put :close, :id => changesets(:normal_user_first_change).id
assert_response :conflict
+ assert_equal "The user doesn't own that changeset", @response.body
end
##
end
##
- # check searching for changesets by bbox
- def test_changeset_by_bbox
+ # test the query functionality of changesets
+ def test_query
get :query, :bbox => "-10,-10, 10, 10"
assert_response :success, "can't get changesets in bbox"
assert_changesets [1,4]
assert_changesets [4,5]
end
+ ##
+ # check that errors are returned if garbage is inserted
+ # into query strings
+ def test_query_invalid
+ [ "abracadabra!",
+ "1,2,3,F",
+ ";drop table users;"
+ ].each do |bbox|
+ get :query, :bbox => bbox
+ assert_response :bad_request, "'#{bbox}' isn't a bbox"
+ end
+
+ [ "now()",
+ "00-00-00",
+ ";drop table users;",
+ ",",
+ "-,-"
+ ].each do |time|
+ get :query, :time => time
+ assert_response :bad_request, "'#{time}' isn't a valid time range"
+ end
+
+ [ "me",
+ "foobar",
+ "-1",
+ "0"
+ ].each do |uid|
+ get :query, :user => uid
+ assert_response :bad_request, "'#{uid}' isn't a valid user ID"
+ end
+ end
+
##
# check updating tags on a changeset
def test_changeset_update
changeset = changesets(:normal_user_first_change)
new_changeset = changeset.to_xml
new_tag = XML::Node.new "tag"
- new_tag['k'] = "testing"
- new_tag['v'] = "testing"
+ new_tag['k'] = "tagtesting"
+ new_tag['v'] = "valuetesting"
new_changeset.find("//osm/changeset").first << new_tag
content new_changeset
assert_select "osm>changeset[id=#{changeset.id}]", 1
assert_select "osm>changeset>tag", 2
- assert_select "osm>changeset>tag[k=testing][v=testing]", 1
+ assert_select "osm>changeset>tag[k=tagtesting][v=valuetesting]", 1
end
##