api/test/unit/sanitiser/search.js

var extend = require('extend'),
    search  = require('../../../sanitiser/search'),
    parser = require('../../../helper/query_parser'),
    sanitize = search.sanitize,
    middleware = search.middleware,
    defaultError = 'invalid param \'text\': text length, must be >0';
// these are the default values you would expect when no input params are specified.
// @todo: why is this different from $defaultClean?
var emptyClean = { private: false, size: 10, types: {} };

module.exports.tests = {};

module.exports.tests.interface = function(test, common) {
  test('sanitize interface', function(t) {
    t.equal(typeof sanitize, 'function', 'sanitize is a function');
    t.equal(sanitize.length, 2, 'sanitize interface');
    t.end();
  });
  test('middleware interface', function(t) {
    t.equal(typeof middleware, 'function', 'middleware is a function');
    t.equal(middleware.length, 3, 'sanitize has a valid middleware');
    t.end();
  });
};

module.exports.tests.sanitisers = function(test, common) {
  test('check sanitiser list', function (t) {
    var expected = ['singleScalarParameters', 'text', 'size', 'layers', 'sources', 'private', 'geo_search', 'boundary_country' ];
    t.deepEqual(Object.keys(search.sanitiser_list), expected);
    t.end();
  });
};

module.exports.tests.sanitize_invalid_text = function(test, common) {
  test('invalid text', function(t) {
    var invalid = [ '', 100, null, undefined ];
    invalid.forEach( function( text ){
      var req = { query: { text: text } };
      sanitize(req, function(){
        t.equal(req.errors[0], 'invalid param \'text\': text length, must be >0', text + ' is an invalid text');
        t.deepEqual(req.clean, emptyClean, 'clean only has default values set');
      });
    });
    t.end();
  });
};

module.exports.tests.sanitise_valid_text = function(test, common) {
  test('valid short text', function(t) {
    var req = { query: { text: 'a' } };
    sanitize(req, function(){
      t.equal(req.errors[0], undefined, 'no error');
    });
    t.end();
  });

  test('valid not-quite-as-short text', function(t) {
    var req = { query: { text: 'aa' } };
    sanitize(req, function(){
      t.equal(req.errors[0], undefined, 'no error');
    });
    t.end();
  });

  test('valid longer text', function(t) {
    var req = { query: { text: 'aaaaaaaa' } };
    sanitize(req, function(){
      t.equal(req.errors[0], undefined, 'no error');
    });
    t.end();
  });
};

module.exports.tests.sanitize_text_with_delim = function(test, common) {
  var texts = [ 'a,bcd', '123 main st, admin1', ',,,', ' ' ];

  test('valid texts with a comma', function(t) {
    texts.forEach( function( text ){
      var req = { query: { text: text } };
      sanitize( req, function( ){
        var expected_text = text;

        var expected_parsed_text = parser.get_parsed_address(text);
        t.equal(req.errors[0], undefined, 'no error');
        t.equal(req.clean.parsed_text.name, expected_parsed_text.name, 'clean name set correctly');
        t.equal(req.clean.text, expected_text, 'text should match');

      });
    });
    t.end();
  });
};

module.exports.tests.sanitize_private_no_value = function(test, common) {
  test('default private should be set to true', function(t) {
    var req = { query: { text: 'test' } };
    sanitize(req, function(){
      t.equal(req.clean.private, false, 'private set to false');
    });
    t.end();
  });
};

module.exports.tests.sanitize_private_explicit_true_value = function(test, common) {
  test('explicit private should be set to true', function(t) {
    var req = { query: { text: 'test', private: true } };
    sanitize(req, function(){
      t.equal(req.clean.private, true, 'private set to true');
    });
    t.end();
  });
};

module.exports.tests.sanitize_private_explicit_false_value = function(test, common) {
  test('explicit private should be set to false', function(t) {
    var req = { query: { text: 'test', private: false } };
    sanitize(req, function(){
      t.equal(req.clean.private, false, 'private set to false');
    });
    t.end();
  });
};

module.exports.tests.sanitize_lat = function(test, common) {
  var valid_lats = [ 0, 45, 90, -0, '0', '45', '90', -181, -120, -91, 91, 120, 181  ];
  test('valid lat', function(t) {
    valid_lats.forEach( function( lat ){
      var req = { query: { text: 'test', 'focus.point.lat': lat, 'focus.point.lon': 0 } };
      sanitize(req, function(){
        var expected_lat = parseFloat( lat );
        t.equal(req.errors[0], undefined, 'no error');
        t.equal(req.clean['focus.point.lat'], expected_lat, 'clean lat set correctly (' + lat + ')');
      });
    });
    t.end();
  });
};

module.exports.tests.sanitize_lon = function(test, common) {
  var lons = {
    valid: [ -381, -181, -180, -1, -0, 0, 45, 90, '-180', '0', '180', 181 ]
  };
  test('valid lon', function(t) {
    lons.valid.forEach( function( lon ){
      var req = { query: { text: 'test', 'focus.point.lat': 0, 'focus.point.lon': lon } };
      sanitize( req, function(){
        var expected_lon = parseFloat( lon );
        t.equal(req.errors[0], undefined, 'no error');
        t.deepEqual(req.clean['focus.point.lon'], expected_lon, 'clean set correctly (' + lon + ')');
      });
    });
    t.end();
  });
};

module.exports.tests.sanitize_optional_geo = function(test, common) {
  test('no lat/lon', function(t) {
    var req = { query: { text: 'test' } };
    sanitize(req, function(){
      t.equal(req.errors[0], undefined, 'no error');
      t.equal(req.clean['focus.point.lat'], undefined, 'clean set without lat');
      t.equal(req.clean['focus.point.lon'], undefined, 'clean set without lon');
    });
    t.end();
  });
  test('no lat', function(t) {
    var req = { query: { text: 'test', 'focus.point.lon': 0 } };
    sanitize(req, function(){
      var expected_lon = 0;
      t.equal(req.errors[0], 'missing point param \'focus.point\' requires all of: \'lat\',\'lon\' to be present');
      t.equal(req.clean['focus.point.lat'], undefined);
      t.equal(req.clean['focus.point.lon'], undefined);
    });
    t.end();
  });
  test('no lon', function(t) {
    var req = { query: { text: 'test', 'focus.point.lat': 0 } };
    sanitize(req, function(){
      var expected_lat = 0;
      t.equal(req.errors[0], 'missing point param \'focus.point\' requires all of: \'lat\',\'lon\' to be present');
      t.equal(req.clean['focus.point.lat'], undefined);
      t.equal(req.clean['focus.point.lon'], undefined);
    });
    t.end();
  });
};

module.exports.tests.sanitize_bounding_rect = function(test, common) {

  // convernience function to avoid refactoring the succict geojson bbox
  // fixtures in to the more verbose bounding.rect format.
  var mapGeoJsonBboxFormatToBoundingRectFormat = function( bbox ){
    var split = bbox.split(',');
    return {
      'boundary.rect.min_lon': split[0],
      'boundary.rect.max_lat': split[1],
      'boundary.rect.max_lon': split[2],
      'boundary.rect.min_lat': split[3]
    };
  };

  var bboxes = {
    invalid: [
      '91;-181,-91,181', // invalid - semicolon between coordinates
      'these,are,not,numbers',
      '0,0,0,notANumber',
      ',,,',
      '91, -181, -91',   // invalid - missing a coordinate
      '123,12',          // invalid - missing coordinates
      ''                 // invalid - empty param
    ].map(mapGeoJsonBboxFormatToBoundingRectFormat),

    valid: [
      '-179,90,34,-80', // valid top_right lon/lat, bottom_left lon/lat
      '0,0,0,0',
      '10,20,30,40',
      '-40,-20,10,30',
      '-40,-20,10,30',
      '-1200,20,1000,20',
      '-1400,90,1400,-90',
      // wrapped latitude coordinates
      '-181,90,34,-180',
      '-170,91,-181,45',
      '-181,91,181,-91',
      '91, -181,-91,11',
      '91, -11,-91,181'
    ].map(mapGeoJsonBboxFormatToBoundingRectFormat)
  };

  test('invalid bounding rect', function(t) {
    bboxes.invalid.forEach( function( bbox ){
      var req = { query: { text: 'test' } };
      extend( req.query, bbox );
      sanitize(req, function(){
        t.equal(req.clean['boundary.rect.min_lon'], undefined);
        t.equal(req.clean['boundary.rect.max_lat'], undefined);
        t.equal(req.clean['boundary.rect.max_lon'], undefined);
        t.equal(req.clean['boundary.rect.min_lat'], undefined);
        t.equal(req.errors.length, 1, 'bounding error');
      });
    });
    t.end();
  });
  test('valid bounding rect', function(t) {
    bboxes.valid.forEach( function( bbox ){
      var req = { query: { text: 'test' } };
      extend( req.query, bbox );
      sanitize(req, function(){
        t.equal(req.errors[0], undefined, 'no error');
        t.equal(req.clean['boundary.rect.min_lon'], parseFloat(bbox['boundary.rect.min_lon']));
        t.equal(req.clean['boundary.rect.max_lat'], parseFloat(bbox['boundary.rect.max_lat']));
        t.equal(req.clean['boundary.rect.max_lon'], parseFloat(bbox['boundary.rect.max_lon']));
        t.equal(req.clean['boundary.rect.min_lat'], parseFloat(bbox['boundary.rect.min_lat']));
      });
    });
    t.end();
  });
};

module.exports.tests.sanitize_size = function(test, common) {
  test('invalid size value', function(t) {
    var req = { query: { size: 'a', text: 'test', lat: 0, lon: 0 } };
    sanitize(req, function(){
      t.equal(req.clean.size, 10, 'default size set');
      t.end();
    });
  });
  test('below min size value', function(t) {
    var req = { query: { size: -100, text: 'test', lat: 0, lon: 0 } };
    sanitize(req, function(){
      t.equal(req.clean.size, 1, 'min size set');
      t.end();
    });
  });
  test('above max size value', function(t) {
    var req = { query: { size: 9999, text: 'test', lat: 0, lon: 0 } };
    sanitize(req, function(){
      t.equal(req.clean.size, 40, 'max size set');
      t.end();
    });
  });
};

module.exports.tests.sanitize_private = function(test, common) {
  var invalid_values = [null, -1, 123, NaN, 'abc'];
  invalid_values.forEach(function(value) {
    test('invalid private param ' + value, function(t) {
      var req = { query: { text: 'test', lat: 0, lon: 0, 'private': value } };
      sanitize(req, function(){
        t.equal(req.clean.private, false, 'default private set (to false)');
        t.end();
      });
    });
  });

  var valid_values = ['true', true, 1, '1'];
  valid_values.forEach(function(value) {
    test('valid private ' + value, function(t) {
      var req = { query: { text: 'test', 'private': value } };
      sanitize(req, function(){
        t.equal(req.clean.private, true, 'private set to true');
        t.end();
      });
    });
  });

  var valid_false_values = ['false', false, 0, '0'];
  valid_false_values.forEach(function(value) {
    test('test setting false explicitly ' + value, function(t) {
      var req = { query: { text: 'test', 'private': value } };
      sanitize(req, function(){
        t.equal(req.clean.private, false, 'private set to false');
        t.end();
      });
    });
  });

  test('test default behavior', function(t) {
    var req = { query: { text: 'test' } };
    sanitize(req, function(){
      t.equal(req.clean.private, false, 'private set to false');
      t.end();
    });
  });
};

module.exports.tests.invalid_params = function(test, common) {
  test('invalid text params', function(t) {
    var req = { query: {} };
    sanitize( req, function(){
      t.equal(req.errors[0], defaultError, 'handle invalid params gracefully');
      t.end();
    });
  });
};

module.exports.tests.middleware_success = function(test, common) {
  test('middleware success', function(t) {
    var req = { query: { text: 'test' }};
    var next = function( message ){
      t.deepEqual(req.errors, [], 'no error messages set');
      t.end();
    };
    middleware( req, undefined, next );
  });
};

module.exports.all = function (tape, common) {

  function test(name, testFunction) {
    return tape('SANTIZE /search ' + name, testFunction);
  }

  for( var testCase in module.exports.tests ){
    module.exports.tests[testCase](test, common);
  }
};