2 require_relative "elements_test_helper"
5 class WaysControllerTest < ActionDispatch::IntegrationTest
6 include ElementsTestHelper
9 # test all routes which lead to this controller
12 { :path => "/api/0.6/ways", :method => :get },
13 { :controller => "api/ways", :action => "index" }
16 { :path => "/api/0.6/ways.json", :method => :get },
17 { :controller => "api/ways", :action => "index", :format => "json" }
20 { :path => "/api/0.6/ways", :method => :post },
21 { :controller => "api/ways", :action => "create" }
24 { :path => "/api/0.6/way/1", :method => :get },
25 { :controller => "api/ways", :action => "show", :id => "1" }
28 { :path => "/api/0.6/way/1.json", :method => :get },
29 { :controller => "api/ways", :action => "show", :id => "1", :format => "json" }
32 { :path => "/api/0.6/way/1/full", :method => :get },
33 { :controller => "api/ways", :action => "show", :full => true, :id => "1" }
36 { :path => "/api/0.6/way/1/full.json", :method => :get },
37 { :controller => "api/ways", :action => "show", :full => true, :id => "1", :format => "json" }
40 { :path => "/api/0.6/way/1", :method => :put },
41 { :controller => "api/ways", :action => "update", :id => "1" }
44 { :path => "/api/0.6/way/1", :method => :delete },
45 { :controller => "api/ways", :action => "destroy", :id => "1" }
49 { :controller => "api/ways", :action => "create" },
50 { :path => "/api/0.6/way/create", :method => :put }
55 # test fetching multiple ways
58 way2 = create(:way, :deleted)
62 # check error when no parameter provided
64 assert_response :bad_request
66 # check error when no parameter value provided
67 get api_ways_path(:ways => "")
68 assert_response :bad_request
71 get api_ways_path(:ways => "#{way1.id},#{way2.id},#{way3.id},#{way4.id}")
72 assert_response :success
73 assert_select "osm" do
74 assert_select "way", :count => 4
75 assert_select "way[id='#{way1.id}'][visible='true']", :count => 1
76 assert_select "way[id='#{way2.id}'][visible='false']", :count => 1
77 assert_select "way[id='#{way3.id}'][visible='true']", :count => 1
78 assert_select "way[id='#{way4.id}'][visible='true']", :count => 1
81 # test a working call with json format
82 get api_ways_path(:ways => "#{way1.id},#{way2.id},#{way3.id},#{way4.id}", :format => "json")
84 js = ActiveSupport::JSON.decode(@response.body)
86 assert_equal 4, js["elements"].count
87 assert_equal 4, (js["elements"].count { |a| a["type"] == "way" })
88 assert_equal 1, (js["elements"].count { |a| a["id"] == way1.id && a["visible"].nil? })
89 assert_equal 1, (js["elements"].count { |a| a["id"] == way2.id && a["visible"] == false })
90 assert_equal 1, (js["elements"].count { |a| a["id"] == way3.id && a["visible"].nil? })
91 assert_equal 1, (js["elements"].count { |a| a["id"] == way4.id && a["visible"].nil? })
93 # check error when a non-existent way is included
94 get api_ways_path(:ways => "#{way1.id},#{way2.id},#{way3.id},#{way4.id},0")
95 assert_response :not_found
98 # -------------------------------------
100 # -------------------------------------
102 def test_show_not_found
104 assert_response :not_found
107 def test_show_deleted
108 get api_way_path(create(:way, :deleted))
109 assert_response :gone
113 way = create(:way, :timestamp => "2021-02-03T00:00:00Z")
114 node = create(:node, :timestamp => "2021-04-05T00:00:00Z")
115 create(:way_node, :way => way, :node => node)
117 get api_way_path(way)
119 assert_response :success
120 assert_not_nil @response.header["Last-Modified"]
121 assert_equal "2021-02-03T00:00:00Z", Time.parse(@response.header["Last-Modified"]).utc.xmlschema
125 way = create(:way_with_nodes, :nodes_count => 3)
127 get api_way_path(way, :format => "json")
129 assert_response :success
131 js = ActiveSupport::JSON.decode(@response.body)
133 assert_equal 1, js["elements"].count
134 js_ways = js["elements"].filter { |e| e["type"] == "way" }
135 assert_equal 1, js_ways.count
136 assert_equal way.id, js_ways[0]["id"]
137 assert_equal 1, js_ways[0]["version"]
141 # check the "full" mode
143 way = create(:way_with_nodes, :nodes_count => 3)
145 get api_way_path(way, :full => true)
147 assert_response :success
149 # Check the way is correctly returned
150 assert_select "osm way[id='#{way.id}'][version='1'][visible='true']", 1
152 # check that each node in the way appears once in the output as a
153 # reference and as the node element.
154 way.nodes.each do |n|
155 assert_select "osm way nd[ref='#{n.id}']", 1
156 assert_select "osm node[id='#{n.id}'][version='1'][lat='#{format('%<lat>.7f', :lat => n.lat)}'][lon='#{format('%<lon>.7f', :lon => n.lon)}']", 1
160 def test_show_full_json
161 way = create(:way_with_nodes, :nodes_count => 3)
163 get api_way_path(way, :full => true, :format => "json")
165 assert_response :success
167 # Check the way is correctly returned
168 js = ActiveSupport::JSON.decode(@response.body)
170 assert_equal 4, js["elements"].count
171 js_ways = js["elements"].filter { |e| e["type"] == "way" }
172 assert_equal 1, js_ways.count
173 assert_equal way.id, js_ways[0]["id"]
174 assert_equal 1, js_ways[0]["version"]
176 # check that each node in the way appears once in the output as a
177 # reference and as the node element.
178 js_nodes = js["elements"].filter { |e| e["type"] == "node" }
179 assert_equal 3, js_nodes.count
181 way.nodes.each_with_index do |n, i|
182 assert_equal n.id, js_ways[0]["nodes"][i]
183 js_nodes_with_id = js_nodes.filter { |e| e["id"] == n.id }
184 assert_equal 1, js_nodes_with_id.count
185 assert_equal n.id, js_nodes_with_id[0]["id"]
186 assert_equal 1, js_nodes_with_id[0]["version"]
187 assert_equal n.lat, js_nodes_with_id[0]["lat"]
188 assert_equal n.lon, js_nodes_with_id[0]["lon"]
192 def test_show_full_deleted
193 way = create(:way, :deleted)
195 get api_way_path(way, :full => true)
197 assert_response :gone
200 # -------------------------------------
201 # Test creating ways.
202 # -------------------------------------
204 def test_create_by_private_user
205 node1 = create(:node)
206 node2 = create(:node)
208 with_unchanging_request([:data_public => false]) do |headers, changeset|
211 <way changeset='#{changeset.id}'>
212 <nd ref='#{node1.id}'/>
213 <nd ref='#{node2.id}'/>
214 <tag k='test' v='yes' />
219 post api_ways_path, :params => osm, :headers => headers
221 assert_response :forbidden, "way upload did not return forbidden status"
226 node1 = create(:node)
227 node2 = create(:node)
229 with_request do |headers, changeset|
230 assert_difference "Way.count" => 1,
231 "WayNode.count" => 2 do
234 <way changeset='#{changeset.id}'>
235 <nd ref='#{node1.id}'/>
236 <nd ref='#{node2.id}'/>
237 <tag k='test' v='yes' />
242 post api_ways_path, :params => osm, :headers => headers
244 assert_response :success, "way upload did not return success status"
247 created_way_id = @response.body
248 way = Way.find(created_way_id)
249 assert_equal [node1, node2], way.nodes
250 assert_equal changeset.id, way.changeset_id, "saved way does not belong to the correct changeset"
251 assert way.visible, "saved way is not visible"
255 def test_create_with_missing_node_by_private_user
256 with_unchanging_request([:data_public => false]) do |headers, changeset|
259 <way changeset='#{changeset.id}'>
265 post api_ways_path, :params => osm, :headers => headers
267 assert_response :forbidden, "way upload with invalid node using a private user did not return 'forbidden'"
271 def test_create_without_nodes_by_private_user
272 with_unchanging_request([:data_public => false]) do |headers, changeset|
275 <way changeset='#{changeset.id}' />
279 post api_ways_path, :params => osm, :headers => headers
281 assert_response :forbidden, "way upload with no node using a private user did not return 'forbidden'"
285 def test_create_in_closed_changeset_by_private_user
288 with_unchanging_request([:data_public => false]) do |headers, changeset|
291 <way changeset='#{changeset.id}'>
292 <nd ref='#{node.id}'/>
297 post api_ways_path, :params => osm, :headers => headers
299 assert_response :forbidden, "way upload to closed changeset with a private user did not return 'forbidden'"
303 def test_create_with_missing_node
304 with_unchanging_request do |headers, changeset|
307 <way changeset='#{changeset.id}'>
313 post api_ways_path, :params => osm, :headers => headers
315 assert_response :precondition_failed, "way upload with invalid node did not return 'precondition failed'"
316 assert_equal "Precondition failed: Way requires the nodes with id in (0), which either do not exist, or are not visible.", @response.body
320 def test_create_without_nodes
321 with_unchanging_request do |headers, changeset|
324 <way changeset='#{changeset.id}' />
328 post api_ways_path, :params => osm, :headers => headers
330 assert_response :precondition_failed, "way upload with no node did not return 'precondition failed'"
331 assert_equal "Precondition failed: Cannot create way: data is invalid.", @response.body
335 def test_create_in_closed_changeset
338 with_unchanging_request([], [:closed]) do |headers, changeset|
341 <way changeset='#{changeset.id}'>
342 <nd ref='#{node.id}'/>
347 post api_ways_path, :params => osm, :headers => headers
349 assert_response :conflict, "way upload to closed changeset did not return 'conflict'"
353 def test_create_with_tag_too_long
356 with_unchanging_request do |headers, changeset|
359 <way changeset='#{changeset.id}'>
360 <nd ref='#{node.id}'/>
361 <tag k='foo' v='#{'x' * 256}'/>
366 post api_ways_path, :params => osm, :headers => headers
368 assert_response :bad_request, "way upload to with too long tag did not return 'bad_request'"
372 # -------------------------------------
373 # Test deleting ways.
374 # -------------------------------------
376 def test_destroy_when_unauthorized
377 with_unchanging(:way) do |way|
378 delete api_way_path(way)
380 assert_response :unauthorized
384 def test_destroy_without_payload_by_private_user
385 with_unchanging(:way) do |way|
386 with_unchanging_request([:data_public => false]) do |headers|
387 delete api_way_path(way), :headers => headers
389 assert_response :forbidden
394 def test_destroy_without_changeset_id_by_private_user
395 with_unchanging(:way) do |way|
396 with_unchanging_request([:data_public => false]) do |headers|
397 osm = "<osm><way id='#{way.id}'/></osm>"
399 delete api_way_path(way), :params => osm, :headers => headers
401 assert_response :forbidden
406 def test_destroy_in_closed_changeset_by_private_user
407 with_unchanging(:way) do |way|
408 with_unchanging_request([:data_public => false], [:closed]) do |headers, changeset|
409 osm_xml = xml_for_way way
410 osm_xml = update_changeset osm_xml, changeset.id
412 delete api_way_path(way), :params => osm_xml.to_s, :headers => headers
414 assert_response :forbidden
419 def test_destroy_in_missing_changeset_by_private_user
420 with_unchanging(:way) do |way|
421 with_unchanging_request([:data_public => false]) do |headers|
422 osm_xml = xml_for_way way
423 osm_xml = update_changeset osm_xml, 0
425 delete api_way_path(way), :params => osm_xml.to_s, :headers => headers
427 assert_response :forbidden
432 def test_destroy_by_private_user
433 with_unchanging(:way) do |way|
434 with_unchanging_request([:data_public => false]) do |headers, changeset|
435 osm_xml = xml_for_way way
436 osm_xml = update_changeset osm_xml, changeset.id
438 delete api_way_path(way), :params => osm_xml.to_s, :headers => headers
440 assert_response :forbidden
445 def test_destroy_deleted_way_by_private_user
446 with_unchanging(:way, :deleted) do |way|
447 with_unchanging_request([:data_public => false]) do |headers, changeset|
448 osm_xml = xml_for_way way
449 osm_xml = update_changeset osm_xml, changeset.id
451 delete api_way_path(way), :params => osm_xml.to_s, :headers => headers
453 assert_response :forbidden
458 def test_destroy_way_in_relation_by_private_user
459 with_unchanging(:way) do |way|
460 create(:relation_member, :member => way)
462 with_unchanging_request([:data_public => false]) do |headers, changeset|
463 osm_xml = xml_for_way way
464 osm_xml = update_changeset osm_xml, changeset.id
466 delete api_way_path(way), :params => osm_xml.to_s, :headers => headers
468 assert_response :forbidden, "shouldn't be able to delete a way used in a relation (#{@response.body}), when done by a private user"
473 def test_destroy_missing_way_by_private_user
474 with_unchanging_request([:data_public => false]) do |headers|
475 delete api_way_path(0), :headers => headers
477 assert_response :forbidden
481 def test_destroy_without_payload
482 with_unchanging(:way) do |way|
483 with_unchanging_request do |headers|
484 delete api_way_path(way), :headers => headers
486 assert_response :bad_request
491 def test_destroy_without_changeset_id
492 with_unchanging(:way) do |way|
493 with_unchanging_request do |headers|
494 osm = "<osm><way id='#{way.id}'/></osm>"
496 delete api_way_path(way), :params => osm, :headers => headers
498 assert_response :bad_request
503 def test_destroy_in_closed_changeset
504 with_unchanging(:way) do |way|
505 with_unchanging_request([], [:closed]) do |headers, changeset|
506 osm_xml = xml_for_way way
507 osm_xml = update_changeset osm_xml, changeset.id
509 delete api_way_path(way), :params => osm_xml.to_s, :headers => headers
511 assert_response :conflict
516 def test_destroy_in_missing_changeset
517 with_unchanging(:way) do |way|
518 with_unchanging_request do |headers|
519 osm_xml = xml_for_way way
520 osm_xml = update_changeset osm_xml, 0
522 delete api_way_path(way), :params => osm_xml.to_s, :headers => headers
524 assert_response :conflict
532 with_request do |headers, changeset|
533 osm_xml = xml_for_way way
534 osm_xml = update_changeset osm_xml, changeset.id
536 delete api_way_path(way), :params => osm_xml.to_s, :headers => headers
538 assert_response :success
540 response_way_version = @response.body.to_i
541 assert_operator response_way_version, :>, way.version, "delete request should return a new version number for way"
543 assert_not_predicate way, :visible?
544 assert_equal response_way_version, way.version
548 def test_destroy_deleted_way
549 with_unchanging(:way, :deleted) do |way|
550 with_unchanging_request do |headers, changeset|
551 osm_xml = xml_for_way way
552 osm_xml = update_changeset osm_xml, changeset.id
554 delete api_way_path(way), :params => osm_xml.to_s, :headers => headers
556 assert_response :gone
561 def test_destroy_way_in_relation
562 with_unchanging(:way) do |way|
563 relation_member = create(:relation_member, :member => way)
565 with_unchanging_request do |headers, changeset|
566 osm_xml = xml_for_way way
567 osm_xml = update_changeset osm_xml, changeset.id
569 delete api_way_path(way), :params => osm_xml.to_s, :headers => headers
571 assert_response :precondition_failed, "shouldn't be able to delete a way used in a relation (#{@response.body})"
572 assert_equal "Precondition failed: Way #{way.id} is still used by relations #{relation_member.relation.id}.", @response.body
577 def test_destroy_missing_way_with_payload
578 with_unchanging(:way) do |way|
579 with_unchanging_request do |headers, changeset|
580 osm_xml = xml_for_way way
581 osm_xml = update_changeset osm_xml, changeset.id
583 delete api_way_path(0), :params => osm_xml.to_s, :headers => headers
585 assert_response :not_found
591 # tests whether the API works and prevents incorrect use while trying
594 private_user = create(:user, :data_public => false)
595 private_way = create(:way, :changeset => create(:changeset, :user => private_user))
597 way = create(:way, :changeset => create(:changeset, :user => user))
599 create(:way_node, :way => private_way, :node => node)
600 create(:way_node, :way => way, :node => node)
602 ## First test with no user credentials
603 # try and update a way without authorisation
604 xml = xml_for_way(way)
605 put api_way_path(way), :params => xml.to_s
606 assert_response :unauthorized
608 ## Second test with the private user
611 auth_header = bearer_authorization_header private_user
613 ## trying to break changesets
615 # try and update in someone else's changeset
616 xml = update_changeset(xml_for_way(private_way),
617 create(:changeset).id)
618 put api_way_path(private_way), :params => xml.to_s, :headers => auth_header
619 assert_require_public_data "update with other user's changeset should be forbidden when date isn't public"
621 # try and update in a closed changeset
622 xml = update_changeset(xml_for_way(private_way),
623 create(:changeset, :closed, :user => private_user).id)
624 put api_way_path(private_way), :params => xml.to_s, :headers => auth_header
625 assert_require_public_data "update with closed changeset should be forbidden, when data isn't public"
627 # try and update in a non-existant changeset
628 xml = update_changeset(xml_for_way(private_way), 0)
629 put api_way_path(private_way), :params => xml.to_s, :headers => auth_header
630 assert_require_public_data("update with changeset=0 should be forbidden, when data isn't public")
632 ## try and submit invalid updates
633 xml = xml_replace_node(xml_for_way(private_way), node.id, 9999)
634 put api_way_path(private_way), :params => xml.to_s, :headers => auth_header
635 assert_require_public_data "way with non-existent node should be forbidden, when data isn't public"
637 xml = xml_replace_node(xml_for_way(private_way), node.id, create(:node, :deleted).id)
638 put api_way_path(private_way), :params => xml.to_s, :headers => auth_header
639 assert_require_public_data "way with deleted node should be forbidden, when data isn't public"
641 ## finally, produce a good request which will still not work
642 xml = xml_for_way(private_way)
643 put api_way_path(private_way), :params => xml.to_s, :headers => auth_header
644 assert_require_public_data "should have failed with a forbidden when data isn't public"
646 ## Finally test with the public user
649 auth_header = bearer_authorization_header user
651 ## trying to break changesets
653 # try and update in someone else's changeset
654 xml = update_changeset(xml_for_way(way),
655 create(:changeset).id)
656 put api_way_path(way), :params => xml.to_s, :headers => auth_header
657 assert_response :conflict, "update with other user's changeset should be rejected"
659 # try and update in a closed changeset
660 xml = update_changeset(xml_for_way(way),
661 create(:changeset, :closed, :user => user).id)
662 put api_way_path(way), :params => xml.to_s, :headers => auth_header
663 assert_response :conflict, "update with closed changeset should be rejected"
665 # try and update in a non-existant changeset
666 xml = update_changeset(xml_for_way(way), 0)
667 put api_way_path(way), :params => xml.to_s, :headers => auth_header
668 assert_response :conflict, "update with changeset=0 should be rejected"
670 ## try and submit invalid updates
671 xml = xml_replace_node(xml_for_way(way), node.id, 9999)
672 put api_way_path(way), :params => xml.to_s, :headers => auth_header
673 assert_response :precondition_failed, "way with non-existent node should be rejected"
675 xml = xml_replace_node(xml_for_way(way), node.id, create(:node, :deleted).id)
676 put api_way_path(way), :params => xml.to_s, :headers => auth_header
677 assert_response :precondition_failed, "way with deleted node should be rejected"
679 ## next, attack the versioning
680 current_way_version = way.version
682 # try and submit a version behind
683 xml = xml_attr_rewrite(xml_for_way(way),
684 "version", current_way_version - 1)
685 put api_way_path(way), :params => xml.to_s, :headers => auth_header
686 assert_response :conflict, "should have failed on old version number"
688 # try and submit a version ahead
689 xml = xml_attr_rewrite(xml_for_way(way),
690 "version", current_way_version + 1)
691 put api_way_path(way), :params => xml.to_s, :headers => auth_header
692 assert_response :conflict, "should have failed on skipped version number"
694 # try and submit total crap in the version field
695 xml = xml_attr_rewrite(xml_for_way(way),
696 "version", "p1r4t3s!")
697 put api_way_path(way), :params => xml.to_s, :headers => auth_header
698 assert_response :conflict,
699 "should not be able to put 'p1r4at3s!' in the version field"
701 ## try an update with the wrong ID
702 xml = xml_for_way(create(:way))
703 put api_way_path(way), :params => xml.to_s, :headers => auth_header
704 assert_response :bad_request,
705 "should not be able to update a way with a different ID from the XML"
707 ## try an update with a minimal valid XML doc which isn't a well-formed OSM doc.
709 put api_way_path(way), :params => xml.to_s, :headers => auth_header
710 assert_response :bad_request,
711 "should not be able to update a way with non-OSM XML doc."
713 ## finally, produce a good request which should work
714 xml = xml_for_way(way)
715 put api_way_path(way), :params => xml.to_s, :headers => auth_header
716 assert_response :success, "a valid update request failed"
719 # ------------------------------------------------------------
721 # ------------------------------------------------------------
724 # Try adding a new tag to a way
726 private_user = create(:user, :data_public => false)
727 private_way = create(:way_with_nodes, :nodes_count => 2, :changeset => create(:changeset, :user => private_user))
729 way = create(:way_with_nodes, :nodes_count => 2, :changeset => create(:changeset, :user => user))
731 ## Try with the non-public user
733 auth_header = bearer_authorization_header private_user
735 # add an identical tag to the way
736 tag_xml = XML::Node.new("tag")
740 # add the tag into the existing xml
741 way_xml = xml_for_way(private_way)
742 way_xml.find("//osm/way").first << tag_xml
745 put api_way_path(private_way), :params => way_xml.to_s, :headers => auth_header
746 assert_response :forbidden,
747 "adding a duplicate tag to a way for a non-public should fail with 'forbidden'"
749 ## Now try with the public user
751 auth_header = bearer_authorization_header user
753 # add an identical tag to the way
754 tag_xml = XML::Node.new("tag")
758 # add the tag into the existing xml
759 way_xml = xml_for_way(way)
760 way_xml.find("//osm/way").first << tag_xml
763 put api_way_path(way), :params => way_xml.to_s, :headers => auth_header
764 assert_response :success,
765 "adding a new tag to a way should succeed"
766 assert_equal way.version + 1, @response.body.to_i
770 # Try adding a duplicate of an existing tag to a way
771 def test_add_duplicate_tags
772 private_user = create(:user, :data_public => false)
773 private_way = create(:way, :changeset => create(:changeset, :user => private_user))
774 private_existing_tag = create(:way_tag, :way => private_way)
776 way = create(:way, :changeset => create(:changeset, :user => user))
777 existing_tag = create(:way_tag, :way => way)
779 ## Try with the non-public user
781 auth_header = bearer_authorization_header private_user
783 # add an identical tag to the way
784 tag_xml = XML::Node.new("tag")
785 tag_xml["k"] = private_existing_tag.k
786 tag_xml["v"] = private_existing_tag.v
788 # add the tag into the existing xml
789 way_xml = xml_for_way(private_way)
790 way_xml.find("//osm/way").first << tag_xml
793 put api_way_path(private_way), :params => way_xml.to_s, :headers => auth_header
794 assert_response :forbidden,
795 "adding a duplicate tag to a way for a non-public should fail with 'forbidden'"
797 ## Now try with the public user
799 auth_header = bearer_authorization_header user
801 # add an identical tag to the way
802 tag_xml = XML::Node.new("tag")
803 tag_xml["k"] = existing_tag.k
804 tag_xml["v"] = existing_tag.v
806 # add the tag into the existing xml
807 way_xml = xml_for_way(way)
808 way_xml.find("//osm/way").first << tag_xml
811 put api_way_path(way), :params => way_xml.to_s, :headers => auth_header
812 assert_response :bad_request,
813 "adding a duplicate tag to a way should fail with 'bad request'"
814 assert_equal "Element way/#{way.id} has duplicate tags with key #{existing_tag.k}", @response.body
818 # Try adding a new duplicate tags to a way
819 def test_new_duplicate_tags
820 private_user = create(:user, :data_public => false)
821 private_way = create(:way, :changeset => create(:changeset, :user => private_user))
823 way = create(:way, :changeset => create(:changeset, :user => user))
825 ## First test with the non-public user so should be rejected
827 auth_header = bearer_authorization_header private_user
829 # create duplicate tag
830 tag_xml = XML::Node.new("tag")
831 tag_xml["k"] = "i_am_a_duplicate"
832 tag_xml["v"] = "foobar"
834 # add the tag into the existing xml
835 way_xml = xml_for_way(private_way)
837 # add two copies of the tag
838 way_xml.find("//osm/way").first << tag_xml.copy(true) << tag_xml
841 put api_way_path(private_way), :params => way_xml.to_s, :headers => auth_header
842 assert_response :forbidden,
843 "adding new duplicate tags to a way using a non-public user should fail with 'forbidden'"
845 ## Now test with the public user
847 auth_header = bearer_authorization_header user
849 # create duplicate tag
850 tag_xml = XML::Node.new("tag")
851 tag_xml["k"] = "i_am_a_duplicate"
852 tag_xml["v"] = "foobar"
854 # add the tag into the existing xml
855 way_xml = xml_for_way(way)
857 # add two copies of the tag
858 way_xml.find("//osm/way").first << tag_xml.copy(true) << tag_xml
861 put api_way_path(way), :params => way_xml.to_s, :headers => auth_header
862 assert_response :bad_request,
863 "adding new duplicate tags to a way should fail with 'bad request'"
864 assert_equal "Element way/#{way.id} has duplicate tags with key i_am_a_duplicate", @response.body
868 # Try adding a new duplicate tags to a way.
869 # But be a bit subtle - use unicode decoding ambiguities to use different
870 # binary strings which have the same decoding.
871 def test_invalid_duplicate_tags
872 private_user = create(:user, :data_public => false)
873 private_changeset = create(:changeset, :user => private_user)
875 changeset = create(:changeset, :user => user)
877 ## First make sure that you can't with a non-public user
879 auth_header = bearer_authorization_header private_user
881 # add the tag into the existing xml
884 <way changeset='#{private_changeset.id}'>
885 <tag k='addr:housenumber' v='1'/>
886 <tag k='addr:housenumber' v='2'/>
892 post api_ways_path, :params => way_str, :headers => auth_header
893 assert_response :forbidden,
894 "adding new duplicate tags to a way with a non-public user should fail with 'forbidden'"
896 ## Now do it with a public user
898 auth_header = bearer_authorization_header user
900 # add the tag into the existing xml
903 <way changeset='#{changeset.id}'>
904 <tag k='addr:housenumber' v='1'/>
905 <tag k='addr:housenumber' v='2'/>
911 post api_ways_path, :params => way_str, :headers => auth_header
912 assert_response :bad_request,
913 "adding new duplicate tags to a way should fail with 'bad request'"
914 assert_equal "Element way/ has duplicate tags with key addr:housenumber", @response.body
918 # test initial rate limit
919 def test_initial_rate_limit
924 node1 = create(:node)
925 node2 = create(:node)
927 # create a changeset that puts us near the initial rate limit
928 changeset = create(:changeset, :user => user,
929 :created_at => Time.now.utc - 5.minutes,
930 :num_changes => Settings.initial_changes_per_hour - 1)
932 # create authentication header
933 auth_header = bearer_authorization_header user
938 <way changeset='#{changeset.id}'>
939 <nd ref='#{node1.id}'/>
940 <nd ref='#{node2.id}'/>
944 post api_ways_path, :params => xml, :headers => auth_header
945 assert_response :success, "way create did not return success status"
947 # get the id of the way we created
948 wayid = @response.body
950 # try updating the way, which should be rate limited
953 <way id='#{wayid}' version='1' changeset='#{changeset.id}'>
954 <nd ref='#{node2.id}'/>
955 <nd ref='#{node1.id}'/>
959 put api_way_path(wayid), :params => xml, :headers => auth_header
960 assert_response :too_many_requests, "way update did not hit rate limit"
962 # try deleting the way, which should be rate limited
963 xml = "<osm><way id='#{wayid}' version='2' changeset='#{changeset.id}'/></osm>"
964 delete api_way_path(wayid), :params => xml, :headers => auth_header
965 assert_response :too_many_requests, "way delete did not hit rate limit"
967 # try creating a way, which should be rate limited
970 <way changeset='#{changeset.id}'>
971 <nd ref='#{node1.id}'/>
972 <nd ref='#{node2.id}'/>
976 post api_ways_path, :params => xml, :headers => auth_header
977 assert_response :too_many_requests, "way create did not hit rate limit"
981 # test maximum rate limit
982 def test_maximum_rate_limit
987 node1 = create(:node)
988 node2 = create(:node)
990 # create a changeset to establish our initial edit time
991 changeset = create(:changeset, :user => user,
992 :created_at => Time.now.utc - 28.days)
994 # create changeset to put us near the maximum rate limit
995 total_changes = Settings.max_changes_per_hour - 1
996 while total_changes.positive?
997 changes = [total_changes, Changeset::MAX_ELEMENTS].min
998 changeset = create(:changeset, :user => user,
999 :created_at => Time.now.utc - 5.minutes,
1000 :num_changes => changes)
1001 total_changes -= changes
1004 # create authentication header
1005 auth_header = bearer_authorization_header user
1007 # try creating a way
1010 <way changeset='#{changeset.id}'>
1011 <nd ref='#{node1.id}'/>
1012 <nd ref='#{node2.id}'/>
1016 post api_ways_path, :params => xml, :headers => auth_header
1017 assert_response :success, "way create did not return success status"
1019 # get the id of the way we created
1020 wayid = @response.body
1022 # try updating the way, which should be rate limited
1025 <way id='#{wayid}' version='1' changeset='#{changeset.id}'>
1026 <nd ref='#{node2.id}'/>
1027 <nd ref='#{node1.id}'/>
1031 put api_way_path(wayid), :params => xml, :headers => auth_header
1032 assert_response :too_many_requests, "way update did not hit rate limit"
1034 # try deleting the way, which should be rate limited
1035 xml = "<osm><way id='#{wayid}' version='2' changeset='#{changeset.id}'/></osm>"
1036 delete api_way_path(wayid), :params => xml, :headers => auth_header
1037 assert_response :too_many_requests, "way delete did not hit rate limit"
1039 # try creating a way, which should be rate limited
1042 <way changeset='#{changeset.id}'>
1043 <nd ref='#{node1.id}'/>
1044 <nd ref='#{node2.id}'/>
1048 post api_ways_path, :params => xml, :headers => auth_header
1049 assert_response :too_many_requests, "way create did not hit rate limit"
1055 [Way, WayNode, WayTag,
1056 OldWay, OldWayNode, OldWayTag]
1060 # update an attribute in the way element
1061 def xml_attr_rewrite(xml, name, value)
1062 xml.find("//osm/way").first[name] = value.to_s
1067 # replace a node in a way element
1068 def xml_replace_node(xml, old_node, new_node)
1069 xml.find("//osm/way/nd[@ref='#{old_node}']").first["ref"] = new_node.to_s
projects / rails.git / blob