cartodb4/Windshaft-cartodb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #938 from CartoDB/named-map-auth-tests

Browse Source 
Named map auth tests
This commit is contained in:
Eneko Lakasta 2018-04-13 12:56:49 +02:00 committed by GitHub
commit 35459b7332
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 744 additions and 116 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

701
test/acceptance/auth/authorization.js
View File

@ -37,31 +37,6 @@ describe('authorization', function() {
});
});
it.skip('should create and get a named map tile using a regular apikey token', function (done) {
const apikeyToken = 'regular1';
const mapConfig = {
version: '1.7.0',
layers: [
{
options: {
sql: 'select * FROM test_table_localhost_regular1',
cartocss: TestClient.CARTOCSS.POINTS,
cartocss_version: '2.3.0'
}
}
]
};
const testClient = new TestClient(mapConfig, apikeyToken);
testClient.getTile(0, 0, 0, function (err, res, tile) {
assert.ifError(err);
assert.equal(res.statusCode, 200);
assert.ok(tile instanceof mapnik.Image);
testClient.drain(done);
});
});
it('should fail getting a named map tile with default apikey token', function (done) {
const apikeyTokenCreate = 'regular1';
@ -354,110 +329,604 @@ describe('authorization', function() {
});
});
it('should fail while listing named maps with a regular apikey token', function (done) {
const apikeyToken = 'regular1';
describe('Named maps', function () {
describe('LIST Named maps', function () {
const testClient = new TestClient({}, apikeyToken);
it('should fail while listing named maps with a regular apikey token', function (done) {
const apikeyToken = 'regular1';
testClient.getNamedMapList({ response: {status: 403 }}, function (err, res, body) {
assert.ifError(err);
const testClient = new TestClient({}, apikeyToken);
assert.equal(res.statusCode, 403);
testClient.getNamedMapList({ response: { status: 403 } }, function (err, res, body) {
assert.ifError(err);
assert.equal(body.errors.length, 1);
assert.ok(body.errors[0].match(/Forbidden/), body.errors[0]);
assert.equal(res.statusCode, 403);
testClient.drain(done);
assert.equal(body.errors.length, 1);
assert.ok(body.errors[0].match(/Forbidden/), body.errors[0]);
testClient.drain(done);
});
});
it('should fail while listing named maps with the default apikey token', function (done) {
const apikeyToken = 'default_public';
const testClient = new TestClient({}, apikeyToken);
testClient.getNamedMapList({ response: { status: 403 } }, function (err, res, body) {
assert.ifError(err);
assert.equal(res.statusCode, 403);
assert.equal(body.errors.length, 1);
assert.ok(body.errors[0].match(/Forbidden/), body.errors[0]);
testClient.drain(done);
});
});
it('should fail while listing named maps with non-existent apikey token', function (done) {
const apikeyToken = 'wadus-wadus';
const testClient = new TestClient({}, apikeyToken);
testClient.getNamedMapList({ response: { status: 401 } }, function (err, res, body) {
assert.ifError(err);
assert.equal(res.statusCode, 401);
assert.equal(body.errors.length, 1);
assert.ok(body.errors[0].match(/Unauthorized/), body.errors[0]);
testClient.drain(done);
});
});
it('should list named maps with master apikey token', function (done) {
const apikeyToken = 1234;
const testClient = new TestClient({}, apikeyToken);
testClient.getNamedMapList({}, function (err, res, body) {
assert.ifError(err);
assert.equal(res.statusCode, 200);
assert.ok(Array.isArray(body.template_ids));
testClient.drain(done);
});
});
});
});
it('should list named maps with master apikey token', function (done) {
const apikeyToken = 1234;
const testClient = new TestClient({}, apikeyToken);
testClient.getNamedMapList({}, function (err, res, body) {
assert.ifError(err);
assert.equal(res.statusCode, 200);
assert.ok(Array.isArray(body.template_ids));
testClient.drain(done);
});
});
it.skip('should create and get a named map tile using a regular apikey token', function (done) {
const apikeyToken = 'regular1';
const template = {
version: '0.0.1',
name: 'auth-api-template',
placeholders: {
buffersize: {
type: 'number',
default: 0
}
},
layergroup: {
version: '1.7.0',
layers: [{
type: 'cartodb',
options: {
sql: 'select * from test_table_localhost_regular1',
cartocss: TestClient.CARTOCSS.POINTS,
cartocss_version: '2.3.0',
describe('CREATE Named Map', function () {
const template = {
version: '0.0.1',
name: 'auth-api-template',
placeholders: {
buffersize: {
type: 'number',
default: 0
}
}]
}
};
const testClient = new TestClient(template, apikeyToken);
testClient.getTile(0, 0, 0, function (err, res, tile) {
assert.ifError(err);
assert.equal(res.statusCode, 200);
assert.ok(tile instanceof mapnik.Image);
testClient.drain(done);
});
});
it.skip('should fail creating a named map using a regular apikey token and a private table', function (done) {
const apikeyToken = 'regular1';
const template = {
version: '0.0.1',
name: 'auth-api-template-private',
placeholders: {
buffersize: {
type: 'number',
default: 0
},
layergroup: {
version: '1.7.0',
layers: [{
type: 'cartodb',
options: {
sql: 'select * from test_table_localhost_regular1',
cartocss: TestClient.CARTOCSS.POINTS,
cartocss_version: '2.3.0',
}
}]
}
},
layergroup: {
version: '1.7.0',
layers: [{
type: 'cartodb',
options: {
sql: 'select * from populated_places_simple_reduced_private',
cartocss: TestClient.CARTOCSS.POINTS,
cartocss_version: '2.3.0',
}
}]
}
};
};
const testClient = new TestClient(template, apikeyToken);
it('should create and get a named map tile using the master apikey token', function (done) {
const apikeyToken = 1234;
testClient.getTile(0, 0, 0, { response: PERMISSION_DENIED_RESPONSE }, function (err, res, body) {
assert.ifError(err);
const testClient = new TestClient(template, apikeyToken);
assert.ok(body.hasOwnProperty('errors'));
assert.equal(body.errors.length, 1);
assert.ok(body.errors[0].match(/permission denied/), body.errors[0]);
testClient.getTile(0, 0, 0, function (err, res, tile) {
assert.ifError(err);
testClient.drain(done);
assert.equal(res.statusCode, 200);
assert.ok(tile instanceof mapnik.Image);
testClient.drain(done);
});
});
it('should fail creating a named map using a regular apikey token', function (done) {
const apikeyToken = 'regular1';
const testClient = new TestClient(template, apikeyToken);
testClient.createTemplate({ response: { status: 403 } }, function (err, res, response) {
assert.ifError(err);
assert.equal(res.statusCode, 403);
assert.equal(response.errors.length, 1);
assert.ok(response.errors[0].match(/Forbidden/), response.errors[0]);
testClient.drain(done);
});
});
it('should fail creating a named map using the default apikey token', function (done) {
const apikeyToken = 'default_public';
const testClient = new TestClient(template, apikeyToken);
testClient.createTemplate({ response: { status: 403 } }, function (err, res, response) {
assert.ifError(err);
assert.equal(res.statusCode, 403);
assert.equal(response.errors.length, 1);
assert.ok(response.errors[0].match(/Forbidden/), response.errors[0]);
testClient.drain(done);
});
});
it('should fail creating a named map using a non-existent apikey token', function (done) {
const apikeyToken = 'wadus-wadus';
const testClient = new TestClient(template, apikeyToken);
testClient.createTemplate({ response: { status: 401 } }, function (err, res, response) {
assert.ifError(err);
assert.equal(res.statusCode, 401);
assert.equal(response.errors.length, 1);
assert.ok(response.errors[0].match(/Unauthorized/), response.errors[0]);
testClient.drain(done);
});
});
});
describe('DELETE Named Map', function () {
const templateBase = {
version: '0.0.1',
name: 'auth-api-template',
placeholders: {
buffersize: {
type: 'number',
default: 0
}
},
layergroup: {
version: '1.7.0',
layers: [{
type: 'cartodb',
options: {
sql: 'select * from test_table_localhost_regular1',
cartocss: TestClient.CARTOCSS.POINTS,
cartocss_version: '2.3.0',
}
}]
}
};
it('should delete a named map using the master apikey token', function (done) {
const apikeyTokenCreate = 1234;
const apikeyTokenDelete = 1234;
const template = Object.assign({}, templateBase, { name: templateBase.name + '-delete-master' });
const testClientCreate = new TestClient(template, apikeyTokenCreate);
testClientCreate.createTemplate({}, function (err, res, template) {
assert.ifError(err);
const testClientDelete = new TestClient(template, apikeyTokenDelete);
testClientDelete.deleteTemplate(
{
templateId: template.template_id,
response: { status: 204 }
},
function (err, res) {
assert.ifError(err);
assert.equal(res.statusCode, 204);
testClientDelete.drain(done);
}
);
});
});
it('should fail deleting a named map using a regular apikey token', function (done) {
const apikeyTokenCreate = 1234;
const apikeyTokenDelete = 'regular1';
const template = Object.assign({}, templateBase, { name: templateBase.name + '-delete-regular' });
const testClientCreate = new TestClient(template, apikeyTokenCreate);
testClientCreate.createTemplate({}, function (err, res, template) {
assert.ifError(err);
const testClientDelete = new TestClient({}, apikeyTokenDelete);
testClientDelete.deleteTemplate(
{
templateId: template.template_id,
response: { status: 403 }
},
function (err, res, response) {
assert.ifError(err);
assert.equal(res.statusCode, 403);
assert.equal(response.errors.length, 1);
assert.ok(response.errors[0].match(/Forbidden/), response.errors[0]);
testClientDelete.drain(done);
}
);
});
});
it('should fail deleting a named map using the default apikey token', function (done) {
const apikeyTokenCreate = 1234;
const apikeyTokenDelete = 'default_public';
const template = Object.assign({}, templateBase, { name: templateBase.name + '-delete-default' });
const testClientCreate = new TestClient(template, apikeyTokenCreate);
testClientCreate.createTemplate({}, function (err, res, template) {
assert.ifError(err);
const testClientDelete = new TestClient(template, apikeyTokenDelete);
testClientDelete.deleteTemplate(
{
templateId: template.template_id,
response: { status: 403 }
},
function (err, res, response) {
assert.ifError(err);
assert.equal(res.statusCode, 403);
assert.equal(response.errors.length, 1);
assert.ok(response.errors[0].match(/Forbidden/), response.errors[0]);
testClientDelete.drain(done);
}
);
});
});
it('should fail deleting a named map using a non-existent apikey token', function (done) {
const apikeyTokenCreate = 1234;
const apikeyTokenDelete = 'wadus';
const template = Object.assign({}, templateBase, { name: templateBase.name + '-delete-wadus' });
const testClientCreate = new TestClient(template, apikeyTokenCreate);
testClientCreate.createTemplate({}, function (err, res, template) {
assert.ifError(err);
const testClientDelete = new TestClient(template, apikeyTokenDelete);
testClientDelete.deleteTemplate(
{
templateId: template.template_id,
response: { status: 401 }
},
function (err, res, response) {
assert.ifError(err);
assert.equal(res.statusCode, 401);
assert.equal(response.errors.length, 1);
assert.ok(response.errors[0].match(/Unauthorized/), response.errors[0]);
testClientDelete.drain(done);
}
);
});
});
});
describe('GET Named Map', function () {
const templateBase = {
version: '0.0.1',
name: 'auth-api-template',
placeholders: {
buffersize: {
type: 'number',
default: 0
}
},
layergroup: {
version: '1.7.0',
layers: [{
type: 'cartodb',
options: {
sql: 'select * from test_table_localhost_regular1',
cartocss: TestClient.CARTOCSS.POINTS,
cartocss_version: '2.3.0',
}
}]
}
};
it('should get a named map using the master apikey token', function (done) {
const apikeyTokenCreate = 1234;
const apikeyTokenGet = 1234;
const template = Object.assign({}, templateBase, { name: templateBase.name + '-get-master' });
const testClientCreate = new TestClient(template, apikeyTokenCreate);
testClientCreate.createTemplate({}, function (err, res, template) {
assert.ifError(err);
const testClientDelete = new TestClient({}, apikeyTokenGet);
testClientDelete.getTemplate(
{
templateId: template.template_id,
response: { status: 200 }
},
function (err, res) {
assert.ifError(err);
assert.equal(res.statusCode, 200);
testClientDelete.drain(done);
}
);
});
});
it('should fail getting a named map using a regular apikey token', function (done) {
const apikeyTokenCreate = 1234;
const apikeyTokenGet = 'regular1';
const template = Object.assign({}, templateBase, { name: templateBase.name + '-get-regular' });
const testClientCreate = new TestClient(template, apikeyTokenCreate);
testClientCreate.createTemplate({}, function (err, res, template) {
assert.ifError(err);
const testClientGet = new TestClient({}, apikeyTokenGet);
testClientGet.getTemplate(
{
templateId: template.template_id,
response: { status: 403 }
},
function (err, res, response) {
assert.ifError(err);
assert.equal(res.statusCode, 403);
assert.equal(response.errors.length, 1);
assert.ok(response.errors[0].match(/Forbidden/), response.errors[0]);
testClientGet.drain(done);
}
);
});
});
it('should fail getting a named map using the default apikey token', function (done) {
const apikeyTokenCreate = 1234;
const apikeyTokenGet = 'default_public';
const template = Object.assign({}, templateBase, { name: templateBase.name + '-get-default' });
const testClientCreate = new TestClient(template, apikeyTokenCreate);
testClientCreate.createTemplate({}, function (err, res, template) {
assert.ifError(err);
const testClientGet = new TestClient(template, apikeyTokenGet);
testClientGet.getTemplate(
{
templateId: template.template_id,
response: { status: 403 }
},
function (err, res, response) {
assert.ifError(err);
assert.equal(res.statusCode, 403);
assert.equal(response.errors.length, 1);
assert.ok(response.errors[0].match(/Forbidden/), response.errors[0]);
testClientGet.drain(done);
}
);
});
});
it('should fail getting a named map using a non-existent apikey token', function (done) {
const apikeyTokenCreate = 1234;
const apikeyTokenGet = 'wadus';
const template = Object.assign({}, templateBase, { name: templateBase.name + '-get-wadus' });
const testClientCreate = new TestClient(template, apikeyTokenCreate);
testClientCreate.createTemplate({}, function (err, res, template) {
assert.ifError(err);
const testClientGet = new TestClient(template, apikeyTokenGet);
testClientGet.getTemplate(
{
templateId: template.template_id,
response: { status: 401 }
},
function (err, res, response) {
assert.ifError(err);
assert.equal(res.statusCode, 401);
assert.equal(response.errors.length, 1);
assert.ok(response.errors[0].match(/Unauthorized/), response.errors[0]);
testClientGet.drain(done);
}
);
});
});
});
describe('UPDATE Named Map', function () {
const templateBase = {
version: '0.0.1',
name: 'auth-api-template',
placeholders: {
buffersize: {
type: 'number',
default: 0
}
},
layergroup: {
version: '1.7.0',
layers: [{
type: 'cartodb',
options: {
sql: 'select * from test_table_localhost_regular1',
cartocss: TestClient.CARTOCSS.POINTS,
cartocss_version: '2.3.0',
}
}]
}
};
it('should update a named map using the master apikey token', function (done) {
const apikeyTokenCreate = 1234;
const apikeyTokenUpdate = 1234;
const template = Object.assign({}, templateBase, { name: templateBase.name + '-update-master' });
const templateUpdate = Object.assign({}, template, { zoom: 3 });
const testClientCreate = new TestClient(template, apikeyTokenCreate);
testClientCreate.createTemplate({}, function (err, res, template) {
assert.ifError(err);
const testClientDelete = new TestClient({}, apikeyTokenUpdate);
testClientDelete.updateTemplate(
{
templateId: template.template_id,
templateData: templateUpdate,
response: { status: 200 }
},
function (err, res) {
assert.ifError(err);
assert.equal(res.statusCode, 200);
testClientDelete.drain(done);
}
);
});
});
it('should fail updating a named map using a regular apikey token', function (done) {
const apikeyTokenCreate = 1234;
const apikeyTokenUpdate = 'regular1';
const template = Object.assign({}, templateBase, { name: templateBase.name + '-update-regular' });
const templateUpdate = Object.assign({}, template, { zoom: 3 });
const testClientCreate = new TestClient(template, apikeyTokenCreate);
testClientCreate.createTemplate({}, function (err, res, template) {
assert.ifError(err);
const testClientDelete = new TestClient({}, apikeyTokenUpdate);
testClientDelete.updateTemplate(
{
templateId: template.template_id,
templateData: templateUpdate,
response: { status: 403 }
},
function (err, res, response) {
assert.ifError(err);
assert.equal(res.statusCode, 403);
assert.equal(response.errors.length, 1);
assert.ok(response.errors[0].match(/Forbidden/), response.errors[0]);
testClientDelete.drain(done);
}
);
});
});
it('should fail updating a named map using the default apikey token', function (done) {
const apikeyTokenCreate = 1234;
const apikeyTokenUpdate = 'default_public';
const template = Object.assign({}, templateBase, { name: templateBase.name + '-update-default' });
const templateUpdate = Object.assign({}, template, { zoom: 3 });
const testClientCreate = new TestClient(template, apikeyTokenCreate);
testClientCreate.createTemplate({}, function (err, res, template) {
assert.ifError(err);
const testClientDelete = new TestClient({}, apikeyTokenUpdate);
testClientDelete.updateTemplate(
{
templateId: template.template_id,
templateData: templateUpdate,
response: { status: 403 }
},
function (err, res, response) {
assert.ifError(err);
assert.equal(res.statusCode, 403);
assert.equal(response.errors.length, 1);
assert.ok(response.errors[0].match(/Forbidden/), response.errors[0]);
testClientDelete.drain(done);
}
);
});
});
it('should fail updating a named map using a non-existent apikey token', function (done) {
const apikeyTokenCreate = 1234;
const apikeyTokenUpdate = 'wadus';
const template = Object.assign({}, templateBase, { name: templateBase.name + '-update-wadus' });
const templateUpdate = Object.assign({}, template, { zoom: 3 });
const testClientCreate = new TestClient(template, apikeyTokenCreate);
testClientCreate.createTemplate({}, function (err, res, template) {
assert.ifError(err);
const testClientDelete = new TestClient({}, apikeyTokenUpdate);
testClientDelete.updateTemplate(
{
templateId: template.template_id,
templateData: templateUpdate,
response: { status: 401 }
},
function (err, res, response) {
assert.ifError(err);
assert.equal(res.statusCode, 401);
assert.equal(response.errors.length, 1);
assert.ok(response.errors[0].match(/Unauthorized/), response.errors[0]);
testClientDelete.drain(done);
}
);
});
});
});
});
});

159
test/support/test-client.js
View File

@ -1438,3 +1438,162 @@ TestClient.prototype.getNamedTile = function (name, z, x, y, format, options, c
});
});
};
TestClient.prototype.createTemplate = function (params, callback) {
if (!this.apiKey) {
return callback(new Error('apiKey param is mandatory to create a new template'));
}
const createTemplateRequest = {
url: `/api/v1/map/named?${qs.stringify({ api_key: this.apiKey })}`,
method: 'POST',
headers: {
host: 'localhost',
'Content-Type': 'application/json'
},
data: JSON.stringify(this.template)
};
let createTemplateResponse = {
status: 200,
headers: {
'Content-Type': 'application/json; charset=utf-8'
}
};
if (params.response) {
createTemplateResponse = Object.assign(createTemplateResponse, params.response);
}
assert.response(this.server, createTemplateRequest, createTemplateResponse, (res, err) => {
let body;
switch (res.headers['content-type']) {
case 'application/json; charset=utf-8':
body = JSON.parse(res.body);
break;
default:
body = res.body;
break;
}
return callback(err, res, body);
});
};
TestClient.prototype.deleteTemplate = function (params, callback) {
if (!this.apiKey) {
return callback(new Error('apiKey param is mandatory to create a new template'));
}
const deleteTemplateRequest = {
url: `/api/v1/map/named/${params.templateId}?${qs.stringify({ api_key: this.apiKey })}`,
method: 'DELETE',
headers: {
host: 'localhost',
}
};
let deleteTemplateResponse = {
status: 204,
headers: {}
};
if (params.response) {
deleteTemplateResponse = Object.assign(deleteTemplateResponse, params.response);
}
assert.response(this.server, deleteTemplateRequest, deleteTemplateResponse, (res, err) => {
let body;
switch (res.headers['content-type']) {
case 'application/json; charset=utf-8':
body = JSON.parse(res.body);
break;
default:
body = res.body;
break;
}
return callback(err, res, body);
});
};
TestClient.prototype.updateTemplate = function (params, callback) {
if (!this.apiKey) {
return callback(new Error('apiKey param is mandatory to create a new template'));
}
const updateTemplateRequest = {
url: `/api/v1/map/named/${params.templateId}?${qs.stringify({ api_key: this.apiKey })}`,
method: 'PUT',
headers: {
host: 'localhost',
'Content-Type': 'application/json; charset=utf-8'
},
data: JSON.stringify(params.templateData)
};
let updateTemplateResponse = {
status: 200,
headers: {
'Content-Type': 'application/json; charset=utf-8'
}
};
if (params.response) {
updateTemplateResponse = Object.assign(updateTemplateResponse, params.response);
}
assert.response(this.server, updateTemplateRequest, updateTemplateResponse, (res, err) => {
let body;
switch (res.headers['content-type']) {
case 'application/json; charset=utf-8':
body = JSON.parse(res.body);
break;
default:
body = res.body;
break;
}
return callback(err, res, body);
});
};
TestClient.prototype.getTemplate = function (params, callback) {
if (!this.apiKey) {
return callback(new Error('apiKey param is mandatory to create a new template'));
}
const getTemplateRequest = {
url: `/api/v1/map/named/${params.templateId}?${qs.stringify({ api_key: this.apiKey })}`,
method: 'GET',
headers: {
host: 'localhost'
}
};
let getTemplateResponse = {
status: 200,
headers: {
'Content-Type': 'application/json; charset=utf-8'
}
};
if (params.response) {
getTemplateResponse = Object.assign(getTemplateResponse, params.response);
}
assert.response(this.server, getTemplateRequest, getTemplateResponse, (res, err) => {
let body;
switch (res.headers['content-type']) {
case 'application/json; charset=utf-8':
body = JSON.parse(res.body);
break;
default:
body = res.body;
break;
}
return callback(err, res, body);
});
};