X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/93e49daee21b64f0af0ba7fa3035904843a028ea..2fcee9625dcd192d0c524f27d9cb182c883e31b4:/test/controllers/api/relations_controller_test.rb diff --git a/test/controllers/api/relations_controller_test.rb b/test/controllers/api/relations_controller_test.rb index de24c087d..e6f507d3a 100644 --- a/test/controllers/api/relations_controller_test.rb +++ b/test/controllers/api/relations_controller_test.rb @@ -102,7 +102,7 @@ module Api second_relation = create(:relation_member, :member => node).relation _super_relation = create(:relation_member, :member => second_relation).relation # should combine multiple relation_member references into just one relation entry - create(:relation_member, :member => node, :relation => relation_with_node, :sequence_id => 2) + create(:relation_member, :member => node, :relation => relation_with_node) # should not include deleted relations deleted_relation = create(:relation, :deleted) create(:relation_member, :member => node, :relation => deleted_relation) @@ -122,7 +122,7 @@ module Api second_relation = create(:relation_member, :member => way).relation _super_relation = create(:relation_member, :member => second_relation).relation # should combine multiple relation_member references into just one relation entry - create(:relation_member, :member => way, :relation => relation_with_way, :sequence_id => 2) + create(:relation_member, :member => way, :relation => relation_with_way) # should not include deleted relations deleted_relation = create(:relation, :deleted) create(:relation_member, :member => way, :relation => deleted_relation) @@ -142,7 +142,7 @@ module Api second_relation = create(:relation_member, :member => relation).relation _super_relation = create(:relation_member, :member => second_relation).relation # should combine multiple relation_member references into just one relation entry - create(:relation_member, :member => relation, :relation => relation_with_relation, :sequence_id => 2) + create(:relation_member, :member => relation, :relation => relation_with_relation) # should not include deleted relations deleted_relation = create(:relation, :deleted) create(:relation_member, :member => relation, :relation => deleted_relation) @@ -245,7 +245,7 @@ module Api # create an relation with a node as member, this time test that we don't # need a role attribute to be included xml = "" \ - "" + "" + "" put relation_create_path, :params => xml, :headers => auth_header # hope for forbidden due to user assert_response :forbidden, @@ -322,7 +322,7 @@ module Api # create an relation with a node as member, this time test that we don't # need a role attribute to be included xml = "" \ - "" + "" + "" put relation_create_path, :params => xml, :headers => auth_header # hope for success assert_response :success, @@ -612,8 +612,7 @@ module Api # valid delete should return the new version number, which should # be greater than the old version number - assert @response.body.to_i > multi_tag_relation.version, - "delete request should return a new version number for relation" + assert_operator @response.body.to_i, :>, multi_tag_relation.version, "delete request should return a new version number for relation" # this won't work since the relation is already deleted xml = update_changeset(xml_for_relation(deleted_relation), changeset.id) @@ -907,6 +906,117 @@ module Api end end + ## + # test initial rate limit + def test_initial_rate_limit + # create a user + user = create(:user) + + # create some nodes + node1 = create(:node) + node2 = create(:node) + + # create a changeset that puts us near the initial rate limit + changeset = create(:changeset, :user => user, + :created_at => Time.now.utc - 5.minutes, + :num_changes => Settings.initial_changes_per_hour - 1) + + # create authentication header + auth_header = basic_authorization_header user.email, "test" + + # try creating a relation + xml = "" \ + "" \ + "" \ + "" + put relation_create_path, :params => xml, :headers => auth_header + assert_response :success, "relation create did not return success status" + + # get the id of the relation we created + relationid = @response.body + + # try updating the relation, which should be rate limited + xml = "" \ + "" \ + "" \ + "" + put api_relation_path(relationid), :params => xml, :headers => auth_header + assert_response :too_many_requests, "relation update did not hit rate limit" + + # try deleting the relation, which should be rate limited + xml = "" + delete api_relation_path(relationid), :params => xml, :headers => auth_header + assert_response :too_many_requests, "relation delete did not hit rate limit" + + # try creating a relation, which should be rate limited + xml = "" \ + "" \ + "" \ + "" + put relation_create_path, :params => xml, :headers => auth_header + assert_response :too_many_requests, "relation create did not hit rate limit" + end + + ## + # test maximum rate limit + def test_maximum_rate_limit + # create a user + user = create(:user) + + # create some nodes + node1 = create(:node) + node2 = create(:node) + + # create a changeset to establish our initial edit time + changeset = create(:changeset, :user => user, + :created_at => Time.now.utc - 28.days) + + # create changeset to put us near the maximum rate limit + total_changes = Settings.max_changes_per_hour - 1 + while total_changes.positive? + changes = [total_changes, Changeset::MAX_ELEMENTS].min + changeset = create(:changeset, :user => user, + :created_at => Time.now.utc - 5.minutes, + :num_changes => changes) + total_changes -= changes + end + + # create authentication header + auth_header = basic_authorization_header user.email, "test" + + # try creating a relation + xml = "" \ + "" \ + "" \ + "" + put relation_create_path, :params => xml, :headers => auth_header + assert_response :success, "relation create did not return success status" + + # get the id of the relation we created + relationid = @response.body + + # try updating the relation, which should be rate limited + xml = "" \ + "" \ + "" \ + "" + put api_relation_path(relationid), :params => xml, :headers => auth_header + assert_response :too_many_requests, "relation update did not hit rate limit" + + # try deleting the relation, which should be rate limited + xml = "" + delete api_relation_path(relationid), :params => xml, :headers => auth_header + assert_response :too_many_requests, "relation delete did not hit rate limit" + + # try creating a relation, which should be rate limited + xml = "" \ + "" \ + "" \ + "" + put relation_create_path, :params => xml, :headers => auth_header + assert_response :too_many_requests, "relation create did not hit rate limit" + end + private def check_relations_for_element(path, type, id, expected_relations) @@ -915,7 +1025,7 @@ module Api assert_response :success # count one osm element - assert_select "osm[version='#{Settings.api_version}'][generator='OpenStreetMap server']", 1 + assert_select "osm[version='#{Settings.api_version}'][generator='#{Settings.generator}']", 1 # we should have only the expected number of relations assert_select "osm>relation", expected_relations.size @@ -1009,7 +1119,7 @@ module Api ## # updates the relation (XML) +rel+ and # yields the new version of that relation into the block. - # the parsed XML doc is retured. + # the parsed XML doc is returned. def with_update(rel, headers) rel_id = rel.find("//osm/relation").first["id"].to_i put api_relation_path(:id => rel_id), :params => rel.to_s, :headers => headers @@ -1029,14 +1139,14 @@ module Api ## # updates the relation (XML) +rel+ via the diff-upload API and # yields the new version of that relation into the block. - # the parsed XML doc is retured. + # the parsed XML doc is returned. def with_update_diff(rel, headers) rel_id = rel.find("//osm/relation").first["id"].to_i cs_id = rel.find("//osm/relation").first["changeset"].to_i version = nil with_controller(Api::ChangesetsController.new) do - doc = OSM::API.new.get_xml_doc + doc = OSM::API.new.xml_doc change = XML::Node.new "osmChange" doc.root = change modify = XML::Node.new "modify"