert.ok(_.isObject(req.query), 'request has query'); assert.ok(_.isObject(req.query), 'request has query');
assert.ok(!req.query.hasOwnProperty('dbuser'), 'dbuser was removed from query'); assert.ok(!req.query.hasOwnProperty('dbuser'), 'dbuser was removed from query');
@ -61,7 +61,7 @@ describe('req2params', function() {
it('sets dbname from redis metadata', function(done){ it('sets dbname from redis metadata', function(done){
var req = {headers: { host:'localhost' }, query: {} }; var req = {headers: { host:'localhost' }, query: {} };
var res = {}; var res = {};
baseController.req2params(prepareRequest(req), res, function(err, req) { req2params(prepareRequest(req), res, function(err, req) {
if ( err ) { done(err); return; } if ( err ) { done(err); return; }
assert.ok(_.isObject(req.query), 'request has query'); assert.ok(_.isObject(req.query), 'request has query');
assert.ok(!req.query.hasOwnProperty('dbuser'), 'dbuser was removed from query'); assert.ok(!req.query.hasOwnProperty('dbuser'), 'dbuser was removed from query');
@ -76,7 +76,7 @@ describe('req2params', function() {
it('sets also dbuser for authenticated requests', function(done){ it('sets also dbuser for authenticated requests', function(done){
var req = {headers: { host:'localhost' }, query: {map_key: '1234'} }; var req = {headers: { host:'localhost' }, query: {map_key: '1234'} };
var res = {}; var res = {};
baseController.req2params(prepareRequest(req), res, function(err, req) { req2params(prepareRequest(req), res, function(err, req) {
if ( err ) { done(err); return; } if ( err ) { done(err); return; }
assert.ok(_.isObject(req.query), 'request has query'); assert.ok(_.isObject(req.query), 'request has query');
assert.ok(!req.query.hasOwnProperty('dbuser'), 'dbuser was removed from query'); assert.ok(!req.query.hasOwnProperty('dbuser'), 'dbuser was removed from query');
@ -93,7 +93,7 @@ describe('req2params', function() {
map_key: '1235' map_key: '1235'
} }
}; };
baseController.req2params(prepareRequest(req), res, function(err, req) { req2params(prepareRequest(req), res, function(err, req) {
// wrong key resets params to no user // wrong key resets params to no user
assert.ok(req.params.dbuser === test_pubuser, 'could inject dbuser ('+req.params.dbuser+')'); assert.ok(req.params.dbuser === test_pubuser, 'could inject dbuser ('+req.params.dbuser+')');
done(); done();
@ -120,7 +120,7 @@ describe('req2params', function() {
} }
}; };
var res = {}; var res = {};
baseController.req2params(prepareRequest(req), res, function(err, req) { req2params(prepareRequest(req), res, function(err, req) {
if ( err ) { if ( err ) {
return done(err); return done(err);
} }