From 0d621a4ac8fc24aebd07a06e684fa9a0302161e9 Mon Sep 17 00:00:00 2001
From: Anton Khorev <tony29@yandex.ru>
Date: Sun, 6 Jul 2025 22:34:21 +0300
Subject: [PATCH] Replace multiline strings with heredocs api elements test xml

---
 test/controllers/api/nodes_controller_test.rb |  20 +-
 .../api/relations_controller_test.rb          | 176 ++++++++++++-----
 test/controllers/api/ways_controller_test.rb  | 178 +++++++++++++-----
 3 files changed, 270 insertions(+), 104 deletions(-)

diff --git a/test/controllers/api/nodes_controller_test.rb b/test/controllers/api/nodes_controller_test.rb
index 961a63e09..95cd06fb6 100644
--- a/test/controllers/api/nodes_controller_test.rb
+++ b/test/controllers/api/nodes_controller_test.rb
@@ -512,9 +512,13 @@ module Api
 
       # try and put something into a string that the API might
       # use unquoted and therefore allow code injection...
-      xml = "<osm><node lat='0' lon='0' changeset='#{private_changeset.id}'>" \
-            "<tag k='\#{@user.inspect}' v='0'/>" \
-            "</node></osm>"
+      xml = <<~OSM
+        <osm>
+          <node lat='0' lon='0' changeset='#{private_changeset.id}'>
+            <tag k='\#{@user.inspect}' v='0'/>
+          </node>
+        </osm>
+      OSM
       post api_nodes_path, :params => xml, :headers => auth_header
       assert_require_public_data "Shouldn't be able to create with non-public user"
 
@@ -523,9 +527,13 @@ module Api
 
       # try and put something into a string that the API might
       # use unquoted and therefore allow code injection...
-      xml = "<osm><node lat='0' lon='0' changeset='#{changeset.id}'>" \
-            "<tag k='\#{@user.inspect}' v='0'/>" \
-            "</node></osm>"
+      xml = <<~OSM
+        <osm>
+          <node lat='0' lon='0' changeset='#{changeset.id}'>
+            <tag k='\#{@user.inspect}' v='0'/>
+          </node>
+        </osm>
+      OSM
       post api_nodes_path, :params => xml, :headers => auth_header
       assert_response :success
       nodeid = @response.body
diff --git a/test/controllers/api/relations_controller_test.rb b/test/controllers/api/relations_controller_test.rb
index 2dfcd36a4..79ba46a58 100644
--- a/test/controllers/api/relations_controller_test.rb
+++ b/test/controllers/api/relations_controller_test.rb
@@ -218,7 +218,13 @@ module Api
       auth_header = bearer_authorization_header private_user
 
       # create an relation without members
-      xml = "<osm><relation changeset='#{private_changeset.id}'><tag k='test' v='yes' /></relation></osm>"
+      xml = <<~OSM
+        <osm>
+          <relation changeset='#{private_changeset.id}'>
+            <tag k='test' v='yes' />
+          </relation>
+        </osm>
+      OSM
       post api_relations_path, :params => xml, :headers => auth_header
       # hope for forbidden, due to user
       assert_response :forbidden,
@@ -227,9 +233,14 @@ module Api
       ###
       # create an relation with a node as member
       # This time try with a role attribute in the relation
-      xml = "<osm><relation changeset='#{private_changeset.id}'>" \
-            "<member  ref='#{node.id}' type='node' role='some'/>" \
-            "<tag k='test' v='yes' /></relation></osm>"
+      xml = <<~OSM
+        <osm>
+          <relation changeset='#{private_changeset.id}'>
+            <member ref='#{node.id}' type='node' role='some'/>
+            <tag k='test' v='yes' />
+          </relation>
+        </osm>
+      OSM
       post api_relations_path, :params => xml, :headers => auth_header
       # hope for forbidden due to user
       assert_response :forbidden,
@@ -238,8 +249,14 @@ module Api
       ###
       # create an relation with a node as member, this time test that we don't
       # need a role attribute to be included
-      xml = "<osm><relation changeset='#{private_changeset.id}'>" \
-            "<member  ref='#{node.id}' type='node'/><tag k='test' v='yes' /></relation></osm>"
+      xml = <<~OSM
+        <osm>
+          <relation changeset='#{private_changeset.id}'>
+            <member ref='#{node.id}' type='node'/>
+            <tag k='test' v='yes' />
+          </relation>
+        </osm>
+      OSM
       post api_relations_path, :params => xml, :headers => auth_header
       # hope for forbidden due to user
       assert_response :forbidden,
@@ -247,10 +264,15 @@ module Api
 
       ###
       # create an relation with a way and a node as members
-      xml = "<osm><relation changeset='#{private_changeset.id}'>" \
-            "<member type='node' ref='#{node.id}' role='some'/>" \
-            "<member type='way' ref='#{way.id}' role='other'/>" \
-            "<tag k='test' v='yes' /></relation></osm>"
+      xml = <<~OSM
+        <osm>
+          <relation changeset='#{private_changeset.id}'>
+            <member type='node' ref='#{node.id}' role='some'/>
+            <member type='way' ref='#{way.id}' role='other'/>
+            <tag k='test' v='yes' />
+          </relation>
+        </osm>
+      OSM
       post api_relations_path, :params => xml, :headers => auth_header
       # hope for forbidden, due to user
       assert_response :forbidden,
@@ -260,7 +282,13 @@ module Api
       auth_header = bearer_authorization_header user
 
       # create an relation without members
-      xml = "<osm><relation changeset='#{changeset.id}'><tag k='test' v='yes' /></relation></osm>"
+      xml = <<~OSM
+        <osm>
+          <relation changeset='#{changeset.id}'>
+            <tag k='test' v='yes' />
+          </relation>
+        </osm>
+      OSM
       post api_relations_path, :params => xml, :headers => auth_header
       # hope for success
       assert_response :success,
@@ -286,9 +314,14 @@ module Api
       ###
       # create an relation with a node as member
       # This time try with a role attribute in the relation
-      xml = "<osm><relation changeset='#{changeset.id}'>" \
-            "<member  ref='#{node.id}' type='node' role='some'/>" \
-            "<tag k='test' v='yes' /></relation></osm>"
+      xml = <<~OSM
+        <osm>
+          <relation changeset='#{changeset.id}'>
+            <member ref='#{node.id}' type='node' role='some'/>
+            <tag k='test' v='yes' />
+          </relation>
+        </osm>
+      OSM
       post api_relations_path, :params => xml, :headers => auth_header
       # hope for success
       assert_response :success,
@@ -315,8 +348,14 @@ module Api
       ###
       # create an relation with a node as member, this time test that we don't
       # need a role attribute to be included
-      xml = "<osm><relation changeset='#{changeset.id}'>" \
-            "<member  ref='#{node.id}' type='node'/><tag k='test' v='yes' /></relation></osm>"
+      xml = <<~OSM
+        <osm>
+          <relation changeset='#{changeset.id}'>
+            <member ref='#{node.id}' type='node'/>
+            <tag k='test' v='yes' />
+          </relation>
+        </osm>
+      OSM
       post api_relations_path, :params => xml, :headers => auth_header
       # hope for success
       assert_response :success,
@@ -342,10 +381,15 @@ module Api
 
       ###
       # create an relation with a way and a node as members
-      xml = "<osm><relation changeset='#{changeset.id}'>" \
-            "<member type='node' ref='#{node.id}' role='some'/>" \
-            "<member type='way' ref='#{way.id}' role='other'/>" \
-            "<tag k='test' v='yes' /></relation></osm>"
+      xml = <<~OSM
+        <osm>
+          <relation changeset='#{changeset.id}'>
+            <member type='node' ref='#{node.id}' role='some'/>
+            <member type='way' ref='#{way.id}' role='other'/>
+            <tag k='test' v='yes' />
+          </relation>
+        </osm>
+      OSM
       post api_relations_path, :params => xml, :headers => auth_header
       # hope for success
       assert_response :success,
@@ -400,9 +444,13 @@ module Api
       auth_header = bearer_authorization_header user
 
       # create a relation with non-existing node as member
-      xml = "<osm><relation changeset='#{changeset.id}'>" \
-            "<member type='node' ref='0'/>" \
-            "</relation></osm>"
+      xml = <<~OSM
+        <osm>
+          <relation changeset='#{changeset.id}'>
+            <member type='node' ref='0'/>
+          </relation>
+        </osm>
+      OSM
       post api_relations_path, :params => xml, :headers => auth_header
       # expect failure
       assert_response :precondition_failed,
@@ -421,9 +469,13 @@ module Api
       auth_header = bearer_authorization_header user
 
       # create some xml that should return an error
-      xml = "<osm><relation changeset='#{changeset.id}'>" \
-            "<member type='type' ref='#{node.id}' role=''/>" \
-            "</relation></osm>"
+      xml = <<~OSM
+        <osm>
+          <relation changeset='#{changeset.id}'>
+            <member type='type' ref='#{node.id}' role=''/>
+          </relation>
+        </osm>
+      OSM
       post api_relations_path, :params => xml, :headers => auth_header
       # expect failure
       assert_response :bad_request
@@ -586,10 +638,14 @@ module Api
       auth_header = bearer_authorization_header user
 
       # try creating a relation
-      xml = "<osm><relation changeset='#{changeset.id}'>" \
-            "<member  ref='#{node1.id}' type='node' role='some'/>" \
-            "<member  ref='#{node2.id}' type='node' role='some'/>" \
-            "</relation></osm>"
+      xml = <<~OSM
+        <osm>
+          <relation changeset='#{changeset.id}'>
+            <member ref='#{node1.id}' type='node' role='some'/>
+            <member ref='#{node2.id}' type='node' role='some'/>
+          </relation>
+        </osm>
+      OSM
       post api_relations_path, :params => xml, :headers => auth_header
       assert_response :success, "relation create did not return success status"
 
@@ -597,10 +653,14 @@ module Api
       relationid = @response.body
 
       # try updating the relation, which should be rate limited
-      xml = "<osm><relation id='#{relationid}' version='1' changeset='#{changeset.id}'>" \
-            "<member  ref='#{node2.id}' type='node' role='some'/>" \
-            "<member  ref='#{node1.id}' type='node' role='some'/>" \
-            "</relation></osm>"
+      xml = <<~OSM
+        <osm>
+          <relation id='#{relationid}' version='1' changeset='#{changeset.id}'>
+            <member ref='#{node2.id}' type='node' role='some'/>
+            <member ref='#{node1.id}' type='node' role='some'/>
+          </relation>
+        </osm>
+      OSM
       put api_relation_path(relationid), :params => xml, :headers => auth_header
       assert_response :too_many_requests, "relation update did not hit rate limit"
 
@@ -610,10 +670,14 @@ module Api
       assert_response :too_many_requests, "relation delete did not hit rate limit"
 
       # try creating a relation, which should be rate limited
-      xml = "<osm><relation changeset='#{changeset.id}'>" \
-            "<member  ref='#{node1.id}' type='node' role='some'/>" \
-            "<member  ref='#{node2.id}' type='node' role='some'/>" \
-            "</relation></osm>"
+      xml = <<~OSM
+        <osm>
+          <relation changeset='#{changeset.id}'>
+            <member ref='#{node1.id}' type='node' role='some'/>
+            <member ref='#{node2.id}' type='node' role='some'/>
+          </relation>
+        </osm>
+      OSM
       post api_relations_path, :params => xml, :headers => auth_header
       assert_response :too_many_requests, "relation create did not hit rate limit"
     end
@@ -646,10 +710,14 @@ module Api
       auth_header = bearer_authorization_header user
 
       # try creating a relation
-      xml = "<osm><relation changeset='#{changeset.id}'>" \
-            "<member  ref='#{node1.id}' type='node' role='some'/>" \
-            "<member  ref='#{node2.id}' type='node' role='some'/>" \
-            "</relation></osm>"
+      xml = <<~OSM
+        <osm>
+          <relation changeset='#{changeset.id}'>
+            <member ref='#{node1.id}' type='node' role='some'/>
+            <member ref='#{node2.id}' type='node' role='some'/>
+          </relation>
+        </osm>
+      OSM
       post api_relations_path, :params => xml, :headers => auth_header
       assert_response :success, "relation create did not return success status"
 
@@ -657,10 +725,14 @@ module Api
       relationid = @response.body
 
       # try updating the relation, which should be rate limited
-      xml = "<osm><relation id='#{relationid}' version='1' changeset='#{changeset.id}'>" \
-            "<member  ref='#{node2.id}' type='node' role='some'/>" \
-            "<member  ref='#{node1.id}' type='node' role='some'/>" \
-            "</relation></osm>"
+      xml = <<~OSM
+        <osm>
+          <relation id='#{relationid}' version='1' changeset='#{changeset.id}'>
+            <member ref='#{node2.id}' type='node' role='some'/>
+            <member ref='#{node1.id}' type='node' role='some'/>
+          </relation>
+        </osm>
+      OSM
       put api_relation_path(relationid), :params => xml, :headers => auth_header
       assert_response :too_many_requests, "relation update did not hit rate limit"
 
@@ -670,10 +742,14 @@ module Api
       assert_response :too_many_requests, "relation delete did not hit rate limit"
 
       # try creating a relation, which should be rate limited
-      xml = "<osm><relation changeset='#{changeset.id}'>" \
-            "<member  ref='#{node1.id}' type='node' role='some'/>" \
-            "<member  ref='#{node2.id}' type='node' role='some'/>" \
-            "</relation></osm>"
+      xml = <<~OSM
+        <osm>
+          <relation changeset='#{changeset.id}'>
+            <member ref='#{node1.id}' type='node' role='some'/>
+            <member ref='#{node2.id}' type='node' role='some'/>
+          </relation>
+        </osm>
+      OSM
       post api_relations_path, :params => xml, :headers => auth_header
       assert_response :too_many_requests, "relation create did not hit rate limit"
     end
diff --git a/test/controllers/api/ways_controller_test.rb b/test/controllers/api/ways_controller_test.rb
index 2d0a76de6..4a5c3c84f 100644
--- a/test/controllers/api/ways_controller_test.rb
+++ b/test/controllers/api/ways_controller_test.rb
@@ -213,9 +213,15 @@ module Api
       changeset_id = private_changeset.id
 
       # create a way with pre-existing nodes
-      xml = "<osm><way changeset='#{changeset_id}'>" \
-            "<nd ref='#{node1.id}'/><nd ref='#{node2.id}'/>" \
-            "<tag k='test' v='yes' /></way></osm>"
+      xml = <<~OSM
+        <osm>
+          <way changeset='#{changeset_id}'>
+            <nd ref='#{node1.id}'/>
+            <nd ref='#{node2.id}'/>
+            <tag k='test' v='yes' />
+          </way>
+        </osm>
+      OSM
       post api_ways_path, :params => xml, :headers => auth_header
       # hope for failure
       assert_response :forbidden,
@@ -228,9 +234,15 @@ module Api
       changeset_id = changeset.id
 
       # create a way with pre-existing nodes
-      xml = "<osm><way changeset='#{changeset_id}'>" \
-            "<nd ref='#{node1.id}'/><nd ref='#{node2.id}'/>" \
-            "<tag k='test' v='yes' /></way></osm>"
+      xml = <<~OSM
+        <osm>
+          <way changeset='#{changeset_id}'>
+            <nd ref='#{node1.id}'/>
+            <nd ref='#{node2.id}'/>
+            <tag k='test' v='yes' />
+          </way>
+        </osm>
+      OSM
       post api_ways_path, :params => xml, :headers => auth_header
       # hope for success
       assert_response :success,
@@ -272,24 +284,38 @@ module Api
 
       # use the first user's open changeset
       # create a way with non-existing node
-      xml = "<osm><way changeset='#{private_open_changeset.id}'>" \
-            "<nd ref='0'/></way></osm>"
+      xml = <<~OSM
+        <osm>
+          <way changeset='#{private_open_changeset.id}'>
+            <nd ref='0'/>
+          </way>
+        </osm>
+      OSM
       post api_ways_path, :params => xml, :headers => auth_header
       # expect failure
       assert_response :forbidden,
                       "way upload with invalid node using a private user did not return 'forbidden'"
 
       # create a way with no nodes
-      xml = "<osm><way changeset='#{private_open_changeset.id}'>" \
-            "</way></osm>"
+      xml = <<~OSM
+        <osm>
+          <way changeset='#{private_open_changeset.id}'>
+          </way>
+        </osm>
+      OSM
       post api_ways_path, :params => xml, :headers => auth_header
       # expect failure
       assert_response :forbidden,
                       "way upload with no node using a private userdid not return 'forbidden'"
 
       # create a way inside a closed changeset
-      xml = "<osm><way changeset='#{private_closed_changeset.id}'>" \
-            "<nd ref='#{node.id}'/></way></osm>"
+      xml = <<~OSM
+        <osm>
+          <way changeset='#{private_closed_changeset.id}'>
+            <nd ref='#{node.id}'/>
+          </way>
+        </osm>
+      OSM
       post api_ways_path, :params => xml, :headers => auth_header
       # expect failure
       assert_response :forbidden,
@@ -300,8 +326,13 @@ module Api
 
       # use the first user's open changeset
       # create a way with non-existing node
-      xml = "<osm><way changeset='#{open_changeset.id}'>" \
-            "<nd ref='0'/></way></osm>"
+      xml = <<~OSM
+        <osm>
+          <way changeset='#{open_changeset.id}'>
+            <nd ref='0'/>
+          </way>
+        </osm>
+      OSM
       post api_ways_path, :params => xml, :headers => auth_header
       # expect failure
       assert_response :precondition_failed,
@@ -309,8 +340,12 @@ module Api
       assert_equal "Precondition failed: Way  requires the nodes with id in (0), which either do not exist, or are not visible.", @response.body
 
       # create a way with no nodes
-      xml = "<osm><way changeset='#{open_changeset.id}'>" \
-            "</way></osm>"
+      xml = <<~OSM
+        <osm>
+          <way changeset='#{open_changeset.id}'>
+          </way>
+        </osm>
+      OSM
       post api_ways_path, :params => xml, :headers => auth_header
       # expect failure
       assert_response :precondition_failed,
@@ -318,18 +353,27 @@ module Api
       assert_equal "Precondition failed: Cannot create way: data is invalid.", @response.body
 
       # create a way inside a closed changeset
-      xml = "<osm><way changeset='#{closed_changeset.id}'>" \
-            "<nd ref='#{node.id}'/></way></osm>"
+      xml = <<~OSM
+        <osm>
+          <way changeset='#{closed_changeset.id}'>
+            <nd ref='#{node.id}'/>
+          </way>
+        </osm>
+      OSM
       post api_ways_path, :params => xml, :headers => auth_header
       # expect failure
       assert_response :conflict,
                       "way upload to closed changeset did not return 'conflict'"
 
       # create a way with a tag which is too long
-      xml = "<osm><way changeset='#{open_changeset.id}'>" \
-            "<nd ref='#{node.id}'/>" \
-            "<tag k='foo' v='#{'x' * 256}'/>" \
-            "</way></osm>"
+      xml = <<~OSM
+        <osm>
+          <way changeset='#{open_changeset.id}'>
+            <nd ref='#{node.id}'/>
+            <tag k='foo' v='#{'x' * 256}'/>
+          </way>
+        </osm>
+      OSM
       post api_ways_path, :params => xml, :headers => auth_header
       # expect failure
       assert_response :bad_request,
@@ -751,10 +795,14 @@ module Api
       auth_header = bearer_authorization_header private_user
 
       # add the tag into the existing xml
-      way_str = "<osm><way changeset='#{private_changeset.id}'>"
-      way_str << "<tag k='addr:housenumber' v='1'/>"
-      way_str << "<tag k='addr:housenumber' v='2'/>"
-      way_str << "</way></osm>"
+      way_str = <<~OSM
+        <osm>
+          <way changeset='#{private_changeset.id}'>
+            <tag k='addr:housenumber' v='1'/>
+            <tag k='addr:housenumber' v='2'/>
+          </way>
+        </osm>
+      OSM
 
       # try and upload it
       post api_ways_path, :params => way_str, :headers => auth_header
@@ -766,10 +814,14 @@ module Api
       auth_header = bearer_authorization_header user
 
       # add the tag into the existing xml
-      way_str = "<osm><way changeset='#{changeset.id}'>"
-      way_str << "<tag k='addr:housenumber' v='1'/>"
-      way_str << "<tag k='addr:housenumber' v='2'/>"
-      way_str << "</way></osm>"
+      way_str = <<~OSM
+        <osm>
+          <way changeset='#{changeset.id}'>
+            <tag k='addr:housenumber' v='1'/>
+            <tag k='addr:housenumber' v='2'/>
+          </way>
+        </osm>
+      OSM
 
       # try and upload it
       post api_ways_path, :params => way_str, :headers => auth_header
@@ -797,9 +849,14 @@ module Api
       auth_header = bearer_authorization_header user
 
       # try creating a way
-      xml = "<osm><way changeset='#{changeset.id}'>" \
-            "<nd ref='#{node1.id}'/><nd ref='#{node2.id}'/>" \
-            "</way></osm>"
+      xml = <<~OSM
+        <osm>
+          <way changeset='#{changeset.id}'>
+            <nd ref='#{node1.id}'/>
+            <nd ref='#{node2.id}'/>
+          </way>
+        </osm>
+      OSM
       post api_ways_path, :params => xml, :headers => auth_header
       assert_response :success, "way create did not return success status"
 
@@ -807,9 +864,14 @@ module Api
       wayid = @response.body
 
       # try updating the way, which should be rate limited
-      xml = "<osm><way id='#{wayid}' version='1' changeset='#{changeset.id}'>" \
-            "<nd ref='#{node2.id}'/><nd ref='#{node1.id}'/>" \
-            "</way></osm>"
+      xml = <<~OSM
+        <osm>
+          <way id='#{wayid}' version='1' changeset='#{changeset.id}'>
+            <nd ref='#{node2.id}'/>
+            <nd ref='#{node1.id}'/>
+          </way>
+        </osm>
+      OSM
       put api_way_path(wayid), :params => xml, :headers => auth_header
       assert_response :too_many_requests, "way update did not hit rate limit"
 
@@ -819,9 +881,14 @@ module Api
       assert_response :too_many_requests, "way delete did not hit rate limit"
 
       # try creating a way, which should be rate limited
-      xml = "<osm><way changeset='#{changeset.id}'>" \
-            "<nd ref='#{node1.id}'/><nd ref='#{node2.id}'/>" \
-            "</way></osm>"
+      xml = <<~OSM
+        <osm>
+          <way changeset='#{changeset.id}'>
+            <nd ref='#{node1.id}'/>
+            <nd ref='#{node2.id}'/>
+          </way>
+        </osm>
+      OSM
       post api_ways_path, :params => xml, :headers => auth_header
       assert_response :too_many_requests, "way create did not hit rate limit"
     end
@@ -854,9 +921,14 @@ module Api
       auth_header = bearer_authorization_header user
 
       # try creating a way
-      xml = "<osm><way changeset='#{changeset.id}'>" \
-            "<nd ref='#{node1.id}'/><nd ref='#{node2.id}'/>" \
-            "</way></osm>"
+      xml = <<~OSM
+        <osm>
+          <way changeset='#{changeset.id}'>
+            <nd ref='#{node1.id}'/>
+            <nd ref='#{node2.id}'/>
+          </way>
+        </osm>
+      OSM
       post api_ways_path, :params => xml, :headers => auth_header
       assert_response :success, "way create did not return success status"
 
@@ -864,9 +936,14 @@ module Api
       wayid = @response.body
 
       # try updating the way, which should be rate limited
-      xml = "<osm><way id='#{wayid}' version='1' changeset='#{changeset.id}'>" \
-            "<nd ref='#{node2.id}'/><nd ref='#{node1.id}'/>" \
-            "</way></osm>"
+      xml = <<~OSM
+        <osm>
+          <way id='#{wayid}' version='1' changeset='#{changeset.id}'>
+            <nd ref='#{node2.id}'/>
+            <nd ref='#{node1.id}'/>
+          </way>
+        </osm>
+      OSM
       put api_way_path(wayid), :params => xml, :headers => auth_header
       assert_response :too_many_requests, "way update did not hit rate limit"
 
@@ -876,9 +953,14 @@ module Api
       assert_response :too_many_requests, "way delete did not hit rate limit"
 
       # try creating a way, which should be rate limited
-      xml = "<osm><way changeset='#{changeset.id}'>" \
-            "<nd ref='#{node1.id}'/><nd ref='#{node2.id}'/>" \
-            "</way></osm>"
+      xml = <<~OSM
+        <osm>
+          <way changeset='#{changeset.id}'>
+            <nd ref='#{node1.id}'/>
+            <nd ref='#{node2.id}'/>
+          </way>
+        </osm>
+      OSM
       post api_ways_path, :params => xml, :headers => auth_header
       assert_response :too_many_requests, "way create did not hit rate limit"
     end
-- 
2.39.5