diff --git a/README.md b/README.md index cf99f9b..e45b779 100644 --- a/README.md +++ b/README.md @@ -73,7 +73,7 @@ api.save(node, changeset) api.close_changeset(changeset) ``` -Yeah, I can hear you sayin: 'Seriously, do I have to provide username and password? Is that secure?' Providing username and password is prone to some security issues, especially because the OSM API does not provide an SSL service. But wait, there is some more in store for you: [OAuth](http://oauth.net/) It's much more secure for the user and your OSM app. But it comes with a price: You have to register an application on http://www.openstreetmap.org. After you have your app registered you get an app key and secret. Keep it in a safe place. +Yeah, I can hear you sayin: 'Seriously, do I have to provide username and password? Is that secure?' Providing username and password is prone to some security issues. But OpenStreetMap supports secure HTTPS connections to hide basic auth headers. But wait, there is some more in store for you: [OAuth](http://oauth.net/) It's much more secure for the user and your OSM app. But it comes with a price: You have to register an application on http://www.openstreetmap.org. After you have your app registered you get an app key and secret. Keep it in a safe place. ``` ruby consumer = OAuth::Consumer.new( 'osm_app_key', 'osm_app_secret', diff --git a/lib/rosemary/api.rb b/lib/rosemary/api.rb index fdea681..ef8b208 100644 --- a/lib/rosemary/api.rb +++ b/lib/rosemary/api.rb @@ -19,7 +19,7 @@ class Api API_VERSION = "0.6".freeze # the default base URI for the API - base_uri "http://www.openstreetmap.org" + base_uri "https://www.openstreetmap.org" #base_uri "http://api06.dev.openstreetmap.org/api/#{API_VERSION}" # Make sure the request don't run forever diff --git a/spec/integration/boundary_spec.rb b/spec/integration/boundary_spec.rb index e45245b..59ca5be 100644 --- a/spec/integration/boundary_spec.rb +++ b/spec/integration/boundary_spec.rb @@ -60,7 +60,7 @@ def valid_fake_boundary describe '#find:' do it "should find an array of Ways, Nodes and Relations from the API response via find_boundary" do - stub_request(:get, "http://www.openstreetmap.org/api/0.6/map?bbox=-122.035988,37.38554,-122.00948,37.411677").to_return(:status => 200, :body => valid_fake_boundary, :headers => {'Content-Type' => 'application/xml'}) + stub_request(:get, "https://www.openstreetmap.org/api/0.6/map?bbox=-122.035988,37.38554,-122.00948,37.411677").to_return(:status => 200, :body => valid_fake_boundary, :headers => {'Content-Type' => 'application/xml'}) boundary = osm.find_bounding_box(-122.035988,37.38554,-122.00948,37.411677) expect(boundary.class).to eql BoundingBox @@ -81,7 +81,7 @@ def valid_fake_boundary describe '#xml:' do it "should produce an xml that is equivalent to the parsed one" do - stub_request(:get, "http://www.openstreetmap.org/api/0.6/map?bbox=-122.035988,37.38554,-122.00948,37.411677").to_return(:status => 200, :body => valid_fake_boundary, :headers => {'Content-Type' => 'application/xml'}) + stub_request(:get, "https://www.openstreetmap.org/api/0.6/map?bbox=-122.035988,37.38554,-122.00948,37.411677").to_return(:status => 200, :body => valid_fake_boundary, :headers => {'Content-Type' => 'application/xml'}) boundary = osm.find_bounding_box(-122.035988,37.38554,-122.00948,37.411677) xml = boundary.to_xml diff --git a/spec/integration/changeset_spec.rb b/spec/integration/changeset_spec.rb index 29493b7..68e5a0c 100644 --- a/spec/integration/changeset_spec.rb +++ b/spec/integration/changeset_spec.rb @@ -63,7 +63,7 @@ def multiple_changeset describe '#find:' do def request_url - "http://www.openstreetmap.org/api/0.6/changeset/10" + "https://www.openstreetmap.org/api/0.6/changeset/10" end def stubbed_request @@ -87,7 +87,7 @@ def stubbed_request describe '#create' do def request_url - "http://a_username:a_password@www.openstreetmap.org/api/0.6/changeset/create" + "https://a_username:a_password@www.openstreetmap.org/api/0.6/changeset/create" end def stub_create_request @@ -132,7 +132,7 @@ def stub_create_request describe '#find_for_user' do def request_url - "http://www.openstreetmap.org/api/0.6/changesets?user=1234" + "https://www.openstreetmap.org/api/0.6/changesets?user=1234" end def stubbed_request @@ -140,7 +140,7 @@ def stubbed_request end let! :stub_user_lookup do - stub_request(:get, "http://a_username:a_password@www.openstreetmap.org/api/0.6/user/details").to_return(:status => 200, :body => valid_fake_user, :headers => {'Content-Type' => 'application/xml'} ) + stub_request(:get, "https://a_username:a_password@www.openstreetmap.org/api/0.6/user/details").to_return(:status => 200, :body => valid_fake_user, :headers => {'Content-Type' => 'application/xml'} ) end it "should not find changeset for user if user has none" do diff --git a/spec/integration/node_spec.rb b/spec/integration/node_spec.rb index b1dca3d..f6e3c63 100644 --- a/spec/integration/node_spec.rb +++ b/spec/integration/node_spec.rb @@ -7,11 +7,11 @@ let(:osm) { Api.new } def stub_changeset_lookup - stub_request(:get, "http://www.openstreetmap.org/api/0.6/changesets?open=true&user=1234").to_return(:status => 200, :body => valid_fake_changeset, :headers => {'Content-Type' => 'application/xml'} ) + stub_request(:get, "https://www.openstreetmap.org/api/0.6/changesets?open=true&user=1234").to_return(:status => 200, :body => valid_fake_changeset, :headers => {'Content-Type' => 'application/xml'} ) end def stub_node_lookup - stub_request(:get, "http://www.openstreetmap.org/api/0.6/node/123").to_return(:status => 200, :body => valid_fake_node, :headers => {'Content-Type' => 'application/xml'}) + stub_request(:get, "https://www.openstreetmap.org/api/0.6/node/123").to_return(:status => 200, :body => valid_fake_node, :headers => {'Content-Type' => 'application/xml'}) end def valid_fake_node @@ -57,7 +57,7 @@ def valid_fake_changeset describe '#find:' do def request_url - "http://www.openstreetmap.org/api/0.6/node/1234" + "https://www.openstreetmap.org/api/0.6/node/1234" end def stubbed_request @@ -104,7 +104,7 @@ def stubbed_request end def stub_user_lookup - stub_request(:get, "http://a_username:a_password@www.openstreetmap.org/api/0.6/user/details").to_return(:status => 200, :body => valid_fake_user, :headers => {'Content-Type' => 'application/xml'} ) + stub_request(:get, "https://a_username:a_password@www.openstreetmap.org/api/0.6/user/details").to_return(:status => 200, :body => valid_fake_user, :headers => {'Content-Type' => 'application/xml'} ) end describe '#create:' do @@ -118,7 +118,7 @@ def stub_user_lookup } def request_url - "http://a_username:a_password@www.openstreetmap.org/api/0.6/node/create" + "https://a_username:a_password@www.openstreetmap.org/api/0.6/node/create" end def stubbed_request @@ -184,7 +184,7 @@ def stubbed_request end it "should save a edited node" do - stub_request(:put, "http://a_username:a_password@www.openstreetmap.org/api/0.6/node/123").to_return(:status => 200, :body => '43', :headers => {'Content-Type' => 'text/plain'}) + stub_request(:put, "https://a_username:a_password@www.openstreetmap.org/api/0.6/node/123").to_return(:status => 200, :body => '43', :headers => {'Content-Type' => 'text/plain'}) node.tags['amenity'] = 'restaurant' node.tags['name'] = 'Il Tramonto' expect(node).to receive(:changeset=) @@ -193,7 +193,7 @@ def stubbed_request end it "should set a changeset" do - stub_request(:put, "http://a_username:a_password@www.openstreetmap.org/api/0.6/node/123").to_return(:status => 200, :body => '43', :headers => {'Content-Type' => 'text/plain'}) + stub_request(:put, "https://a_username:a_password@www.openstreetmap.org/api/0.6/node/123").to_return(:status => 200, :body => '43', :headers => {'Content-Type' => 'text/plain'}) node.changeset = nil osm.save(node, changeset) expect(node.changeset).to eql changeset.id @@ -220,14 +220,14 @@ def stubbed_request end it "should delete an existing node" do - stub_request(:delete, "http://a_username:a_password@www.openstreetmap.org/api/0.6/node/123").to_return(:status => 200, :body => '43', :headers => {'Content-Type' => 'text/plain'}) + stub_request(:delete, "https://a_username:a_password@www.openstreetmap.org/api/0.6/node/123").to_return(:status => 200, :body => '43', :headers => {'Content-Type' => 'text/plain'}) expect(node).to receive(:changeset=) new_version = osm.destroy(node, changeset) expect(new_version).to eql 43 # new version number end it "should raise an error if node to be deleted is still part of a way" do - stub_request(:delete, "http://a_username:a_password@www.openstreetmap.org/api/0.6/node/123").to_return(:status => 400, :body => 'Version does not match current database version', :headers => {'Content-Type' => 'text/plain'}) + stub_request(:delete, "https://a_username:a_password@www.openstreetmap.org/api/0.6/node/123").to_return(:status => 400, :body => 'Version does not match current database version', :headers => {'Content-Type' => 'text/plain'}) expect { response = osm.destroy(node, changeset) expect(response).to eql "Version does not match current database version" @@ -235,7 +235,7 @@ def stubbed_request end it "should raise an error if node cannot be found" do - stub_request(:delete, "http://a_username:a_password@www.openstreetmap.org/api/0.6/node/123").to_return(:status => 404, :body => 'Node cannot be found', :headers => {'Content-Type' => 'text/plain'}) + stub_request(:delete, "https://a_username:a_password@www.openstreetmap.org/api/0.6/node/123").to_return(:status => 404, :body => 'Node cannot be found', :headers => {'Content-Type' => 'text/plain'}) expect { response = osm.destroy(node, changeset) expect(response).to eql "Node cannot be found" @@ -243,7 +243,7 @@ def stubbed_request end it "should raise an error if there is a conflict" do - stub_request(:delete, "http://a_username:a_password@www.openstreetmap.org/api/0.6/node/123").to_return(:status => 409, :body => 'Node has been deleted in this changeset', :headers => {'Content-Type' => 'text/plain'}) + stub_request(:delete, "https://a_username:a_password@www.openstreetmap.org/api/0.6/node/123").to_return(:status => 409, :body => 'Node has been deleted in this changeset', :headers => {'Content-Type' => 'text/plain'}) expect { response = osm.destroy(node, changeset) expect(response).to eql "Node has been deleted in this changeset" @@ -251,7 +251,7 @@ def stubbed_request end it "should raise an error if the node is already delted" do - stub_request(:delete, "http://a_username:a_password@www.openstreetmap.org/api/0.6/node/123").to_return(:status => 410, :body => 'Node has been deleted', :headers => {'Content-Type' => 'text/plain'}) + stub_request(:delete, "https://a_username:a_password@www.openstreetmap.org/api/0.6/node/123").to_return(:status => 410, :body => 'Node has been deleted', :headers => {'Content-Type' => 'text/plain'}) expect { response = osm.destroy(node, changeset) expect(response).to eql "Node has been deleted" @@ -259,7 +259,7 @@ def stubbed_request end it "should raise an error if the node is part of a way" do - stub_request(:delete, "http://a_username:a_password@www.openstreetmap.org/api/0.6/node/123").to_return(:status => 412, :body => 'Node 123 is still used by way 456', :headers => {'Content-Type' => 'text/plain'}) + stub_request(:delete, "https://a_username:a_password@www.openstreetmap.org/api/0.6/node/123").to_return(:status => 412, :body => 'Node 123 is still used by way 456', :headers => {'Content-Type' => 'text/plain'}) expect { response = osm.destroy(node, changeset) expect(response).to eql "Node 123 is still used by way 456" @@ -267,7 +267,7 @@ def stubbed_request end it "should set the changeset an existing node" do - stub_request(:delete, "http://a_username:a_password@www.openstreetmap.org/api/0.6/node/123").to_return(:status => 200, :body => '43', :headers => {'Content-Type' => 'text/plain'}) + stub_request(:delete, "https://a_username:a_password@www.openstreetmap.org/api/0.6/node/123").to_return(:status => 200, :body => '43', :headers => {'Content-Type' => 'text/plain'}) node.changeset = nil new_version = osm.destroy(node, changeset) expect(node.changeset).to eql changeset.id @@ -280,7 +280,7 @@ def stubbed_request let :consumer do OAuth::Consumer.new( 'a_key', 'a_secret', { - :site => 'http://www.openstreetmap.org', + :site => 'https://www.openstreetmap.org', :request_token_path => '/oauth/request_token', :access_token_path => '/oauth/access_token', :authorize_path => '/oauth/authorize' @@ -297,7 +297,7 @@ def stubbed_request end def stub_user_lookup - stub_request(:get, "http://www.openstreetmap.org/api/0.6/user/details").to_return(:status => 200, :body => valid_fake_user, :headers => {'Content-Type' => 'application/xml'} ) + stub_request(:get, "https://www.openstreetmap.org/api/0.6/user/details").to_return(:status => 200, :body => valid_fake_user, :headers => {'Content-Type' => 'application/xml'} ) end describe '#create:' do @@ -306,7 +306,7 @@ def stub_user_lookup end def request_url - "http://www.openstreetmap.org/api/0.6/node/create" + "https://www.openstreetmap.org/api/0.6/node/create" end def stubbed_request @@ -368,7 +368,7 @@ def stubbed_request end it "should save a edited node" do - stub_request(:put, "http://www.openstreetmap.org/api/0.6/node/123").to_return(:status => 200, :body => '43', :headers => {'Content-Type' => 'text/plain'}) + stub_request(:put, "https://www.openstreetmap.org/api/0.6/node/123").to_return(:status => 200, :body => '43', :headers => {'Content-Type' => 'text/plain'}) node.tags['amenity'] = 'restaurant' node.tags['name'] = 'Il Tramonto' expect(node).to receive(:changeset=) @@ -390,7 +390,7 @@ def stubbed_request end it "should delete an existing node" do - stub_request(:delete, "http://www.openstreetmap.org/api/0.6/node/123").to_return(:status => 200, :body => '43', :headers => {'Content-Type' => 'text/plain'}) + stub_request(:delete, "https://www.openstreetmap.org/api/0.6/node/123").to_return(:status => 200, :body => '43', :headers => {'Content-Type' => 'text/plain'}) expect(node).to receive(:changeset=) expect { # Delete is not implemented using oauth diff --git a/spec/integration/note_spec.rb b/spec/integration/note_spec.rb index 2c0b7a6..ec4f28e 100644 --- a/spec/integration/note_spec.rb +++ b/spec/integration/note_spec.rb @@ -9,9 +9,9 @@ def valid_fake_note 174576 - http://www.openstreetmap.org/api/0.6/notes/174576 - http://www.openstreetmap.org/api/0.6/notes/174576/comment - http://www.openstreetmap.org/api/0.6/notes/174576/close + https://www.openstreetmap.org/api/0.6/notes/174576 + https://www.openstreetmap.org/api/0.6/notes/174576/comment + https://www.openstreetmap.org/api/0.6/notes/174576/close 2014-05-26 16:00:04 UTC open @@ -19,7 +19,7 @@ def valid_fake_note 2014-05-26 16:00:04 UTC 2044077 osmthis - http://www.openstreetmap.org/user/osmthis + https://www.openstreetmap.org/user/osmthis opened Test note <p>Test note</p> @@ -39,7 +39,7 @@ def valid_fake_note describe '#create_note:' do def request_url - "http://a_username:a_password@www.openstreetmap.org/api/0.6/notes?lat=2.1059&lon=102.2205&text=Test%20note" + "https://a_username:a_password@www.openstreetmap.org/api/0.6/notes?lat=2.1059&lon=102.2205&text=Test%20note" end def stubbed_request diff --git a/spec/integration/user_spec.rb b/spec/integration/user_spec.rb index 4249ef0..74a830a 100644 --- a/spec/integration/user_spec.rb +++ b/spec/integration/user_spec.rb @@ -5,7 +5,7 @@ let :consumer do OAuth::Consumer.new( 'a_key', 'a_secret', { - :site => 'http://www.openstreetmap.org', + :site => 'https://www.openstreetmap.org', :request_token_path => '/oauth/request_token', :access_token_path => '/oauth/access_token', :authorize_path => '/oauth/authorize' @@ -41,13 +41,13 @@ def valid_fake_user describe '#find:' do it "should build a User from API response via find_user" do - stub_request(:get, "http://www.openstreetmap.org/api/0.6/user/details").to_return(:status => 200, :body => valid_fake_user, :headers => {'Content-Type' => 'application/xml'}) + stub_request(:get, "https://www.openstreetmap.org/api/0.6/user/details").to_return(:status => 200, :body => valid_fake_user, :headers => {'Content-Type' => 'application/xml'}) user = osm.find_user expect(user.class).to eql User end it "should raise error from api" do - stub_request(:get, "http://www.openstreetmap.org/api/0.6/user/details").to_return(:status => 403, :body => "OAuth token doesn't have that capability.", :headers => {'Content-Type' => 'plain/text'}) + stub_request(:get, "https://www.openstreetmap.org/api/0.6/user/details").to_return(:status => 403, :body => "OAuth token doesn't have that capability.", :headers => {'Content-Type' => 'plain/text'}) expect { osm.find_user }.to raise_exception Forbidden diff --git a/spec/integration/way_spec.rb b/spec/integration/way_spec.rb index 3e6027a..23fc8b5 100644 --- a/spec/integration/way_spec.rb +++ b/spec/integration/way_spec.rb @@ -30,7 +30,7 @@ def valid_fake_way describe '#find:' do it "should build a Way from API response via get_way" do - stub_request(:get, "http://www.openstreetmap.org/api/0.6/way/1234").to_return(:status => 200, :body => valid_fake_way, :headers => {'Content-Type' => 'application/xml'}) + stub_request(:get, "https://www.openstreetmap.org/api/0.6/way/1234").to_return(:status => 200, :body => valid_fake_way, :headers => {'Content-Type' => 'application/xml'}) way = osm.find_way(1234) expect(way.class).to eql Way expect(way.nodes).to include(15735246)