Skip to content
This repository has been archived by the owner on Nov 9, 2019. It is now read-only.

Commit

Permalink
Switch to encrypted HTTPS connections
Browse files Browse the repository at this point in the history 
As OpenStreetMap now support secure HTTP connections
we should start using them.
  • Loading branch information
@christoph-buente
christoph-buente committed Sep 22, 2015
1 parent e71ecf7 commit 0f08f82
Show file tree
Hide file tree
Showing 8 changed files with 36 additions and 36 deletions.
2 changes: 1 addition & 1 deletion README.md
View file
Expand Up @@ -73,7 +73,7 @@ api.save(node, changeset)
api.close_changeset(changeset)
```

Yeah, I can hear you sayin: 'Seriously, do I have to provide username and password? Is that secure?' Providing username and password is prone to some security issues, especially because the OSM API does not provide an SSL service. But wait, there is some more in store for you: [OAuth](http://oauth.net/) It's much more secure for the user and your OSM app. But it comes with a price: You have to register an application on http://www.openstreetmap.org. After you have your app registered you get an app key and secret. Keep it in a safe place.
Yeah, I can hear you sayin: 'Seriously, do I have to provide username and password? Is that secure?' Providing username and password is prone to some security issues. But OpenStreetMap supports secure HTTPS connections to hide basic auth headers. But wait, there is some more in store for you: [OAuth](http://oauth.net/) It's much more secure for the user and your OSM app. But it comes with a price: You have to register an application on http://www.openstreetmap.org. After you have your app registered you get an app key and secret. Keep it in a safe place.

``` ruby
consumer = OAuth::Consumer.new( 'osm_app_key', 'osm_app_secret',
Expand Down
2 changes: 1 addition & 1 deletion lib/rosemary/api.rb
View file
Expand Up @@ -19,7 +19,7 @@ class Api
API_VERSION = "0.6".freeze

# the default base URI for the API
base_uri "http://www.openstreetmap.org"
base_uri "https://www.openstreetmap.org"
#base_uri "http://api06.dev.openstreetmap.org/api/#{API_VERSION}"

# Make sure the request don't run forever
Expand Down
4 changes: 2 additions & 2 deletions spec/integration/boundary_spec.rb
View file
Expand Up @@ -60,7 +60,7 @@ def valid_fake_boundary

describe '#find:' do
it "should find an array of Ways, Nodes and Relations from the API response via find_boundary" do
stub_request(:get, "http://www.openstreetmap.org/api/0.6/map?bbox=-122.035988,37.38554,-122.00948,37.411677").to_return(:status => 200, :body => valid_fake_boundary, :headers => {'Content-Type' => 'application/xml'})
stub_request(:get, "https://www.openstreetmap.org/api/0.6/map?bbox=-122.035988,37.38554,-122.00948,37.411677").to_return(:status => 200, :body => valid_fake_boundary, :headers => {'Content-Type' => 'application/xml'})
boundary = osm.find_bounding_box(-122.035988,37.38554,-122.00948,37.411677)

expect(boundary.class).to eql BoundingBox
Expand All @@ -81,7 +81,7 @@ def valid_fake_boundary

describe '#xml:' do
it "should produce an xml that is equivalent to the parsed one" do
stub_request(:get, "http://www.openstreetmap.org/api/0.6/map?bbox=-122.035988,37.38554,-122.00948,37.411677").to_return(:status => 200, :body => valid_fake_boundary, :headers => {'Content-Type' => 'application/xml'})
stub_request(:get, "https://www.openstreetmap.org/api/0.6/map?bbox=-122.035988,37.38554,-122.00948,37.411677").to_return(:status => 200, :body => valid_fake_boundary, :headers => {'Content-Type' => 'application/xml'})
boundary = osm.find_bounding_box(-122.035988,37.38554,-122.00948,37.411677)

xml = boundary.to_xml
Expand Down
8 changes: 4 additions & 4 deletions spec/integration/changeset_spec.rb
View file
Expand Up @@ -63,7 +63,7 @@ def multiple_changeset
describe '#find:' do

def request_url
"http://www.openstreetmap.org/api/0.6/changeset/10"
"https://www.openstreetmap.org/api/0.6/changeset/10"
end

def stubbed_request
Expand All @@ -87,7 +87,7 @@ def stubbed_request
describe '#create' do

def request_url
"http://a_username:a_password@www.openstreetmap.org/api/0.6/changeset/create"
"https://a_username:a_password@www.openstreetmap.org/api/0.6/changeset/create"
end

def stub_create_request
Expand Down Expand Up @@ -132,15 +132,15 @@ def stub_create_request
describe '#find_for_user' do

def request_url
"http://www.openstreetmap.org/api/0.6/changesets?user=1234"
"https://www.openstreetmap.org/api/0.6/changesets?user=1234"
end

def stubbed_request
stub_request(:get, request_url)
end

let! :stub_user_lookup do
stub_request(:get, "http://a_username:a_password@www.openstreetmap.org/api/0.6/user/details").to_return(:status => 200, :body => valid_fake_user, :headers => {'Content-Type' => 'application/xml'} )
stub_request(:get, "https://a_username:a_password@www.openstreetmap.org/api/0.6/user/details").to_return(:status => 200, :body => valid_fake_user, :headers => {'Content-Type' => 'application/xml'} )
end

it "should not find changeset for user if user has none" do
Expand Down
38 changes: 19 additions & 19 deletions spec/integration/node_spec.rb
View file
Expand Up @@ -7,11 +7,11 @@
let(:osm) { Api.new }

def stub_changeset_lookup
stub_request(:get, "http://www.openstreetmap.org/api/0.6/changesets?open=true&user=1234").to_return(:status => 200, :body => valid_fake_changeset, :headers => {'Content-Type' => 'application/xml'} )
stub_request(:get, "https://www.openstreetmap.org/api/0.6/changesets?open=true&user=1234").to_return(:status => 200, :body => valid_fake_changeset, :headers => {'Content-Type' => 'application/xml'} )
end

def stub_node_lookup
stub_request(:get, "http://www.openstreetmap.org/api/0.6/node/123").to_return(:status => 200, :body => valid_fake_node, :headers => {'Content-Type' => 'application/xml'})
stub_request(:get, "https://www.openstreetmap.org/api/0.6/node/123").to_return(:status => 200, :body => valid_fake_node, :headers => {'Content-Type' => 'application/xml'})
end

def valid_fake_node
Expand Down Expand Up @@ -57,7 +57,7 @@ def valid_fake_changeset
describe '#find:' do

def request_url
"http://www.openstreetmap.org/api/0.6/node/1234"
"https://www.openstreetmap.org/api/0.6/node/1234"
end

def stubbed_request
Expand Down Expand Up @@ -104,7 +104,7 @@ def stubbed_request
end

def stub_user_lookup
stub_request(:get, "http://a_username:a_password@www.openstreetmap.org/api/0.6/user/details").to_return(:status => 200, :body => valid_fake_user, :headers => {'Content-Type' => 'application/xml'} )
stub_request(:get, "https://a_username:a_password@www.openstreetmap.org/api/0.6/user/details").to_return(:status => 200, :body => valid_fake_user, :headers => {'Content-Type' => 'application/xml'} )
end

describe '#create:' do
Expand All @@ -118,7 +118,7 @@ def stub_user_lookup
}

def request_url
"http://a_username:a_password@www.openstreetmap.org/api/0.6/node/create"
"https://a_username:a_password@www.openstreetmap.org/api/0.6/node/create"
end

def stubbed_request
Expand Down Expand Up @@ -184,7 +184,7 @@ def stubbed_request
end

it "should save a edited node" do
stub_request(:put, "http://a_username:a_password@www.openstreetmap.org/api/0.6/node/123").to_return(:status => 200, :body => '43', :headers => {'Content-Type' => 'text/plain'})
stub_request(:put, "https://a_username:a_password@www.openstreetmap.org/api/0.6/node/123").to_return(:status => 200, :body => '43', :headers => {'Content-Type' => 'text/plain'})
node.tags['amenity'] = 'restaurant'
node.tags['name'] = 'Il Tramonto'
expect(node).to receive(:changeset=)
Expand All @@ -193,7 +193,7 @@ def stubbed_request
end

it "should set a changeset" do
stub_request(:put, "http://a_username:a_password@www.openstreetmap.org/api/0.6/node/123").to_return(:status => 200, :body => '43', :headers => {'Content-Type' => 'text/plain'})
stub_request(:put, "https://a_username:a_password@www.openstreetmap.org/api/0.6/node/123").to_return(:status => 200, :body => '43', :headers => {'Content-Type' => 'text/plain'})
node.changeset = nil
osm.save(node, changeset)
expect(node.changeset).to eql changeset.id
Expand All @@ -220,54 +220,54 @@ def stubbed_request
end

it "should delete an existing node" do
stub_request(:delete, "http://a_username:a_password@www.openstreetmap.org/api/0.6/node/123").to_return(:status => 200, :body => '43', :headers => {'Content-Type' => 'text/plain'})
stub_request(:delete, "https://a_username:a_password@www.openstreetmap.org/api/0.6/node/123").to_return(:status => 200, :body => '43', :headers => {'Content-Type' => 'text/plain'})
expect(node).to receive(:changeset=)
new_version = osm.destroy(node, changeset)
expect(new_version).to eql 43 # new version number
end

it "should raise an error if node to be deleted is still part of a way" do
stub_request(:delete, "http://a_username:a_password@www.openstreetmap.org/api/0.6/node/123").to_return(:status => 400, :body => 'Version does not match current database version', :headers => {'Content-Type' => 'text/plain'})
stub_request(:delete, "https://a_username:a_password@www.openstreetmap.org/api/0.6/node/123").to_return(:status => 400, :body => 'Version does not match current database version', :headers => {'Content-Type' => 'text/plain'})
expect {
response = osm.destroy(node, changeset)
expect(response).to eql "Version does not match current database version"
}.to raise_exception BadRequest
end

it "should raise an error if node cannot be found" do
stub_request(:delete, "http://a_username:a_password@www.openstreetmap.org/api/0.6/node/123").to_return(:status => 404, :body => 'Node cannot be found', :headers => {'Content-Type' => 'text/plain'})
stub_request(:delete, "https://a_username:a_password@www.openstreetmap.org/api/0.6/node/123").to_return(:status => 404, :body => 'Node cannot be found', :headers => {'Content-Type' => 'text/plain'})
expect {
response = osm.destroy(node, changeset)
expect(response).to eql "Node cannot be found"
}.to raise_exception NotFound
end

it "should raise an error if there is a conflict" do
stub_request(:delete, "http://a_username:a_password@www.openstreetmap.org/api/0.6/node/123").to_return(:status => 409, :body => 'Node has been deleted in this changeset', :headers => {'Content-Type' => 'text/plain'})
stub_request(:delete, "https://a_username:a_password@www.openstreetmap.org/api/0.6/node/123").to_return(:status => 409, :body => 'Node has been deleted in this changeset', :headers => {'Content-Type' => 'text/plain'})
expect {
response = osm.destroy(node, changeset)
expect(response).to eql "Node has been deleted in this changeset"
}.to raise_exception Conflict
end

it "should raise an error if the node is already delted" do
stub_request(:delete, "http://a_username:a_password@www.openstreetmap.org/api/0.6/node/123").to_return(:status => 410, :body => 'Node has been deleted', :headers => {'Content-Type' => 'text/plain'})
stub_request(:delete, "https://a_username:a_password@www.openstreetmap.org/api/0.6/node/123").to_return(:status => 410, :body => 'Node has been deleted', :headers => {'Content-Type' => 'text/plain'})
expect {
response = osm.destroy(node, changeset)
expect(response).to eql "Node has been deleted"
}.to raise_exception Gone
end

it "should raise an error if the node is part of a way" do
stub_request(:delete, "http://a_username:a_password@www.openstreetmap.org/api/0.6/node/123").to_return(:status => 412, :body => 'Node 123 is still used by way 456', :headers => {'Content-Type' => 'text/plain'})
stub_request(:delete, "https://a_username:a_password@www.openstreetmap.org/api/0.6/node/123").to_return(:status => 412, :body => 'Node 123 is still used by way 456', :headers => {'Content-Type' => 'text/plain'})
expect {
response = osm.destroy(node, changeset)
expect(response).to eql "Node 123 is still used by way 456"
}.to raise_exception Precondition
end

it "should set the changeset an existing node" do
stub_request(:delete, "http://a_username:a_password@www.openstreetmap.org/api/0.6/node/123").to_return(:status => 200, :body => '43', :headers => {'Content-Type' => 'text/plain'})
stub_request(:delete, "https://a_username:a_password@www.openstreetmap.org/api/0.6/node/123").to_return(:status => 200, :body => '43', :headers => {'Content-Type' => 'text/plain'})
node.changeset = nil
new_version = osm.destroy(node, changeset)
expect(node.changeset).to eql changeset.id
Expand All @@ -280,7 +280,7 @@ def stubbed_request
let :consumer do
OAuth::Consumer.new( 'a_key', 'a_secret',
{
:site => 'http://www.openstreetmap.org',
:site => 'https://www.openstreetmap.org',
:request_token_path => '/oauth/request_token',
:access_token_path => '/oauth/access_token',
:authorize_path => '/oauth/authorize'
Expand All @@ -297,7 +297,7 @@ def stubbed_request
end

def stub_user_lookup
stub_request(:get, "http://www.openstreetmap.org/api/0.6/user/details").to_return(:status => 200, :body => valid_fake_user, :headers => {'Content-Type' => 'application/xml'} )
stub_request(:get, "https://www.openstreetmap.org/api/0.6/user/details").to_return(:status => 200, :body => valid_fake_user, :headers => {'Content-Type' => 'application/xml'} )
end

describe '#create:' do
Expand All @@ -306,7 +306,7 @@ def stub_user_lookup
end

def request_url
"http://www.openstreetmap.org/api/0.6/node/create"
"https://www.openstreetmap.org/api/0.6/node/create"
end

def stubbed_request
Expand Down Expand Up @@ -368,7 +368,7 @@ def stubbed_request
end

it "should save a edited node" do
stub_request(:put, "http://www.openstreetmap.org/api/0.6/node/123").to_return(:status => 200, :body => '43', :headers => {'Content-Type' => 'text/plain'})
stub_request(:put, "https://www.openstreetmap.org/api/0.6/node/123").to_return(:status => 200, :body => '43', :headers => {'Content-Type' => 'text/plain'})
node.tags['amenity'] = 'restaurant'
node.tags['name'] = 'Il Tramonto'
expect(node).to receive(:changeset=)
Expand All @@ -390,7 +390,7 @@ def stubbed_request
end

it "should delete an existing node" do
stub_request(:delete, "http://www.openstreetmap.org/api/0.6/node/123").to_return(:status => 200, :body => '43', :headers => {'Content-Type' => 'text/plain'})
stub_request(:delete, "https://www.openstreetmap.org/api/0.6/node/123").to_return(:status => 200, :body => '43', :headers => {'Content-Type' => 'text/plain'})
expect(node).to receive(:changeset=)
expect {
# Delete is not implemented using oauth
Expand Down
10 changes: 5 additions & 5 deletions spec/integration/note_spec.rb
View file
Expand Up @@ -9,17 +9,17 @@ def valid_fake_note
<osm version="0.6" generator="OpenStreetMap server">
<note lon="102.2205" lat="2.1059">
<id>174576</id>
<url>http://www.openstreetmap.org/api/0.6/notes/174576</url>
<comment_url>http://www.openstreetmap.org/api/0.6/notes/174576/comment</comment_url>
<close_url>http://www.openstreetmap.org/api/0.6/notes/174576/close</close_url>
<url>https://www.openstreetmap.org/api/0.6/notes/174576</url>
<comment_url>https://www.openstreetmap.org/api/0.6/notes/174576/comment</comment_url>
<close_url>https://www.openstreetmap.org/api/0.6/notes/174576/close</close_url>
<date_created>2014-05-26 16:00:04 UTC</date_created>
<status>open</status>
<comments>
<comment>
<date>2014-05-26 16:00:04 UTC</date>
<uid>2044077</uid>
<user>osmthis</user>
<user_url>http://www.openstreetmap.org/user/osmthis</user_url>
<user_url>https://www.openstreetmap.org/user/osmthis</user_url>
<action>opened</action>
<text>Test note</text>
<html>&lt;p&gt;Test note&lt;/p&gt;</html>
Expand All @@ -39,7 +39,7 @@ def valid_fake_note
describe '#create_note:' do

def request_url
"http://a_username:a_password@www.openstreetmap.org/api/0.6/notes?lat=2.1059&lon=102.2205&text=Test%20note"
"https://a_username:a_password@www.openstreetmap.org/api/0.6/notes?lat=2.1059&lon=102.2205&text=Test%20note"
end

def stubbed_request
Expand Down
6 changes: 3 additions & 3 deletions spec/integration/user_spec.rb
View file
Expand Up @@ -5,7 +5,7 @@
let :consumer do
OAuth::Consumer.new( 'a_key', 'a_secret',
{
:site => 'http://www.openstreetmap.org',
:site => 'https://www.openstreetmap.org',
:request_token_path => '/oauth/request_token',
:access_token_path => '/oauth/access_token',
:authorize_path => '/oauth/authorize'
Expand Down Expand Up @@ -41,13 +41,13 @@ def valid_fake_user
describe '#find:' do

it "should build a User from API response via find_user" do
stub_request(:get, "http://www.openstreetmap.org/api/0.6/user/details").to_return(:status => 200, :body => valid_fake_user, :headers => {'Content-Type' => 'application/xml'})
stub_request(:get, "https://www.openstreetmap.org/api/0.6/user/details").to_return(:status => 200, :body => valid_fake_user, :headers => {'Content-Type' => 'application/xml'})
user = osm.find_user
expect(user.class).to eql User
end

it "should raise error from api" do
stub_request(:get, "http://www.openstreetmap.org/api/0.6/user/details").to_return(:status => 403, :body => "OAuth token doesn't have that capability.", :headers => {'Content-Type' => 'plain/text'})
stub_request(:get, "https://www.openstreetmap.org/api/0.6/user/details").to_return(:status => 403, :body => "OAuth token doesn't have that capability.", :headers => {'Content-Type' => 'plain/text'})
expect {
osm.find_user
}.to raise_exception Forbidden
Expand Down
2 changes: 1 addition & 1 deletion spec/integration/way_spec.rb
View file
Expand Up @@ -30,7 +30,7 @@ def valid_fake_way
describe '#find:' do

it "should build a Way from API response via get_way" do
stub_request(:get, "http://www.openstreetmap.org/api/0.6/way/1234").to_return(:status => 200, :body => valid_fake_way, :headers => {'Content-Type' => 'application/xml'})
stub_request(:get, "https://www.openstreetmap.org/api/0.6/way/1234").to_return(:status => 200, :body => valid_fake_way, :headers => {'Content-Type' => 'application/xml'})
way = osm.find_way(1234)
expect(way.class).to eql Way
expect(way.nodes).to include(15735246)
Expand Down

0 comments on commit 0f08f82

Please sign in to comment.