X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/dc2a2c8ebd1a11e4a64555fda22c6859a51defff..a0627ec0c651cf33426438e26e4a4a2fe3a34fd5:/test/controllers/node_controller_test.rb?ds=inline diff --git a/test/controllers/node_controller_test.rb b/test/controllers/node_controller_test.rb index 5ea1dd5a4..ffc86b2f6 100644 --- a/test/controllers/node_controller_test.rb +++ b/test/controllers/node_controller_test.rb @@ -437,13 +437,14 @@ class NodeControllerTest < ActionController::TestCase ## # test adding tags to a node def test_duplicate_tags + existing = create(:node_tag, :node => current_nodes(:public_visible_node)) # setup auth basic_authorization(users(:public_user).email, "test") # add an identical tag to the node tag_xml = XML::Node.new("tag") - tag_xml["k"] = current_node_tags(:public_v_t1).k - tag_xml["v"] = current_node_tags(:public_v_t1).v + tag_xml["k"] = existing.k + tag_xml["v"] = existing.v # add the tag into the existing xml node_xml = current_nodes(:public_visible_node).to_xml @@ -454,7 +455,7 @@ class NodeControllerTest < ActionController::TestCase put :update, :id => current_nodes(:public_visible_node).id assert_response :bad_request, "adding duplicate tags to a node should fail with 'bad request'" - assert_equal "Element node/#{current_nodes(:public_visible_node).id} has duplicate tags with key #{current_node_tags(:t1).k}", @response.body + assert_equal "Element node/#{current_nodes(:public_visible_node).id} has duplicate tags with key #{existing.k}", @response.body end # test whether string injection is possible @@ -466,8 +467,8 @@ class NodeControllerTest < ActionController::TestCase # try and put something into a string that the API might # use unquoted and therefore allow code injection... content "" + - '' + - "" + '' + + "" put :create assert_require_public_data "Shouldn't be able to create with non-public user" @@ -478,8 +479,8 @@ class NodeControllerTest < ActionController::TestCase # try and put something into a string that the API might # use unquoted and therefore allow code injection... content "" + - '' + - "" + '' + + "" put :create assert_response :success nodeid = @response.body @@ -499,14 +500,6 @@ class NodeControllerTest < ActionController::TestCase assert apinode.tags.include?("\#{@user.inspect}") end - def basic_authorization(user, pass) - @request.env["HTTP_AUTHORIZATION"] = "Basic %s" % Base64.encode64("#{user}:#{pass}") - end - - def content(c) - @request.env["RAW_POST_DATA"] = c.to_s - end - ## # update the changeset_id of a node element def update_changeset(xml, changeset_id)