class NodeControllerTest < ActionController::TestCase
api_fixtures
+ ##
+ # test all routes which lead to this controller
+ def test_routes
+ assert_routing(
+ { :path => "/api/0.6/node/create", :method => :put },
+ { :controller => "node", :action => "create" }
+ )
+ assert_routing(
+ { :path => "/api/0.6/node/1", :method => :get },
+ { :controller => "node", :action => "read", :id => "1" }
+ )
+ assert_routing(
+ { :path => "/api/0.6/node/1", :method => :put },
+ { :controller => "node", :action => "update", :id => "1" }
+ )
+ assert_routing(
+ { :path => "/api/0.6/node/1", :method => :delete },
+ { :controller => "node", :action => "delete", :id => "1" }
+ )
+ assert_routing(
+ { :path => "/api/0.6/nodes", :method => :get },
+ { :controller => "node", :action => "nodes" }
+ )
+ end
+
def test_create
# cannot read password from fixture as it is stored as MD5 digest
## First try with no auth
lat = 3.434
lon = 3.23
+ # test that the upload is rejected when xml is valid, but osm doc isn't
+ content("<create/>")
+ put :create
+ assert_response :bad_request, "node upload did not return bad_request status"
+ assert_equal "Cannot parse valid node from xml string <create/>. XML doesn't contain an osm/node element.", @response.body
+
# test that the upload is rejected when no lat is supplied
# create a minimal xml file
content("<osm><node lon='#{lon}' changeset='#{changeset.id}'/></osm>")
assert_response :bad_request, "node upload did not return bad_request status"
assert_equal "Cannot parse valid node from xml string <node lat=\"3.434\" changeset=\"#{changeset.id}\"/>. lon missing", @response.body
+ # test that the upload is rejected when lat is non-numeric
+ # create a minimal xml file
+ content("<osm><node lat='abc' lon='#{lon}' changeset='#{changeset.id}'/></osm>")
+ put :create
+ # hope for success
+ assert_response :bad_request, "node upload did not return bad_request status"
+ assert_equal "Cannot parse valid node from xml string <node lat=\"abc\" lon=\"#{lon}\" changeset=\"#{changeset.id}\"/>. lat not a number", @response.body
+
+ # test that the upload is rejected when lon is non-numeric
+ # create a minimal xml file
+ content("<osm><node lat='#{lat}' lon='abc' changeset='#{changeset.id}'/></osm>")
+ put :create
+ # hope for success
+ assert_response :bad_request, "node upload did not return bad_request status"
+ assert_equal "Cannot parse valid node from xml string <node lat=\"#{lat}\" lon=\"abc\" changeset=\"#{changeset.id}\"/>. lon not a number", @response.body
+
+ # test that the upload is rejected when we have a tag which is too long
+ content("<osm><node lat='#{lat}' lon='#{lon}' changeset='#{changeset.id}'><tag k='foo' v='#{'x'*256}'/></node></osm>")
+ put :create
+ assert_response :bad_request, "node upload did not return bad_request status"
+ assert_equal ["NodeTag ", " v: is too long (maximum is 255 characters) (\"#{'x'*256}\")"], @response.body.split(/[0-9]+,foo:/)
+
end
def test_read
delete :delete, :id => current_nodes(:visible_node).id
assert_response :conflict
+ # try to delete a node with a different ID
+ content(nodes(:public_visible_node).to_xml)
+ delete :delete, :id => current_nodes(:visible_node).id
+ assert_response :bad_request,
+ "should not be able to delete a node with a different ID from the XML"
+
+ # try to delete a node rubbish in the payloads
+ content("<delete/>")
+ delete :delete, :id => current_nodes(:visible_node).id
+ assert_response :bad_request,
+ "should not be able to delete a node without a valid XML payload"
+
# valid delete now takes a payload
content(nodes(:public_visible_node).to_xml)
delete :delete, :id => current_nodes(:public_visible_node).id
assert @response.body.to_i > current_nodes(:public_visible_node).version,
"delete request should return a new version number for node"
- # this won't work since the node is already deleted
- content(nodes(:invisible_node).to_xml)
- delete :delete, :id => current_nodes(:invisible_node).id
+ # deleting the same node twice doesn't work
+ content(nodes(:public_visible_node).to_xml)
+ delete :delete, :id => current_nodes(:public_visible_node).id
assert_response :gone
# this won't work since the node never existed
delete :delete, :id => current_nodes(:used_node_1).id
assert_response :precondition_failed,
"shouldn't be able to delete a node used in a way (#{@response.body})"
+ assert_equal "Precondition failed: Node 3 is still used by ways 1,3.", @response.body
# in a relation...
content(nodes(:node_used_by_relationship).to_xml)
delete :delete, :id => current_nodes(:node_used_by_relationship).id
assert_response :precondition_failed,
"shouldn't be able to delete a node used in a relation (#{@response.body})"
+ assert_equal "Precondition failed: Node 5 is still used by relations 1,3.", @response.body
end
##
content current_nodes(:visible_node).to_xml
put :update, :id => current_nodes(:visible_node).id
assert_require_public_data "should have failed with a forbidden when data isn't public"
-
-
-
## Finally test with the public user
assert_response :conflict,
"should not be able to put 'p1r4at3s!' in the version field"
+ ## try an update with the wrong ID
+ content current_nodes(:public_visible_node).to_xml
+ put :update, :id => current_nodes(:visible_node).id
+ assert_response :bad_request,
+ "should not be able to update a node with a different ID from the XML"
+
+ ## try an update with a minimal valid XML doc which isn't a well-formed OSM doc.
+ content "<update/>"
+ put :update, :id => current_nodes(:visible_node).id
+ assert_response :bad_request,
+ "should not be able to update a node with non-OSM XML doc."
+
## finally, produce a good request which should work
content current_nodes(:public_visible_node).to_xml
put :update, :id => current_nodes(:public_visible_node).id
put :update, :id => current_nodes(:public_visible_node).id
assert_response :bad_request,
"adding duplicate tags to a node should fail with 'bad request'"
- assert_equal "Element node/#{current_nodes(:public_visible_node).id} has duplicate tags with key #{current_node_tags(:t1).k}.", @response.body
+ assert_equal "Element node/#{current_nodes(:public_visible_node).id} has duplicate tags with key #{current_node_tags(:t1).k}", @response.body
end
# test whether string injection is possible
projects / rails.git / blobdiff