X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/538bfed8a61a576e44d8cc71d7727c0310bcf238..54aa89a4bf8118a3fdec2d60acba6aeb7beaa8c8:/test/controllers/api/changesets_controller_test.rb diff --git a/test/controllers/api/changesets_controller_test.rb b/test/controllers/api/changesets_controller_test.rb index b62235a39..17a9ad9d3 100644 --- a/test/controllers/api/changesets_controller_test.rb +++ b/test/controllers/api/changesets_controller_test.rb @@ -1,7 +1,7 @@ require "test_helper" module Api - class ChangesetsControllerTest < ActionController::TestCase + class ChangesetsControllerTest < ActionDispatch::IntegrationTest ## # test all routes which lead to this controller def test_routes @@ -17,22 +17,30 @@ module Api { :path => "/api/0.6/changeset/1/download", :method => :get }, { :controller => "api/changesets", :action => "download", :id => "1" } ) - assert_routing( - { :path => "/api/0.6/changeset/1/expand_bbox", :method => :post }, - { :controller => "api/changesets", :action => "expand_bbox", :id => "1" } - ) assert_routing( { :path => "/api/0.6/changeset/1", :method => :get }, { :controller => "api/changesets", :action => "show", :id => "1" } ) + assert_routing( + { :path => "/api/0.6/changeset/1.json", :method => :get }, + { :controller => "api/changesets", :action => "show", :id => "1", :format => "json" } + ) assert_routing( { :path => "/api/0.6/changeset/1/subscribe", :method => :post }, { :controller => "api/changesets", :action => "subscribe", :id => "1" } ) + assert_routing( + { :path => "/api/0.6/changeset/1/subscribe.json", :method => :post }, + { :controller => "api/changesets", :action => "subscribe", :id => "1", :format => "json" } + ) assert_routing( { :path => "/api/0.6/changeset/1/unsubscribe", :method => :post }, { :controller => "api/changesets", :action => "unsubscribe", :id => "1" } ) + assert_routing( + { :path => "/api/0.6/changeset/1/unsubscribe.json", :method => :post }, + { :controller => "api/changesets", :action => "unsubscribe", :id => "1", :format => "json" } + ) assert_routing( { :path => "/api/0.6/changeset/1", :method => :put }, { :controller => "api/changesets", :action => "update", :id => "1" } @@ -43,7 +51,11 @@ module Api ) assert_routing( { :path => "/api/0.6/changesets", :method => :get }, - { :controller => "api/changesets", :action => "query" } + { :controller => "api/changesets", :action => "index" } + ) + assert_routing( + { :path => "/api/0.6/changesets.json", :method => :get }, + { :controller => "api/changesets", :action => "index", :format => "json" } ) end @@ -52,22 +64,22 @@ module Api # ----------------------- def test_create - basic_authorization create(:user, :data_public => false).email, "test" + auth_header = basic_authorization_header create(:user, :data_public => false).email, "test" # Create the first user's changeset xml = "" \ "" \ "" - put :create, :body => xml + put changeset_create_path, :params => xml, :headers => auth_header assert_require_public_data - basic_authorization create(:user).email, "test" + auth_header = basic_authorization_header create(:user).email, "test" # Create the first user's changeset xml = "" \ "" \ "" - put :create, :body => xml + put changeset_create_path, :params => xml, :headers => auth_header - assert_response :success, "Creation of changeset did not return sucess status" + assert_response :success, "Creation of changeset did not return success status" newid = @response.body.to_i # check end time, should be an hour ahead of creation time @@ -75,7 +87,7 @@ module Api duration = cs.closed_at - cs.created_at # the difference can either be a rational, or a floating point number # of seconds, depending on the code path taken :-( - if duration.class == Rational + if duration.instance_of?(Rational) assert_equal Rational(1, 24), duration, "initial idle timeout should be an hour (#{cs.created_at} -> #{cs.closed_at})" else # must be number of seconds... @@ -87,90 +99,307 @@ module Api end def test_create_invalid - basic_authorization create(:user, :data_public => false).email, "test" + auth_header = basic_authorization_header create(:user, :data_public => false).email, "test" xml = "" - put :create, :body => xml + put changeset_create_path, :params => xml, :headers => auth_header assert_require_public_data ## Try the public user - basic_authorization create(:user).email, "test" + auth_header = basic_authorization_header create(:user).email, "test" xml = "" - put :create, :body => xml + put changeset_create_path, :params => xml, :headers => auth_header assert_response :bad_request, "creating a invalid changeset should fail" end def test_create_invalid_no_content ## First check with no auth - put :create + put changeset_create_path assert_response :unauthorized, "shouldn't be able to create a changeset with no auth" ## Now try to with a non-public user - basic_authorization create(:user, :data_public => false).email, "test" - put :create + auth_header = basic_authorization_header create(:user, :data_public => false).email, "test" + put changeset_create_path, :headers => auth_header assert_require_public_data ## Try an inactive user - basic_authorization create(:user, :pending).email, "test" - put :create + auth_header = basic_authorization_header create(:user, :pending).email, "test" + put changeset_create_path, :headers => auth_header assert_inactive_user ## Now try to use a normal user - basic_authorization create(:user).email, "test" - put :create + auth_header = basic_authorization_header create(:user).email, "test" + put changeset_create_path, :headers => auth_header assert_response :bad_request, "creating a changeset with no content should fail" end def test_create_wrong_method - basic_authorization create(:user).email, "test" - get :create - assert_response :method_not_allowed - post :create - assert_response :method_not_allowed + auth_header = basic_authorization_header create(:user).email, "test" + + get changeset_create_path, :headers => auth_header + assert_response :not_found + assert_template "rescues/routing_error" + + post changeset_create_path, :headers => auth_header + assert_response :not_found + assert_template "rescues/routing_error" end ## # check that the changeset can be shown and returns the correct # document structure. def test_show - changeset_id = create(:changeset).id + changeset = create(:changeset) - get :show, :params => { :id => changeset_id } + get changeset_show_path(changeset) assert_response :success, "cannot get first changeset" - assert_select "osm[version='#{API_VERSION}'][generator='OpenStreetMap server']", 1 - assert_select "osm>changeset[id='#{changeset_id}']", 1 + assert_select "osm[version='#{Settings.api_version}'][generator='#{Settings.generator}']", 1 + assert_single_changeset changeset assert_select "osm>changeset>discussion", 0 - get :show, :params => { :id => changeset_id, :include_discussion => true } + get changeset_show_path(changeset), :params => { :include_discussion => true } assert_response :success, "cannot get first changeset with comments" - assert_select "osm[version='#{API_VERSION}'][generator='OpenStreetMap server']", 1 - assert_select "osm>changeset[id='#{changeset_id}']", 1 + assert_select "osm[version='#{Settings.api_version}'][generator='#{Settings.generator}']", 1 + assert_single_changeset changeset assert_select "osm>changeset>discussion", 1 assert_select "osm>changeset>discussion>comment", 0 + end + + def test_show_comments + # all comments visible + changeset = create(:changeset, :closed) + comment1, comment2, comment3 = create_list(:changeset_comment, 3, :changeset_id => changeset.id) + + get changeset_show_path(changeset), :params => { :include_discussion => true } + assert_response :success, "cannot get closed changeset with comments" + + assert_select "osm[version='#{Settings.api_version}'][generator='#{Settings.generator}']", 1 + assert_single_changeset changeset + assert_select "osm>changeset>discussion", 1 + assert_select "osm>changeset>discussion>comment", 3 + assert_select "osm>changeset>discussion>comment:nth-child(1)>@id", comment1.id.to_s + assert_select "osm>changeset>discussion>comment:nth-child(1)>@visible", "true" + assert_select "osm>changeset>discussion>comment:nth-child(2)>@id", comment2.id.to_s + assert_select "osm>changeset>discussion>comment:nth-child(2)>@visible", "true" + assert_select "osm>changeset>discussion>comment:nth-child(3)>@id", comment3.id.to_s + assert_select "osm>changeset>discussion>comment:nth-child(3)>@visible", "true" + + # one hidden comment not included because not asked for + comment2.update(:visible => false) - changeset_id = create(:changeset, :closed).id - create_list(:changeset_comment, 3, :changeset_id => changeset_id) + get changeset_show_path(changeset), :params => { :include_discussion => true } + assert_response :success, "cannot get closed changeset with comments" + + assert_select "osm[version='#{Settings.api_version}'][generator='#{Settings.generator}']", 1 + assert_single_changeset changeset + assert_select "osm>changeset>discussion", 1 + assert_select "osm>changeset>discussion>comment", 2 + assert_select "osm>changeset>discussion>comment:nth-child(1)>@id", comment1.id.to_s + assert_select "osm>changeset>discussion>comment:nth-child(1)>@visible", "true" + assert_select "osm>changeset>discussion>comment:nth-child(2)>@id", comment3.id.to_s + assert_select "osm>changeset>discussion>comment:nth-child(2)>@visible", "true" + + # one hidden comment not included because no permissions + get changeset_show_path(changeset), :params => { :include_discussion => true, :show_hidden_comments => true } + assert_response :success, "cannot get closed changeset with comments" - get :show, :params => { :id => changeset_id, :include_discussion => true } + assert_select "osm[version='#{Settings.api_version}'][generator='#{Settings.generator}']", 1 + assert_single_changeset changeset + assert_select "osm>changeset>discussion", 1 + assert_select "osm>changeset>discussion>comment", 2 + assert_select "osm>changeset>discussion>comment:nth-child(1)>@id", comment1.id.to_s + assert_select "osm>changeset>discussion>comment:nth-child(1)>@visible", "true" + # maybe will show an empty comment element with visible=false in the future + assert_select "osm>changeset>discussion>comment:nth-child(2)>@id", comment3.id.to_s + assert_select "osm>changeset>discussion>comment:nth-child(2)>@visible", "true" + + # one hidden comment shown to moderators + moderator_user = create(:moderator_user) + auth_header = basic_authorization_header moderator_user.email, "test" + get changeset_show_path(changeset), :params => { :include_discussion => true, :show_hidden_comments => true }, + :headers => auth_header assert_response :success, "cannot get closed changeset with comments" - assert_select "osm[version='#{API_VERSION}'][generator='OpenStreetMap server']", 1 - assert_select "osm>changeset[id='#{changeset_id}']", 1 + assert_select "osm[version='#{Settings.api_version}'][generator='#{Settings.generator}']", 1 + assert_single_changeset changeset assert_select "osm>changeset>discussion", 1 assert_select "osm>changeset>discussion>comment", 3 + assert_select "osm>changeset>discussion>comment:nth-child(1)>@id", comment1.id.to_s + assert_select "osm>changeset>discussion>comment:nth-child(1)>@visible", "true" + assert_select "osm>changeset>discussion>comment:nth-child(2)>@id", comment2.id.to_s + assert_select "osm>changeset>discussion>comment:nth-child(2)>@visible", "false" + assert_select "osm>changeset>discussion>comment:nth-child(3)>@id", comment3.id.to_s + assert_select "osm>changeset>discussion>comment:nth-child(3)>@visible", "true" + end + + def test_show_json + changeset = create(:changeset) + + get changeset_show_path(changeset), :params => { :format => "json" } + assert_response :success, "cannot get first changeset" + + js = ActiveSupport::JSON.decode(@response.body) + assert_not_nil js + + assert_equal Settings.api_version, js["version"] + assert_equal Settings.generator, js["generator"] + assert_single_changeset_json changeset, js + assert_nil js["changeset"]["tags"] + assert_nil js["changeset"]["comments"] + assert_equal changeset.user.id, js["changeset"]["uid"] + assert_equal changeset.user.display_name, js["changeset"]["user"] + + get changeset_show_path(changeset), :params => { :format => "json", :include_discussion => true } + assert_response :success, "cannot get first changeset with comments" + + js = ActiveSupport::JSON.decode(@response.body) + assert_not_nil js + assert_equal Settings.api_version, js["version"] + assert_equal Settings.generator, js["generator"] + assert_single_changeset_json changeset, js + assert_nil js["changeset"]["tags"] + assert_nil js["changeset"]["min_lat"] + assert_nil js["changeset"]["min_lon"] + assert_nil js["changeset"]["max_lat"] + assert_nil js["changeset"]["max_lon"] + assert_equal 0, js["changeset"]["comments"].count + end + + def test_show_comments_json + # all comments visible + changeset = create(:changeset, :closed) + comment0, comment1, comment2 = create_list(:changeset_comment, 3, :changeset_id => changeset.id) + + get changeset_show_path(changeset), :params => { :format => "json", :include_discussion => true } + assert_response :success, "cannot get closed changeset with comments" + + js = ActiveSupport::JSON.decode(@response.body) + assert_not_nil js + assert_equal Settings.api_version, js["version"] + assert_equal Settings.generator, js["generator"] + assert_single_changeset_json changeset, js + assert_equal 3, js["changeset"]["comments"].count + assert_equal comment0.id, js["changeset"]["comments"][0]["id"] + assert js["changeset"]["comments"][0]["visible"] + assert_equal comment1.id, js["changeset"]["comments"][1]["id"] + assert js["changeset"]["comments"][1]["visible"] + assert_equal comment2.id, js["changeset"]["comments"][2]["id"] + assert js["changeset"]["comments"][2]["visible"] + + # one hidden comment not included because not asked for + comment1.update(:visible => false) + + get changeset_show_path(changeset), :params => { :format => "json", :include_discussion => true } + assert_response :success, "cannot get closed changeset with comments" + + js = ActiveSupport::JSON.decode(@response.body) + assert_not_nil js + assert_equal Settings.api_version, js["version"] + assert_equal Settings.generator, js["generator"] + assert_single_changeset_json changeset, js + assert_equal 2, js["changeset"]["comments"].count + assert_equal comment0.id, js["changeset"]["comments"][0]["id"] + assert js["changeset"]["comments"][0]["visible"] + assert_equal comment2.id, js["changeset"]["comments"][1]["id"] + assert js["changeset"]["comments"][1]["visible"] + + # one hidden comment not included because no permissions + get changeset_show_path(changeset), :params => { :format => "json", :include_discussion => true, :show_hidden_comments => true } + assert_response :success, "cannot get closed changeset with comments" + + js = ActiveSupport::JSON.decode(@response.body) + assert_not_nil js + assert_equal Settings.api_version, js["version"] + assert_equal Settings.generator, js["generator"] + assert_single_changeset_json changeset, js + assert_equal 2, js["changeset"]["comments"].count + assert_equal comment0.id, js["changeset"]["comments"][0]["id"] + assert js["changeset"]["comments"][0]["visible"] + # maybe will show an empty comment element with visible=false in the future + assert_equal comment2.id, js["changeset"]["comments"][1]["id"] + assert js["changeset"]["comments"][1]["visible"] + + # one hidden comment shown to moderators + moderator_user = create(:moderator_user) + auth_header = basic_authorization_header moderator_user.email, "test" + get changeset_show_path(changeset), :params => { :format => "json", :include_discussion => true, :show_hidden_comments => true }, + :headers => auth_header + assert_response :success, "cannot get closed changeset with comments" + + js = ActiveSupport::JSON.decode(@response.body) + assert_not_nil js + assert_equal Settings.api_version, js["version"] + assert_equal Settings.generator, js["generator"] + assert_single_changeset_json changeset, js + assert_equal 3, js["changeset"]["comments"].count + assert_equal comment0.id, js["changeset"]["comments"][0]["id"] + assert js["changeset"]["comments"][0]["visible"] + assert_equal comment1.id, js["changeset"]["comments"][1]["id"] + assert_not js["changeset"]["comments"][1]["visible"] + assert_equal comment2.id, js["changeset"]["comments"][2]["id"] + assert js["changeset"]["comments"][2]["visible"] + end + + def test_show_tag_and_discussion_json + changeset = create(:changeset, :closed) + + tag1 = ChangesetTag.new + tag1.changeset_id = changeset.id + tag1.k = "created_by" + tag1.v = "JOSM/1.5 (18364)" + + tag2 = ChangesetTag.new + tag2.changeset_id = changeset.id + tag2.k = "comment" + tag2.v = "changeset comment" + + changeset.changeset_tags = [tag1, tag2] + + create_list(:changeset_comment, 3, :changeset_id => changeset.id) + + get changeset_show_path(changeset), :params => { :format => "json", :include_discussion => true } + assert_response :success, "cannot get closed changeset with comments" + + js = ActiveSupport::JSON.decode(@response.body) + + assert_not_nil js + assert_equal Settings.api_version, js["version"] + assert_equal Settings.generator, js["generator"] + assert_single_changeset_json changeset, js + assert_equal 2, js["changeset"]["tags"].count + assert_equal 3, js["changeset"]["comments"].count + assert_equal 3, js["changeset"]["comments_count"] + assert_equal 0, js["changeset"]["changes_count"] + assert_not_nil js["changeset"]["comments"][0]["uid"] + assert_not_nil js["changeset"]["comments"][0]["user"] + assert_not_nil js["changeset"]["comments"][0]["text"] + end + + def test_show_bbox_json + # test bbox attribute + changeset = create(:changeset, :min_lat => (-5 * GeoRecord::SCALE).round, :min_lon => (5 * GeoRecord::SCALE).round, + :max_lat => (15 * GeoRecord::SCALE).round, :max_lon => (12 * GeoRecord::SCALE).round) + + get changeset_show_path(changeset), :params => { :format => "json" } + assert_response :success, "cannot get first changeset" + + js = ActiveSupport::JSON.decode(@response.body) + assert_not_nil js + assert_equal(-5, js["changeset"]["min_lat"]) + assert_equal 5, js["changeset"]["min_lon"] + assert_equal 15, js["changeset"]["max_lat"] + assert_equal 12, js["changeset"]["max_lon"] end ## # check that a changeset that doesn't exist returns an appropriate message def test_show_not_found [0, -32, 233455644, "afg", "213"].each do |id| - begin - get :show, :params => { :id => id } - assert_response :not_found, "should get a not found" - rescue ActionController::UrlGenerationError => ex - assert_match(/No route matches/, ex.to_s) - end + get changeset_show_path(:id => id) + assert_response :not_found, "should get a not found" + rescue ActionController::UrlGenerationError => e + assert_match(/No route matches/, e.to_s) end end @@ -183,25 +412,25 @@ module Api changeset = create(:changeset, :user => user) ## Try without authentication - put :close, :params => { :id => changeset.id } + put changeset_close_path(changeset) assert_response :unauthorized ## Try using the non-public user - basic_authorization private_user.email, "test" - put :close, :params => { :id => private_changeset.id } + auth_header = basic_authorization_header private_user.email, "test" + put changeset_close_path(private_changeset), :headers => auth_header assert_require_public_data ## The try with the public user - basic_authorization user.email, "test" + auth_header = basic_authorization_header user.email, "test" cs_id = changeset.id - put :close, :params => { :id => cs_id } + put changeset_close_path(:id => cs_id), :headers => auth_header assert_response :success # test that it really is closed now - cs = Changeset.find(cs_id) - assert_not(cs.is_open?, - "changeset should be closed now (#{cs.closed_at} > #{Time.now.getutc}.") + cs = Changeset.find(changeset.id) + assert_not(cs.open?, + "changeset should be closed now (#{cs.closed_at} > #{Time.now.utc}.") end ## @@ -210,9 +439,9 @@ module Api user = create(:user) changeset = create(:changeset) - basic_authorization user.email, "test" + auth_header = basic_authorization_header user.email, "test" - put :close, :params => { :id => changeset.id } + put changeset_close_path(changeset), :headers => auth_header assert_response :conflict assert_equal "The user doesn't own that changeset", @response.body end @@ -223,13 +452,15 @@ module Api user = create(:user) changeset = create(:changeset, :user => user) - basic_authorization user.email, "test" + auth_header = basic_authorization_header user.email, "test" - get :close, :params => { :id => changeset.id } - assert_response :method_not_allowed + get changeset_close_path(changeset), :headers => auth_header + assert_response :not_found + assert_template "rescues/routing_error" - post :close, :params => { :id => changeset.id } - assert_response :method_not_allowed + post changeset_close_path(changeset), :headers => auth_header + assert_response :not_found + assert_template "rescues/routing_error" end ## @@ -239,23 +470,19 @@ module Api # First try to do it with no auth cs_ids.each do |id| - begin - put :close, :params => { :id => id } - assert_response :unauthorized, "Shouldn't be able close the non-existant changeset #{id}, when not authorized" - rescue ActionController::UrlGenerationError => ex - assert_match(/No route matches/, ex.to_s) - end + put changeset_close_path(:id => id) + assert_response :unauthorized, "Shouldn't be able close the non-existant changeset #{id}, when not authorized" + rescue ActionController::UrlGenerationError => e + assert_match(/No route matches/, e.to_s) end # Now try with auth - basic_authorization create(:user).email, "test" + auth_header = basic_authorization_header create(:user).email, "test" cs_ids.each do |id| - begin - put :close, :params => { :id => id } - assert_response :not_found, "The changeset #{id} doesn't exist, so can't be closed" - rescue ActionController::UrlGenerationError => ex - assert_match(/No route matches/, ex.to_s) - end + put changeset_close_path(:id => id), :headers => auth_header + assert_response :not_found, "The changeset #{id} doesn't exist, so can't be closed" + rescue ActionController::UrlGenerationError => e + assert_match(/No route matches/, e.to_s) end end @@ -283,7 +510,7 @@ module Api # simple diff to change a node, way and relation by removing # their tags - diff = < @@ -299,20 +526,20 @@ module Api -CHANGESET + CHANGESET # upload it - post :upload, :params => { :id => changeset_id }, :body => diff + post changeset_upload_path(changeset), :params => diff assert_response :unauthorized, "shouldn't be able to upload a simple valid diff to changeset: #{@response.body}" ## Now try with a private user - basic_authorization private_user.email, "test" + auth_header = basic_authorization_header private_user.email, "test" changeset_id = private_changeset.id # simple diff to change a node, way and relation by removing # their tags - diff = < @@ -328,20 +555,20 @@ CHANGESET -CHANGESET + CHANGESET # upload it - post :upload, :params => { :id => changeset_id }, :body => diff + post changeset_upload_path(private_changeset), :params => diff, :headers => auth_header assert_response :forbidden, "can't upload a simple valid diff to changeset: #{@response.body}" ## Now try with the public user - basic_authorization user.email, "test" + auth_header = basic_authorization_header user.email, "test" changeset_id = changeset.id # simple diff to change a node, way and relation by removing # their tags - diff = < @@ -357,10 +584,10 @@ CHANGESET -CHANGESET + CHANGESET # upload it - post :upload, :params => { :id => changeset_id }, :body => diff + post changeset_upload_path(changeset), :params => diff, :headers => auth_header assert_response :success, "can't upload a simple valid diff to changeset: #{@response.body}" @@ -379,10 +606,10 @@ CHANGESET way = create(:way_with_nodes, :nodes_count => 2) relation = create(:relation) - basic_authorization user.email, "test" + auth_header = basic_authorization_header user.email, "test" # simple diff to create a node way and relation using placeholders - diff = < @@ -401,15 +628,15 @@ CHANGESET -CHANGESET + CHANGESET # upload it - post :upload, :params => { :id => changeset.id }, :body => diff + post changeset_upload_path(changeset), :params => diff, :headers => auth_header assert_response :success, "can't upload a simple valid creation to changeset: #{@response.body}" # check the returned payload - assert_select "diffResult[version='#{API_VERSION}'][generator='OpenStreetMap server']", 1 + assert_select "diffResult[version='#{Settings.api_version}'][generator='#{Settings.generator}']", 1 assert_select "diffResult>node", 1 assert_select "diffResult>way", 1 assert_select "diffResult>relation", 1 @@ -449,16 +676,16 @@ CHANGESET create(:relation_member, :relation => super_relation, :member => used_way) create(:relation_member, :relation => super_relation, :member => used_node) - basic_authorization changeset.user.display_name, "test" + auth_header = basic_authorization_header changeset.user.display_name, "test" diff = XML::Document.new diff.root = XML::Node.new "osmChange" delete = XML::Node.new "delete" diff.root << delete - delete << super_relation.to_xml_node - delete << used_relation.to_xml_node - delete << used_way.to_xml_node - delete << used_node.to_xml_node + delete << xml_node_for_relation(super_relation) + delete << xml_node_for_relation(used_relation) + delete << xml_node_for_way(used_way) + delete << xml_node_for_node(used_node) # update the changeset to one that this user owns %w[node way relation].each do |type| @@ -468,7 +695,7 @@ CHANGESET end # upload it - post :upload, :params => { :id => changeset.id }, :body => diff.to_s + post changeset_upload_path(changeset), :params => diff.to_s, :headers => auth_header assert_response :success, "can't upload a deletion diff to changeset: #{@response.body}" @@ -478,10 +705,10 @@ CHANGESET assert_select "diffResult>relation", 2 # check that everything was deleted - assert_equal false, Node.find(used_node.id).visible - assert_equal false, Way.find(used_way.id).visible - assert_equal false, Relation.find(super_relation.id).visible - assert_equal false, Relation.find(used_relation.id).visible + assert_not Node.find(used_node.id).visible + assert_not Way.find(used_way.id).visible + assert_not Relation.find(super_relation.id).visible + assert_not Relation.find(used_relation.id).visible end ## @@ -491,11 +718,11 @@ CHANGESET node = create(:node) changeset = create(:changeset) - basic_authorization changeset.user.display_name, "test" + auth_header = basic_authorization_header changeset.user.display_name, "test" diff = "" # upload it - post :upload, :params => { :id => changeset.id }, :body => diff + post changeset_upload_path(changeset), :params => diff, :headers => auth_header assert_response :success, "can't upload a deletion diff to changeset: #{@response.body}" @@ -503,34 +730,38 @@ CHANGESET assert_select "diffResult>node", 1 # check that everything was deleted - assert_equal false, Node.find(node.id).visible + assert_not Node.find(node.id).visible end def test_repeated_changeset_create 3.times do - basic_authorization create(:user).email, "test" + auth_header = basic_authorization_header create(:user).email, "test" # create a temporary changeset xml = "" \ "" \ "" assert_difference "Changeset.count", 1 do - put :create, :body => xml + put changeset_create_path, :params => xml, :headers => auth_header end assert_response :success end end def test_upload_large_changeset - basic_authorization create(:user).email, "test" + user = create(:user) + auth_header = basic_authorization_header user.email, "test" + + # create an old changeset to ensure we have the maximum rate limit + create(:changeset, :user => user, :created_at => Time.now.utc - 28.days) # create a changeset - put :create, :body => "" + put changeset_create_path, :params => "", :headers => auth_header assert_response :success, "Should be able to create a changeset: #{@response.body}" changeset_id = @response.body.to_i # upload some widely-spaced nodes, spiralling positive and negative - diff = < @@ -553,20 +784,20 @@ CHANGESET -CHANGESET + CHANGESET # upload it, which used to cause an error like "PGError: ERROR: # integer out of range" (bug #2152). but shouldn't any more. - post :upload, :params => { :id => changeset_id }, :body => diff + post changeset_upload_path(:id => changeset_id), :params => diff, :headers => auth_header assert_response :success, "can't upload a spatially-large diff to changeset: #{@response.body}" # check that the changeset bbox is within bounds cs = Changeset.find(changeset_id) - assert cs.min_lon >= -180 * GeoRecord::SCALE, "Minimum longitude (#{cs.min_lon / GeoRecord::SCALE}) should be >= -180 to be valid." - assert cs.max_lon <= 180 * GeoRecord::SCALE, "Maximum longitude (#{cs.max_lon / GeoRecord::SCALE}) should be <= 180 to be valid." - assert cs.min_lat >= -90 * GeoRecord::SCALE, "Minimum latitude (#{cs.min_lat / GeoRecord::SCALE}) should be >= -90 to be valid." - assert cs.max_lat <= 90 * GeoRecord::SCALE, "Maximum latitude (#{cs.max_lat / GeoRecord::SCALE}) should be <= 90 to be valid." + assert_operator cs.min_lon, :>=, -180 * GeoRecord::SCALE, "Minimum longitude (#{cs.min_lon / GeoRecord::SCALE}) should be >= -180 to be valid." + assert_operator cs.max_lon, :<=, 180 * GeoRecord::SCALE, "Maximum longitude (#{cs.max_lon / GeoRecord::SCALE}) should be <= 180 to be valid." + assert_operator cs.min_lat, :>=, -90 * GeoRecord::SCALE, "Minimum latitude (#{cs.min_lat / GeoRecord::SCALE}) should be >= -90 to be valid." + assert_operator cs.max_lat, :<=, 90 * GeoRecord::SCALE, "Maximum latitude (#{cs.max_lat / GeoRecord::SCALE}) should be <= 90 to be valid." end ## @@ -581,15 +812,15 @@ CHANGESET create(:relation_member, :relation => relation, :member => used_way) create(:relation_member, :relation => relation, :member => used_node) - basic_authorization changeset.user.email, "test" + auth_header = basic_authorization_header changeset.user.email, "test" diff = XML::Document.new diff.root = XML::Node.new "osmChange" delete = XML::Node.new "delete" diff.root << delete - delete << other_relation.to_xml_node - delete << used_way.to_xml_node - delete << used_node.to_xml_node + delete << xml_node_for_relation(other_relation) + delete << xml_node_for_way(used_way) + delete << xml_node_for_node(used_node) # update the changeset to one that this user owns %w[node way relation].each do |type| @@ -599,16 +830,16 @@ CHANGESET end # upload it - post :upload, :params => { :id => changeset.id }, :body => diff.to_s + post changeset_upload_path(changeset), :params => diff.to_s, :headers => auth_header assert_response :precondition_failed, "shouldn't be able to upload a invalid deletion diff: #{@response.body}" assert_equal "Precondition failed: Way #{used_way.id} is still used by relations #{relation.id}.", @response.body # check that nothing was, in fact, deleted - assert_equal true, Node.find(used_node.id).visible - assert_equal true, Way.find(used_way.id).visible - assert_equal true, Relation.find(relation.id).visible - assert_equal true, Relation.find(other_relation.id).visible + assert Node.find(used_node.id).visible + assert Way.find(used_way.id).visible + assert Relation.find(relation.id).visible + assert Relation.find(other_relation.id).visible end ## @@ -623,16 +854,16 @@ CHANGESET create(:relation_member, :relation => super_relation, :member => used_way) create(:relation_member, :relation => super_relation, :member => used_node) - basic_authorization changeset.user.email, "test" + auth_header = basic_authorization_header changeset.user.email, "test" diff = XML::Document.new diff.root = XML::Node.new "osmChange" delete = XML::Node.new "delete" diff.root << delete delete["if-unused"] = "" - delete << used_relation.to_xml_node - delete << used_way.to_xml_node - delete << used_node.to_xml_node + delete << xml_node_for_relation(used_relation) + delete << xml_node_for_way(used_way) + delete << xml_node_for_node(used_node) # update the changeset to one that this user owns %w[node way relation].each do |type| @@ -642,12 +873,12 @@ CHANGESET end # upload it - post :upload, :params => { :id => changeset.id }, :body => diff.to_s + post changeset_upload_path(changeset), :params => diff.to_s, :headers => auth_header assert_response :success, "can't do a conditional delete of in use objects: #{@response.body}" # check the returned payload - assert_select "diffResult[version='#{API_VERSION}'][generator='OpenStreetMap server']", 1 + assert_select "diffResult[version='#{Settings.api_version}'][generator='#{Settings.generator}']", 1 assert_select "diffResult>node", 1 assert_select "diffResult>way", 1 assert_select "diffResult>relation", 1 @@ -671,9 +902,9 @@ CHANGESET assert_equal used_relation.version, doc.find("//diffResult/relation").first["new_version"].to_i # check that nothing was, in fact, deleted - assert_equal true, Node.find(used_node.id).visible - assert_equal true, Way.find(used_way.id).visible - assert_equal true, Relation.find(used_relation.id).visible + assert Node.find(used_node.id).visible + assert Way.find(used_way.id).visible + assert Relation.find(used_relation.id).visible end ## @@ -681,10 +912,10 @@ CHANGESET def test_upload_invalid_too_long_tag changeset = create(:changeset) - basic_authorization changeset.user.email, "test" + auth_header = basic_authorization_header changeset.user.email, "test" # simple diff to create a node way and relation using placeholders - diff = < @@ -692,12 +923,12 @@ CHANGESET -CHANGESET + CHANGESET # upload it - post :upload, :params => { :id => changeset.id }, :body => diff + post changeset_upload_path(changeset), :params => diff, :headers => auth_header assert_response :bad_request, - "shoudln't be able to upload too long a tag to changeset: #{@response.body}" + "shouldn't be able to upload too long a tag to changeset: #{@response.body}" end ## @@ -711,10 +942,10 @@ CHANGESET changeset = create(:changeset) - basic_authorization changeset.user.email, "test" + auth_header = basic_authorization_header changeset.user.email, "test" # simple diff to create a node way and relation using placeholders - diff = < @@ -734,15 +965,15 @@ CHANGESET -CHANGESET + CHANGESET # upload it - post :upload, :params => { :id => changeset.id }, :body => diff + post changeset_upload_path(changeset), :params => diff, :headers => auth_header assert_response :success, "can't upload a complex diff to changeset: #{@response.body}" # check the returned payload - assert_select "diffResult[version='#{API_VERSION}'][generator='#{GENERATOR}']", 1 + assert_select "diffResult[version='#{Settings.api_version}'][generator='#{Settings.generator}']", 1 assert_select "diffResult>node", 1 assert_select "diffResult>way", 1 assert_select "diffResult>relation", 1 @@ -770,10 +1001,10 @@ CHANGESET relation = create(:relation) other_relation = create(:relation) - basic_authorization changeset.user.email, "test" + auth_header = basic_authorization_header changeset.user.email, "test" # simple diff to create a node way and relation using placeholders - diff = < @@ -795,10 +1026,10 @@ CHANGESET -CHANGESET + CHANGESET # upload it - post :upload, :params => { :id => changeset.id }, :body => diff + post changeset_upload_path(changeset), :params => diff, :headers => auth_header assert_response :conflict, "uploading a diff with multiple changesets should have failed" @@ -813,28 +1044,28 @@ CHANGESET def test_upload_multiple_valid node = create(:node) changeset = create(:changeset) - basic_authorization changeset.user.email, "test" + auth_header = basic_authorization_header changeset.user.email, "test" # change the location of a node multiple times, each time referencing # the last version. doesn't this depend on version numbers being # sequential? - diff = < - - - - - - - - + + + + + + + + -CHANGESET + CHANGESET # upload it - post :upload, :params => { :id => changeset.id }, :body => diff + post changeset_upload_path(changeset), :params => diff, :headers => auth_header assert_response :success, "can't upload multiple versions of an element in a diff: #{@response.body}" @@ -851,19 +1082,19 @@ CHANGESET node = create(:node) changeset = create(:changeset) - basic_authorization changeset.user.email, "test" + auth_header = basic_authorization_header changeset.user.email, "test" - diff = < -CHANGESET + CHANGESET # upload it - post :upload, :params => { :id => changeset.id }, :body => diff + post changeset_upload_path(changeset), :params => diff, :headers => auth_header assert_response :conflict, "shouldn't be able to upload the same element twice in a diff: #{@response.body}" end @@ -873,18 +1104,18 @@ CHANGESET def test_upload_missing_version changeset = create(:changeset) - basic_authorization changeset.user.email, "test" + auth_header = basic_authorization_header changeset.user.email, "test" - diff = < -CHANGESET + CHANGESET # upload it - post :upload, :params => { :id => changeset.id }, :body => diff + post changeset_upload_path(changeset), :params => diff, :headers => auth_header assert_response :bad_request, "shouldn't be able to upload an element without version: #{@response.body}" end @@ -894,18 +1125,18 @@ CHANGESET def test_action_upload_invalid changeset = create(:changeset) - basic_authorization changeset.user.email, "test" + auth_header = basic_authorization_header changeset.user.email, "test" - diff = < -CHANGESET - post :upload, :params => { :id => changeset.id }, :body => diff + CHANGESET + post changeset_upload_path(changeset), :params => diff, :headers => auth_header assert_response :bad_request, "Shouldn't be able to upload a diff with the action ping" - assert_equal @response.body, "Unknown action ping, choices are create, modify, delete" + assert_equal("Unknown action ping, choices are create, modify, delete", @response.body) end ## @@ -919,9 +1150,9 @@ CHANGESET other_relation = create(:relation) create(:relation_tag, :relation => relation) - basic_authorization changeset.user.email, "test" + auth_header = basic_authorization_header changeset.user.email, "test" - diff = < @@ -933,10 +1164,10 @@ CHANGESET -CHANGESET + CHANGESET # upload it - post :upload, :params => { :id => changeset.id }, :body => diff + post changeset_upload_path(changeset), :params => diff, :headers => auth_header assert_response :success, "can't upload a valid diff with whitespace variations to changeset: #{@response.body}" @@ -954,9 +1185,9 @@ CHANGESET def test_upload_reuse_placeholder_valid changeset = create(:changeset) - basic_authorization changeset.user.email, "test" + auth_header = basic_authorization_header changeset.user.email, "test" - diff = < @@ -970,10 +1201,10 @@ CHANGESET -CHANGESET + CHANGESET # upload it - post :upload, :params => { :id => changeset.id }, :body => diff + post changeset_upload_path(changeset), :params => diff, :headers => auth_header assert_response :success, "can't upload a valid diff with re-used placeholders to changeset: #{@response.body}" @@ -988,9 +1219,9 @@ CHANGESET def test_upload_placeholder_invalid changeset = create(:changeset) - basic_authorization changeset.user.email, "test" + auth_header = basic_authorization_header changeset.user.email, "test" - diff = < @@ -998,14 +1229,98 @@ CHANGESET -CHANGESET + CHANGESET # upload it - post :upload, :params => { :id => changeset.id }, :body => diff + post changeset_upload_path(changeset), :params => diff, :headers => auth_header + assert_response :bad_request, + "shouldn't be able to re-use placeholder IDs" + + # placeholder_ids must be unique across all action blocks + diff = <<~CHANGESET + + + + + + + + + CHANGESET + + # upload it + post changeset_upload_path(changeset), :params => diff, :headers => auth_header assert_response :bad_request, "shouldn't be able to re-use placeholder IDs" end + def test_upload_process_order + changeset = create(:changeset) + + auth_header = basic_authorization_header changeset.user.email, "test" + + diff = <<~CHANGESET + + + + + + + + + + + CHANGESET + + # upload it + post changeset_upload_path(changeset), :params => diff, :headers => auth_header + assert_response :bad_request, + "shouldn't refer elements behind it" + end + + def test_upload_duplicate_delete + changeset = create(:changeset) + + auth_header = basic_authorization_header changeset.user.email, "test" + + diff = <<~CHANGESET + + + + + + + + + + CHANGESET + + # upload it + post changeset_upload_path(changeset), :params => diff, :headers => auth_header + assert_response :gone, + "transaction should be cancelled by second deletion" + + diff = <<~CHANGESET + + + + + + + + + + CHANGESET + + # upload it + post changeset_upload_path(changeset), :params => diff, :headers => auth_header + + assert_select "diffResult>node", 3 + assert_select "diffResult>node[old_id='-1']", 3 + assert_select "diffResult>node[new_version='1']", 1 + assert_select "diffResult>node[new_version='2']", 1 + end + ## # test that uploading a way referencing invalid placeholders gives a # proper error, not a 500. @@ -1013,14 +1328,14 @@ CHANGESET changeset = create(:changeset) way = create(:way) - basic_authorization changeset.user.email, "test" + auth_header = basic_authorization_header changeset.user.email, "test" - diff = < - - - + + + @@ -1029,21 +1344,21 @@ CHANGESET -CHANGESET + CHANGESET # upload it - post :upload, :params => { :id => changeset.id }, :body => diff + post changeset_upload_path(changeset), :params => diff, :headers => auth_header assert_response :bad_request, "shouldn't be able to use invalid placeholder IDs" assert_equal "Placeholder node not found for reference -4 in way -1", @response.body # the same again, but this time use an existing way - diff = < - - - + + + @@ -1052,10 +1367,10 @@ CHANGESET -CHANGESET + CHANGESET # upload it - post :upload, :params => { :id => changeset.id }, :body => diff + post changeset_upload_path(changeset), :params => diff, :headers => auth_header assert_response :bad_request, "shouldn't be able to use invalid placeholder IDs" assert_equal "Placeholder node not found for reference -4 in way #{way.id}", @response.body @@ -1068,14 +1383,14 @@ CHANGESET changeset = create(:changeset) relation = create(:relation) - basic_authorization changeset.user.email, "test" + auth_header = basic_authorization_header changeset.user.email, "test" - diff = < - - - + + + @@ -1084,21 +1399,21 @@ CHANGESET -CHANGESET + CHANGESET # upload it - post :upload, :params => { :id => changeset.id }, :body => diff + post changeset_upload_path(changeset), :params => diff, :headers => auth_header assert_response :bad_request, "shouldn't be able to use invalid placeholder IDs" assert_equal "Placeholder Node not found for reference -4 in relation -1.", @response.body # the same again, but this time use an existing relation - diff = < - - - + + + @@ -1107,10 +1422,10 @@ CHANGESET -CHANGESET + CHANGESET # upload it - post :upload, :params => { :id => changeset.id }, :body => diff + post changeset_upload_path(changeset), :params => diff, :headers => auth_header assert_response :bad_request, "shouldn't be able to use invalid placeholder IDs" assert_equal "Placeholder Way not found for reference -1 in relation #{relation.id}.", @response.body @@ -1120,12 +1435,12 @@ CHANGESET # test what happens if a diff is uploaded containing only a node # move. def test_upload_node_move - basic_authorization create(:user).email, "test" + auth_header = basic_authorization_header create(:user).email, "test" xml = "" \ "" \ "" - put :create, :body => xml + put changeset_create_path, :params => xml, :headers => auth_header assert_response :success changeset_id = @response.body.to_i @@ -1134,7 +1449,7 @@ CHANGESET diff = XML::Document.new diff.root = XML::Node.new "osmChange" modify = XML::Node.new "modify" - xml_old_node = old_node.to_xml_node + xml_old_node = xml_node_for_node(old_node) xml_old_node["lat"] = 2.0.to_s xml_old_node["lon"] = 2.0.to_s xml_old_node["changeset"] = changeset_id.to_s @@ -1142,7 +1457,7 @@ CHANGESET diff.root << modify # upload it - post :upload, :params => { :id => changeset_id }, :body => diff.to_s + post changeset_upload_path(:id => changeset_id), :params => diff.to_s, :headers => auth_header assert_response :success, "diff should have uploaded OK" @@ -1157,40 +1472,40 @@ CHANGESET ## # test what happens if a diff is uploaded adding a node to a way. def test_upload_way_extend - basic_authorization create(:user).email, "test" + auth_header = basic_authorization_header create(:user).email, "test" xml = "" \ "" \ "" - put :create, :body => xml + put changeset_create_path, :params => xml, :headers => auth_header assert_response :success changeset_id = @response.body.to_i old_way = create(:way) - create(:way_node, :way => old_way, :node => create(:node, :lat => 1, :lon => 1)) + create(:way_node, :way => old_way, :node => create(:node, :lat => 0.1, :lon => 0.1)) diff = XML::Document.new diff.root = XML::Node.new "osmChange" modify = XML::Node.new "modify" - xml_old_way = old_way.to_xml_node + xml_old_way = xml_node_for_way(old_way) nd_ref = XML::Node.new "nd" - nd_ref["ref"] = create(:node, :lat => 3, :lon => 3).id.to_s + nd_ref["ref"] = create(:node, :lat => 0.3, :lon => 0.3).id.to_s xml_old_way << nd_ref xml_old_way["changeset"] = changeset_id.to_s modify << xml_old_way diff.root << modify # upload it - post :upload, :params => { :id => changeset_id }, :body => diff.to_s + post changeset_upload_path(:id => changeset_id), :params => diff.to_s, :headers => auth_header assert_response :success, "diff should have uploaded OK" # check the bbox changeset = Changeset.find(changeset_id) - assert_equal 1 * GeoRecord::SCALE, changeset.min_lon, "min_lon should be 1 degree" - assert_equal 3 * GeoRecord::SCALE, changeset.max_lon, "max_lon should be 3 degrees" - assert_equal 1 * GeoRecord::SCALE, changeset.min_lat, "min_lat should be 1 degree" - assert_equal 3 * GeoRecord::SCALE, changeset.max_lat, "max_lat should be 3 degrees" + assert_equal 0.1 * GeoRecord::SCALE, changeset.min_lon, "min_lon should be 0.1 degree" + assert_equal 0.3 * GeoRecord::SCALE, changeset.max_lon, "max_lon should be 0.3 degrees" + assert_equal 0.1 * GeoRecord::SCALE, changeset.min_lat, "min_lat should be 0.1 degree" + assert_equal 0.3 * GeoRecord::SCALE, changeset.max_lat, "max_lat should be 0.3 degrees" end ## @@ -1198,16 +1513,16 @@ CHANGESET def test_upload_empty_invalid changeset = create(:changeset) - basic_authorization changeset.user.email, "test" + auth_header = basic_authorization_header changeset.user.email, "test" ["", "", "", ""].each do |diff| # upload it - post :upload, :params => { :id => changeset.id }, :body => diff + post changeset_upload_path(changeset), :params => diff, :headers => auth_header assert_response(:success, "should be able to upload " \ - "empty changeset: " + diff) + "empty changeset: " + diff) end end @@ -1218,27 +1533,340 @@ CHANGESET node = create(:node) create(:relation_member, :member => node) - basic_authorization changeset.user.email, "test" + auth_header = basic_authorization_header changeset.user.email, "test" # try and delete a node that is in use diff = XML::Document.new diff.root = XML::Node.new "osmChange" delete = XML::Node.new "delete" diff.root << delete - delete << node.to_xml_node + delete << xml_node_for_node(node) # upload it - error_format "xml" - post :upload, :params => { :id => changeset.id }, :body => diff.to_s + error_header = error_format_header "xml" + post changeset_upload_path(changeset), :params => diff.to_s, :headers => auth_header.merge(error_header) assert_response :success, "failed to return error in XML format" # check the returned payload - assert_select "osmError[version='#{API_VERSION}'][generator='OpenStreetMap server']", 1 + assert_select "osmError[version='#{Settings.api_version}'][generator='#{Settings.generator}']", 1 assert_select "osmError>status", 1 assert_select "osmError>message", 1 end + def test_upload_not_found + changeset = create(:changeset) + + auth_header = basic_authorization_header changeset.user.email, "test" + + # modify node + diff = <<~CHANGESET + + + + + + CHANGESET + + # upload it + post changeset_upload_path(changeset), :params => diff, :headers => auth_header + assert_response :not_found, "Node should not be found" + + # modify way + diff = <<~CHANGESET + + + + + + CHANGESET + + # upload it + post changeset_upload_path(changeset), :params => diff, :headers => auth_header + assert_response :not_found, "Way should not be found" + + # modify relation + diff = <<~CHANGESET + + + + + + CHANGESET + + # upload it + post changeset_upload_path(changeset), :params => diff, :headers => auth_header + assert_response :not_found, "Relation should not be found" + + # delete node + diff = <<~CHANGESET + + + + + + CHANGESET + + # upload it + post changeset_upload_path(changeset), :params => diff, :headers => auth_header + assert_response :not_found, "Node should not be deleted" + + # delete way + diff = <<~CHANGESET + + + + + + CHANGESET + + # upload it + post changeset_upload_path(changeset), :params => diff, :headers => auth_header + assert_response :not_found, "Way should not be deleted" + + # delete relation + diff = <<~CHANGESET + + + + + + CHANGESET + + # upload it + post changeset_upload_path(changeset), :params => diff, :headers => auth_header + assert_response :not_found, "Relation should not be deleted" + end + + def test_upload_relation_placeholder_not_fix + changeset = create(:changeset) + + auth_header = basic_authorization_header changeset.user.email, "test" + + # modify node + diff = <<~CHANGESET + + + + + + + + + + + + + + + + + + + + CHANGESET + + # upload it + post changeset_upload_path(changeset), :params => diff.to_s, :headers => auth_header + assert_response :bad_request, "shouldn't be able to use reference -4 in relation -2: #{@response.body}" + assert_equal "Placeholder Relation not found for reference -4 in relation -2.", @response.body + end + + def test_upload_multiple_delete_block + changeset = create(:changeset) + + auth_header = basic_authorization_header changeset.user.email, "test" + + node = create(:node) + way = create(:way) + create(:way_node, :way => way, :node => node) + alone_node = create(:node) + + # modify node + diff = <<~CHANGESET + + + + + + + + + CHANGESET + + # upload it + post changeset_upload_path(changeset), :params => diff.to_s, :headers => auth_header + assert_response :precondition_failed, + "shouldn't be able to upload a invalid deletion diff: #{@response.body}" + assert_equal "Precondition failed: Node #{node.id} is still used by ways #{way.id}.", @response.body + end + + ## + # test initial rate limit + def test_upload_initial_rate_limit + # create a user + user = create(:user) + + # create some objects to use + node = create(:node) + way = create(:way_with_nodes, :nodes_count => 2) + relation = create(:relation) + + # create a changeset that puts us near the initial rate limit + changeset = create(:changeset, :user => user, + :created_at => Time.now.utc - 5.minutes, + :num_changes => Settings.initial_changes_per_hour - 2) + + # create authentication header + auth_header = basic_authorization_header user.email, "test" + + # simple diff to create a node way and relation using placeholders + diff = <<~CHANGESET + + + + + + + + + + + + + + + + + + + CHANGESET + + # upload it + post changeset_upload_path(changeset), :params => diff, :headers => auth_header + assert_response :too_many_requests, "upload did not hit rate limit" + end + + ## + # test maximum rate limit + def test_upload_maximum_rate_limit + # create a user + user = create(:user) + + # create some objects to use + node = create(:node) + way = create(:way_with_nodes, :nodes_count => 2) + relation = create(:relation) + + # create a changeset to establish our initial edit time + changeset = create(:changeset, :user => user, + :created_at => Time.now.utc - 28.days) + + # create changeset to put us near the maximum rate limit + total_changes = Settings.max_changes_per_hour - 2 + while total_changes.positive? + changes = [total_changes, Changeset::MAX_ELEMENTS].min + changeset = create(:changeset, :user => user, + :created_at => Time.now.utc - 5.minutes, + :num_changes => changes) + total_changes -= changes + end + + # create authentication header + auth_header = basic_authorization_header user.email, "test" + + # simple diff to create a node way and relation using placeholders + diff = <<~CHANGESET + + + + + + + + + + + + + + + + + + + CHANGESET + + # upload it + post changeset_upload_path(changeset), :params => diff, :headers => auth_header + assert_response :too_many_requests, "upload did not hit rate limit" + end + + ## + # test initial size limit + def test_upload_initial_size_limit + # create a user + user = create(:user) + + # create a changeset that puts us near the initial size limit + changeset = create(:changeset, :user => user, + :min_lat => (-0.5 * GeoRecord::SCALE).round, :min_lon => (0.5 * GeoRecord::SCALE).round, + :max_lat => (0.5 * GeoRecord::SCALE).round, :max_lon => (2.5 * GeoRecord::SCALE).round) + + # create authentication header + auth_header = basic_authorization_header user.email, "test" + + # simple diff to create a node + diff = <<~CHANGESET + + + + + + + + + CHANGESET + + # upload it + post changeset_upload_path(changeset), :params => diff, :headers => auth_header + assert_response :payload_too_large, "upload did not hit size limit" + end + + ## + # test size limit after one week + def test_upload_week_size_limit + # create a user + user = create(:user) + + # create a changeset to establish our initial edit time + create(:changeset, :user => user, :created_at => Time.now.utc - 7.days) + + # create a changeset that puts us near the initial size limit + changeset = create(:changeset, :user => user, + :min_lat => (-0.5 * GeoRecord::SCALE).round, :min_lon => (0.5 * GeoRecord::SCALE).round, + :max_lat => (0.5 * GeoRecord::SCALE).round, :max_lon => (2.5 * GeoRecord::SCALE).round) + + # create authentication header + auth_header = basic_authorization_header user.email, "test" + + # simple diff to create a node way and relation using placeholders + diff = <<~CHANGESET + + + + + + + + + CHANGESET + + # upload it + post changeset_upload_path(changeset), :params => diff, :headers => auth_header + assert_response :payload_too_large, "upload did not hit size limit" + end + ## # when we make some simple changes we get the same changes back from the # diff download. @@ -1246,48 +1874,48 @@ CHANGESET node = create(:node) ## First try with a non-public user, which should get a forbidden - basic_authorization create(:user, :data_public => false).email, "test" + auth_header = basic_authorization_header create(:user, :data_public => false).email, "test" # create a temporary changeset xml = "" \ "" \ "" - put :create, :body => xml + put changeset_create_path, :params => xml, :headers => auth_header assert_response :forbidden ## Now try with a normal user - basic_authorization create(:user).email, "test" + auth_header = basic_authorization_header create(:user).email, "test" # create a temporary changeset xml = "" \ "" \ "" - put :create, :body => xml + put changeset_create_path, :params => xml, :headers => auth_header assert_response :success changeset_id = @response.body.to_i # add a diff to it - diff = < - - - - - - - - + + + + + + + + -CHANGESET + CHANGESET # upload it - post :upload, :params => { :id => changeset_id }, :body => diff + post changeset_upload_path(:id => changeset_id), :params => diff, :headers => auth_header assert_response :success, "can't upload multiple versions of an element in a diff: #{@response.body}" - get :download, :params => { :id => changeset_id } + get changeset_download_path(:id => changeset_id) assert_response :success assert_select "osmChange", 1 @@ -1301,17 +1929,17 @@ CHANGESET # # NOTE: the error turned out to be something else completely! def test_josm_upload - basic_authorization create(:user).email, "test" + auth_header = basic_authorization_header create(:user).email, "test" # create a temporary changeset xml = "" \ "" \ "" - put :create, :body => xml + put changeset_create_path, :params => xml, :headers => auth_header assert_response :success changeset_id = @response.body.to_i - diff = < @@ -1323,7 +1951,7 @@ CHANGESET - + @@ -1338,14 +1966,14 @@ CHANGESET -OSMFILE + OSMFILE # upload it - post :upload, :params => { :id => changeset_id }, :body => diff + post changeset_upload_path(:id => changeset_id), :params => diff, :headers => auth_header assert_response :success, "can't upload a diff from JOSM: #{@response.body}" - get :download, :params => { :id => changeset_id } + get changeset_download_path(:id => changeset_id) assert_response :success assert_select "osmChange", 1 @@ -1362,29 +1990,29 @@ OSMFILE node = create(:node) node2 = create(:node) way = create(:way) - basic_authorization create(:user).email, "test" + auth_header = basic_authorization_header create(:user).email, "test" # create a temporary changeset xml = "" \ "" \ "" - put :create, :body => xml + put changeset_create_path, :params => xml, :headers => auth_header assert_response :success changeset_id = @response.body.to_i # add a diff to it - diff = < - + - - - + + + - + @@ -1393,14 +2021,14 @@ OSMFILE -CHANGESET + CHANGESET # upload it - post :upload, :params => { :id => changeset_id }, :body => diff + post changeset_upload_path(:id => changeset_id), :params => diff, :headers => auth_header assert_response :success, "can't upload multiple versions of an element in a diff: #{@response.body}" - get :download, :params => { :id => changeset_id } + get changeset_download_path(:id => changeset_id) assert_response :success assert_select "osmChange", 1 @@ -1422,13 +2050,12 @@ CHANGESET _relation = create(:relation, :with_history, :version => 1, :changeset => changeset) _relation2 = create(:relation, :with_history, :deleted, :version => 1, :changeset => changeset) - get :download, :params => { :id => changeset.id } + get changeset_download_path(changeset) assert_response :success - assert_template nil - # print @response.body + # FIXME: needs more assert_select tests - assert_select "osmChange[version='#{API_VERSION}'][generator='#{GENERATOR}']" do + assert_select "osmChange[version='#{Settings.api_version}'][generator='#{Settings.generator}']" do assert_select "create", :count => 5 assert_select "create>node[id='#{node.id}'][visible='#{node.visible?}'][version='#{node.version}']" do assert_select "tag[k='#{tag.k}'][v='#{tag.v}']" @@ -1437,116 +2064,99 @@ CHANGESET end end + test "sorts downloaded elements by timestamp" do + changeset = create(:changeset) + node1 = create(:old_node, :version => 2, :timestamp => "2020-02-01", :changeset => changeset) + node0 = create(:old_node, :version => 2, :timestamp => "2020-01-01", :changeset => changeset) + + get changeset_download_path(changeset) + assert_response :success + assert_dom "modify", :count => 2 do |modify| + assert_dom modify[0], ">node", :count => 1 do |node| + assert_dom node, ">@id", node0.node_id.to_s + end + assert_dom modify[1], ">node", :count => 1 do |node| + assert_dom node, ">@id", node1.node_id.to_s + end + end + end + + test "sorts downloaded elements by version" do + changeset = create(:changeset) + node1 = create(:old_node, :version => 3, :timestamp => "2020-01-01", :changeset => changeset) + node0 = create(:old_node, :version => 2, :timestamp => "2020-01-01", :changeset => changeset) + + get changeset_download_path(changeset) + assert_response :success + assert_dom "modify", :count => 2 do |modify| + assert_dom modify[0], ">node", :count => 1 do |node| + assert_dom node, ">@id", node0.node_id.to_s + end + assert_dom modify[1], ">node", :count => 1 do |node| + assert_dom node, ">@id", node1.node_id.to_s + end + end + end + ## # check that the bounding box of a changeset gets updated correctly # FIXME: This should really be moded to a integration test due to the with_controller def test_changeset_bbox way = create(:way) - create(:way_node, :way => way, :node => create(:node, :lat => 3, :lon => 3)) + create(:way_node, :way => way, :node => create(:node, :lat => 0.3, :lon => 0.3)) - basic_authorization create(:user).email, "test" + auth_header = basic_authorization_header create(:user).email, "test" # create a new changeset xml = "" - put :create, :body => xml + put changeset_create_path, :params => xml, :headers => auth_header assert_response :success, "Creating of changeset failed." changeset_id = @response.body.to_i # add a single node to it with_controller(NodesController.new) do - xml = "" - put :create, :body => xml + xml = "" + put node_create_path, :params => xml, :headers => auth_header assert_response :success, "Couldn't create node." end # get the bounding box back from the changeset - get :show, :params => { :id => changeset_id } + get changeset_show_path(:id => changeset_id) assert_response :success, "Couldn't read back changeset." - assert_select "osm>changeset[min_lon='1.0000000']", 1 - assert_select "osm>changeset[max_lon='1.0000000']", 1 - assert_select "osm>changeset[min_lat='2.0000000']", 1 - assert_select "osm>changeset[max_lat='2.0000000']", 1 + assert_select "osm>changeset[min_lon='0.1000000']", 1 + assert_select "osm>changeset[max_lon='0.1000000']", 1 + assert_select "osm>changeset[min_lat='0.2000000']", 1 + assert_select "osm>changeset[max_lat='0.2000000']", 1 # add another node to it with_controller(NodesController.new) do - xml = "" - put :create, :body => xml + xml = "" + put node_create_path, :params => xml, :headers => auth_header assert_response :success, "Couldn't create second node." end # get the bounding box back from the changeset - get :show, :params => { :id => changeset_id } + get changeset_show_path(:id => changeset_id) assert_response :success, "Couldn't read back changeset for the second time." - assert_select "osm>changeset[min_lon='1.0000000']", 1 - assert_select "osm>changeset[max_lon='2.0000000']", 1 - assert_select "osm>changeset[min_lat='1.0000000']", 1 - assert_select "osm>changeset[max_lat='2.0000000']", 1 + assert_select "osm>changeset[min_lon='0.1000000']", 1 + assert_select "osm>changeset[max_lon='0.2000000']", 1 + assert_select "osm>changeset[min_lat='0.1000000']", 1 + assert_select "osm>changeset[max_lat='0.2000000']", 1 # add (delete) a way to it, which contains a point at (3,3) with_controller(WaysController.new) do - xml = update_changeset(way.to_xml, changeset_id) - put :delete, :params => { :id => way.id }, :body => xml.to_s + xml = update_changeset(xml_for_way(way), changeset_id) + delete api_way_path(way), :params => xml.to_s, :headers => auth_header assert_response :success, "Couldn't delete a way." end # get the bounding box back from the changeset - get :show, :params => { :id => changeset_id } + get changeset_show_path(:id => changeset_id) assert_response :success, "Couldn't read back changeset for the third time." - assert_select "osm>changeset[min_lon='1.0000000']", 1 - assert_select "osm>changeset[max_lon='3.0000000']", 1 - assert_select "osm>changeset[min_lat='1.0000000']", 1 - assert_select "osm>changeset[max_lat='3.0000000']", 1 - end - - ## - # test that the changeset :include method works as it should - def test_changeset_include - basic_authorization create(:user).display_name, "test" - - # create a new changeset - put :create, :body => "" - assert_response :success, "Creating of changeset failed." - changeset_id = @response.body.to_i - - # NOTE: the include method doesn't over-expand, like inserting - # a real method does. this is because we expect the client to - # know what it is doing! - check_after_include(changeset_id, 1, 1, [1, 1, 1, 1]) - check_after_include(changeset_id, 3, 3, [1, 1, 3, 3]) - check_after_include(changeset_id, 4, 2, [1, 1, 4, 3]) - check_after_include(changeset_id, 2, 2, [1, 1, 4, 3]) - check_after_include(changeset_id, -1, -1, [-1, -1, 4, 3]) - check_after_include(changeset_id, -2, 5, [-2, -1, 4, 5]) - end - - ## - # test that a not found, wrong method with the expand bbox works as expected - def test_changeset_expand_bbox_error - basic_authorization create(:user).display_name, "test" - - # create a new changeset - xml = "" - put :create, :body => xml - assert_response :success, "Creating of changeset failed." - changeset_id = @response.body.to_i - - lon = 58.2 - lat = -0.45 - - # Try and put - xml = "" - put :expand_bbox, :params => { :id => changeset_id }, :body => xml - assert_response :method_not_allowed, "shouldn't be able to put a bbox expand" - - # Try to get the update - xml = "" - get :expand_bbox, :params => { :id => changeset_id }, :body => xml - assert_response :method_not_allowed, "shouldn't be able to get a bbox expand" - - # Try to use a hopefully missing changeset - xml = "" - post :expand_bbox, :params => { :id => changeset_id + 13245 }, :body => xml - assert_response :not_found, "shouldn't be able to do a bbox expand on a nonexistant changeset" + assert_select "osm>changeset[min_lon='0.1000000']", 1 + assert_select "osm>changeset[max_lon='0.3000000']", 1 + assert_select "osm>changeset[min_lat='0.1000000']", 1 + assert_select "osm>changeset[max_lat='0.3000000']", 1 end ## @@ -1558,84 +2168,208 @@ CHANGESET user = create(:user) changeset = create(:changeset, :user => user) closed_changeset = create(:changeset, :closed, :user => user, :created_at => Time.utc(2008, 1, 1, 0, 0, 0), :closed_at => Time.utc(2008, 1, 2, 0, 0, 0)) - changeset2 = create(:changeset, :min_lat => 5 * GeoRecord::SCALE, :min_lon => 5 * GeoRecord::SCALE, :max_lat => 15 * GeoRecord::SCALE, :max_lon => 15 * GeoRecord::SCALE) - changeset3 = create(:changeset, :min_lat => 4.5 * GeoRecord::SCALE, :min_lon => 4.5 * GeoRecord::SCALE, :max_lat => 5 * GeoRecord::SCALE, :max_lon => 5 * GeoRecord::SCALE) + changeset2 = create(:changeset, :min_lat => (5 * GeoRecord::SCALE).round, :min_lon => (5 * GeoRecord::SCALE).round, :max_lat => (15 * GeoRecord::SCALE).round, :max_lon => (15 * GeoRecord::SCALE).round) + changeset3 = create(:changeset, :min_lat => (4.5 * GeoRecord::SCALE).round, :min_lon => (4.5 * GeoRecord::SCALE).round, :max_lat => (5 * GeoRecord::SCALE).round, :max_lon => (5 * GeoRecord::SCALE).round) - get :query, :params => { :bbox => "-10,-10, 10, 10" } + get changesets_path(:bbox => "-10,-10, 10, 10") assert_response :success, "can't get changesets in bbox" assert_changesets [changeset2, changeset3] - get :query, :params => { :bbox => "4.5,4.5,4.6,4.6" } + get changesets_path(:bbox => "4.5,4.5,4.6,4.6") assert_response :success, "can't get changesets in bbox" assert_changesets [changeset3] # not found when looking for changesets of non-existing users - get :query, :params => { :user => User.maximum(:id) + 1 } + get changesets_path(:user => User.maximum(:id) + 1) assert_response :not_found - get :query, :params => { :display_name => " " } + assert_equal "text/plain", @response.media_type + get changesets_path(:display_name => " ") assert_response :not_found + assert_equal "text/plain", @response.media_type # can't get changesets of user 1 without authenticating - get :query, :params => { :user => private_user.id } + get changesets_path(:user => private_user.id) assert_response :not_found, "shouldn't be able to get changesets by non-public user (ID)" - get :query, :params => { :display_name => private_user.display_name } + get changesets_path(:display_name => private_user.display_name) assert_response :not_found, "shouldn't be able to get changesets by non-public user (name)" # but this should work - basic_authorization private_user.email, "test" - get :query, :params => { :user => private_user.id } + auth_header = basic_authorization_header private_user.email, "test" + get changesets_path(:user => private_user.id), :headers => auth_header assert_response :success, "can't get changesets by user ID" assert_changesets [private_user_changeset, private_user_closed_changeset] - get :query, :params => { :display_name => private_user.display_name } + get changesets_path(:display_name => private_user.display_name), :headers => auth_header assert_response :success, "can't get changesets by user name" assert_changesets [private_user_changeset, private_user_closed_changeset] + # test json endpoint + get changesets_path(:display_name => private_user.display_name), :headers => auth_header, :params => { :format => "json" } + assert_response :success, "can't get changesets by user name" + + js = ActiveSupport::JSON.decode(@response.body) + assert_not_nil js + + assert_equal Settings.api_version, js["version"] + assert_equal Settings.generator, js["generator"] + assert_equal 2, js["changesets"].count + # check that the correct error is given when we provide both UID and name - get :query, :params => { :user => private_user.id, - :display_name => private_user.display_name } + get changesets_path(:user => private_user.id, + :display_name => private_user.display_name), :headers => auth_header assert_response :bad_request, "should be a bad request to have both ID and name specified" - get :query, :params => { :user => private_user.id, :open => true } + get changesets_path(:user => private_user.id, :open => true), :headers => auth_header assert_response :success, "can't get changesets by user and open" assert_changesets [private_user_changeset] - get :query, :params => { :time => "2007-12-31" } + get changesets_path(:time => "2007-12-31"), :headers => auth_header assert_response :success, "can't get changesets by time-since" assert_changesets [private_user_changeset, private_user_closed_changeset, changeset, closed_changeset, changeset2, changeset3] - get :query, :params => { :time => "2008-01-01T12:34Z" } + get changesets_path(:time => "2008-01-01T12:34Z"), :headers => auth_header assert_response :success, "can't get changesets by time-since with hour" assert_changesets [private_user_changeset, private_user_closed_changeset, changeset, closed_changeset, changeset2, changeset3] - get :query, :params => { :time => "2007-12-31T23:59Z,2008-01-02T00:01Z" } + get changesets_path(:time => "2007-12-31T23:59Z,2008-01-02T00:01Z"), :headers => auth_header assert_response :success, "can't get changesets by time-range" assert_changesets [closed_changeset] - get :query, :params => { :open => "true" } + get changesets_path(:open => "true"), :headers => auth_header assert_response :success, "can't get changesets by open-ness" assert_changesets [private_user_changeset, changeset, changeset2, changeset3] - get :query, :params => { :closed => "true" } + get changesets_path(:closed => "true"), :headers => auth_header assert_response :success, "can't get changesets by closed-ness" assert_changesets [private_user_closed_changeset, closed_changeset] - get :query, :params => { :closed => "true", :user => private_user.id } + get changesets_path(:closed => "true", :user => private_user.id), :headers => auth_header assert_response :success, "can't get changesets by closed-ness and user" assert_changesets [private_user_closed_changeset] - get :query, :params => { :closed => "true", :user => user.id } + get changesets_path(:closed => "true", :user => user.id), :headers => auth_header assert_response :success, "can't get changesets by closed-ness and user" assert_changesets [closed_changeset] - get :query, :params => { :changesets => "#{private_user_changeset.id},#{changeset.id},#{closed_changeset.id}" } + get changesets_path(:changesets => "#{private_user_changeset.id},#{changeset.id},#{closed_changeset.id}"), :headers => auth_header assert_response :success, "can't get changesets by id (as comma-separated string)" assert_changesets [private_user_changeset, changeset, closed_changeset] - get :query, :params => { :changesets => "" } + get changesets_path(:changesets => ""), :headers => auth_header assert_response :bad_request, "should be a bad request since changesets is empty" end + ## + # test the query functionality of changesets with the limit parameter + def test_query_limit + user = create(:user) + changeset1 = create(:changeset, :closed, :user => user, :created_at => Time.utc(2008, 1, 1, 0, 0, 0), :closed_at => Time.utc(2008, 1, 2, 0, 0, 0)) + changeset2 = create(:changeset, :closed, :user => user, :created_at => Time.utc(2008, 2, 1, 0, 0, 0), :closed_at => Time.utc(2008, 2, 2, 0, 0, 0)) + changeset3 = create(:changeset, :closed, :user => user, :created_at => Time.utc(2008, 3, 1, 0, 0, 0), :closed_at => Time.utc(2008, 3, 2, 0, 0, 0)) + changeset4 = create(:changeset, :closed, :user => user, :created_at => Time.utc(2008, 4, 1, 0, 0, 0), :closed_at => Time.utc(2008, 4, 2, 0, 0, 0)) + changeset5 = create(:changeset, :closed, :user => user, :created_at => Time.utc(2008, 5, 1, 0, 0, 0), :closed_at => Time.utc(2008, 5, 2, 0, 0, 0)) + + get changesets_path + assert_response :success + assert_changesets_in_order [changeset5, changeset4, changeset3, changeset2, changeset1] + + get changesets_path(:limit => "3") + assert_response :success + assert_changesets_in_order [changeset5, changeset4, changeset3] + + get changesets_path(:limit => "0") + assert_response :bad_request + + get changesets_path(:limit => Settings.max_changeset_query_limit) + assert_response :success + assert_changesets_in_order [changeset5, changeset4, changeset3, changeset2, changeset1] + + get changesets_path(:limit => Settings.max_changeset_query_limit + 1) + assert_response :bad_request + end + + ## + # test the query functionality of sequential changesets with order and time parameters + def test_query_order + user = create(:user) + changeset1 = create(:changeset, :closed, :user => user, :created_at => Time.utc(2008, 1, 1, 0, 0, 0), :closed_at => Time.utc(2008, 1, 2, 0, 0, 0)) + changeset2 = create(:changeset, :closed, :user => user, :created_at => Time.utc(2008, 2, 1, 0, 0, 0), :closed_at => Time.utc(2008, 2, 2, 0, 0, 0)) + changeset3 = create(:changeset, :closed, :user => user, :created_at => Time.utc(2008, 3, 1, 0, 0, 0), :closed_at => Time.utc(2008, 3, 2, 0, 0, 0)) + changeset4 = create(:changeset, :closed, :user => user, :created_at => Time.utc(2008, 4, 1, 0, 0, 0), :closed_at => Time.utc(2008, 4, 2, 0, 0, 0)) + changeset5 = create(:changeset, :closed, :user => user, :created_at => Time.utc(2008, 5, 1, 0, 0, 0), :closed_at => Time.utc(2008, 5, 2, 0, 0, 0)) + changeset6 = create(:changeset, :closed, :user => user, :created_at => Time.utc(2008, 6, 1, 0, 0, 0), :closed_at => Time.utc(2008, 6, 2, 0, 0, 0)) + + get changesets_path + assert_response :success + assert_changesets_in_order [changeset6, changeset5, changeset4, changeset3, changeset2, changeset1] + + get changesets_path(:order => "oldest") + assert_response :success + assert_changesets_in_order [changeset1, changeset2, changeset3, changeset4, changeset5, changeset6] + + [ + # lower time bound at the opening time of a changeset + ["2008-02-01T00:00:00Z", "2008-05-15T00:00:00Z", [changeset5, changeset4, changeset3, changeset2], [changeset5, changeset4, changeset3, changeset2]], + # lower time bound in the middle of a changeset + ["2008-02-01T12:00:00Z", "2008-05-15T00:00:00Z", [changeset5, changeset4, changeset3, changeset2], [changeset5, changeset4, changeset3]], + # lower time bound at the closing time of a changeset + ["2008-02-02T00:00:00Z", "2008-05-15T00:00:00Z", [changeset5, changeset4, changeset3, changeset2], [changeset5, changeset4, changeset3]], + # lower time bound after the closing time of a changeset + ["2008-02-02T00:00:01Z", "2008-05-15T00:00:00Z", [changeset5, changeset4, changeset3], [changeset5, changeset4, changeset3]], + # upper time bound in the middle of a changeset + ["2007-09-09T12:00:00Z", "2008-04-01T12:00:00Z", [changeset4, changeset3, changeset2, changeset1], [changeset4, changeset3, changeset2, changeset1]], + # empty range + ["2009-02-02T00:00:01Z", "2018-05-15T00:00:00Z", [], []] + ].each do |from, to, interval_changesets, point_changesets| + get changesets_path(:time => "#{from},#{to}") + assert_response :success + assert_changesets_in_order interval_changesets + + get changesets_path(:from => from, :to => to) + assert_response :success + assert_changesets_in_order point_changesets + + get changesets_path(:from => from, :to => to, :order => "oldest") + assert_response :success + assert_changesets_in_order point_changesets.reverse + end + end + + ## + # test the query functionality of overlapping changesets with order and time parameters + def test_query_order_overlapping + user = create(:user) + changeset1 = create(:changeset, :closed, :user => user, :created_at => Time.utc(2015, 6, 4, 17, 0, 0), :closed_at => Time.utc(2015, 6, 4, 17, 0, 0)) + changeset2 = create(:changeset, :closed, :user => user, :created_at => Time.utc(2015, 6, 4, 16, 0, 0), :closed_at => Time.utc(2015, 6, 4, 18, 0, 0)) + changeset3 = create(:changeset, :closed, :user => user, :created_at => Time.utc(2015, 6, 4, 14, 0, 0), :closed_at => Time.utc(2015, 6, 4, 20, 0, 0)) + changeset4 = create(:changeset, :closed, :user => user, :created_at => Time.utc(2015, 6, 3, 23, 0, 0), :closed_at => Time.utc(2015, 6, 4, 23, 0, 0)) + create(:changeset, :closed, :user => user, :created_at => Time.utc(2015, 6, 2, 23, 0, 0), :closed_at => Time.utc(2015, 6, 3, 23, 0, 0)) + + get changesets_path(:time => "2015-06-04T00:00:00Z") + assert_response :success + assert_changesets_in_order [changeset1, changeset2, changeset3, changeset4] + + get changesets_path(:from => "2015-06-04T00:00:00Z") + assert_response :success + assert_changesets_in_order [changeset1, changeset2, changeset3] + + get changesets_path(:from => "2015-06-04T00:00:00Z", :order => "oldest") + assert_response :success + assert_changesets_in_order [changeset3, changeset2, changeset1] + + get changesets_path(:time => "2015-06-04T16:00:00Z,2015-06-04T17:30:00Z") + assert_response :success + assert_changesets_in_order [changeset1, changeset2, changeset3, changeset4] + + get changesets_path(:from => "2015-06-04T16:00:00Z", :to => "2015-06-04T17:30:00Z") + assert_response :success + assert_changesets_in_order [changeset1, changeset2] + + get changesets_path(:from => "2015-06-04T16:00:00Z", :to => "2015-06-04T17:30:00Z", :order => "oldest") + assert_response :success + assert_changesets_in_order [changeset2, changeset1] + end + ## # check that errors are returned if garbage is inserted # into query strings @@ -1643,7 +2377,7 @@ CHANGESET ["abracadabra!", "1,2,3,F", ";drop table users;"].each do |bbox| - get :query, :params => { :bbox => bbox } + get changesets_path(:bbox => bbox) assert_response :bad_request, "'#{bbox}' isn't a bbox" end @@ -1652,7 +2386,7 @@ CHANGESET ";drop table users;", ",", "-,-"].each do |time| - get :query, :params => { :time => time } + get changesets_path(:time => time) assert_response :bad_request, "'#{time}' isn't a valid time range" end @@ -1660,9 +2394,12 @@ CHANGESET "foobar", "-1", "0"].each do |uid| - get :query, :params => { :user => uid } + get changesets_path(:user => uid) assert_response :bad_request, "'#{uid}' isn't a valid user ID" end + + get changesets_path(:order => "oldest", :time => "2008-01-01T00:00Z,2018-01-01T00:00Z") + assert_response :bad_request, "cannot use order=oldest with time" end ## @@ -1674,46 +2411,45 @@ CHANGESET changeset = create(:changeset, :user => user) ## First try with a non-public user - new_changeset = create_changeset_xml(user: private_user) + new_changeset = create_changeset_xml(:user => private_user) new_tag = XML::Node.new "tag" new_tag["k"] = "tagtesting" new_tag["v"] = "valuetesting" new_changeset.find("//osm/changeset").first << new_tag # try without any authorization - put :update, :params => { :id => private_changeset.id }, :body => new_changeset.to_s + put changeset_show_path(private_changeset), :params => new_changeset.to_s assert_response :unauthorized # try with the wrong authorization - basic_authorization create(:user).email, "test" - put :update, :params => { :id => private_changeset.id }, :body => new_changeset.to_s + auth_header = basic_authorization_header create(:user).email, "test" + put changeset_show_path(private_changeset), :params => new_changeset.to_s, :headers => auth_header assert_response :conflict # now this should get an unauthorized - basic_authorization private_user.email, "test" - put :update, :params => { :id => private_changeset.id }, :body => new_changeset.to_s + auth_header = basic_authorization_header private_user.email, "test" + put changeset_show_path(private_changeset), :params => new_changeset.to_s, :headers => auth_header assert_require_public_data "user with their data non-public, shouldn't be able to edit their changeset" ## Now try with the public user - new_changeset = create_changeset_xml(id: 1) + new_changeset = create_changeset_xml(:id => 1) new_tag = XML::Node.new "tag" new_tag["k"] = "tagtesting" new_tag["v"] = "valuetesting" new_changeset.find("//osm/changeset").first << new_tag # try without any authorization - @request.env["HTTP_AUTHORIZATION"] = nil - put :update, :params => { :id => changeset.id }, :body => new_changeset.to_s + put changeset_show_path(changeset), :params => new_changeset.to_s assert_response :unauthorized # try with the wrong authorization - basic_authorization create(:user).email, "test" - put :update, :params => { :id => changeset.id }, :body => new_changeset.to_s + auth_header = basic_authorization_header create(:user).email, "test" + put changeset_show_path(changeset), :params => new_changeset.to_s, :headers => auth_header assert_response :conflict # now this should work... - basic_authorization user.email, "test" - put :update, :params => { :id => changeset.id }, :body => new_changeset.to_s + auth_header = basic_authorization_header user.email, "test" + put changeset_show_path(changeset), :params => new_changeset.to_s, :headers => auth_header assert_response :success assert_select "osm>changeset[id='#{changeset.id}']", 1 @@ -1725,16 +2461,16 @@ CHANGESET # check that a user different from the one who opened the changeset # can't modify it. def test_changeset_update_invalid - basic_authorization create(:user).email, "test" + auth_header = basic_authorization_header create(:user).email, "test" changeset = create(:changeset) - new_changeset = create_changeset_xml(user: changeset.user, id: changeset.id) + new_changeset = create_changeset_xml(:user => changeset.user, :id => changeset.id) new_tag = XML::Node.new "tag" new_tag["k"] = "testing" new_tag["v"] = "testing" new_changeset.find("//osm/changeset").first << new_tag - put :update, :params => { :id => changeset.id }, :body => new_changeset.to_s + put changeset_show_path(changeset), :params => new_changeset.to_s, :headers => auth_header assert_response :conflict end @@ -1742,11 +2478,15 @@ CHANGESET # check that a changeset can contain a certain max number of changes. ## FIXME should be changed to an integration test due to the with_controller def test_changeset_limits - basic_authorization create(:user).email, "test" + user = create(:user) + auth_header = basic_authorization_header user.email, "test" + + # create an old changeset to ensure we have the maximum rate limit + create(:changeset, :user => user, :created_at => Time.now.utc - 28.days) # open a new changeset xml = "" - put :create, :body => xml + put changeset_create_path, :params => xml, :headers => auth_header assert_response :success, "can't create a new changeset" cs_id = @response.body.to_i @@ -1761,11 +2501,11 @@ CHANGESET with_controller(NodesController.new) do # create a new node xml = "" - put :create, :body => xml + put node_create_path, :params => xml, :headers => auth_header assert_response :success, "can't create a new node" node_id = @response.body.to_i - get :show, :params => { :id => node_id } + get api_node_path(node_id) assert_response :success, "can't read back new node" node_doc = XML::Parser.string(@response.body).parse node_xml = node_doc.find("//osm/node").first @@ -1776,7 +2516,7 @@ CHANGESET node_xml["lon"] = rand.to_s node_xml["version"] = (i + 1).to_s - put :update, :params => { :id => node_id }, :body => node_doc.to_s + put api_node_path(node_id), :params => node_doc.to_s, :headers => auth_header assert_response :success, "attempt #{i} should have succeeded" end @@ -1785,7 +2525,7 @@ CHANGESET node_xml["lon"] = rand.to_s node_xml["version"] = offset.to_s - put :update, :params => { :id => node_id }, :body => node_doc.to_s + put api_node_path(node_id), :params => node_doc.to_s, :headers => auth_header assert_response :conflict, "final attempt should have failed" end @@ -1793,7 +2533,7 @@ CHANGESET assert_equal Changeset::MAX_ELEMENTS + 1, changeset.num_changes # check that the changeset is now closed as well - assert_not(changeset.is_open?, + assert_not(changeset.open?, "changeset should have been auto-closed by exceeding " \ "element limit.") end @@ -1807,7 +2547,7 @@ CHANGESET node_v1 = node.old_nodes.find_by(:version => 1) node_v1.redact!(create(:redaction)) - get :download, :params => { :id => changeset.id } + get changeset_download_path(changeset) assert_response :success assert_select "osmChange", 1 @@ -1820,18 +2560,18 @@ CHANGESET ## # test subscribe success def test_subscribe_success - basic_authorization create(:user).email, "test" + auth_header = basic_authorization_header create(:user).email, "test" changeset = create(:changeset, :closed) assert_difference "changeset.subscribers.count", 1 do - post :subscribe, :params => { :id => changeset.id } + post api_changeset_subscribe_path(changeset), :headers => auth_header end assert_response :success # not closed changeset changeset = create(:changeset) assert_difference "changeset.subscribers.count", 1 do - post :subscribe, :params => { :id => changeset.id } + post api_changeset_subscribe_path(changeset), :headers => auth_header end assert_response :success end @@ -1844,15 +2584,15 @@ CHANGESET # unauthorized changeset = create(:changeset, :closed) assert_no_difference "changeset.subscribers.count" do - post :subscribe, :params => { :id => changeset.id } + post api_changeset_subscribe_path(changeset) end assert_response :unauthorized - basic_authorization user.email, "test" + auth_header = basic_authorization_header user.email, "test" # bad changeset id assert_no_difference "changeset.subscribers.count" do - post :subscribe, :params => { :id => 999111 } + post api_changeset_subscribe_path(:id => 999111), :headers => auth_header end assert_response :not_found @@ -1860,7 +2600,7 @@ CHANGESET changeset = create(:changeset, :closed) changeset.subscribers.push(user) assert_no_difference "changeset.subscribers.count" do - post :subscribe, :params => { :id => changeset.id } + post api_changeset_subscribe_path(changeset), :headers => auth_header end assert_response :conflict end @@ -1869,12 +2609,12 @@ CHANGESET # test unsubscribe success def test_unsubscribe_success user = create(:user) - basic_authorization user.email, "test" + auth_header = basic_authorization_header user.email, "test" changeset = create(:changeset, :closed) changeset.subscribers.push(user) assert_difference "changeset.subscribers.count", -1 do - post :unsubscribe, :params => { :id => changeset.id } + post api_changeset_unsubscribe_path(changeset), :headers => auth_header end assert_response :success @@ -1883,7 +2623,7 @@ CHANGESET changeset.subscribers.push(user) assert_difference "changeset.subscribers.count", -1 do - post :unsubscribe, :params => { :id => changeset.id } + post api_changeset_unsubscribe_path(changeset), :headers => auth_header end assert_response :success end @@ -1894,22 +2634,22 @@ CHANGESET # unauthorized changeset = create(:changeset, :closed) assert_no_difference "changeset.subscribers.count" do - post :unsubscribe, :params => { :id => changeset.id } + post api_changeset_unsubscribe_path(changeset) end assert_response :unauthorized - basic_authorization create(:user).email, "test" + auth_header = basic_authorization_header create(:user).email, "test" # bad changeset id assert_no_difference "changeset.subscribers.count" do - post :unsubscribe, :params => { :id => 999111 } + post api_changeset_unsubscribe_path(:id => 999111), :headers => auth_header end assert_response :not_found # trying to unsubscribe when not subscribed changeset = create(:changeset, :closed) assert_no_difference "changeset.subscribers.count" do - post :unsubscribe, :params => { :id => changeset.id } + post api_changeset_unsubscribe_path(changeset), :headers => auth_header end assert_response :not_found end @@ -1917,8 +2657,34 @@ CHANGESET private ## - # boilerplate for checking that certain changesets exist in the - # output. + # check that the output consists of one specific changeset + def assert_single_changeset(changeset) + assert_select "osm>changeset", 1 + assert_select "osm>changeset>@id", changeset.id.to_s + assert_select "osm>changeset>@created_at", changeset.created_at.xmlschema + if changeset.open? + assert_select "osm>changeset>@open", "true" + assert_select "osm>changeset>@closed_at", 0 + else + assert_select "osm>changeset>@open", "false" + assert_select "osm>changeset>@closed_at", changeset.closed_at.xmlschema + end + end + + def assert_single_changeset_json(changeset, js) + assert_equal changeset.id, js["changeset"]["id"] + assert_equal changeset.created_at.xmlschema, js["changeset"]["created_at"] + if changeset.open? + assert js["changeset"]["open"] + assert_nil js["changeset"]["closed_at"] + else + assert_not js["changeset"]["open"] + assert_equal changeset.closed_at.xmlschema, js["changeset"]["closed_at"] + end + end + + ## + # check that certain changesets exist in the output def assert_changesets(changesets) assert_select "osm>changeset", changesets.size changesets.each do |changeset| @@ -1927,23 +2693,12 @@ CHANGESET end ## - # call the include method and assert properties of the bbox - def check_after_include(changeset_id, lon, lat, bbox) - xml = "" - post :expand_bbox, :params => { :id => changeset_id }, :body => xml - assert_response :success, "Setting include of changeset failed: #{@response.body}" - - # check exactly one changeset - assert_select "osm>changeset", 1 - assert_select "osm>changeset[id='#{changeset_id}']", 1 - - # check the bbox - doc = XML::Parser.string(@response.body).parse - changeset = doc.find("//osm/changeset").first - assert_equal bbox[0], changeset["min_lon"].to_f, "min lon" - assert_equal bbox[1], changeset["min_lat"].to_f, "min lat" - assert_equal bbox[2], changeset["max_lon"].to_f, "max lon" - assert_equal bbox[3], changeset["max_lat"].to_f, "max lat" + # check that certain changesets exist in the output in the specified order + def assert_changesets_in_order(changesets) + assert_select "osm>changeset", changesets.size + changesets.each_with_index do |changeset, index| + assert_select "osm>changeset:nth-child(#{index + 1})[id='#{changeset.id}']", 1 + end end ## @@ -1969,9 +2724,7 @@ CHANGESET cs["user"] = user.display_name cs["uid"] = user.id.to_s end - if id - cs["id"] = id.to_s - end + cs["id"] = id.to_s if id root.root << cs root end