X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/f47ba4fb2351ee9268d9adb94daa6be035a0396f..8090e086daad67eac711ad6fd6a5eba6f28d44fd:/test/functional/node_controller_test.rb?ds=inline diff --git a/test/functional/node_controller_test.rb b/test/functional/node_controller_test.rb index 6877fc967..6903dd60b 100644 --- a/test/functional/node_controller_test.rb +++ b/test/functional/node_controller_test.rb @@ -3,6 +3,31 @@ require File.dirname(__FILE__) + '/../test_helper' class NodeControllerTest < ActionController::TestCase api_fixtures + ## + # test all routes which lead to this controller + def test_routes + assert_routing( + { :path => "/api/0.6/node/create", :method => :put }, + { :controller => "node", :action => "create" } + ) + assert_routing( + { :path => "/api/0.6/node/1", :method => :get }, + { :controller => "node", :action => "read", :id => "1" } + ) + assert_routing( + { :path => "/api/0.6/node/1", :method => :put }, + { :controller => "node", :action => "update", :id => "1" } + ) + assert_routing( + { :path => "/api/0.6/node/1", :method => :delete }, + { :controller => "node", :action => "delete", :id => "1" } + ) + assert_routing( + { :path => "/api/0.6/nodes", :method => :get }, + { :controller => "node", :action => "nodes" } + ) + end + def test_create # cannot read password from fixture as it is stored as MD5 digest ## First try with no auth @@ -75,6 +100,12 @@ class NodeControllerTest < ActionController::TestCase lat = 3.434 lon = 3.23 + # test that the upload is rejected when xml is valid, but osm doc isn't + content("") + put :create + assert_response :bad_request, "node upload did not return bad_request status" + assert_equal "Cannot parse valid node from xml string . XML doesn't contain an osm/node element.", @response.body + # test that the upload is rejected when no lat is supplied # create a minimal xml file content("") @@ -91,6 +122,12 @@ class NodeControllerTest < ActionController::TestCase assert_response :bad_request, "node upload did not return bad_request status" assert_equal "Cannot parse valid node from xml string . lon missing", @response.body + # test that the upload is rejected when we have a tag which is too long + content("") + put :create + assert_response :bad_request, "node upload did not return bad_request status" + assert_equal ["NodeTag ", " v: is too long (maximum is 255 characters) (\"#{'x'*256}\")"], @response.body.split(/[0-9]+,foo:/) + end def test_read @@ -172,6 +209,18 @@ class NodeControllerTest < ActionController::TestCase delete :delete, :id => current_nodes(:visible_node).id assert_response :conflict + # try to delete a node with a different ID + content(nodes(:public_visible_node).to_xml) + delete :delete, :id => current_nodes(:visible_node).id + assert_response :bad_request, + "should not be able to delete a node with a different ID from the XML" + + # try to delete a node rubbish in the payloads + content("") + delete :delete, :id => current_nodes(:visible_node).id + assert_response :bad_request, + "should not be able to delete a node without a valid XML payload" + # valid delete now takes a payload content(nodes(:public_visible_node).to_xml) delete :delete, :id => current_nodes(:public_visible_node).id @@ -182,9 +231,9 @@ class NodeControllerTest < ActionController::TestCase assert @response.body.to_i > current_nodes(:public_visible_node).version, "delete request should return a new version number for node" - # this won't work since the node is already deleted - content(nodes(:invisible_node).to_xml) - delete :delete, :id => current_nodes(:invisible_node).id + # deleting the same node twice doesn't work + content(nodes(:public_visible_node).to_xml) + delete :delete, :id => current_nodes(:public_visible_node).id assert_response :gone # this won't work since the node never existed @@ -197,12 +246,14 @@ class NodeControllerTest < ActionController::TestCase delete :delete, :id => current_nodes(:used_node_1).id assert_response :precondition_failed, "shouldn't be able to delete a node used in a way (#{@response.body})" + assert_equal "Precondition failed: Node 3 is still used by ways 1,3.", @response.body # in a relation... content(nodes(:node_used_by_relationship).to_xml) delete :delete, :id => current_nodes(:node_used_by_relationship).id assert_response :precondition_failed, "shouldn't be able to delete a node used in a relation (#{@response.body})" + assert_equal "Precondition failed: Node 5 is still used by relations 1,3.", @response.body end ## @@ -263,9 +314,6 @@ class NodeControllerTest < ActionController::TestCase content current_nodes(:visible_node).to_xml put :update, :id => current_nodes(:visible_node).id assert_require_public_data "should have failed with a forbidden when data isn't public" - - - ## Finally test with the public user @@ -336,6 +384,18 @@ class NodeControllerTest < ActionController::TestCase assert_response :conflict, "should not be able to put 'p1r4at3s!' in the version field" + ## try an update with the wrong ID + content current_nodes(:public_visible_node).to_xml + put :update, :id => current_nodes(:visible_node).id + assert_response :bad_request, + "should not be able to update a node with a different ID from the XML" + + ## try an update with a minimal valid XML doc which isn't a well-formed OSM doc. + content "" + put :update, :id => current_nodes(:visible_node).id + assert_response :bad_request, + "should not be able to update a node with non-OSM XML doc." + ## finally, produce a good request which should work content current_nodes(:public_visible_node).to_xml put :update, :id => current_nodes(:public_visible_node).id @@ -362,7 +422,7 @@ class NodeControllerTest < ActionController::TestCase put :update, :id => current_nodes(:public_visible_node).id assert_response :bad_request, "adding duplicate tags to a node should fail with 'bad request'" - assert_equal "Element node/#{current_nodes(:public_visible_node).id} has duplicate tags with key #{current_node_tags(:t1).k}.", @response.body + assert_equal "Element node/#{current_nodes(:public_visible_node).id} has duplicate tags with key #{current_node_tags(:t1).k}", @response.body end # test whether string injection is possible