@@ -37,17 +37,17 @@ describe('app.test', function () {
3737 method : 'GET'
3838 } , { } , function ( err , res ) {
3939 assert . ifError ( err ) ;
40- assert . strictEqual ( res . statusCode , 200 , res . body ) ;
40+ assert . strictEqual ( res . statusCode , 401 , res . body ) ;
4141 // Check cache headers
42- assert . strictEqual ( res . headers [ 'x-cache-channel' ] , 'cartodb_test_user_1_db:public.untitle_table_4' ) ;
43- assert . strictEqual ( res . headers [ 'cache-control' ] , expectedCacheControl ) ;
42+ assert . strictEqual ( res . headers [ 'x-cache-channel' ] , undefined ) ;
43+ assert . strictEqual ( res . headers [ 'cache-control' ] , undefined ) ;
4444 done ( ) ;
4545 } ) ;
4646 } ) ;
4747
4848 it ( 'GET /api/v1/sql with SQL parameter on SELECT only. no database param, just id using headers' , function ( done ) {
4949 assert . response ( server , {
50- url : '/api/v1/sql?q=SELECT%20*%20FROM%20untitle_table_4' ,
50+ url : '/api/v1/sql?q=SELECT%20*%20FROM%20untitle_table_4&api_key=1234 ' ,
5151 headers : { host : 'vizzuality.cartodb.com' } ,
5252 method : 'GET'
5353 } , { } , function ( err , res ) {
@@ -63,7 +63,7 @@ describe('app.test', function () {
6363 method : 'GET'
6464 } , { } , function ( err , res ) {
6565 assert . ifError ( err ) ;
66- assert . strictEqual ( res . statusCode , 200 , res . body ) ;
66+ assert . strictEqual ( res . statusCode , 401 , res . body ) ;
6767 done ( ) ;
6868 } ) ;
6969 } ) ;
@@ -91,7 +91,7 @@ describe('app.test', function () {
9191 method : 'POST'
9292 } , { } , function ( err , res ) {
9393 assert . ifError ( err ) ;
94- assert . strictEqual ( res . statusCode , 200 , res . body ) ;
94+ assert . strictEqual ( res . statusCode , 401 , res . body ) ;
9595 done ( ) ;
9696 } ) ;
9797 } ) ;
@@ -105,10 +105,10 @@ describe('app.test', function () {
105105 } , {
106106 } , function ( err , res ) {
107107 assert . ifError ( err ) ;
108- assert . strictEqual ( res . statusCode , 403 , res . statusCode + ': ' + res . body ) ;
108+ assert . strictEqual ( res . statusCode , 401 , res . statusCode + ': ' + res . body ) ;
109109 assert . deepStrictEqual ( res . headers [ 'content-type' ] , 'application/json; charset=utf-8' ) ;
110110 assert . deepStrictEqual ( res . headers [ 'content-disposition' ] , 'inline' ) ;
111- assert . ok ( JSON . parse ( res . body ) . error [ 0 ] . match ( / p e r m i s s i o n d e n i e d f o r . + ? u n t i t l e _ t a b l e _ 4 / ) ) ;
111+ assert . deepStrictEqual ( JSON . parse ( res . body ) . error [ 0 ] , 'unauthorized' ) ;
112112 done ( ) ;
113113 } ) ;
114114 } ) ;
@@ -121,10 +121,10 @@ describe('app.test', function () {
121121 } , {
122122 } , function ( err , res ) {
123123 assert . ifError ( err ) ;
124- assert . strictEqual ( res . statusCode , 400 , res . statusCode + ': ' + res . body ) ;
124+ assert . strictEqual ( res . statusCode , 401 , res . statusCode + ': ' + res . body ) ;
125125 assert . deepStrictEqual ( res . headers [ 'content-type' ] , 'application/json; charset=utf-8' ) ;
126126 assert . deepStrictEqual ( res . headers [ 'content-disposition' ] , 'inline' ) ;
127- assert . ok ( JSON . parse ( res . body ) . error [ 0 ] . match ( / m u s t b e o w n e r o f . + ? u n t i t l e _ t a b l e _ 4 / ) ) ;
127+ assert . deepStrictEqual ( JSON . parse ( res . body ) . error [ 0 ] , 'unauthorized' ) ;
128128 done ( ) ;
129129 } ) ;
130130 } ) ;
@@ -135,7 +135,7 @@ describe('app.test', function () {
135135 headers : { host : 'vizzuality.cartodb.com' } ,
136136 method : 'GET'
137137 } , {
138- status : 400
138+ status : 401
139139 } , done ) ;
140140 } ) ;
141141
@@ -146,10 +146,10 @@ describe('app.test', function () {
146146 method : 'GET'
147147 } , { } , function ( err , res ) {
148148 assert . ifError ( err ) ;
149- assert . strictEqual ( res . statusCode , 400 , res . statusCode + ': ' + res . body ) ;
149+ assert . strictEqual ( res . statusCode , 401 , res . statusCode + ': ' + res . body ) ;
150150 assert . deepStrictEqual ( res . headers [ 'content-type' ] , 'application/json; charset=utf-8' ) ;
151151 assert . deepStrictEqual ( res . headers [ 'content-disposition' ] , 'inline' ) ;
152- assert . ok ( JSON . parse ( res . body ) . error [ 0 ] . match ( / m u s t b e o w n e r o f . + ? u n t i t l e _ t a b l e _ 4 / ) ) ;
152+ assert . deepStrictEqual ( JSON . parse ( res . body ) . error [ 0 ] , 'unauthorized' ) ;
153153 done ( ) ;
154154 } ) ;
155155 } ) ;
@@ -352,7 +352,11 @@ describe('app.test', function () {
352352
353353 it ( 'sends a 400 when an unsupported format is requested' , function ( done ) {
354354 assert . response ( server , {
355- url : '/api/v1/sql?q=SELECT%20*%20FROM%20untitle_table_4&format=unknown' ,
355+ url : '/api/v1/sql?' + querystring . stringify ( {
356+ q : 'SELECT * FROM untitle_table_4' ,
357+ api_key : 1234 ,
358+ format : 'unknown'
359+ } ) ,
356360 headers : { host : 'vizzuality.cartodb.com' } ,
357361 method : 'GET'
358362 } , { } , function ( err , res ) {
@@ -367,7 +371,10 @@ describe('app.test', function () {
367371
368372 it ( 'GET /api/v1/sql with SQL parameter and no format, ensuring content-disposition set to json' , function ( done ) {
369373 assert . response ( server , {
370- url : '/api/v1/sql?q=SELECT%20*%20FROM%20untitle_table_4' ,
374+ url : '/api/v1/sql?' + querystring . stringify ( {
375+ q : 'SELECT * FROM untitle_table_4' ,
376+ api_key : 1234
377+ } ) ,
371378 headers : { host : 'vizzuality.cartodb.com' } ,
372379 method : 'GET'
373380 } , { } , function ( err , res ) {
@@ -385,7 +392,7 @@ describe('app.test', function () {
385392 it ( 'POST /api/v1/sql with SQL parameter and no format, ensuring content-disposition set to json' , function ( done ) {
386393 assert . response ( server , {
387394 url : '/api/v1/sql' ,
388- data : querystring . stringify ( { q : 'SELECT * FROM untitle_table_4' } ) ,
395+ data : querystring . stringify ( { q : 'SELECT * FROM untitle_table_4' , api_key : 1234 } ) ,
389396 headers : { host : 'vizzuality.cartodb.com' , 'Content-Type' : 'application/x-www-form-urlencoded' } ,
390397 method : 'POST'
391398 } , { } , function ( err , res ) {
@@ -402,7 +409,11 @@ describe('app.test', function () {
402409
403410 it ( 'GET /api/v1/sql with SQL parameter and no format, but a filename' , function ( done ) {
404411 assert . response ( server , {
405- url : '/api/v1/sql?q=SELECT%20*%20FROM%20untitle_table_4&filename=x' ,
412+ url : '/api/v1/sql?' + querystring . stringify ( {
413+ q : 'SELECT * FROM untitle_table_4' ,
414+ api_key : 1234 ,
415+ filename : 'x'
416+ } ) ,
406417 headers : { host : 'vizzuality.cartodb.com' } ,
407418 method : 'GET'
408419 } , { } , function ( err , res ) {
@@ -419,7 +430,10 @@ describe('app.test', function () {
419430
420431 it ( 'GET /api/v1/sql ensure cross domain set on errors' , function ( done ) {
421432 assert . response ( server , {
422- url : '/api/v1/sql?q=SELECT%20*gadfgadfg%20FROM%20untitle_table_4' ,
433+ url : '/api/v1/sql?' + querystring . stringify ( {
434+ q : 'SELECT gadfgadfg FROM untitle_table_4' ,
435+ api_key : 1234
436+ } ) ,
423437 headers : { host : 'vizzuality.cartodb.com' } ,
424438 method : 'GET'
425439 } , {
@@ -457,8 +471,8 @@ describe('app.test', function () {
457471 it ( 'GET decent error if SQL is broken' , function ( done ) {
458472 assert . response ( server , {
459473 url : '/api/v1/sql?' + querystring . stringify ( {
460- q :
461- 'SELECT star FROM this and that'
474+ q : 'SELECT star FROM this and that' ,
475+ api_key : 1234
462476 } ) ,
463477 headers : { host : 'vizzuality.cartodb.com' } ,
464478 method : 'GET'
@@ -478,8 +492,8 @@ describe('app.test', function () {
478492 it ( 'numeric arrays are rendered as such' , function ( done ) {
479493 assert . response ( server , {
480494 url : '/api/v1/sql?' + querystring . stringify ( {
481- q :
482- 'SELECT ARRAY[8.7,4.3]::numeric[] as x'
495+ q : 'SELECT ARRAY[8.7,4.3]::numeric[] as x' ,
496+ api_key : 1234
483497 } ) ,
484498 headers : { host : 'vizzuality.localhost.lan:8080' } ,
485499 method : 'GET'
@@ -510,7 +524,8 @@ describe('app.test', function () {
510524 // See https://github.com/CartoDB/CartoDB-SQL-API/issues/117
511525 ', now()::date as i' +
512526 ", '1'::numeric as j" +
513- ' LIMIT 0'
527+ ' LIMIT 0' ,
528+ api_key : 1234
514529 } ) ,
515530 headers : { host : 'vizzuality.cartodb.com' } ,
516531 method : 'GET'
@@ -547,7 +562,8 @@ describe('app.test', function () {
547562 ' ARRAY[d] AS _d, ' +
548563 ' ARRAY[e] AS _e, ' +
549564 ' ARRAY[f] AS _f ' +
550- 'FROM inp'
565+ 'FROM inp' ,
566+ api_key : 1234
551567 } ) ,
552568 headers : { host : 'vizzuality.cartodb.com' } ,
553569 method : 'GET'
@@ -589,7 +605,8 @@ describe('app.test', function () {
589605 var next = this ;
590606 assert . response ( server , {
591607 url : '/api/v1/sql?' + querystring . stringify ( {
592- q : "SET timezone TO 'Europe/Rome'; SELECT '2000-01-01T00:00:00+01'::timestamptz as d"
608+ q : "SET timezone TO 'Europe/Rome'; SELECT '2000-01-01T00:00:00+01'::timestamptz as d" ,
609+ api_key : 1234
593610 } ) ,
594611 headers : { host : 'vizzuality.cartodb.com' } ,
595612 method : 'GET'
@@ -610,7 +627,8 @@ describe('app.test', function () {
610627 var next = this ;
611628 assert . response ( server , {
612629 url : '/api/v1/sql?' + querystring . stringify ( {
613- q : "SET timezone TO 'Europe/Rome'; SELECT '2000-01-01T00:00:00'::timestamp as d"
630+ q : "SET timezone TO 'Europe/Rome'; SELECT '2000-01-01T00:00:00'::timestamp as d" ,
631+ api_key : 1234
614632 } ) ,
615633 headers : { host : 'vizzuality.cartodb.com' } ,
616634 method : 'GET'
@@ -631,7 +649,8 @@ describe('app.test', function () {
631649 var next = this ;
632650 assert . response ( server , {
633651 url : '/api/v1/sql?' + querystring . stringify ( {
634- q : "SET timezone TO 'UTC'; SELECT '2000-01-01T00:00:00+00'::timestamptz as d"
652+ q : "SET timezone TO 'UTC'; SELECT '2000-01-01T00:00:00+00'::timestamptz as d" ,
653+ api_key : 1234
635654 } ) ,
636655 headers : { host : 'vizzuality.cartodb.com' } ,
637656 method : 'GET'
@@ -652,7 +671,8 @@ describe('app.test', function () {
652671 var next = this ;
653672 assert . response ( server , {
654673 url : '/api/v1/sql?' + querystring . stringify ( {
655- q : "SET timezone TO 'UTC'; SELECT '2000-01-01T00:00:00'::timestamp as d"
674+ q : "SET timezone TO 'UTC'; SELECT '2000-01-01T00:00:00'::timestamp as d" ,
675+ api_key : 1234
656676 } ) ,
657677 headers : { host : 'vizzuality.cartodb.com' } ,
658678 method : 'GET'
@@ -695,7 +715,8 @@ describe('app.test', function () {
695715 var next = this ;
696716 assert . response ( server , {
697717 url : '/api/v1/sql?' + querystring . stringify ( {
698- q : "SET client_min_messages TO 'notice'; select raise('notice', 'hello notice')"
718+ q : "SET client_min_messages TO 'notice'; select raise('notice', 'hello notice')" ,
719+ api_key : 1234
699720 } ) ,
700721 headers : { host : 'vizzuality.cartodb.com' } ,
701722 method : 'GET'
@@ -716,7 +737,8 @@ describe('app.test', function () {
716737 var next = this ;
717738 assert . response ( server , {
718739 url : '/api/v1/sql?' + querystring . stringify ( {
719- q : "SET client_min_messages TO 'notice'; select raise('warning', 'hello warning')"
740+ q : "SET client_min_messages TO 'notice'; select raise('warning', 'hello warning')" ,
741+ api_key : 1234
720742 } ) ,
721743 headers : { host : 'vizzuality.cartodb.com' } ,
722744 method : 'GET'
@@ -738,7 +760,8 @@ describe('app.test', function () {
738760 assert . response ( server , {
739761 url : '/api/v1/sql?' + querystring . stringify ( {
740762 q : "SET client_min_messages TO 'notice'; select raise('warning', 'hello again warning'), " +
741- "raise('notice', 'hello again notice');"
763+ "raise('notice', 'hello again notice');" ,
764+ api_key : 1234
742765 } ) ,
743766 headers : { host : 'vizzuality.cartodb.com' } ,
744767 method : 'GET'
@@ -793,7 +816,11 @@ describe('app.test', function () {
793816
794817 it ( 'GET with callback must return 200 status error even if it is an error' , function ( done ) {
795818 assert . response ( server , {
796- url : '/api/v1/sql?q=DROP%20TABLE%20untitle_table_4&callback=foo_jsonp' ,
819+ url : '/api/v1/sql?' + querystring . stringify ( {
820+ q : 'DROP TABLE untitle_table_4' ,
821+ api_key : 1234 ,
822+ callback : 'foo_jsonp'
823+ } ) ,
797824 headers : { host : 'vizzuality.cartodb.com' } ,
798825 method : 'GET'
799826 } , { } , function ( err , res ) {
@@ -814,7 +841,10 @@ describe('app.test', function () {
814841
815842 it ( 'GET with slow query exceeding statement timeout returns proper error message' , function ( done ) {
816843 assert . response ( server , {
817- url : '/api/v1/sql?q=select%20pg_sleep(2.1)%20as%20sleep' ,
844+ url : '/api/v1/sql?' + querystring . stringify ( {
845+ q : 'select pg_sleep(2.1) as sleep' ,
846+ api_key : 1234
847+ } ) ,
818848 headers : { host : 'vizzuality.cartodb.com' } ,
819849 method : 'GET'
820850 } ,
@@ -838,7 +868,7 @@ describe('app.test', function () {
838868
839869 it ( 'GET with slow query exceeding statement timeout returns proper error message (streaming)' , function ( done ) {
840870 assert . response ( server , {
841- url : '/api/v1/sql?q=SELECT%20pg_sleep(generate_series(2,10)/10.0)' ,
871+ url : '/api/v1/sql?q=SELECT%20pg_sleep(generate_series(2,10)/10.0)&api_key=1234 ' ,
842872 headers : { host : 'vizzuality.cartodb.com' } ,
843873 method : 'GET'
844874 } ,
@@ -875,7 +905,8 @@ describe('app.test', function () {
875905 server ,
876906 {
877907 url : '/api/v1/sql?' + querystring . stringify ( {
878- q : 'SELECT * FROM untitle_table_4'
908+ q : 'SELECT * FROM untitle_table_4' ,
909+ api_key : 1234
879910 } ) ,
880911 headers : {
881912 host : 'vizzuality.cartodb.com'
0 commit comments