Commit Graph

126 Commits

Author SHA1 Message Date
Sandro Santilli
738f47d968 Be tolerant about injections of CartoCSS versions 2012-09-27 10:42:29 +02:00
Sandro Santilli
11ae4d6ff1 Add test to check survival to unparseable style 2012-09-26 16:35:15 +02:00
Sandro Santilli
4d524d88d2 Reduce GET style error verbosity 2012-09-25 10:18:47 +02:00
Sandro Santilli
bc506784ca Add an X-Cache-Channel header to all GET requests. Closes #53. 2012-09-25 09:27:03 +02:00
Sandro Santilli
5c067b3939 Make test for unauthenticated style setting request predictable
Closes #50
2012-09-19 19:09:42 +02:00
Sandro Santilli
e1e5bb413e Fix test to use expected hostname 2012-09-19 18:13:28 +02:00
Sandro Santilli
dcbe051654 Return 401 status for unauthorized requests (see #48) 2012-09-05 20:16:55 +02:00
Sandro Santilli
2ae159c568 Require windshaft-0.4.13, update expected response statuses 2012-09-05 20:06:43 +02:00
Sandro Santilli
de24f55e20 Add test for getting infowindow of private tables 2012-08-14 20:01:32 +02:00
Sandro Santilli
ca47fbd10b Fix unauthenticated access to table styles. Closes #43.
Re-introduces use of the redis "privacy" hash key as an additional
security measure for requests that do not involve PostgreSQL access.

Accessing private table styles is tested with this commit.
Accessing private table metadata or infowindow is _not_ tested,
but should also be fixed now.
2012-08-14 19:26:40 +02:00
Sandro Santilli
fb3f3a312e Really fix setting or deleting styles from unauth. request
Closes #44
2012-08-14 16:15:41 +02:00
Sandro Santilli
39bc387f97 Add test for getting style of private table (auth or not)
NOTE: the unauthorized request CAN GET the style of a private table.
This needs to be fixed (see #43) -- meanwhile the test is disabled.
2012-08-14 15:32:36 +02:00
Sandro Santilli
9e484f9aea Add tests for getting the GRID of private tables (auth or not) 2012-08-14 15:31:58 +02:00
Sandro Santilli
461c0343bd typo in comment 2012-08-14 15:13:23 +02:00
Sandro Santilli
070c6da6da Rationalize acceptance test dividing tests in sections 2012-08-14 15:06:04 +02:00
Sandro Santilli
282ac94e29 Prevent unauthenticated requests from changing map styles 2012-08-07 17:10:15 +02:00
Sandro Santilli
6a92fd3170 Propagate style changes to caches for unauthenticated requests
Closes #41, does it implementing the new afterStyleChange and
afterStyleDelete callbacks in Windshaft 0.4.10.

Adds automated testcases for the bug.
2012-08-07 16:11:49 +02:00
Sandro Santilli
c0eaf826ab Add another test for authentications using old redis key (#39) 2012-08-02 11:17:53 +02:00
Sandro Santilli
de275bfc50 Delegate user permission to PostgreSQL (closes #18)
If the request is authenticated (with map_key) then we log as the
database owner, otherwise we log as the default user.
The default user is now "publicuser" by default.

Raises dependency on Windshaft to 0.4.9+, to get the grainstore
version allowing override of database username.

Add test for req2params function, particularly authentication,
Add test for authenticated / unauthenticated access
2012-07-18 11:09:17 +02:00
Sandro Santilli
895877be8b Do not use invalid MML (won't work with mapnik-2.1) 2012-07-09 21:06:45 +02:00
Sandro Santilli
c884deba05 Remove duplicated server_options.js file 2012-07-09 19:20:49 +02:00
Sandro Santilli
2b24e46f6c Port tests to mocha (closes #20) 2012-07-09 16:49:31 +02:00
Simon Tokumine
98e5bab8e4 commenting and removal of bogus config. also disable cache in test environment 2012-06-06 15:24:44 +01:00
Simon Tokumine
ef15f4b48b migrated to node-varnish, fixed tests, refactor 2011-12-12 18:02:10 +00:00
javi santana
c1ba45cf5a included LRU cache with redis invalidation 2011-10-13 13:17:00 +02:00
Simon Tokumine
431fb56ad2 windshaft for cartodb 2011-09-05 00:00:41 +01:00