|
|
|
@ -4,12 +4,12 @@ require 'factories/carto_visualizations'
|
|
|
|
|
require 'base64'
|
|
|
|
|
|
|
|
|
|
describe Carto::Api::ApiKeysController do
|
|
|
|
|
include_context 'users helper'
|
|
|
|
|
include CartoDB::Factories
|
|
|
|
|
include HelperMethods
|
|
|
|
|
|
|
|
|
|
def response_grants_should_include_request_permissions(reponse_grants, table_permissions)
|
|
|
|
|
table_permissions.each do |stp|
|
|
|
|
|
response_tables = reponse_grants.find { |grant| grant['type'] == 'database'}['tables']
|
|
|
|
|
response_tables = reponse_grants.find { |grant| grant['type'] == 'database' }['tables']
|
|
|
|
|
response_permissions_for_table =
|
|
|
|
|
response_tables.find { |rtp| rtp['schema'] == stp['schema'] && rtp['name'] == stp['name'] }['permissions']
|
|
|
|
|
response_permissions_for_table.sort.should eq stp['permissions'].sort
|
|
|
|
@ -18,14 +18,23 @@ describe Carto::Api::ApiKeysController do
|
|
|
|
|
|
|
|
|
|
before(:all) do
|
|
|
|
|
@auth_api_feature_flag = FactoryGirl.create(:feature_flag, name: 'auth_api', restricted: false)
|
|
|
|
|
@user_api_keys = FactoryGirl.create(:valid_user)
|
|
|
|
|
@user = FactoryGirl.create(:valid_user)
|
|
|
|
|
@carto_user = Carto::User.find(@user.id)
|
|
|
|
|
@table1 = create_table(user_id: @carto_user.id)
|
|
|
|
|
@table2 = create_table(user_id: @carto_user.id)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
after(:all) do
|
|
|
|
|
@user_api_keys.destroy
|
|
|
|
|
@table2.destroy
|
|
|
|
|
@table1.destroy
|
|
|
|
|
@user.destroy
|
|
|
|
|
@auth_api_feature_flag.destroy
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
after(:each) do
|
|
|
|
|
@carto_user.api_keys.where(type: Carto::ApiKey::TYPE_REGULAR).each(&:destroy)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def generate_api_key_url(req_params, name: nil)
|
|
|
|
|
name ? api_key_url(req_params.merge(id: name)) : api_keys_url(req_params)
|
|
|
|
|
end
|
|
|
|
@ -35,16 +44,6 @@ describe Carto::Api::ApiKeysController do
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
describe '#create' do
|
|
|
|
|
before(:each) do
|
|
|
|
|
@table1 = create_table(user_id: @carto_user1.id)
|
|
|
|
|
@table2 = create_table(user_id: @carto_user1.id)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
after(:each) do
|
|
|
|
|
@table2.destroy
|
|
|
|
|
@table1.destroy
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'creates a new API key' do
|
|
|
|
|
grants = [
|
|
|
|
|
{
|
|
|
|
@ -55,7 +54,7 @@ describe Carto::Api::ApiKeysController do
|
|
|
|
|
"type" => "database",
|
|
|
|
|
"tables" => [
|
|
|
|
|
{
|
|
|
|
|
"schema" => @carto_user1.database_schema,
|
|
|
|
|
"schema" => @carto_user.database_schema,
|
|
|
|
|
"name" => @table1.name,
|
|
|
|
|
"permissions" => [
|
|
|
|
|
"insert",
|
|
|
|
@ -65,7 +64,7 @@ describe Carto::Api::ApiKeysController do
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"schema" => @carto_user1.database_schema,
|
|
|
|
|
"schema" => @carto_user.database_schema,
|
|
|
|
|
"name" => @table2.name,
|
|
|
|
|
"permissions" => [
|
|
|
|
|
"select"
|
|
|
|
@ -79,12 +78,12 @@ describe Carto::Api::ApiKeysController do
|
|
|
|
|
name: name,
|
|
|
|
|
grants: grants
|
|
|
|
|
}
|
|
|
|
|
post_json generate_api_key_url(user_req_params(@carto_user1)), payload do |response|
|
|
|
|
|
post_json generate_api_key_url(user_req_params(@carto_user)), payload do |response|
|
|
|
|
|
response.status.should eq 201
|
|
|
|
|
api_key_response = response.body
|
|
|
|
|
api_key_response[:id].should_not be
|
|
|
|
|
api_key_response[:name].should eq name
|
|
|
|
|
api_key_response[:user][:username].should eq @carto_user1.username
|
|
|
|
|
api_key_response[:user][:username].should eq @carto_user.username
|
|
|
|
|
api_key_response[:type].should eq 'regular'
|
|
|
|
|
api_key_response[:token].should_not be_empty
|
|
|
|
|
|
|
|
|
@ -107,7 +106,7 @@ describe Carto::Api::ApiKeysController do
|
|
|
|
|
"type" => "database",
|
|
|
|
|
"tables" => [
|
|
|
|
|
{
|
|
|
|
|
"schema" => @carto_user1.database_schema,
|
|
|
|
|
"schema" => @carto_user.database_schema,
|
|
|
|
|
"name" => @table1.name,
|
|
|
|
|
"permissions" => []
|
|
|
|
|
}
|
|
|
|
@ -119,12 +118,12 @@ describe Carto::Api::ApiKeysController do
|
|
|
|
|
name: name,
|
|
|
|
|
grants: grants
|
|
|
|
|
}
|
|
|
|
|
post_json generate_api_key_url(user_req_params(@carto_user1)), payload do |response|
|
|
|
|
|
post_json generate_api_key_url(user_req_params(@carto_user)), payload do |response|
|
|
|
|
|
response.status.should eq 201
|
|
|
|
|
api_key_response = response.body
|
|
|
|
|
api_key_response[:id].should_not be
|
|
|
|
|
api_key_response[:name].should eq name
|
|
|
|
|
api_key_response[:user][:username].should eq @carto_user1.username
|
|
|
|
|
api_key_response[:user][:username].should eq @carto_user.username
|
|
|
|
|
api_key_response[:type].should eq 'regular'
|
|
|
|
|
api_key_response[:token].should_not be_empty
|
|
|
|
|
api_key_response[:databaseConfig].should_not be
|
|
|
|
@ -134,17 +133,17 @@ describe Carto::Api::ApiKeysController do
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'fails if grants is not a json array' do
|
|
|
|
|
post_json generate_api_key_url(user_req_params(@carto_user1)), name: 'wadus' do |response|
|
|
|
|
|
post_json generate_api_key_url(user_req_params(@carto_user)), name: 'wadus' do |response|
|
|
|
|
|
response.status.should eq 422
|
|
|
|
|
error_response = response.body
|
|
|
|
|
error_response[:errors].should match /grants has to be an array/
|
|
|
|
|
end
|
|
|
|
|
post_json generate_api_key_url(user_req_params(@carto_user1)), name: 'wadus', grants: "something" do |response|
|
|
|
|
|
post_json generate_api_key_url(user_req_params(@carto_user)), name: 'wadus', grants: "something" do |response|
|
|
|
|
|
response.status.should eq 422
|
|
|
|
|
error_response = response.body
|
|
|
|
|
error_response[:errors].should match /grants has to be an array/
|
|
|
|
|
end
|
|
|
|
|
post_json generate_api_key_url(user_req_params(@carto_user1)), name: 'wadus', grants: {} do |response|
|
|
|
|
|
post_json generate_api_key_url(user_req_params(@carto_user)), name: 'wadus', grants: {} do |response|
|
|
|
|
|
response.status.should eq 422
|
|
|
|
|
error_response = response.body
|
|
|
|
|
error_response[:errors].should match /grants has to be an array/
|
|
|
|
@ -156,7 +155,7 @@ describe Carto::Api::ApiKeysController do
|
|
|
|
|
{
|
|
|
|
|
'type' => 'database',
|
|
|
|
|
'tables' => [
|
|
|
|
|
'schema' => @carto_user1.database_schema,
|
|
|
|
|
'schema' => @carto_user.database_schema,
|
|
|
|
|
'name' => @table1.name,
|
|
|
|
|
'permissions' => ['read']
|
|
|
|
|
]
|
|
|
|
@ -166,7 +165,7 @@ describe Carto::Api::ApiKeysController do
|
|
|
|
|
'apis' => ['maps', 'sql']
|
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
post_json generate_api_key_url(user_req_params(@carto_user1)), name: 'wadus', grants: grants do |response|
|
|
|
|
|
post_json generate_api_key_url(user_req_params(@carto_user)), name: 'wadus', grants: grants do |response|
|
|
|
|
|
response.status.should eq 422
|
|
|
|
|
error_response = response.body
|
|
|
|
|
error_response[:errors].should match /permissions.*did not match one of the following values: insert, select, update, delete/
|
|
|
|
@ -178,7 +177,7 @@ describe Carto::Api::ApiKeysController do
|
|
|
|
|
{
|
|
|
|
|
'type' => 'database',
|
|
|
|
|
'tables' => [
|
|
|
|
|
'schema' => @carto_user1.database_schema,
|
|
|
|
|
'schema' => @carto_user.database_schema,
|
|
|
|
|
'name' => 'wadus',
|
|
|
|
|
'permissions' => ['select']
|
|
|
|
|
]
|
|
|
|
@ -188,7 +187,7 @@ describe Carto::Api::ApiKeysController do
|
|
|
|
|
'apis' => ['maps', 'sql']
|
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
post_json generate_api_key_url(user_req_params(@carto_user1)), name: 'wadus', grants: grants do |response|
|
|
|
|
|
post_json generate_api_key_url(user_req_params(@carto_user)), name: 'wadus', grants: grants do |response|
|
|
|
|
|
response.status.should eq 422
|
|
|
|
|
error_response = response.body
|
|
|
|
|
error_response[:errors].should match /relation \"public.wadus\" does not exist/
|
|
|
|
@ -210,7 +209,7 @@ describe Carto::Api::ApiKeysController do
|
|
|
|
|
'apis' => ['maps', 'sql']
|
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
post_json generate_api_key_url(user_req_params(@carto_user1)), name: 'wadus', grants: grants do |response|
|
|
|
|
|
post_json generate_api_key_url(user_req_params(@carto_user)), name: 'wadus', grants: grants do |response|
|
|
|
|
|
response.status.should eq 422
|
|
|
|
|
error_response = response.body
|
|
|
|
|
error_response[:errors].should match /can only grant permissions over owned tables/
|
|
|
|
@ -233,14 +232,14 @@ describe Carto::Api::ApiKeysController do
|
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
post_json generate_api_key_url(user_req_params(@carto_user1)), name: 'wadus', grants: grants do |response|
|
|
|
|
|
post_json generate_api_key_url(user_req_params(@carto_user)), name: 'wadus', grants: grants do |response|
|
|
|
|
|
response.status.should eq 201
|
|
|
|
|
api_key_response = response.body
|
|
|
|
|
api_key_response[:id].should_not be
|
|
|
|
|
api_key_response[:name].should eq 'wadus'
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
post_json generate_api_key_url(user_req_params(@carto_user1)), name: 'wadus', grants: grants do |response|
|
|
|
|
|
post_json generate_api_key_url(user_req_params(@carto_user)), name: 'wadus', grants: grants do |response|
|
|
|
|
|
response.status.should eq 422
|
|
|
|
|
api_key_response = response.body
|
|
|
|
|
api_key_response[:errors].should match /Name has already been taken/
|
|
|
|
@ -252,61 +251,59 @@ describe Carto::Api::ApiKeysController do
|
|
|
|
|
|
|
|
|
|
describe '#destroy' do
|
|
|
|
|
it 'destroys the API key' do
|
|
|
|
|
api_key = FactoryGirl.create(:api_key_apis, user_id: @user1.id)
|
|
|
|
|
delete_json generate_api_key_url(user_req_params(@user1), name: api_key.name) do |response|
|
|
|
|
|
api_key = FactoryGirl.create(:api_key_apis, user_id: @user.id)
|
|
|
|
|
delete_json generate_api_key_url(user_req_params(@user), name: api_key.name) do |response|
|
|
|
|
|
response.status.should eq 200
|
|
|
|
|
response.body[:name].should eq api_key.name
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
Carto::ApiKey.where(name: api_key.name, user_id: @user1.id).first.should be_nil
|
|
|
|
|
Carto::ApiKey.where(name: api_key.name, user_id: @user.id).first.should be_nil
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'returns 403 if API key is master or default public' do
|
|
|
|
|
master_api_key = Carto::ApiKey::where(user_id: @user1.id, type: Carto::ApiKey::TYPE_MASTER).first
|
|
|
|
|
default_api_key = Carto::ApiKey::where(user_id: @user1.id, type: Carto::ApiKey::TYPE_DEFAULT_PUBLIC).first
|
|
|
|
|
master_api_key = @carto_user.api_keys.find_by_type(Carto::ApiKey::TYPE_MASTER)
|
|
|
|
|
default_api_key = @carto_user.api_keys.find_by_type(Carto::ApiKey::TYPE_DEFAULT_PUBLIC)
|
|
|
|
|
|
|
|
|
|
delete_json generate_api_key_url(user_req_params(@user1), name: master_api_key.name) do |response|
|
|
|
|
|
delete_json generate_api_key_url(user_req_params(@user), name: master_api_key.name) do |response|
|
|
|
|
|
response.status.should eq 403
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
delete_json generate_api_key_url(user_req_params(@user1), name: default_api_key.name) do |response|
|
|
|
|
|
delete_json generate_api_key_url(user_req_params(@user), name: default_api_key.name) do |response|
|
|
|
|
|
response.status.should eq 403
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'returns 404 if API key is not a uuid or it doesn\'t exist' do
|
|
|
|
|
delete_json generate_api_key_url(user_req_params(@user1), name: 'wadus') do |response|
|
|
|
|
|
delete_json generate_api_key_url(user_req_params(@user), name: 'wadus') do |response|
|
|
|
|
|
response.status.should eq 404
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
delete_json generate_api_key_url(user_req_params(@user1), name: random_uuid) do |response|
|
|
|
|
|
delete_json generate_api_key_url(user_req_params(@user), name: random_uuid) do |response|
|
|
|
|
|
response.status.should eq 404
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'returns 404 if the API key doesn\'t belong to that user' do
|
|
|
|
|
api_key = FactoryGirl.create(:api_key_apis, user_id: @user1.id)
|
|
|
|
|
delete_json generate_api_key_url(user_req_params(@user2), name: api_key.name) do |response|
|
|
|
|
|
other_user = FactoryGirl.create(:valid_user)
|
|
|
|
|
api_key = FactoryGirl.create(:api_key_apis, user_id: @user.id)
|
|
|
|
|
delete_json generate_api_key_url(user_req_params(other_user), name: api_key.name) do |response|
|
|
|
|
|
response.status.should eq 404
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
Carto::ApiKey.find_by_id(api_key.id).should_not be_nil
|
|
|
|
|
api_key.destroy
|
|
|
|
|
other_user.destroy
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
describe '#regenerate' do
|
|
|
|
|
before(:all) do
|
|
|
|
|
@api_key = FactoryGirl.create(:api_key_apis, user_id: @user1.id)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
after(:all) do
|
|
|
|
|
@api_key.destroy
|
|
|
|
|
before(:each) do
|
|
|
|
|
@api_key = FactoryGirl.create(:api_key_apis, user_id: @user.id)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'regenerates the token' do
|
|
|
|
|
old_token = @api_key.token
|
|
|
|
|
options = { user_domain: @user1.username, api_key: @user1.api_key, id: @api_key.name }
|
|
|
|
|
options = { user_domain: @user.username, api_key: @user.api_key, id: @api_key.name }
|
|
|
|
|
post_json regenerate_api_key_token_url(options) do |response|
|
|
|
|
|
response.status.should eq 200
|
|
|
|
|
response.body[:token].should_not be_nil
|
|
|
|
@ -319,8 +316,8 @@ describe Carto::Api::ApiKeysController do
|
|
|
|
|
|
|
|
|
|
describe '#show' do
|
|
|
|
|
it 'returns requested API key' do
|
|
|
|
|
api_key = FactoryGirl.create(:api_key_apis, user_id: @user1.id)
|
|
|
|
|
get_json generate_api_key_url(user_req_params(@user1), name: api_key.name) do |response|
|
|
|
|
|
api_key = FactoryGirl.create(:api_key_apis, user_id: @user.id)
|
|
|
|
|
get_json generate_api_key_url(user_req_params(@user), name: api_key.name) do |response|
|
|
|
|
|
response.status.should eq 200
|
|
|
|
|
response.body[:name].should eq api_key.name
|
|
|
|
|
end
|
|
|
|
@ -328,13 +325,13 @@ describe Carto::Api::ApiKeysController do
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'returns 404 if the API key does not exist' do
|
|
|
|
|
get_json generate_api_key_url(user_req_params(@user1), name: 'wadus') do |response|
|
|
|
|
|
get_json generate_api_key_url(user_req_params(@user), name: 'wadus') do |response|
|
|
|
|
|
response.status.should eq 404
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'returns 404 if the API key does not belong to the user' do
|
|
|
|
|
api_key = FactoryGirl.create(:api_key_apis, user_id: @user1.id)
|
|
|
|
|
api_key = FactoryGirl.create(:api_key_apis, user_id: @user.id)
|
|
|
|
|
get_json generate_api_key_url(user_req_params(@user2), name: api_key.name) do |response|
|
|
|
|
|
response.status.should eq 404
|
|
|
|
|
end
|
|
|
|
@ -342,7 +339,7 @@ describe Carto::Api::ApiKeysController do
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'returns 401 if api_key is not provided' do
|
|
|
|
|
api_key = FactoryGirl.create(:api_key_apis, user_id: @user1.id)
|
|
|
|
|
api_key = FactoryGirl.create(:api_key_apis, user_id: @user.id)
|
|
|
|
|
get_json generate_api_key_url(user_req_params(Carto::User.new), name: api_key.name) do |response|
|
|
|
|
|
response.status.should eq 401
|
|
|
|
|
end
|
|
|
|
@ -351,21 +348,16 @@ describe Carto::Api::ApiKeysController do
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
describe '#index' do
|
|
|
|
|
before :all do
|
|
|
|
|
Carto::User.find(@user1.id).api_keys.each(&:destroy)
|
|
|
|
|
end
|
|
|
|
|
before(:all) do
|
|
|
|
|
@user_index = FactoryGirl.create(:valid_user)
|
|
|
|
|
Carto::ApiKey.where(user_id: @user_index.id).each(&:destroy)
|
|
|
|
|
|
|
|
|
|
before :all do
|
|
|
|
|
@apikeys = []
|
|
|
|
|
5.times { @apikeys << FactoryGirl.create(:api_key_apis, user_id: @user1.id) }
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
after :all do
|
|
|
|
|
@apikeys.each(&:destroy)
|
|
|
|
|
5.times { @apikeys << FactoryGirl.create(:api_key_apis, user_id: @user_index.id) }
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'paginates correcty' do
|
|
|
|
|
get_json generate_api_key_url(user_req_params(@user1).merge(per_page: 2)) do |response|
|
|
|
|
|
get_json generate_api_key_url(user_req_params(@user_index).merge(per_page: 2)) do |response|
|
|
|
|
|
response.status.should eq 200
|
|
|
|
|
response.body[:total].should eq 5
|
|
|
|
|
response.body[:count].should eq 2
|
|
|
|
@ -378,7 +370,7 @@ describe Carto::Api::ApiKeysController do
|
|
|
|
|
response.body[:result][1]['name'].should eq @apikeys[1].name
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
get_json generate_api_key_url(user_req_params(@user1).merge(per_page: 2, page: 2)) do |response|
|
|
|
|
|
get_json generate_api_key_url(user_req_params(@user_index).merge(per_page: 2, page: 2)) do |response|
|
|
|
|
|
response.status.should eq 200
|
|
|
|
|
response.body[:total].should eq 5
|
|
|
|
|
response.body[:count].should eq 2
|
|
|
|
@ -391,7 +383,7 @@ describe Carto::Api::ApiKeysController do
|
|
|
|
|
response.body[:result][1]['name'].should eq @apikeys[3].name
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
get_json generate_api_key_url(user_req_params(@user1).merge(per_page: 2, page: 3)) do |response|
|
|
|
|
|
get_json generate_api_key_url(user_req_params(@user_index).merge(per_page: 2, page: 3)) do |response|
|
|
|
|
|
response.status.should eq 200
|
|
|
|
|
response.body[:total].should eq 5
|
|
|
|
|
response.body[:count].should eq 1
|
|
|
|
@ -402,7 +394,7 @@ describe Carto::Api::ApiKeysController do
|
|
|
|
|
response.body[:result][0]['name'].should eq @apikeys[4].name
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
get_json generate_api_key_url(user_req_params(@user1).merge(per_page: 3)) do |response|
|
|
|
|
|
get_json generate_api_key_url(user_req_params(@user_index).merge(per_page: 3)) do |response|
|
|
|
|
|
response.status.should eq 200
|
|
|
|
|
response.body[:total].should eq 5
|
|
|
|
|
response.body[:count].should eq 3
|
|
|
|
@ -413,7 +405,7 @@ describe Carto::Api::ApiKeysController do
|
|
|
|
|
3.times { |n| response.body[:result][n]['name'].should eq @apikeys[n].name }
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
get_json generate_api_key_url(user_req_params(@user1).merge(per_page: 10)) do |response|
|
|
|
|
|
get_json generate_api_key_url(user_req_params(@user_index).merge(per_page: 10)) do |response|
|
|
|
|
|
response.status.should eq 200
|
|
|
|
|
response.body[:total].should eq 5
|
|
|
|
|
response.body[:count].should eq 5
|
|
|
|
@ -426,7 +418,7 @@ describe Carto::Api::ApiKeysController do
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'returns the list of master and default API key for a given user' do
|
|
|
|
|
get_json generate_api_key_url(user_req_params(@user_api_keys)) do |response|
|
|
|
|
|
get_json generate_api_key_url(user_req_params(@user)) do |response|
|
|
|
|
|
response.status.should eq 200
|
|
|
|
|
response.body[:total].should eq 2
|
|
|
|
|
response.body[:count].should eq 2
|
|
|
|
@ -438,33 +430,21 @@ describe Carto::Api::ApiKeysController do
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'returns 401 if api_key is not provided' do
|
|
|
|
|
@user1.api_key = nil
|
|
|
|
|
get_json generate_api_key_url(@user1) do |response|
|
|
|
|
|
@user.api_key = nil
|
|
|
|
|
get_json generate_api_key_url(@user) do |response|
|
|
|
|
|
response.status.should eq 401
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
describe 'header auth' do
|
|
|
|
|
before :all do
|
|
|
|
|
@master_api_key = FactoryGirl.create(:api_key_apis, user_id: @user1.id, type: Carto::ApiKey::TYPE_MASTER)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
after :all do
|
|
|
|
|
@master_api_key.destroy
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
before :each do
|
|
|
|
|
@table1 = create_table(user_id: @carto_user1.id)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
after :each do
|
|
|
|
|
@table1.destroy
|
|
|
|
|
before(:all) do
|
|
|
|
|
@master_api_key = @carto_user.api_keys.find_by_type(Carto::ApiKey::TYPE_MASTER)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def json_headers_with_auth
|
|
|
|
|
http_json_headers.merge(
|
|
|
|
|
'Authorization' => 'Basic ' + Base64.encode64("#{@user1.username}:#{@master_api_key.token}")
|
|
|
|
|
'Authorization' => 'Basic ' + Base64.encode64("#{@user.username}:#{@master_api_key.token}")
|
|
|
|
|
)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
@ -479,7 +459,7 @@ describe Carto::Api::ApiKeysController do
|
|
|
|
|
"type" => "database",
|
|
|
|
|
"tables" => [
|
|
|
|
|
{
|
|
|
|
|
"schema" => @carto_user1.database_schema,
|
|
|
|
|
"schema" => @carto_user.database_schema,
|
|
|
|
|
"name" => @table1.name,
|
|
|
|
|
"permissions" => []
|
|
|
|
|
}
|
|
|
|
@ -491,28 +471,28 @@ describe Carto::Api::ApiKeysController do
|
|
|
|
|
name: name,
|
|
|
|
|
grants: grants
|
|
|
|
|
}
|
|
|
|
|
post_json generate_api_key_url(user_req_params(@carto_user1)), payload, json_headers_with_auth do |response|
|
|
|
|
|
post_json generate_api_key_url(user_req_params(@carto_user)), payload, json_headers_with_auth do |response|
|
|
|
|
|
response.status.should eq 201
|
|
|
|
|
Carto::ApiKey.where(name: response.body[:name]).each(&:destroy)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'destroys the API key' do
|
|
|
|
|
api_key = FactoryGirl.create(:api_key_apis, user_id: @user1.id)
|
|
|
|
|
params = user_req_params(@user1)
|
|
|
|
|
api_key = FactoryGirl.create(:api_key_apis, user_id: @user.id)
|
|
|
|
|
params = user_req_params(@user)
|
|
|
|
|
delete_json generate_api_key_url(params, name: api_key.name), {}, json_headers_with_auth do |response|
|
|
|
|
|
response.status.should eq 200
|
|
|
|
|
response.body[:name].should eq api_key.name
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
Carto::ApiKey.where(name: api_key.name, user_id: @carto_user1.id).first.should be_nil
|
|
|
|
|
Carto::ApiKey.where(name: api_key.name, user_id: @carto_user.id).first.should be_nil
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'regenerates the token' do
|
|
|
|
|
api_key = FactoryGirl.create(:api_key_apis, user_id: @user1.id)
|
|
|
|
|
api_key = FactoryGirl.create(:api_key_apis, user_id: @user.id)
|
|
|
|
|
api_key.save!
|
|
|
|
|
old_token = api_key.token
|
|
|
|
|
options = { user_domain: @user1.username, id: api_key.name }
|
|
|
|
|
options = { user_domain: @user.username, id: api_key.name }
|
|
|
|
|
post_json regenerate_api_key_token_url(options), {}, json_headers_with_auth do |response|
|
|
|
|
|
response.status.should eq 200
|
|
|
|
|
response.body[:token].should_not be_nil
|
|
|
|
@ -524,8 +504,8 @@ describe Carto::Api::ApiKeysController do
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'returns requested API key' do
|
|
|
|
|
api_key = FactoryGirl.create(:api_key_apis, user_id: @user1.id)
|
|
|
|
|
get_json generate_api_key_url(user_req_params(@user1), name: api_key.name), {}, json_headers_with_auth do |response|
|
|
|
|
|
api_key = FactoryGirl.create(:api_key_apis, user_id: @user.id)
|
|
|
|
|
get_json generate_api_key_url(user_req_params(@user), name: api_key.name), {}, json_headers_with_auth do |response|
|
|
|
|
|
response.status.should eq 200
|
|
|
|
|
response.body[:name].should eq api_key.name
|
|
|
|
|
end
|
|
|
|
@ -533,7 +513,7 @@ describe Carto::Api::ApiKeysController do
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'returns API key list' do
|
|
|
|
|
get_json generate_api_key_url(user_req_params(@user1)), {}, json_headers_with_auth do |response|
|
|
|
|
|
get_json generate_api_key_url(user_req_params(@user)), {}, json_headers_with_auth do |response|
|
|
|
|
|
response.status.should eq 200
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
@ -541,17 +521,17 @@ describe Carto::Api::ApiKeysController do
|
|
|
|
|
|
|
|
|
|
describe 'without header auth fails and does not' do
|
|
|
|
|
it 'create api_key' do
|
|
|
|
|
api_keys_count = @carto_user1.api_keys.count
|
|
|
|
|
post_json generate_api_key_url(user_req_params(@carto_user1).merge(api_key: nil)) do |response|
|
|
|
|
|
api_keys_count = @carto_user.api_keys.count
|
|
|
|
|
post_json generate_api_key_url(user_req_params(@carto_user).merge(api_key: nil)) do |response|
|
|
|
|
|
response.status.should eq 401
|
|
|
|
|
@carto_user1.reload
|
|
|
|
|
@carto_user1.api_keys.count.should eq api_keys_count
|
|
|
|
|
@carto_user.reload
|
|
|
|
|
@carto_user.api_keys.count.should eq api_keys_count
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'destroy the API key' do
|
|
|
|
|
api_key = FactoryGirl.create(:api_key_apis, user_id: @user1.id)
|
|
|
|
|
delete_json generate_api_key_url(user_req_params(@user1).merge(api_key: nil), name: api_key.name) do |response|
|
|
|
|
|
api_key = FactoryGirl.create(:api_key_apis, user_id: @user.id)
|
|
|
|
|
delete_json generate_api_key_url(user_req_params(@user).merge(api_key: nil), name: api_key.name) do |response|
|
|
|
|
|
response.status.should eq 401
|
|
|
|
|
Carto::ApiKey.find(api_key.id).should be
|
|
|
|
|
end
|
|
|
|
@ -559,10 +539,10 @@ describe Carto::Api::ApiKeysController do
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'regenerate the token' do
|
|
|
|
|
api_key = FactoryGirl.create(:api_key_apis, user_id: @user1.id)
|
|
|
|
|
api_key = FactoryGirl.create(:api_key_apis, user_id: @user.id)
|
|
|
|
|
api_key.save!
|
|
|
|
|
old_token = api_key.token
|
|
|
|
|
options = { user_domain: @user1.username, id: api_key.id }
|
|
|
|
|
options = { user_domain: @user.username, id: api_key.id }
|
|
|
|
|
post_json regenerate_api_key_token_url(options), {} do |response|
|
|
|
|
|
response.status.should eq 401
|
|
|
|
|
api_key.reload
|
|
|
|
@ -572,15 +552,15 @@ describe Carto::Api::ApiKeysController do
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'return requested API key' do
|
|
|
|
|
api_key = FactoryGirl.create(:api_key_apis, user_id: @user1.id)
|
|
|
|
|
get_json generate_api_key_url(user_req_params(@user1).merge(api_key: nil), name: api_key.name) do |response|
|
|
|
|
|
api_key = FactoryGirl.create(:api_key_apis, user_id: @user.id)
|
|
|
|
|
get_json generate_api_key_url(user_req_params(@user).merge(api_key: nil), name: api_key.name) do |response|
|
|
|
|
|
response.status.should eq 401
|
|
|
|
|
end
|
|
|
|
|
api_key.destroy
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'return API key list' do
|
|
|
|
|
get_json generate_api_key_url(user_req_params(@user1).merge(api_key: nil)) do |response|
|
|
|
|
|
get_json generate_api_key_url(user_req_params(@user).merge(api_key: nil)) do |response|
|
|
|
|
|
response.status.should eq 401
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|