X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/b70da7b8ea15ab48bb2f34155567cea6dffc8fc9..3c504a1a64a5d7c3811a0068721f89aa959f48f9:/test/controllers/api/ways_controller_test.rb?ds=sidebyside diff --git a/test/controllers/api/ways_controller_test.rb b/test/controllers/api/ways_controller_test.rb index 0cf30e4ff..e11cceeb2 100644 --- a/test/controllers/api/ways_controller_test.rb +++ b/test/controllers/api/ways_controller_test.rb @@ -57,7 +57,7 @@ module Api assert_response :gone # check chat a non-existent way is not returned - get api_way_path(:id => 0) + get api_way_path(0) assert_response :not_found end @@ -102,11 +102,11 @@ module Api assert_response :bad_request # check error when no parameter value provided - get ways_path, :params => { :ways => "" } + get ways_path(:ways => "") assert_response :bad_request # test a working call - get ways_path, :params => { :ways => "#{way1.id},#{way2.id},#{way3.id},#{way4.id}" } + get ways_path(:ways => "#{way1.id},#{way2.id},#{way3.id},#{way4.id}") assert_response :success assert_select "osm" do assert_select "way", :count => 4 @@ -117,7 +117,7 @@ module Api end # test a working call with json format - get ways_path, :params => { :ways => "#{way1.id},#{way2.id},#{way3.id},#{way4.id}", :format => "json" } + get ways_path(:ways => "#{way1.id},#{way2.id},#{way3.id},#{way4.id}", :format => "json") js = ActiveSupport::JSON.decode(@response.body) assert_not_nil js @@ -129,7 +129,7 @@ module Api assert_equal 1, (js["elements"].count { |a| a["id"] == way4.id && a["visible"].nil? }) # check error when a non-existent way is included - get ways_path, :params => { :ways => "#{way1.id},#{way2.id},#{way3.id},#{way4.id},0" } + get ways_path(:ways => "#{way1.id},#{way2.id},#{way3.id},#{way4.id},0") assert_response :not_found end @@ -345,7 +345,7 @@ module Api "shouldn't be able to delete a way used in a relation (#{@response.body}), when done by a private user" # this won't work since the way never existed - delete api_way_path(:id => 0), :headers => auth_header + delete api_way_path(0), :headers => auth_header assert_response :forbidden ### Now check with a public user @@ -379,8 +379,7 @@ module Api # check the returned value - should be the new version number # valid delete should return the new version number, which should # be greater than the old version number - assert @response.body.to_i > way.version, - "delete request should return a new version number for way" + assert_operator @response.body.to_i, :>, way.version, "delete request should return a new version number for way" # this won't work since the way is already deleted xml = xml_for_way(deleted_way) @@ -395,7 +394,7 @@ module Api assert_equal "Precondition failed: Way #{used_way.id} is still used by relations #{relation.id}.", @response.body # this won't work since the way never existed - delete api_way_path(:id => 0), :params => xml.to_s, :headers => auth_header + delete api_way_path(0), :params => xml.to_s, :headers => auth_header assert_response :not_found end @@ -754,6 +753,111 @@ module Api end end + ## + # test initial rate limit + def test_initial_rate_limit + # create a user + user = create(:user) + + # create some nodes + node1 = create(:node) + node2 = create(:node) + + # create a changeset that puts us near the initial rate limit + changeset = create(:changeset, :user => user, + :created_at => Time.now.utc - 5.minutes, + :num_changes => Settings.initial_changes_per_hour - 1) + + # create authentication header + auth_header = basic_authorization_header user.email, "test" + + # try creating a way + xml = "" \ + "" \ + "" + put way_create_path, :params => xml, :headers => auth_header + assert_response :success, "way create did not return success status" + + # get the id of the way we created + wayid = @response.body + + # try updating the way, which should be rate limited + xml = "" \ + "" \ + "" + put api_way_path(wayid), :params => xml, :headers => auth_header + assert_response :too_many_requests, "way update did not hit rate limit" + + # try deleting the way, which should be rate limited + xml = "" + delete api_way_path(wayid), :params => xml, :headers => auth_header + assert_response :too_many_requests, "way delete did not hit rate limit" + + # try creating a way, which should be rate limited + xml = "" \ + "" \ + "" + put way_create_path, :params => xml, :headers => auth_header + assert_response :too_many_requests, "way create did not hit rate limit" + end + + ## + # test maximum rate limit + def test_maximum_rate_limit + # create a user + user = create(:user) + + # create some nodes + node1 = create(:node) + node2 = create(:node) + + # create a changeset to establish our initial edit time + changeset = create(:changeset, :user => user, + :created_at => Time.now.utc - 28.days) + + # create changeset to put us near the maximum rate limit + total_changes = Settings.max_changes_per_hour - 1 + while total_changes.positive? + changes = [total_changes, Changeset::MAX_ELEMENTS].min + changeset = create(:changeset, :user => user, + :created_at => Time.now.utc - 5.minutes, + :num_changes => changes) + total_changes -= changes + end + + # create authentication header + auth_header = basic_authorization_header user.email, "test" + + # try creating a way + xml = "" \ + "" \ + "" + put way_create_path, :params => xml, :headers => auth_header + assert_response :success, "way create did not return success status" + + # get the id of the way we created + wayid = @response.body + + # try updating the way, which should be rate limited + xml = "" \ + "" \ + "" + put api_way_path(wayid), :params => xml, :headers => auth_header + assert_response :too_many_requests, "way update did not hit rate limit" + + # try deleting the way, which should be rate limited + xml = "" + delete api_way_path(wayid), :params => xml, :headers => auth_header + assert_response :too_many_requests, "way delete did not hit rate limit" + + # try creating a way, which should be rate limited + xml = "" \ + "" \ + "" + put way_create_path, :params => xml, :headers => auth_header + assert_response :too_many_requests, "way create did not hit rate limit" + end + private ##