From f84980f183b9ca4336ed4eec49c2d0ff8aff7165 Mon Sep 17 00:00:00 2001 From: Andy Allan Date: Wed, 6 May 2020 16:51:04 +0200 Subject: [PATCH] More controller test refactoring --- config/routes.rb | 32 +-- test/controllers/api/nodes_controller_test.rb | 146 ++++++------- .../api/old_nodes_controller_test.rb | 92 ++++---- .../api/old_relations_controller_test.rb | 76 +++---- .../api/old_ways_controller_test.rb | 86 ++++---- .../api/relations_controller_test.rb | 204 +++++++++--------- test/controllers/api/ways_controller_test.rb | 158 +++++++------- 7 files changed, 398 insertions(+), 396 deletions(-) diff --git a/config/routes.rb b/config/routes.rb index 525a4609a..f8e69e80a 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -23,34 +23,34 @@ OpenStreetMap::Application.routes.draw do post "changeset/comment/:id/unhide" => "api/changeset_comments#restore", :as => :changeset_comment_unhide, :id => /\d+/ put "node/create" => "api/nodes#create" - get "node/:id/ways" => "api/ways#ways_for_node", :id => /\d+/ - get "node/:id/relations" => "api/relations#relations_for_node", :id => /\d+/ - get "node/:id/history" => "api/old_nodes#history", :id => /\d+/ - post "node/:id/:version/redact" => "api/old_nodes#redact", :version => /\d+/, :id => /\d+/ - get "node/:id/:version" => "api/old_nodes#version", :id => /\d+/, :version => /\d+/ + get "node/:id/ways" => "api/ways#ways_for_node", :as => :node_ways, :id => /\d+/ + get "node/:id/relations" => "api/relations#relations_for_node", :as => :node_relations, :id => /\d+/ + get "node/:id/history" => "api/old_nodes#history", :as => :api_node_history, :id => /\d+/ + post "node/:id/:version/redact" => "api/old_nodes#redact", :as => :node_version_redact, :version => /\d+/, :id => /\d+/ + get "node/:id/:version" => "api/old_nodes#version", :as => :node_version, :id => /\d+/, :version => /\d+/ get "node/:id" => "api/nodes#show", :as => :api_node, :id => /\d+/ put "node/:id" => "api/nodes#update", :id => /\d+/ delete "node/:id" => "api/nodes#delete", :id => /\d+/ get "nodes" => "api/nodes#index" put "way/create" => "api/ways#create" - get "way/:id/history" => "api/old_ways#history", :id => /\d+/ - get "way/:id/full" => "api/ways#full", :id => /\d+/ - get "way/:id/relations" => "api/relations#relations_for_way", :id => /\d+/ - post "way/:id/:version/redact" => "api/old_ways#redact", :version => /\d+/, :id => /\d+/ - get "way/:id/:version" => "api/old_ways#version", :id => /\d+/, :version => /\d+/ + get "way/:id/history" => "api/old_ways#history", :as => :api_way_history, :id => /\d+/ + get "way/:id/full" => "api/ways#full", :as => :way_full, :id => /\d+/ + get "way/:id/relations" => "api/relations#relations_for_way", :as => :way_relations, :id => /\d+/ + post "way/:id/:version/redact" => "api/old_ways#redact", :as => :way_version_redact, :version => /\d+/, :id => /\d+/ + get "way/:id/:version" => "api/old_ways#version", :as => :way_version, :id => /\d+/, :version => /\d+/ get "way/:id" => "api/ways#show", :as => :api_way, :id => /\d+/ put "way/:id" => "api/ways#update", :id => /\d+/ delete "way/:id" => "api/ways#delete", :id => /\d+/ get "ways" => "api/ways#index" put "relation/create" => "api/relations#create" - get "relation/:id/relations" => "api/relations#relations_for_relation", :id => /\d+/ - get "relation/:id/history" => "api/old_relations#history", :id => /\d+/ - get "relation/:id/full" => "api/relations#full", :id => /\d+/ - post "relation/:id/:version/redact" => "api/old_relations#redact", :version => /\d+/, :id => /\d+/ - get "relation/:id/:version" => "api/old_relations#version", :id => /\d+/, :version => /\d+/ - get "relation/:id" => "api/relations#show", :id => /\d+/ + get "relation/:id/relations" => "api/relations#relations_for_relation", :as => :relation_relations, :id => /\d+/ + get "relation/:id/history" => "api/old_relations#history", :as => :api_relation_history, :id => /\d+/ + get "relation/:id/full" => "api/relations#full", :as => :relation_full, :id => /\d+/ + post "relation/:id/:version/redact" => "api/old_relations#redact", :as => :relation_version_redact, :version => /\d+/, :id => /\d+/ + get "relation/:id/:version" => "api/old_relations#version", :as => :relation_version, :id => /\d+/, :version => /\d+/ + get "relation/:id" => "api/relations#show", :as => :api_relation, :id => /\d+/ put "relation/:id" => "api/relations#update", :id => /\d+/ delete "relation/:id" => "api/relations#delete", :id => /\d+/ get "relations" => "api/relations#index" diff --git a/test/controllers/api/nodes_controller_test.rb b/test/controllers/api/nodes_controller_test.rb index 5720ccb1f..645408dd4 100644 --- a/test/controllers/api/nodes_controller_test.rb +++ b/test/controllers/api/nodes_controller_test.rb @@ -1,7 +1,7 @@ require "test_helper" module Api - class NodesControllerTest < ActionController::TestCase + class NodesControllerTest < ActionDispatch::IntegrationTest ## # test all routes which lead to this controller def test_routes @@ -49,28 +49,28 @@ module Api # create a minimal xml file xml = "" assert_difference("OldNode.count", 0) do - put :create, :body => xml + put node_create_path, :params => xml end # hope for unauthorized assert_response :unauthorized, "node upload did not return unauthorized status" ## Now try with the user which doesn't have their data public - basic_authorization private_user.email, "test" + auth_header = basic_authorization_header private_user.email, "test" # create a minimal xml file xml = "" assert_difference("Node.count", 0) do - put :create, :body => xml + put node_create_path, :params => xml, :headers => auth_header end # hope for success assert_require_public_data "node create did not return forbidden status" ## Now try with the user that has the public data - basic_authorization user.email, "test" + auth_header = basic_authorization_header user.email, "test" # create a minimal xml file xml = "" - put :create, :body => xml + put node_create_path, :params => xml, :headers => auth_header # hope for success assert_response :success, "node upload did not return success status" @@ -92,20 +92,20 @@ module Api user = create(:user) changeset = create(:changeset, :user => user) - basic_authorization user.email, "test" + auth_header = basic_authorization_header user.email, "test" lat = 3.434 lon = 3.23 # test that the upload is rejected when xml is valid, but osm doc isn't xml = "" - put :create, :body => xml + put node_create_path, :params => xml, :headers => auth_header assert_response :bad_request, "node upload did not return bad_request status" assert_equal "Cannot parse valid node from xml string . XML doesn't contain an osm/node element.", @response.body # test that the upload is rejected when no lat is supplied # create a minimal xml file xml = "" - put :create, :body => xml + put node_create_path, :params => xml, :headers => auth_header # hope for success assert_response :bad_request, "node upload did not return bad_request status" assert_equal "Cannot parse valid node from xml string . lat missing", @response.body @@ -113,7 +113,7 @@ module Api # test that the upload is rejected when no lon is supplied # create a minimal xml file xml = "" - put :create, :body => xml + put node_create_path, :params => xml, :headers => auth_header # hope for success assert_response :bad_request, "node upload did not return bad_request status" assert_equal "Cannot parse valid node from xml string . lon missing", @response.body @@ -121,7 +121,7 @@ module Api # test that the upload is rejected when lat is non-numeric # create a minimal xml file xml = "" - put :create, :body => xml + put node_create_path, :params => xml, :headers => auth_header # hope for success assert_response :bad_request, "node upload did not return bad_request status" assert_equal "Cannot parse valid node from xml string . lat not a number", @response.body @@ -129,29 +129,29 @@ module Api # test that the upload is rejected when lon is non-numeric # create a minimal xml file xml = "" - put :create, :body => xml + put node_create_path, :params => xml, :headers => auth_header # hope for success assert_response :bad_request, "node upload did not return bad_request status" assert_equal "Cannot parse valid node from xml string . lon not a number", @response.body # test that the upload is rejected when we have a tag which is too long xml = "" - put :create, :body => xml + put node_create_path, :params => xml, :headers => auth_header assert_response :bad_request, "node upload did not return bad_request status" assert_equal ["NodeTag ", " v: is too long (maximum is 255 characters) (\"#{'x' * 256}\")"], @response.body.split(/[0-9]+,foo:/) end def test_show # check that a visible node is returned properly - get :show, :params => { :id => create(:node).id } + get api_node_path(create(:node)) assert_response :success # check that an deleted node is not returned - get :show, :params => { :id => create(:node, :deleted).id } + get api_node_path(create(:node, :deleted)) assert_response :gone # check chat a non-existent node is not returned - get :show, :params => { :id => 0 } + get api_node_path(:id => 0) assert_response :not_found end @@ -159,7 +159,7 @@ module Api def test_lat_lon_xml_format node = create(:node, :latitude => (0.00004 * OldNode::SCALE).to_i, :longitude => (0.00008 * OldNode::SCALE).to_i) - get :show, :params => { :id => node.id } + get api_node_path(node) assert_match(/lat="0.0000400"/, response.body) assert_match(/lon="0.0000800"/, response.body) end @@ -174,34 +174,34 @@ module Api private_deleted_node = create(:node, :deleted, :changeset => private_user_changeset) ## first try to delete node without auth - delete :delete, :params => { :id => private_node.id } + delete api_node_path(private_node) assert_response :unauthorized ## now set auth for the non-data public user - basic_authorization private_user.email, "test" + auth_header = basic_authorization_header private_user.email, "test" # try to delete with an invalid (closed) changeset xml = update_changeset(xml_for_node(private_node), private_user_closed_changeset.id) - delete :delete, :params => { :id => private_node.id }, :body => xml.to_s + delete api_node_path(private_node), :params => xml.to_s, :headers => auth_header assert_require_public_data("non-public user shouldn't be able to delete node") # try to delete with an invalid (non-existent) changeset xml = update_changeset(xml_for_node(private_node), 0) - delete :delete, :params => { :id => private_node.id }, :body => xml.to_s + delete api_node_path(private_node), :params => xml.to_s, :headers => auth_header assert_require_public_data("shouldn't be able to delete node, when user's data is private") # valid delete now takes a payload xml = xml_for_node(private_node) - delete :delete, :params => { :id => private_node.id }, :body => xml.to_s + delete api_node_path(private_node), :params => xml.to_s, :headers => auth_header assert_require_public_data("shouldn't be able to delete node when user's data isn't public'") # this won't work since the node is already deleted xml = xml_for_node(private_deleted_node) - delete :delete, :params => { :id => private_deleted_node.id }, :body => xml.to_s + delete api_node_path(private_deleted_node), :params => xml.to_s, :headers => auth_header assert_require_public_data # this won't work since the node never existed - delete :delete, :params => { :id => 0 } + delete api_node_path(:id => 0), :headers => auth_header assert_require_public_data ## these test whether nodes which are in-use can be deleted: @@ -210,7 +210,7 @@ module Api create(:way_node, :node => private_used_node) xml = xml_for_node(private_used_node) - delete :delete, :params => { :id => private_used_node.id }, :body => xml.to_s + delete api_node_path(private_used_node), :params => xml.to_s, :headers => auth_header assert_require_public_data "shouldn't be able to delete a node used in a way (#{@response.body})" # in a relation... @@ -218,7 +218,7 @@ module Api create(:relation_member, :member => private_used_node2) xml = xml_for_node(private_used_node2) - delete :delete, :params => { :id => private_used_node2.id }, :body => xml.to_s + delete api_node_path(private_used_node2), :params => xml.to_s, :headers => auth_header assert_require_public_data "shouldn't be able to delete a node used in a relation (#{@response.body})" ## now setup for the public data user @@ -226,34 +226,34 @@ module Api changeset = create(:changeset, :user => user) closed_changeset = create(:changeset, :closed, :user => user) node = create(:node, :changeset => changeset) - basic_authorization user.email, "test" + auth_header = basic_authorization_header user.email, "test" # try to delete with an invalid (closed) changeset xml = update_changeset(xml_for_node(node), closed_changeset.id) - delete :delete, :params => { :id => node.id }, :body => xml.to_s + delete api_node_path(node), :params => xml.to_s, :headers => auth_header assert_response :conflict # try to delete with an invalid (non-existent) changeset xml = update_changeset(xml_for_node(node), 0) - delete :delete, :params => { :id => node.id }, :body => xml.to_s + delete api_node_path(node), :params => xml.to_s, :headers => auth_header assert_response :conflict # try to delete a node with a different ID other_node = create(:node) xml = xml_for_node(other_node) - delete :delete, :params => { :id => node.id }, :body => xml.to_s + delete api_node_path(node.id), :params => xml.to_s, :headers => auth_header assert_response :bad_request, "should not be able to delete a node with a different ID from the XML" # try to delete a node rubbish in the payloads xml = "" - delete :delete, :params => { :id => node.id }, :body => xml.to_s + delete api_node_path(node), :params => xml.to_s, :headers => auth_header assert_response :bad_request, "should not be able to delete a node without a valid XML payload" # valid delete now takes a payload xml = xml_for_node(node) - delete :delete, :params => { :id => node.id }, :body => xml.to_s + delete api_node_path(node), :params => xml.to_s, :headers => auth_header assert_response :success # valid delete should return the new version number, which should @@ -263,11 +263,11 @@ module Api # deleting the same node twice doesn't work xml = xml_for_node(node) - delete :delete, :params => { :id => node.id }, :body => xml.to_s + delete api_node_path(node), :params => xml.to_s, :headers => auth_header assert_response :gone # this won't work since the node never existed - delete :delete, :params => { :id => 0 } + delete api_node_path(:id => 0), :headers => auth_header assert_response :not_found ## these test whether nodes which are in-use can be deleted: @@ -277,7 +277,7 @@ module Api way_node2 = create(:way_node, :node => used_node) xml = xml_for_node(used_node) - delete :delete, :params => { :id => used_node.id }, :body => xml.to_s + delete api_node_path(used_node), :params => xml.to_s, :headers => auth_header assert_response :precondition_failed, "shouldn't be able to delete a node used in a way (#{@response.body})" assert_equal "Precondition failed: Node #{used_node.id} is still used by ways #{way_node.way.id},#{way_node2.way.id}.", @response.body @@ -288,7 +288,7 @@ module Api relation_member2 = create(:relation_member, :member => used_node2) xml = xml_for_node(used_node2) - delete :delete, :params => { :id => used_node2.id }, :body => xml.to_s + delete api_node_path(used_node2), :params => xml.to_s, :headers => auth_header assert_response :precondition_failed, "shouldn't be able to delete a node used in a relation (#{@response.body})" assert_equal "Precondition failed: Node #{used_node2.id} is still used by relations #{relation_member.relation.id},#{relation_member2.relation.id}.", @response.body @@ -307,53 +307,53 @@ module Api node = create(:node, :changeset => create(:changeset, :user => user)) xml = xml_for_node(node) - put :update, :params => { :id => node.id }, :body => xml.to_s + put api_node_path(node), :params => xml.to_s assert_response :unauthorized ## Second test with the private user # setup auth - basic_authorization private_user.email, "test" + auth_header = basic_authorization_header private_user.email, "test" ## trying to break changesets # try and update in someone else's changeset xml = update_changeset(xml_for_node(private_node), create(:changeset).id) - put :update, :params => { :id => private_node.id }, :body => xml.to_s + put api_node_path(private_node), :params => xml.to_s, :headers => auth_header assert_require_public_data "update with other user's changeset should be forbidden when data isn't public" # try and update in a closed changeset xml = update_changeset(xml_for_node(private_node), create(:changeset, :closed, :user => private_user).id) - put :update, :params => { :id => private_node.id }, :body => xml.to_s + put api_node_path(private_node), :params => xml.to_s, :headers => auth_header assert_require_public_data "update with closed changeset should be forbidden, when data isn't public" # try and update in a non-existant changeset xml = update_changeset(xml_for_node(private_node), 0) - put :update, :params => { :id => private_node.id }, :body => xml.to_s + put api_node_path(private_node), :params => xml.to_s, :headers => auth_header assert_require_public_data "update with changeset=0 should be forbidden, when data isn't public" ## try and submit invalid updates xml = xml_attr_rewrite(xml_for_node(private_node), "lat", 91.0) - put :update, :params => { :id => private_node.id }, :body => xml.to_s + put api_node_path(private_node), :params => xml.to_s, :headers => auth_header assert_require_public_data "node at lat=91 should be forbidden, when data isn't public" xml = xml_attr_rewrite(xml_for_node(private_node), "lat", -91.0) - put :update, :params => { :id => private_node.id }, :body => xml.to_s + put api_node_path(private_node), :params => xml.to_s, :headers => auth_header assert_require_public_data "node at lat=-91 should be forbidden, when data isn't public" xml = xml_attr_rewrite(xml_for_node(private_node), "lon", 181.0) - put :update, :params => { :id => private_node.id }, :body => xml.to_s + put api_node_path(private_node), :params => xml.to_s, :headers => auth_header assert_require_public_data "node at lon=181 should be forbidden, when data isn't public" xml = xml_attr_rewrite(xml_for_node(private_node), "lon", -181.0) - put :update, :params => { :id => private_node.id }, :body => xml.to_s + put api_node_path(private_node), :params => xml.to_s, :headers => auth_header assert_require_public_data "node at lon=-181 should be forbidden, when data isn't public" ## finally, produce a good request which still won't work xml = xml_for_node(private_node) - put :update, :params => { :id => private_node.id }, :body => xml.to_s + put api_node_path(private_node), :params => xml.to_s, :headers => auth_header assert_require_public_data "should have failed with a forbidden when data isn't public" ## Finally test with the public user @@ -361,46 +361,46 @@ module Api # try and update a node without authorisation # first try to update node without auth xml = xml_for_node(node) - put :update, :params => { :id => node.id }, :body => xml.to_s + put api_node_path(node.id), :params => xml.to_s, :headers => auth_header assert_response :forbidden # setup auth - basic_authorization user.email, "test" + auth_header = basic_authorization_header user.email, "test" ## trying to break changesets # try and update in someone else's changeset xml = update_changeset(xml_for_node(node), create(:changeset).id) - put :update, :params => { :id => node.id }, :body => xml.to_s + put api_node_path(node), :params => xml.to_s, :headers => auth_header assert_response :conflict, "update with other user's changeset should be rejected" # try and update in a closed changeset xml = update_changeset(xml_for_node(node), create(:changeset, :closed, :user => user).id) - put :update, :params => { :id => node.id }, :body => xml.to_s + put api_node_path(node), :params => xml.to_s, :headers => auth_header assert_response :conflict, "update with closed changeset should be rejected" # try and update in a non-existant changeset xml = update_changeset(xml_for_node(node), 0) - put :update, :params => { :id => node.id }, :body => xml.to_s + put api_node_path(node), :params => xml.to_s, :headers => auth_header assert_response :conflict, "update with changeset=0 should be rejected" ## try and submit invalid updates xml = xml_attr_rewrite(xml_for_node(node), "lat", 91.0) - put :update, :params => { :id => node.id }, :body => xml.to_s + put api_node_path(node), :params => xml.to_s, :headers => auth_header assert_response :bad_request, "node at lat=91 should be rejected" xml = xml_attr_rewrite(xml_for_node(node), "lat", -91.0) - put :update, :params => { :id => node.id }, :body => xml.to_s + put api_node_path(node), :params => xml.to_s, :headers => auth_header assert_response :bad_request, "node at lat=-91 should be rejected" xml = xml_attr_rewrite(xml_for_node(node), "lon", 181.0) - put :update, :params => { :id => node.id }, :body => xml.to_s + put api_node_path(node), :params => xml.to_s, :headers => auth_header assert_response :bad_request, "node at lon=181 should be rejected" xml = xml_attr_rewrite(xml_for_node(node), "lon", -181.0) - put :update, :params => { :id => node.id }, :body => xml.to_s + put api_node_path(node), :params => xml.to_s, :headers => auth_header assert_response :bad_request, "node at lon=-181 should be rejected" ## next, attack the versioning @@ -409,37 +409,37 @@ module Api # try and submit a version behind xml = xml_attr_rewrite(xml_for_node(node), "version", current_node_version - 1) - put :update, :params => { :id => node.id }, :body => xml.to_s + put api_node_path(node), :params => xml.to_s, :headers => auth_header assert_response :conflict, "should have failed on old version number" # try and submit a version ahead xml = xml_attr_rewrite(xml_for_node(node), "version", current_node_version + 1) - put :update, :params => { :id => node.id }, :body => xml.to_s + put api_node_path(node), :params => xml.to_s, :headers => auth_header assert_response :conflict, "should have failed on skipped version number" # try and submit total crap in the version field xml = xml_attr_rewrite(xml_for_node(node), "version", "p1r4t3s!") - put :update, :params => { :id => node.id }, :body => xml.to_s + put api_node_path(node), :params => xml.to_s, :headers => auth_header assert_response :conflict, "should not be able to put 'p1r4at3s!' in the version field" ## try an update with the wrong ID xml = xml_for_node(create(:node)) - put :update, :params => { :id => node.id }, :body => xml.to_s + put api_node_path(node), :params => xml.to_s, :headers => auth_header assert_response :bad_request, "should not be able to update a node with a different ID from the XML" ## try an update with a minimal valid XML doc which isn't a well-formed OSM doc. xml = "" - put :update, :params => { :id => node.id }, :body => xml.to_s + put api_node_path(node), :params => xml.to_s, :headers => auth_header assert_response :bad_request, "should not be able to update a node with non-OSM XML doc." ## finally, produce a good request which should work xml = xml_for_node(node) - put :update, :params => { :id => node.id }, :body => xml.to_s + put api_node_path(node), :params => xml.to_s, :headers => auth_header assert_response :success, "a valid update request failed" end @@ -453,15 +453,15 @@ module Api node5 = create(:node, :deleted, :with_history, :version => 2) # check error when no parameter provided - get :index + get nodes_path assert_response :bad_request # check error when no parameter value provided - get :index, :params => { :nodes => "" } + get nodes_path, :params => { :nodes => "" } assert_response :bad_request # test a working call - get :index, :params => { :nodes => "#{node1.id},#{node2.id},#{node3.id},#{node4.id},#{node5.id}" } + get nodes_path, :params => { :nodes => "#{node1.id},#{node2.id},#{node3.id},#{node4.id},#{node5.id}" } assert_response :success assert_select "osm" do assert_select "node", :count => 5 @@ -473,7 +473,7 @@ module Api end # test a working call with json format - get :index, :params => { :nodes => "#{node1.id},#{node2.id},#{node3.id},#{node4.id},#{node5.id}", :format => "json" } + get nodes_path, :params => { :nodes => "#{node1.id},#{node2.id},#{node3.id},#{node4.id},#{node5.id}", :format => "json" } js = ActiveSupport::JSON.decode(@response.body) assert_not_nil js @@ -486,7 +486,7 @@ module Api assert_equal 1, (js["elements"].count { |a| a["id"] == node5.id && a["visible"] == false }) # check error when a non-existent node is included - get :index, :params => { :nodes => "#{node1.id},#{node2.id},#{node3.id},#{node4.id},#{node5.id},0" } + get nodes_path, :params => { :nodes => "#{node1.id},#{node2.id},#{node3.id},#{node4.id},#{node5.id},0" } assert_response :not_found end @@ -496,7 +496,7 @@ module Api existing_tag = create(:node_tag) assert existing_tag.node.changeset.user.data_public # setup auth - basic_authorization existing_tag.node.changeset.user.email, "test" + auth_header = basic_authorization_header existing_tag.node.changeset.user.email, "test" # add an identical tag to the node tag_xml = XML::Node.new("tag") @@ -508,7 +508,7 @@ module Api node_xml.find("//osm/node").first << tag_xml # try and upload it - put :update, :params => { :id => existing_tag.node.id }, :body => node_xml.to_s + put api_node_path(existing_tag.node), :params => node_xml.to_s, :headers => auth_header assert_response :bad_request, "adding duplicate tags to a node should fail with 'bad request'" assert_equal "Element node/#{existing_tag.node.id} has duplicate tags with key #{existing_tag.k}", @response.body @@ -522,25 +522,25 @@ module Api changeset = create(:changeset, :user => user) ## First try with the non-data public user - basic_authorization private_user.email, "test" + auth_header = basic_authorization_header private_user.email, "test" # try and put something into a string that the API might # use unquoted and therefore allow code injection... xml = "" \ '' \ "" - put :create, :body => xml + put node_create_path, :params => xml, :headers => auth_header assert_require_public_data "Shouldn't be able to create with non-public user" ## Then try with the public data user - basic_authorization user.email, "test" + auth_header = basic_authorization_header user.email, "test" # try and put something into a string that the API might # use unquoted and therefore allow code injection... xml = "" \ '' \ "" - put :create, :body => xml + put node_create_path, :params => xml, :headers => auth_header assert_response :success nodeid = @response.body @@ -549,7 +549,7 @@ module Api assert_not_nil checknode, "node not found in data base after upload" # and grab it using the api - get :show, :params => { :id => nodeid } + get api_node_path(:id => nodeid) assert_response :success apinode = Node.from_xml(@response.body) assert_not_nil apinode, "downloaded node is nil, but shouldn't be" diff --git a/test/controllers/api/old_nodes_controller_test.rb b/test/controllers/api/old_nodes_controller_test.rb index 76e78ffad..6d2303831 100644 --- a/test/controllers/api/old_nodes_controller_test.rb +++ b/test/controllers/api/old_nodes_controller_test.rb @@ -1,7 +1,7 @@ require "test_helper" module Api - class OldNodesControllerTest < ActionController::TestCase + class OldNodesControllerTest < ActionDispatch::IntegrationTest # # TODO: test history # @@ -48,7 +48,7 @@ module Api propagate_tags(node, node.old_nodes.last) ## First try this with a non-public user - basic_authorization private_user.email, "test" + auth_header = basic_authorization_header private_user.email, "test" # setup a simple XML node xml_doc = xml_for_node(private_node) @@ -68,7 +68,7 @@ module Api xml_node["lat"] = precision(rand * 180 - 90).to_s xml_node["lon"] = precision(rand * 360 - 180).to_s with_controller(NodesController.new) do - put :update, :params => { :id => nodeid }, :body => xml_doc.to_s + put api_node_path(:id => nodeid), :params => xml_doc.to_s, :headers => auth_header assert_response :forbidden, "Should have rejected node update" xml_node["version"] = @response.body.to_s end @@ -83,7 +83,7 @@ module Api xml_tag["v"] = random_string xml_node << xml_tag with_controller(NodesController.new) do - put :update, :params => { :id => nodeid }, :body => xml_doc.to_s + put api_node_path(:id => nodeid), :params => xml_doc.to_s, :headers => auth_header assert_response :forbidden, "should have rejected node #{nodeid} (#{@response.body}) with forbidden" xml_node["version"] = @response.body.to_s @@ -95,7 +95,7 @@ module Api # probably should check that they didn't get written to the database ## Now do it with the public user - basic_authorization user.email, "test" + auth_header = basic_authorization_header user.email, "test" # setup a simple XML node @@ -116,7 +116,7 @@ module Api xml_node["lat"] = precision(rand * 180 - 90).to_s xml_node["lon"] = precision(rand * 360 - 180).to_s with_controller(NodesController.new) do - put :update, :params => { :id => nodeid }, :body => xml_doc.to_s + put api_node_path(:id => nodeid), :params => xml_doc.to_s, :headers => auth_header assert_response :success xml_node["version"] = @response.body.to_s end @@ -131,7 +131,7 @@ module Api xml_tag["v"] = random_string xml_node << xml_tag with_controller(NodesController.new) do - put :update, :params => { :id => nodeid }, :body => xml_doc.to_s + put api_node_path(:id => nodeid), :params => xml_doc.to_s, :headers => auth_header assert_response :success, "couldn't update node #{nodeid} (#{@response.body})" xml_node["version"] = @response.body.to_s @@ -142,7 +142,7 @@ module Api # check all the versions versions.each_key do |key| - get :version, :params => { :id => nodeid, :version => key.to_i } + get node_version_path(:id => nodeid, :version => key.to_i) assert_response :success, "couldn't get version #{key.to_i} of node #{nodeid}" @@ -162,7 +162,7 @@ module Api end def check_not_found_id_version(id, version) - get :version, :params => { :id => id, :version => version } + get node_version_path(:id => id, :version => version) assert_response :not_found rescue ActionController::UrlGenerationError => e assert_match(/No route matches/, e.to_s) @@ -210,13 +210,14 @@ module Api # test the redaction of an old version of a node, while being # authorised as a normal user. def test_redact_node_normal_user - basic_authorization create(:user).email, "test" + auth_header = basic_authorization_header create(:user).email, "test" node = create(:node, :with_history, :version => 4) node_v3 = node.old_nodes.find_by(:version => 3) do_redact_node(node_v3, - create(:redaction)) + create(:redaction), + auth_header) assert_response :forbidden, "should need to be moderator to redact." end @@ -224,13 +225,14 @@ module Api # test that, even as moderator, the current version of a node # can't be redacted. def test_redact_node_current_version - basic_authorization create(:moderator_user).email, "test" + auth_header = basic_authorization_header create(:moderator_user).email, "test" node = create(:node, :with_history, :version => 4) node_v4 = node.old_nodes.find_by(:version => 4) do_redact_node(node_v4, - create(:redaction)) + create(:redaction), + auth_header) assert_response :bad_request, "shouldn't be OK to redact current version as moderator." end @@ -242,12 +244,12 @@ module Api node_v1 = node.old_nodes.find_by(:version => 1) node_v1.redact!(create(:redaction)) - get :version, :params => { :id => node_v1.node_id, :version => node_v1.version } + get node_version_path(:id => node_v1.node_id, :version => node_v1.version) assert_response :forbidden, "Redacted node shouldn't be visible via the version API." # not even to a logged-in user - basic_authorization create(:user).email, "test" - get :version, :params => { :id => node_v1.node_id, :version => node_v1.version } + auth_header = basic_authorization_header create(:user).email, "test" + get node_version_path(:id => node_v1.node_id, :version => node_v1.version), :headers => auth_header assert_response :forbidden, "Redacted node shouldn't be visible via the version API, even when logged in." end @@ -258,13 +260,13 @@ module Api node_v1 = node.old_nodes.find_by(:version => 1) node_v1.redact!(create(:redaction)) - get :history, :params => { :id => node_v1.node_id } + get api_node_history_path(:id => node_v1.node_id) assert_response :success, "Redaction shouldn't have stopped history working." assert_select "osm node[id='#{node_v1.node_id}'][version='#{node_v1.version}']", 0, "redacted node #{node_v1.node_id} version #{node_v1.version} shouldn't be present in the history." # not even to a logged-in user - basic_authorization create(:user).email, "test" - get :history, :params => { :id => node_v1.node_id } + auth_header = basic_authorization_header create(:user).email, "test" + get api_node_history_path(:id => node_v1.node_id), :headers => auth_header assert_response :success, "Redaction shouldn't have stopped history working." assert_select "osm node[id='#{node_v1.node_id}'][version='#{node_v1.version}']", 0, "redacted node #{node_v1.node_id} version #{node_v1.version} shouldn't be present in the history, even when logged in." end @@ -275,23 +277,23 @@ module Api def test_redact_node_moderator node = create(:node, :with_history, :version => 4) node_v3 = node.old_nodes.find_by(:version => 3) - basic_authorization create(:moderator_user).email, "test" + auth_header = basic_authorization_header create(:moderator_user).email, "test" - do_redact_node(node_v3, create(:redaction)) + do_redact_node(node_v3, create(:redaction), auth_header) assert_response :success, "should be OK to redact old version as moderator." # check moderator can still see the redacted data, when passing # the appropriate flag - get :version, :params => { :id => node_v3.node_id, :version => node_v3.version } + get node_version_path(:id => node_v3.node_id, :version => node_v3.version), :headers => auth_header assert_response :forbidden, "After redaction, node should be gone for moderator, when flag not passed." - get :version, :params => { :id => node_v3.node_id, :version => node_v3.version, :show_redactions => "true" } + get node_version_path(:id => node_v3.node_id, :version => node_v3.version), :params => { :show_redactions => "true" }, :headers => auth_header assert_response :success, "After redaction, node should not be gone for moderator, when flag passed." # and when accessed via history - get :history, :params => { :id => node_v3.node_id } + get api_node_history_path(:id => node_v3.node_id) assert_response :success, "Redaction shouldn't have stopped history working." assert_select "osm node[id='#{node_v3.node_id}'][version='#{node_v3.version}']", 0, "node #{node_v3.node_id} version #{node_v3.version} should not be present in the history for moderators when not passing flag." - get :history, :params => { :id => node_v3.node_id, :show_redactions => "true" } + get api_node_history_path(:id => node_v3.node_id), :params => { :show_redactions => "true" }, :headers => auth_header assert_response :success, "Redaction shouldn't have stopped history working." assert_select "osm node[id='#{node_v3.node_id}'][version='#{node_v3.version}']", 1, "node #{node_v3.node_id} version #{node_v3.version} should still be present in the history for moderators when passing flag." end @@ -301,20 +303,20 @@ module Api def test_redact_node_is_redacted node = create(:node, :with_history, :version => 4) node_v3 = node.old_nodes.find_by(:version => 3) - basic_authorization create(:moderator_user).email, "test" + auth_header = basic_authorization_header create(:moderator_user).email, "test" - do_redact_node(node_v3, create(:redaction)) + do_redact_node(node_v3, create(:redaction), auth_header) assert_response :success, "should be OK to redact old version as moderator." # re-auth as non-moderator - basic_authorization create(:user).email, "test" + auth_header = basic_authorization_header create(:user).email, "test" # check can't see the redacted data - get :version, :params => { :id => node_v3.node_id, :version => node_v3.version } + get node_version_path(:id => node_v3.node_id, :version => node_v3.version), :headers => auth_header assert_response :forbidden, "Redacted node shouldn't be visible via the version API." # and when accessed via history - get :history, :params => { :id => node_v3.node_id } + get api_node_history_path(:id => node_v3.node_id), :headers => auth_header assert_response :success, "Redaction shouldn't have stopped history working." assert_select "osm node[id='#{node_v3.node_id}'][version='#{node_v3.version}']", 0, "redacted node #{node_v3.node_id} version #{node_v3.version} shouldn't be present in the history." end @@ -327,7 +329,7 @@ module Api node_v1 = node.old_nodes.find_by(:version => 1) node_v1.redact!(create(:redaction)) - post :redact, :params => { :id => node_v1.node_id, :version => node_v1.version } + post node_version_redact_path(:id => node_v1.node_id, :version => node_v1.version) assert_response :unauthorized, "should need to be authenticated to unredact." end @@ -340,9 +342,9 @@ module Api node_v1 = node.old_nodes.find_by(:version => 1) node_v1.redact!(create(:redaction)) - basic_authorization user.email, "test" + auth_header = basic_authorization_header user.email, "test" - post :redact, :params => { :id => node_v1.node_id, :version => node_v1.version } + post node_version_redact_path(:id => node_v1.node_id, :version => node_v1.version), :headers => auth_header assert_response :forbidden, "should need to be moderator to unredact." end @@ -355,54 +357,54 @@ module Api node_v1 = node.old_nodes.find_by(:version => 1) node_v1.redact!(create(:redaction)) - basic_authorization moderator_user.email, "test" + auth_header = basic_authorization_header moderator_user.email, "test" - post :redact, :params => { :id => node_v1.node_id, :version => node_v1.version } + post node_version_redact_path(:id => node_v1.node_id, :version => node_v1.version), :headers => auth_header assert_response :success, "should be OK to unredact old version as moderator." # check moderator can now see the redacted data, when not # passing the aspecial flag - get :version, :params => { :id => node_v1.node_id, :version => node_v1.version } + get node_version_path(:id => node_v1.node_id, :version => node_v1.version), :headers => auth_header assert_response :success, "After unredaction, node should not be gone for moderator." # and when accessed via history - get :history, :params => { :id => node_v1.node_id } + get api_node_history_path(:id => node_v1.node_id) assert_response :success, "Unredaction shouldn't have stopped history working." assert_select "osm node[id='#{node_v1.node_id}'][version='#{node_v1.version}']", 1, "node #{node_v1.node_id} version #{node_v1.version} should now be present in the history for moderators without passing flag." - basic_authorization create(:user).email, "test" + auth_header = basic_authorization_header create(:user).email, "test" # check normal user can now see the redacted data - get :version, :params => { :id => node_v1.node_id, :version => node_v1.version } + get node_version_path(:id => node_v1.node_id, :version => node_v1.version), :headers => auth_header assert_response :success, "After unredaction, node should be visible to normal users." # and when accessed via history - get :history, :params => { :id => node_v1.node_id } + get api_node_history_path(:id => node_v1.node_id) assert_response :success, "Unredaction shouldn't have stopped history working." assert_select "osm node[id='#{node_v1.node_id}'][version='#{node_v1.version}']", 1, "node #{node_v1.node_id} version #{node_v1.version} should now be present in the history for normal users without passing flag." end private - def do_redact_node(node, redaction) - get :version, :params => { :id => node.node_id, :version => node.version } + def do_redact_node(node, redaction, headers = {}) + get node_version_path(:id => node.node_id, :version => node.version), :headers => headers assert_response :success, "should be able to get version #{node.version} of node #{node.node_id}." # now redact it - post :redact, :params => { :id => node.node_id, :version => node.version, :redaction => redaction.id } + post node_version_redact_path(:id => node.node_id, :version => node.version), :params => { :redaction => redaction.id }, :headers => headers end def check_current_version(node_id) # get the current version of the node current_node = with_controller(NodesController.new) do - get :show, :params => { :id => node_id } + get api_node_path(:id => node_id) assert_response :success, "cant get current node #{node_id}" Node.from_xml(@response.body) end assert_not_nil current_node, "getting node #{node_id} returned nil" # get the "old" version of the node from the old_node interface - get :version, :params => { :id => node_id, :version => current_node.version } + get node_version_path(:id => node_id, :version => current_node.version) assert_response :success, "cant get old node #{node_id}, v#{current_node.version}" old_node = Node.from_xml(@response.body) diff --git a/test/controllers/api/old_relations_controller_test.rb b/test/controllers/api/old_relations_controller_test.rb index 19e8ae357..d5431e8af 100644 --- a/test/controllers/api/old_relations_controller_test.rb +++ b/test/controllers/api/old_relations_controller_test.rb @@ -1,7 +1,7 @@ require "test_helper" module Api - class OldRelationsControllerTest < ActionController::TestCase + class OldRelationsControllerTest < ActionDispatch::IntegrationTest ## # test all routes which lead to this controller def test_routes @@ -32,11 +32,11 @@ module Api # ------------------------------------- def test_history # check that a visible relations is returned properly - get :history, :params => { :id => create(:relation, :with_history).id } + get api_relation_history_path(create(:relation, :with_history)) assert_response :success # check chat a non-existent relations is not returned - get :history, :params => { :id => 0 } + get api_relation_history_path(:id => 0) assert_response :not_found end @@ -58,9 +58,9 @@ module Api relation = create(:relation, :with_history, :version => 4) relation_v3 = relation.old_relations.find_by(:version => 3) - basic_authorization create(:user).email, "test" + auth_header = basic_authorization_header create(:user).email, "test" - do_redact_relation(relation_v3, create(:redaction)) + do_redact_relation(relation_v3, create(:redaction), auth_header) assert_response :forbidden, "should need to be moderator to redact." end @@ -71,9 +71,9 @@ module Api relation = create(:relation, :with_history, :version => 4) relation_latest = relation.old_relations.last - basic_authorization create(:moderator_user).email, "test" + auth_header = basic_authorization_header create(:moderator_user).email, "test" - do_redact_relation(relation_latest, create(:redaction)) + do_redact_relation(relation_latest, create(:redaction), auth_header) assert_response :bad_request, "shouldn't be OK to redact current version as moderator." end @@ -85,12 +85,12 @@ module Api relation_v1 = relation.old_relations.find_by(:version => 1) relation_v1.redact!(create(:redaction)) - get :version, :params => { :id => relation_v1.relation_id, :version => relation_v1.version } + get relation_version_path(:id => relation_v1.relation_id, :version => relation_v1.version) assert_response :forbidden, "Redacted relation shouldn't be visible via the version API." # not even to a logged-in user - basic_authorization create(:user).email, "test" - get :version, :params => { :id => relation_v1.relation_id, :version => relation_v1.version } + auth_header = basic_authorization_header create(:user).email, "test" + get relation_version_path(:id => relation_v1.relation_id, :version => relation_v1.version), :headers => auth_header assert_response :forbidden, "Redacted relation shouldn't be visible via the version API, even when logged in." end @@ -101,14 +101,14 @@ module Api relation_v1 = relation.old_relations.find_by(:version => 1) relation_v1.redact!(create(:redaction)) - get :history, :params => { :id => relation_v1.relation_id } + get api_relation_history_path(:id => relation_v1.relation_id) assert_response :success, "Redaction shouldn't have stopped history working." assert_select "osm relation[id='#{relation_v1.relation_id}'][version='#{relation_v1.version}']", 0, "redacted relation #{relation_v1.relation_id} version #{relation_v1.version} shouldn't be present in the history." # not even to a logged-in user - basic_authorization create(:user).email, "test" - get :version, :params => { :id => relation_v1.relation_id, :version => relation_v1.version } - get :history, :params => { :id => relation_v1.relation_id } + auth_header = basic_authorization_header create(:user).email, "test" + get relation_version_path(:id => relation_v1.relation_id, :version => relation_v1.version), :headers => auth_header + get api_relation_history_path(:id => relation_v1.relation_id), :headers => auth_header assert_response :success, "Redaction shouldn't have stopped history working." assert_select "osm relation[id='#{relation_v1.relation_id}'][version='#{relation_v1.version}']", 0, "redacted relation #{relation_v1.relation_id} version #{relation_v1.version} shouldn't be present in the history, even when logged in." end @@ -120,23 +120,23 @@ module Api relation = create(:relation, :with_history, :version => 4) relation_v3 = relation.old_relations.find_by(:version => 3) - basic_authorization create(:moderator_user).email, "test" + auth_header = basic_authorization_header create(:moderator_user).email, "test" - do_redact_relation(relation_v3, create(:redaction)) + do_redact_relation(relation_v3, create(:redaction), auth_header) assert_response :success, "should be OK to redact old version as moderator." # check moderator can still see the redacted data, when passing # the appropriate flag - get :version, :params => { :id => relation_v3.relation_id, :version => relation_v3.version } + get relation_version_path(:id => relation_v3.relation_id, :version => relation_v3.version), :headers => auth_header assert_response :forbidden, "After redaction, relation should be gone for moderator, when flag not passed." - get :version, :params => { :id => relation_v3.relation_id, :version => relation_v3.version, :show_redactions => "true" } + get relation_version_path(:id => relation_v3.relation_id, :version => relation_v3.version), :params => { :show_redactions => "true" }, :headers => auth_header assert_response :success, "After redaction, relation should not be gone for moderator, when flag passed." # and when accessed via history - get :history, :params => { :id => relation_v3.relation_id } + get api_relation_history_path(:id => relation_v3.relation_id), :headers => auth_header assert_response :success, "Redaction shouldn't have stopped history working." assert_select "osm relation[id='#{relation_v3.relation_id}'][version='#{relation_v3.version}']", 0, "relation #{relation_v3.relation_id} version #{relation_v3.version} should not be present in the history for moderators when not passing flag." - get :history, :params => { :id => relation_v3.relation_id, :show_redactions => "true" } + get api_relation_history_path(:id => relation_v3.relation_id), :params => { :show_redactions => "true" }, :headers => auth_header assert_response :success, "Redaction shouldn't have stopped history working." assert_select "osm relation[id='#{relation_v3.relation_id}'][version='#{relation_v3.version}']", 1, "relation #{relation_v3.relation_id} version #{relation_v3.version} should still be present in the history for moderators when passing flag." end @@ -147,20 +147,20 @@ module Api relation = create(:relation, :with_history, :version => 4) relation_v3 = relation.old_relations.find_by(:version => 3) - basic_authorization create(:moderator_user).email, "test" + auth_header = basic_authorization_header create(:moderator_user).email, "test" - do_redact_relation(relation_v3, create(:redaction)) + do_redact_relation(relation_v3, create(:redaction), auth_header) assert_response :success, "should be OK to redact old version as moderator." # re-auth as non-moderator - basic_authorization create(:user).email, "test" + auth_header = basic_authorization_header create(:user).email, "test" # check can't see the redacted data - get :version, :params => { :id => relation_v3.relation_id, :version => relation_v3.version } + get relation_version_path(:id => relation_v3.relation_id, :version => relation_v3.version), :headers => auth_header assert_response :forbidden, "Redacted relation shouldn't be visible via the version API." # and when accessed via history - get :history, :params => { :id => relation_v3.relation_id } + get api_relation_history_path(:id => relation_v3.relation_id), :headers => auth_header assert_response :success, "Redaction shouldn't have stopped history working." assert_select "osm relation[id='#{relation_v3.relation_id}'][version='#{relation_v3.version}']", 0, "redacted relation #{relation_v3.relation_id} version #{relation_v3.version} shouldn't be present in the history." end @@ -173,7 +173,7 @@ module Api relation_v1 = relation.old_relations.find_by(:version => 1) relation_v1.redact!(create(:redaction)) - post :redact, :params => { :id => relation_v1.relation_id, :version => relation_v1.version } + post relation_version_redact_path(:id => relation_v1.relation_id, :version => relation_v1.version) assert_response :unauthorized, "should need to be authenticated to unredact." end @@ -185,9 +185,9 @@ module Api relation_v1 = relation.old_relations.find_by(:version => 1) relation_v1.redact!(create(:redaction)) - basic_authorization create(:user).email, "test" + auth_header = basic_authorization_header create(:user).email, "test" - post :redact, :params => { :id => relation_v1.relation_id, :version => relation_v1.version } + post relation_version_redact_path(:id => relation_v1.relation_id, :version => relation_v1.version), :headers => auth_header assert_response :forbidden, "should need to be moderator to unredact." end @@ -199,29 +199,29 @@ module Api relation_v1 = relation.old_relations.find_by(:version => 1) relation_v1.redact!(create(:redaction)) - basic_authorization create(:moderator_user).email, "test" + auth_header = basic_authorization_header create(:moderator_user).email, "test" - post :redact, :params => { :id => relation_v1.relation_id, :version => relation_v1.version } + post relation_version_redact_path(:id => relation_v1.relation_id, :version => relation_v1.version), :headers => auth_header assert_response :success, "should be OK to unredact old version as moderator." # check moderator can still see the redacted data, without passing # the appropriate flag - get :version, :params => { :id => relation_v1.relation_id, :version => relation_v1.version } + get relation_version_path(:id => relation_v1.relation_id, :version => relation_v1.version), :headers => auth_header assert_response :success, "After unredaction, relation should not be gone for moderator." # and when accessed via history - get :history, :params => { :id => relation_v1.relation_id } + get api_relation_history_path(:id => relation_v1.relation_id), :headers => auth_header assert_response :success, "Redaction shouldn't have stopped history working." assert_select "osm relation[id='#{relation_v1.relation_id}'][version='#{relation_v1.version}']", 1, "relation #{relation_v1.relation_id} version #{relation_v1.version} should still be present in the history for moderators." - basic_authorization create(:user).email, "test" + auth_header = basic_authorization_header create(:user).email, "test" # check normal user can now see the redacted data - get :version, :params => { :id => relation_v1.relation_id, :version => relation_v1.version } + get relation_version_path(:id => relation_v1.relation_id, :version => relation_v1.version), :headers => auth_header assert_response :success, "After redaction, node should not be gone for normal user." # and when accessed via history - get :history, :params => { :id => relation_v1.relation_id } + get api_relation_history_path(:id => relation_v1.relation_id), :headers => auth_header assert_response :success, "Redaction shouldn't have stopped history working." assert_select "osm relation[id='#{relation_v1.relation_id}'][version='#{relation_v1.version}']", 1, "relation #{relation_v1.relation_id} version #{relation_v1.version} should still be present in the history for normal users." end @@ -271,12 +271,12 @@ module Api end end - def do_redact_relation(relation, redaction) - get :version, :params => { :id => relation.relation_id, :version => relation.version } + def do_redact_relation(relation, redaction, headers = {}) + get relation_version_path(:id => relation.relation_id, :version => relation.version) assert_response :success, "should be able to get version #{relation.version} of relation #{relation.relation_id}." # now redact it - post :redact, :params => { :id => relation.relation_id, :version => relation.version, :redaction => redaction.id } + post relation_version_redact_path(:id => relation.relation_id, :version => relation.version), :params => { :redaction => redaction.id }, :headers => headers end end end diff --git a/test/controllers/api/old_ways_controller_test.rb b/test/controllers/api/old_ways_controller_test.rb index cd676a960..c77117589 100644 --- a/test/controllers/api/old_ways_controller_test.rb +++ b/test/controllers/api/old_ways_controller_test.rb @@ -1,7 +1,7 @@ require "test_helper" module Api - class OldWaysControllerTest < ActionController::TestCase + class OldWaysControllerTest < ActionDispatch::IntegrationTest ## # test all routes which lead to this controller def test_routes @@ -33,19 +33,19 @@ module Api def test_history_visible # check that a visible way is returned properly - get :history, :params => { :id => create(:way, :with_history).id } + get api_way_history_path(create(:way, :with_history)) assert_response :success end def test_history_invisible # check that an invisible way's history is returned properly - get :history, :params => { :id => create(:way, :with_history, :deleted).id } + get api_way_history_path(create(:way, :with_history, :deleted)) assert_response :success end def test_history_invalid # check chat a non-existent way is not returned - get :history, :params => { :id => 0 } + get api_way_history_path(:id => 0) assert_response :not_found end @@ -98,11 +98,11 @@ module Api # test the redaction of an old version of a way, while being # authorised as a normal user. def test_redact_way_normal_user - basic_authorization create(:user).email, "test" + auth_header = basic_authorization_header create(:user).email, "test" way = create(:way, :with_history, :version => 4) way_v3 = way.old_ways.find_by(:version => 3) - do_redact_way(way_v3, create(:redaction)) + do_redact_way(way_v3, create(:redaction), auth_header) assert_response :forbidden, "should need to be moderator to redact." end @@ -110,11 +110,11 @@ module Api # test that, even as moderator, the current version of a way # can't be redacted. def test_redact_way_current_version - basic_authorization create(:moderator_user).email, "test" + auth_header = basic_authorization_header create(:moderator_user).email, "test" way = create(:way, :with_history, :version => 4) way_latest = way.old_ways.last - do_redact_way(way_latest, create(:redaction)) + do_redact_way(way_latest, create(:redaction), auth_header) assert_response :bad_request, "shouldn't be OK to redact current version as moderator." end @@ -126,12 +126,12 @@ module Api way_v1 = way.old_ways.find_by(:version => 1) way_v1.redact!(create(:redaction)) - get :version, :params => { :id => way_v1.way_id, :version => way_v1.version } + get way_version_path(:id => way_v1.way_id, :version => way_v1.version) assert_response :forbidden, "Redacted way shouldn't be visible via the version API." # not even to a logged-in user - basic_authorization create(:user).email, "test" - get :version, :params => { :id => way_v1.way_id, :version => way_v1.version } + auth_header = basic_authorization_header create(:user).email, "test" + get way_version_path(:id => way_v1.way_id, :version => way_v1.version), :headers => auth_header assert_response :forbidden, "Redacted way shouldn't be visible via the version API, even when logged in." end @@ -142,14 +142,14 @@ module Api way_v1 = way.old_ways.find_by(:version => 1) way_v1.redact!(create(:redaction)) - get :history, :params => { :id => way_v1.way_id } + get api_way_history_path(:id => way_v1.way_id) assert_response :success, "Redaction shouldn't have stopped history working." assert_select "osm way[id='#{way_v1.way_id}'][version='#{way_v1.version}']", 0, "redacted way #{way_v1.way_id} version #{way_v1.version} shouldn't be present in the history." # not even to a logged-in user - basic_authorization create(:user).email, "test" - get :version, :params => { :id => way_v1.way_id, :version => way_v1.version } - get :history, :params => { :id => way_v1.way_id } + auth_header = basic_authorization_header create(:user).email, "test" + get way_version_path(:id => way_v1.way_id, :version => way_v1.version), :headers => auth_header + get api_way_history_path(:id => way_v1.way_id), :headers => auth_header assert_response :success, "Redaction shouldn't have stopped history working." assert_select "osm way[id='#{way_v1.way_id}'][version='#{way_v1.version}']", 0, "redacted node #{way_v1.way_id} version #{way_v1.version} shouldn't be present in the history, even when logged in." end @@ -160,23 +160,23 @@ module Api def test_redact_way_moderator way = create(:way, :with_history, :version => 4) way_v3 = way.old_ways.find_by(:version => 3) - basic_authorization create(:moderator_user).email, "test" + auth_header = basic_authorization_header create(:moderator_user).email, "test" - do_redact_way(way_v3, create(:redaction)) + do_redact_way(way_v3, create(:redaction), auth_header) assert_response :success, "should be OK to redact old version as moderator." # check moderator can still see the redacted data, when passing # the appropriate flag - get :version, :params => { :id => way_v3.way_id, :version => way_v3.version } + get way_version_path(:id => way_v3.way_id, :version => way_v3.version), :headers => auth_header assert_response :forbidden, "After redaction, node should be gone for moderator, when flag not passed." - get :version, :params => { :id => way_v3.way_id, :version => way_v3.version, :show_redactions => "true" } + get way_version_path(:id => way_v3.way_id, :version => way_v3.version), :params => { :show_redactions => "true" }, :headers => auth_header assert_response :success, "After redaction, node should not be gone for moderator, when flag passed." # and when accessed via history - get :history, :params => { :id => way_v3.way_id } + get api_way_history_path(:id => way_v3.way_id), :headers => auth_header assert_response :success, "Redaction shouldn't have stopped history working." assert_select "osm way[id='#{way_v3.way_id}'][version='#{way_v3.version}']", 0, "way #{way_v3.way_id} version #{way_v3.version} should not be present in the history for moderators when not passing flag." - get :history, :params => { :id => way_v3.way_id, :show_redactions => "true" } + get api_way_history_path(:id => way_v3.way_id), :params => { :show_redactions => "true" }, :headers => auth_header assert_response :success, "Redaction shouldn't have stopped history working." assert_select "osm way[id='#{way_v3.way_id}'][version='#{way_v3.version}']", 1, "way #{way_v3.way_id} version #{way_v3.version} should still be present in the history for moderators when passing flag." end @@ -186,20 +186,20 @@ module Api def test_redact_way_is_redacted way = create(:way, :with_history, :version => 4) way_v3 = way.old_ways.find_by(:version => 3) - basic_authorization create(:moderator_user).email, "test" + auth_header = basic_authorization_header create(:moderator_user).email, "test" - do_redact_way(way_v3, create(:redaction)) + do_redact_way(way_v3, create(:redaction), auth_header) assert_response :success, "should be OK to redact old version as moderator." # re-auth as non-moderator - basic_authorization create(:user).email, "test" + auth_header = basic_authorization_header create(:user).email, "test" # check can't see the redacted data - get :version, :params => { :id => way_v3.way_id, :version => way_v3.version } + get way_version_path(:id => way_v3.way_id, :version => way_v3.version), :headers => auth_header assert_response :forbidden, "Redacted node shouldn't be visible via the version API." # and when accessed via history - get :history, :params => { :id => way_v3.way_id } + get api_way_history_path(:id => way_v3.way_id), :headers => auth_header assert_response :success, "Redaction shouldn't have stopped history working." assert_select "osm way[id='#{way_v3.way_id}'][version='#{way_v3.version}']", 0, "redacted way #{way_v3.way_id} version #{way_v3.version} shouldn't be present in the history." end @@ -212,7 +212,7 @@ module Api way_v1 = way.old_ways.find_by(:version => 1) way_v1.redact!(create(:redaction)) - post :redact, :params => { :id => way_v1.way_id, :version => way_v1.version } + post way_version_redact_path(:id => way_v1.way_id, :version => way_v1.version) assert_response :unauthorized, "should need to be authenticated to unredact." end @@ -224,9 +224,9 @@ module Api way_v1 = way.old_ways.find_by(:version => 1) way_v1.redact!(create(:redaction)) - basic_authorization create(:user).email, "test" + auth_header = basic_authorization_header create(:user).email, "test" - post :redact, :params => { :id => way_v1.way_id, :version => way_v1.version } + post way_version_redact_path(:id => way_v1.way_id, :version => way_v1.version), :headers => auth_header assert_response :forbidden, "should need to be moderator to unredact." end @@ -239,29 +239,29 @@ module Api way_v1 = way.old_ways.find_by(:version => 1) way_v1.redact!(create(:redaction)) - basic_authorization moderator_user.email, "test" + auth_header = basic_authorization_header moderator_user.email, "test" - post :redact, :params => { :id => way_v1.way_id, :version => way_v1.version } + post way_version_redact_path(:id => way_v1.way_id, :version => way_v1.version), :headers => auth_header assert_response :success, "should be OK to unredact old version as moderator." # check moderator can still see the unredacted data, without passing # the appropriate flag - get :version, :params => { :id => way_v1.way_id, :version => way_v1.version } + get way_version_path(:id => way_v1.way_id, :version => way_v1.version), :headers => auth_header assert_response :success, "After unredaction, node should not be gone for moderator." # and when accessed via history - get :history, :params => { :id => way_v1.way_id } + get api_way_history_path(:id => way_v1.way_id), :headers => auth_header assert_response :success, "Unredaction shouldn't have stopped history working." assert_select "osm way[id='#{way_v1.way_id}'][version='#{way_v1.version}']", 1, "way #{way_v1.way_id} version #{way_v1.version} should still be present in the history for moderators." - basic_authorization create(:user).email, "test" + auth_header = basic_authorization_header create(:user).email, "test" # check normal user can now see the unredacted data - get :version, :params => { :id => way_v1.way_id, :version => way_v1.version } + get way_version_path(:id => way_v1.way_id, :version => way_v1.version), :headers => auth_header assert_response :success, "After redaction, node should not be gone for moderator, when flag passed." # and when accessed via history - get :history, :params => { :id => way_v1.way_id } + get api_way_history_path(:id => way_v1.way_id), :headers => auth_header assert_response :success, "Redaction shouldn't have stopped history working." assert_select "osm way[id='#{way_v1.way_id}'][version='#{way_v1.version}']", 1, "way #{way_v1.way_id} version #{way_v1.version} should still be present in the history for normal users." end @@ -274,14 +274,14 @@ module Api def check_current_version(way_id) # get the current version current_way = with_controller(WaysController.new) do - get :show, :params => { :id => way_id } + get api_way_path(way_id) assert_response :success, "can't get current way #{way_id}" Way.from_xml(@response.body) end assert_not_nil current_way, "getting way #{way_id} returned nil" # get the "old" version of the way from the version method - get :version, :params => { :id => way_id, :version => current_way.version } + get way_version_path(:id => way_id, :version => current_way.version) assert_response :success, "can't get old way #{way_id}, v#{current_way.version}" old_way = Way.from_xml(@response.body) @@ -293,7 +293,7 @@ module Api # look at all the versions of the way in the history and get each version from # the versions call. check that they're the same. def check_history_equals_versions(way_id) - get :history, :params => { :id => way_id } + get api_way_history_path(:id => way_id) assert_response :success, "can't get way #{way_id} from API" history_doc = XML::Parser.string(@response.body).parse assert_not_nil history_doc, "parsing way #{way_id} history failed" @@ -302,7 +302,7 @@ module Api history_way = Way.from_xml_node(way_doc) assert_not_nil history_way, "parsing way #{way_id} version failed" - get :version, :params => { :id => way_id, :version => history_way.version } + get way_version_path(:id => way_id, :version => history_way.version) assert_response :success, "couldn't get way #{way_id}, v#{history_way.version}" version_way = Way.from_xml(@response.body) assert_not_nil version_way, "failed to parse #{way_id}, v#{history_way.version}" @@ -311,12 +311,12 @@ module Api end end - def do_redact_way(way, redaction) - get :version, :params => { :id => way.way_id, :version => way.version } + def do_redact_way(way, redaction, headers = {}) + get way_version_path(:id => way.way_id, :version => way.version) assert_response :success, "should be able to get version #{way.version} of way #{way.way_id}." # now redact it - post :redact, :params => { :id => way.way_id, :version => way.version, :redaction => redaction.id } + post way_version_redact_path(:id => way.way_id, :version => way.version), :params => { :redaction => redaction.id }, :headers => headers end def propagate_tags(way, old_way) diff --git a/test/controllers/api/relations_controller_test.rb b/test/controllers/api/relations_controller_test.rb index 5116ddb02..cff8d65e1 100644 --- a/test/controllers/api/relations_controller_test.rb +++ b/test/controllers/api/relations_controller_test.rb @@ -1,7 +1,7 @@ require "test_helper" module Api - class RelationsControllerTest < ActionController::TestCase + class RelationsControllerTest < ActionDispatch::IntegrationTest ## # test all routes which lead to this controller def test_routes @@ -74,15 +74,15 @@ module Api def test_show # check that a visible relation is returned properly - get :show, :params => { :id => create(:relation).id } + get api_relation_path(create(:relation)) assert_response :success # check that an invisible relation is not returned - get :show, :params => { :id => create(:relation, :deleted).id } + get api_relation_path(create(:relation, :deleted)) assert_response :gone # check chat a non-existent relation is not returned - get :show, :params => { :id => 0 } + get api_relation_path(:id => 0) assert_response :not_found end @@ -107,7 +107,7 @@ module Api deleted_relation = create(:relation, :deleted) create(:relation_member, :member => node, :relation => deleted_relation) - check_relations_for_element(:relations_for_node, "node", + check_relations_for_element(node_relations_path(node), "node", node.id, [relation_with_node, second_relation]) end @@ -127,7 +127,7 @@ module Api deleted_relation = create(:relation, :deleted) create(:relation_member, :member => way, :relation => deleted_relation) - check_relations_for_element(:relations_for_way, "way", + check_relations_for_element(way_relations_path(way), "way", way.id, [relation_with_way, second_relation]) end @@ -146,14 +146,14 @@ module Api # should not include deleted relations deleted_relation = create(:relation, :deleted) create(:relation_member, :member => relation, :relation => deleted_relation) - check_relations_for_element(:relations_for_relation, "relation", + check_relations_for_element(relation_relations_path(relation), "relation", relation.id, [relation_with_relation, second_relation]) end - def check_relations_for_element(method, type, id, expected_relations) + def check_relations_for_element(path, type, id, expected_relations) # check the "relations for relation" mode - get method, :params => { :id => id } + get path assert_response :success # count one osm element @@ -172,13 +172,13 @@ module Api def test_full # check the "full" mode - get :full, :params => { :id => 999999 } + get relation_full_path(:id => 999999) assert_response :not_found - get :full, :params => { :id => create(:relation, :deleted).id } + get relation_full_path(:id => create(:relation, :deleted).id) assert_response :gone - get :full, :params => { :id => create(:relation).id } + get relation_full_path(:id => create(:relation).id) assert_response :success # FIXME: check whether this contains the stuff we want! end @@ -193,15 +193,15 @@ module Api relation4.old_relations.find_by(:version => 1).redact!(create(:redaction)) # check error when no parameter provided - get :index + get relations_path assert_response :bad_request # check error when no parameter value provided - get :index, :params => { :relations => "" } + get relations_path, :params => { :relations => "" } assert_response :bad_request # test a working call - get :index, :params => { :relations => "#{relation1.id},#{relation2.id},#{relation3.id},#{relation4.id}" } + get relations_path, :params => { :relations => "#{relation1.id},#{relation2.id},#{relation3.id},#{relation4.id}" } assert_response :success assert_select "osm" do assert_select "relation", :count => 4 @@ -212,7 +212,7 @@ module Api end # test a working call with json format - get :index, :params => { :relations => "#{relation1.id},#{relation2.id},#{relation3.id},#{relation4.id}", :format => "json" } + get relations_path, :params => { :relations => "#{relation1.id},#{relation2.id},#{relation3.id},#{relation4.id}", :format => "json" } js = ActiveSupport::JSON.decode(@response.body) assert_not_nil js @@ -224,7 +224,7 @@ module Api assert_equal 1, (js["elements"].count { |a| a["id"] == relation4.id && a["visible"].nil? }) # check error when a non-existent relation is included - get :index, :params => { :relations => "#{relation1.id},#{relation2.id},#{relation3.id},#{relation4.id},0" } + get relations_path, :params => { :relations => "#{relation1.id},#{relation2.id},#{relation3.id},#{relation4.id},0" } assert_response :not_found end @@ -240,11 +240,11 @@ module Api node = create(:node) way = create(:way_with_nodes, :nodes_count => 2) - basic_authorization private_user.email, "test" + auth_header = basic_authorization_header private_user.email, "test" # create an relation without members xml = "" - put :create, :body => xml + put relation_create_path, :params => xml, :headers => auth_header # hope for forbidden, due to user assert_response :forbidden, "relation upload should have failed with forbidden" @@ -255,7 +255,7 @@ module Api xml = "" \ "" \ "" - put :create, :body => xml + put relation_create_path, :params => xml, :headers => auth_header # hope for forbidden due to user assert_response :forbidden, "relation upload did not return forbidden status" @@ -265,7 +265,7 @@ module Api # need a role attribute to be included xml = "" \ "" + "" - put :create, :body => xml + put relation_create_path, :params => xml, :headers => auth_header # hope for forbidden due to user assert_response :forbidden, "relation upload did not return forbidden status" @@ -276,17 +276,17 @@ module Api "" \ "" \ "" - put :create, :body => xml + put relation_create_path, :params => xml, :headers => auth_header # hope for forbidden, due to user assert_response :forbidden, "relation upload did not return success status" ## Now try with the public user - basic_authorization user.email, "test" + auth_header = basic_authorization_header user.email, "test" # create an relation without members xml = "" - put :create, :body => xml + put relation_create_path, :params => xml, :headers => auth_header # hope for success assert_response :success, "relation upload did not return success status" @@ -307,7 +307,7 @@ module Api assert checkrelation.visible, "saved relation is not visible" # ok the relation is there but can we also retrieve it? - get :show, :params => { :id => relationid } + get api_relation_path(:id => relationid) assert_response :success ### @@ -316,7 +316,7 @@ module Api xml = "" \ "" \ "" - put :create, :body => xml + put relation_create_path, :params => xml, :headers => auth_header # hope for success assert_response :success, "relation upload did not return success status" @@ -338,7 +338,7 @@ module Api "saved relation is not visible" # ok the relation is there but can we also retrieve it? - get :show, :params => { :id => relationid } + get api_relation_path(:id => relationid) assert_response :success ### @@ -346,7 +346,7 @@ module Api # need a role attribute to be included xml = "" \ "" + "" - put :create, :body => xml + put relation_create_path, :params => xml, :headers => auth_header # hope for success assert_response :success, "relation upload did not return success status" @@ -368,7 +368,7 @@ module Api "saved relation is not visible" # ok the relation is there but can we also retrieve it? - get :show, :params => { :id => relationid } + get api_relation_path(:id => relationid) assert_response :success ### @@ -377,7 +377,7 @@ module Api "" \ "" \ "" - put :create, :body => xml + put relation_create_path, :params => xml, :headers => auth_header # hope for success assert_response :success, "relation upload did not return success status" @@ -398,7 +398,7 @@ module Api assert checkrelation.visible, "saved relation is not visible" # ok the relation is there but can we also retrieve it? - get :show, :params => { :id => relationid } + get api_relation_path(:id => relationid) assert_response :success end @@ -418,7 +418,7 @@ module Api relation = create(:relation) create_list(:relation_tag, 4, :relation => relation) - basic_authorization user.email, "test" + auth_header = basic_authorization_header user.email, "test" with_relation(relation.id) do |rel| # alter one of the tags @@ -427,7 +427,7 @@ module Api update_changeset(rel, changeset.id) # check that the downloaded tags are the same as the uploaded tags... - new_version = with_update(rel) do |new_rel| + new_version = with_update(rel, auth_header) do |new_rel| assert_tags_equal rel, new_rel end @@ -450,7 +450,7 @@ module Api relation = create(:relation) create_list(:relation_tag, 4, :relation => relation) - basic_authorization user.email, "test" + auth_header = basic_authorization_header user.email, "test" with_relation(relation.id) do |rel| # alter one of the tags @@ -459,7 +459,7 @@ module Api update_changeset(rel, changeset.id) # check that the downloaded tags are the same as the uploaded tags... - new_version = with_update_diff(rel) do |new_rel| + new_version = with_update_diff(rel, auth_header) do |new_rel| assert_tags_equal rel, new_rel end @@ -477,10 +477,10 @@ module Api relation = create(:relation) other_relation = create(:relation) - basic_authorization user.email, "test" + auth_header = basic_authorization_header user.email, "test" with_relation(relation.id) do |rel| update_changeset(rel, changeset.id) - put :update, :params => { :id => other_relation.id }, :body => rel.to_s + put api_relation_path(:id => other_relation.id), :params => rel.to_s, :headers => auth_header assert_response :bad_request end end @@ -493,13 +493,13 @@ module Api user = create(:user) changeset = create(:changeset, :user => user) - basic_authorization user.email, "test" + auth_header = basic_authorization_header user.email, "test" # create a relation with non-existing node as member xml = "" \ "" \ "" - put :create, :body => xml + put relation_create_path, :params => xml, :headers => auth_header # expect failure assert_response :precondition_failed, "relation upload with invalid node did not return 'precondition failed'" @@ -514,13 +514,13 @@ module Api changeset = create(:changeset, :user => user) node = create(:node) - basic_authorization user.email, "test" + auth_header = basic_authorization_header user.email, "test" # create some xml that should return an error xml = "" \ "" \ "" - put :create, :body => xml + put relation_create_path, :params => xml, :headers => auth_header # expect failure assert_response :bad_request assert_match(/Cannot parse valid relation from xml string/, @response.body) @@ -545,96 +545,96 @@ module Api create_list(:relation_tag, 4, :relation => multi_tag_relation) ## First try to delete relation without auth - delete :delete, :params => { :id => relation.id } + delete api_relation_path(relation) assert_response :unauthorized ## Then try with the private user, to make sure that you get a forbidden - basic_authorization private_user.email, "test" + auth_header = basic_authorization_header private_user.email, "test" # this shouldn't work, as we should need the payload... - delete :delete, :params => { :id => relation.id } + delete api_relation_path(relation), :headers => auth_header assert_response :forbidden # try to delete without specifying a changeset xml = "" - delete :delete, :params => { :id => relation.id }, :body => xml.to_s + delete api_relation_path(relation), :params => xml.to_s, :headers => auth_header assert_response :forbidden # try to delete with an invalid (closed) changeset xml = update_changeset(xml_for_relation(relation), private_user_closed_changeset.id) - delete :delete, :params => { :id => relation.id }, :body => xml.to_s + delete api_relation_path(relation), :params => xml.to_s, :headers => auth_header assert_response :forbidden # try to delete with an invalid (non-existent) changeset xml = update_changeset(xml_for_relation(relation), 0) - delete :delete, :params => { :id => relation.id }, :body => xml.to_s + delete api_relation_path(relation), :params => xml.to_s, :headers => auth_header assert_response :forbidden # this won't work because the relation is in-use by another relation xml = xml_for_relation(used_relation) - delete :delete, :params => { :id => used_relation.id }, :body => xml.to_s + delete api_relation_path(used_relation), :params => xml.to_s, :headers => auth_header assert_response :forbidden # this should work when we provide the appropriate payload... xml = xml_for_relation(relation) - delete :delete, :params => { :id => relation.id }, :body => xml.to_s + delete api_relation_path(relation), :params => xml.to_s, :headers => auth_header assert_response :forbidden # this won't work since the relation is already deleted xml = xml_for_relation(deleted_relation) - delete :delete, :params => { :id => deleted_relation.id }, :body => xml.to_s + delete api_relation_path(deleted_relation), :params => xml.to_s, :headers => auth_header assert_response :forbidden # this won't work since the relation never existed - delete :delete, :params => { :id => 0 } + delete api_relation_path(:id => 0), :headers => auth_header assert_response :forbidden ## now set auth for the public user - basic_authorization user.email, "test" + auth_header = basic_authorization_header user.email, "test" # this shouldn't work, as we should need the payload... - delete :delete, :params => { :id => relation.id } + delete api_relation_path(relation), :headers => auth_header assert_response :bad_request # try to delete without specifying a changeset xml = "" - delete :delete, :params => { :id => relation.id }, :body => xml.to_s + delete api_relation_path(relation), :params => xml.to_s, :headers => auth_header assert_response :bad_request assert_match(/Changeset id is missing/, @response.body) # try to delete with an invalid (closed) changeset xml = update_changeset(xml_for_relation(relation), closed_changeset.id) - delete :delete, :params => { :id => relation.id }, :body => xml.to_s + delete api_relation_path(relation), :params => xml.to_s, :headers => auth_header assert_response :conflict # try to delete with an invalid (non-existent) changeset xml = update_changeset(xml_for_relation(relation), 0) - delete :delete, :params => { :id => relation.id }, :body => xml.to_s + delete api_relation_path(relation), :params => xml.to_s, :headers => auth_header assert_response :conflict # this won't work because the relation is in a changeset owned by someone else xml = update_changeset(xml_for_relation(relation), create(:changeset).id) - delete :delete, :params => { :id => relation.id }, :body => xml.to_s + delete api_relation_path(relation), :params => xml.to_s, :headers => auth_header assert_response :conflict, "shouldn't be able to delete a relation in a changeset owned by someone else (#{@response.body})" # this won't work because the relation in the payload is different to that passed xml = update_changeset(xml_for_relation(relation), changeset.id) - delete :delete, :params => { :id => create(:relation).id }, :body => xml.to_s + delete api_relation_path(create(:relation)), :params => xml.to_s, :headers => auth_header assert_response :bad_request, "shouldn't be able to delete a relation when payload is different to the url" # this won't work because the relation is in-use by another relation xml = update_changeset(xml_for_relation(used_relation), changeset.id) - delete :delete, :params => { :id => used_relation.id }, :body => xml.to_s + delete api_relation_path(used_relation), :params => xml.to_s, :headers => auth_header assert_response :precondition_failed, "shouldn't be able to delete a relation used in a relation (#{@response.body})" assert_equal "Precondition failed: The relation #{used_relation.id} is used in relation #{super_relation.id}.", @response.body # this should work when we provide the appropriate payload... xml = update_changeset(xml_for_relation(multi_tag_relation), changeset.id) - delete :delete, :params => { :id => multi_tag_relation.id }, :body => xml.to_s + delete api_relation_path(multi_tag_relation), :params => xml.to_s, :headers => auth_header assert_response :success # valid delete should return the new version number, which should @@ -644,23 +644,23 @@ module Api # this won't work since the relation is already deleted xml = update_changeset(xml_for_relation(deleted_relation), changeset.id) - delete :delete, :params => { :id => deleted_relation.id }, :body => xml.to_s + delete api_relation_path(deleted_relation), :params => xml.to_s, :headers => auth_header assert_response :gone # Public visible relation needs to be deleted xml = update_changeset(xml_for_relation(super_relation), changeset.id) - delete :delete, :params => { :id => super_relation.id }, :body => xml.to_s + delete api_relation_path(super_relation), :params => xml.to_s, :headers => auth_header assert_response :success # this works now because the relation which was using this one # has been deleted. xml = update_changeset(xml_for_relation(used_relation), changeset.id) - delete :delete, :params => { :id => used_relation.id }, :body => xml.to_s + delete api_relation_path(used_relation), :params => xml.to_s, :headers => auth_header assert_response :success, "should be able to delete a relation used in an old relation (#{@response.body})" # this won't work since the relation never existed - delete :delete, :params => { :id => 0 } + delete api_relation_path(:id => 0), :headers => auth_header assert_response :not_found end @@ -677,7 +677,7 @@ module Api create(:relation_member, :relation => relation, :member => node2) # the relation contains nodes1 and node2 (node1 # indirectly via the way), so the bbox should be [3,3,5,5]. - check_changeset_modify(BoundingBox.new(3, 3, 5, 5)) do |changeset_id| + check_changeset_modify(BoundingBox.new(3, 3, 5, 5)) do |changeset_id, auth_header| # add a tag to an existing relation relation_xml = xml_for_relation(relation) relation_element = relation_xml.find("//osm/relation").first @@ -690,7 +690,7 @@ module Api update_changeset(relation_xml, changeset_id) # upload the change - put :update, :params => { :id => relation.id }, :body => relation_xml.to_s + put api_relation_path(relation), :params => relation_xml.to_s, :headers => auth_header assert_response :success, "can't update relation for tag/bbox test" end end @@ -710,7 +710,7 @@ module Api [node1, node2, way1, way2].each do |element| bbox = element.bbox.to_unscaled - check_changeset_modify(bbox) do |changeset_id| + check_changeset_modify(bbox) do |changeset_id, auth_header| relation_xml = xml_for_relation(Relation.find(relation.id)) relation_element = relation_xml.find("//osm/relation").first new_member = XML::Node.new("member") @@ -723,11 +723,11 @@ module Api update_changeset(relation_xml, changeset_id) # upload the change - put :update, :params => { :id => relation.id }, :body => relation_xml.to_s + put api_relation_path(:id => relation.id), :params => relation_xml.to_s, :headers => auth_header assert_response :success, "can't update relation for add #{element.class}/bbox test: #{@response.body}" # get it back and check the ordering - get :show, :params => { :id => relation.id } + get api_relation_path(relation) assert_response :success, "can't read back the relation: #{@response.body}" check_ordering(relation_xml, @response.body) end @@ -744,7 +744,7 @@ module Api create(:relation_member, :relation => relation, :member => node1) create(:relation_member, :relation => relation, :member => node2) - check_changeset_modify(BoundingBox.new(5, 5, 5, 5)) do |changeset_id| + check_changeset_modify(BoundingBox.new(5, 5, 5, 5)) do |changeset_id, auth_header| # remove node 5 (5,5) from an existing relation relation_xml = xml_for_relation(relation) relation_xml @@ -755,7 +755,7 @@ module Api update_changeset(relation_xml, changeset_id) # upload the change - put :update, :params => { :id => relation.id }, :body => relation_xml.to_s + put api_relation_path(relation), :params => relation_xml.to_s, :headers => auth_header assert_response :success, "can't update relation for remove node/bbox test" end end @@ -771,7 +771,7 @@ module Api way1 = create(:way_with_nodes, :nodes_count => 2) way2 = create(:way_with_nodes, :nodes_count => 2) - basic_authorization user.email, "test" + auth_header = basic_authorization_header user.email, "test" doc_str = <<~OSM @@ -785,12 +785,12 @@ module Api OSM doc = XML::Parser.string(doc_str).parse - put :create, :body => doc.to_s + put relation_create_path, :params => doc.to_s, :headers => auth_header assert_response :success, "can't create a relation: #{@response.body}" relation_id = @response.body.to_i # get it back and check the ordering - get :show, :params => { :id => relation_id } + get api_relation_path(:id => relation_id) assert_response :success, "can't read back the relation: #{@response.body}" check_ordering(doc, @response.body) @@ -805,18 +805,18 @@ module Api doc.find("//osm/relation").first["version"] = 1.to_s # upload the next version of the relation - put :update, :params => { :id => relation_id }, :body => doc.to_s + put api_relation_path(:id => relation_id), :params => doc.to_s, :headers => auth_header assert_response :success, "can't update relation: #{@response.body}" assert_equal 2, @response.body.to_i # get it back again and check the ordering again - get :show, :params => { :id => relation_id } + get api_relation_path(:id => relation_id) assert_response :success, "can't read back the relation: #{@response.body}" check_ordering(doc, @response.body) # check the ordering in the history tables: with_controller(OldRelationsController.new) do - get :version, :params => { :id => relation_id, :version => 2 } + get relation_version_path(:id => relation_id, :version => 2) assert_response :success, "can't read back version 2 of the relation #{relation_id}" check_ordering(doc, @response.body) end @@ -844,20 +844,20 @@ module Api doc = XML::Parser.string(doc_str).parse ## First try with the private user - basic_authorization private_user.email, "test" + auth_header = basic_authorization_header private_user.email, "test" - put :create, :body => doc.to_s + put relation_create_path, :params => doc.to_s, :headers => auth_header assert_response :forbidden ## Now try with the public user - basic_authorization user.email, "test" + auth_header = basic_authorization_header user.email, "test" - put :create, :body => doc.to_s + put relation_create_path, :params => doc.to_s, :headers => auth_header assert_response :success, "can't create a relation: #{@response.body}" relation_id = @response.body.to_i # get it back and check the ordering - get :show, :params => { :id => relation_id } + get api_relation_path(:id => relation_id) assert_response :success, "can't read back the relation: #{relation_id}" check_ordering(doc, @response.body) end @@ -883,20 +883,20 @@ module Api OSM doc = XML::Parser.string(doc_str).parse - basic_authorization user.email, "test" + auth_header = basic_authorization_header user.email, "test" - put :create, :body => doc.to_s + put relation_create_path, :params => doc.to_s, :headers => auth_header assert_response :success, "can't create a relation: #{@response.body}" relation_id = @response.body.to_i # check the ordering in the current tables: - get :show, :params => { :id => relation_id } + get api_relation_path(:id => relation_id) assert_response :success, "can't read back the relation: #{@response.body}" check_ordering(doc, @response.body) # check the ordering in the history tables: with_controller(OldRelationsController.new) do - get :version, :params => { :id => relation_id, :version => 1 } + get relation_version_path(:id => relation_id, :version => 1) assert_response :success, "can't read back version 1 of the relation: #{@response.body}" check_ordering(doc, @response.body) end @@ -914,7 +914,7 @@ module Api create(:relation_member, :relation => relation, :member => way) create(:relation_member, :relation => relation, :member => node2) - check_changeset_modify(BoundingBox.new(3, 3, 5, 5)) do |changeset_id| + check_changeset_modify(BoundingBox.new(3, 3, 5, 5)) do |changeset_id, auth_header| relation_xml = xml_for_relation(relation) relation_xml .find("//osm/relation/member") @@ -924,7 +924,7 @@ module Api update_changeset(relation_xml, changeset_id) # upload the change - put :update, :params => { :id => relation.id }, :body => relation_xml.to_s + put api_relation_path(relation), :params => relation_xml.to_s, :headers => auth_header assert_response :success, "can't update relation for remove all members test" checkrelation = Relation.find(relation.id) assert_not_nil(checkrelation, @@ -962,34 +962,34 @@ module Api # that the changeset bounding box is +bbox+. def check_changeset_modify(bbox) ## First test with the private user to check that you get a forbidden - basic_authorization create(:user, :data_public => false).email, "test" + auth_header = basic_authorization_header create(:user, :data_public => false).email, "test" # create a new changeset for this operation, so we are assured # that the bounding box will be newly-generated. changeset_id = with_controller(Api::ChangesetsController.new) do xml = "" - put :create, :body => xml + put changeset_create_path, :params => xml, :headers => auth_header assert_response :forbidden, "shouldn't be able to create changeset for modify test, as should get forbidden" end ## Now do the whole thing with the public user - basic_authorization create(:user).email, "test" + auth_header = basic_authorization_header create(:user).email, "test" # create a new changeset for this operation, so we are assured # that the bounding box will be newly-generated. changeset_id = with_controller(Api::ChangesetsController.new) do xml = "" - put :create, :body => xml + put changeset_create_path, :params => xml, :headers => auth_header assert_response :success, "couldn't create changeset for modify test" @response.body.to_i end # go back to the block to do the actual modifies - yield changeset_id + yield changeset_id, auth_header # now download the changeset to check its bounding box with_controller(Api::ChangesetsController.new) do - get :show, :params => { :id => changeset_id } + get changeset_show_path(:id => changeset_id) assert_response :success, "can't re-read changeset for modify test" assert_select "osm>changeset", 1, "Changeset element doesn't exist in #{@response.body}" assert_select "osm>changeset[id='#{changeset_id}']", 1, "Changeset id=#{changeset_id} doesn't exist in #{@response.body}" @@ -1006,10 +1006,10 @@ module Api # doc is returned. def with_relation(id, ver = nil) if ver.nil? - get :show, :params => { :id => id } + get api_relation_path(:id => id) else with_controller(OldRelationsController.new) do - get :version, :params => { :id => id, :version => ver } + get relation_version_path(:id => id, :version => ver) end end assert_response :success @@ -1020,14 +1020,14 @@ module Api # updates the relation (XML) +rel+ and # yields the new version of that relation into the block. # the parsed XML doc is retured. - def with_update(rel) + def with_update(rel, headers) rel_id = rel.find("//osm/relation").first["id"].to_i - put :update, :params => { :id => rel_id }, :body => rel.to_s + put api_relation_path(:id => rel_id), :params => rel.to_s, :headers => headers assert_response :success, "can't update relation: #{@response.body}" version = @response.body.to_i # now get the new version - get :show, :params => { :id => rel_id } + get api_relation_path(:id => rel_id) assert_response :success new_rel = xml_parse(@response.body) @@ -1040,7 +1040,7 @@ module Api # updates the relation (XML) +rel+ via the diff-upload API and # yields the new version of that relation into the block. # the parsed XML doc is retured. - def with_update_diff(rel) + def with_update_diff(rel, headers) rel_id = rel.find("//osm/relation").first["id"].to_i cs_id = rel.find("//osm/relation").first["changeset"].to_i version = nil @@ -1053,13 +1053,13 @@ module Api change << modify modify << doc.import(rel.find("//osm/relation").first) - post :upload, :params => { :id => cs_id }, :body => doc.to_s + post changeset_upload_path(:id => cs_id), :params => doc.to_s, :headers => headers assert_response :success, "can't upload diff relation: #{@response.body}" version = xml_parse(@response.body).find("//diffResult/relation").first["new_version"].to_i end # now get the new version - get :show, :params => { :id => rel_id } + get api_relation_path(:id => rel_id) assert_response :success new_rel = xml_parse(@response.body) diff --git a/test/controllers/api/ways_controller_test.rb b/test/controllers/api/ways_controller_test.rb index ae7f18161..fa0c47792 100644 --- a/test/controllers/api/ways_controller_test.rb +++ b/test/controllers/api/ways_controller_test.rb @@ -1,7 +1,7 @@ require "test_helper" module Api - class WaysControllerTest < ActionController::TestCase + class WaysControllerTest < ActionDispatch::IntegrationTest ## # test all routes which lead to this controller def test_routes @@ -49,15 +49,15 @@ module Api def test_show # check that a visible way is returned properly - get :show, :params => { :id => create(:way).id } + get api_way_path(create(:way)) assert_response :success # check that an invisible way is not returned - get :show, :params => { :id => create(:way, :deleted).id } + get api_way_path(create(:way, :deleted)) assert_response :gone # check chat a non-existent way is not returned - get :show, :params => { :id => 0 } + get api_way_path(:id => 0) assert_response :not_found end @@ -65,7 +65,7 @@ module Api # check the "full" mode def test_full Way.all.each do |way| - get :full, :params => { :id => way.id } + get way_full_path(way) # full call should say "gone" for non-visible ways... unless way.visible @@ -98,15 +98,15 @@ module Api way4 = create(:way) # check error when no parameter provided - get :index + get ways_path assert_response :bad_request # check error when no parameter value provided - get :index, :params => { :ways => "" } + get ways_path, :params => { :ways => "" } assert_response :bad_request # test a working call - get :index, :params => { :ways => "#{way1.id},#{way2.id},#{way3.id},#{way4.id}" } + get ways_path, :params => { :ways => "#{way1.id},#{way2.id},#{way3.id},#{way4.id}" } assert_response :success assert_select "osm" do assert_select "way", :count => 4 @@ -117,7 +117,7 @@ module Api end # test a working call with json format - get :index, :params => { :ways => "#{way1.id},#{way2.id},#{way3.id},#{way4.id}", :format => "json" } + get ways_path, :params => { :ways => "#{way1.id},#{way2.id},#{way3.id},#{way4.id}", :format => "json" } js = ActiveSupport::JSON.decode(@response.body) assert_not_nil js @@ -129,7 +129,7 @@ module Api assert_equal 1, (js["elements"].count { |a| a["id"] == way4.id && a["visible"].nil? }) # check error when a non-existent way is included - get :index, :params => { :ways => "#{way1.id},#{way2.id},#{way3.id},#{way4.id},0" } + get ways_path, :params => { :ways => "#{way1.id},#{way2.id},#{way3.id},#{way4.id},0" } assert_response :not_found end @@ -146,7 +146,7 @@ module Api changeset = create(:changeset, :user => user) ## First check that it fails when creating a way using a non-public user - basic_authorization private_user.email, "test" + auth_header = basic_authorization_header private_user.email, "test" # use the first user's open changeset changeset_id = private_changeset.id @@ -155,13 +155,13 @@ module Api xml = "" \ "" \ "" - put :create, :body => xml + put way_create_path, :params => xml, :headers => auth_header # hope for failure assert_response :forbidden, "way upload did not return forbidden status" ## Now use a public user - basic_authorization user.email, "test" + auth_header = basic_authorization_header user.email, "test" # use the first user's open changeset changeset_id = changeset.id @@ -170,7 +170,7 @@ module Api xml = "" \ "" \ "" - put :create, :body => xml + put way_create_path, :params => xml, :headers => auth_header # hope for success assert_response :success, "way upload did not return success status" @@ -208,13 +208,13 @@ module Api closed_changeset = create(:changeset, :closed, :user => user) ## First test with a private user to make sure that they are not authorized - basic_authorization private_user.email, "test" + auth_header = basic_authorization_header private_user.email, "test" # use the first user's open changeset # create a way with non-existing node xml = "" \ "" - put :create, :body => xml + put way_create_path, :params => xml, :headers => auth_header # expect failure assert_response :forbidden, "way upload with invalid node using a private user did not return 'forbidden'" @@ -222,7 +222,7 @@ module Api # create a way with no nodes xml = "" \ "" - put :create, :body => xml + put way_create_path, :params => xml, :headers => auth_header # expect failure assert_response :forbidden, "way upload with no node using a private userdid not return 'forbidden'" @@ -230,19 +230,19 @@ module Api # create a way inside a closed changeset xml = "" \ "" - put :create, :body => xml + put way_create_path, :params => xml, :headers => auth_header # expect failure assert_response :forbidden, "way upload to closed changeset with a private user did not return 'forbidden'" ## Now test with a public user - basic_authorization user.email, "test" + auth_header = basic_authorization_header user.email, "test" # use the first user's open changeset # create a way with non-existing node xml = "" \ "" - put :create, :body => xml + put way_create_path, :params => xml, :headers => auth_header # expect failure assert_response :precondition_failed, "way upload with invalid node did not return 'precondition failed'" @@ -251,7 +251,7 @@ module Api # create a way with no nodes xml = "" \ "" - put :create, :body => xml + put way_create_path, :params => xml, :headers => auth_header # expect failure assert_response :precondition_failed, "way upload with no node did not return 'precondition failed'" @@ -260,7 +260,7 @@ module Api # create a way inside a closed changeset xml = "" \ "" - put :create, :body => xml + put way_create_path, :params => xml, :headers => auth_header # expect failure assert_response :conflict, "way upload to closed changeset did not return 'conflict'" @@ -270,7 +270,7 @@ module Api "" \ "" \ "" - put :create, :body => xml + put way_create_path, :params => xml, :headers => auth_header # expect failure assert_response :bad_request, "way upload to with too long tag did not return 'bad_request'" @@ -298,34 +298,34 @@ module Api relation = relation_member.relation # first try to delete way without auth - delete :delete, :params => { :id => way.id } + delete api_way_path(way) assert_response :unauthorized # now set auth using the private user - basic_authorization private_user.email, "test" + auth_header = basic_authorization_header private_user.email, "test" # this shouldn't work as with the 0.6 api we need pay load to delete - delete :delete, :params => { :id => private_way.id } + delete api_way_path(private_way), :headers => auth_header assert_response :forbidden # Now try without having a changeset xml = "" - delete :delete, :params => { :id => private_way.id }, :body => xml.to_s + delete api_way_path(private_way), :params => xml.to_s, :headers => auth_header assert_response :forbidden # try to delete with an invalid (closed) changeset xml = update_changeset(xml_for_way(private_way), private_closed_changeset.id) - delete :delete, :params => { :id => private_way.id }, :body => xml.to_s + delete api_way_path(private_way), :params => xml.to_s, :headers => auth_header assert_response :forbidden # try to delete with an invalid (non-existent) changeset xml = update_changeset(xml_for_way(private_way), 0) - delete :delete, :params => { :id => private_way.id }, :body => xml.to_s + delete api_way_path(private_way), :params => xml.to_s, :headers => auth_header assert_response :forbidden # Now try with a valid changeset xml = xml_for_way(private_way) - delete :delete, :params => { :id => private_way.id }, :body => xml.to_s + delete api_way_path(private_way), :params => xml.to_s, :headers => auth_header assert_response :forbidden # check the returned value - should be the new version number @@ -336,45 +336,45 @@ module Api # this won't work since the way is already deleted xml = xml_for_way(private_deleted_way) - delete :delete, :params => { :id => private_deleted_way.id }, :body => xml.to_s + delete api_way_path(private_deleted_way), :params => xml.to_s, :headers => auth_header assert_response :forbidden # this shouldn't work as the way is used in a relation xml = xml_for_way(private_used_way) - delete :delete, :params => { :id => private_used_way.id }, :body => xml.to_s + delete api_way_path(private_used_way), :params => xml.to_s, :headers => auth_header assert_response :forbidden, "shouldn't be able to delete a way used in a relation (#{@response.body}), when done by a private user" # this won't work since the way never existed - delete :delete, :params => { :id => 0 } + delete api_way_path(:id => 0), :headers => auth_header assert_response :forbidden ### Now check with a public user # now set auth - basic_authorization user.email, "test" + auth_header = basic_authorization_header user.email, "test" # this shouldn't work as with the 0.6 api we need pay load to delete - delete :delete, :params => { :id => way.id } + delete api_way_path(way), :headers => auth_header assert_response :bad_request # Now try without having a changeset xml = "" - delete :delete, :params => { :id => way.id }, :body => xml.to_s + delete api_way_path(way), :params => xml.to_s, :headers => auth_header assert_response :bad_request # try to delete with an invalid (closed) changeset xml = update_changeset(xml_for_way(way), closed_changeset.id) - delete :delete, :params => { :id => way.id }, :body => xml.to_s + delete api_way_path(way), :params => xml.to_s, :headers => auth_header assert_response :conflict # try to delete with an invalid (non-existent) changeset xml = update_changeset(xml_for_way(way), 0) - delete :delete, :params => { :id => way.id }, :body => xml.to_s + delete api_way_path(way), :params => xml.to_s, :headers => auth_header assert_response :conflict # Now try with a valid changeset xml = xml_for_way(way) - delete :delete, :params => { :id => way.id }, :body => xml.to_s + delete api_way_path(way), :params => xml.to_s, :headers => auth_header assert_response :success # check the returned value - should be the new version number @@ -385,18 +385,18 @@ module Api # this won't work since the way is already deleted xml = xml_for_way(deleted_way) - delete :delete, :params => { :id => deleted_way.id }, :body => xml.to_s + delete api_way_path(deleted_way), :params => xml.to_s, :headers => auth_header assert_response :gone # this shouldn't work as the way is used in a relation xml = xml_for_way(used_way) - delete :delete, :params => { :id => used_way.id }, :body => xml.to_s + delete api_way_path(used_way), :params => xml.to_s, :headers => auth_header assert_response :precondition_failed, "shouldn't be able to delete a way used in a relation (#{@response.body})" assert_equal "Precondition failed: Way #{used_way.id} is still used by relations #{relation.id}.", @response.body # this won't work since the way never existed - delete :delete, :params => { :id => 0 } + delete api_way_path(:id => 0), :params => xml.to_s, :headers => auth_header assert_response :not_found end @@ -415,78 +415,78 @@ module Api ## First test with no user credentials # try and update a way without authorisation xml = xml_for_way(way) - put :update, :params => { :id => way.id }, :body => xml.to_s + put api_way_path(way), :params => xml.to_s assert_response :unauthorized ## Second test with the private user # setup auth - basic_authorization private_user.email, "test" + auth_header = basic_authorization_header private_user.email, "test" ## trying to break changesets # try and update in someone else's changeset xml = update_changeset(xml_for_way(private_way), create(:changeset).id) - put :update, :params => { :id => private_way.id }, :body => xml.to_s + put api_way_path(private_way), :params => xml.to_s, :headers => auth_header assert_require_public_data "update with other user's changeset should be forbidden when date isn't public" # try and update in a closed changeset xml = update_changeset(xml_for_way(private_way), create(:changeset, :closed, :user => private_user).id) - put :update, :params => { :id => private_way.id }, :body => xml.to_s + put api_way_path(private_way), :params => xml.to_s, :headers => auth_header assert_require_public_data "update with closed changeset should be forbidden, when data isn't public" # try and update in a non-existant changeset xml = update_changeset(xml_for_way(private_way), 0) - put :update, :params => { :id => private_way.id }, :body => xml.to_s + put api_way_path(private_way), :params => xml.to_s, :headers => auth_header assert_require_public_data("update with changeset=0 should be forbidden, when data isn't public") ## try and submit invalid updates xml = xml_replace_node(xml_for_way(private_way), node.id, 9999) - put :update, :params => { :id => private_way.id }, :body => xml.to_s + put api_way_path(private_way), :params => xml.to_s, :headers => auth_header assert_require_public_data "way with non-existent node should be forbidden, when data isn't public" xml = xml_replace_node(xml_for_way(private_way), node.id, create(:node, :deleted).id) - put :update, :params => { :id => private_way.id }, :body => xml.to_s + put api_way_path(private_way), :params => xml.to_s, :headers => auth_header assert_require_public_data "way with deleted node should be forbidden, when data isn't public" ## finally, produce a good request which will still not work xml = xml_for_way(private_way) - put :update, :params => { :id => private_way.id }, :body => xml.to_s + put api_way_path(private_way), :params => xml.to_s, :headers => auth_header assert_require_public_data "should have failed with a forbidden when data isn't public" ## Finally test with the public user # setup auth - basic_authorization user.email, "test" + auth_header = basic_authorization_header user.email, "test" ## trying to break changesets # try and update in someone else's changeset xml = update_changeset(xml_for_way(way), create(:changeset).id) - put :update, :params => { :id => way.id }, :body => xml.to_s + put api_way_path(way), :params => xml.to_s, :headers => auth_header assert_response :conflict, "update with other user's changeset should be rejected" # try and update in a closed changeset xml = update_changeset(xml_for_way(way), create(:changeset, :closed, :user => user).id) - put :update, :params => { :id => way.id }, :body => xml.to_s + put api_way_path(way), :params => xml.to_s, :headers => auth_header assert_response :conflict, "update with closed changeset should be rejected" # try and update in a non-existant changeset xml = update_changeset(xml_for_way(way), 0) - put :update, :params => { :id => way.id }, :body => xml.to_s + put api_way_path(way), :params => xml.to_s, :headers => auth_header assert_response :conflict, "update with changeset=0 should be rejected" ## try and submit invalid updates xml = xml_replace_node(xml_for_way(way), node.id, 9999) - put :update, :params => { :id => way.id }, :body => xml.to_s + put api_way_path(way), :params => xml.to_s, :headers => auth_header assert_response :precondition_failed, "way with non-existent node should be rejected" xml = xml_replace_node(xml_for_way(way), node.id, create(:node, :deleted).id) - put :update, :params => { :id => way.id }, :body => xml.to_s + put api_way_path(way), :params => xml.to_s, :headers => auth_header assert_response :precondition_failed, "way with deleted node should be rejected" ## next, attack the versioning @@ -495,37 +495,37 @@ module Api # try and submit a version behind xml = xml_attr_rewrite(xml_for_way(way), "version", current_way_version - 1) - put :update, :params => { :id => way.id }, :body => xml.to_s + put api_way_path(way), :params => xml.to_s, :headers => auth_header assert_response :conflict, "should have failed on old version number" # try and submit a version ahead xml = xml_attr_rewrite(xml_for_way(way), "version", current_way_version + 1) - put :update, :params => { :id => way.id }, :body => xml.to_s + put api_way_path(way), :params => xml.to_s, :headers => auth_header assert_response :conflict, "should have failed on skipped version number" # try and submit total crap in the version field xml = xml_attr_rewrite(xml_for_way(way), "version", "p1r4t3s!") - put :update, :params => { :id => way.id }, :body => xml.to_s + put api_way_path(way), :params => xml.to_s, :headers => auth_header assert_response :conflict, "should not be able to put 'p1r4at3s!' in the version field" ## try an update with the wrong ID xml = xml_for_way(create(:way)) - put :update, :params => { :id => way.id }, :body => xml.to_s + put api_way_path(way), :params => xml.to_s, :headers => auth_header assert_response :bad_request, "should not be able to update a way with a different ID from the XML" ## try an update with a minimal valid XML doc which isn't a well-formed OSM doc. xml = "" - put :update, :params => { :id => way.id }, :body => xml.to_s + put api_way_path(way), :params => xml.to_s, :headers => auth_header assert_response :bad_request, "should not be able to update a way with non-OSM XML doc." ## finally, produce a good request which should work xml = xml_for_way(way) - put :update, :params => { :id => way.id }, :body => xml.to_s + put api_way_path(way), :params => xml.to_s, :headers => auth_header assert_response :success, "a valid update request failed" end @@ -543,7 +543,7 @@ module Api ## Try with the non-public user # setup auth - basic_authorization private_user.email, "test" + auth_header = basic_authorization_header private_user.email, "test" # add an identical tag to the way tag_xml = XML::Node.new("tag") @@ -555,13 +555,13 @@ module Api way_xml.find("//osm/way").first << tag_xml # try and upload it - put :update, :params => { :id => private_way.id }, :body => way_xml.to_s + put api_way_path(private_way), :params => way_xml.to_s, :headers => auth_header assert_response :forbidden, "adding a duplicate tag to a way for a non-public should fail with 'forbidden'" ## Now try with the public user # setup auth - basic_authorization user.email, "test" + auth_header = basic_authorization_header user.email, "test" # add an identical tag to the way tag_xml = XML::Node.new("tag") @@ -573,7 +573,7 @@ module Api way_xml.find("//osm/way").first << tag_xml # try and upload it - put :update, :params => { :id => way.id }, :body => way_xml.to_s + put api_way_path(way), :params => way_xml.to_s, :headers => auth_header assert_response :success, "adding a new tag to a way should succeed" assert_equal way.version + 1, @response.body.to_i @@ -591,7 +591,7 @@ module Api ## Try with the non-public user # setup auth - basic_authorization private_user.email, "test" + auth_header = basic_authorization_header private_user.email, "test" # add an identical tag to the way tag_xml = XML::Node.new("tag") @@ -603,13 +603,13 @@ module Api way_xml.find("//osm/way").first << tag_xml # try and upload it - put :update, :params => { :id => private_way.id }, :body => way_xml.to_s + put api_way_path(private_way), :params => way_xml.to_s, :headers => auth_header assert_response :forbidden, "adding a duplicate tag to a way for a non-public should fail with 'forbidden'" ## Now try with the public user # setup auth - basic_authorization user.email, "test" + auth_header = basic_authorization_header user.email, "test" # add an identical tag to the way tag_xml = XML::Node.new("tag") @@ -621,7 +621,7 @@ module Api way_xml.find("//osm/way").first << tag_xml # try and upload it - put :update, :params => { :id => way.id }, :body => way_xml.to_s + put api_way_path(way), :params => way_xml.to_s, :headers => auth_header assert_response :bad_request, "adding a duplicate tag to a way should fail with 'bad request'" assert_equal "Element way/#{way.id} has duplicate tags with key #{existing_tag.k}", @response.body @@ -637,7 +637,7 @@ module Api ## First test with the non-public user so should be rejected # setup auth - basic_authorization private_user.email, "test" + auth_header = basic_authorization_header private_user.email, "test" # create duplicate tag tag_xml = XML::Node.new("tag") @@ -651,13 +651,13 @@ module Api way_xml.find("//osm/way").first << tag_xml.copy(true) << tag_xml # try and upload it - put :update, :params => { :id => private_way.id }, :body => way_xml.to_s + put api_way_path(private_way), :params => way_xml.to_s, :headers => auth_header assert_response :forbidden, "adding new duplicate tags to a way using a non-public user should fail with 'forbidden'" ## Now test with the public user # setup auth - basic_authorization user.email, "test" + auth_header = basic_authorization_header user.email, "test" # create duplicate tag tag_xml = XML::Node.new("tag") @@ -671,7 +671,7 @@ module Api way_xml.find("//osm/way").first << tag_xml.copy(true) << tag_xml # try and upload it - put :update, :params => { :id => way.id }, :body => way_xml.to_s + put api_way_path(way), :params => way_xml.to_s, :headers => auth_header assert_response :bad_request, "adding new duplicate tags to a way should fail with 'bad request'" assert_equal "Element way/#{way.id} has duplicate tags with key i_am_a_duplicate", @response.body @@ -689,7 +689,7 @@ module Api ## First make sure that you can't with a non-public user # setup auth - basic_authorization private_user.email, "test" + auth_header = basic_authorization_header private_user.email, "test" # add the tag into the existing xml way_str = "" @@ -698,13 +698,13 @@ module Api way_str << "" # try and upload it - put :create, :body => way_str + put way_create_path, :params => way_str, :headers => auth_header assert_response :forbidden, "adding new duplicate tags to a way with a non-public user should fail with 'forbidden'" ## Now do it with a public user # setup auth - basic_authorization user.email, "test" + auth_header = basic_authorization_header user.email, "test" # add the tag into the existing xml way_str = "" @@ -713,7 +713,7 @@ module Api way_str << "" # try and upload it - put :create, :body => way_str + put way_create_path, :params => way_str, :headers => auth_header assert_response :bad_request, "adding new duplicate tags to a way should fail with 'bad request'" assert_equal "Element way/ has duplicate tags with key addr:housenumber", @response.body @@ -735,7 +735,7 @@ module Api _way3_v2 = create(:old_way, :current_way => way3_v1.current_way, :version => 2) create(:old_way_node, :old_way => way3_v1, :node => node) - get :ways_for_node, :params => { :id => node.id } + get node_ways_path(node) assert_response :success ways_xml = XML::Parser.string(@response.body).parse assert_not_nil ways_xml, "failed to parse ways_for_node response" -- 2.43.2