cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Drop support for OAuth 1

Browse source
This commit is contained in:
Tom Hughes 2024-07-24 19:12:14 +01:00 committed by Anton Khorev
parent cee9818dfc
commit 17bc0853a0
48 changed files with 52 additions and 2395 deletions
Download patch file Download diff file Expand all files Collapse all files

27
test/controllers/api/permissions_controller_test.rb
View file

@ -37,9 +37,9 @@ module Api
get permissions_path, :headers => auth_header
assert_response :success
assert_select "osm > permissions", :count => 1 do
assert_select "permission", :count => ClientApplication.all_permissions.size
ClientApplication.all_permissions.each do |p|
assert_select "permission[name='#{p}']", :count => 1
assert_select "permission", :count => Oauth.scopes.size
Oauth.scopes.each do |p|
assert_select "permission[name='allow_#{p.name}']", :count => 1
end
end
@ -50,24 +50,9 @@ module Api
js = ActiveSupport::JSON.decode(@response.body)
assert_not_nil js
assert_equal ClientApplication.all_permissions.size, js["permissions"].count
ClientApplication.all_permissions.each do |p|
assert_includes js["permissions"], p.to_s
end
end
def test_permissions_oauth1
token = create(:access_token,
:allow_read_prefs => true,
:allow_write_api => true,
:allow_read_gpx => false)
signed_get permissions_path, :oauth => { :token => token }
assert_response :success
assert_select "osm > permissions", :count => 1 do
assert_select "permission", :count => 2
assert_select "permission[name='allow_read_prefs']", :count => 1
assert_select "permission[name='allow_write_api']", :count => 1
assert_select "permission[name='allow_read_gpx']", :count => 0
assert_equal Oauth.scopes.size, js["permissions"].count
Oauth.scopes.each do |p|
assert_includes js["permissions"], "allow_#{p.name}"
end
end

206
test/controllers/api/users_controller_test.rb
View file

@ -75,80 +75,6 @@ module Api
check_json_details(js, user, false, false)
end
def test_show_oauth1
user = create(:user,
:home_lat => 12.1, :home_lon => 23.4,
:languages => ["en"])
good_token = create(:access_token,
:user => user,
:allow_read_prefs => true)
bad_token = create(:access_token,
:user => user)
other_user = create(:user,
:home_lat => 12.1, :home_lon => 23.4,
:languages => ["en"])
# check that we can fetch our own details as XML with read_prefs
signed_get api_user_path(:id => user.id), :oauth => { :token => good_token }
assert_response :success
assert_equal "application/xml", response.media_type
# check the data that is returned
check_xml_details(user, true, false)
# check that we can fetch a different user's details as XML with read_prefs
signed_get api_user_path(:id => other_user.id), :oauth => { :token => good_token }
assert_response :success
assert_equal "application/xml", response.media_type
# check the data that is returned
check_xml_details(other_user, false, false)
# check that we can fetch our own details as XML without read_prefs
signed_get api_user_path(:id => user.id), :oauth => { :token => bad_token }
assert_response :success
assert_equal "application/xml", response.media_type
# check the data that is returned
check_xml_details(user, false, false)
# check that we can fetch our own details as JSON with read_prefs
signed_get api_user_path(:id => user.id, :format => "json"), :oauth => { :token => good_token }
assert_response :success
assert_equal "application/json", response.media_type
# parse the response
js = ActiveSupport::JSON.decode(@response.body)
assert_not_nil js
# check the data that is returned
check_json_details(js, user, true, false)
# check that we can fetch a different user's details as JSON with read_prefs
signed_get api_user_path(:id => other_user.id, :format => "json"), :oauth => { :token => good_token }
assert_response :success
assert_equal "application/json", response.media_type
# parse the response
js = ActiveSupport::JSON.decode(@response.body)
assert_not_nil js
# check the data that is returned
check_json_details(js, other_user, false, false)
# check that we can fetch our own details as JSON without read_prefs
signed_get api_user_path(:id => other_user.id, :format => "json"), :oauth => { :token => bad_token }
assert_response :success
assert_equal "application/json", response.media_type
# parse the response
js = ActiveSupport::JSON.decode(@response.body)
assert_not_nil js
# check the data that is returned
check_json_details(js, other_user, false, false)
end
def test_show_oauth2
user = create(:user,
:home_lat => 12.1, :home_lon => 23.4,
@ -260,45 +186,6 @@ module Api
check_json_details(js, user, true, false)
end
def test_details_oauth1
user = create(:user,
:home_lat => 12.1, :home_lon => 23.4,
:languages => ["en"])
good_token = create(:access_token,
:user => user,
:allow_read_prefs => true)
bad_token = create(:access_token,
:user => user)
# check that we can't fetch details as XML without read_prefs
signed_get user_details_path, :oauth => { :token => bad_token }
assert_response :forbidden
# check that we can fetch details as XML
signed_get user_details_path, :oauth => { :token => good_token }
assert_response :success
assert_equal "application/xml", response.media_type
# check the data that is returned
check_xml_details(user, true, false)
# check that we can't fetch details as JSON without read_prefs
signed_get user_details_path(:format => "json"), :oauth => { :token => bad_token }
assert_response :forbidden
# check that we can fetch details as JSON
signed_get user_details_path(:format => "json"), :oauth => { :token => good_token }
assert_response :success
assert_equal "application/json", response.media_type
# parse the response
js = ActiveSupport::JSON.decode(@response.body)
assert_not_nil js
# check the data that is returned
check_json_details(js, user, true, false)
end
def test_details_oauth2
user = create(:user,
:home_lat => 12.1, :home_lon => 23.4,
@ -434,99 +321,6 @@ module Api
assert_select "user", :count => 0
end
def test_index_oauth1
user1 = create(:user, :description => "test1", :terms_agreed => Date.yesterday)
user2 = create(:user, :description => "test2", :terms_agreed => Date.yesterday)
user3 = create(:user, :description => "test3", :terms_agreed => Date.yesterday)
good_token = create(:access_token, :user => user1, :allow_read_prefs => true)
bad_token = create(:access_token, :user => user1)
signed_get api_users_path, :params => { :users => user1.id }, :oauth => { :token => good_token }
assert_response :success
assert_equal "application/xml", response.media_type
assert_select "user", :count => 1 do
check_xml_details(user1, true, false)
assert_select "user[id='#{user2.id}']", :count => 0
assert_select "user[id='#{user3.id}']", :count => 0
end
signed_get api_users_path, :params => { :users => user2.id }, :oauth => { :token => good_token }
assert_response :success
assert_equal "application/xml", response.media_type
assert_select "user", :count => 1 do
assert_select "user[id='#{user1.id}']", :count => 0
check_xml_details(user2, false, false)
assert_select "user[id='#{user3.id}']", :count => 0
end
signed_get api_users_path, :params => { :users => "#{user1.id},#{user3.id}" }, :oauth => { :token => good_token }
assert_response :success
assert_equal "application/xml", response.media_type
assert_select "user", :count => 2 do
check_xml_details(user1, true, false)
assert_select "user[id='#{user2.id}']", :count => 0
check_xml_details(user3, false, false)
end
signed_get api_users_path, :params => { :users => "#{user1.id},#{user3.id}" }, :oauth => { :token => bad_token }
assert_response :success
assert_equal "application/xml", response.media_type
assert_select "user", :count => 2 do
check_xml_details(user1, false, false)
assert_select "user[id='#{user2.id}']", :count => 0
check_xml_details(user3, false, false)
end
signed_get api_users_path, :params => { :users => user1.id, :format => "json" }, :oauth => { :token => good_token }
assert_response :success
assert_equal "application/json", response.media_type
js = ActiveSupport::JSON.decode(@response.body)
assert_not_nil js
assert_equal 1, js["users"].count
check_json_details(js["users"][0], user1, true, false)
signed_get api_users_path, :params => { :users => user2.id, :format => "json" }, :oauth => { :token => good_token }
assert_response :success
assert_equal "application/json", response.media_type
js = ActiveSupport::JSON.decode(@response.body)
assert_not_nil js
assert_equal 1, js["users"].count
check_json_details(js["users"][0], user2, false, false)
signed_get api_users_path, :params => { :users => "#{user1.id},#{user3.id}", :format => "json" }, :oauth => { :token => good_token }
assert_response :success
assert_equal "application/json", response.media_type
js = ActiveSupport::JSON.decode(@response.body)
assert_not_nil js
assert_equal 2, js["users"].count
check_json_details(js["users"][0], user1, true, false)
check_json_details(js["users"][1], user3, false, false)
signed_get api_users_path, :params => { :users => "#{user1.id},#{user3.id}", :format => "json" }, :oauth => { :token => bad_token }
assert_response :success
assert_equal "application/json", response.media_type
js = ActiveSupport::JSON.decode(@response.body)
assert_not_nil js
assert_equal 2, js["users"].count
check_json_details(js["users"][0], user1, false, false)
check_json_details(js["users"][1], user3, false, false)
signed_get api_users_path, :params => { :users => create(:user, :suspended).id }, :oauth => { :token => good_token }
assert_response :success
assert_equal "application/xml", response.media_type
assert_select "user", :count => 0
signed_get api_users_path, :params => { :users => create(:user, :deleted).id }, :oauth => { :token => good_token }
assert_response :success
assert_equal "application/xml", response.media_type
assert_select "user", :count => 0
signed_get api_users_path, :params => { :users => 0 }, :oauth => { :token => good_token }
assert_response :success
assert_equal "application/xml", response.media_type
assert_select "user", :count => 0
end
def test_index_oauth2
user1 = create(:user, :description => "test1", :terms_agreed => Date.yesterday)
user2 = create(:user, :description => "test2", :terms_agreed => Date.yesterday)