Remove req2params from BaseController and update related test to use the middleware
This commit is contained in:
parent
8139cdf8b2
commit
9bd862ffaf
@ -7,17 +7,6 @@ function BaseController(authApi, pgConnection) {
|
|||||||
|
|
||||||
module.exports = BaseController;
|
module.exports = BaseController;
|
||||||
|
|
||||||
// jshint maxcomplexity:10
|
|
||||||
/**
|
|
||||||
* Whitelist input and get database name & default geometry type from
|
|
||||||
* subdomain/user metadata held in CartoDB Redis
|
|
||||||
* @param req - standard express request obj. Should have host & table
|
|
||||||
* @param callback
|
|
||||||
*/
|
|
||||||
BaseController.prototype.req2params = function(req, res, next) {
|
|
||||||
this.req2paramsMiddleware(req, res, next);
|
|
||||||
};
|
|
||||||
|
|
||||||
// jshint maxcomplexity:6
|
// jshint maxcomplexity:6
|
||||||
|
|
||||||
// jshint maxcomplexity:9
|
// jshint maxcomplexity:9
|
||||||
|
@ -8,7 +8,7 @@ var PgConnection = require('../../../lib/cartodb/backends/pg_connection');
|
|||||||
var AuthApi = require('../../../lib/cartodb/api/auth_api');
|
var AuthApi = require('../../../lib/cartodb/api/auth_api');
|
||||||
var TemplateMaps = require('../../../lib/cartodb/backends/template_maps');
|
var TemplateMaps = require('../../../lib/cartodb/backends/template_maps');
|
||||||
|
|
||||||
var BaseController = require('../../../lib/cartodb/controllers/base');
|
var req2paramsMiddleware = require('../../../lib/cartodb/middleware/req2params-middleware');
|
||||||
var windshaft = require('windshaft');
|
var windshaft = require('windshaft');
|
||||||
|
|
||||||
describe('req2params', function() {
|
describe('req2params', function() {
|
||||||
@ -18,7 +18,7 @@ describe('req2params', function() {
|
|||||||
var test_database = test_user + '_db';
|
var test_database = test_user + '_db';
|
||||||
|
|
||||||
|
|
||||||
var baseController;
|
var req2params;
|
||||||
before(function() {
|
before(function() {
|
||||||
var redisPool = new RedisPool(global.environment.redis);
|
var redisPool = new RedisPool(global.environment.redis);
|
||||||
var mapStore = new windshaft.storage.MapStore();
|
var mapStore = new windshaft.storage.MapStore();
|
||||||
@ -27,12 +27,12 @@ describe('req2params', function() {
|
|||||||
var templateMaps = new TemplateMaps(redisPool);
|
var templateMaps = new TemplateMaps(redisPool);
|
||||||
var authApi = new AuthApi(pgConnection, metadataBackend, mapStore, templateMaps);
|
var authApi = new AuthApi(pgConnection, metadataBackend, mapStore, templateMaps);
|
||||||
|
|
||||||
baseController = new BaseController(authApi, pgConnection);
|
req2params = req2paramsMiddleware(authApi, pgConnection);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
||||||
it('can be found in server_options', function(){
|
it('can be found in server_options', function(){
|
||||||
assert.ok(_.isFunction(baseController.req2params));
|
assert.ok(_.isFunction(req2params));
|
||||||
});
|
});
|
||||||
|
|
||||||
function prepareRequest(req) {
|
function prepareRequest(req) {
|
||||||
@ -46,7 +46,7 @@ describe('req2params', function() {
|
|||||||
it('cleans up request', function(done){
|
it('cleans up request', function(done){
|
||||||
var req = {headers: { host:'localhost' }, query: {dbuser:'hacker',dbname:'secret'}};
|
var req = {headers: { host:'localhost' }, query: {dbuser:'hacker',dbname:'secret'}};
|
||||||
var res = {};
|
var res = {};
|
||||||
baseController.req2params(prepareRequest(req), res, function(err, req) {
|
req2params(prepareRequest(req), res, function(err, req) {
|
||||||
if ( err ) { done(err); return; }
|
if ( err ) { done(err); return; }
|
||||||
assert.ok(_.isObject(req.query), 'request has query');
|
assert.ok(_.isObject(req.query), 'request has query');
|
||||||
assert.ok(!req.query.hasOwnProperty('dbuser'), 'dbuser was removed from query');
|
assert.ok(!req.query.hasOwnProperty('dbuser'), 'dbuser was removed from query');
|
||||||
@ -61,7 +61,7 @@ describe('req2params', function() {
|
|||||||
it('sets dbname from redis metadata', function(done){
|
it('sets dbname from redis metadata', function(done){
|
||||||
var req = {headers: { host:'localhost' }, query: {} };
|
var req = {headers: { host:'localhost' }, query: {} };
|
||||||
var res = {};
|
var res = {};
|
||||||
baseController.req2params(prepareRequest(req), res, function(err, req) {
|
req2params(prepareRequest(req), res, function(err, req) {
|
||||||
if ( err ) { done(err); return; }
|
if ( err ) { done(err); return; }
|
||||||
assert.ok(_.isObject(req.query), 'request has query');
|
assert.ok(_.isObject(req.query), 'request has query');
|
||||||
assert.ok(!req.query.hasOwnProperty('dbuser'), 'dbuser was removed from query');
|
assert.ok(!req.query.hasOwnProperty('dbuser'), 'dbuser was removed from query');
|
||||||
@ -76,7 +76,7 @@ describe('req2params', function() {
|
|||||||
it('sets also dbuser for authenticated requests', function(done){
|
it('sets also dbuser for authenticated requests', function(done){
|
||||||
var req = {headers: { host:'localhost' }, query: {map_key: '1234'} };
|
var req = {headers: { host:'localhost' }, query: {map_key: '1234'} };
|
||||||
var res = {};
|
var res = {};
|
||||||
baseController.req2params(prepareRequest(req), res, function(err, req) {
|
req2params(prepareRequest(req), res, function(err, req) {
|
||||||
if ( err ) { done(err); return; }
|
if ( err ) { done(err); return; }
|
||||||
assert.ok(_.isObject(req.query), 'request has query');
|
assert.ok(_.isObject(req.query), 'request has query');
|
||||||
assert.ok(!req.query.hasOwnProperty('dbuser'), 'dbuser was removed from query');
|
assert.ok(!req.query.hasOwnProperty('dbuser'), 'dbuser was removed from query');
|
||||||
@ -93,7 +93,7 @@ describe('req2params', function() {
|
|||||||
map_key: '1235'
|
map_key: '1235'
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
baseController.req2params(prepareRequest(req), res, function(err, req) {
|
req2params(prepareRequest(req), res, function(err, req) {
|
||||||
// wrong key resets params to no user
|
// wrong key resets params to no user
|
||||||
assert.ok(req.params.dbuser === test_pubuser, 'could inject dbuser ('+req.params.dbuser+')');
|
assert.ok(req.params.dbuser === test_pubuser, 'could inject dbuser ('+req.params.dbuser+')');
|
||||||
done();
|
done();
|
||||||
@ -120,7 +120,7 @@ describe('req2params', function() {
|
|||||||
}
|
}
|
||||||
};
|
};
|
||||||
var res = {};
|
var res = {};
|
||||||
baseController.req2params(prepareRequest(req), res, function(err, req) {
|
req2params(prepareRequest(req), res, function(err, req) {
|
||||||
if ( err ) {
|
if ( err ) {
|
||||||
return done(err);
|
return done(err);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user