test/controllers/api/traces/data_controller_test.rb

   1 # frozen_string_literal: true
   2
   3 require "test_helper"
   4
   5 module Api
   6   module Traces
   7     class DataControllerTest < ActionDispatch::IntegrationTest
   8       ##
   9       # test all routes which lead to this controller
  10       def test_routes
  11         assert_routing(
  12           { :path => "/api/0.6/gpx/1/data", :method => :get },
  13           { :controller => "api/traces/data", :action => "show", :trace_id => "1" }
  14         )
  15         assert_routing(
  16           { :path => "/api/0.6/gpx/1/data.xml", :method => :get },
  17           { :controller => "api/traces/data", :action => "show", :trace_id => "1", :format => "xml" }
  18         )
  19       end
  20
  21       # Test downloading a trace through the api
  22       def test_show
  23         public_trace_file = create(:trace, :visibility => "public", :fixture => "a")
  24
  25         # First with no auth
  26         get api_trace_data_path(public_trace_file)
  27         assert_response :unauthorized
  28
  29         # Now with some other user, which should work since the trace is public
  30         auth_header = bearer_authorization_header
  31         get api_trace_data_path(public_trace_file), :headers => auth_header
  32         follow_redirect!
  33         follow_redirect!
  34         check_trace_data public_trace_file, "848caa72f2f456d1bd6a0fdf228aa1b9"
  35
  36         # And finally we should be able to do it with the owner of the trace
  37         auth_header = bearer_authorization_header public_trace_file.user
  38         get api_trace_data_path(public_trace_file), :headers => auth_header
  39         follow_redirect!
  40         follow_redirect!
  41         check_trace_data public_trace_file, "848caa72f2f456d1bd6a0fdf228aa1b9"
  42       end
  43
  44       # Test downloading a compressed trace through the api
  45       def test_data_compressed
  46         identifiable_trace_file = create(:trace, :visibility => "identifiable", :fixture => "d")
  47
  48         # Authenticate as the owner of the trace we will be using
  49         auth_header = bearer_authorization_header identifiable_trace_file.user
  50
  51         # First get the data as is
  52         get api_trace_data_path(identifiable_trace_file), :headers => auth_header
  53         follow_redirect!
  54         follow_redirect!
  55         check_trace_data identifiable_trace_file, "c6422a3d8750faae49ed70e7e8a51b93", "application/gzip", "gpx.gz"
  56
  57         # Now ask explicitly for XML format
  58         get api_trace_data_path(identifiable_trace_file, :format => "xml"), :headers => auth_header
  59         check_trace_data identifiable_trace_file, "abd6675fdf3024a84fc0a1deac147c0d", "application/xml", "xml"
  60
  61         # Now ask explicitly for GPX format
  62         get api_trace_data_path(identifiable_trace_file, :format => "gpx"), :headers => auth_header
  63         check_trace_data identifiable_trace_file, "abd6675fdf3024a84fc0a1deac147c0d"
  64       end
  65
  66       # Check an anonymous trace can't be downloaded by another user through the api
  67       def test_data_anon
  68         anon_trace_file = create(:trace, :visibility => "private", :fixture => "b")
  69
  70         # First with no auth
  71         get api_trace_data_path(anon_trace_file)
  72         assert_response :unauthorized
  73
  74         # Now with some other user, which shouldn't work since the trace is anon
  75         auth_header = bearer_authorization_header
  76         get api_trace_data_path(anon_trace_file), :headers => auth_header
  77         assert_response :forbidden
  78
  79         # And finally we should be able to do it with the owner of the trace
  80         auth_header = bearer_authorization_header anon_trace_file.user
  81         get api_trace_data_path(anon_trace_file), :headers => auth_header
  82         follow_redirect!
  83         follow_redirect!
  84         check_trace_data anon_trace_file, "db4cb5ed2d7d2b627b3b504296c4f701"
  85       end
  86
  87       # Test downloading a trace that doesn't exist through the api
  88       def test_data_not_found
  89         deleted_trace_file = create(:trace, :deleted)
  90
  91         # Try first with no auth, as it should require it
  92         get api_trace_data_path(0)
  93         assert_response :unauthorized
  94
  95         # Login, and try again
  96         auth_header = bearer_authorization_header
  97         get api_trace_data_path(0), :headers => auth_header
  98         assert_response :not_found
  99
 100         # Now try a trace which did exist but has been deleted
 101         auth_header = bearer_authorization_header deleted_trace_file.user
 102         get api_trace_data_path(deleted_trace_file), :headers => auth_header
 103         assert_response :not_found
 104       end
 105
 106       private
 107
 108       def check_trace_data(trace, digest, content_type = "application/gpx+xml", extension = "gpx")
 109         assert_response :success
 110         assert_equal digest, Digest::MD5.hexdigest(response.body)
 111         assert_equal content_type, response.media_type
 112         assert_equal "attachment; filename=\"#{trace.id}.#{extension}\"; filename*=UTF-8''#{trace.id}.#{extension}", @response.header["Content-Disposition"]
 113       end
 114     end
 115   end
 116 end