zhongjin
/
cartodb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adjust controller tests

Browse Source
pull/13504/head
Javier Torres 7 years ago
parent da1e181786
commit b923f70f07
2 changed files with 89 additions and 113 deletions
Show Stats Download Patch File Download Diff File

8
app/controllers/carto/api/api_keys_controller.rb
Unescape View File

@ -16,12 +16,8 @@ class Carto::Api::ApiKeysController < ::Api::ApplicationController
rescue_from Carto::UnauthorizedError, with: :rescue_from_carto_error
def create
api_key = Carto::ApiKey.create!(
user_id: current_viewer.id,
type: Carto::ApiKey::TYPE_REGULAR,
name: params[:name],
grants: params[:grants]
)
carto_viewer = Carto::User.find(current_viewer.id)
api_key = carto_viewer.api_keys.create_regular_key!(name: params[:name], grants: params[:grants])
render_jsonp(Carto::Api::ApiKeyPresenter.new(api_key).to_poro, 201)
rescue ActiveRecord::RecordInvalid => e
raise Carto::UnprocesableEntityError.new(e.message)

194
spec/requests/carto/api/api_keys_controller_spec.rb
Unescape View File

@ -4,12 +4,12 @@ require 'factories/carto_visualizations'
require 'base64'
describe Carto::Api::ApiKeysController do
include_context 'users helper'
include CartoDB::Factories
include HelperMethods
def response_grants_should_include_request_permissions(reponse_grants, table_permissions)
table_permissions.each do |stp|
response_tables = reponse_grants.find { |grant| grant['type'] == 'database'}['tables']
response_tables = reponse_grants.find { |grant| grant['type'] == 'database' }['tables']
response_permissions_for_table =
response_tables.find { |rtp| rtp['schema'] == stp['schema'] && rtp['name'] == stp['name'] }['permissions']
response_permissions_for_table.sort.should eq stp['permissions'].sort
@ -18,14 +18,23 @@ describe Carto::Api::ApiKeysController do
before(:all) do
@auth_api_feature_flag = FactoryGirl.create(:feature_flag, name: 'auth_api', restricted: false)
@user_api_keys = FactoryGirl.create(:valid_user)
@user = FactoryGirl.create(:valid_user)
@carto_user = Carto::User.find(@user.id)
@table1 = create_table(user_id: @carto_user.id)
@table2 = create_table(user_id: @carto_user.id)
end
after(:all) do
@user_api_keys.destroy
@table2.destroy
@table1.destroy
@user.destroy
@auth_api_feature_flag.destroy
end
after(:each) do
@carto_user.api_keys.where(type: Carto::ApiKey::TYPE_REGULAR).each(&:destroy)
end
def generate_api_key_url(req_params, name: nil)
name ? api_key_url(req_params.merge(id: name)) : api_keys_url(req_params)
end
@ -35,16 +44,6 @@ describe Carto::Api::ApiKeysController do
end
describe '#create' do
before(:each) do
@table1 = create_table(user_id: @carto_user1.id)
@table2 = create_table(user_id: @carto_user1.id)
end
after(:each) do
@table2.destroy
@table1.destroy
end
it 'creates a new API key' do
grants = [
{
@ -55,7 +54,7 @@ describe Carto::Api::ApiKeysController do
"type" => "database",
"tables" => [
{
"schema" => @carto_user1.database_schema,
"schema" => @carto_user.database_schema,
"name" => @table1.name,
"permissions" => [
"insert",
@ -65,7 +64,7 @@ describe Carto::Api::ApiKeysController do
]
},
{
"schema" => @carto_user1.database_schema,
"schema" => @carto_user.database_schema,
"name" => @table2.name,
"permissions" => [
"select"
@ -79,12 +78,12 @@ describe Carto::Api::ApiKeysController do
name: name,
grants: grants
}
post_json generate_api_key_url(user_req_params(@carto_user1)), payload do |response|
post_json generate_api_key_url(user_req_params(@carto_user)), payload do |response|
response.status.should eq 201
api_key_response = response.body
api_key_response[:id].should_not be
api_key_response[:name].should eq name
api_key_response[:user][:username].should eq @carto_user1.username
api_key_response[:user][:username].should eq @carto_user.username
api_key_response[:type].should eq 'regular'
api_key_response[:token].should_not be_empty
@ -107,7 +106,7 @@ describe Carto::Api::ApiKeysController do
"type" => "database",
"tables" => [
{
"schema" => @carto_user1.database_schema,
"schema" => @carto_user.database_schema,
"name" => @table1.name,
"permissions" => []
}
@ -119,12 +118,12 @@ describe Carto::Api::ApiKeysController do
name: name,
grants: grants
}
post_json generate_api_key_url(user_req_params(@carto_user1)), payload do |response|
post_json generate_api_key_url(user_req_params(@carto_user)), payload do |response|
response.status.should eq 201
api_key_response = response.body
api_key_response[:id].should_not be
api_key_response[:name].should eq name
api_key_response[:user][:username].should eq @carto_user1.username
api_key_response[:user][:username].should eq @carto_user.username
api_key_response[:type].should eq 'regular'
api_key_response[:token].should_not be_empty
api_key_response[:databaseConfig].should_not be
@ -134,17 +133,17 @@ describe Carto::Api::ApiKeysController do
end
it 'fails if grants is not a json array' do
post_json generate_api_key_url(user_req_params(@carto_user1)), name: 'wadus' do |response|
post_json generate_api_key_url(user_req_params(@carto_user)), name: 'wadus' do |response|
response.status.should eq 422
error_response = response.body
error_response[:errors].should match /grants has to be an array/
end
post_json generate_api_key_url(user_req_params(@carto_user1)), name: 'wadus', grants: "something" do |response|
post_json generate_api_key_url(user_req_params(@carto_user)), name: 'wadus', grants: "something" do |response|
response.status.should eq 422
error_response = response.body
error_response[:errors].should match /grants has to be an array/
end
post_json generate_api_key_url(user_req_params(@carto_user1)), name: 'wadus', grants: {} do |response|
post_json generate_api_key_url(user_req_params(@carto_user)), name: 'wadus', grants: {} do |response|
response.status.should eq 422
error_response = response.body
error_response[:errors].should match /grants has to be an array/
@ -156,7 +155,7 @@ describe Carto::Api::ApiKeysController do
{
'type' => 'database',
'tables' => [
'schema' => @carto_user1.database_schema,
'schema' => @carto_user.database_schema,
'name' => @table1.name,
'permissions' => ['read']
]
@ -166,7 +165,7 @@ describe Carto::Api::ApiKeysController do
'apis' => ['maps', 'sql']
}
]
post_json generate_api_key_url(user_req_params(@carto_user1)), name: 'wadus', grants: grants do |response|
post_json generate_api_key_url(user_req_params(@carto_user)), name: 'wadus', grants: grants do |response|
response.status.should eq 422
error_response = response.body
error_response[:errors].should match /permissions.*did not match one of the following values: insert, select, update, delete/
@ -178,7 +177,7 @@ describe Carto::Api::ApiKeysController do
{
'type' => 'database',
'tables' => [
'schema' => @carto_user1.database_schema,
'schema' => @carto_user.database_schema,
'name' => 'wadus',
'permissions' => ['select']
]
@ -188,7 +187,7 @@ describe Carto::Api::ApiKeysController do
'apis' => ['maps', 'sql']
}
]
post_json generate_api_key_url(user_req_params(@carto_user1)), name: 'wadus', grants: grants do |response|
post_json generate_api_key_url(user_req_params(@carto_user)), name: 'wadus', grants: grants do |response|
response.status.should eq 422
error_response = response.body
error_response[:errors].should match /relation \"public.wadus\" does not exist/
@ -210,7 +209,7 @@ describe Carto::Api::ApiKeysController do
'apis' => ['maps', 'sql']
}
]
post_json generate_api_key_url(user_req_params(@carto_user1)), name: 'wadus', grants: grants do |response|
post_json generate_api_key_url(user_req_params(@carto_user)), name: 'wadus', grants: grants do |response|
response.status.should eq 422
error_response = response.body
error_response[:errors].should match /can only grant permissions over owned tables/
@ -233,14 +232,14 @@ describe Carto::Api::ApiKeysController do
}
]
post_json generate_api_key_url(user_req_params(@carto_user1)), name: 'wadus', grants: grants do |response|
post_json generate_api_key_url(user_req_params(@carto_user)), name: 'wadus', grants: grants do |response|
response.status.should eq 201
api_key_response = response.body
api_key_response[:id].should_not be
api_key_response[:name].should eq 'wadus'
end
post_json generate_api_key_url(user_req_params(@carto_user1)), name: 'wadus', grants: grants do |response|
post_json generate_api_key_url(user_req_params(@carto_user)), name: 'wadus', grants: grants do |response|
response.status.should eq 422
api_key_response = response.body
api_key_response[:errors].should match /Name has already been taken/
@ -252,61 +251,59 @@ describe Carto::Api::ApiKeysController do
describe '#destroy' do
it 'destroys the API key' do
api_key = FactoryGirl.create(:api_key_apis, user_id: @user1.id)
delete_json generate_api_key_url(user_req_params(@user1), name: api_key.name) do |response|
api_key = FactoryGirl.create(:api_key_apis, user_id: @user.id)
delete_json generate_api_key_url(user_req_params(@user), name: api_key.name) do |response|
response.status.should eq 200
response.body[:name].should eq api_key.name
end
Carto::ApiKey.where(name: api_key.name, user_id: @user1.id).first.should be_nil
Carto::ApiKey.where(name: api_key.name, user_id: @user.id).first.should be_nil
end
it 'returns 403 if API key is master or default public' do
master_api_key = Carto::ApiKey::where(user_id: @user1.id, type: Carto::ApiKey::TYPE_MASTER).first
default_api_key = Carto::ApiKey::where(user_id: @user1.id, type: Carto::ApiKey::TYPE_DEFAULT_PUBLIC).first
master_api_key = @carto_user.api_keys.find_by_type(Carto::ApiKey::TYPE_MASTER)
default_api_key = @carto_user.api_keys.find_by_type(Carto::ApiKey::TYPE_DEFAULT_PUBLIC)
delete_json generate_api_key_url(user_req_params(@user1), name: master_api_key.name) do |response|
delete_json generate_api_key_url(user_req_params(@user), name: master_api_key.name) do |response|
response.status.should eq 403
end
delete_json generate_api_key_url(user_req_params(@user1), name: default_api_key.name) do |response|
delete_json generate_api_key_url(user_req_params(@user), name: default_api_key.name) do |response|
response.status.should eq 403
end
end
it 'returns 404 if API key is not a uuid or it doesn\'t exist' do
delete_json generate_api_key_url(user_req_params(@user1), name: 'wadus') do |response|
delete_json generate_api_key_url(user_req_params(@user), name: 'wadus') do |response|
response.status.should eq 404
end
delete_json generate_api_key_url(user_req_params(@user1), name: random_uuid) do |response|
delete_json generate_api_key_url(user_req_params(@user), name: random_uuid) do |response|
response.status.should eq 404
end
end
it 'returns 404 if the API key doesn\'t belong to that user' do
api_key = FactoryGirl.create(:api_key_apis, user_id: @user1.id)
delete_json generate_api_key_url(user_req_params(@user2), name: api_key.name) do |response|
other_user = FactoryGirl.create(:valid_user)
api_key = FactoryGirl.create(:api_key_apis, user_id: @user.id)
delete_json generate_api_key_url(user_req_params(other_user), name: api_key.name) do |response|
response.status.should eq 404
end
Carto::ApiKey.find_by_id(api_key.id).should_not be_nil
api_key.destroy
other_user.destroy
end
end
describe '#regenerate' do
before(:all) do
@api_key = FactoryGirl.create(:api_key_apis, user_id: @user1.id)
end
after(:all) do
@api_key.destroy
before(:each) do
@api_key = FactoryGirl.create(:api_key_apis, user_id: @user.id)
end
it 'regenerates the token' do
old_token = @api_key.token
options = { user_domain: @user1.username, api_key: @user1.api_key, id: @api_key.name }
options = { user_domain: @user.username, api_key: @user.api_key, id: @api_key.name }
post_json regenerate_api_key_token_url(options) do |response|
response.status.should eq 200
response.body[:token].should_not be_nil
@ -319,8 +316,8 @@ describe Carto::Api::ApiKeysController do
describe '#show' do
it 'returns requested API key' do
api_key = FactoryGirl.create(:api_key_apis, user_id: @user1.id)
get_json generate_api_key_url(user_req_params(@user1), name: api_key.name) do |response|
api_key = FactoryGirl.create(:api_key_apis, user_id: @user.id)
get_json generate_api_key_url(user_req_params(@user), name: api_key.name) do |response|
response.status.should eq 200
response.body[:name].should eq api_key.name
end
@ -328,13 +325,13 @@ describe Carto::Api::ApiKeysController do
end
it 'returns 404 if the API key does not exist' do
get_json generate_api_key_url(user_req_params(@user1), name: 'wadus') do |response|
get_json generate_api_key_url(user_req_params(@user), name: 'wadus') do |response|
response.status.should eq 404
end
end
it 'returns 404 if the API key does not belong to the user' do
api_key = FactoryGirl.create(:api_key_apis, user_id: @user1.id)
api_key = FactoryGirl.create(:api_key_apis, user_id: @user.id)
get_json generate_api_key_url(user_req_params(@user2), name: api_key.name) do |response|
response.status.should eq 404
end
@ -342,7 +339,7 @@ describe Carto::Api::ApiKeysController do
end
it 'returns 401 if api_key is not provided' do
api_key = FactoryGirl.create(:api_key_apis, user_id: @user1.id)
api_key = FactoryGirl.create(:api_key_apis, user_id: @user.id)
get_json generate_api_key_url(user_req_params(Carto::User.new), name: api_key.name) do |response|
response.status.should eq 401
end
@ -351,21 +348,16 @@ describe Carto::Api::ApiKeysController do
end
describe '#index' do
before :all do
Carto::User.find(@user1.id).api_keys.each(&:destroy)
end
before(:all) do
@user_index = FactoryGirl.create(:valid_user)
Carto::ApiKey.where(user_id: @user_index.id).each(&:destroy)
before :all do
@apikeys = []
5.times { @apikeys << FactoryGirl.create(:api_key_apis, user_id: @user1.id) }
end
after :all do
@apikeys.each(&:destroy)
5.times { @apikeys << FactoryGirl.create(:api_key_apis, user_id: @user_index.id) }
end
it 'paginates correcty' do
get_json generate_api_key_url(user_req_params(@user1).merge(per_page: 2)) do |response|
get_json generate_api_key_url(user_req_params(@user_index).merge(per_page: 2)) do |response|
response.status.should eq 200
response.body[:total].should eq 5
response.body[:count].should eq 2
@ -378,7 +370,7 @@ describe Carto::Api::ApiKeysController do
response.body[:result][1]['name'].should eq @apikeys[1].name
end
get_json generate_api_key_url(user_req_params(@user1).merge(per_page: 2, page: 2)) do |response|
get_json generate_api_key_url(user_req_params(@user_index).merge(per_page: 2, page: 2)) do |response|
response.status.should eq 200
response.body[:total].should eq 5
response.body[:count].should eq 2
@ -391,7 +383,7 @@ describe Carto::Api::ApiKeysController do
response.body[:result][1]['name'].should eq @apikeys[3].name
end
get_json generate_api_key_url(user_req_params(@user1).merge(per_page: 2, page: 3)) do |response|
get_json generate_api_key_url(user_req_params(@user_index).merge(per_page: 2, page: 3)) do |response|
response.status.should eq 200
response.body[:total].should eq 5
response.body[:count].should eq 1
@ -402,7 +394,7 @@ describe Carto::Api::ApiKeysController do
response.body[:result][0]['name'].should eq @apikeys[4].name
end
get_json generate_api_key_url(user_req_params(@user1).merge(per_page: 3)) do |response|
get_json generate_api_key_url(user_req_params(@user_index).merge(per_page: 3)) do |response|
response.status.should eq 200
response.body[:total].should eq 5
response.body[:count].should eq 3
@ -413,7 +405,7 @@ describe Carto::Api::ApiKeysController do
3.times { |n| response.body[:result][n]['name'].should eq @apikeys[n].name }
end
get_json generate_api_key_url(user_req_params(@user1).merge(per_page: 10)) do |response|
get_json generate_api_key_url(user_req_params(@user_index).merge(per_page: 10)) do |response|
response.status.should eq 200
response.body[:total].should eq 5
response.body[:count].should eq 5
@ -426,7 +418,7 @@ describe Carto::Api::ApiKeysController do
end
it 'returns the list of master and default API key for a given user' do
get_json generate_api_key_url(user_req_params(@user_api_keys)) do |response|
get_json generate_api_key_url(user_req_params(@user)) do |response|
response.status.should eq 200
response.body[:total].should eq 2
response.body[:count].should eq 2
@ -438,33 +430,21 @@ describe Carto::Api::ApiKeysController do
end
it 'returns 401 if api_key is not provided' do
@user1.api_key = nil
get_json generate_api_key_url(@user1) do |response|
@user.api_key = nil
get_json generate_api_key_url(@user) do |response|
response.status.should eq 401
end
end
end
describe 'header auth' do
before :all do
@master_api_key = FactoryGirl.create(:api_key_apis, user_id: @user1.id, type: Carto::ApiKey::TYPE_MASTER)
end
after :all do
@master_api_key.destroy
end
before :each do
@table1 = create_table(user_id: @carto_user1.id)
end
after :each do
@table1.destroy
before(:all) do
@master_api_key = @carto_user.api_keys.find_by_type(Carto::ApiKey::TYPE_MASTER)
end
def json_headers_with_auth
http_json_headers.merge(
'Authorization' => 'Basic ' + Base64.encode64("#{@user1.username}:#{@master_api_key.token}")
'Authorization' => 'Basic ' + Base64.encode64("#{@user.username}:#{@master_api_key.token}")
)
end
@ -479,7 +459,7 @@ describe Carto::Api::ApiKeysController do
"type" => "database",
"tables" => [
{
"schema" => @carto_user1.database_schema,
"schema" => @carto_user.database_schema,
"name" => @table1.name,
"permissions" => []
}
@ -491,28 +471,28 @@ describe Carto::Api::ApiKeysController do
name: name,
grants: grants
}
post_json generate_api_key_url(user_req_params(@carto_user1)), payload, json_headers_with_auth do |response|
post_json generate_api_key_url(user_req_params(@carto_user)), payload, json_headers_with_auth do |response|
response.status.should eq 201
Carto::ApiKey.where(name: response.body[:name]).each(&:destroy)
end
end
it 'destroys the API key' do
api_key = FactoryGirl.create(:api_key_apis, user_id: @user1.id)
params = user_req_params(@user1)
api_key = FactoryGirl.create(:api_key_apis, user_id: @user.id)
params = user_req_params(@user)
delete_json generate_api_key_url(params, name: api_key.name), {}, json_headers_with_auth do |response|
response.status.should eq 200
response.body[:name].should eq api_key.name
end
Carto::ApiKey.where(name: api_key.name, user_id: @carto_user1.id).first.should be_nil
Carto::ApiKey.where(name: api_key.name, user_id: @carto_user.id).first.should be_nil
end
it 'regenerates the token' do
api_key = FactoryGirl.create(:api_key_apis, user_id: @user1.id)
api_key = FactoryGirl.create(:api_key_apis, user_id: @user.id)
api_key.save!
old_token = api_key.token
options = { user_domain: @user1.username, id: api_key.name }
options = { user_domain: @user.username, id: api_key.name }
post_json regenerate_api_key_token_url(options), {}, json_headers_with_auth do |response|
response.status.should eq 200
response.body[:token].should_not be_nil
@ -524,8 +504,8 @@ describe Carto::Api::ApiKeysController do
end
it 'returns requested API key' do
api_key = FactoryGirl.create(:api_key_apis, user_id: @user1.id)
get_json generate_api_key_url(user_req_params(@user1), name: api_key.name), {}, json_headers_with_auth do |response|
api_key = FactoryGirl.create(:api_key_apis, user_id: @user.id)
get_json generate_api_key_url(user_req_params(@user), name: api_key.name), {}, json_headers_with_auth do |response|
response.status.should eq 200
response.body[:name].should eq api_key.name
end
@ -533,7 +513,7 @@ describe Carto::Api::ApiKeysController do
end
it 'returns API key list' do
get_json generate_api_key_url(user_req_params(@user1)), {}, json_headers_with_auth do |response|
get_json generate_api_key_url(user_req_params(@user)), {}, json_headers_with_auth do |response|
response.status.should eq 200
end
end
@ -541,17 +521,17 @@ describe Carto::Api::ApiKeysController do
describe 'without header auth fails and does not' do
it 'create api_key' do
api_keys_count = @carto_user1.api_keys.count
post_json generate_api_key_url(user_req_params(@carto_user1).merge(api_key: nil)) do |response|
api_keys_count = @carto_user.api_keys.count
post_json generate_api_key_url(user_req_params(@carto_user).merge(api_key: nil)) do |response|
response.status.should eq 401
@carto_user1.reload
@carto_user1.api_keys.count.should eq api_keys_count
@carto_user.reload
@carto_user.api_keys.count.should eq api_keys_count
end
end
it 'destroy the API key' do
api_key = FactoryGirl.create(:api_key_apis, user_id: @user1.id)
delete_json generate_api_key_url(user_req_params(@user1).merge(api_key: nil), name: api_key.name) do |response|
api_key = FactoryGirl.create(:api_key_apis, user_id: @user.id)
delete_json generate_api_key_url(user_req_params(@user).merge(api_key: nil), name: api_key.name) do |response|
response.status.should eq 401
Carto::ApiKey.find(api_key.id).should be
end
@ -559,10 +539,10 @@ describe Carto::Api::ApiKeysController do
end
it 'regenerate the token' do
api_key = FactoryGirl.create(:api_key_apis, user_id: @user1.id)
api_key = FactoryGirl.create(:api_key_apis, user_id: @user.id)
api_key.save!
old_token = api_key.token
options = { user_domain: @user1.username, id: api_key.id }
options = { user_domain: @user.username, id: api_key.id }
post_json regenerate_api_key_token_url(options), {} do |response|
response.status.should eq 401
api_key.reload
@ -572,15 +552,15 @@ describe Carto::Api::ApiKeysController do
end
it 'return requested API key' do
api_key = FactoryGirl.create(:api_key_apis, user_id: @user1.id)
get_json generate_api_key_url(user_req_params(@user1).merge(api_key: nil), name: api_key.name) do |response|
api_key = FactoryGirl.create(:api_key_apis, user_id: @user.id)
get_json generate_api_key_url(user_req_params(@user).merge(api_key: nil), name: api_key.name) do |response|
response.status.should eq 401
end
api_key.destroy
end
it 'return API key list' do
get_json generate_api_key_url(user_req_params(@user1).merge(api_key: nil)) do |response|
get_json generate_api_key_url(user_req_params(@user).merge(api_key: nil)) do |response|
response.status.should eq 401
end
end

Write Preview
Loading…
Cancel
Save