X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/dbd88d893f3c3fce9cafd666b94396988646d81f..c77429000c55af95056572206a99774711c8d22b:/test/controllers/node_controller_test.rb diff --git a/test/controllers/node_controller_test.rb b/test/controllers/node_controller_test.rb index 7aeb5066b..5f737f798 100644 --- a/test/controllers/node_controller_test.rb +++ b/test/controllers/node_controller_test.rb @@ -33,8 +33,8 @@ class NodeControllerTest < ActionController::TestCase changeset = create(:changeset, :user => user) # create a node with random lat/lon - lat = rand(100) - 50 + rand - lon = rand(100) - 50 + rand + lat = rand(-50..50) + rand + lon = rand(-50..50) + rand ## First try with no auth # create a minimal xml file @@ -46,7 +46,7 @@ class NodeControllerTest < ActionController::TestCase assert_response :unauthorized, "node upload did not return unauthorized status" ## Now try with the user which doesn't have their data public - basic_authorization(private_user.email, "test") + basic_authorization private_user.email, "test" # create a minimal xml file content("") @@ -57,7 +57,7 @@ class NodeControllerTest < ActionController::TestCase assert_require_public_data "node create did not return forbidden status" ## Now try with the user that has the public data - basic_authorization(user.email, "test") + basic_authorization user.email, "test" # create a minimal xml file content("") @@ -83,7 +83,7 @@ class NodeControllerTest < ActionController::TestCase user = create(:user) changeset = create(:changeset, :user => user) - basic_authorization(user.email, "test") + basic_authorization user.email, "test" lat = 3.434 lon = 3.23 @@ -160,7 +160,7 @@ class NodeControllerTest < ActionController::TestCase assert_response :unauthorized ## now set auth for the non-data public user - basic_authorization(private_user.email, "test") + basic_authorization private_user.email, "test" # try to delete with an invalid (closed) changeset content update_changeset(private_node.to_xml, private_user_closed_changeset.id) @@ -208,7 +208,7 @@ class NodeControllerTest < ActionController::TestCase changeset = create(:changeset, :user => user) closed_changeset = create(:changeset, :closed, :user => user) node = create(:node, :changeset => changeset) - basic_authorization(user.email, "test") + basic_authorization user.email, "test" # try to delete with an invalid (closed) changeset content update_changeset(node.to_xml, closed_changeset.id) @@ -295,7 +295,7 @@ class NodeControllerTest < ActionController::TestCase ## Second test with the private user # setup auth - basic_authorization(private_user.email, "test") + basic_authorization private_user.email, "test" ## trying to break changesets @@ -347,7 +347,7 @@ class NodeControllerTest < ActionController::TestCase assert_response :forbidden # setup auth - basic_authorization(user.email, "test") + basic_authorization user.email, "test" ## trying to break changesets @@ -455,7 +455,7 @@ class NodeControllerTest < ActionController::TestCase end # check error when a non-existent node is included - get :nodes, :params => { :nodes => "#{node1.id},#{node2.id},#{node3.id},#{node4.id},#{node5.id},400" } + get :nodes, :params => { :nodes => "#{node1.id},#{node2.id},#{node3.id},#{node4.id},#{node5.id},0" } assert_response :not_found end @@ -465,7 +465,7 @@ class NodeControllerTest < ActionController::TestCase existing_tag = create(:node_tag) assert_equal true, existing_tag.node.changeset.user.data_public # setup auth - basic_authorization(existing_tag.node.changeset.user.email, "test") + basic_authorization existing_tag.node.changeset.user.email, "test" # add an identical tag to the node tag_xml = XML::Node.new("tag") @@ -492,23 +492,23 @@ class NodeControllerTest < ActionController::TestCase changeset = create(:changeset, :user => user) ## First try with the non-data public user - basic_authorization(private_user.email, "test") + basic_authorization private_user.email, "test" # try and put something into a string that the API might # use unquoted and therefore allow code injection... - content "" + - '' + + content "" \ + '' \ "" put :create assert_require_public_data "Shouldn't be able to create with non-public user" ## Then try with the public data user - basic_authorization(user.email, "test") + basic_authorization user.email, "test" # try and put something into a string that the API might # use unquoted and therefore allow code injection... - content "" + - '' + + content "" \ + '' \ "" put :create assert_response :success