X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/ff7ddb6b86bf918a9418af7382836b41594d45e4..4dff06a6293971c3e17f8508859a1d80717a23f6:/test/controllers/api/changesets_controller_test.rb diff --git a/test/controllers/api/changesets_controller_test.rb b/test/controllers/api/changesets_controller_test.rb index 7579ffee7..8efa37d87 100644 --- a/test/controllers/api/changesets_controller_test.rb +++ b/test/controllers/api/changesets_controller_test.rb @@ -1,7 +1,7 @@ require "test_helper" module Api - class ChangesetsControllerTest < ActionController::TestCase + class ChangesetsControllerTest < ActionDispatch::IntegrationTest ## # test all routes which lead to this controller def test_routes @@ -21,14 +21,26 @@ module Api { :path => "/api/0.6/changeset/1", :method => :get }, { :controller => "api/changesets", :action => "show", :id => "1" } ) + assert_routing( + { :path => "/api/0.6/changeset/1.json", :method => :get }, + { :controller => "api/changesets", :action => "show", :id => "1", :format => "json" } + ) assert_routing( { :path => "/api/0.6/changeset/1/subscribe", :method => :post }, { :controller => "api/changesets", :action => "subscribe", :id => "1" } ) + assert_routing( + { :path => "/api/0.6/changeset/1/subscribe.json", :method => :post }, + { :controller => "api/changesets", :action => "subscribe", :id => "1", :format => "json" } + ) assert_routing( { :path => "/api/0.6/changeset/1/unsubscribe", :method => :post }, { :controller => "api/changesets", :action => "unsubscribe", :id => "1" } ) + assert_routing( + { :path => "/api/0.6/changeset/1/unsubscribe.json", :method => :post }, + { :controller => "api/changesets", :action => "unsubscribe", :id => "1", :format => "json" } + ) assert_routing( { :path => "/api/0.6/changeset/1", :method => :put }, { :controller => "api/changesets", :action => "update", :id => "1" } @@ -41,6 +53,10 @@ module Api { :path => "/api/0.6/changesets", :method => :get }, { :controller => "api/changesets", :action => "query" } ) + assert_routing( + { :path => "/api/0.6/changesets.json", :method => :get }, + { :controller => "api/changesets", :action => "query", :format => "json" } + ) end # ----------------------- @@ -48,22 +64,22 @@ module Api # ----------------------- def test_create - basic_authorization create(:user, :data_public => false).email, "test" + auth_header = basic_authorization_header create(:user, :data_public => false).email, "test" # Create the first user's changeset xml = "" \ "" \ "" - put :create, :body => xml + put changeset_create_path, :params => xml, :headers => auth_header assert_require_public_data - basic_authorization create(:user).email, "test" + auth_header = basic_authorization_header create(:user).email, "test" # Create the first user's changeset xml = "" \ "" \ "" - put :create, :body => xml + put changeset_create_path, :params => xml, :headers => auth_header - assert_response :success, "Creation of changeset did not return sucess status" + assert_response :success, "Creation of changeset did not return success status" newid = @response.body.to_i # check end time, should be an hour ahead of creation time @@ -71,7 +87,7 @@ module Api duration = cs.closed_at - cs.created_at # the difference can either be a rational, or a floating point number # of seconds, depending on the code path taken :-( - if duration.class == Rational + if duration.instance_of?(Rational) assert_equal Rational(1, 24), duration, "initial idle timeout should be an hour (#{cs.created_at} -> #{cs.closed_at})" else # must be number of seconds... @@ -83,45 +99,49 @@ module Api end def test_create_invalid - basic_authorization create(:user, :data_public => false).email, "test" + auth_header = basic_authorization_header create(:user, :data_public => false).email, "test" xml = "" - put :create, :body => xml + put changeset_create_path, :params => xml, :headers => auth_header assert_require_public_data ## Try the public user - basic_authorization create(:user).email, "test" + auth_header = basic_authorization_header create(:user).email, "test" xml = "" - put :create, :body => xml + put changeset_create_path, :params => xml, :headers => auth_header assert_response :bad_request, "creating a invalid changeset should fail" end def test_create_invalid_no_content ## First check with no auth - put :create + put changeset_create_path assert_response :unauthorized, "shouldn't be able to create a changeset with no auth" ## Now try to with a non-public user - basic_authorization create(:user, :data_public => false).email, "test" - put :create + auth_header = basic_authorization_header create(:user, :data_public => false).email, "test" + put changeset_create_path, :headers => auth_header assert_require_public_data ## Try an inactive user - basic_authorization create(:user, :pending).email, "test" - put :create + auth_header = basic_authorization_header create(:user, :pending).email, "test" + put changeset_create_path, :headers => auth_header assert_inactive_user ## Now try to use a normal user - basic_authorization create(:user).email, "test" - put :create + auth_header = basic_authorization_header create(:user).email, "test" + put changeset_create_path, :headers => auth_header assert_response :bad_request, "creating a changeset with no content should fail" end def test_create_wrong_method - basic_authorization create(:user).email, "test" - get :create - assert_response :method_not_allowed - post :create - assert_response :method_not_allowed + auth_header = basic_authorization_header create(:user).email, "test" + + get changeset_create_path, :headers => auth_header + assert_response :not_found + assert_template "rescues/routing_error" + + post changeset_create_path, :headers => auth_header + assert_response :not_found + assert_template "rescues/routing_error" end ## @@ -130,20 +150,20 @@ module Api def test_show changeset = create(:changeset) - get :show, :params => { :id => changeset.id } + get changeset_show_path(changeset) assert_response :success, "cannot get first changeset" - assert_select "osm[version='#{Settings.api_version}'][generator='OpenStreetMap server']", 1 + assert_select "osm[version='#{Settings.api_version}'][generator='#{Settings.generator}']", 1 assert_select "osm>changeset[id='#{changeset.id}']", 1 assert_select "osm>changeset>@open", "true" assert_select "osm>changeset>@created_at", changeset.created_at.xmlschema assert_select "osm>changeset>@closed_at", 0 assert_select "osm>changeset>discussion", 0 - get :show, :params => { :id => changeset.id, :include_discussion => true } + get changeset_show_path(changeset), :params => { :include_discussion => true } assert_response :success, "cannot get first changeset with comments" - assert_select "osm[version='#{Settings.api_version}'][generator='OpenStreetMap server']", 1 + assert_select "osm[version='#{Settings.api_version}'][generator='#{Settings.generator}']", 1 assert_select "osm>changeset[id='#{changeset.id}']", 1 assert_select "osm>changeset>@open", "true" assert_select "osm>changeset>@created_at", changeset.created_at.xmlschema @@ -152,25 +172,140 @@ module Api assert_select "osm>changeset>discussion>comment", 0 changeset = create(:changeset, :closed) - create_list(:changeset_comment, 3, :changeset_id => changeset.id) + comment1, comment2, comment3 = create_list(:changeset_comment, 3, :changeset_id => changeset.id) - get :show, :params => { :id => changeset.id, :include_discussion => true } + get changeset_show_path(changeset), :params => { :include_discussion => true } assert_response :success, "cannot get closed changeset with comments" - assert_select "osm[version='#{Settings.api_version}'][generator='OpenStreetMap server']", 1 + assert_select "osm[version='#{Settings.api_version}'][generator='#{Settings.generator}']", 1 assert_select "osm>changeset[id='#{changeset.id}']", 1 assert_select "osm>changeset>@open", "false" assert_select "osm>changeset>@created_at", changeset.created_at.xmlschema assert_select "osm>changeset>@closed_at", changeset.closed_at.xmlschema assert_select "osm>changeset>discussion", 1 assert_select "osm>changeset>discussion>comment", 3 + assert_select "osm>changeset>discussion>comment:nth-child(1)>@id", comment1.id.to_s + assert_select "osm>changeset>discussion>comment:nth-child(2)>@id", comment2.id.to_s + assert_select "osm>changeset>discussion>comment:nth-child(3)>@id", comment3.id.to_s + end + + def test_show_json + changeset = create(:changeset) + + get changeset_show_path(changeset), :params => { :format => "json" } + assert_response :success, "cannot get first changeset" + + js = ActiveSupport::JSON.decode(@response.body) + assert_not_nil js + + assert_equal Settings.api_version, js["version"] + assert_equal Settings.generator, js["generator"] + assert_equal changeset.id, js["changeset"]["id"] + assert_operator js["changeset"], :[], "open" + assert_equal changeset.created_at.xmlschema, js["changeset"]["created_at"] + assert_nil js["changeset"]["closed_at"] + assert_nil js["changeset"]["tags"] + assert_nil js["changeset"]["comments"] + assert_equal changeset.user.id, js["changeset"]["uid"] + assert_equal changeset.user.display_name, js["changeset"]["user"] + + get changeset_show_path(changeset), :params => { :format => "json", :include_discussion => true } + assert_response :success, "cannot get first changeset with comments" + + js = ActiveSupport::JSON.decode(@response.body) + assert_not_nil js + assert_equal Settings.api_version, js["version"] + assert_equal Settings.generator, js["generator"] + assert_equal changeset.id, js["changeset"]["id"] + assert_operator js["changeset"], :[], "open" + assert_equal changeset.created_at.xmlschema, js["changeset"]["created_at"] + assert_nil js["changeset"]["closed_at"] + assert_nil js["changeset"]["tags"] + assert_nil js["changeset"]["min_lat"] + assert_nil js["changeset"]["min_lon"] + assert_nil js["changeset"]["max_lat"] + assert_nil js["changeset"]["max_lon"] + assert_equal 0, js["changeset"]["comments"].count + + changeset = create(:changeset, :closed) + comment0, comment1, comment2 = create_list(:changeset_comment, 3, :changeset_id => changeset.id) + + get changeset_show_path(changeset), :params => { :format => "json", :include_discussion => true } + assert_response :success, "cannot get closed changeset with comments" + + js = ActiveSupport::JSON.decode(@response.body) + assert_not_nil js + assert_equal Settings.api_version, js["version"] + assert_equal Settings.generator, js["generator"] + assert_equal changeset.id, js["changeset"]["id"] + assert_not js["changeset"]["open"] + assert_equal changeset.created_at.xmlschema, js["changeset"]["created_at"] + assert_equal changeset.closed_at.xmlschema, js["changeset"]["closed_at"] + assert_equal 3, js["changeset"]["comments"].count + assert_equal comment0.id, js["changeset"]["comments"][0]["id"] + assert_equal comment1.id, js["changeset"]["comments"][1]["id"] + assert_equal comment2.id, js["changeset"]["comments"][2]["id"] + end + + def test_show_tag_and_discussion_json + changeset = create(:changeset, :closed) + + tag1 = ChangesetTag.new + tag1.changeset_id = changeset.id + tag1.k = "created_by" + tag1.v = "JOSM/1.5 (18364)" + + tag2 = ChangesetTag.new + tag2.changeset_id = changeset.id + tag2.k = "comment" + tag2.v = "changeset comment" + + changeset.changeset_tags = [tag1, tag2] + + create_list(:changeset_comment, 3, :changeset_id => changeset.id) + + get changeset_show_path(changeset), :params => { :format => "json", :include_discussion => true } + assert_response :success, "cannot get closed changeset with comments" + + js = ActiveSupport::JSON.decode(@response.body) + + assert_not_nil js + assert_equal Settings.api_version, js["version"] + assert_equal Settings.generator, js["generator"] + assert_equal changeset.id, js["changeset"]["id"] + assert_not js["changeset"]["open"] + assert_equal changeset.created_at.xmlschema, js["changeset"]["created_at"] + assert_equal changeset.closed_at.xmlschema, js["changeset"]["closed_at"] + assert_equal 2, js["changeset"]["tags"].count + assert_equal 3, js["changeset"]["comments"].count + assert_equal 3, js["changeset"]["comments_count"] + assert_equal 0, js["changeset"]["changes_count"] + assert_not_nil js["changeset"]["comments"][0]["uid"] + assert_not_nil js["changeset"]["comments"][0]["user"] + assert_not_nil js["changeset"]["comments"][0]["text"] + end + + def test_show_bbox_json + # test bbox attribute + changeset = create(:changeset, :min_lat => (-5 * GeoRecord::SCALE).round, :min_lon => (5 * GeoRecord::SCALE).round, + :max_lat => (15 * GeoRecord::SCALE).round, :max_lon => (12 * GeoRecord::SCALE).round) + + get changeset_show_path(changeset), :params => { :format => "json" } + assert_response :success, "cannot get first changeset" + + js = ActiveSupport::JSON.decode(@response.body) + assert_not_nil js + assert_equal(-5, js["changeset"]["min_lat"]) + assert_equal 5, js["changeset"]["min_lon"] + assert_equal 15, js["changeset"]["max_lat"] + assert_equal 12, js["changeset"]["max_lon"] end ## # check that a changeset that doesn't exist returns an appropriate message def test_show_not_found [0, -32, 233455644, "afg", "213"].each do |id| - get :show, :params => { :id => id } + get changeset_show_path(:id => id) assert_response :not_found, "should get a not found" rescue ActionController::UrlGenerationError => e assert_match(/No route matches/, e.to_s) @@ -186,25 +321,25 @@ module Api changeset = create(:changeset, :user => user) ## Try without authentication - put :close, :params => { :id => changeset.id } + put changeset_close_path(changeset) assert_response :unauthorized ## Try using the non-public user - basic_authorization private_user.email, "test" - put :close, :params => { :id => private_changeset.id } + auth_header = basic_authorization_header private_user.email, "test" + put changeset_close_path(private_changeset), :headers => auth_header assert_require_public_data ## The try with the public user - basic_authorization user.email, "test" + auth_header = basic_authorization_header user.email, "test" cs_id = changeset.id - put :close, :params => { :id => cs_id } + put changeset_close_path(:id => cs_id), :headers => auth_header assert_response :success # test that it really is closed now - cs = Changeset.find(cs_id) - assert_not(cs.is_open?, - "changeset should be closed now (#{cs.closed_at} > #{Time.now.getutc}.") + cs = Changeset.find(changeset.id) + assert_not(cs.open?, + "changeset should be closed now (#{cs.closed_at} > #{Time.now.utc}.") end ## @@ -213,9 +348,9 @@ module Api user = create(:user) changeset = create(:changeset) - basic_authorization user.email, "test" + auth_header = basic_authorization_header user.email, "test" - put :close, :params => { :id => changeset.id } + put changeset_close_path(changeset), :headers => auth_header assert_response :conflict assert_equal "The user doesn't own that changeset", @response.body end @@ -226,13 +361,15 @@ module Api user = create(:user) changeset = create(:changeset, :user => user) - basic_authorization user.email, "test" + auth_header = basic_authorization_header user.email, "test" - get :close, :params => { :id => changeset.id } - assert_response :method_not_allowed + get changeset_close_path(changeset), :headers => auth_header + assert_response :not_found + assert_template "rescues/routing_error" - post :close, :params => { :id => changeset.id } - assert_response :method_not_allowed + post changeset_close_path(changeset), :headers => auth_header + assert_response :not_found + assert_template "rescues/routing_error" end ## @@ -242,16 +379,16 @@ module Api # First try to do it with no auth cs_ids.each do |id| - put :close, :params => { :id => id } + put changeset_close_path(:id => id) assert_response :unauthorized, "Shouldn't be able close the non-existant changeset #{id}, when not authorized" rescue ActionController::UrlGenerationError => e assert_match(/No route matches/, e.to_s) end # Now try with auth - basic_authorization create(:user).email, "test" + auth_header = basic_authorization_header create(:user).email, "test" cs_ids.each do |id| - put :close, :params => { :id => id } + put changeset_close_path(:id => id), :headers => auth_header assert_response :not_found, "The changeset #{id} doesn't exist, so can't be closed" rescue ActionController::UrlGenerationError => e assert_match(/No route matches/, e.to_s) @@ -301,12 +438,12 @@ module Api CHANGESET # upload it - post :upload, :params => { :id => changeset_id }, :body => diff + post changeset_upload_path(changeset), :params => diff assert_response :unauthorized, "shouldn't be able to upload a simple valid diff to changeset: #{@response.body}" ## Now try with a private user - basic_authorization private_user.email, "test" + auth_header = basic_authorization_header private_user.email, "test" changeset_id = private_changeset.id # simple diff to change a node, way and relation by removing @@ -330,12 +467,12 @@ module Api CHANGESET # upload it - post :upload, :params => { :id => changeset_id }, :body => diff + post changeset_upload_path(private_changeset), :params => diff, :headers => auth_header assert_response :forbidden, "can't upload a simple valid diff to changeset: #{@response.body}" ## Now try with the public user - basic_authorization user.email, "test" + auth_header = basic_authorization_header user.email, "test" changeset_id = changeset.id # simple diff to change a node, way and relation by removing @@ -359,7 +496,7 @@ module Api CHANGESET # upload it - post :upload, :params => { :id => changeset_id }, :body => diff + post changeset_upload_path(changeset), :params => diff, :headers => auth_header assert_response :success, "can't upload a simple valid diff to changeset: #{@response.body}" @@ -378,7 +515,7 @@ module Api way = create(:way_with_nodes, :nodes_count => 2) relation = create(:relation) - basic_authorization user.email, "test" + auth_header = basic_authorization_header user.email, "test" # simple diff to create a node way and relation using placeholders diff = <<~CHANGESET @@ -403,12 +540,12 @@ module Api CHANGESET # upload it - post :upload, :params => { :id => changeset.id }, :body => diff + post changeset_upload_path(changeset), :params => diff, :headers => auth_header assert_response :success, "can't upload a simple valid creation to changeset: #{@response.body}" # check the returned payload - assert_select "diffResult[version='#{Settings.api_version}'][generator='OpenStreetMap server']", 1 + assert_select "diffResult[version='#{Settings.api_version}'][generator='#{Settings.generator}']", 1 assert_select "diffResult>node", 1 assert_select "diffResult>way", 1 assert_select "diffResult>relation", 1 @@ -448,7 +585,7 @@ module Api create(:relation_member, :relation => super_relation, :member => used_way) create(:relation_member, :relation => super_relation, :member => used_node) - basic_authorization changeset.user.display_name, "test" + auth_header = basic_authorization_header changeset.user.display_name, "test" diff = XML::Document.new diff.root = XML::Node.new "osmChange" @@ -467,7 +604,7 @@ module Api end # upload it - post :upload, :params => { :id => changeset.id }, :body => diff.to_s + post changeset_upload_path(changeset), :params => diff.to_s, :headers => auth_header assert_response :success, "can't upload a deletion diff to changeset: #{@response.body}" @@ -477,10 +614,10 @@ module Api assert_select "diffResult>relation", 2 # check that everything was deleted - assert_equal false, Node.find(used_node.id).visible - assert_equal false, Way.find(used_way.id).visible - assert_equal false, Relation.find(super_relation.id).visible - assert_equal false, Relation.find(used_relation.id).visible + assert_not Node.find(used_node.id).visible + assert_not Way.find(used_way.id).visible + assert_not Relation.find(super_relation.id).visible + assert_not Relation.find(used_relation.id).visible end ## @@ -490,11 +627,11 @@ module Api node = create(:node) changeset = create(:changeset) - basic_authorization changeset.user.display_name, "test" + auth_header = basic_authorization_header changeset.user.display_name, "test" diff = "" # upload it - post :upload, :params => { :id => changeset.id }, :body => diff + post changeset_upload_path(changeset), :params => diff, :headers => auth_header assert_response :success, "can't upload a deletion diff to changeset: #{@response.body}" @@ -502,29 +639,29 @@ module Api assert_select "diffResult>node", 1 # check that everything was deleted - assert_equal false, Node.find(node.id).visible + assert_not Node.find(node.id).visible end def test_repeated_changeset_create 3.times do - basic_authorization create(:user).email, "test" + auth_header = basic_authorization_header create(:user).email, "test" # create a temporary changeset xml = "" \ "" \ "" assert_difference "Changeset.count", 1 do - put :create, :body => xml + put changeset_create_path, :params => xml, :headers => auth_header end assert_response :success end end def test_upload_large_changeset - basic_authorization create(:user).email, "test" + auth_header = basic_authorization_header create(:user).email, "test" # create a changeset - put :create, :body => "" + put changeset_create_path, :params => "", :headers => auth_header assert_response :success, "Should be able to create a changeset: #{@response.body}" changeset_id = @response.body.to_i @@ -556,16 +693,16 @@ module Api # upload it, which used to cause an error like "PGError: ERROR: # integer out of range" (bug #2152). but shouldn't any more. - post :upload, :params => { :id => changeset_id }, :body => diff + post changeset_upload_path(:id => changeset_id), :params => diff, :headers => auth_header assert_response :success, "can't upload a spatially-large diff to changeset: #{@response.body}" # check that the changeset bbox is within bounds cs = Changeset.find(changeset_id) - assert cs.min_lon >= -180 * GeoRecord::SCALE, "Minimum longitude (#{cs.min_lon / GeoRecord::SCALE}) should be >= -180 to be valid." - assert cs.max_lon <= 180 * GeoRecord::SCALE, "Maximum longitude (#{cs.max_lon / GeoRecord::SCALE}) should be <= 180 to be valid." - assert cs.min_lat >= -90 * GeoRecord::SCALE, "Minimum latitude (#{cs.min_lat / GeoRecord::SCALE}) should be >= -90 to be valid." - assert cs.max_lat <= 90 * GeoRecord::SCALE, "Maximum latitude (#{cs.max_lat / GeoRecord::SCALE}) should be <= 90 to be valid." + assert_operator cs.min_lon, :>=, -180 * GeoRecord::SCALE, "Minimum longitude (#{cs.min_lon / GeoRecord::SCALE}) should be >= -180 to be valid." + assert_operator cs.max_lon, :<=, 180 * GeoRecord::SCALE, "Maximum longitude (#{cs.max_lon / GeoRecord::SCALE}) should be <= 180 to be valid." + assert_operator cs.min_lat, :>=, -90 * GeoRecord::SCALE, "Minimum latitude (#{cs.min_lat / GeoRecord::SCALE}) should be >= -90 to be valid." + assert_operator cs.max_lat, :<=, 90 * GeoRecord::SCALE, "Maximum latitude (#{cs.max_lat / GeoRecord::SCALE}) should be <= 90 to be valid." end ## @@ -580,7 +717,7 @@ module Api create(:relation_member, :relation => relation, :member => used_way) create(:relation_member, :relation => relation, :member => used_node) - basic_authorization changeset.user.email, "test" + auth_header = basic_authorization_header changeset.user.email, "test" diff = XML::Document.new diff.root = XML::Node.new "osmChange" @@ -598,16 +735,16 @@ module Api end # upload it - post :upload, :params => { :id => changeset.id }, :body => diff.to_s + post changeset_upload_path(changeset), :params => diff.to_s, :headers => auth_header assert_response :precondition_failed, "shouldn't be able to upload a invalid deletion diff: #{@response.body}" assert_equal "Precondition failed: Way #{used_way.id} is still used by relations #{relation.id}.", @response.body # check that nothing was, in fact, deleted - assert_equal true, Node.find(used_node.id).visible - assert_equal true, Way.find(used_way.id).visible - assert_equal true, Relation.find(relation.id).visible - assert_equal true, Relation.find(other_relation.id).visible + assert Node.find(used_node.id).visible + assert Way.find(used_way.id).visible + assert Relation.find(relation.id).visible + assert Relation.find(other_relation.id).visible end ## @@ -622,7 +759,7 @@ module Api create(:relation_member, :relation => super_relation, :member => used_way) create(:relation_member, :relation => super_relation, :member => used_node) - basic_authorization changeset.user.email, "test" + auth_header = basic_authorization_header changeset.user.email, "test" diff = XML::Document.new diff.root = XML::Node.new "osmChange" @@ -641,12 +778,12 @@ module Api end # upload it - post :upload, :params => { :id => changeset.id }, :body => diff.to_s + post changeset_upload_path(changeset), :params => diff.to_s, :headers => auth_header assert_response :success, "can't do a conditional delete of in use objects: #{@response.body}" # check the returned payload - assert_select "diffResult[version='#{Settings.api_version}'][generator='OpenStreetMap server']", 1 + assert_select "diffResult[version='#{Settings.api_version}'][generator='#{Settings.generator}']", 1 assert_select "diffResult>node", 1 assert_select "diffResult>way", 1 assert_select "diffResult>relation", 1 @@ -670,9 +807,9 @@ module Api assert_equal used_relation.version, doc.find("//diffResult/relation").first["new_version"].to_i # check that nothing was, in fact, deleted - assert_equal true, Node.find(used_node.id).visible - assert_equal true, Way.find(used_way.id).visible - assert_equal true, Relation.find(used_relation.id).visible + assert Node.find(used_node.id).visible + assert Way.find(used_way.id).visible + assert Relation.find(used_relation.id).visible end ## @@ -680,7 +817,7 @@ module Api def test_upload_invalid_too_long_tag changeset = create(:changeset) - basic_authorization changeset.user.email, "test" + auth_header = basic_authorization_header changeset.user.email, "test" # simple diff to create a node way and relation using placeholders diff = <<~CHANGESET @@ -694,9 +831,9 @@ module Api CHANGESET # upload it - post :upload, :params => { :id => changeset.id }, :body => diff + post changeset_upload_path(changeset), :params => diff, :headers => auth_header assert_response :bad_request, - "shoudln't be able to upload too long a tag to changeset: #{@response.body}" + "shouldn't be able to upload too long a tag to changeset: #{@response.body}" end ## @@ -710,7 +847,7 @@ module Api changeset = create(:changeset) - basic_authorization changeset.user.email, "test" + auth_header = basic_authorization_header changeset.user.email, "test" # simple diff to create a node way and relation using placeholders diff = <<~CHANGESET @@ -736,7 +873,7 @@ module Api CHANGESET # upload it - post :upload, :params => { :id => changeset.id }, :body => diff + post changeset_upload_path(changeset), :params => diff, :headers => auth_header assert_response :success, "can't upload a complex diff to changeset: #{@response.body}" @@ -769,7 +906,7 @@ module Api relation = create(:relation) other_relation = create(:relation) - basic_authorization changeset.user.email, "test" + auth_header = basic_authorization_header changeset.user.email, "test" # simple diff to create a node way and relation using placeholders diff = <<~CHANGESET @@ -797,7 +934,7 @@ module Api CHANGESET # upload it - post :upload, :params => { :id => changeset.id }, :body => diff + post changeset_upload_path(changeset), :params => diff, :headers => auth_header assert_response :conflict, "uploading a diff with multiple changesets should have failed" @@ -812,7 +949,7 @@ module Api def test_upload_multiple_valid node = create(:node) changeset = create(:changeset) - basic_authorization changeset.user.email, "test" + auth_header = basic_authorization_header changeset.user.email, "test" # change the location of a node multiple times, each time referencing # the last version. doesn't this depend on version numbers being @@ -833,7 +970,7 @@ module Api CHANGESET # upload it - post :upload, :params => { :id => changeset.id }, :body => diff + post changeset_upload_path(changeset), :params => diff, :headers => auth_header assert_response :success, "can't upload multiple versions of an element in a diff: #{@response.body}" @@ -850,7 +987,7 @@ module Api node = create(:node) changeset = create(:changeset) - basic_authorization changeset.user.email, "test" + auth_header = basic_authorization_header changeset.user.email, "test" diff = <<~CHANGESET @@ -862,7 +999,7 @@ module Api CHANGESET # upload it - post :upload, :params => { :id => changeset.id }, :body => diff + post changeset_upload_path(changeset), :params => diff, :headers => auth_header assert_response :conflict, "shouldn't be able to upload the same element twice in a diff: #{@response.body}" end @@ -872,7 +1009,7 @@ module Api def test_upload_missing_version changeset = create(:changeset) - basic_authorization changeset.user.email, "test" + auth_header = basic_authorization_header changeset.user.email, "test" diff = <<~CHANGESET @@ -883,7 +1020,7 @@ module Api CHANGESET # upload it - post :upload, :params => { :id => changeset.id }, :body => diff + post changeset_upload_path(changeset), :params => diff, :headers => auth_header assert_response :bad_request, "shouldn't be able to upload an element without version: #{@response.body}" end @@ -893,7 +1030,7 @@ module Api def test_action_upload_invalid changeset = create(:changeset) - basic_authorization changeset.user.email, "test" + auth_header = basic_authorization_header changeset.user.email, "test" diff = <<~CHANGESET @@ -902,9 +1039,9 @@ module Api CHANGESET - post :upload, :params => { :id => changeset.id }, :body => diff + post changeset_upload_path(changeset), :params => diff, :headers => auth_header assert_response :bad_request, "Shouldn't be able to upload a diff with the action ping" - assert_equal @response.body, "Unknown action ping, choices are create, modify, delete" + assert_equal("Unknown action ping, choices are create, modify, delete", @response.body) end ## @@ -918,7 +1055,7 @@ module Api other_relation = create(:relation) create(:relation_tag, :relation => relation) - basic_authorization changeset.user.email, "test" + auth_header = basic_authorization_header changeset.user.email, "test" diff = <<~CHANGESET @@ -935,7 +1072,7 @@ module Api CHANGESET # upload it - post :upload, :params => { :id => changeset.id }, :body => diff + post changeset_upload_path(changeset), :params => diff, :headers => auth_header assert_response :success, "can't upload a valid diff with whitespace variations to changeset: #{@response.body}" @@ -953,7 +1090,7 @@ module Api def test_upload_reuse_placeholder_valid changeset = create(:changeset) - basic_authorization changeset.user.email, "test" + auth_header = basic_authorization_header changeset.user.email, "test" diff = <<~CHANGESET @@ -972,7 +1109,7 @@ module Api CHANGESET # upload it - post :upload, :params => { :id => changeset.id }, :body => diff + post changeset_upload_path(changeset), :params => diff, :headers => auth_header assert_response :success, "can't upload a valid diff with re-used placeholders to changeset: #{@response.body}" @@ -987,7 +1124,7 @@ module Api def test_upload_placeholder_invalid changeset = create(:changeset) - basic_authorization changeset.user.email, "test" + auth_header = basic_authorization_header changeset.user.email, "test" diff = <<~CHANGESET @@ -1000,11 +1137,95 @@ module Api CHANGESET # upload it - post :upload, :params => { :id => changeset.id }, :body => diff + post changeset_upload_path(changeset), :params => diff, :headers => auth_header + assert_response :bad_request, + "shouldn't be able to re-use placeholder IDs" + + # placeholder_ids must be unique across all action blocks + diff = <<~CHANGESET + + + + + + + + + CHANGESET + + # upload it + post changeset_upload_path(changeset), :params => diff, :headers => auth_header assert_response :bad_request, "shouldn't be able to re-use placeholder IDs" end + def test_upload_process_order + changeset = create(:changeset) + + auth_header = basic_authorization_header changeset.user.email, "test" + + diff = <<~CHANGESET + + + + + + + + + + + CHANGESET + + # upload it + post changeset_upload_path(changeset), :params => diff, :headers => auth_header + assert_response :bad_request, + "shouldn't refer elements behind it" + end + + def test_upload_duplicate_delete + changeset = create(:changeset) + + auth_header = basic_authorization_header changeset.user.email, "test" + + diff = <<~CHANGESET + + + + + + + + + + CHANGESET + + # upload it + post changeset_upload_path(changeset), :params => diff, :headers => auth_header + assert_response :gone, + "transaction should be cancelled by second deletion" + + diff = <<~CHANGESET + + + + + + + + + + CHANGESET + + # upload it + post changeset_upload_path(changeset), :params => diff, :headers => auth_header + + assert_select "diffResult>node", 3 + assert_select "diffResult>node[old_id='-1']", 3 + assert_select "diffResult>node[new_version='1']", 1 + assert_select "diffResult>node[new_version='2']", 1 + end + ## # test that uploading a way referencing invalid placeholders gives a # proper error, not a 500. @@ -1012,7 +1233,7 @@ module Api changeset = create(:changeset) way = create(:way) - basic_authorization changeset.user.email, "test" + auth_header = basic_authorization_header changeset.user.email, "test" diff = <<~CHANGESET @@ -1031,7 +1252,7 @@ module Api CHANGESET # upload it - post :upload, :params => { :id => changeset.id }, :body => diff + post changeset_upload_path(changeset), :params => diff, :headers => auth_header assert_response :bad_request, "shouldn't be able to use invalid placeholder IDs" assert_equal "Placeholder node not found for reference -4 in way -1", @response.body @@ -1054,7 +1275,7 @@ module Api CHANGESET # upload it - post :upload, :params => { :id => changeset.id }, :body => diff + post changeset_upload_path(changeset), :params => diff, :headers => auth_header assert_response :bad_request, "shouldn't be able to use invalid placeholder IDs" assert_equal "Placeholder node not found for reference -4 in way #{way.id}", @response.body @@ -1067,7 +1288,7 @@ module Api changeset = create(:changeset) relation = create(:relation) - basic_authorization changeset.user.email, "test" + auth_header = basic_authorization_header changeset.user.email, "test" diff = <<~CHANGESET @@ -1086,7 +1307,7 @@ module Api CHANGESET # upload it - post :upload, :params => { :id => changeset.id }, :body => diff + post changeset_upload_path(changeset), :params => diff, :headers => auth_header assert_response :bad_request, "shouldn't be able to use invalid placeholder IDs" assert_equal "Placeholder Node not found for reference -4 in relation -1.", @response.body @@ -1109,7 +1330,7 @@ module Api CHANGESET # upload it - post :upload, :params => { :id => changeset.id }, :body => diff + post changeset_upload_path(changeset), :params => diff, :headers => auth_header assert_response :bad_request, "shouldn't be able to use invalid placeholder IDs" assert_equal "Placeholder Way not found for reference -1 in relation #{relation.id}.", @response.body @@ -1119,12 +1340,12 @@ module Api # test what happens if a diff is uploaded containing only a node # move. def test_upload_node_move - basic_authorization create(:user).email, "test" + auth_header = basic_authorization_header create(:user).email, "test" xml = "" \ "" \ "" - put :create, :body => xml + put changeset_create_path, :params => xml, :headers => auth_header assert_response :success changeset_id = @response.body.to_i @@ -1141,7 +1362,7 @@ module Api diff.root << modify # upload it - post :upload, :params => { :id => changeset_id }, :body => diff.to_s + post changeset_upload_path(:id => changeset_id), :params => diff.to_s, :headers => auth_header assert_response :success, "diff should have uploaded OK" @@ -1156,12 +1377,12 @@ module Api ## # test what happens if a diff is uploaded adding a node to a way. def test_upload_way_extend - basic_authorization create(:user).email, "test" + auth_header = basic_authorization_header create(:user).email, "test" xml = "" \ "" \ "" - put :create, :body => xml + put changeset_create_path, :params => xml, :headers => auth_header assert_response :success changeset_id = @response.body.to_i @@ -1180,7 +1401,7 @@ module Api diff.root << modify # upload it - post :upload, :params => { :id => changeset_id }, :body => diff.to_s + post changeset_upload_path(:id => changeset_id), :params => diff.to_s, :headers => auth_header assert_response :success, "diff should have uploaded OK" @@ -1197,16 +1418,16 @@ module Api def test_upload_empty_invalid changeset = create(:changeset) - basic_authorization changeset.user.email, "test" + auth_header = basic_authorization_header changeset.user.email, "test" ["", "", "", ""].each do |diff| # upload it - post :upload, :params => { :id => changeset.id }, :body => diff + post changeset_upload_path(changeset), :params => diff, :headers => auth_header assert_response(:success, "should be able to upload " \ - "empty changeset: " + diff) + "empty changeset: " + diff) end end @@ -1217,7 +1438,7 @@ module Api node = create(:node) create(:relation_member, :member => node) - basic_authorization changeset.user.email, "test" + auth_header = basic_authorization_header changeset.user.email, "test" # try and delete a node that is in use diff = XML::Document.new @@ -1227,17 +1448,265 @@ module Api delete << xml_node_for_node(node) # upload it - error_format "xml" - post :upload, :params => { :id => changeset.id }, :body => diff.to_s + error_header = error_format_header "xml" + post changeset_upload_path(changeset), :params => diff.to_s, :headers => auth_header.merge(error_header) assert_response :success, "failed to return error in XML format" # check the returned payload - assert_select "osmError[version='#{Settings.api_version}'][generator='OpenStreetMap server']", 1 + assert_select "osmError[version='#{Settings.api_version}'][generator='#{Settings.generator}']", 1 assert_select "osmError>status", 1 assert_select "osmError>message", 1 end + def test_upload_not_found + changeset = create(:changeset) + + auth_header = basic_authorization_header changeset.user.email, "test" + + # modify node + diff = <<~CHANGESET + + + + + + CHANGESET + + # upload it + post changeset_upload_path(changeset), :params => diff, :headers => auth_header + assert_response :not_found, "Node should not be found" + + # modify way + diff = <<~CHANGESET + + + + + + CHANGESET + + # upload it + post changeset_upload_path(changeset), :params => diff, :headers => auth_header + assert_response :not_found, "Way should not be found" + + # modify relation + diff = <<~CHANGESET + + + + + + CHANGESET + + # upload it + post changeset_upload_path(changeset), :params => diff, :headers => auth_header + assert_response :not_found, "Relation should not be found" + + # delete node + diff = <<~CHANGESET + + + + + + CHANGESET + + # upload it + post changeset_upload_path(changeset), :params => diff, :headers => auth_header + assert_response :not_found, "Node should not be deleted" + + # delete way + diff = <<~CHANGESET + + + + + + CHANGESET + + # upload it + post changeset_upload_path(changeset), :params => diff, :headers => auth_header + assert_response :not_found, "Way should not be deleted" + + # delete relation + diff = <<~CHANGESET + + + + + + CHANGESET + + # upload it + post changeset_upload_path(changeset), :params => diff, :headers => auth_header + assert_response :not_found, "Relation should not be deleted" + end + + def test_upload_relation_placeholder_not_fix + changeset = create(:changeset) + + auth_header = basic_authorization_header changeset.user.email, "test" + + # modify node + diff = <<~CHANGESET + + + + + + + + + + + + + + + + + + + + CHANGESET + + # upload it + post changeset_upload_path(changeset), :params => diff.to_s, :headers => auth_header + assert_response :bad_request, "shouldn't be able to use reference -4 in relation -2: #{@response.body}" + assert_equal "Placeholder Relation not found for reference -4 in relation -2.", @response.body + end + + def test_upload_multiple_delete_block + changeset = create(:changeset) + + auth_header = basic_authorization_header changeset.user.email, "test" + + node = create(:node) + way = create(:way) + create(:way_node, :way => way, :node => node) + alone_node = create(:node) + + # modify node + diff = <<~CHANGESET + + + + + + + + + CHANGESET + + # upload it + post changeset_upload_path(changeset), :params => diff.to_s, :headers => auth_header + assert_response :precondition_failed, + "shouldn't be able to upload a invalid deletion diff: #{@response.body}" + assert_equal "Precondition failed: Node #{node.id} is still used by ways #{way.id}.", @response.body + end + + ## + # test initial rate limit + def test_upload_initial_rate_limit + # create a user + user = create(:user) + + # create some objects to use + node = create(:node) + way = create(:way_with_nodes, :nodes_count => 2) + relation = create(:relation) + + # create a changeset that puts us near the initial rate limit + changeset = create(:changeset, :user => user, + :created_at => Time.now.utc - 5.minutes, + :num_changes => Settings.initial_changes_per_hour - 2) + + # create authentication header + auth_header = basic_authorization_header user.email, "test" + + # simple diff to create a node way and relation using placeholders + diff = <<~CHANGESET + + + + + + + + + + + + + + + + + + + CHANGESET + + # upload it + post changeset_upload_path(changeset), :params => diff, :headers => auth_header + assert_response :too_many_requests, "upload did not hit rate limit" + end + + ## + # test maximum rate limit + def test_upload_maximum_rate_limit + # create a user + user = create(:user) + + # create some objects to use + node = create(:node) + way = create(:way_with_nodes, :nodes_count => 2) + relation = create(:relation) + + # create a changeset to establish our initial edit time + changeset = create(:changeset, :user => user, + :created_at => Time.now.utc - 28.days) + + # create changeset to put us near the maximum rate limit + total_changes = Settings.max_changes_per_hour - 2 + while total_changes.positive? + changes = [total_changes, Changeset::MAX_ELEMENTS].min + changeset = create(:changeset, :user => user, + :created_at => Time.now.utc - 5.minutes, + :num_changes => changes) + total_changes -= changes + end + + # create authentication header + auth_header = basic_authorization_header user.email, "test" + + # simple diff to create a node way and relation using placeholders + diff = <<~CHANGESET + + + + + + + + + + + + + + + + + + + CHANGESET + + # upload it + post changeset_upload_path(changeset), :params => diff, :headers => auth_header + assert_response :too_many_requests, "upload did not hit rate limit" + end + ## # when we make some simple changes we get the same changes back from the # diff download. @@ -1245,23 +1714,23 @@ module Api node = create(:node) ## First try with a non-public user, which should get a forbidden - basic_authorization create(:user, :data_public => false).email, "test" + auth_header = basic_authorization_header create(:user, :data_public => false).email, "test" # create a temporary changeset xml = "" \ "" \ "" - put :create, :body => xml + put changeset_create_path, :params => xml, :headers => auth_header assert_response :forbidden ## Now try with a normal user - basic_authorization create(:user).email, "test" + auth_header = basic_authorization_header create(:user).email, "test" # create a temporary changeset xml = "" \ "" \ "" - put :create, :body => xml + put changeset_create_path, :params => xml, :headers => auth_header assert_response :success changeset_id = @response.body.to_i @@ -1282,11 +1751,11 @@ module Api CHANGESET # upload it - post :upload, :params => { :id => changeset_id }, :body => diff + post changeset_upload_path(:id => changeset_id), :params => diff, :headers => auth_header assert_response :success, "can't upload multiple versions of an element in a diff: #{@response.body}" - get :download, :params => { :id => changeset_id } + get changeset_download_path(:id => changeset_id) assert_response :success assert_select "osmChange", 1 @@ -1300,13 +1769,13 @@ module Api # # NOTE: the error turned out to be something else completely! def test_josm_upload - basic_authorization create(:user).email, "test" + auth_header = basic_authorization_header create(:user).email, "test" # create a temporary changeset xml = "" \ "" \ "" - put :create, :body => xml + put changeset_create_path, :params => xml, :headers => auth_header assert_response :success changeset_id = @response.body.to_i @@ -1322,7 +1791,7 @@ module Api - + @@ -1340,11 +1809,11 @@ module Api OSMFILE # upload it - post :upload, :params => { :id => changeset_id }, :body => diff + post changeset_upload_path(:id => changeset_id), :params => diff, :headers => auth_header assert_response :success, "can't upload a diff from JOSM: #{@response.body}" - get :download, :params => { :id => changeset_id } + get changeset_download_path(:id => changeset_id) assert_response :success assert_select "osmChange", 1 @@ -1361,13 +1830,13 @@ module Api node = create(:node) node2 = create(:node) way = create(:way) - basic_authorization create(:user).email, "test" + auth_header = basic_authorization_header create(:user).email, "test" # create a temporary changeset xml = "" \ "" \ "" - put :create, :body => xml + put changeset_create_path, :params => xml, :headers => auth_header assert_response :success changeset_id = @response.body.to_i @@ -1395,11 +1864,11 @@ module Api CHANGESET # upload it - post :upload, :params => { :id => changeset_id }, :body => diff + post changeset_upload_path(:id => changeset_id), :params => diff, :headers => auth_header assert_response :success, "can't upload multiple versions of an element in a diff: #{@response.body}" - get :download, :params => { :id => changeset_id } + get changeset_download_path(:id => changeset_id) assert_response :success assert_select "osmChange", 1 @@ -1421,11 +1890,10 @@ module Api _relation = create(:relation, :with_history, :version => 1, :changeset => changeset) _relation2 = create(:relation, :with_history, :deleted, :version => 1, :changeset => changeset) - get :download, :params => { :id => changeset.id } + get changeset_download_path(changeset) assert_response :success - assert_template nil - # print @response.body + # FIXME: needs more assert_select tests assert_select "osmChange[version='#{Settings.api_version}'][generator='#{Settings.generator}']" do assert_select "create", :count => 5 @@ -1443,23 +1911,23 @@ module Api way = create(:way) create(:way_node, :way => way, :node => create(:node, :lat => 3, :lon => 3)) - basic_authorization create(:user).email, "test" + auth_header = basic_authorization_header create(:user).email, "test" # create a new changeset xml = "" - put :create, :body => xml + put changeset_create_path, :params => xml, :headers => auth_header assert_response :success, "Creating of changeset failed." changeset_id = @response.body.to_i # add a single node to it with_controller(NodesController.new) do xml = "" - put :create, :body => xml + put node_create_path, :params => xml, :headers => auth_header assert_response :success, "Couldn't create node." end # get the bounding box back from the changeset - get :show, :params => { :id => changeset_id } + get changeset_show_path(:id => changeset_id) assert_response :success, "Couldn't read back changeset." assert_select "osm>changeset[min_lon='1.0000000']", 1 assert_select "osm>changeset[max_lon='1.0000000']", 1 @@ -1469,12 +1937,12 @@ module Api # add another node to it with_controller(NodesController.new) do xml = "" - put :create, :body => xml + put node_create_path, :params => xml, :headers => auth_header assert_response :success, "Couldn't create second node." end # get the bounding box back from the changeset - get :show, :params => { :id => changeset_id } + get changeset_show_path(:id => changeset_id) assert_response :success, "Couldn't read back changeset for the second time." assert_select "osm>changeset[min_lon='1.0000000']", 1 assert_select "osm>changeset[max_lon='2.0000000']", 1 @@ -1484,12 +1952,12 @@ module Api # add (delete) a way to it, which contains a point at (3,3) with_controller(WaysController.new) do xml = update_changeset(xml_for_way(way), changeset_id) - put :delete, :params => { :id => way.id }, :body => xml.to_s + delete api_way_path(way), :params => xml.to_s, :headers => auth_header assert_response :success, "Couldn't delete a way." end # get the bounding box back from the changeset - get :show, :params => { :id => changeset_id } + get changeset_show_path(:id => changeset_id) assert_response :success, "Couldn't read back changeset for the third time." assert_select "osm>changeset[min_lon='1.0000000']", 1 assert_select "osm>changeset[max_lon='3.0000000']", 1 @@ -1509,81 +1977,205 @@ module Api changeset2 = create(:changeset, :min_lat => (5 * GeoRecord::SCALE).round, :min_lon => (5 * GeoRecord::SCALE).round, :max_lat => (15 * GeoRecord::SCALE).round, :max_lon => (15 * GeoRecord::SCALE).round) changeset3 = create(:changeset, :min_lat => (4.5 * GeoRecord::SCALE).round, :min_lon => (4.5 * GeoRecord::SCALE).round, :max_lat => (5 * GeoRecord::SCALE).round, :max_lon => (5 * GeoRecord::SCALE).round) - get :query, :params => { :bbox => "-10,-10, 10, 10" } + get changesets_path(:bbox => "-10,-10, 10, 10") assert_response :success, "can't get changesets in bbox" assert_changesets [changeset2, changeset3] - get :query, :params => { :bbox => "4.5,4.5,4.6,4.6" } + get changesets_path(:bbox => "4.5,4.5,4.6,4.6") assert_response :success, "can't get changesets in bbox" assert_changesets [changeset3] # not found when looking for changesets of non-existing users - get :query, :params => { :user => User.maximum(:id) + 1 } + get changesets_path(:user => User.maximum(:id) + 1) assert_response :not_found - get :query, :params => { :display_name => " " } + assert_equal "text/plain", @response.media_type + get changesets_path(:display_name => " ") assert_response :not_found + assert_equal "text/plain", @response.media_type # can't get changesets of user 1 without authenticating - get :query, :params => { :user => private_user.id } + get changesets_path(:user => private_user.id) assert_response :not_found, "shouldn't be able to get changesets by non-public user (ID)" - get :query, :params => { :display_name => private_user.display_name } + get changesets_path(:display_name => private_user.display_name) assert_response :not_found, "shouldn't be able to get changesets by non-public user (name)" # but this should work - basic_authorization private_user.email, "test" - get :query, :params => { :user => private_user.id } + auth_header = basic_authorization_header private_user.email, "test" + get changesets_path(:user => private_user.id), :headers => auth_header assert_response :success, "can't get changesets by user ID" assert_changesets [private_user_changeset, private_user_closed_changeset] - get :query, :params => { :display_name => private_user.display_name } + get changesets_path(:display_name => private_user.display_name), :headers => auth_header assert_response :success, "can't get changesets by user name" assert_changesets [private_user_changeset, private_user_closed_changeset] + # test json endpoint + get changesets_path(:display_name => private_user.display_name), :headers => auth_header, :params => { :format => "json" } + assert_response :success, "can't get changesets by user name" + + js = ActiveSupport::JSON.decode(@response.body) + assert_not_nil js + + assert_equal Settings.api_version, js["version"] + assert_equal Settings.generator, js["generator"] + assert_equal 2, js["changesets"].count + # check that the correct error is given when we provide both UID and name - get :query, :params => { :user => private_user.id, - :display_name => private_user.display_name } + get changesets_path(:user => private_user.id, + :display_name => private_user.display_name), :headers => auth_header assert_response :bad_request, "should be a bad request to have both ID and name specified" - get :query, :params => { :user => private_user.id, :open => true } + get changesets_path(:user => private_user.id, :open => true), :headers => auth_header assert_response :success, "can't get changesets by user and open" assert_changesets [private_user_changeset] - get :query, :params => { :time => "2007-12-31" } + get changesets_path(:time => "2007-12-31"), :headers => auth_header assert_response :success, "can't get changesets by time-since" assert_changesets [private_user_changeset, private_user_closed_changeset, changeset, closed_changeset, changeset2, changeset3] - get :query, :params => { :time => "2008-01-01T12:34Z" } + get changesets_path(:time => "2008-01-01T12:34Z"), :headers => auth_header assert_response :success, "can't get changesets by time-since with hour" assert_changesets [private_user_changeset, private_user_closed_changeset, changeset, closed_changeset, changeset2, changeset3] - get :query, :params => { :time => "2007-12-31T23:59Z,2008-01-02T00:01Z" } + get changesets_path(:time => "2007-12-31T23:59Z,2008-01-02T00:01Z"), :headers => auth_header assert_response :success, "can't get changesets by time-range" assert_changesets [closed_changeset] - get :query, :params => { :open => "true" } + get changesets_path(:open => "true"), :headers => auth_header assert_response :success, "can't get changesets by open-ness" assert_changesets [private_user_changeset, changeset, changeset2, changeset3] - get :query, :params => { :closed => "true" } + get changesets_path(:closed => "true"), :headers => auth_header assert_response :success, "can't get changesets by closed-ness" assert_changesets [private_user_closed_changeset, closed_changeset] - get :query, :params => { :closed => "true", :user => private_user.id } + get changesets_path(:closed => "true", :user => private_user.id), :headers => auth_header assert_response :success, "can't get changesets by closed-ness and user" assert_changesets [private_user_closed_changeset] - get :query, :params => { :closed => "true", :user => user.id } + get changesets_path(:closed => "true", :user => user.id), :headers => auth_header assert_response :success, "can't get changesets by closed-ness and user" assert_changesets [closed_changeset] - get :query, :params => { :changesets => "#{private_user_changeset.id},#{changeset.id},#{closed_changeset.id}" } + get changesets_path(:changesets => "#{private_user_changeset.id},#{changeset.id},#{closed_changeset.id}"), :headers => auth_header assert_response :success, "can't get changesets by id (as comma-separated string)" assert_changesets [private_user_changeset, changeset, closed_changeset] - get :query, :params => { :changesets => "" } + get changesets_path(:changesets => ""), :headers => auth_header assert_response :bad_request, "should be a bad request since changesets is empty" end + ## + # test the query functionality of changesets with the limit parameter + def test_query_limit + user = create(:user) + changeset1 = create(:changeset, :closed, :user => user, :created_at => Time.utc(2008, 1, 1, 0, 0, 0), :closed_at => Time.utc(2008, 1, 2, 0, 0, 0)) + changeset2 = create(:changeset, :closed, :user => user, :created_at => Time.utc(2008, 2, 1, 0, 0, 0), :closed_at => Time.utc(2008, 2, 2, 0, 0, 0)) + changeset3 = create(:changeset, :closed, :user => user, :created_at => Time.utc(2008, 3, 1, 0, 0, 0), :closed_at => Time.utc(2008, 3, 2, 0, 0, 0)) + changeset4 = create(:changeset, :closed, :user => user, :created_at => Time.utc(2008, 4, 1, 0, 0, 0), :closed_at => Time.utc(2008, 4, 2, 0, 0, 0)) + changeset5 = create(:changeset, :closed, :user => user, :created_at => Time.utc(2008, 5, 1, 0, 0, 0), :closed_at => Time.utc(2008, 5, 2, 0, 0, 0)) + + get changesets_path + assert_response :success + assert_changesets_in_order [changeset5, changeset4, changeset3, changeset2, changeset1] + + get changesets_path(:limit => "3") + assert_response :success + assert_changesets_in_order [changeset5, changeset4, changeset3] + + get changesets_path(:limit => "0") + assert_response :bad_request + + get changesets_path(:limit => Settings.max_changeset_query_limit) + assert_response :success + assert_changesets_in_order [changeset5, changeset4, changeset3, changeset2, changeset1] + + get changesets_path(:limit => Settings.max_changeset_query_limit + 1) + assert_response :bad_request + end + + ## + # test the query functionality of sequential changesets with order and time parameters + def test_query_order + user = create(:user) + changeset1 = create(:changeset, :closed, :user => user, :created_at => Time.utc(2008, 1, 1, 0, 0, 0), :closed_at => Time.utc(2008, 1, 2, 0, 0, 0)) + changeset2 = create(:changeset, :closed, :user => user, :created_at => Time.utc(2008, 2, 1, 0, 0, 0), :closed_at => Time.utc(2008, 2, 2, 0, 0, 0)) + changeset3 = create(:changeset, :closed, :user => user, :created_at => Time.utc(2008, 3, 1, 0, 0, 0), :closed_at => Time.utc(2008, 3, 2, 0, 0, 0)) + changeset4 = create(:changeset, :closed, :user => user, :created_at => Time.utc(2008, 4, 1, 0, 0, 0), :closed_at => Time.utc(2008, 4, 2, 0, 0, 0)) + changeset5 = create(:changeset, :closed, :user => user, :created_at => Time.utc(2008, 5, 1, 0, 0, 0), :closed_at => Time.utc(2008, 5, 2, 0, 0, 0)) + changeset6 = create(:changeset, :closed, :user => user, :created_at => Time.utc(2008, 6, 1, 0, 0, 0), :closed_at => Time.utc(2008, 6, 2, 0, 0, 0)) + + get changesets_path + assert_response :success + assert_changesets_in_order [changeset6, changeset5, changeset4, changeset3, changeset2, changeset1] + + get changesets_path(:order => "oldest") + assert_response :success + assert_changesets_in_order [changeset1, changeset2, changeset3, changeset4, changeset5, changeset6] + + [ + # lower time bound at the opening time of a changeset + ["2008-02-01T00:00:00Z", "2008-05-15T00:00:00Z", [changeset5, changeset4, changeset3, changeset2], [changeset5, changeset4, changeset3, changeset2]], + # lower time bound in the middle of a changeset + ["2008-02-01T12:00:00Z", "2008-05-15T00:00:00Z", [changeset5, changeset4, changeset3, changeset2], [changeset5, changeset4, changeset3]], + # lower time bound at the closing time of a changeset + ["2008-02-02T00:00:00Z", "2008-05-15T00:00:00Z", [changeset5, changeset4, changeset3, changeset2], [changeset5, changeset4, changeset3]], + # lower time bound after the closing time of a changeset + ["2008-02-02T00:00:01Z", "2008-05-15T00:00:00Z", [changeset5, changeset4, changeset3], [changeset5, changeset4, changeset3]], + # upper time bound in the middle of a changeset + ["2007-09-09T12:00:00Z", "2008-04-01T12:00:00Z", [changeset4, changeset3, changeset2, changeset1], [changeset4, changeset3, changeset2, changeset1]], + # empty range + ["2009-02-02T00:00:01Z", "2018-05-15T00:00:00Z", [], []] + ].each do |from, to, interval_changesets, point_changesets| + get changesets_path(:time => "#{from},#{to}") + assert_response :success + assert_changesets_in_order interval_changesets + + get changesets_path(:from => from, :to => to) + assert_response :success + assert_changesets_in_order point_changesets + + get changesets_path(:from => from, :to => to, :order => "oldest") + assert_response :success + assert_changesets_in_order point_changesets.reverse + end + end + + ## + # test the query functionality of overlapping changesets with order and time parameters + def test_query_order_overlapping + user = create(:user) + changeset1 = create(:changeset, :closed, :user => user, :created_at => Time.utc(2015, 6, 4, 17, 0, 0), :closed_at => Time.utc(2015, 6, 4, 17, 0, 0)) + changeset2 = create(:changeset, :closed, :user => user, :created_at => Time.utc(2015, 6, 4, 16, 0, 0), :closed_at => Time.utc(2015, 6, 4, 18, 0, 0)) + changeset3 = create(:changeset, :closed, :user => user, :created_at => Time.utc(2015, 6, 4, 14, 0, 0), :closed_at => Time.utc(2015, 6, 4, 20, 0, 0)) + changeset4 = create(:changeset, :closed, :user => user, :created_at => Time.utc(2015, 6, 3, 23, 0, 0), :closed_at => Time.utc(2015, 6, 4, 23, 0, 0)) + create(:changeset, :closed, :user => user, :created_at => Time.utc(2015, 6, 2, 23, 0, 0), :closed_at => Time.utc(2015, 6, 3, 23, 0, 0)) + + get changesets_path(:time => "2015-06-04T00:00:00Z") + assert_response :success + assert_changesets_in_order [changeset1, changeset2, changeset3, changeset4] + + get changesets_path(:from => "2015-06-04T00:00:00Z") + assert_response :success + assert_changesets_in_order [changeset1, changeset2, changeset3] + + get changesets_path(:from => "2015-06-04T00:00:00Z", :order => "oldest") + assert_response :success + assert_changesets_in_order [changeset3, changeset2, changeset1] + + get changesets_path(:time => "2015-06-04T16:00:00Z,2015-06-04T17:30:00Z") + assert_response :success + assert_changesets_in_order [changeset1, changeset2, changeset3, changeset4] + + get changesets_path(:from => "2015-06-04T16:00:00Z", :to => "2015-06-04T17:30:00Z") + assert_response :success + assert_changesets_in_order [changeset1, changeset2] + + get changesets_path(:from => "2015-06-04T16:00:00Z", :to => "2015-06-04T17:30:00Z", :order => "oldest") + assert_response :success + assert_changesets_in_order [changeset2, changeset1] + end + ## # check that errors are returned if garbage is inserted # into query strings @@ -1591,7 +2183,7 @@ module Api ["abracadabra!", "1,2,3,F", ";drop table users;"].each do |bbox| - get :query, :params => { :bbox => bbox } + get changesets_path(:bbox => bbox) assert_response :bad_request, "'#{bbox}' isn't a bbox" end @@ -1600,7 +2192,7 @@ module Api ";drop table users;", ",", "-,-"].each do |time| - get :query, :params => { :time => time } + get changesets_path(:time => time) assert_response :bad_request, "'#{time}' isn't a valid time range" end @@ -1608,9 +2200,12 @@ module Api "foobar", "-1", "0"].each do |uid| - get :query, :params => { :user => uid } + get changesets_path(:user => uid) assert_response :bad_request, "'#{uid}' isn't a valid user ID" end + + get changesets_path(:order => "oldest", :time => "2008-01-01T00:00Z,2018-01-01T00:00Z") + assert_response :bad_request, "cannot use order=oldest with time" end ## @@ -1629,17 +2224,17 @@ module Api new_changeset.find("//osm/changeset").first << new_tag # try without any authorization - put :update, :params => { :id => private_changeset.id }, :body => new_changeset.to_s + put changeset_show_path(private_changeset), :params => new_changeset.to_s assert_response :unauthorized # try with the wrong authorization - basic_authorization create(:user).email, "test" - put :update, :params => { :id => private_changeset.id }, :body => new_changeset.to_s + auth_header = basic_authorization_header create(:user).email, "test" + put changeset_show_path(private_changeset), :params => new_changeset.to_s, :headers => auth_header assert_response :conflict # now this should get an unauthorized - basic_authorization private_user.email, "test" - put :update, :params => { :id => private_changeset.id }, :body => new_changeset.to_s + auth_header = basic_authorization_header private_user.email, "test" + put changeset_show_path(private_changeset), :params => new_changeset.to_s, :headers => auth_header assert_require_public_data "user with their data non-public, shouldn't be able to edit their changeset" ## Now try with the public user @@ -1650,18 +2245,17 @@ module Api new_changeset.find("//osm/changeset").first << new_tag # try without any authorization - @request.env["HTTP_AUTHORIZATION"] = nil - put :update, :params => { :id => changeset.id }, :body => new_changeset.to_s + put changeset_show_path(changeset), :params => new_changeset.to_s assert_response :unauthorized # try with the wrong authorization - basic_authorization create(:user).email, "test" - put :update, :params => { :id => changeset.id }, :body => new_changeset.to_s + auth_header = basic_authorization_header create(:user).email, "test" + put changeset_show_path(changeset), :params => new_changeset.to_s, :headers => auth_header assert_response :conflict # now this should work... - basic_authorization user.email, "test" - put :update, :params => { :id => changeset.id }, :body => new_changeset.to_s + auth_header = basic_authorization_header user.email, "test" + put changeset_show_path(changeset), :params => new_changeset.to_s, :headers => auth_header assert_response :success assert_select "osm>changeset[id='#{changeset.id}']", 1 @@ -1673,7 +2267,7 @@ module Api # check that a user different from the one who opened the changeset # can't modify it. def test_changeset_update_invalid - basic_authorization create(:user).email, "test" + auth_header = basic_authorization_header create(:user).email, "test" changeset = create(:changeset) new_changeset = create_changeset_xml(:user => changeset.user, :id => changeset.id) @@ -1682,7 +2276,7 @@ module Api new_tag["v"] = "testing" new_changeset.find("//osm/changeset").first << new_tag - put :update, :params => { :id => changeset.id }, :body => new_changeset.to_s + put changeset_show_path(changeset), :params => new_changeset.to_s, :headers => auth_header assert_response :conflict end @@ -1690,11 +2284,15 @@ module Api # check that a changeset can contain a certain max number of changes. ## FIXME should be changed to an integration test due to the with_controller def test_changeset_limits - basic_authorization create(:user).email, "test" + user = create(:user) + auth_header = basic_authorization_header user.email, "test" + + # create an old changeset to ensure we have the maximum rate limit + create(:changeset, :user => user, :created_at => Time.now.utc - 28.days) # open a new changeset xml = "" - put :create, :body => xml + put changeset_create_path, :params => xml, :headers => auth_header assert_response :success, "can't create a new changeset" cs_id = @response.body.to_i @@ -1709,11 +2307,11 @@ module Api with_controller(NodesController.new) do # create a new node xml = "" - put :create, :body => xml + put node_create_path, :params => xml, :headers => auth_header assert_response :success, "can't create a new node" node_id = @response.body.to_i - get :show, :params => { :id => node_id } + get api_node_path(:id => node_id) assert_response :success, "can't read back new node" node_doc = XML::Parser.string(@response.body).parse node_xml = node_doc.find("//osm/node").first @@ -1724,7 +2322,7 @@ module Api node_xml["lon"] = rand.to_s node_xml["version"] = (i + 1).to_s - put :update, :params => { :id => node_id }, :body => node_doc.to_s + put api_node_path(:id => node_id), :params => node_doc.to_s, :headers => auth_header assert_response :success, "attempt #{i} should have succeeded" end @@ -1733,7 +2331,7 @@ module Api node_xml["lon"] = rand.to_s node_xml["version"] = offset.to_s - put :update, :params => { :id => node_id }, :body => node_doc.to_s + put api_node_path(:id => node_id), :params => node_doc.to_s, :headers => auth_header assert_response :conflict, "final attempt should have failed" end @@ -1741,7 +2339,7 @@ module Api assert_equal Changeset::MAX_ELEMENTS + 1, changeset.num_changes # check that the changeset is now closed as well - assert_not(changeset.is_open?, + assert_not(changeset.open?, "changeset should have been auto-closed by exceeding " \ "element limit.") end @@ -1755,7 +2353,7 @@ module Api node_v1 = node.old_nodes.find_by(:version => 1) node_v1.redact!(create(:redaction)) - get :download, :params => { :id => changeset.id } + get changeset_download_path(changeset) assert_response :success assert_select "osmChange", 1 @@ -1768,18 +2366,18 @@ module Api ## # test subscribe success def test_subscribe_success - basic_authorization create(:user).email, "test" + auth_header = basic_authorization_header create(:user).email, "test" changeset = create(:changeset, :closed) assert_difference "changeset.subscribers.count", 1 do - post :subscribe, :params => { :id => changeset.id } + post changeset_subscribe_path(changeset), :headers => auth_header end assert_response :success # not closed changeset changeset = create(:changeset) assert_difference "changeset.subscribers.count", 1 do - post :subscribe, :params => { :id => changeset.id } + post changeset_subscribe_path(changeset), :headers => auth_header end assert_response :success end @@ -1792,15 +2390,15 @@ module Api # unauthorized changeset = create(:changeset, :closed) assert_no_difference "changeset.subscribers.count" do - post :subscribe, :params => { :id => changeset.id } + post changeset_subscribe_path(changeset) end assert_response :unauthorized - basic_authorization user.email, "test" + auth_header = basic_authorization_header user.email, "test" # bad changeset id assert_no_difference "changeset.subscribers.count" do - post :subscribe, :params => { :id => 999111 } + post changeset_subscribe_path(:id => 999111), :headers => auth_header end assert_response :not_found @@ -1808,7 +2406,7 @@ module Api changeset = create(:changeset, :closed) changeset.subscribers.push(user) assert_no_difference "changeset.subscribers.count" do - post :subscribe, :params => { :id => changeset.id } + post changeset_subscribe_path(changeset), :headers => auth_header end assert_response :conflict end @@ -1817,12 +2415,12 @@ module Api # test unsubscribe success def test_unsubscribe_success user = create(:user) - basic_authorization user.email, "test" + auth_header = basic_authorization_header user.email, "test" changeset = create(:changeset, :closed) changeset.subscribers.push(user) assert_difference "changeset.subscribers.count", -1 do - post :unsubscribe, :params => { :id => changeset.id } + post changeset_unsubscribe_path(changeset), :headers => auth_header end assert_response :success @@ -1831,7 +2429,7 @@ module Api changeset.subscribers.push(user) assert_difference "changeset.subscribers.count", -1 do - post :unsubscribe, :params => { :id => changeset.id } + post changeset_unsubscribe_path(changeset), :headers => auth_header end assert_response :success end @@ -1842,22 +2440,22 @@ module Api # unauthorized changeset = create(:changeset, :closed) assert_no_difference "changeset.subscribers.count" do - post :unsubscribe, :params => { :id => changeset.id } + post changeset_unsubscribe_path(changeset) end assert_response :unauthorized - basic_authorization create(:user).email, "test" + auth_header = basic_authorization_header create(:user).email, "test" # bad changeset id assert_no_difference "changeset.subscribers.count" do - post :unsubscribe, :params => { :id => 999111 } + post changeset_unsubscribe_path(:id => 999111), :headers => auth_header end assert_response :not_found # trying to unsubscribe when not subscribed changeset = create(:changeset, :closed) assert_no_difference "changeset.subscribers.count" do - post :unsubscribe, :params => { :id => changeset.id } + post changeset_unsubscribe_path(changeset), :headers => auth_header end assert_response :not_found end @@ -1865,8 +2463,7 @@ module Api private ## - # boilerplate for checking that certain changesets exist in the - # output. + # check that certain changesets exist in the output def assert_changesets(changesets) assert_select "osm>changeset", changesets.size changesets.each do |changeset| @@ -1874,6 +2471,15 @@ module Api end end + ## + # check that certain changesets exist in the output in the specified order + def assert_changesets_in_order(changesets) + assert_select "osm>changeset", changesets.size + changesets.each_with_index do |changeset, index| + assert_select "osm>changeset:nth-child(#{index + 1})[id='#{changeset.id}']", 1 + end + end + ## # update the changeset_id of a way element def update_changeset(xml, changeset_id)