cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge remote-tracking branch 'upstream/pull/2440'

Browse source
This commit is contained in:
Tom Hughes 2019-11-20 19:01:13 +00:00
commit 6ec02bcdb2
9 changed files with 69 additions and 74 deletions
Download patch file Download diff file Expand all files Collapse all files

12
test/abilities/api_capability_test.rb
View file

@ -100,33 +100,33 @@ class UserApiCapabilityTest < ApiCapabilityTest
test "user preferences" do
# a user with no tokens
capability = ApiCapability.new nil
[:read, :read_one, :update, :update_one, :delete_one].each do |act|
[:index, :show, :update_all, :update, :destroy].each do |act|
assert capability.cannot? act, UserPreference
end
# A user with empty tokens
capability = ApiCapability.new tokens
[:read, :read_one, :update, :update_one, :delete_one].each do |act|
[:index, :show, :update_all, :update, :destroy].each do |act|
assert capability.cannot? act, UserPreference
end
capability = ApiCapability.new tokens(:allow_read_prefs)
[:update, :update_one, :delete_one].each do |act|
[:update_all, :update, :destroy].each do |act|
assert capability.cannot? act, UserPreference
end
[:read, :read_one].each do |act|
[:index, :show].each do |act|
assert capability.can? act, UserPreference
end
capability = ApiCapability.new tokens(:allow_write_prefs)
[:read, :read_one].each do |act|
[:index, :show].each do |act|
assert capability.cannot? act, UserPreference
end
[:update, :update_one, :delete_one].each do |act|
[:update_all, :update, :destroy].each do |act|
assert capability.can? act, UserPreference
end
end

70
test/controllers/api/user_preferences_controller_test.rb
View file

@ -7,38 +7,38 @@ module Api
def test_routes
assert_routing(
{ :path => "/api/0.6/user/preferences", :method => :get },
{ :controller => "api/user_preferences", :action => "read" }
{ :controller => "api/user_preferences", :action => "index" }
)
assert_routing(
{ :path => "/api/0.6/user/preferences", :method => :put },
{ :controller => "api/user_preferences", :action => "update" }
{ :controller => "api/user_preferences", :action => "update_all" }
)
assert_routing(
{ :path => "/api/0.6/user/preferences/key", :method => :get },
{ :controller => "api/user_preferences", :action => "read_one", :preference_key => "key" }
{ :controller => "api/user_preferences", :action => "show", :preference_key => "key" }
)
assert_routing(
{ :path => "/api/0.6/user/preferences/key", :method => :put },
{ :controller => "api/user_preferences", :action => "update_one", :preference_key => "key" }
{ :controller => "api/user_preferences", :action => "update", :preference_key => "key" }
)
assert_routing(
{ :path => "/api/0.6/user/preferences/key", :method => :delete },
{ :controller => "api/user_preferences", :action => "delete_one", :preference_key => "key" }
{ :controller => "api/user_preferences", :action => "destroy", :preference_key => "key" }
)
end
##
# test read action
def test_read
# test showing all preferences
def test_index
# first try without auth
get :read
get :index
assert_response :unauthorized, "should be authenticated"
# authenticate as a user with no preferences
basic_authorization create(:user).email, "test"
# try the read again
get :read
get :index
assert_select "osm" do
assert_select "preferences", :count => 1 do
assert_select "preference", :count => 0
@ -52,7 +52,7 @@ module Api
basic_authorization user.email, "test"
# try the read again
get :read
get :index
assert_response :success
assert_equal "application/xml", @response.content_type
assert_select "osm" do
@ -65,39 +65,39 @@ module Api
end
##
# test read_one action
def test_read_one
# test showing one preference
def test_show
user = create(:user)
create(:user_preference, :user => user, :k => "key", :v => "value")
# try a read without auth
get :read_one, :params => { :preference_key => "key" }
get :show, :params => { :preference_key => "key" }
assert_response :unauthorized, "should be authenticated"
# authenticate as a user with preferences
basic_authorization user.email, "test"
# try the read again
get :read_one, :params => { :preference_key => "key" }
get :show, :params => { :preference_key => "key" }
assert_response :success
assert_equal "text/plain", @response.content_type
assert_equal "value", @response.body
# try the read again for a non-existent key
get :read_one, :params => { :preference_key => "unknown_key" }
get :show, :params => { :preference_key => "unknown_key" }
assert_response :not_found
end
##
# test update action
def test_update
# test bulk update action
def test_update_all
user = create(:user)
create(:user_preference, :user => user, :k => "key", :v => "value")
create(:user_preference, :user => user, :k => "some_key", :v => "some_value")
# try a put without auth
assert_no_difference "UserPreference.count" do
put :update, :body => "<osm><preferences><preference k='key' v='new_value'/><preference k='new_key' v='value'/></preferences></osm>"
put :update_all, :body => "<osm><preferences><preference k='key' v='new_value'/><preference k='new_key' v='value'/></preferences></osm>"
end
assert_response :unauthorized, "should be authenticated"
assert_equal "value", UserPreference.find([user.id, "key"]).v
@ -111,7 +111,7 @@ module Api
# try the put again
assert_no_difference "UserPreference.count" do
put :update, :body => "<osm><preferences><preference k='key' v='new_value'/><preference k='new_key' v='value'/></preferences></osm>"
put :update_all, :body => "<osm><preferences><preference k='key' v='new_value'/><preference k='new_key' v='value'/></preferences></osm>"
end
assert_response :success
assert_equal "text/plain", @response.content_type
@ -124,7 +124,7 @@ module Api
# try a put with duplicate keys
assert_no_difference "UserPreference.count" do
put :update, :body => "<osm><preferences><preference k='key' v='value'/><preference k='key' v='newer_value'/></preferences></osm>"
put :update_all, :body => "<osm><preferences><preference k='key' v='value'/><preference k='key' v='newer_value'/></preferences></osm>"
end
assert_response :bad_request
assert_equal "text/plain", @response.content_type
@ -133,20 +133,20 @@ module Api
# try a put with invalid content
assert_no_difference "UserPreference.count" do
put :update, :body => "nonsense"
put :update_all, :body => "nonsense"
end
assert_response :bad_request
end
##
# test update_one action
def test_update_one
# test update action
def test_update
user = create(:user)
create(:user_preference, :user => user)
# try a put without auth
assert_no_difference "UserPreference.count" do
put :update_one, :params => { :preference_key => "new_key" }, :body => "new_value"
put :update, :params => { :preference_key => "new_key" }, :body => "new_value"
end
assert_response :unauthorized, "should be authenticated"
assert_raises ActiveRecord::RecordNotFound do
@ -158,7 +158,7 @@ module Api
# try adding a new preference
assert_difference "UserPreference.count", 1 do
put :update_one, :params => { :preference_key => "new_key" }, :body => "new_value"
put :update, :params => { :preference_key => "new_key" }, :body => "new_value"
end
assert_response :success
assert_equal "text/plain", @response.content_type
@ -167,7 +167,7 @@ module Api
# try changing the value of a preference
assert_no_difference "UserPreference.count" do
put :update_one, :params => { :preference_key => "new_key" }, :body => "newer_value"
put :update, :params => { :preference_key => "new_key" }, :body => "newer_value"
end
assert_response :success
assert_equal "text/plain", @response.content_type
@ -176,14 +176,14 @@ module Api
end
##
# test delete_one action
def test_delete_one
# test destroy action
def test_destroy
user = create(:user)
create(:user_preference, :user => user, :k => "key", :v => "value")
# try a delete without auth
assert_no_difference "UserPreference.count" do
delete :delete_one, :params => { :preference_key => "key" }
delete :destroy, :params => { :preference_key => "key" }
end
assert_response :unauthorized, "should be authenticated"
assert_equal "value", UserPreference.find([user.id, "key"]).v
@ -193,7 +193,7 @@ module Api
# try the delete again
assert_difference "UserPreference.count", -1 do
get :delete_one, :params => { :preference_key => "key" }
get :destroy, :params => { :preference_key => "key" }
end
assert_response :success
assert_equal "text/plain", @response.content_type
@ -204,7 +204,7 @@ module Api
# try the delete again for the same key
assert_no_difference "UserPreference.count" do
get :delete_one, :params => { :preference_key => "key" }
get :destroy, :params => { :preference_key => "key" }
end
assert_response :not_found
assert_raises ActiveRecord::RecordNotFound do
@ -214,7 +214,7 @@ module Api
# Ensure that a valid access token with correct capabilities can be used to
# read preferences
def test_read_one_using_token
def test_show_using_token
user = create(:user)
token = create(:access_token, :user => user, :allow_read_prefs => true)
create(:user_preference, :user => user, :k => "key", :v => "value")
@ -224,14 +224,14 @@ module Api
@request.env["oauth.strategies"] = [:token]
@request.env["oauth.token"] = token
get :read_one, :params => { :preference_key => "key" }
get :show, :params => { :preference_key => "key" }
assert_response :success
end
# Ensure that a valid access token with incorrect capabilities can't be used
# to read preferences even, though the owner of that token could read them
# by other methods.
def test_read_one_using_token_fail
def test_show_using_token_fail
user = create(:user)
token = create(:access_token, :user => user, :allow_read_prefs => false)
create(:user_preference, :user => user, :k => "key", :v => "value")
@ -239,7 +239,7 @@ module Api
@request.env["oauth.strategies"] = [:token]
@request.env["oauth.token"] = token
get :read_one, :params => { :preference_key => "key" }
get :show, :params => { :preference_key => "key" }
assert_response :forbidden
end
end