X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/91b31f03de0143c4e207fb3a001b32859f560388..e15a92a30213d87e10e000a240a7dcab66c208b4:/test/controllers/api/relations_controller_test.rb?ds=inline diff --git a/test/controllers/api/relations_controller_test.rb b/test/controllers/api/relations_controller_test.rb index da18099bd..5fb62d29f 100644 --- a/test/controllers/api/relations_controller_test.rb +++ b/test/controllers/api/relations_controller_test.rb @@ -1,7 +1,7 @@ require "test_helper" module Api - class RelationsControllerTest < ActionController::TestCase + class RelationsControllerTest < ActionDispatch::IntegrationTest ## # test all routes which lead to this controller def test_routes @@ -74,15 +74,15 @@ module Api def test_show # check that a visible relation is returned properly - get :show, :params => { :id => create(:relation).id } + get api_relation_path(create(:relation)) assert_response :success # check that an invisible relation is not returned - get :show, :params => { :id => create(:relation, :deleted).id } + get api_relation_path(create(:relation, :deleted)) assert_response :gone # check chat a non-existent relation is not returned - get :show, :params => { :id => 0 } + get api_relation_path(0) assert_response :not_found end @@ -102,12 +102,12 @@ module Api second_relation = create(:relation_member, :member => node).relation _super_relation = create(:relation_member, :member => second_relation).relation # should combine multiple relation_member references into just one relation entry - create(:relation_member, :member => node, :relation => relation_with_node, :sequence_id => 2) + create(:relation_member, :member => node, :relation => relation_with_node) # should not include deleted relations deleted_relation = create(:relation, :deleted) create(:relation_member, :member => node, :relation => deleted_relation) - check_relations_for_element(:relations_for_node, "node", + check_relations_for_element(node_relations_path(node), "node", node.id, [relation_with_node, second_relation]) end @@ -122,12 +122,12 @@ module Api second_relation = create(:relation_member, :member => way).relation _super_relation = create(:relation_member, :member => second_relation).relation # should combine multiple relation_member references into just one relation entry - create(:relation_member, :member => way, :relation => relation_with_way, :sequence_id => 2) + create(:relation_member, :member => way, :relation => relation_with_way) # should not include deleted relations deleted_relation = create(:relation, :deleted) create(:relation_member, :member => way, :relation => deleted_relation) - check_relations_for_element(:relations_for_way, "way", + check_relations_for_element(way_relations_path(way), "way", way.id, [relation_with_way, second_relation]) end @@ -142,43 +142,24 @@ module Api second_relation = create(:relation_member, :member => relation).relation _super_relation = create(:relation_member, :member => second_relation).relation # should combine multiple relation_member references into just one relation entry - create(:relation_member, :member => relation, :relation => relation_with_relation, :sequence_id => 2) + create(:relation_member, :member => relation, :relation => relation_with_relation) # should not include deleted relations deleted_relation = create(:relation, :deleted) create(:relation_member, :member => relation, :relation => deleted_relation) - check_relations_for_element(:relations_for_relation, "relation", + check_relations_for_element(relation_relations_path(relation), "relation", relation.id, [relation_with_relation, second_relation]) end - def check_relations_for_element(method, type, id, expected_relations) - # check the "relations for relation" mode - get method, :params => { :id => id } - assert_response :success - - # count one osm element - assert_select "osm[version='#{Settings.api_version}'][generator='OpenStreetMap server']", 1 - - # we should have only the expected number of relations - assert_select "osm>relation", expected_relations.size - - # and each of them should contain the element we originally searched for - expected_relations.each do |relation| - # The relation should appear once, but the element could appear multiple times - assert_select "osm>relation[id='#{relation.id}']", 1 - assert_select "osm>relation[id='#{relation.id}']>member[type='#{type}'][ref='#{id}']" - end - end - def test_full # check the "full" mode - get :full, :params => { :id => 999999 } + get relation_full_path(:id => 999999) assert_response :not_found - get :full, :params => { :id => create(:relation, :deleted).id } + get relation_full_path(:id => create(:relation, :deleted).id) assert_response :gone - get :full, :params => { :id => create(:relation).id } + get relation_full_path(:id => create(:relation).id) assert_response :success # FIXME: check whether this contains the stuff we want! end @@ -193,15 +174,15 @@ module Api relation4.old_relations.find_by(:version => 1).redact!(create(:redaction)) # check error when no parameter provided - get :index + get relations_path assert_response :bad_request # check error when no parameter value provided - get :index, :params => { :relations => "" } + get relations_path(:relations => "") assert_response :bad_request # test a working call - get :index, :params => { :relations => "#{relation1.id},#{relation2.id},#{relation3.id},#{relation4.id}" } + get relations_path(:relations => "#{relation1.id},#{relation2.id},#{relation3.id},#{relation4.id}") assert_response :success assert_select "osm" do assert_select "relation", :count => 4 @@ -212,7 +193,7 @@ module Api end # test a working call with json format - get :index, :params => { :relations => "#{relation1.id},#{relation2.id},#{relation3.id},#{relation4.id}", :format => "json" } + get relations_path(:relations => "#{relation1.id},#{relation2.id},#{relation3.id},#{relation4.id}", :format => "json") js = ActiveSupport::JSON.decode(@response.body) assert_not_nil js @@ -224,7 +205,7 @@ module Api assert_equal 1, (js["elements"].count { |a| a["id"] == relation4.id && a["visible"].nil? }) # check error when a non-existent relation is included - get :index, :params => { :relations => "#{relation1.id},#{relation2.id},#{relation3.id},#{relation4.id},0" } + get relations_path(:relations => "#{relation1.id},#{relation2.id},#{relation3.id},#{relation4.id},0") assert_response :not_found end @@ -240,11 +221,11 @@ module Api node = create(:node) way = create(:way_with_nodes, :nodes_count => 2) - basic_authorization private_user.email, "test" + auth_header = bearer_authorization_header private_user # create an relation without members xml = "" - put :create, :body => xml + put relation_create_path, :params => xml, :headers => auth_header # hope for forbidden, due to user assert_response :forbidden, "relation upload should have failed with forbidden" @@ -255,7 +236,7 @@ module Api xml = "" \ "" \ "" - put :create, :body => xml + put relation_create_path, :params => xml, :headers => auth_header # hope for forbidden due to user assert_response :forbidden, "relation upload did not return forbidden status" @@ -264,8 +245,8 @@ module Api # create an relation with a node as member, this time test that we don't # need a role attribute to be included xml = "" \ - "" + "" - put :create, :body => xml + "" + put relation_create_path, :params => xml, :headers => auth_header # hope for forbidden due to user assert_response :forbidden, "relation upload did not return forbidden status" @@ -276,17 +257,17 @@ module Api "" \ "" \ "" - put :create, :body => xml + put relation_create_path, :params => xml, :headers => auth_header # hope for forbidden, due to user assert_response :forbidden, "relation upload did not return success status" ## Now try with the public user - basic_authorization user.email, "test" + auth_header = bearer_authorization_header user # create an relation without members xml = "" - put :create, :body => xml + put relation_create_path, :params => xml, :headers => auth_header # hope for success assert_response :success, "relation upload did not return success status" @@ -296,18 +277,16 @@ module Api assert_not_nil checkrelation, "uploaded relation not found in data base after upload" # compare values - assert_equal checkrelation.members.length, 0, - "saved relation contains members but should not" - assert_equal checkrelation.tags.length, 1, - "saved relation does not contain exactly one tag" + assert_equal(0, checkrelation.members.length, "saved relation contains members but should not") + assert_equal(1, checkrelation.tags.length, "saved relation does not contain exactly one tag") assert_equal changeset.id, checkrelation.changeset.id, "saved relation does not belong in the changeset it was assigned to" assert_equal user.id, checkrelation.changeset.user_id, "saved relation does not belong to user that created it" - assert_equal true, checkrelation.visible, - "saved relation is not visible" + assert checkrelation.visible, + "saved relation is not visible" # ok the relation is there but can we also retrieve it? - get :show, :params => { :id => relationid } + get api_relation_path(relationid) assert_response :success ### @@ -316,7 +295,7 @@ module Api xml = "" \ "" \ "" - put :create, :body => xml + put relation_create_path, :params => xml, :headers => auth_header # hope for success assert_response :success, "relation upload did not return success status" @@ -326,27 +305,25 @@ module Api assert_not_nil checkrelation, "uploaded relation not found in data base after upload" # compare values - assert_equal checkrelation.members.length, 1, - "saved relation does not contain exactly one member" - assert_equal checkrelation.tags.length, 1, - "saved relation does not contain exactly one tag" + assert_equal(1, checkrelation.members.length, "saved relation does not contain exactly one member") + assert_equal(1, checkrelation.tags.length, "saved relation does not contain exactly one tag") assert_equal changeset.id, checkrelation.changeset.id, "saved relation does not belong in the changeset it was assigned to" assert_equal user.id, checkrelation.changeset.user_id, "saved relation does not belong to user that created it" - assert_equal true, checkrelation.visible, - "saved relation is not visible" + assert checkrelation.visible, + "saved relation is not visible" # ok the relation is there but can we also retrieve it? - get :show, :params => { :id => relationid } + get api_relation_path(relationid) assert_response :success ### # create an relation with a node as member, this time test that we don't # need a role attribute to be included xml = "" \ - "" + "" - put :create, :body => xml + "" + put relation_create_path, :params => xml, :headers => auth_header # hope for success assert_response :success, "relation upload did not return success status" @@ -356,19 +333,17 @@ module Api assert_not_nil checkrelation, "uploaded relation not found in data base after upload" # compare values - assert_equal checkrelation.members.length, 1, - "saved relation does not contain exactly one member" - assert_equal checkrelation.tags.length, 1, - "saved relation does not contain exactly one tag" + assert_equal(1, checkrelation.members.length, "saved relation does not contain exactly one member") + assert_equal(1, checkrelation.tags.length, "saved relation does not contain exactly one tag") assert_equal changeset.id, checkrelation.changeset.id, "saved relation does not belong in the changeset it was assigned to" assert_equal user.id, checkrelation.changeset.user_id, "saved relation does not belong to user that created it" - assert_equal true, checkrelation.visible, - "saved relation is not visible" + assert checkrelation.visible, + "saved relation is not visible" # ok the relation is there but can we also retrieve it? - get :show, :params => { :id => relationid } + get api_relation_path(relationid) assert_response :success ### @@ -377,7 +352,7 @@ module Api "" \ "" \ "" - put :create, :body => xml + put relation_create_path, :params => xml, :headers => auth_header # hope for success assert_response :success, "relation upload did not return success status" @@ -387,18 +362,16 @@ module Api assert_not_nil checkrelation, "uploaded relation not found in data base after upload" # compare values - assert_equal checkrelation.members.length, 2, - "saved relation does not have exactly two members" - assert_equal checkrelation.tags.length, 1, - "saved relation does not contain exactly one tag" + assert_equal(2, checkrelation.members.length, "saved relation does not have exactly two members") + assert_equal(1, checkrelation.tags.length, "saved relation does not contain exactly one tag") assert_equal changeset.id, checkrelation.changeset.id, "saved relation does not belong in the changeset it was assigned to" assert_equal user.id, checkrelation.changeset.user_id, "saved relation does not belong to user that created it" - assert_equal true, checkrelation.visible, - "saved relation is not visible" + assert checkrelation.visible, + "saved relation is not visible" # ok the relation is there but can we also retrieve it? - get :show, :params => { :id => relationid } + get api_relation_path(relationid) assert_response :success end @@ -418,7 +391,7 @@ module Api relation = create(:relation) create_list(:relation_tag, 4, :relation => relation) - basic_authorization user.email, "test" + auth_header = bearer_authorization_header user with_relation(relation.id) do |rel| # alter one of the tags @@ -427,7 +400,7 @@ module Api update_changeset(rel, changeset.id) # check that the downloaded tags are the same as the uploaded tags... - new_version = with_update(rel) do |new_rel| + new_version = with_update(rel, auth_header) do |new_rel| assert_tags_equal rel, new_rel end @@ -450,7 +423,7 @@ module Api relation = create(:relation) create_list(:relation_tag, 4, :relation => relation) - basic_authorization user.email, "test" + auth_header = bearer_authorization_header user with_relation(relation.id) do |rel| # alter one of the tags @@ -459,7 +432,7 @@ module Api update_changeset(rel, changeset.id) # check that the downloaded tags are the same as the uploaded tags... - new_version = with_update_diff(rel) do |new_rel| + new_version = with_update_diff(rel, auth_header) do |new_rel| assert_tags_equal rel, new_rel end @@ -477,10 +450,10 @@ module Api relation = create(:relation) other_relation = create(:relation) - basic_authorization user.email, "test" + auth_header = bearer_authorization_header user with_relation(relation.id) do |rel| update_changeset(rel, changeset.id) - put :update, :params => { :id => other_relation.id }, :body => rel.to_s + put api_relation_path(other_relation), :params => rel.to_s, :headers => auth_header assert_response :bad_request end end @@ -493,13 +466,13 @@ module Api user = create(:user) changeset = create(:changeset, :user => user) - basic_authorization user.email, "test" + auth_header = bearer_authorization_header user # create a relation with non-existing node as member xml = "" \ "" \ "" - put :create, :body => xml + put relation_create_path, :params => xml, :headers => auth_header # expect failure assert_response :precondition_failed, "relation upload with invalid node did not return 'precondition failed'" @@ -514,13 +487,13 @@ module Api changeset = create(:changeset, :user => user) node = create(:node) - basic_authorization user.email, "test" + auth_header = bearer_authorization_header user # create some xml that should return an error xml = "" \ "" \ "" - put :create, :body => xml + put relation_create_path, :params => xml, :headers => auth_header # expect failure assert_response :bad_request assert_match(/Cannot parse valid relation from xml string/, @response.body) @@ -545,122 +518,121 @@ module Api create_list(:relation_tag, 4, :relation => multi_tag_relation) ## First try to delete relation without auth - delete :delete, :params => { :id => relation.id } + delete api_relation_path(relation) assert_response :unauthorized ## Then try with the private user, to make sure that you get a forbidden - basic_authorization private_user.email, "test" + auth_header = bearer_authorization_header private_user # this shouldn't work, as we should need the payload... - delete :delete, :params => { :id => relation.id } + delete api_relation_path(relation), :headers => auth_header assert_response :forbidden # try to delete without specifying a changeset xml = "" - delete :delete, :params => { :id => relation.id }, :body => xml.to_s + delete api_relation_path(relation), :params => xml.to_s, :headers => auth_header assert_response :forbidden # try to delete with an invalid (closed) changeset xml = update_changeset(xml_for_relation(relation), private_user_closed_changeset.id) - delete :delete, :params => { :id => relation.id }, :body => xml.to_s + delete api_relation_path(relation), :params => xml.to_s, :headers => auth_header assert_response :forbidden # try to delete with an invalid (non-existent) changeset xml = update_changeset(xml_for_relation(relation), 0) - delete :delete, :params => { :id => relation.id }, :body => xml.to_s + delete api_relation_path(relation), :params => xml.to_s, :headers => auth_header assert_response :forbidden # this won't work because the relation is in-use by another relation xml = xml_for_relation(used_relation) - delete :delete, :params => { :id => used_relation.id }, :body => xml.to_s + delete api_relation_path(used_relation), :params => xml.to_s, :headers => auth_header assert_response :forbidden # this should work when we provide the appropriate payload... xml = xml_for_relation(relation) - delete :delete, :params => { :id => relation.id }, :body => xml.to_s + delete api_relation_path(relation), :params => xml.to_s, :headers => auth_header assert_response :forbidden # this won't work since the relation is already deleted xml = xml_for_relation(deleted_relation) - delete :delete, :params => { :id => deleted_relation.id }, :body => xml.to_s + delete api_relation_path(deleted_relation), :params => xml.to_s, :headers => auth_header assert_response :forbidden # this won't work since the relation never existed - delete :delete, :params => { :id => 0 } + delete api_relation_path(0), :headers => auth_header assert_response :forbidden ## now set auth for the public user - basic_authorization user.email, "test" + auth_header = bearer_authorization_header user # this shouldn't work, as we should need the payload... - delete :delete, :params => { :id => relation.id } + delete api_relation_path(relation), :headers => auth_header assert_response :bad_request # try to delete without specifying a changeset xml = "" - delete :delete, :params => { :id => relation.id }, :body => xml.to_s + delete api_relation_path(relation), :params => xml.to_s, :headers => auth_header assert_response :bad_request assert_match(/Changeset id is missing/, @response.body) # try to delete with an invalid (closed) changeset xml = update_changeset(xml_for_relation(relation), closed_changeset.id) - delete :delete, :params => { :id => relation.id }, :body => xml.to_s + delete api_relation_path(relation), :params => xml.to_s, :headers => auth_header assert_response :conflict # try to delete with an invalid (non-existent) changeset xml = update_changeset(xml_for_relation(relation), 0) - delete :delete, :params => { :id => relation.id }, :body => xml.to_s + delete api_relation_path(relation), :params => xml.to_s, :headers => auth_header assert_response :conflict # this won't work because the relation is in a changeset owned by someone else xml = update_changeset(xml_for_relation(relation), create(:changeset).id) - delete :delete, :params => { :id => relation.id }, :body => xml.to_s + delete api_relation_path(relation), :params => xml.to_s, :headers => auth_header assert_response :conflict, "shouldn't be able to delete a relation in a changeset owned by someone else (#{@response.body})" # this won't work because the relation in the payload is different to that passed xml = update_changeset(xml_for_relation(relation), changeset.id) - delete :delete, :params => { :id => create(:relation).id }, :body => xml.to_s + delete api_relation_path(create(:relation)), :params => xml.to_s, :headers => auth_header assert_response :bad_request, "shouldn't be able to delete a relation when payload is different to the url" # this won't work because the relation is in-use by another relation xml = update_changeset(xml_for_relation(used_relation), changeset.id) - delete :delete, :params => { :id => used_relation.id }, :body => xml.to_s + delete api_relation_path(used_relation), :params => xml.to_s, :headers => auth_header assert_response :precondition_failed, "shouldn't be able to delete a relation used in a relation (#{@response.body})" assert_equal "Precondition failed: The relation #{used_relation.id} is used in relation #{super_relation.id}.", @response.body # this should work when we provide the appropriate payload... xml = update_changeset(xml_for_relation(multi_tag_relation), changeset.id) - delete :delete, :params => { :id => multi_tag_relation.id }, :body => xml.to_s + delete api_relation_path(multi_tag_relation), :params => xml.to_s, :headers => auth_header assert_response :success # valid delete should return the new version number, which should # be greater than the old version number - assert @response.body.to_i > multi_tag_relation.version, - "delete request should return a new version number for relation" + assert_operator @response.body.to_i, :>, multi_tag_relation.version, "delete request should return a new version number for relation" # this won't work since the relation is already deleted xml = update_changeset(xml_for_relation(deleted_relation), changeset.id) - delete :delete, :params => { :id => deleted_relation.id }, :body => xml.to_s + delete api_relation_path(deleted_relation), :params => xml.to_s, :headers => auth_header assert_response :gone # Public visible relation needs to be deleted xml = update_changeset(xml_for_relation(super_relation), changeset.id) - delete :delete, :params => { :id => super_relation.id }, :body => xml.to_s + delete api_relation_path(super_relation), :params => xml.to_s, :headers => auth_header assert_response :success # this works now because the relation which was using this one # has been deleted. xml = update_changeset(xml_for_relation(used_relation), changeset.id) - delete :delete, :params => { :id => used_relation.id }, :body => xml.to_s + delete api_relation_path(used_relation), :params => xml.to_s, :headers => auth_header assert_response :success, "should be able to delete a relation used in an old relation (#{@response.body})" # this won't work since the relation never existed - delete :delete, :params => { :id => 0 } + delete api_relation_path(0), :headers => auth_header assert_response :not_found end @@ -669,15 +641,15 @@ module Api # box of all its members into the changeset. def test_tag_modify_bounding_box relation = create(:relation) - node1 = create(:node, :lat => 3, :lon => 3) - node2 = create(:node, :lat => 5, :lon => 5) + node1 = create(:node, :lat => 0.3, :lon => 0.3) + node2 = create(:node, :lat => 0.5, :lon => 0.5) way = create(:way) create(:way_node, :way => way, :node => node1) create(:relation_member, :relation => relation, :member => way) create(:relation_member, :relation => relation, :member => node2) # the relation contains nodes1 and node2 (node1 - # indirectly via the way), so the bbox should be [3,3,5,5]. - check_changeset_modify(BoundingBox.new(3, 3, 5, 5)) do |changeset_id| + # indirectly via the way), so the bbox should be [0.3,0.3,0.5,0.5]. + check_changeset_modify(BoundingBox.new(0.3, 0.3, 0.5, 0.5)) do |changeset_id, auth_header| # add a tag to an existing relation relation_xml = xml_for_relation(relation) relation_element = relation_xml.find("//osm/relation").first @@ -690,7 +662,7 @@ module Api update_changeset(relation_xml, changeset_id) # upload the change - put :update, :params => { :id => relation.id }, :body => relation_xml.to_s + put api_relation_path(relation), :params => relation_xml.to_s, :headers => auth_header assert_response :success, "can't update relation for tag/bbox test" end end @@ -710,7 +682,7 @@ module Api [node1, node2, way1, way2].each do |element| bbox = element.bbox.to_unscaled - check_changeset_modify(bbox) do |changeset_id| + check_changeset_modify(bbox) do |changeset_id, auth_header| relation_xml = xml_for_relation(Relation.find(relation.id)) relation_element = relation_xml.find("//osm/relation").first new_member = XML::Node.new("member") @@ -723,11 +695,11 @@ module Api update_changeset(relation_xml, changeset_id) # upload the change - put :update, :params => { :id => relation.id }, :body => relation_xml.to_s + put api_relation_path(relation), :params => relation_xml.to_s, :headers => auth_header assert_response :success, "can't update relation for add #{element.class}/bbox test: #{@response.body}" # get it back and check the ordering - get :show, :params => { :id => relation.id } + get api_relation_path(relation) assert_response :success, "can't read back the relation: #{@response.body}" check_ordering(relation_xml, @response.body) end @@ -744,7 +716,7 @@ module Api create(:relation_member, :relation => relation, :member => node1) create(:relation_member, :relation => relation, :member => node2) - check_changeset_modify(BoundingBox.new(5, 5, 5, 5)) do |changeset_id| + check_changeset_modify(BoundingBox.new(5, 5, 5, 5)) do |changeset_id, auth_header| # remove node 5 (5,5) from an existing relation relation_xml = xml_for_relation(relation) relation_xml @@ -755,7 +727,7 @@ module Api update_changeset(relation_xml, changeset_id) # upload the change - put :update, :params => { :id => relation.id }, :body => relation_xml.to_s + put api_relation_path(relation), :params => relation_xml.to_s, :headers => auth_header assert_response :success, "can't update relation for remove node/bbox test" end end @@ -771,7 +743,7 @@ module Api way1 = create(:way_with_nodes, :nodes_count => 2) way2 = create(:way_with_nodes, :nodes_count => 2) - basic_authorization user.email, "test" + auth_header = bearer_authorization_header user doc_str = <<~OSM @@ -785,12 +757,12 @@ module Api OSM doc = XML::Parser.string(doc_str).parse - put :create, :body => doc.to_s + put relation_create_path, :params => doc.to_s, :headers => auth_header assert_response :success, "can't create a relation: #{@response.body}" relation_id = @response.body.to_i # get it back and check the ordering - get :show, :params => { :id => relation_id } + get api_relation_path(relation_id) assert_response :success, "can't read back the relation: #{@response.body}" check_ordering(doc, @response.body) @@ -805,18 +777,18 @@ module Api doc.find("//osm/relation").first["version"] = 1.to_s # upload the next version of the relation - put :update, :params => { :id => relation_id }, :body => doc.to_s + put api_relation_path(relation_id), :params => doc.to_s, :headers => auth_header assert_response :success, "can't update relation: #{@response.body}" assert_equal 2, @response.body.to_i # get it back again and check the ordering again - get :show, :params => { :id => relation_id } + get api_relation_path(relation_id) assert_response :success, "can't read back the relation: #{@response.body}" check_ordering(doc, @response.body) # check the ordering in the history tables: with_controller(OldRelationsController.new) do - get :version, :params => { :id => relation_id, :version => 2 } + get api_old_relation_path(relation_id, 2) assert_response :success, "can't read back version 2 of the relation #{relation_id}" check_ordering(doc, @response.body) end @@ -844,20 +816,20 @@ module Api doc = XML::Parser.string(doc_str).parse ## First try with the private user - basic_authorization private_user.email, "test" + auth_header = bearer_authorization_header private_user - put :create, :body => doc.to_s + put relation_create_path, :params => doc.to_s, :headers => auth_header assert_response :forbidden ## Now try with the public user - basic_authorization user.email, "test" + auth_header = bearer_authorization_header user - put :create, :body => doc.to_s + put relation_create_path, :params => doc.to_s, :headers => auth_header assert_response :success, "can't create a relation: #{@response.body}" relation_id = @response.body.to_i # get it back and check the ordering - get :show, :params => { :id => relation_id } + get api_relation_path(relation_id) assert_response :success, "can't read back the relation: #{relation_id}" check_ordering(doc, @response.body) end @@ -883,20 +855,20 @@ module Api OSM doc = XML::Parser.string(doc_str).parse - basic_authorization user.email, "test" + auth_header = bearer_authorization_header user - put :create, :body => doc.to_s + put relation_create_path, :params => doc.to_s, :headers => auth_header assert_response :success, "can't create a relation: #{@response.body}" relation_id = @response.body.to_i # check the ordering in the current tables: - get :show, :params => { :id => relation_id } + get api_relation_path(relation_id) assert_response :success, "can't read back the relation: #{@response.body}" check_ordering(doc, @response.body) # check the ordering in the history tables: with_controller(OldRelationsController.new) do - get :version, :params => { :id => relation_id, :version => 1 } + get api_old_relation_path(relation_id, 1) assert_response :success, "can't read back version 1 of the relation: #{@response.body}" check_ordering(doc, @response.body) end @@ -907,14 +879,14 @@ module Api # still technically valid. def test_remove_all_members relation = create(:relation) - node1 = create(:node, :lat => 3, :lon => 3) - node2 = create(:node, :lat => 5, :lon => 5) + node1 = create(:node, :lat => 0.3, :lon => 0.3) + node2 = create(:node, :lat => 0.5, :lon => 0.5) way = create(:way) create(:way_node, :way => way, :node => node1) create(:relation_member, :relation => relation, :member => way) create(:relation_member, :relation => relation, :member => node2) - check_changeset_modify(BoundingBox.new(3, 3, 5, 5)) do |changeset_id| + check_changeset_modify(BoundingBox.new(0.3, 0.3, 0.5, 0.5)) do |changeset_id, auth_header| relation_xml = xml_for_relation(relation) relation_xml .find("//osm/relation/member") @@ -924,7 +896,7 @@ module Api update_changeset(relation_xml, changeset_id) # upload the change - put :update, :params => { :id => relation.id }, :body => relation_xml.to_s + put api_relation_path(relation), :params => relation_xml.to_s, :headers => auth_header assert_response :success, "can't update relation for remove all members test" checkrelation = Relation.find(relation.id) assert_not_nil(checkrelation, @@ -934,9 +906,137 @@ module Api end end - # ============================================================ - # utility functions - # ============================================================ + ## + # test initial rate limit + def test_initial_rate_limit + # create a user + user = create(:user) + + # create some nodes + node1 = create(:node) + node2 = create(:node) + + # create a changeset that puts us near the initial rate limit + changeset = create(:changeset, :user => user, + :created_at => Time.now.utc - 5.minutes, + :num_changes => Settings.initial_changes_per_hour - 1) + + # create authentication header + auth_header = bearer_authorization_header user + + # try creating a relation + xml = "" \ + "" \ + "" \ + "" + put relation_create_path, :params => xml, :headers => auth_header + assert_response :success, "relation create did not return success status" + + # get the id of the relation we created + relationid = @response.body + + # try updating the relation, which should be rate limited + xml = "" \ + "" \ + "" \ + "" + put api_relation_path(relationid), :params => xml, :headers => auth_header + assert_response :too_many_requests, "relation update did not hit rate limit" + + # try deleting the relation, which should be rate limited + xml = "" + delete api_relation_path(relationid), :params => xml, :headers => auth_header + assert_response :too_many_requests, "relation delete did not hit rate limit" + + # try creating a relation, which should be rate limited + xml = "" \ + "" \ + "" \ + "" + put relation_create_path, :params => xml, :headers => auth_header + assert_response :too_many_requests, "relation create did not hit rate limit" + end + + ## + # test maximum rate limit + def test_maximum_rate_limit + # create a user + user = create(:user) + + # create some nodes + node1 = create(:node) + node2 = create(:node) + + # create a changeset to establish our initial edit time + changeset = create(:changeset, :user => user, + :created_at => Time.now.utc - 28.days) + + # create changeset to put us near the maximum rate limit + total_changes = Settings.max_changes_per_hour - 1 + while total_changes.positive? + changes = [total_changes, Changeset::MAX_ELEMENTS].min + changeset = create(:changeset, :user => user, + :created_at => Time.now.utc - 5.minutes, + :num_changes => changes) + total_changes -= changes + end + + # create authentication header + auth_header = bearer_authorization_header user + + # try creating a relation + xml = "" \ + "" \ + "" \ + "" + put relation_create_path, :params => xml, :headers => auth_header + assert_response :success, "relation create did not return success status" + + # get the id of the relation we created + relationid = @response.body + + # try updating the relation, which should be rate limited + xml = "" \ + "" \ + "" \ + "" + put api_relation_path(relationid), :params => xml, :headers => auth_header + assert_response :too_many_requests, "relation update did not hit rate limit" + + # try deleting the relation, which should be rate limited + xml = "" + delete api_relation_path(relationid), :params => xml, :headers => auth_header + assert_response :too_many_requests, "relation delete did not hit rate limit" + + # try creating a relation, which should be rate limited + xml = "" \ + "" \ + "" \ + "" + put relation_create_path, :params => xml, :headers => auth_header + assert_response :too_many_requests, "relation create did not hit rate limit" + end + + private + + def check_relations_for_element(path, type, id, expected_relations) + # check the "relations for relation" mode + get path + assert_response :success + + # count one osm element + assert_select "osm[version='#{Settings.api_version}'][generator='#{Settings.generator}']", 1 + + # we should have only the expected number of relations + assert_select "osm>relation", expected_relations.size + + # and each of them should contain the element we originally searched for + expected_relations.each do |relation| + # The relation should appear once, but the element could appear multiple times + assert_select "osm>relation[id='#{relation.id}']", 1 + assert_select "osm>relation[id='#{relation.id}']>member[type='#{type}'][ref='#{id}']" + end + end ## # checks that the XML document and the string arguments have @@ -962,41 +1062,41 @@ module Api # that the changeset bounding box is +bbox+. def check_changeset_modify(bbox) ## First test with the private user to check that you get a forbidden - basic_authorization create(:user, :data_public => false).email, "test" + auth_header = bearer_authorization_header create(:user, :data_public => false) # create a new changeset for this operation, so we are assured # that the bounding box will be newly-generated. - changeset_id = with_controller(Api::ChangesetsController.new) do + with_controller(Api::ChangesetsController.new) do xml = "" - put :create, :body => xml + put changeset_create_path, :params => xml, :headers => auth_header assert_response :forbidden, "shouldn't be able to create changeset for modify test, as should get forbidden" end ## Now do the whole thing with the public user - basic_authorization create(:user).email, "test" + auth_header = bearer_authorization_header # create a new changeset for this operation, so we are assured # that the bounding box will be newly-generated. changeset_id = with_controller(Api::ChangesetsController.new) do xml = "" - put :create, :body => xml + put changeset_create_path, :params => xml, :headers => auth_header assert_response :success, "couldn't create changeset for modify test" @response.body.to_i end # go back to the block to do the actual modifies - yield changeset_id + yield changeset_id, auth_header # now download the changeset to check its bounding box with_controller(Api::ChangesetsController.new) do - get :show, :params => { :id => changeset_id } + get changeset_show_path(changeset_id) assert_response :success, "can't re-read changeset for modify test" assert_select "osm>changeset", 1, "Changeset element doesn't exist in #{@response.body}" assert_select "osm>changeset[id='#{changeset_id}']", 1, "Changeset id=#{changeset_id} doesn't exist in #{@response.body}" - assert_select "osm>changeset[min_lon='#{format('%.7f', bbox.min_lon)}']", 1, "Changeset min_lon wrong in #{@response.body}" - assert_select "osm>changeset[min_lat='#{format('%.7f', bbox.min_lat)}']", 1, "Changeset min_lat wrong in #{@response.body}" - assert_select "osm>changeset[max_lon='#{format('%.7f', bbox.max_lon)}']", 1, "Changeset max_lon wrong in #{@response.body}" - assert_select "osm>changeset[max_lat='#{format('%.7f', bbox.max_lat)}']", 1, "Changeset max_lat wrong in #{@response.body}" + assert_select "osm>changeset[min_lon='#{format('%.7f', :lon => bbox.min_lon)}']", 1, "Changeset min_lon wrong in #{@response.body}" + assert_select "osm>changeset[min_lat='#{format('%.7f', :lat => bbox.min_lat)}']", 1, "Changeset min_lat wrong in #{@response.body}" + assert_select "osm>changeset[max_lon='#{format('%.7f', :lon => bbox.max_lon)}']", 1, "Changeset max_lon wrong in #{@response.body}" + assert_select "osm>changeset[max_lat='#{format('%.7f', :lat => bbox.max_lat)}']", 1, "Changeset max_lat wrong in #{@response.body}" end end @@ -1006,10 +1106,10 @@ module Api # doc is returned. def with_relation(id, ver = nil) if ver.nil? - get :show, :params => { :id => id } + get api_relation_path(id) else with_controller(OldRelationsController.new) do - get :version, :params => { :id => id, :version => ver } + get api_old_relation_path(id, ver) end end assert_response :success @@ -1019,15 +1119,15 @@ module Api ## # updates the relation (XML) +rel+ and # yields the new version of that relation into the block. - # the parsed XML doc is retured. - def with_update(rel) + # the parsed XML doc is returned. + def with_update(rel, headers) rel_id = rel.find("//osm/relation").first["id"].to_i - put :update, :params => { :id => rel_id }, :body => rel.to_s + put api_relation_path(rel_id), :params => rel.to_s, :headers => headers assert_response :success, "can't update relation: #{@response.body}" version = @response.body.to_i # now get the new version - get :show, :params => { :id => rel_id } + get api_relation_path(rel_id) assert_response :success new_rel = xml_parse(@response.body) @@ -1039,27 +1139,27 @@ module Api ## # updates the relation (XML) +rel+ via the diff-upload API and # yields the new version of that relation into the block. - # the parsed XML doc is retured. - def with_update_diff(rel) + # the parsed XML doc is returned. + def with_update_diff(rel, headers) rel_id = rel.find("//osm/relation").first["id"].to_i cs_id = rel.find("//osm/relation").first["changeset"].to_i version = nil with_controller(Api::ChangesetsController.new) do - doc = OSM::API.new.get_xml_doc + doc = OSM::API.new.xml_doc change = XML::Node.new "osmChange" doc.root = change modify = XML::Node.new "modify" change << modify modify << doc.import(rel.find("//osm/relation").first) - post :upload, :params => { :id => cs_id }, :body => doc.to_s + post changeset_upload_path(cs_id), :params => doc.to_s, :headers => headers assert_response :success, "can't upload diff relation: #{@response.body}" version = xml_parse(@response.body).find("//diffResult/relation").first["new_version"].to_i end # now get the new version - get :show, :params => { :id => rel_id } + get api_relation_path(rel_id) assert_response :success new_rel = xml_parse(@response.body)