remove auth fallback

This commit is contained in:
Eneko Lakasta 2018-05-07 15:44:44 +02:00
parent efa765a9fc
commit 534c827904
6 changed files with 15 additions and 116 deletions

View File

@ -1,5 +1,3 @@
var _ = require('underscore'); // AUTH_FALLBACK
/**
*
* @param {PgConnection} pgConnection
@ -77,11 +75,6 @@ AuthApi.prototype.authorizedByAPIKey = function(user, res, callback) {
return callback(err);
}
//Remove this block when Auth fallback is not used anymore
// AUTH_FALLBACK
apikey.databaseRole = composeUserDatabase(apikey);
apikey.databasePassword = composeDatabasePassword(apikey);
if ( !isValidApiKey(apikey)) {
const error = new Error('Unauthorized');
error.type = 'auth';
@ -113,38 +106,6 @@ AuthApi.prototype.authorizedByAPIKey = function(user, res, callback) {
});
};
//Remove this block when Auth fallback is not used anymore
// AUTH_FALLBACK
function composeUserDatabase (apikey) {
if (shouldComposeUserDatabase(apikey)) {
return _.template(global.environment.postgres_auth_user, apikey);
}
return apikey.databaseRole;
}
//Remove this block when Auth fallback is not used anymore
// AUTH_FALLBACK
function composeDatabasePassword (apikey) {
if (shouldComposeDatabasePassword(apikey)) {
return global.environment.postgres.password;
}
return apikey.databasePassword;
}
//Remove this block when Auth fallback is not used anymore
// AUTH_FALLBACK
function shouldComposeDatabasePassword (apikey) {
return !apikey.databasePassword && global.environment.postgres.password;
}
//Remove this block when Auth fallback is not used anymore
// AUTH_FALLBACK
function shouldComposeUserDatabase(apikey) {
return !apikey.databaseRole && apikey.user_id && global.environment.postgres_auth_user;
}
function isNameNotFoundError (err) {
return err.message && -1 !== err.message.indexOf('name not found');
}

View File

@ -32,12 +32,6 @@ PgConnection.prototype.setDBAuth = function(username, params, apikeyType, callba
params.dbuser = apikey.databaseRole;
params.dbpassword = apikey.databasePassword;
//Remove this block when Auth fallback is not used anymore
// AUTH_FALLBACK
if (!params.dbuser && apikey.user_id && global.environment.postgres_auth_user) {
params.dbuser = _.template(global.environment.postgres_auth_user, apikey);
}
return callback();
});
} else if (apikeyType === 'regular') { //Actually it can be any type of api key
@ -52,20 +46,6 @@ PgConnection.prototype.setDBAuth = function(username, params, apikeyType, callba
params.dbuser = apikey.databaseRole;
params.dbpassword = apikey.databasePassword;
//Remove this block when Auth fallback is not used anymore
// AUTH_FALLBACK
// master apikey has been recreated from user's metadata
if (!params.dbuser && apikey.user_id && apikey.type === 'master' && global.environment.postgres_auth_user) {
params.dbuser = _.template(global.environment.postgres_auth_user, apikey);
}
//Remove this block when Auth fallback is not used anymore
// AUTH_FALLBACK
// default apikey has been recreated from user's metadata
if (!params.dbpassword && global.environment.postgres.password) {
params.dbpassword = global.environment.postgres.password;
}
return callback();
});
} else if (apikeyType === 'default') {
@ -80,12 +60,6 @@ PgConnection.prototype.setDBAuth = function(username, params, apikeyType, callba
params.dbuser = apikey.databaseRole;
params.dbpassword = apikey.databasePassword;
//Remove this block when Auth fallback is not used anymore
// AUTH_FALLBACK
if (!params.dbpassword && global.environment.postgres.password) {
params.dbpassword = global.environment.postgres.password;
}
return callback();
});
} else {

View File

@ -108,7 +108,7 @@ function authorizedByAPIKey ({ authApi, action, label }) {
}
if (!authenticated) {
const error = new Error(`Only authenticated user can ${action} templated maps`);
const error = new Error(`Only authenticated users can ${action} templated maps`);
error.http_status = 403;
error.label = label;
return next(error);

View File

@ -1,6 +1,3 @@
//Remove this file when Auth fallback is not used anymore
// AUTH_FALLBACK
const assert = require('../../support/assert');
const testHelper = require('../../support/test_helper');
const CartodbWindshaft = require('../../../lib/cartodb/server');
@ -44,7 +41,7 @@ var pointSqlMaster = "select * from test_table_private_1";
var pointSqlPublic = "select * from test_table";
var keysToDelete;
describe('authorization fallback', function () {
describe.only('Basic authorization use cases', function () {
var server;
before(function () {
@ -63,7 +60,7 @@ describe('authorization fallback', function () {
var layergroup = singleLayergroupConfig(pointSqlMaster, '#layer { marker-fill:red; }');
assert.response(server,
createRequest(layergroup, 'user_previous_to_project_auth', '4444'),
createRequest(layergroup, 'localhost', '1234'),
{
status: 200
},
@ -75,7 +72,7 @@ describe('authorization fallback', function () {
assert.equal(res.headers['x-layergroup-id'], parsed.layergroupid);
keysToDelete['map_cfg|' + LayergroupToken.parse(parsed.layergroupid).token] = 0;
keysToDelete['user:user_previous_to_project_auth:mapviews:global'] = 5;
keysToDelete['user:localhost:mapviews:global'] = 5;
done();
}
@ -87,7 +84,7 @@ describe('authorization fallback', function () {
var layergroup = singleLayergroupConfig(pointSqlPublic, '#layer { marker-fill:red; }');
assert.response(server,
createRequest(layergroup, 'user_previous_to_project_auth', 'default_public'),
createRequest(layergroup, 'localhost', 'default_public'),
{
status: 200
},
@ -99,7 +96,7 @@ describe('authorization fallback', function () {
assert.equal(res.headers['x-layergroup-id'], parsed.layergroupid);
keysToDelete['map_cfg|' + LayergroupToken.parse(parsed.layergroupid).token] = 0;
keysToDelete['user:user_previous_to_project_auth:mapviews:global'] = 5;
keysToDelete['user:localhost:mapviews:global'] = 5;
done();
}
@ -110,7 +107,7 @@ describe('authorization fallback', function () {
var layergroup = singleLayergroupConfig(pointSqlPublic, '#layer { marker-fill:red; }');
assert.response(server,
createRequest(layergroup, 'user_previous_to_project_auth'),
createRequest(layergroup, 'localhost'),
{
status: 200
},
@ -122,31 +119,27 @@ describe('authorization fallback', function () {
assert.equal(res.headers['x-layergroup-id'], parsed.layergroupid);
keysToDelete['map_cfg|' + LayergroupToken.parse(parsed.layergroupid).token] = 0;
keysToDelete['user:user_previous_to_project_auth:mapviews:global'] = 5;
keysToDelete['user:localhost:mapviews:global'] = 5;
done();
}
);
});
it("succeed with non-existent api key - defaults to default", function (done) {
it("fail with non-existent api key", function (done) {
var layergroup = singleLayergroupConfig(pointSqlPublic, '#layer { marker-fill:red; }');
assert.response(server,
createRequest(layergroup, 'user_previous_to_project_auth', 'THIS-API-KEY-DOESNT-EXIST'),
createRequest(layergroup, 'localhost', 'THIS-API-KEY-DOESNT-EXIST'),
{
status: 200
status: 401
},
function (res, err) {
assert.ifError(err);
var parsed = JSON.parse(res.body);
assert.ok(parsed.layergroupid);
assert.equal(res.headers['x-layergroup-id'], parsed.layergroupid);
keysToDelete['map_cfg|' + LayergroupToken.parse(parsed.layergroupid).token] = 0;
keysToDelete['user:user_previous_to_project_auth:mapviews:global'] = 5;
assert.ok(parsed.hasOwnProperty('errors'));
assert.equal(parsed.errors.length, 1);
assert.ok(parsed.errors[0].match(/Unauthorized/));
done();
}
);
@ -156,23 +149,7 @@ describe('authorization fallback', function () {
var layergroup = singleLayergroupConfig(pointSqlMaster, '#layer { marker-fill:red; }');
assert.response(server,
createRequest(layergroup, 'user_previous_to_project_auth', 'default_public'),
{
status: 403
},
function (res, err) {
assert.ifError(err);
done();
}
);
});
it("fail with non-existent api key - defaults to default", function (done) {
var layergroup = singleLayergroupConfig(pointSqlMaster, '#layer { marker-fill:red; }');
assert.response(server,
createRequest(layergroup, 'user_previous_to_project_auth', 'THIS-API-KEY-DOESNT-EXIST'),
createRequest(layergroup, 'localhost', 'default_public'),
{
status: 403
},

View File

@ -132,18 +132,6 @@ HMSET rails:users:cartodb250user id ${TESTUSERID} \
EOF
# Remove this block when Auth fallback is not used anymore
# AUTH_FALLBACK
# A user to test auth fallback to no api keys mode
cat <<EOF | redis-cli -p ${REDIS_PORT} -n 5
HMSET rails:users:user_previous_to_project_auth id ${TESTUSERID} \
database_name "${TEST_DB}" \
database_host "localhost" \
database_password "${TESTPASS}" \
database_publicuser "${PUBLICUSER}"\
map_key 4444
EOF
cat <<EOF | redis-cli -p ${REDIS_PORT} -n 0
HSET rails:${TEST_DB}:my_table infowindow "this, that, the other"
HSET rails:${TEST_DB}:test_table_private_1 privacy "0"

View File

@ -109,7 +109,6 @@ afterEach(function(done) {
'rails:users:localhost:map_key': true,
'rails:users:cartodb250user': true,
'rails:users:localhost': true,
'rails:users:user_previous_to_project_auth': true, // AUTH_FALLBACK
'api_keys:localhost:1234': true,
'api_keys:localhost:default_public': true,
'api_keys:cartodb250user:4321': true,