cartodb/Windshaft-cartodb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove req2params from BaseController and update related test to use the middleware

Browse Source
This commit is contained in:
Daniel García Aubert 2017-09-22 01:08:46 +02:00
parent 8139cdf8b2
commit 9bd862ffaf
2 changed files with 9 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
lib/cartodb/controllers/base.js
View File

@ -7,17 +7,6 @@ function BaseController(authApi, pgConnection) {
module.exports = BaseController;
// jshint maxcomplexity:10
/**
* Whitelist input and get database name & default geometry type from
* subdomain/user metadata held in CartoDB Redis
* @param req - standard express request obj. Should have host & table
* @param callback
*/
BaseController.prototype.req2params = function(req, res, next) {
this.req2paramsMiddleware(req, res, next);
};
// jshint maxcomplexity:6
// jshint maxcomplexity:9

18
test/unit/cartodb/req2params.test.js
View File

@ -8,7 +8,7 @@ var PgConnection = require('../../../lib/cartodb/backends/pg_connection');
var AuthApi = require('../../../lib/cartodb/api/auth_api');
var TemplateMaps = require('../../../lib/cartodb/backends/template_maps');
var BaseController = require('../../../lib/cartodb/controllers/base');
var req2paramsMiddleware = require('../../../lib/cartodb/middleware/req2params-middleware');
var windshaft = require('windshaft');
describe('req2params', function() {
@ -18,7 +18,7 @@ describe('req2params', function() {
var test_database = test_user + '_db';
var baseController;
var req2params;
before(function() {
var redisPool = new RedisPool(global.environment.redis);
var mapStore = new windshaft.storage.MapStore();
@ -27,12 +27,12 @@ describe('req2params', function() {
var templateMaps = new TemplateMaps(redisPool);
var authApi = new AuthApi(pgConnection, metadataBackend, mapStore, templateMaps);
baseController = new BaseController(authApi, pgConnection);
req2params = req2paramsMiddleware(authApi, pgConnection);
});
it('can be found in server_options', function(){
assert.ok(_.isFunction(baseController.req2params));
assert.ok(_.isFunction(req2params));
});
function prepareRequest(req) {
@ -46,7 +46,7 @@ describe('req2params', function() {
it('cleans up request', function(done){
var req = {headers: { host:'localhost' }, query: {dbuser:'hacker',dbname:'secret'}};
var res = {};
baseController.req2params(prepareRequest(req), res, function(err, req) {
req2params(prepareRequest(req), res, function(err, req) {
if ( err ) { done(err); return; }
assert.ok(_.isObject(req.query), 'request has query');
assert.ok(!req.query.hasOwnProperty('dbuser'), 'dbuser was removed from query');
@ -61,7 +61,7 @@ describe('req2params', function() {
it('sets dbname from redis metadata', function(done){
var req = {headers: { host:'localhost' }, query: {} };
var res = {};
baseController.req2params(prepareRequest(req), res, function(err, req) {
req2params(prepareRequest(req), res, function(err, req) {
if ( err ) { done(err); return; }
assert.ok(_.isObject(req.query), 'request has query');
assert.ok(!req.query.hasOwnProperty('dbuser'), 'dbuser was removed from query');
@ -76,7 +76,7 @@ describe('req2params', function() {
it('sets also dbuser for authenticated requests', function(done){
var req = {headers: { host:'localhost' }, query: {map_key: '1234'} };
var res = {};
baseController.req2params(prepareRequest(req), res, function(err, req) {
req2params(prepareRequest(req), res, function(err, req) {
if ( err ) { done(err); return; }
assert.ok(_.isObject(req.query), 'request has query');
assert.ok(!req.query.hasOwnProperty('dbuser'), 'dbuser was removed from query');
@ -93,7 +93,7 @@ describe('req2params', function() {
map_key: '1235'
}
};
baseController.req2params(prepareRequest(req), res, function(err, req) {
req2params(prepareRequest(req), res, function(err, req) {
// wrong key resets params to no user
assert.ok(req.params.dbuser === test_pubuser, 'could inject dbuser ('+req.params.dbuser+')');
done();
@ -120,7 +120,7 @@ describe('req2params', function() {
}
};
var res = {};
baseController.req2params(prepareRequest(req), res, function(err, req) {
req2params(prepareRequest(req), res, function(err, req) {
if ( err ) {
return done(err);
}