X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/1b7586c9288d694b2bc443d62f3c40502868ff77..1bb52e3cb6da18a4777c8314088c5cb5c48a484a:/test/controllers/node_controller_test.rb?ds=sidebyside
diff --git a/test/controllers/node_controller_test.rb b/test/controllers/node_controller_test.rb
index 7aeb5066b..5f737f798 100644
--- a/test/controllers/node_controller_test.rb
+++ b/test/controllers/node_controller_test.rb
@@ -33,8 +33,8 @@ class NodeControllerTest < ActionController::TestCase
changeset = create(:changeset, :user => user)
# create a node with random lat/lon
- lat = rand(100) - 50 + rand
- lon = rand(100) - 50 + rand
+ lat = rand(-50..50) + rand
+ lon = rand(-50..50) + rand
## First try with no auth
# create a minimal xml file
@@ -46,7 +46,7 @@ class NodeControllerTest < ActionController::TestCase
assert_response :unauthorized, "node upload did not return unauthorized status"
## Now try with the user which doesn't have their data public
- basic_authorization(private_user.email, "test")
+ basic_authorization private_user.email, "test"
# create a minimal xml file
content("")
@@ -57,7 +57,7 @@ class NodeControllerTest < ActionController::TestCase
assert_require_public_data "node create did not return forbidden status"
## Now try with the user that has the public data
- basic_authorization(user.email, "test")
+ basic_authorization user.email, "test"
# create a minimal xml file
content("")
@@ -83,7 +83,7 @@ class NodeControllerTest < ActionController::TestCase
user = create(:user)
changeset = create(:changeset, :user => user)
- basic_authorization(user.email, "test")
+ basic_authorization user.email, "test"
lat = 3.434
lon = 3.23
@@ -160,7 +160,7 @@ class NodeControllerTest < ActionController::TestCase
assert_response :unauthorized
## now set auth for the non-data public user
- basic_authorization(private_user.email, "test")
+ basic_authorization private_user.email, "test"
# try to delete with an invalid (closed) changeset
content update_changeset(private_node.to_xml, private_user_closed_changeset.id)
@@ -208,7 +208,7 @@ class NodeControllerTest < ActionController::TestCase
changeset = create(:changeset, :user => user)
closed_changeset = create(:changeset, :closed, :user => user)
node = create(:node, :changeset => changeset)
- basic_authorization(user.email, "test")
+ basic_authorization user.email, "test"
# try to delete with an invalid (closed) changeset
content update_changeset(node.to_xml, closed_changeset.id)
@@ -295,7 +295,7 @@ class NodeControllerTest < ActionController::TestCase
## Second test with the private user
# setup auth
- basic_authorization(private_user.email, "test")
+ basic_authorization private_user.email, "test"
## trying to break changesets
@@ -347,7 +347,7 @@ class NodeControllerTest < ActionController::TestCase
assert_response :forbidden
# setup auth
- basic_authorization(user.email, "test")
+ basic_authorization user.email, "test"
## trying to break changesets
@@ -455,7 +455,7 @@ class NodeControllerTest < ActionController::TestCase
end
# check error when a non-existent node is included
- get :nodes, :params => { :nodes => "#{node1.id},#{node2.id},#{node3.id},#{node4.id},#{node5.id},400" }
+ get :nodes, :params => { :nodes => "#{node1.id},#{node2.id},#{node3.id},#{node4.id},#{node5.id},0" }
assert_response :not_found
end
@@ -465,7 +465,7 @@ class NodeControllerTest < ActionController::TestCase
existing_tag = create(:node_tag)
assert_equal true, existing_tag.node.changeset.user.data_public
# setup auth
- basic_authorization(existing_tag.node.changeset.user.email, "test")
+ basic_authorization existing_tag.node.changeset.user.email, "test"
# add an identical tag to the node
tag_xml = XML::Node.new("tag")
@@ -492,23 +492,23 @@ class NodeControllerTest < ActionController::TestCase
changeset = create(:changeset, :user => user)
## First try with the non-data public user
- basic_authorization(private_user.email, "test")
+ basic_authorization private_user.email, "test"
# try and put something into a string that the API might
# use unquoted and therefore allow code injection...
- content "" +
- '' +
+ content "" \
+ '' \
""
put :create
assert_require_public_data "Shouldn't be able to create with non-public user"
## Then try with the public data user
- basic_authorization(user.email, "test")
+ basic_authorization user.email, "test"
# try and put something into a string that the API might
# use unquoted and therefore allow code injection...
- content "" +
- '' +
+ content "" \
+ '' \
""
put :create
assert_response :success