test/controllers/api/traces/data_controller_test.rb

   1 require "test_helper"
   2
   3 module Api
   4   module Traces
   5     class DataControllerTest < ActionDispatch::IntegrationTest
   6       ##
   7       # test all routes which lead to this controller
   8       def test_routes
   9         assert_routing(
  10           { :path => "/api/0.6/gpx/1/data", :method => :get },
  11           { :controller => "api/traces/data", :action => "show", :trace_id => "1" }
  12         )
  13         assert_routing(
  14           { :path => "/api/0.6/gpx/1/data.xml", :method => :get },
  15           { :controller => "api/traces/data", :action => "show", :trace_id => "1", :format => "xml" }
  16         )
  17       end
  18
  19       # Test downloading a trace through the api
  20       def test_show
  21         public_trace_file = create(:trace, :visibility => "public", :fixture => "a")
  22
  23         # First with no auth
  24         get api_trace_data_path(public_trace_file)
  25         assert_response :unauthorized
  26
  27         # Now with some other user, which should work since the trace is public
  28         auth_header = bearer_authorization_header
  29         get api_trace_data_path(public_trace_file), :headers => auth_header
  30         follow_redirect!
  31         follow_redirect!
  32         check_trace_data public_trace_file, "848caa72f2f456d1bd6a0fdf228aa1b9"
  33
  34         # And finally we should be able to do it with the owner of the trace
  35         auth_header = bearer_authorization_header public_trace_file.user
  36         get api_trace_data_path(public_trace_file), :headers => auth_header
  37         follow_redirect!
  38         follow_redirect!
  39         check_trace_data public_trace_file, "848caa72f2f456d1bd6a0fdf228aa1b9"
  40       end
  41
  42       # Test downloading a compressed trace through the api
  43       def test_data_compressed
  44         identifiable_trace_file = create(:trace, :visibility => "identifiable", :fixture => "d")
  45
  46         # Authenticate as the owner of the trace we will be using
  47         auth_header = bearer_authorization_header identifiable_trace_file.user
  48
  49         # First get the data as is
  50         get api_trace_data_path(identifiable_trace_file), :headers => auth_header
  51         follow_redirect!
  52         follow_redirect!
  53         check_trace_data identifiable_trace_file, "c6422a3d8750faae49ed70e7e8a51b93", "application/gzip", "gpx.gz"
  54
  55         # Now ask explicitly for XML format
  56         get api_trace_data_path(identifiable_trace_file, :format => "xml"), :headers => auth_header
  57         check_trace_data identifiable_trace_file, "abd6675fdf3024a84fc0a1deac147c0d", "application/xml", "xml"
  58
  59         # Now ask explicitly for GPX format
  60         get api_trace_data_path(identifiable_trace_file, :format => "gpx"), :headers => auth_header
  61         check_trace_data identifiable_trace_file, "abd6675fdf3024a84fc0a1deac147c0d"
  62       end
  63
  64       # Check an anonymous trace can't be downloaded by another user through the api
  65       def test_data_anon
  66         anon_trace_file = create(:trace, :visibility => "private", :fixture => "b")
  67
  68         # First with no auth
  69         get api_trace_data_path(anon_trace_file)
  70         assert_response :unauthorized
  71
  72         # Now with some other user, which shouldn't work since the trace is anon
  73         auth_header = bearer_authorization_header
  74         get api_trace_data_path(anon_trace_file), :headers => auth_header
  75         assert_response :forbidden
  76
  77         # And finally we should be able to do it with the owner of the trace
  78         auth_header = bearer_authorization_header anon_trace_file.user
  79         get api_trace_data_path(anon_trace_file), :headers => auth_header
  80         follow_redirect!
  81         follow_redirect!
  82         check_trace_data anon_trace_file, "db4cb5ed2d7d2b627b3b504296c4f701"
  83       end
  84
  85       # Test downloading a trace that doesn't exist through the api
  86       def test_data_not_found
  87         deleted_trace_file = create(:trace, :deleted)
  88
  89         # Try first with no auth, as it should require it
  90         get api_trace_data_path(0)
  91         assert_response :unauthorized
  92
  93         # Login, and try again
  94         auth_header = bearer_authorization_header
  95         get api_trace_data_path(0), :headers => auth_header
  96         assert_response :not_found
  97
  98         # Now try a trace which did exist but has been deleted
  99         auth_header = bearer_authorization_header deleted_trace_file.user
 100         get api_trace_data_path(deleted_trace_file), :headers => auth_header
 101         assert_response :not_found
 102       end
 103
 104       private
 105
 106       def check_trace_data(trace, digest, content_type = "application/gpx+xml", extension = "gpx")
 107         assert_response :success
 108         assert_equal digest, Digest::MD5.hexdigest(response.body)
 109         assert_equal content_type, response.media_type
 110         assert_equal "attachment; filename=\"#{trace.id}.#{extension}\"; filename*=UTF-8''#{trace.id}.#{extension}", @response.header["Content-Disposition"]
 111       end
 112     end
 113   end
 114 end