]> git.openstreetmap.org Git - rails.git/blob - test/controllers/api/traces/data_controller_test.rb
Check if db is writable on oauth authorization pages
[rails.git] / test / controllers / api / traces / data_controller_test.rb
1 require "test_helper"
2
3 module Api
4   module Traces
5     class DataControllerTest < ActionDispatch::IntegrationTest
6       ##
7       # test all routes which lead to this controller
8       def test_routes
9         assert_routing(
10           { :path => "/api/0.6/gpx/1/data", :method => :get },
11           { :controller => "api/traces/data", :action => "show", :trace_id => "1" }
12         )
13         assert_routing(
14           { :path => "/api/0.6/gpx/1/data.xml", :method => :get },
15           { :controller => "api/traces/data", :action => "show", :trace_id => "1", :format => "xml" }
16         )
17       end
18
19       # Test downloading a trace through the api
20       def test_show
21         public_trace_file = create(:trace, :visibility => "public", :fixture => "a")
22
23         # First with no auth
24         get api_trace_data_path(public_trace_file)
25         assert_response :unauthorized
26
27         # Now with some other user, which should work since the trace is public
28         auth_header = bearer_authorization_header
29         get api_trace_data_path(public_trace_file), :headers => auth_header
30         follow_redirect!
31         follow_redirect!
32         check_trace_data public_trace_file, "848caa72f2f456d1bd6a0fdf228aa1b9"
33
34         # And finally we should be able to do it with the owner of the trace
35         auth_header = bearer_authorization_header public_trace_file.user
36         get api_trace_data_path(public_trace_file), :headers => auth_header
37         follow_redirect!
38         follow_redirect!
39         check_trace_data public_trace_file, "848caa72f2f456d1bd6a0fdf228aa1b9"
40       end
41
42       # Test downloading a compressed trace through the api
43       def test_data_compressed
44         identifiable_trace_file = create(:trace, :visibility => "identifiable", :fixture => "d")
45
46         # Authenticate as the owner of the trace we will be using
47         auth_header = bearer_authorization_header identifiable_trace_file.user
48
49         # First get the data as is
50         get api_trace_data_path(identifiable_trace_file), :headers => auth_header
51         follow_redirect!
52         follow_redirect!
53         check_trace_data identifiable_trace_file, "c6422a3d8750faae49ed70e7e8a51b93", "application/gzip", "gpx.gz"
54
55         # Now ask explicitly for XML format
56         get api_trace_data_path(identifiable_trace_file, :format => "xml"), :headers => auth_header
57         check_trace_data identifiable_trace_file, "abd6675fdf3024a84fc0a1deac147c0d", "application/xml", "xml"
58
59         # Now ask explicitly for GPX format
60         get api_trace_data_path(identifiable_trace_file, :format => "gpx"), :headers => auth_header
61         check_trace_data identifiable_trace_file, "abd6675fdf3024a84fc0a1deac147c0d"
62       end
63
64       # Check an anonymous trace can't be downloaded by another user through the api
65       def test_data_anon
66         anon_trace_file = create(:trace, :visibility => "private", :fixture => "b")
67
68         # First with no auth
69         get api_trace_data_path(anon_trace_file)
70         assert_response :unauthorized
71
72         # Now with some other user, which shouldn't work since the trace is anon
73         auth_header = bearer_authorization_header
74         get api_trace_data_path(anon_trace_file), :headers => auth_header
75         assert_response :forbidden
76
77         # And finally we should be able to do it with the owner of the trace
78         auth_header = bearer_authorization_header anon_trace_file.user
79         get api_trace_data_path(anon_trace_file), :headers => auth_header
80         follow_redirect!
81         follow_redirect!
82         check_trace_data anon_trace_file, "db4cb5ed2d7d2b627b3b504296c4f701"
83       end
84
85       # Test downloading a trace that doesn't exist through the api
86       def test_data_not_found
87         deleted_trace_file = create(:trace, :deleted)
88
89         # Try first with no auth, as it should require it
90         get api_trace_data_path(0)
91         assert_response :unauthorized
92
93         # Login, and try again
94         auth_header = bearer_authorization_header
95         get api_trace_data_path(0), :headers => auth_header
96         assert_response :not_found
97
98         # Now try a trace which did exist but has been deleted
99         auth_header = bearer_authorization_header deleted_trace_file.user
100         get api_trace_data_path(deleted_trace_file), :headers => auth_header
101         assert_response :not_found
102       end
103
104       private
105
106       def check_trace_data(trace, digest, content_type = "application/gpx+xml", extension = "gpx")
107         assert_response :success
108         assert_equal digest, Digest::MD5.hexdigest(response.body)
109         assert_equal content_type, response.media_type
110         assert_equal "attachment; filename=\"#{trace.id}.#{extension}\"; filename*=UTF-8''#{trace.id}.#{extension}", @response.header["Content-Disposition"]
111       end
112     end
113   end
114 end