From 0b239a5bec0529a0dfb3e4c8d6e2fe09cd43049d Mon Sep 17 00:00:00 2001 From: Andrew Kingston Date: Thu, 25 Nov 2021 13:00:43 +0000 Subject: [PATCH] Add test to ensure query schema is correctly cleared for prod app IDs --- .../server/src/api/routes/tests/query.spec.js | 35 +++++++++++++++++-- 1 file changed, 32 insertions(+), 3 deletions(-) diff --git a/packages/server/src/api/routes/tests/query.spec.js b/packages/server/src/api/routes/tests/query.spec.js index f5ba497d1b..37c969aba8 100644 --- a/packages/server/src/api/routes/tests/query.spec.js +++ b/packages/server/src/api/routes/tests/query.spec.js @@ -1,6 +1,13 @@ -// mock out postgres for this +// Mock out postgres for this jest.mock("pg") +// Mock isProdAppID to we can later mock the implementation and pretend we are +// using prod app IDs +const authDb = require("@budibase/auth/db") +const { isProdAppID } = authDb +const mockIsProdAppID = jest.fn(isProdAppID) +authDb.isProdAppID = mockIsProdAppID + const setup = require("./utilities") const { checkBuilderEndpoint } = require("./utilities/TestFunctions") const { basicQuery, basicDatasource } = setup.structures @@ -98,10 +105,32 @@ describe("/queries", () => { .set(await config.defaultHeaders()) .expect(200) .expect("Content-Type", /json/) - expect(res.body.fields).toBeUndefined() - expect(res.body.parameters).toBeUndefined() + expect(res.body.fields).toBeDefined() + expect(res.body.parameters).toBeDefined() + expect(res.body.schema).toBeDefined() }) }) + + it("should remove sensitive info for prod apps", async () => { + // Mock isProdAppID to pretend we are using a prod app + mockIsProdAppID.mockClear() + mockIsProdAppID.mockImplementation(() => true) + + const query = await config.createQuery() + const res = await request + .get(`/api/queries/${query._id}`) + .set(await config.defaultHeaders()) + .expect("Content-Type", /json/) + .expect(200) + expect(res.body._id).toEqual(query._id) + expect(res.body.fields).toBeUndefined() + expect(res.body.parameters).toBeUndefined() + expect(res.body.schema).toBeDefined() + + // Reset isProdAppID mock + expect(mockIsProdAppID).toHaveBeenCalledTimes(1) + mockIsProdAppID.mockImplementation(isProdAppID) + }) }) describe("destroy", () => {