cartodb4/Windshaft-cartodb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

remove auth fallback

Browse Source
This commit is contained in:
Eneko Lakasta 2018-05-07 15:44:44 +02:00
parent efa765a9fc
commit 534c827904
6 changed files with 15 additions and 116 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
lib/cartodb/api/auth_api.js
View File

@ -1,5 +1,3 @@
var _ = require('underscore'); // AUTH_FALLBACK
/** /**
* *
* @param {PgConnection} pgConnection * @param {PgConnection} pgConnection
@ -77,11 +75,6 @@ AuthApi.prototype.authorizedByAPIKey = function(user, res, callback) {
return callback(err); return callback(err);
} }
//Remove this block when Auth fallback is not used anymore
// AUTH_FALLBACK
apikey.databaseRole = composeUserDatabase(apikey);
apikey.databasePassword = composeDatabasePassword(apikey);
if ( !isValidApiKey(apikey)) { if ( !isValidApiKey(apikey)) {
const error = new Error('Unauthorized'); const error = new Error('Unauthorized');
error.type = 'auth'; error.type = 'auth';
@ -113,38 +106,6 @@ AuthApi.prototype.authorizedByAPIKey = function(user, res, callback) {
}); });
}; };
//Remove this block when Auth fallback is not used anymore
// AUTH_FALLBACK
function composeUserDatabase (apikey) {
if (shouldComposeUserDatabase(apikey)) {
return _.template(global.environment.postgres_auth_user, apikey);
}
return apikey.databaseRole;
}
//Remove this block when Auth fallback is not used anymore
// AUTH_FALLBACK
function composeDatabasePassword (apikey) {
if (shouldComposeDatabasePassword(apikey)) {
return global.environment.postgres.password;
}
return apikey.databasePassword;
}
//Remove this block when Auth fallback is not used anymore
// AUTH_FALLBACK
function shouldComposeDatabasePassword (apikey) {
return !apikey.databasePassword && global.environment.postgres.password;
}
//Remove this block when Auth fallback is not used anymore
// AUTH_FALLBACK
function shouldComposeUserDatabase(apikey) {
return !apikey.databaseRole && apikey.user_id && global.environment.postgres_auth_user;
}
function isNameNotFoundError (err) { function isNameNotFoundError (err) {
return err.message && -1 !== err.message.indexOf('name not found'); return err.message && -1 !== err.message.indexOf('name not found');
} }

26
lib/cartodb/backends/pg_connection.js
View File

@ -32,12 +32,6 @@ PgConnection.prototype.setDBAuth = function(username, params, apikeyType, callba
params.dbuser = apikey.databaseRole; params.dbuser = apikey.databaseRole;
params.dbpassword = apikey.databasePassword; params.dbpassword = apikey.databasePassword;
//Remove this block when Auth fallback is not used anymore
// AUTH_FALLBACK
if (!params.dbuser && apikey.user_id && global.environment.postgres_auth_user) {
params.dbuser = _.template(global.environment.postgres_auth_user, apikey);
}
return callback(); return callback();
}); });
} else if (apikeyType === 'regular') { //Actually it can be any type of api key } else if (apikeyType === 'regular') { //Actually it can be any type of api key
@ -52,20 +46,6 @@ PgConnection.prototype.setDBAuth = function(username, params, apikeyType, callba
params.dbuser = apikey.databaseRole; params.dbuser = apikey.databaseRole;
params.dbpassword = apikey.databasePassword; params.dbpassword = apikey.databasePassword;
//Remove this block when Auth fallback is not used anymore
// AUTH_FALLBACK
// master apikey has been recreated from user's metadata
if (!params.dbuser && apikey.user_id && apikey.type === 'master' && global.environment.postgres_auth_user) {
params.dbuser = _.template(global.environment.postgres_auth_user, apikey);
}
//Remove this block when Auth fallback is not used anymore
// AUTH_FALLBACK
// default apikey has been recreated from user's metadata
if (!params.dbpassword && global.environment.postgres.password) {
params.dbpassword = global.environment.postgres.password;
}
return callback(); return callback();
}); });
} else if (apikeyType === 'default') { } else if (apikeyType === 'default') {
@ -80,12 +60,6 @@ PgConnection.prototype.setDBAuth = function(username, params, apikeyType, callba
params.dbuser = apikey.databaseRole; params.dbuser = apikey.databaseRole;
params.dbpassword = apikey.databasePassword; params.dbpassword = apikey.databasePassword;
//Remove this block when Auth fallback is not used anymore
// AUTH_FALLBACK
if (!params.dbpassword && global.environment.postgres.password) {
params.dbpassword = global.environment.postgres.password;
}
return callback(); return callback();
}); });
} else { } else {

2
lib/cartodb/controllers/named_maps_admin.js
View File

@ -108,7 +108,7 @@ function authorizedByAPIKey ({ authApi, action, label }) {
} }
if (!authenticated) { if (!authenticated) {
const error = new Error(`Only authenticated user can ${action} templated maps`); const error = new Error(`Only authenticated users can ${action} templated maps`);
error.http_status = 403; error.http_status = 403;
error.label = label; error.label = label;
return next(error); return next(error);

51
test/acceptance/auth/authorization-fallback.js → test/acceptance/auth/authorization-basic-use-cases.js
View File

@ -1,6 +1,3 @@
//Remove this file when Auth fallback is not used anymore
// AUTH_FALLBACK
const assert = require('../../support/assert'); const assert = require('../../support/assert');
const testHelper = require('../../support/test_helper'); const testHelper = require('../../support/test_helper');
const CartodbWindshaft = require('../../../lib/cartodb/server'); const CartodbWindshaft = require('../../../lib/cartodb/server');
@ -44,7 +41,7 @@ var pointSqlMaster = "select * from test_table_private_1";
var pointSqlPublic = "select * from test_table"; var pointSqlPublic = "select * from test_table";
var keysToDelete; var keysToDelete;
describe('authorization fallback', function () { describe.only('Basic authorization use cases', function () {
var server; var server;
before(function () { before(function () {
@ -63,7 +60,7 @@ describe('authorization fallback', function () {
var layergroup = singleLayergroupConfig(pointSqlMaster, '#layer { marker-fill:red; }'); var layergroup = singleLayergroupConfig(pointSqlMaster, '#layer { marker-fill:red; }');
assert.response(server, assert.response(server,
createRequest(layergroup, 'user_previous_to_project_auth', '4444'), createRequest(layergroup, 'localhost', '1234'),
{ {
status: 200 status: 200
}, },
@ -75,7 +72,7 @@ describe('authorization fallback', function () {
assert.equal(res.headers['x-layergroup-id'], parsed.layergroupid); assert.equal(res.headers['x-layergroup-id'], parsed.layergroupid);
keysToDelete['map_cfg|' + LayergroupToken.parse(parsed.layergroupid).token] = 0; keysToDelete['map_cfg|' + LayergroupToken.parse(parsed.layergroupid).token] = 0;
keysToDelete['user:user_previous_to_project_auth:mapviews:global'] = 5; keysToDelete['user:localhost:mapviews:global'] = 5;
done(); done();
} }
@ -87,7 +84,7 @@ describe('authorization fallback', function () {
var layergroup = singleLayergroupConfig(pointSqlPublic, '#layer { marker-fill:red; }'); var layergroup = singleLayergroupConfig(pointSqlPublic, '#layer { marker-fill:red; }');
assert.response(server, assert.response(server,
createRequest(layergroup, 'user_previous_to_project_auth', 'default_public'), createRequest(layergroup, 'localhost', 'default_public'),
{ {
status: 200 status: 200
}, },
@ -99,7 +96,7 @@ describe('authorization fallback', function () {
assert.equal(res.headers['x-layergroup-id'], parsed.layergroupid); assert.equal(res.headers['x-layergroup-id'], parsed.layergroupid);
keysToDelete['map_cfg|' + LayergroupToken.parse(parsed.layergroupid).token] = 0; keysToDelete['map_cfg|' + LayergroupToken.parse(parsed.layergroupid).token] = 0;
keysToDelete['user:user_previous_to_project_auth:mapviews:global'] = 5; keysToDelete['user:localhost:mapviews:global'] = 5;
done(); done();
} }
@ -110,7 +107,7 @@ describe('authorization fallback', function () {
var layergroup = singleLayergroupConfig(pointSqlPublic, '#layer { marker-fill:red; }'); var layergroup = singleLayergroupConfig(pointSqlPublic, '#layer { marker-fill:red; }');
assert.response(server, assert.response(server,
createRequest(layergroup, 'user_previous_to_project_auth'), createRequest(layergroup, 'localhost'),
{ {
status: 200 status: 200
}, },
@ -122,31 +119,27 @@ describe('authorization fallback', function () {
assert.equal(res.headers['x-layergroup-id'], parsed.layergroupid); assert.equal(res.headers['x-layergroup-id'], parsed.layergroupid);
keysToDelete['map_cfg|' + LayergroupToken.parse(parsed.layergroupid).token] = 0; keysToDelete['map_cfg|' + LayergroupToken.parse(parsed.layergroupid).token] = 0;
keysToDelete['user:user_previous_to_project_auth:mapviews:global'] = 5; keysToDelete['user:localhost:mapviews:global'] = 5;
done(); done();
} }
); );
}); });
it("succeed with non-existent api key - defaults to default", function (done) { it("fail with non-existent api key", function (done) {
var layergroup = singleLayergroupConfig(pointSqlPublic, '#layer { marker-fill:red; }'); var layergroup = singleLayergroupConfig(pointSqlPublic, '#layer { marker-fill:red; }');
assert.response(server, assert.response(server,
createRequest(layergroup, 'user_previous_to_project_auth', 'THIS-API-KEY-DOESNT-EXIST'), createRequest(layergroup, 'localhost', 'THIS-API-KEY-DOESNT-EXIST'),
{ {
status: 200 status: 401
}, },
function (res, err) { function (res, err) {
assert.ifError(err); assert.ifError(err);
var parsed = JSON.parse(res.body); var parsed = JSON.parse(res.body);
assert.ok(parsed.layergroupid); assert.ok(parsed.hasOwnProperty('errors'));
assert.equal(res.headers['x-layergroup-id'], parsed.layergroupid); assert.equal(parsed.errors.length, 1);
assert.ok(parsed.errors[0].match(/Unauthorized/));
keysToDelete['map_cfg|' + LayergroupToken.parse(parsed.layergroupid).token] = 0;
keysToDelete['user:user_previous_to_project_auth:mapviews:global'] = 5;
done(); done();
} }
); );
@ -156,23 +149,7 @@ describe('authorization fallback', function () {
var layergroup = singleLayergroupConfig(pointSqlMaster, '#layer { marker-fill:red; }'); var layergroup = singleLayergroupConfig(pointSqlMaster, '#layer { marker-fill:red; }');
assert.response(server, assert.response(server,
createRequest(layergroup, 'user_previous_to_project_auth', 'default_public'), createRequest(layergroup, 'localhost', 'default_public'),
{
status: 403
},
function (res, err) {
assert.ifError(err);
done();
}
);
});
it("fail with non-existent api key - defaults to default", function (done) {
var layergroup = singleLayergroupConfig(pointSqlMaster, '#layer { marker-fill:red; }');
assert.response(server,
createRequest(layergroup, 'user_previous_to_project_auth', 'THIS-API-KEY-DOESNT-EXIST'),
{ {
status: 403 status: 403
}, },

12
test/support/prepare_db.sh
View File

@ -132,18 +132,6 @@ HMSET rails:users:cartodb250user id ${TESTUSERID} \
EOF EOF
# Remove this block when Auth fallback is not used anymore
# AUTH_FALLBACK
# A user to test auth fallback to no api keys mode
cat <<EOF | redis-cli -p ${REDIS_PORT} -n 5
HMSET rails:users:user_previous_to_project_auth id ${TESTUSERID} \
database_name "${TEST_DB}" \
database_host "localhost" \
database_password "${TESTPASS}" \
database_publicuser "${PUBLICUSER}"\
map_key 4444
EOF
cat <<EOF | redis-cli -p ${REDIS_PORT} -n 0 cat <<EOF | redis-cli -p ${REDIS_PORT} -n 0
HSET rails:${TEST_DB}:my_table infowindow "this, that, the other" HSET rails:${TEST_DB}:my_table infowindow "this, that, the other"
HSET rails:${TEST_DB}:test_table_private_1 privacy "0" HSET rails:${TEST_DB}:test_table_private_1 privacy "0"

1
test/support/test_helper.js
View File

@ -109,7 +109,6 @@ afterEach(function(done) {
'rails:users:localhost:map_key': true, 'rails:users:localhost:map_key': true,
'rails:users:cartodb250user': true, 'rails:users:cartodb250user': true,
'rails:users:localhost': true, 'rails:users:localhost': true,
'rails:users:user_previous_to_project_auth': true, // AUTH_FALLBACK
'api_keys:localhost:1234': true, 'api_keys:localhost:1234': true,
'api_keys:localhost:default_public': true, 'api_keys:localhost:default_public': true,
'api_keys:cartodb250user:4321': true, 'api_keys:cartodb250user:4321': true,