2015-03-24 00:54:37 +08:00
|
|
|
var assert = require('assert');
|
|
|
|
var _ = require('underscore');
|
|
|
|
var test_helper = require('../../support/test_helper');
|
2012-07-18 17:00:24 +08:00
|
|
|
|
|
|
|
suite('req2params', function() {
|
|
|
|
|
|
|
|
// configure redis pool instance to use in tests
|
2014-02-19 13:45:29 +08:00
|
|
|
var opts = require('../../../lib/cartodb/server_options')();
|
2014-02-21 01:03:43 +08:00
|
|
|
|
|
|
|
var test_user = _.template(global.environment.postgres_auth_user, {user_id:1});
|
|
|
|
var test_pubuser = global.environment.postgres.user;
|
|
|
|
var test_database = test_user + '_db';
|
|
|
|
|
2012-07-18 17:00:24 +08:00
|
|
|
|
|
|
|
test('can be found in server_options', function(){
|
|
|
|
assert.ok(_.isFunction(opts.req2params));
|
|
|
|
});
|
|
|
|
|
|
|
|
test('cleans up request', function(done){
|
2012-07-19 19:36:09 +08:00
|
|
|
opts.req2params({headers: { host:'localhost' }, query: {dbuser:'hacker',dbname:'secret'}}, function(err, req) {
|
2013-12-06 17:20:32 +08:00
|
|
|
if ( err ) { done(err); return; }
|
2012-07-18 17:00:24 +08:00
|
|
|
assert.ok(_.isObject(req.query), 'request has query');
|
|
|
|
assert.ok(!req.query.hasOwnProperty('dbuser'), 'dbuser was removed from query');
|
|
|
|
assert.ok(req.hasOwnProperty('params'), 'request has params');
|
2013-04-06 00:11:36 +08:00
|
|
|
assert.ok(req.params.hasOwnProperty('interactivity'), 'request params have interactivity');
|
2014-02-21 01:03:43 +08:00
|
|
|
assert.equal(req.params.dbname, test_database, 'could forge dbname: '+ req.params.dbname);
|
|
|
|
assert.ok(req.params.dbuser === test_pubuser, 'could inject dbuser ('+req.params.dbuser+')');
|
2012-07-18 17:00:24 +08:00
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
test('sets dbname from redis metadata', function(done){
|
2012-10-05 21:44:04 +08:00
|
|
|
opts.req2params({headers: { host:'localhost' }, query: {} }, function(err, req) {
|
2013-12-06 17:20:32 +08:00
|
|
|
if ( err ) { done(err); return; }
|
2012-07-18 17:00:24 +08:00
|
|
|
//console.dir(req);
|
|
|
|
assert.ok(_.isObject(req.query), 'request has query');
|
|
|
|
assert.ok(!req.query.hasOwnProperty('dbuser'), 'dbuser was removed from query');
|
|
|
|
assert.ok(req.hasOwnProperty('params'), 'request has params');
|
2013-04-06 00:11:36 +08:00
|
|
|
assert.ok(req.params.hasOwnProperty('interactivity'), 'request params have interactivity');
|
2014-02-21 01:03:43 +08:00
|
|
|
assert.equal(req.params.dbname, test_database);
|
|
|
|
assert.ok(req.params.dbuser === test_pubuser, 'could inject dbuser ('+req.params.dbuser+')');
|
2012-07-18 17:00:24 +08:00
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
test('sets also dbuser for authenticated requests', function(done){
|
2012-10-05 21:44:04 +08:00
|
|
|
opts.req2params({headers: { host:'localhost' }, query: {map_key: '1234'} }, function(err, req) {
|
2013-12-06 17:20:32 +08:00
|
|
|
if ( err ) { done(err); return; }
|
2012-07-18 17:00:24 +08:00
|
|
|
//console.dir(req);
|
|
|
|
assert.ok(_.isObject(req.query), 'request has query');
|
|
|
|
assert.ok(!req.query.hasOwnProperty('dbuser'), 'dbuser was removed from query');
|
|
|
|
assert.ok(req.hasOwnProperty('params'), 'request has params');
|
2013-04-06 00:11:36 +08:00
|
|
|
assert.ok(req.params.hasOwnProperty('interactivity'), 'request params have interactivity');
|
2014-02-21 01:03:43 +08:00
|
|
|
assert.equal(req.params.dbname, test_database);
|
|
|
|
assert.equal(req.params.dbuser, test_user);
|
2012-07-18 17:00:24 +08:00
|
|
|
|
2012-10-05 21:44:04 +08:00
|
|
|
opts.req2params({headers: { host:'localhost' }, query: {map_key: '1235'} }, function(err, req) {
|
2012-07-18 17:00:24 +08:00
|
|
|
// wrong key resets params to no user
|
2014-02-21 01:03:43 +08:00
|
|
|
assert.ok(req.params.dbuser === test_pubuser, 'could inject dbuser ('+req.params.dbuser+')');
|
2012-07-18 17:00:24 +08:00
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
2013-04-24 21:10:58 +08:00
|
|
|
|
|
|
|
test('it should extend params with decoded lzma', function(done) {
|
2015-03-24 00:54:37 +08:00
|
|
|
var qo = {
|
|
|
|
style: 'test',
|
|
|
|
style_version: '2.1.0',
|
|
|
|
cache_buster: 5
|
|
|
|
};
|
|
|
|
test_helper.lzma_compress_to_base64(JSON.stringify(qo), 1, function(err, data) {
|
|
|
|
console.log(data);
|
|
|
|
var req = {
|
|
|
|
headers: {
|
|
|
|
host:'localhost'
|
|
|
|
},
|
|
|
|
query: {
|
|
|
|
non_included: 'toberemoved',
|
|
|
|
api_key: 'test',
|
|
|
|
style: 'override',
|
|
|
|
lzma: data
|
|
|
|
}
|
|
|
|
};
|
|
|
|
opts.req2params(req, function(err, req) {
|
|
|
|
if ( err ) {
|
|
|
|
return done(err);
|
|
|
|
}
|
|
|
|
var query = req.params;
|
|
|
|
assert.equal(qo.cache_buster, query.cache_buster);
|
|
|
|
assert.equal('test', query.api_key);
|
|
|
|
assert.equal(undefined, query.non_included);
|
|
|
|
done();
|
|
|
|
});
|
2013-04-24 21:10:58 +08:00
|
|
|
});
|
|
|
|
});
|
2015-03-24 00:54:37 +08:00
|
|
|
|
2012-07-18 17:00:24 +08:00
|
|
|
});
|