X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/a6b84a0294a2929006ff056f56103be549c5b5a2..3d8dc64b9c36520c6627bbcc5e5936aaa8adc958:/test/controllers/node_controller_test.rb?ds=sidebyside diff --git a/test/controllers/node_controller_test.rb b/test/controllers/node_controller_test.rb index 8952daade..ffc86b2f6 100644 --- a/test/controllers/node_controller_test.rb +++ b/test/controllers/node_controller_test.rb @@ -437,13 +437,14 @@ class NodeControllerTest < ActionController::TestCase ## # test adding tags to a node def test_duplicate_tags + existing = create(:node_tag, :node => current_nodes(:public_visible_node)) # setup auth basic_authorization(users(:public_user).email, "test") # add an identical tag to the node tag_xml = XML::Node.new("tag") - tag_xml["k"] = current_node_tags(:public_v_t1).k - tag_xml["v"] = current_node_tags(:public_v_t1).v + tag_xml["k"] = existing.k + tag_xml["v"] = existing.v # add the tag into the existing xml node_xml = current_nodes(:public_visible_node).to_xml @@ -454,7 +455,7 @@ class NodeControllerTest < ActionController::TestCase put :update, :id => current_nodes(:public_visible_node).id assert_response :bad_request, "adding duplicate tags to a node should fail with 'bad request'" - assert_equal "Element node/#{current_nodes(:public_visible_node).id} has duplicate tags with key #{current_node_tags(:t1).k}", @response.body + assert_equal "Element node/#{current_nodes(:public_visible_node).id} has duplicate tags with key #{existing.k}", @response.body end # test whether string injection is possible @@ -466,8 +467,8 @@ class NodeControllerTest < ActionController::TestCase # try and put something into a string that the API might # use unquoted and therefore allow code injection... content "" + - '' + - "" + '' + + "" put :create assert_require_public_data "Shouldn't be able to create with non-public user" @@ -478,8 +479,8 @@ class NodeControllerTest < ActionController::TestCase # try and put something into a string that the API might # use unquoted and therefore allow code injection... content "" + - '' + - "" + '' + + "" put :create assert_response :success nodeid = @response.body