cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge remote-tracking branch 'upstream/pull/5051'

Browse source
This commit is contained in:
Tom Hughes 2024-08-06 18:35:36 +01:00
commit 4c00c57c0b
1 changed files with 12 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

42
test/controllers/api/nodes_controller_test.rb
View file

@ -297,6 +297,8 @@ module Api
# tests whether the API works and prevents incorrect use while trying # tests whether the API works and prevents incorrect use while trying
# to update nodes. # to update nodes.
def test_update def test_update
invalid_attr_values = [["lat", 91.0], ["lat", -91.0], ["lon", 181.0], ["lon", -181.0]]
## First test with no user credentials ## First test with no user credentials
# try and update a node without authorisation # try and update a node without authorisation
# first try to delete node without auth # first try to delete node without auth
@ -334,21 +336,11 @@ module Api
assert_require_public_data "update with changeset=0 should be forbidden, when data isn't public" assert_require_public_data "update with changeset=0 should be forbidden, when data isn't public"
## try and submit invalid updates ## try and submit invalid updates
xml = xml_attr_rewrite(xml_for_node(private_node), "lat", 91.0) invalid_attr_values.each do |name, value|
put api_node_path(private_node), :params => xml.to_s, :headers => auth_header xml = xml_attr_rewrite(xml_for_node(private_node), name, value)
assert_require_public_data "node at lat=91 should be forbidden, when data isn't public" put api_node_path(private_node), :params => xml.to_s, :headers => auth_header
assert_require_public_data "node at #{name}=#{value} should be forbidden, when data isn't public"
xml = xml_attr_rewrite(xml_for_node(private_node), "lat", -91.0) end
put api_node_path(private_node), :params => xml.to_s, :headers => auth_header
assert_require_public_data "node at lat=-91 should be forbidden, when data isn't public"
xml = xml_attr_rewrite(xml_for_node(private_node), "lon", 181.0)
put api_node_path(private_node), :params => xml.to_s, :headers => auth_header
assert_require_public_data "node at lon=181 should be forbidden, when data isn't public"
xml = xml_attr_rewrite(xml_for_node(private_node), "lon", -181.0)
put api_node_path(private_node), :params => xml.to_s, :headers => auth_header
assert_require_public_data "node at lon=-181 should be forbidden, when data isn't public"
## finally, produce a good request which still won't work ## finally, produce a good request which still won't work
xml = xml_for_node(private_node) xml = xml_for_node(private_node)
@ -386,21 +378,11 @@ module Api
assert_response :conflict, "update with changeset=0 should be rejected" assert_response :conflict, "update with changeset=0 should be rejected"
## try and submit invalid updates ## try and submit invalid updates
xml = xml_attr_rewrite(xml_for_node(node), "lat", 91.0) invalid_attr_values.each do |name, value|
put api_node_path(node), :params => xml.to_s, :headers => auth_header xml = xml_attr_rewrite(xml_for_node(node), name, value)
assert_response :bad_request, "node at lat=91 should be rejected" put api_node_path(node), :params => xml.to_s, :headers => auth_header
assert_response :bad_request, "node at #{name}=#{value} should be rejected"
xml = xml_attr_rewrite(xml_for_node(node), "lat", -91.0) end
put api_node_path(node), :params => xml.to_s, :headers => auth_header
assert_response :bad_request, "node at lat=-91 should be rejected"
xml = xml_attr_rewrite(xml_for_node(node), "lon", 181.0)
put api_node_path(node), :params => xml.to_s, :headers => auth_header
assert_response :bad_request, "node at lon=181 should be rejected"
xml = xml_attr_rewrite(xml_for_node(node), "lon", -181.0)
put api_node_path(node), :params => xml.to_s, :headers => auth_header
assert_response :bad_request, "node at lon=-181 should be rejected"
## next, attack the versioning ## next, attack the versioning
current_node_version = node.version current_node_version = node.version