4 class UsersControllerTest < ActionDispatch::IntegrationTest
6 # test all routes which lead to this controller
9 { :path => "/api/0.6/user/1", :method => :get },
10 { :controller => "api/users", :action => "show", :id => "1" }
13 { :path => "/api/0.6/user/1.json", :method => :get },
14 { :controller => "api/users", :action => "show", :id => "1", :format => "json" }
17 { :path => "/api/0.6/user/details", :method => :get },
18 { :controller => "api/users", :action => "details" }
21 { :path => "/api/0.6/user/details.json", :method => :get },
22 { :controller => "api/users", :action => "details", :format => "json" }
25 { :path => "/api/0.6/user/gpx_files", :method => :get },
26 { :controller => "api/users", :action => "gpx_files" }
29 { :path => "/api/0.6/users", :method => :get },
30 { :controller => "api/users", :action => "index" }
33 { :path => "/api/0.6/users.json", :method => :get },
34 { :controller => "api/users", :action => "index", :format => "json" }
40 :description => "test",
41 :terms_agreed => Date.yesterday,
42 :home_lat => 12.1, :home_lon => 23.4,
45 # check that a visible user is returned properly
46 get api_user_path(:id => user.id)
47 assert_response :success
48 assert_equal "application/xml", response.media_type
50 # check the data that is returned
51 check_xml_details(user, false)
53 # check that a suspended user is not returned
54 get api_user_path(:id => create(:user, :suspended).id)
57 # check that a deleted user is not returned
58 get api_user_path(:id => create(:user, :deleted).id)
61 # check that a non-existent user is not returned
62 get api_user_path(:id => 0)
63 assert_response :not_found
65 # check that a visible user is returned properly in json
66 get api_user_path(:id => user.id, :format => "json")
67 assert_response :success
68 assert_equal "application/json", response.media_type
71 js = ActiveSupport::JSON.decode(@response.body)
74 # check the data that is returned
75 check_json_details(js, user, false)
80 :home_lat => 12.1, :home_lon => 23.4,
82 good_token = create(:access_token,
84 :allow_read_prefs => true)
85 bad_token = create(:access_token,
87 other_user = create(:user,
88 :home_lat => 12.1, :home_lon => 23.4,
91 # check that we can fetch our own details as XML with read_prefs
92 signed_get api_user_path(:id => user.id), :oauth => { :token => good_token }
93 assert_response :success
94 assert_equal "application/xml", response.media_type
96 # check the data that is returned
97 check_xml_details(user, true)
99 # check that we can fetch a different user's details as XML with read_prefs
100 signed_get api_user_path(:id => other_user.id), :oauth => { :token => good_token }
101 assert_response :success
102 assert_equal "application/xml", response.media_type
104 # check the data that is returned
105 check_xml_details(other_user, false)
107 # check that we can fetch our own details as XML without read_prefs
108 signed_get api_user_path(:id => user.id), :oauth => { :token => bad_token }
109 assert_response :success
110 assert_equal "application/xml", response.media_type
112 # check the data that is returned
113 check_xml_details(user, false)
115 # check that we can fetch our own details as JSON with read_prefs
116 signed_get api_user_path(:id => user.id, :format => "json"), :oauth => { :token => good_token }
117 assert_response :success
118 assert_equal "application/json", response.media_type
121 js = ActiveSupport::JSON.decode(@response.body)
124 # check the data that is returned
125 check_json_details(js, user, true)
127 # check that we can fetch a different user's details as JSON with read_prefs
128 signed_get api_user_path(:id => other_user.id, :format => "json"), :oauth => { :token => good_token }
129 assert_response :success
130 assert_equal "application/json", response.media_type
133 js = ActiveSupport::JSON.decode(@response.body)
136 # check the data that is returned
137 check_json_details(js, other_user, false)
139 # check that we can fetch our own details as JSON without read_prefs
140 signed_get api_user_path(:id => other_user.id, :format => "json"), :oauth => { :token => bad_token }
141 assert_response :success
142 assert_equal "application/json", response.media_type
145 js = ActiveSupport::JSON.decode(@response.body)
148 # check the data that is returned
149 check_json_details(js, other_user, false)
154 :home_lat => 12.1, :home_lon => 23.4,
155 :languages => ["en"])
156 good_token = create(:oauth_access_token,
157 :resource_owner_id => user.id,
158 :scopes => %w[read_prefs])
159 bad_token = create(:oauth_access_token,
160 :resource_owner_id => user.id,
162 other_user = create(:user,
163 :home_lat => 12.1, :home_lon => 23.4,
164 :languages => ["en"])
166 # check that we can fetch our own details as XML with read_prefs
167 get api_user_path(:id => user.id), :headers => bearer_authorization_header(good_token.token)
168 assert_response :success
169 assert_equal "application/xml", response.media_type
171 # check the data that is returned
172 check_xml_details(user, true)
174 # check that we can fetch a different user's details as XML with read_prefs
175 get api_user_path(:id => other_user.id), :headers => bearer_authorization_header(good_token.token)
176 assert_response :success
177 assert_equal "application/xml", response.media_type
179 # check the data that is returned
180 check_xml_details(other_user, false)
182 # check that we can fetch our own details as XML without read_prefs
183 get api_user_path(:id => user.id), :headers => bearer_authorization_header(bad_token.token)
184 assert_response :success
185 assert_equal "application/xml", response.media_type
187 # check the data that is returned
188 check_xml_details(user, false)
190 # check that we can fetch our own details as JSON with read_prefs
191 get api_user_path(:id => user.id, :format => "json"), :headers => bearer_authorization_header(good_token.token)
192 assert_response :success
193 assert_equal "application/json", response.media_type
196 js = ActiveSupport::JSON.decode(@response.body)
199 # check the data that is returned
200 check_json_details(js, user, true)
202 # check that we can fetch a different user's details as JSON with read_prefs
203 get api_user_path(:id => other_user.id, :format => "json"), :headers => bearer_authorization_header(good_token.token)
204 assert_response :success
205 assert_equal "application/json", response.media_type
208 js = ActiveSupport::JSON.decode(@response.body)
211 # check the data that is returned
212 check_json_details(js, other_user, false)
214 # check that we can fetch our own details as JSON without read_prefs
215 get api_user_path(:id => user.id, :format => "json"), :headers => bearer_authorization_header(bad_token.token)
216 assert_response :success
217 assert_equal "application/json", response.media_type
220 js = ActiveSupport::JSON.decode(@response.body)
223 # check the data that is returned
224 check_json_details(js, user, false)
229 :description => "test",
230 :terms_agreed => Date.yesterday,
231 :home_lat => 12.1, :home_lon => 23.4,
232 :languages => ["en"])
233 create(:message, :read, :recipient => user)
234 create(:message, :sender => user)
236 # check that nothing is returned when not logged in
237 get user_details_path
238 assert_response :unauthorized
240 # check that we get a response when logged in
241 auth_header = basic_authorization_header user.email, "test"
242 get user_details_path, :headers => auth_header
243 assert_response :success
244 assert_equal "application/xml", response.media_type
246 # check the data that is returned
247 check_xml_details(user, true)
249 # check that data is returned properly in json
250 auth_header = basic_authorization_header user.email, "test"
251 get user_details_path(:format => "json"), :headers => auth_header
252 assert_response :success
253 assert_equal "application/json", response.media_type
256 js = ActiveSupport::JSON.decode(@response.body)
259 # check the data that is returned
260 check_json_details(js, user, true)
263 def test_details_oauth1
265 :home_lat => 12.1, :home_lon => 23.4,
266 :languages => ["en"])
267 good_token = create(:access_token,
269 :allow_read_prefs => true)
270 bad_token = create(:access_token,
273 # check that we can't fetch details as XML without read_prefs
274 signed_get user_details_path, :oauth => { :token => bad_token }
275 assert_response :forbidden
277 # check that we can fetch details as XML
278 signed_get user_details_path, :oauth => { :token => good_token }
279 assert_response :success
280 assert_equal "application/xml", response.media_type
282 # check the data that is returned
283 check_xml_details(user, true)
285 # check that we can't fetch details as JSON without read_prefs
286 signed_get user_details_path(:format => "json"), :oauth => { :token => bad_token }
287 assert_response :forbidden
289 # check that we can fetch details as JSON
290 signed_get user_details_path(:format => "json"), :oauth => { :token => good_token }
291 assert_response :success
292 assert_equal "application/json", response.media_type
295 js = ActiveSupport::JSON.decode(@response.body)
298 # check the data that is returned
299 check_json_details(js, user, true)
302 def test_details_oauth2
304 :home_lat => 12.1, :home_lon => 23.4,
305 :languages => ["en"])
306 good_token = create(:oauth_access_token,
307 :resource_owner_id => user.id,
308 :scopes => %w[read_prefs])
309 bad_token = create(:oauth_access_token,
310 :resource_owner_id => user.id)
312 # check that we can't fetch details as XML without read_prefs
313 get user_details_path, :headers => bearer_authorization_header(bad_token.token)
314 assert_response :forbidden
316 # check that we can fetch details as XML
317 get user_details_path, :headers => bearer_authorization_header(good_token.token)
318 assert_response :success
319 assert_equal "application/xml", response.media_type
321 # check the data that is returned
322 check_xml_details(user, true)
324 # check that we can't fetch details as JSON without read_prefs
325 get user_details_path(:format => "json"), :headers => bearer_authorization_header(bad_token.token)
326 assert_response :forbidden
328 # check that we can fetch details as JSON
329 get user_details_path(:format => "json"), :headers => bearer_authorization_header(good_token.token)
330 assert_response :success
331 assert_equal "application/json", response.media_type
334 js = ActiveSupport::JSON.decode(@response.body)
337 # check the data that is returned
338 check_json_details(js, user, true)
342 user1 = create(:user, :description => "test1", :terms_agreed => Date.yesterday)
343 user2 = create(:user, :description => "test2", :terms_agreed => Date.yesterday)
344 user3 = create(:user, :description => "test3", :terms_agreed => Date.yesterday)
346 get api_users_path, :params => { :users => user1.id }
347 assert_response :success
348 assert_equal "application/xml", response.media_type
349 assert_select "user", :count => 1 do
350 check_xml_details(user1, false)
351 assert_select "user[id='#{user2.id}']", :count => 0
352 assert_select "user[id='#{user3.id}']", :count => 0
355 get api_users_path, :params => { :users => user2.id }
356 assert_response :success
357 assert_equal "application/xml", response.media_type
358 assert_select "user", :count => 1 do
359 assert_select "user[id='#{user1.id}']", :count => 0
360 check_xml_details(user2, false)
361 assert_select "user[id='#{user3.id}']", :count => 0
364 get api_users_path, :params => { :users => "#{user1.id},#{user3.id}" }
365 assert_response :success
366 assert_equal "application/xml", response.media_type
367 assert_select "user", :count => 2 do
368 check_xml_details(user1, false)
369 assert_select "user[id='#{user2.id}']", :count => 0
370 check_xml_details(user3, false)
373 get api_users_path, :params => { :users => user1.id, :format => "json" }
374 assert_response :success
375 assert_equal "application/json", response.media_type
376 js = ActiveSupport::JSON.decode(@response.body)
378 assert_equal 1, js["users"].count
379 check_json_details(js["users"][0], user1, false)
381 get api_users_path, :params => { :users => user2.id, :format => "json" }
382 assert_response :success
383 assert_equal "application/json", response.media_type
384 js = ActiveSupport::JSON.decode(@response.body)
386 assert_equal 1, js["users"].count
387 check_json_details(js["users"][0], user2, false)
389 get api_users_path, :params => { :users => "#{user1.id},#{user3.id}", :format => "json" }
390 assert_response :success
391 assert_equal "application/json", response.media_type
392 js = ActiveSupport::JSON.decode(@response.body)
394 assert_equal 2, js["users"].count
395 check_json_details(js["users"][0], user1, false)
396 check_json_details(js["users"][1], user3, false)
398 get api_users_path, :params => { :users => create(:user, :suspended).id }
399 assert_response :not_found
401 get api_users_path, :params => { :users => create(:user, :deleted).id }
402 assert_response :not_found
404 get api_users_path, :params => { :users => 0 }
405 assert_response :not_found
408 def test_index_oauth1
409 user1 = create(:user, :description => "test1", :terms_agreed => Date.yesterday)
410 user2 = create(:user, :description => "test2", :terms_agreed => Date.yesterday)
411 user3 = create(:user, :description => "test3", :terms_agreed => Date.yesterday)
412 good_token = create(:access_token, :user => user1, :allow_read_prefs => true)
413 bad_token = create(:access_token, :user => user1)
415 signed_get api_users_path, :params => { :users => user1.id }, :oauth => { :token => good_token }
416 assert_response :success
417 assert_equal "application/xml", response.media_type
418 assert_select "user", :count => 1 do
419 check_xml_details(user1, true)
420 assert_select "user[id='#{user2.id}']", :count => 0
421 assert_select "user[id='#{user3.id}']", :count => 0
424 signed_get api_users_path, :params => { :users => user2.id }, :oauth => { :token => good_token }
425 assert_response :success
426 assert_equal "application/xml", response.media_type
427 assert_select "user", :count => 1 do
428 assert_select "user[id='#{user1.id}']", :count => 0
429 check_xml_details(user2, false)
430 assert_select "user[id='#{user3.id}']", :count => 0
433 signed_get api_users_path, :params => { :users => "#{user1.id},#{user3.id}" }, :oauth => { :token => good_token }
434 assert_response :success
435 assert_equal "application/xml", response.media_type
436 assert_select "user", :count => 2 do
437 check_xml_details(user1, true)
438 assert_select "user[id='#{user2.id}']", :count => 0
439 check_xml_details(user3, false)
442 signed_get api_users_path, :params => { :users => "#{user1.id},#{user3.id}" }, :oauth => { :token => bad_token }
443 assert_response :success
444 assert_equal "application/xml", response.media_type
445 assert_select "user", :count => 2 do
446 check_xml_details(user1, false)
447 assert_select "user[id='#{user2.id}']", :count => 0
448 check_xml_details(user3, false)
451 signed_get api_users_path, :params => { :users => user1.id, :format => "json" }, :oauth => { :token => good_token }
452 assert_response :success
453 assert_equal "application/json", response.media_type
454 js = ActiveSupport::JSON.decode(@response.body)
456 assert_equal 1, js["users"].count
457 check_json_details(js["users"][0], user1, true)
459 signed_get api_users_path, :params => { :users => user2.id, :format => "json" }, :oauth => { :token => good_token }
460 assert_response :success
461 assert_equal "application/json", response.media_type
462 js = ActiveSupport::JSON.decode(@response.body)
464 assert_equal 1, js["users"].count
465 check_json_details(js["users"][0], user2, false)
467 signed_get api_users_path, :params => { :users => "#{user1.id},#{user3.id}", :format => "json" }, :oauth => { :token => good_token }
468 assert_response :success
469 assert_equal "application/json", response.media_type
470 js = ActiveSupport::JSON.decode(@response.body)
472 assert_equal 2, js["users"].count
473 check_json_details(js["users"][0], user1, true)
474 check_json_details(js["users"][1], user3, false)
476 signed_get api_users_path, :params => { :users => "#{user1.id},#{user3.id}", :format => "json" }, :oauth => { :token => bad_token }
477 assert_response :success
478 assert_equal "application/json", response.media_type
479 js = ActiveSupport::JSON.decode(@response.body)
481 assert_equal 2, js["users"].count
482 check_json_details(js["users"][0], user1, false)
483 check_json_details(js["users"][1], user3, false)
485 signed_get api_users_path, :params => { :users => create(:user, :suspended).id }, :oauth => { :token => good_token }
486 assert_response :not_found
488 signed_get api_users_path, :params => { :users => create(:user, :deleted).id }, :oauth => { :token => good_token }
489 assert_response :not_found
491 signed_get api_users_path, :params => { :users => 0 }, :oauth => { :token => good_token }
492 assert_response :not_found
495 def test_index_oauth2
496 user1 = create(:user, :description => "test1", :terms_agreed => Date.yesterday)
497 user2 = create(:user, :description => "test2", :terms_agreed => Date.yesterday)
498 user3 = create(:user, :description => "test3", :terms_agreed => Date.yesterday)
499 good_token = create(:oauth_access_token, :resource_owner_id => user1.id, :scopes => %w[read_prefs])
500 bad_token = create(:oauth_access_token, :resource_owner_id => user1.id, :scopes => %w[])
502 get api_users_path, :params => { :users => user1.id }, :headers => bearer_authorization_header(good_token.token)
503 assert_response :success
504 assert_equal "application/xml", response.media_type
505 assert_select "user", :count => 1 do
506 check_xml_details(user1, true)
507 assert_select "user[id='#{user2.id}']", :count => 0
508 assert_select "user[id='#{user3.id}']", :count => 0
511 get api_users_path, :params => { :users => user2.id }, :headers => bearer_authorization_header(good_token.token)
512 assert_response :success
513 assert_equal "application/xml", response.media_type
514 assert_select "user", :count => 1 do
515 assert_select "user[id='#{user1.id}']", :count => 0
516 check_xml_details(user2, false)
517 assert_select "user[id='#{user3.id}']", :count => 0
520 get api_users_path, :params => { :users => "#{user1.id},#{user3.id}" }, :headers => bearer_authorization_header(good_token.token)
521 assert_response :success
522 assert_equal "application/xml", response.media_type
523 assert_select "user", :count => 2 do
524 check_xml_details(user1, true)
525 assert_select "user[id='#{user2.id}']", :count => 0
526 check_xml_details(user3, false)
529 get api_users_path, :params => { :users => "#{user1.id},#{user3.id}" }, :headers => bearer_authorization_header(bad_token.token)
530 assert_response :success
531 assert_equal "application/xml", response.media_type
532 assert_select "user", :count => 2 do
533 check_xml_details(user1, false)
534 assert_select "user[id='#{user2.id}']", :count => 0
535 check_xml_details(user3, false)
538 get api_users_path, :params => { :users => user1.id, :format => "json" }, :headers => bearer_authorization_header(good_token.token)
539 assert_response :success
540 assert_equal "application/json", response.media_type
541 js = ActiveSupport::JSON.decode(@response.body)
543 assert_equal 1, js["users"].count
544 check_json_details(js["users"][0], user1, true)
546 get api_users_path, :params => { :users => user2.id, :format => "json" }, :headers => bearer_authorization_header(good_token.token)
547 assert_response :success
548 assert_equal "application/json", response.media_type
549 js = ActiveSupport::JSON.decode(@response.body)
551 assert_equal 1, js["users"].count
552 check_json_details(js["users"][0], user2, false)
554 get api_users_path, :params => { :users => "#{user1.id},#{user3.id}", :format => "json" }, :headers => bearer_authorization_header(good_token.token)
555 assert_response :success
556 assert_equal "application/json", response.media_type
557 js = ActiveSupport::JSON.decode(@response.body)
559 assert_equal 2, js["users"].count
560 check_json_details(js["users"][0], user1, true)
561 check_json_details(js["users"][1], user3, false)
563 get api_users_path, :params => { :users => "#{user1.id},#{user3.id}", :format => "json" }, :headers => bearer_authorization_header(bad_token.token)
564 assert_response :success
565 assert_equal "application/json", response.media_type
566 js = ActiveSupport::JSON.decode(@response.body)
568 assert_equal 2, js["users"].count
569 check_json_details(js["users"][0], user1, false)
570 check_json_details(js["users"][1], user3, false)
572 get api_users_path, :params => { :users => create(:user, :suspended).id }, :headers => bearer_authorization_header(good_token.token)
573 assert_response :not_found
575 get api_users_path, :params => { :users => create(:user, :deleted).id }, :headers => bearer_authorization_header(good_token.token)
576 assert_response :not_found
578 get api_users_path, :params => { :users => 0 }, :headers => bearer_authorization_header(good_token.token)
579 assert_response :not_found
584 trace1 = create(:trace, :user => user) do |trace|
585 create(:tracetag, :trace => trace, :tag => "London")
587 trace2 = create(:trace, :user => user) do |trace|
588 create(:tracetag, :trace => trace, :tag => "Birmingham")
590 # check that nothing is returned when not logged in
591 get user_gpx_files_path
592 assert_response :unauthorized
594 # check that we get a response when logged in
595 auth_header = basic_authorization_header user.email, "test"
596 get user_gpx_files_path, :headers => auth_header
597 assert_response :success
598 assert_equal "application/xml", response.media_type
600 # check the data that is returned
601 assert_select "gpx_file[id='#{trace1.id}']", 1 do
602 assert_select "tag", "London"
604 assert_select "gpx_file[id='#{trace2.id}']", 1 do
605 assert_select "tag", "Birmingham"
611 def check_xml_details(user, include_private)
612 assert_select "user[id='#{user.id}']", :count => 1 do
613 assert_select "description", :count => 1, :text => user.description
615 assert_select "contributor-terms", :count => 1 do
616 if user.terms_agreed.present?
617 assert_select "[agreed='true']", :count => 1
619 assert_select "[agreed='false']", :count => 1
623 assert_select "[pd='false']", :count => 1
625 assert_select "[pd]", :count => 0
629 assert_select "img", :count => 0
631 assert_select "roles", :count => 1 do
632 assert_select "role", :count => 0
635 assert_select "changesets", :count => 1 do
636 assert_select "[count='0']", :count => 1
639 assert_select "traces", :count => 1 do
640 assert_select "[count='0']", :count => 1
643 assert_select "blocks", :count => 1 do
644 assert_select "received", :count => 1 do
645 assert_select "[count='0'][active='0']", :count => 1
648 assert_select "issued", :count => 0
651 if include_private && user.home_lat.present? && user.home_lon.present?
652 assert_select "home", :count => 1 do
653 assert_select "[lat='12.1'][lon='23.4'][zoom='3']", :count => 1
656 assert_select "home", :count => 0
660 assert_select "languages", :count => 1 do
661 assert_select "lang", :count => user.languages.count
663 user.languages.each do |language|
664 assert_select "lang", :count => 1, :text => language
668 assert_select "messages", :count => 1 do
669 assert_select "received", :count => 1 do
670 assert_select "[count='#{user.messages.count}'][unread='0']", :count => 1
673 assert_select "sent", :count => 1 do
674 assert_select "[count='#{user.sent_messages.count}']", :count => 1
678 assert_select "languages", :count => 0
679 assert_select "messages", :count => 0
684 def check_json_details(js, user, include_private)
685 assert_equal user.id, js["user"]["id"]
686 assert_equal user.description, js["user"]["description"]
687 assert js["user"]["contributor_terms"]["agreed"]
690 assert_not js["user"]["contributor_terms"]["pd"]
692 assert_nil js["user"]["contributor_terms"]["pd"]
695 assert_nil js["user"]["img"]
696 assert_empty js["user"]["roles"]
697 assert_equal 0, js["user"]["changesets"]["count"]
698 assert_equal 0, js["user"]["traces"]["count"]
699 assert_equal 0, js["user"]["blocks"]["received"]["count"]
700 assert_equal 0, js["user"]["blocks"]["received"]["active"]
701 assert_nil js["user"]["blocks"]["issued"]
703 if include_private && user.home_lat.present? && user.home_lon.present?
704 assert_in_delta 12.1, js["user"]["home"]["lat"]
705 assert_in_delta 23.4, js["user"]["home"]["lon"]
706 assert_equal 3, js["user"]["home"]["zoom"]
708 assert_nil js["user"]["home"]
711 if include_private && user.languages.present?
712 assert_equal user.languages, js["user"]["languages"]
714 assert_nil js["user"]["languages"]
718 assert_equal user.messages.count, js["user"]["messages"]["received"]["count"]
719 assert_equal 0, js["user"]["messages"]["received"]["unread"]
720 assert_equal user.sent_messages.count, js["user"]["messages"]["sent"]["count"]
722 assert_nil js["user"]["messages"]