end
def test_create_invalid_xml
- ## Only test public user here, as test_create should cover what's the forbiddens
+ ## Only test public user here, as test_create should cover what's the forbidden
## that would occur here
user = create(:user)
xml = "<osm><node lat='#{lat}' lon='#{lon}' changeset='#{changeset.id}'><tag k='foo' v='#{'x' * 256}'/></node></osm>"
put node_create_path, :params => xml, :headers => auth_header
assert_response :bad_request, "node upload did not return bad_request status"
- assert_equal ["NodeTag ", " v: is too long (maximum is 255 characters) (\"#{'x' * 256}\")"], @response.body.split(/[0-9]+,foo:/)
+ assert_match(/ v: is too long \(maximum is 255 characters\) /, @response.body)
end
def test_show
# valid delete should return the new version number, which should
# be greater than the old version number
- assert @response.body.to_i > node.version,
- "delete request should return a new version number for node"
+ assert_operator @response.body.to_i, :>, node.version, "delete request should return a new version number for node"
# deleting the same node twice doesn't work
xml = xml_for_node(node)
# try and put something into a string that the API might
# use unquoted and therefore allow code injection...
xml = "<osm><node lat='0' lon='0' changeset='#{private_changeset.id}'>" \
- '<tag k="#{@user.inspect}" v="0"/>' \
+ "<tag k='\#{@user.inspect}' v='0'/>" \
"</node></osm>"
put node_create_path, :params => xml, :headers => auth_header
assert_require_public_data "Shouldn't be able to create with non-public user"
# try and put something into a string that the API might
# use unquoted and therefore allow code injection...
xml = "<osm><node lat='0' lon='0' changeset='#{changeset.id}'>" \
- '<tag k="#{@user.inspect}" v="0"/>' \
+ "<tag k='\#{@user.inspect}' v='0'/>" \
"</node></osm>"
put node_create_path, :params => xml, :headers => auth_header
assert_response :success
projects / rails.git / blobdiff