From de13bd550534dc795683c12de016e185a0c4f1d7 Mon Sep 17 00:00:00 2001
From: steve-chavez <stevechavezast@gmail.com>
Date: Fri, 15 Jul 2022 00:54:05 -0500
Subject: [PATCH 1/2] test: no empty tx started for invalid path/method

---
 nix/tools/tests.nix  |  4 ++--
 test/io/fixtures.sql |  8 ++++++++
 test/io/test_io.py   | 28 ++++++++++++++++++++++++++++
 3 files changed, 38 insertions(+), 2 deletions(-)

diff --git a/nix/tools/tests.nix b/nix/tools/tests.nix
index 28a2c2996e..e55a3f4adc 100644
--- a/nix/tools/tests.nix
+++ b/nix/tools/tests.nix
@@ -90,7 +90,7 @@ let
     checkedShellScript
       {
         name = "postgrest-test-io";
-        docs = "Run the pytest-based IO tests.";
+        docs = "Run the pytest-based IO tests. Add -k to run tests that match a given expression.";
         args = [ "ARG_LEFTOVERS([pytest arguments])" ];
         inRootDir = true;
         withEnv = postgrest.env;
@@ -151,7 +151,7 @@ let
           HPCTIXFILE="$tmpdir"/io.tix \
             ${withTools.withPg} -f test/io/fixtures.sql ${cabal-install}/bin/cabal v2-exec ${devCabalOptions} -- \
             ${ioTestPython}/bin/pytest -v test/io
-          
+
           HPCTIXFILE="$tmpdir"/spec.tix \
             ${withTools.withPg} ${cabal-install}/bin/cabal v2-run ${devCabalOptions} test:spec
 
diff --git a/test/io/fixtures.sql b/test/io/fixtures.sql
index 69082136f5..bbe0298765 100644
--- a/test/io/fixtures.sql
+++ b/test/io/fixtures.sql
@@ -78,3 +78,11 @@ create function reload_pgrst_config() returns void as $_$
 begin
   perform pg_notify('pgrst', 'reload config');
 end $_$ language plpgsql ;
+
+create or replace function sleep(seconds double precision) returns void as $$
+  select pg_sleep(seconds);
+$$ language sql;
+
+create or replace function hello() returns text as $$
+  select 'hello';
+$$ language sql;
diff --git a/test/io/test_io.py b/test/io/test_io.py
index b24f046821..9b32332028 100644
--- a/test/io/test_io.py
+++ b/test/io/test_io.py
@@ -943,6 +943,34 @@ def test_log_level(level, has_output, defaultenv):
             )
 
 
+def test_no_pool_connection_required_on_bad_http_logic(defaultenv):
+    "no pool connection should be consumed for failing on invalid http logic"
+
+    env = {
+        **defaultenv,
+        "PGRST_DB_POOL": "1",
+    }
+
+    with run(env=env) as postgrest:
+        # First we retain the only pool connection available
+        # The try/except is a hack for not waiting for the response, taken from https://stackoverflow.com/a/45601591/4692662
+        try:
+            postgrest.session.get("/rpc/sleep?seconds=50", timeout=0.1)
+        except requests.exceptions.ReadTimeout:
+            pass
+
+        # Then the following requests should succeed rapidly
+
+        # not found nested route shouldn't require opening a connection
+        response = postgrest.session.head("/path/notfound")
+        assert response.status_code == 404
+
+        # an invalid http method on a resource shouldn't require opening a connection
+        response = postgrest.session.request("TRACE", "/projects")
+        assert response.status_code == 405
+        response = postgrest.session.patch("/rpc/hello")
+        assert response.status_code == 405
+
 # TODO: This test fails now because of https://github.com/PostgREST/postgrest/pull/2122
 # The stack size of 1K(-with-rtsopts=-K1K) is not enough and this fails with "stack overflow"
 # A stack size of 200K seems to be enough for succeess

From a7c6a7f8c000a3fed4c4d0397d9691e37ab8f7af Mon Sep 17 00:00:00 2001
From: steve-chavez <stevechavezast@gmail.com>
Date: Fri, 15 Jul 2022 17:35:08 -0500
Subject: [PATCH 2/2] test: no empty tx for invalid JWT

---
 test/io/test_io.py | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/test/io/test_io.py b/test/io/test_io.py
index 9b32332028..3fb29df33c 100644
--- a/test/io/test_io.py
+++ b/test/io/test_io.py
@@ -971,6 +971,28 @@ def test_no_pool_connection_required_on_bad_http_logic(defaultenv):
         response = postgrest.session.patch("/rpc/hello")
         assert response.status_code == 405
 
+
+def test_no_pool_connection_required_on_bad_jwt_claim(defaultenv):
+    "no pool connection should be consumed for failing on invalid jwt"
+
+    env = {**defaultenv, "PGRST_DB_POOL": "1", "PGRST_JWT_SECRET": SECRET}
+
+    with run(env=env) as postgrest:
+        # First we retain the only pool connection available
+        # The try/except is a hack for not waiting for the response, taken from https://stackoverflow.com/a/45601591/4692662
+        try:
+            postgrest.session.get("/rpc/sleep?seconds=50", timeout=0.1)
+        except requests.exceptions.ReadTimeout:
+            pass
+
+        # Then the following requests should succeed rapidly
+
+        # A JWT with an invalid signature shouldn't open a connection
+        headers = jwtauthheader({"role": "postgrest_test_author"}, "Wrong Secret")
+        response = postgrest.session.get("/projects", headers=headers)
+        assert response.status_code == 401
+
+
 # TODO: This test fails now because of https://github.com/PostgREST/postgrest/pull/2122
 # The stack size of 1K(-with-rtsopts=-K1K) is not enough and this fails with "stack overflow"
 # A stack size of 200K seems to be enough for succeess