X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/73c95847a6680bea7f35fe5b3da6eb4e52757b9c..06d03c8acccfadfe7e2bf441c9fbd0044e7a2fcf:/test/controllers/api/ways_controller_test.rb diff --git a/test/controllers/api/ways_controller_test.rb b/test/controllers/api/ways_controller_test.rb index e4b9f3663..6aa4bdfa5 100644 --- a/test/controllers/api/ways_controller_test.rb +++ b/test/controllers/api/ways_controller_test.rb @@ -1,7 +1,7 @@ require "test_helper" module Api - class WaysControllerTest < ActionController::TestCase + class WaysControllerTest < ActionDispatch::IntegrationTest ## # test all routes which lead to this controller def test_routes @@ -49,46 +49,46 @@ module Api def test_show # check that a visible way is returned properly - get :show, :params => { :id => create(:way).id } + get api_way_path(create(:way)) assert_response :success # check that an invisible way is not returned - get :show, :params => { :id => create(:way, :deleted).id } + get api_way_path(create(:way, :deleted)) assert_response :gone # check chat a non-existent way is not returned - get :show, :params => { :id => 0 } + get api_way_path(0) assert_response :not_found end ## # check the "full" mode def test_full - Way.all.each do |way| - get :full, :params => { :id => way.id } - - # full call should say "gone" for non-visible ways... - unless way.visible - assert_response :gone - next - end - - # otherwise it should say success - assert_response :success - - # Check the way is correctly returned - assert_select "osm way[id='#{way.id}'][version='#{way.version}'][visible='#{way.visible}']", 1 - - # check that each node in the way appears once in the output as a - # reference and as the node element. - way.nodes.each do |n| - count = (way.nodes - (way.nodes - [n])).length - assert_select "osm way nd[ref='#{n.id}']", count - assert_select "osm node[id='#{n.id}'][version='#{n.version}'][lat='#{format('%.7f', n.lat)}'][lon='#{format('%.7f', n.lon)}']", 1 - end + way = create(:way_with_nodes, :nodes_count => 3) + + get way_full_path(way) + + assert_response :success + + # Check the way is correctly returned + assert_select "osm way[id='#{way.id}'][version='1'][visible='true']", 1 + + # check that each node in the way appears once in the output as a + # reference and as the node element. + way.nodes.each do |n| + assert_select "osm way nd[ref='#{n.id}']", 1 + assert_select "osm node[id='#{n.id}'][version='1'][lat='#{format('%.7f', :lat => n.lat)}'][lon='#{format('%.7f', :lon => n.lon)}']", 1 end end + def test_full_deleted + way = create(:way, :deleted) + + get way_full_path(way) + + assert_response :gone + end + ## # test fetching multiple ways def test_index @@ -98,15 +98,15 @@ module Api way4 = create(:way) # check error when no parameter provided - get :index + get ways_path assert_response :bad_request # check error when no parameter value provided - get :index, :params => { :ways => "" } + get ways_path(:ways => "") assert_response :bad_request # test a working call - get :index, :params => { :ways => "#{way1.id},#{way2.id},#{way3.id},#{way4.id}" } + get ways_path(:ways => "#{way1.id},#{way2.id},#{way3.id},#{way4.id}") assert_response :success assert_select "osm" do assert_select "way", :count => 4 @@ -117,7 +117,7 @@ module Api end # test a working call with json format - get :index, :params => { :ways => "#{way1.id},#{way2.id},#{way3.id},#{way4.id}", :format => "json" } + get ways_path(:ways => "#{way1.id},#{way2.id},#{way3.id},#{way4.id}", :format => "json") js = ActiveSupport::JSON.decode(@response.body) assert_not_nil js @@ -129,7 +129,7 @@ module Api assert_equal 1, (js["elements"].count { |a| a["id"] == way4.id && a["visible"].nil? }) # check error when a non-existent way is included - get :index, :params => { :ways => "#{way1.id},#{way2.id},#{way3.id},#{way4.id},0" } + get ways_path(:ways => "#{way1.id},#{way2.id},#{way3.id},#{way4.id},0") assert_response :not_found end @@ -146,7 +146,7 @@ module Api changeset = create(:changeset, :user => user) ## First check that it fails when creating a way using a non-public user - basic_authorization private_user.email, "test" + auth_header = bearer_authorization_header private_user # use the first user's open changeset changeset_id = private_changeset.id @@ -155,13 +155,13 @@ module Api xml = "" \ "" \ "" - put :create, :body => xml + put way_create_path, :params => xml, :headers => auth_header # hope for failure assert_response :forbidden, "way upload did not return forbidden status" ## Now use a public user - basic_authorization user.email, "test" + auth_header = bearer_authorization_header user # use the first user's open changeset changeset_id = changeset.id @@ -170,7 +170,7 @@ module Api xml = "" \ "" \ "" - put :create, :body => xml + put way_create_path, :params => xml, :headers => auth_header # hope for success assert_response :success, "way upload did not return success status" @@ -180,8 +180,7 @@ module Api assert_not_nil checkway, "uploaded way not found in data base after upload" # compare values - assert_equal checkway.nds.length, 2, - "saved way does not contain exactly one node" + assert_equal(2, checkway.nds.length, "saved way does not contain exactly one node") assert_equal checkway.nds[0], node1.id, "saved way does not contain the right node on pos 0" assert_equal checkway.nds[1], node2.id, @@ -190,8 +189,8 @@ module Api "saved way does not belong to the correct changeset" assert_equal user.id, checkway.changeset.user_id, "saved way does not belong to user that created it" - assert_equal true, checkway.visible, - "saved way is not visible" + assert checkway.visible, + "saved way is not visible" end # ------------------------------------- @@ -208,13 +207,13 @@ module Api closed_changeset = create(:changeset, :closed, :user => user) ## First test with a private user to make sure that they are not authorized - basic_authorization private_user.email, "test" + auth_header = bearer_authorization_header private_user # use the first user's open changeset # create a way with non-existing node xml = "" \ "" - put :create, :body => xml + put way_create_path, :params => xml, :headers => auth_header # expect failure assert_response :forbidden, "way upload with invalid node using a private user did not return 'forbidden'" @@ -222,7 +221,7 @@ module Api # create a way with no nodes xml = "" \ "" - put :create, :body => xml + put way_create_path, :params => xml, :headers => auth_header # expect failure assert_response :forbidden, "way upload with no node using a private userdid not return 'forbidden'" @@ -230,19 +229,19 @@ module Api # create a way inside a closed changeset xml = "" \ "" - put :create, :body => xml + put way_create_path, :params => xml, :headers => auth_header # expect failure assert_response :forbidden, "way upload to closed changeset with a private user did not return 'forbidden'" ## Now test with a public user - basic_authorization user.email, "test" + auth_header = bearer_authorization_header user # use the first user's open changeset # create a way with non-existing node xml = "" \ "" - put :create, :body => xml + put way_create_path, :params => xml, :headers => auth_header # expect failure assert_response :precondition_failed, "way upload with invalid node did not return 'precondition failed'" @@ -251,7 +250,7 @@ module Api # create a way with no nodes xml = "" \ "" - put :create, :body => xml + put way_create_path, :params => xml, :headers => auth_header # expect failure assert_response :precondition_failed, "way upload with no node did not return 'precondition failed'" @@ -260,7 +259,7 @@ module Api # create a way inside a closed changeset xml = "" \ "" - put :create, :body => xml + put way_create_path, :params => xml, :headers => auth_header # expect failure assert_response :conflict, "way upload to closed changeset did not return 'conflict'" @@ -270,7 +269,7 @@ module Api "" \ "" \ "" - put :create, :body => xml + put way_create_path, :params => xml, :headers => auth_header # expect failure assert_response :bad_request, "way upload to with too long tag did not return 'bad_request'" @@ -298,34 +297,34 @@ module Api relation = relation_member.relation # first try to delete way without auth - delete :delete, :params => { :id => way.id } + delete api_way_path(way) assert_response :unauthorized # now set auth using the private user - basic_authorization private_user.email, "test" + auth_header = bearer_authorization_header private_user # this shouldn't work as with the 0.6 api we need pay load to delete - delete :delete, :params => { :id => private_way.id } + delete api_way_path(private_way), :headers => auth_header assert_response :forbidden # Now try without having a changeset xml = "" - delete :delete, :params => { :id => private_way.id }, :body => xml.to_s + delete api_way_path(private_way), :params => xml.to_s, :headers => auth_header assert_response :forbidden # try to delete with an invalid (closed) changeset xml = update_changeset(xml_for_way(private_way), private_closed_changeset.id) - delete :delete, :params => { :id => private_way.id }, :body => xml.to_s + delete api_way_path(private_way), :params => xml.to_s, :headers => auth_header assert_response :forbidden # try to delete with an invalid (non-existent) changeset xml = update_changeset(xml_for_way(private_way), 0) - delete :delete, :params => { :id => private_way.id }, :body => xml.to_s + delete api_way_path(private_way), :params => xml.to_s, :headers => auth_header assert_response :forbidden # Now try with a valid changeset xml = xml_for_way(private_way) - delete :delete, :params => { :id => private_way.id }, :body => xml.to_s + delete api_way_path(private_way), :params => xml.to_s, :headers => auth_header assert_response :forbidden # check the returned value - should be the new version number @@ -336,67 +335,66 @@ module Api # this won't work since the way is already deleted xml = xml_for_way(private_deleted_way) - delete :delete, :params => { :id => private_deleted_way.id }, :body => xml.to_s + delete api_way_path(private_deleted_way), :params => xml.to_s, :headers => auth_header assert_response :forbidden # this shouldn't work as the way is used in a relation xml = xml_for_way(private_used_way) - delete :delete, :params => { :id => private_used_way.id }, :body => xml.to_s + delete api_way_path(private_used_way), :params => xml.to_s, :headers => auth_header assert_response :forbidden, "shouldn't be able to delete a way used in a relation (#{@response.body}), when done by a private user" # this won't work since the way never existed - delete :delete, :params => { :id => 0 } + delete api_way_path(0), :headers => auth_header assert_response :forbidden ### Now check with a public user # now set auth - basic_authorization user.email, "test" + auth_header = bearer_authorization_header user # this shouldn't work as with the 0.6 api we need pay load to delete - delete :delete, :params => { :id => way.id } + delete api_way_path(way), :headers => auth_header assert_response :bad_request # Now try without having a changeset xml = "" - delete :delete, :params => { :id => way.id }, :body => xml.to_s + delete api_way_path(way), :params => xml.to_s, :headers => auth_header assert_response :bad_request # try to delete with an invalid (closed) changeset xml = update_changeset(xml_for_way(way), closed_changeset.id) - delete :delete, :params => { :id => way.id }, :body => xml.to_s + delete api_way_path(way), :params => xml.to_s, :headers => auth_header assert_response :conflict # try to delete with an invalid (non-existent) changeset xml = update_changeset(xml_for_way(way), 0) - delete :delete, :params => { :id => way.id }, :body => xml.to_s + delete api_way_path(way), :params => xml.to_s, :headers => auth_header assert_response :conflict # Now try with a valid changeset xml = xml_for_way(way) - delete :delete, :params => { :id => way.id }, :body => xml.to_s + delete api_way_path(way), :params => xml.to_s, :headers => auth_header assert_response :success # check the returned value - should be the new version number # valid delete should return the new version number, which should # be greater than the old version number - assert @response.body.to_i > way.version, - "delete request should return a new version number for way" + assert_operator @response.body.to_i, :>, way.version, "delete request should return a new version number for way" # this won't work since the way is already deleted xml = xml_for_way(deleted_way) - delete :delete, :params => { :id => deleted_way.id }, :body => xml.to_s + delete api_way_path(deleted_way), :params => xml.to_s, :headers => auth_header assert_response :gone # this shouldn't work as the way is used in a relation xml = xml_for_way(used_way) - delete :delete, :params => { :id => used_way.id }, :body => xml.to_s + delete api_way_path(used_way), :params => xml.to_s, :headers => auth_header assert_response :precondition_failed, "shouldn't be able to delete a way used in a relation (#{@response.body})" assert_equal "Precondition failed: Way #{used_way.id} is still used by relations #{relation.id}.", @response.body # this won't work since the way never existed - delete :delete, :params => { :id => 0 } + delete api_way_path(0), :params => xml.to_s, :headers => auth_header assert_response :not_found end @@ -415,78 +413,78 @@ module Api ## First test with no user credentials # try and update a way without authorisation xml = xml_for_way(way) - put :update, :params => { :id => way.id }, :body => xml.to_s + put api_way_path(way), :params => xml.to_s assert_response :unauthorized ## Second test with the private user # setup auth - basic_authorization private_user.email, "test" + auth_header = bearer_authorization_header private_user ## trying to break changesets # try and update in someone else's changeset xml = update_changeset(xml_for_way(private_way), create(:changeset).id) - put :update, :params => { :id => private_way.id }, :body => xml.to_s + put api_way_path(private_way), :params => xml.to_s, :headers => auth_header assert_require_public_data "update with other user's changeset should be forbidden when date isn't public" # try and update in a closed changeset xml = update_changeset(xml_for_way(private_way), create(:changeset, :closed, :user => private_user).id) - put :update, :params => { :id => private_way.id }, :body => xml.to_s + put api_way_path(private_way), :params => xml.to_s, :headers => auth_header assert_require_public_data "update with closed changeset should be forbidden, when data isn't public" # try and update in a non-existant changeset xml = update_changeset(xml_for_way(private_way), 0) - put :update, :params => { :id => private_way.id }, :body => xml.to_s + put api_way_path(private_way), :params => xml.to_s, :headers => auth_header assert_require_public_data("update with changeset=0 should be forbidden, when data isn't public") ## try and submit invalid updates xml = xml_replace_node(xml_for_way(private_way), node.id, 9999) - put :update, :params => { :id => private_way.id }, :body => xml.to_s + put api_way_path(private_way), :params => xml.to_s, :headers => auth_header assert_require_public_data "way with non-existent node should be forbidden, when data isn't public" xml = xml_replace_node(xml_for_way(private_way), node.id, create(:node, :deleted).id) - put :update, :params => { :id => private_way.id }, :body => xml.to_s + put api_way_path(private_way), :params => xml.to_s, :headers => auth_header assert_require_public_data "way with deleted node should be forbidden, when data isn't public" ## finally, produce a good request which will still not work xml = xml_for_way(private_way) - put :update, :params => { :id => private_way.id }, :body => xml.to_s + put api_way_path(private_way), :params => xml.to_s, :headers => auth_header assert_require_public_data "should have failed with a forbidden when data isn't public" ## Finally test with the public user # setup auth - basic_authorization user.email, "test" + auth_header = bearer_authorization_header user ## trying to break changesets # try and update in someone else's changeset xml = update_changeset(xml_for_way(way), create(:changeset).id) - put :update, :params => { :id => way.id }, :body => xml.to_s + put api_way_path(way), :params => xml.to_s, :headers => auth_header assert_response :conflict, "update with other user's changeset should be rejected" # try and update in a closed changeset xml = update_changeset(xml_for_way(way), create(:changeset, :closed, :user => user).id) - put :update, :params => { :id => way.id }, :body => xml.to_s + put api_way_path(way), :params => xml.to_s, :headers => auth_header assert_response :conflict, "update with closed changeset should be rejected" # try and update in a non-existant changeset xml = update_changeset(xml_for_way(way), 0) - put :update, :params => { :id => way.id }, :body => xml.to_s + put api_way_path(way), :params => xml.to_s, :headers => auth_header assert_response :conflict, "update with changeset=0 should be rejected" ## try and submit invalid updates xml = xml_replace_node(xml_for_way(way), node.id, 9999) - put :update, :params => { :id => way.id }, :body => xml.to_s + put api_way_path(way), :params => xml.to_s, :headers => auth_header assert_response :precondition_failed, "way with non-existent node should be rejected" xml = xml_replace_node(xml_for_way(way), node.id, create(:node, :deleted).id) - put :update, :params => { :id => way.id }, :body => xml.to_s + put api_way_path(way), :params => xml.to_s, :headers => auth_header assert_response :precondition_failed, "way with deleted node should be rejected" ## next, attack the versioning @@ -495,37 +493,37 @@ module Api # try and submit a version behind xml = xml_attr_rewrite(xml_for_way(way), "version", current_way_version - 1) - put :update, :params => { :id => way.id }, :body => xml.to_s + put api_way_path(way), :params => xml.to_s, :headers => auth_header assert_response :conflict, "should have failed on old version number" # try and submit a version ahead xml = xml_attr_rewrite(xml_for_way(way), "version", current_way_version + 1) - put :update, :params => { :id => way.id }, :body => xml.to_s + put api_way_path(way), :params => xml.to_s, :headers => auth_header assert_response :conflict, "should have failed on skipped version number" # try and submit total crap in the version field xml = xml_attr_rewrite(xml_for_way(way), "version", "p1r4t3s!") - put :update, :params => { :id => way.id }, :body => xml.to_s + put api_way_path(way), :params => xml.to_s, :headers => auth_header assert_response :conflict, "should not be able to put 'p1r4at3s!' in the version field" ## try an update with the wrong ID xml = xml_for_way(create(:way)) - put :update, :params => { :id => way.id }, :body => xml.to_s + put api_way_path(way), :params => xml.to_s, :headers => auth_header assert_response :bad_request, "should not be able to update a way with a different ID from the XML" ## try an update with a minimal valid XML doc which isn't a well-formed OSM doc. xml = "" - put :update, :params => { :id => way.id }, :body => xml.to_s + put api_way_path(way), :params => xml.to_s, :headers => auth_header assert_response :bad_request, "should not be able to update a way with non-OSM XML doc." ## finally, produce a good request which should work xml = xml_for_way(way) - put :update, :params => { :id => way.id }, :body => xml.to_s + put api_way_path(way), :params => xml.to_s, :headers => auth_header assert_response :success, "a valid update request failed" end @@ -543,7 +541,7 @@ module Api ## Try with the non-public user # setup auth - basic_authorization private_user.email, "test" + auth_header = bearer_authorization_header private_user # add an identical tag to the way tag_xml = XML::Node.new("tag") @@ -555,13 +553,13 @@ module Api way_xml.find("//osm/way").first << tag_xml # try and upload it - put :update, :params => { :id => private_way.id }, :body => way_xml.to_s + put api_way_path(private_way), :params => way_xml.to_s, :headers => auth_header assert_response :forbidden, "adding a duplicate tag to a way for a non-public should fail with 'forbidden'" ## Now try with the public user # setup auth - basic_authorization user.email, "test" + auth_header = bearer_authorization_header user # add an identical tag to the way tag_xml = XML::Node.new("tag") @@ -573,7 +571,7 @@ module Api way_xml.find("//osm/way").first << tag_xml # try and upload it - put :update, :params => { :id => way.id }, :body => way_xml.to_s + put api_way_path(way), :params => way_xml.to_s, :headers => auth_header assert_response :success, "adding a new tag to a way should succeed" assert_equal way.version + 1, @response.body.to_i @@ -591,7 +589,7 @@ module Api ## Try with the non-public user # setup auth - basic_authorization private_user.email, "test" + auth_header = bearer_authorization_header private_user # add an identical tag to the way tag_xml = XML::Node.new("tag") @@ -603,13 +601,13 @@ module Api way_xml.find("//osm/way").first << tag_xml # try and upload it - put :update, :params => { :id => private_way.id }, :body => way_xml.to_s + put api_way_path(private_way), :params => way_xml.to_s, :headers => auth_header assert_response :forbidden, "adding a duplicate tag to a way for a non-public should fail with 'forbidden'" ## Now try with the public user # setup auth - basic_authorization user.email, "test" + auth_header = bearer_authorization_header user # add an identical tag to the way tag_xml = XML::Node.new("tag") @@ -621,7 +619,7 @@ module Api way_xml.find("//osm/way").first << tag_xml # try and upload it - put :update, :params => { :id => way.id }, :body => way_xml.to_s + put api_way_path(way), :params => way_xml.to_s, :headers => auth_header assert_response :bad_request, "adding a duplicate tag to a way should fail with 'bad request'" assert_equal "Element way/#{way.id} has duplicate tags with key #{existing_tag.k}", @response.body @@ -637,7 +635,7 @@ module Api ## First test with the non-public user so should be rejected # setup auth - basic_authorization private_user.email, "test" + auth_header = bearer_authorization_header private_user # create duplicate tag tag_xml = XML::Node.new("tag") @@ -651,13 +649,13 @@ module Api way_xml.find("//osm/way").first << tag_xml.copy(true) << tag_xml # try and upload it - put :update, :params => { :id => private_way.id }, :body => way_xml.to_s + put api_way_path(private_way), :params => way_xml.to_s, :headers => auth_header assert_response :forbidden, "adding new duplicate tags to a way using a non-public user should fail with 'forbidden'" ## Now test with the public user # setup auth - basic_authorization user.email, "test" + auth_header = bearer_authorization_header user # create duplicate tag tag_xml = XML::Node.new("tag") @@ -671,7 +669,7 @@ module Api way_xml.find("//osm/way").first << tag_xml.copy(true) << tag_xml # try and upload it - put :update, :params => { :id => way.id }, :body => way_xml.to_s + put api_way_path(way), :params => way_xml.to_s, :headers => auth_header assert_response :bad_request, "adding new duplicate tags to a way should fail with 'bad request'" assert_equal "Element way/#{way.id} has duplicate tags with key i_am_a_duplicate", @response.body @@ -689,7 +687,7 @@ module Api ## First make sure that you can't with a non-public user # setup auth - basic_authorization private_user.email, "test" + auth_header = bearer_authorization_header private_user # add the tag into the existing xml way_str = "" @@ -698,13 +696,13 @@ module Api way_str << "" # try and upload it - put :create, :body => way_str + put way_create_path, :params => way_str, :headers => auth_header assert_response :forbidden, "adding new duplicate tags to a way with a non-public user should fail with 'forbidden'" ## Now do it with a public user # setup auth - basic_authorization user.email, "test" + auth_header = bearer_authorization_header user # add the tag into the existing xml way_str = "" @@ -713,7 +711,7 @@ module Api way_str << "" # try and upload it - put :create, :body => way_str + put way_create_path, :params => way_str, :headers => auth_header assert_response :bad_request, "adding new duplicate tags to a way should fail with 'bad request'" assert_equal "Element way/ has duplicate tags with key addr:housenumber", @response.body @@ -735,7 +733,7 @@ module Api _way3_v2 = create(:old_way, :current_way => way3_v1.current_way, :version => 2) create(:old_way_node, :old_way => way3_v1, :node => node) - get :ways_for_node, :params => { :id => node.id } + get node_ways_path(node) assert_response :success ways_xml = XML::Parser.string(@response.body).parse assert_not_nil ways_xml, "failed to parse ways_for_node response" @@ -755,6 +753,113 @@ module Api end end + ## + # test initial rate limit + def test_initial_rate_limit + # create a user + user = create(:user) + + # create some nodes + node1 = create(:node) + node2 = create(:node) + + # create a changeset that puts us near the initial rate limit + changeset = create(:changeset, :user => user, + :created_at => Time.now.utc - 5.minutes, + :num_changes => Settings.initial_changes_per_hour - 1) + + # create authentication header + auth_header = bearer_authorization_header user + + # try creating a way + xml = "" \ + "" \ + "" + put way_create_path, :params => xml, :headers => auth_header + assert_response :success, "way create did not return success status" + + # get the id of the way we created + wayid = @response.body + + # try updating the way, which should be rate limited + xml = "" \ + "" \ + "" + put api_way_path(wayid), :params => xml, :headers => auth_header + assert_response :too_many_requests, "way update did not hit rate limit" + + # try deleting the way, which should be rate limited + xml = "" + delete api_way_path(wayid), :params => xml, :headers => auth_header + assert_response :too_many_requests, "way delete did not hit rate limit" + + # try creating a way, which should be rate limited + xml = "" \ + "" \ + "" + put way_create_path, :params => xml, :headers => auth_header + assert_response :too_many_requests, "way create did not hit rate limit" + end + + ## + # test maximum rate limit + def test_maximum_rate_limit + # create a user + user = create(:user) + + # create some nodes + node1 = create(:node) + node2 = create(:node) + + # create a changeset to establish our initial edit time + changeset = create(:changeset, :user => user, + :created_at => Time.now.utc - 28.days) + + # create changeset to put us near the maximum rate limit + total_changes = Settings.max_changes_per_hour - 1 + while total_changes.positive? + changes = [total_changes, Changeset::MAX_ELEMENTS].min + changeset = create(:changeset, :user => user, + :created_at => Time.now.utc - 5.minutes, + :num_changes => changes) + total_changes -= changes + end + + # create authentication header + auth_header = bearer_authorization_header user + + # try creating a way + xml = "" \ + "" \ + "" + put way_create_path, :params => xml, :headers => auth_header + assert_response :success, "way create did not return success status" + + # get the id of the way we created + wayid = @response.body + + # try updating the way, which should be rate limited + xml = "" \ + "" \ + "" + put api_way_path(wayid), :params => xml, :headers => auth_header + assert_response :too_many_requests, "way update did not hit rate limit" + + # try deleting the way, which should be rate limited + xml = "" + delete api_way_path(wayid), :params => xml, :headers => auth_header + assert_response :too_many_requests, "way delete did not hit rate limit" + + # try creating a way, which should be rate limited + xml = "" \ + "" \ + "" + put way_create_path, :params => xml, :headers => auth_header + assert_response :too_many_requests, "way create did not hit rate limit" + end + + private + ## # update the changeset_id of a way element def update_changeset(xml, changeset_id)