Commit Graph

17 Commits

Author SHA1 Message Date
Sandro Santilli
ca47fbd10b Fix unauthenticated access to table styles. Closes #43.
Re-introduces use of the redis "privacy" hash key as an additional
security measure for requests that do not involve PostgreSQL access.

Accessing private table styles is tested with this commit.
Accessing private table metadata or infowindow is _not_ tested,
but should also be fixed now.
2012-08-14 19:26:40 +02:00
Sandro Santilli
fb3f3a312e Really fix setting or deleting styles from unauth. request
Closes #44
2012-08-14 16:15:41 +02:00
Sandro Santilli
39bc387f97 Add test for getting style of private table (auth or not)
NOTE: the unauthorized request CAN GET the style of a private table.
This needs to be fixed (see #43) -- meanwhile the test is disabled.
2012-08-14 15:32:36 +02:00
Sandro Santilli
9e484f9aea Add tests for getting the GRID of private tables (auth or not) 2012-08-14 15:31:58 +02:00
Sandro Santilli
461c0343bd typo in comment 2012-08-14 15:13:23 +02:00
Sandro Santilli
070c6da6da Rationalize acceptance test dividing tests in sections 2012-08-14 15:06:04 +02:00
Sandro Santilli
282ac94e29 Prevent unauthenticated requests from changing map styles 2012-08-07 17:10:15 +02:00
Sandro Santilli
6a92fd3170 Propagate style changes to caches for unauthenticated requests
Closes #41, does it implementing the new afterStyleChange and
afterStyleDelete callbacks in Windshaft 0.4.10.

Adds automated testcases for the bug.
2012-08-07 16:11:49 +02:00
Sandro Santilli
c0eaf826ab Add another test for authentications using old redis key (#39) 2012-08-02 11:17:53 +02:00
Sandro Santilli
de275bfc50 Delegate user permission to PostgreSQL (closes #18)
If the request is authenticated (with map_key) then we log as the
database owner, otherwise we log as the default user.
The default user is now "publicuser" by default.

Raises dependency on Windshaft to 0.4.9+, to get the grainstore
version allowing override of database username.

Add test for req2params function, particularly authentication,
Add test for authenticated / unauthenticated access
2012-07-18 11:09:17 +02:00
Sandro Santilli
895877be8b Do not use invalid MML (won't work with mapnik-2.1) 2012-07-09 21:06:45 +02:00
Sandro Santilli
c884deba05 Remove duplicated server_options.js file 2012-07-09 19:20:49 +02:00
Sandro Santilli
2b24e46f6c Port tests to mocha (closes #20) 2012-07-09 16:49:31 +02:00
Simon Tokumine
98e5bab8e4 commenting and removal of bogus config. also disable cache in test environment 2012-06-06 15:24:44 +01:00
Simon Tokumine
ef15f4b48b migrated to node-varnish, fixed tests, refactor 2011-12-12 18:02:10 +00:00
javi santana
c1ba45cf5a included LRU cache with redis invalidation 2011-10-13 13:17:00 +02:00
Simon Tokumine
431fb56ad2 windshaft for cartodb 2011-09-05 00:00:41 +01:00