2 * ============LICENSE_START==========================================
4 * ===================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
6 * ===================================================================
8 * Unless otherwise specified, all software contained herein is licensed
9 * under the Apache License, Version 2.0 (the "License");
10 * you may not use this software except in compliance with the License.
11 * You may obtain a copy of the License at
13 * http://www.apache.org/licenses/LICENSE-2.0
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS,
17 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
21 * Unless otherwise specified, all documentation contained herein is licensed
22 * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
23 * you may not use this documentation except in compliance with the License.
24 * You may obtain a copy of the License at
26 * https://creativecommons.org/licenses/by/4.0/
28 * Unless required by applicable law or agreed to in writing, documentation
29 * distributed under the License is distributed on an "AS IS" BASIS,
30 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
31 * See the License for the specific language governing permissions and
32 * limitations under the License.
34 * ============LICENSE_END============================================
37 package org.onap.portalapp.portal.controller;
39 import static org.junit.Assert.assertEquals;
40 import static org.junit.Assert.assertNotNull;
41 import static org.junit.Assert.assertNull;
43 import java.lang.reflect.Method;
44 import java.util.ArrayList;
45 import java.util.HashMap;
46 import java.util.List;
48 import javax.servlet.http.HttpServletRequest;
49 import javax.servlet.http.HttpServletResponse;
50 import org.junit.Before;
51 import org.junit.Test;
52 import org.junit.runner.RunWith;
53 import org.mockito.InjectMocks;
54 import org.mockito.Matchers;
55 import org.mockito.Mock;
56 import org.mockito.Mockito;
57 import org.mockito.MockitoAnnotations;
58 import org.onap.portalapp.annotation.ApiVersion;
59 import org.onap.portalapp.controller.sessionmgt.SessionCommunicationVersionController;
60 import org.onap.portalapp.externalsystemapproval.model.ExternalSystemUser;
61 import org.onap.portalapp.portal.domain.EPUser;
62 import org.onap.portalapp.portal.ecomp.model.PortalRestResponse;
63 import org.onap.portalapp.portal.ecomp.model.PortalRestStatusEnum;
64 import org.onap.portalapp.portal.framework.MockitoTestSuite;
65 import org.onap.portalapp.portal.transport.Analytics;
66 import org.onap.portalapp.portal.transport.EpNotificationItem;
67 import org.onap.portalapp.portal.transport.OnboardingApp;
68 import org.onap.portalsdk.core.domain.Role;
69 import org.onap.portalsdk.core.onboarding.crossapi.PortalAPIResponse;
70 import org.powermock.api.mockito.PowerMockito;
71 import org.powermock.core.classloader.annotations.PrepareForTest;
72 import org.powermock.modules.junit4.PowerMockRunner;
73 import org.springframework.aop.support.AopUtils;
74 import org.springframework.context.ApplicationContext;
76 @RunWith(PowerMockRunner.class)
77 @PrepareForTest(AopUtils.class)
78 public class AuxApiRequestMapperControllerTest {
80 AuxApiRequestMapperController auxApiRequestMapperController = new AuxApiRequestMapperController();
84 MockitoAnnotations.initMocks(this);
87 RolesController rolesController = new RolesController();
88 SessionCommunicationVersionController sessionCommunicationController = new SessionCommunicationVersionController();
89 WebAnalyticsExtAppVersionController webAnalyticsExtAppController = new WebAnalyticsExtAppVersionController();
90 RolesApprovalSystemVersionController rolesApprovalSystemController = new RolesApprovalSystemVersionController();
91 TicketEventVersionController ticketEventVersionController = new TicketEventVersionController();
92 AppsControllerExternalVersionRequest appsControllerExternalVersionRequest = new AppsControllerExternalVersionRequest();
93 ExternalAppsRestfulVersionController externalAppsRestfulVersionController = new ExternalAppsRestfulVersionController();
96 ApplicationContext context;
99 MockitoTestSuite mockitoTestSuite = new MockitoTestSuite();
100 HttpServletRequest mockedRequest = mockitoTestSuite.getMockedRequest();
101 HttpServletResponse mockedResponse = mockitoTestSuite.getMockedResponse();
102 NullPointerException nullPointerException = new NullPointerException();
105 public void getUserTest() throws Exception {
106 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/roles");
107 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
108 Map<String, Object> beans = new HashMap<>();
109 beans.put("bean1", rolesController);
110 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
111 PowerMockito.mockStatic(AopUtils.class);
112 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
113 Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
114 assertNull(auxApiRequestMapperController.getUser(mockedRequest, mockedResponse, "test12"));
118 public void getUserXSSTest() throws Exception {
119 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/roles");
120 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
121 Map<String, Object> beans = new HashMap<>();
122 beans.put("bean1", rolesController);
123 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
124 PowerMockito.mockStatic(AopUtils.class);
125 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
126 Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
127 String expected = "Provided data is not valid";
128 String actual = auxApiRequestMapperController.getUser(mockedRequest, mockedResponse, "“><script>alert(“XSS”)</script>");
129 assertEquals(expected, actual);
133 public void getUserTestWithException() throws Exception {
134 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/roles");
135 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
136 Map<String, Object> beans = new HashMap<>();
137 beans.put("bean1", rolesController);
138 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
139 PowerMockito.mockStatic(AopUtils.class);
140 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
141 Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
142 assertNull(auxApiRequestMapperController.getUser(mockedRequest, mockedResponse, "test12"));
146 public void getRolesTest() throws Exception {
147 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/roles");
148 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
149 Map<String, Object> beans = new HashMap<>();
150 beans.put("bean1", rolesController);
151 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
152 PowerMockito.mockStatic(AopUtils.class);
153 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
154 Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
155 assertNull(auxApiRequestMapperController.getRoles(mockedRequest, mockedResponse));
159 public void saveRoleTest() throws Exception {
160 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/role");
161 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
162 Map<String, Object> beans = new HashMap<>();
163 beans.put("bean1", rolesController);
164 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
165 PowerMockito.mockStatic(AopUtils.class);
166 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
167 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
168 Role role = new Role();
169 assertNull(auxApiRequestMapperController.saveRole(mockedRequest, mockedResponse, role));
173 public void getEPRolesTest() throws Exception {
174 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v4/roles");
175 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
176 Map<String, Object> beans = new HashMap<>();
177 beans.put("bean1", rolesController);
178 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
179 PowerMockito.mockStatic(AopUtils.class);
180 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
181 Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
182 assertNull(auxApiRequestMapperController.getRoles(mockedRequest, mockedResponse));
186 public void getUser1Test() throws Exception {
187 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/user/test12");
188 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
189 Map<String, Object> beans = new HashMap<>();
190 beans.put("bean1", rolesController);
191 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
192 PowerMockito.mockStatic(AopUtils.class);
193 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
194 Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
195 assertNull(auxApiRequestMapperController.getUser(mockedRequest, mockedResponse, "test12"));
199 public void getRoleTest() throws Exception {
200 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/role/1");
201 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
202 Map<String, Object> beans = new HashMap<>();
203 beans.put("bean1", rolesController);
204 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
205 PowerMockito.mockStatic(AopUtils.class);
206 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
207 Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
208 assertNull(auxApiRequestMapperController.getRoleInfo(mockedRequest, mockedResponse, (long) 1));
212 public void getUsersOfApplicationTest() throws Exception {
213 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/users");
214 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
215 Map<String, Object> beans = new HashMap<>();
216 beans.put("bean1", rolesController);
217 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
218 PowerMockito.mockStatic(AopUtils.class);
219 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
220 Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
221 assertNull(auxApiRequestMapperController.getUsersOfApplication(mockedRequest, mockedResponse));
225 public void getRoleFunctionsListTest() throws Exception {
226 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/functions");
227 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
228 Map<String, Object> beans = new HashMap<>();
229 beans.put("bean1", rolesController);
230 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
231 PowerMockito.mockStatic(AopUtils.class);
232 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
233 Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
234 assertNull(auxApiRequestMapperController.getRoleFunctionsList(mockedRequest, mockedResponse));
238 public void getRoleFunctionTest() throws Exception {
239 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/function/test");
240 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
241 Map<String, Object> beans = new HashMap<>();
242 beans.put("bean1", rolesController);
243 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
244 PowerMockito.mockStatic(AopUtils.class);
245 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
246 Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
247 assertNull(auxApiRequestMapperController.getRoleFunction(mockedRequest, mockedResponse, "test"));
252 public void saveRoleFunctionTest() throws Exception {
253 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/roleFunction");
254 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
255 Map<String, Object> beans = new HashMap<>();
256 beans.put("bean1", rolesController);
257 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
258 PowerMockito.mockStatic(AopUtils.class);
259 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
260 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
261 PortalRestResponse<String> response = auxApiRequestMapperController.saveRoleFunction(mockedRequest, mockedResponse, "test");
262 assertNotNull(response);
266 public void saveRoleFunctionXSSTest() throws Exception {
267 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/roleFunction");
268 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
269 Map<String, Object> beans = new HashMap<>();
270 beans.put("bean1", rolesController);
271 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
272 PowerMockito.mockStatic(AopUtils.class);
273 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
274 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
275 PortalRestResponse<String> actual = auxApiRequestMapperController.saveRoleFunction(mockedRequest, mockedResponse, "<script>alert(123)</script>");
276 PortalRestResponse<String> expected = new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Provided data is not valid", "Failed");
277 assertEquals(expected, actual);
281 public void deleteRoleFunctionTest() throws Exception {
282 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/roleFunction/test");
283 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
284 Map<String, Object> beans = new HashMap<>();
285 beans.put("bean1", rolesController);
286 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
287 PowerMockito.mockStatic(AopUtils.class);
288 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
289 Mockito.when(mockedRequest.getMethod()).thenReturn("DELETE");
290 assertNull(auxApiRequestMapperController.deleteRoleFunction(mockedRequest, mockedResponse, "test"));
294 public void deleteRoleFunctionXSSTest() throws Exception {
295 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/roleFunction/test");
296 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
297 Map<String, Object> beans = new HashMap<>();
298 beans.put("bean1", rolesController);
299 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
300 PowerMockito.mockStatic(AopUtils.class);
301 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
302 Mockito.when(mockedRequest.getMethod()).thenReturn("DELETE");
303 PortalRestResponse<String> actual = auxApiRequestMapperController.deleteRoleFunction(mockedRequest, mockedResponse,
304 "<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}");
305 PortalRestResponse<String> expected = new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Provided data is not valid", "Failed");
306 assertEquals(expected, actual);
310 public void deleteRoleTest() throws Exception {
311 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/deleteRole/1");
312 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
313 Map<String, Object> beans = new HashMap<>();
314 beans.put("bean1", rolesController);
315 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
316 PowerMockito.mockStatic(AopUtils.class);
317 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
318 Mockito.when(mockedRequest.getMethod()).thenReturn("DELETE");
319 assertNull(auxApiRequestMapperController.deleteRole(mockedRequest, mockedResponse, (long) 1));
323 public void getActiveRolesTest() throws Exception {
324 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/activeRoles");
325 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
326 Map<String, Object> beans = new HashMap<>();
327 beans.put("bean1", rolesController);
328 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
329 PowerMockito.mockStatic(AopUtils.class);
330 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
331 Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
332 assertNull(auxApiRequestMapperController.getActiveRoles(mockedRequest, mockedResponse));
336 public void getEcompUserTest() throws Exception {
337 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v4/user/test");
338 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
339 Map<String, Object> beans = new HashMap<>();
340 beans.put("bean1", rolesController);
341 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
342 PowerMockito.mockStatic(AopUtils.class);
343 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
344 Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
345 assertNull(auxApiRequestMapperController.getEcompUser(mockedRequest, mockedResponse, "test"));
349 public void getEcompUserXSSTest() throws Exception {
350 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v4/user/test");
351 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
352 Map<String, Object> beans = new HashMap<>();
353 beans.put("bean1", rolesController);
354 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
355 PowerMockito.mockStatic(AopUtils.class);
356 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
357 Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
358 assertNull(auxApiRequestMapperController.getEcompUser(mockedRequest, mockedResponse, "<script>alert(‘XSS’)</script>"));
362 public void getEcompRolesOfApplicationTest() throws Exception {
363 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v4/roles");
364 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
365 Map<String, Object> beans = new HashMap<>();
366 beans.put("bean1", rolesController);
367 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
368 PowerMockito.mockStatic(AopUtils.class);
369 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
370 Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
371 assertNull(auxApiRequestMapperController.getEcompRolesOfApplication(mockedRequest, mockedResponse));
375 public void getSessionSlotCheckIntervalTest() throws Exception {
376 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/getSessionSlotCheckInterval");
377 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
378 Map<String, Object> beans = new HashMap<>();
379 beans.put("bean1", sessionCommunicationController);
380 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
381 PowerMockito.mockStatic(AopUtils.class);
382 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
383 Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
384 assertNull(auxApiRequestMapperController.getSessionSlotCheckInterval(mockedRequest, mockedResponse));
388 public void extendSessionTimeOutsTest() throws Exception {
389 String sessionMap = "test";
390 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/extendSessionTimeOuts");
391 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
392 Map<String, Object> beans = new HashMap<>();
393 beans.put("bean1", sessionCommunicationController);
394 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
395 PowerMockito.mockStatic(AopUtils.class);
396 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
397 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
398 assertNull(auxApiRequestMapperController.extendSessionTimeOuts(mockedRequest, mockedResponse, sessionMap));
402 public void extendSessionTimeOutsXSSTest() throws Exception {
403 String sessionMap = "<script>alert(“XSS”)</script>";
404 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/extendSessionTimeOuts");
405 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
406 Map<String, Object> beans = new HashMap<>();
407 beans.put("bean1", sessionCommunicationController);
408 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
409 PowerMockito.mockStatic(AopUtils.class);
410 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
411 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
412 assertNull(auxApiRequestMapperController.extendSessionTimeOuts(mockedRequest, mockedResponse, sessionMap));
416 public void getAnalyticsScriptTest() throws Exception {
417 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/analytics");
418 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
419 Map<String, Object> beans = new HashMap<>();
420 beans.put("bean1", webAnalyticsExtAppController);
421 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
422 PowerMockito.mockStatic(AopUtils.class);
423 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
424 Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
425 assertNull(auxApiRequestMapperController.getAnalyticsScript(mockedRequest, mockedResponse));
429 public void storeAnalyticsScriptTest() throws Exception {
430 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/storeAnalytics");
431 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
432 Map<String, Object> beans = new HashMap<>();
433 beans.put("bean1", webAnalyticsExtAppController);
434 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
435 PowerMockito.mockStatic(AopUtils.class);
436 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
437 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
438 Analytics analyticsMap = new Analytics();
439 assertNull(auxApiRequestMapperController.storeAnalyticsScript(mockedRequest, mockedResponse, analyticsMap));
443 public void storeAnalyticsScriptXSSTest() throws Exception {
444 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/storeAnalytics");
445 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
446 Map<String, Object> beans = new HashMap<>();
447 beans.put("bean1", webAnalyticsExtAppController);
448 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
449 PowerMockito.mockStatic(AopUtils.class);
450 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
451 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
452 Analytics analyticsMap = new Analytics();
453 analyticsMap.setPage("<script>alert(“XSS”);</script>");
454 PortalAPIResponse actual = auxApiRequestMapperController.storeAnalyticsScript(mockedRequest, mockedResponse, analyticsMap);
455 PortalAPIResponse expected = new PortalAPIResponse(true, "analyticsScript is not valid");
456 assertEquals(expected.getMessage(), actual.getMessage());
460 public void bulkUploadFunctionsTest() throws Exception {
461 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/upload/portal/functions");
462 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
463 Map<String, Object> beans = new HashMap<>();
464 beans.put("bean1", rolesController);
465 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
466 PowerMockito.mockStatic(AopUtils.class);
467 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
468 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
469 PortalRestResponse expected = new PortalRestResponse();
470 expected.setStatus(PortalRestStatusEnum.ERROR);
471 expected.setMessage("Failed to bulkUploadFunctions");
472 expected.setResponse("Failed");
473 assertEquals(expected, auxApiRequestMapperController.bulkUploadFunctions(mockedRequest, mockedResponse));
477 public void bulkUploadRolesTest() throws Exception {
478 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/upload/portal/roles");
479 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
480 Map<String, Object> beans = new HashMap<>();
481 beans.put("bean1", rolesController);
482 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
483 PowerMockito.mockStatic(AopUtils.class);
484 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
485 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
486 PortalRestResponse expected = new PortalRestResponse();
487 expected.setStatus(PortalRestStatusEnum.ERROR);
488 expected.setMessage("Failed to bulkUploadRoles");
489 expected.setResponse("Failed");
490 PortalRestResponse actual = auxApiRequestMapperController.bulkUploadRoles(mockedRequest, mockedResponse);
491 System.out.println(actual.toString());
492 assertEquals(expected, actual);
496 public void bulkUploadRoleFunctionsTest() throws Exception {
497 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/upload/portal/roleFunctions");
498 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
499 Map<String, Object> beans = new HashMap<>();
500 beans.put("bean1", rolesController);
501 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
502 PowerMockito.mockStatic(AopUtils.class);
503 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
504 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
505 PortalRestResponse expected = new PortalRestResponse();
506 expected.setStatus(PortalRestStatusEnum.ERROR);
507 expected.setMessage("Failed to bulkUploadRoleFunctions");
508 expected.setResponse("Failed");
509 assertEquals(expected, auxApiRequestMapperController.bulkUploadRoleFunctions(mockedRequest, mockedResponse));
513 public void bulkUploadUserRolesTest() throws Exception {
514 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/upload/portal/userRoles");
515 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
516 Map<String, Object> beans = new HashMap<>();
517 beans.put("bean1", rolesController);
518 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
519 PowerMockito.mockStatic(AopUtils.class);
520 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
521 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
522 PortalRestResponse expected = new PortalRestResponse();
523 expected.setStatus(PortalRestStatusEnum.ERROR);
524 expected.setMessage("Failed to bulkUploadUserRoles");
525 expected.setResponse("Failed");
526 assertEquals(expected, auxApiRequestMapperController.bulkUploadUserRoles(mockedRequest, mockedResponse));
530 public void bulkUploadUsersSingleRoleTest() throws Exception {
531 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/upload/portal/userRole/1");
532 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
533 Map<String, Object> beans = new HashMap<>();
534 beans.put("bean1", rolesController);
535 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
536 PowerMockito.mockStatic(AopUtils.class);
537 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
538 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
539 PortalRestResponse expected = new PortalRestResponse();
540 expected.setStatus(PortalRestStatusEnum.ERROR);
541 expected.setMessage("Failed to bulkUploadUsersSingleRole");
542 expected.setResponse("Failed");
543 assertEquals(expected,
544 auxApiRequestMapperController.bulkUploadUsersSingleRole(mockedRequest, mockedResponse, (long) 1));
548 public void bulkUploadPartnerFunctionsTest() throws Exception {
549 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/upload/partner/roleFunctions");
550 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
551 Map<String, Object> beans = new HashMap<>();
552 beans.put("bean1", rolesController);
553 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
554 PowerMockito.mockStatic(AopUtils.class);
555 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
556 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
557 PortalRestResponse expected = new PortalRestResponse();
558 expected.setStatus(PortalRestStatusEnum.ERROR);
559 expected.setMessage("Failed to bulkUploadPartnerRoleFunctions");
560 expected.setResponse("Failed");
561 assertEquals(expected, auxApiRequestMapperController.bulkUploadPartnerFunctions(mockedRequest, mockedResponse));
565 public void bulkUploadPartnerRolesTest() throws Exception {
566 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/upload/partner/roles");
567 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
568 Map<String, Object> beans = new HashMap<>();
569 beans.put("bean1", rolesController);
570 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
571 PowerMockito.mockStatic(AopUtils.class);
572 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
573 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
574 List<Role> upload = new ArrayList<>();
575 PortalRestResponse expected = new PortalRestResponse();
576 expected.setStatus(PortalRestStatusEnum.ERROR);
577 expected.setMessage("Failed to bulkUploadRoles");
578 expected.setResponse("Failed");
579 assertEquals(expected, auxApiRequestMapperController.bulkUploadPartnerRoles(mockedRequest, mockedResponse, upload));
583 public void bulkUploadPartnerRoleFunctionsTest() throws Exception {
584 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/upload/partner/roleFunctions");
585 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
586 Map<String, Object> beans = new HashMap<>();
587 beans.put("bean1", rolesController);
588 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
589 PowerMockito.mockStatic(AopUtils.class);
590 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
591 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
592 PortalRestResponse expected = new PortalRestResponse();
593 expected.setStatus(PortalRestStatusEnum.ERROR);
594 expected.setMessage("Failed to bulkUploadPartnerRoleFunctions");
595 expected.setResponse("Failed");
596 assertEquals(expected, auxApiRequestMapperController.bulkUploadPartnerRoleFunctions(mockedRequest, mockedResponse));
600 public void getMenuFunctionsTest() throws Exception {
601 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/menuFunctions");
602 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
603 Map<String, Object> beans = new HashMap<>();
604 beans.put("bean1", rolesController);
605 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
606 PowerMockito.mockStatic(AopUtils.class);
607 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
608 Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
609 assertNull(auxApiRequestMapperController.getMenuFunctions(mockedRequest, mockedResponse));
613 public void postUserProfileTest() throws Exception {
614 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/userProfile");
615 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
616 Map<String, Object> beans = new HashMap<>();
617 beans.put("bean1", rolesApprovalSystemController);
618 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
619 PowerMockito.mockStatic(AopUtils.class);
620 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
621 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
622 ExternalSystemUser extSysUser = new ExternalSystemUser();
623 assertNull(auxApiRequestMapperController.postUserProfile(mockedRequest, extSysUser, mockedResponse));
627 public void postUserProfileXSSTest() {
628 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/userProfile");
629 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
630 Map<String, Object> beans = new HashMap<>();
631 beans.put("bean1", rolesApprovalSystemController);
632 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
633 PowerMockito.mockStatic(AopUtils.class);
634 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
635 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
636 ExternalSystemUser extSysUser = new ExternalSystemUser();
637 extSysUser.setLoginId("<script>alert(“XSS”);</script>");
638 PortalRestResponse<String> actual = auxApiRequestMapperController.postUserProfile(mockedRequest, extSysUser, mockedResponse);
639 PortalRestResponse<String> expected = new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ExternalSystemUser is not valid", "Failed");
640 assertEquals(expected, actual);
644 public void putUserProfileTest() throws Exception {
645 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/userProfile");
646 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
647 Map<String, Object> beans = new HashMap<>();
648 beans.put("bean1", rolesApprovalSystemController);
649 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
650 PowerMockito.mockStatic(AopUtils.class);
651 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
652 Mockito.when(mockedRequest.getMethod()).thenReturn("PUT");
653 ExternalSystemUser extSysUser = new ExternalSystemUser();
654 assertNull(auxApiRequestMapperController.putUserProfile(mockedRequest, extSysUser, mockedResponse));
658 public void putUserProfileXSSTest() {
659 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/userProfile");
660 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
661 Map<String, Object> beans = new HashMap<>();
662 beans.put("bean1", rolesApprovalSystemController);
663 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
664 PowerMockito.mockStatic(AopUtils.class);
665 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
666 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
667 ExternalSystemUser extSysUser = new ExternalSystemUser();
668 extSysUser.setLoginId("<script>alert(“XSS”);</script>");
669 PortalRestResponse<String> actual = auxApiRequestMapperController.putUserProfile(mockedRequest, extSysUser, mockedResponse);
670 PortalRestResponse<String> expected = new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ExternalSystemUser is not valid", "Failed");
671 assertEquals(expected, actual);
675 public void deleteUserProfileTest() throws Exception {
676 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/userProfile");
677 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
678 Map<String, Object> beans = new HashMap<>();
679 beans.put("bean1", rolesApprovalSystemController);
680 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
681 PowerMockito.mockStatic(AopUtils.class);
682 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
683 Mockito.when(mockedRequest.getMethod()).thenReturn("DELETE");
684 ExternalSystemUser extSysUser = new ExternalSystemUser();
685 assertNull(auxApiRequestMapperController.deleteUserProfile(mockedRequest, extSysUser, mockedResponse));
689 public void deleteUserProfileXSSTest() throws Exception {
690 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/userProfile");
691 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
692 Map<String, Object> beans = new HashMap<>();
693 beans.put("bean1", rolesApprovalSystemController);
694 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
695 PowerMockito.mockStatic(AopUtils.class);
696 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
697 Mockito.when(mockedRequest.getMethod()).thenReturn("DELETE");
698 ExternalSystemUser extSysUser = new ExternalSystemUser();
699 extSysUser.setLoginId("<script>alert(“XSS”);</script>");
700 PortalRestResponse<String> actual = auxApiRequestMapperController.deleteUserProfile(mockedRequest, extSysUser, mockedResponse);
701 PortalRestResponse<String> expected = new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ExternalSystemUser is not valid", "Failed");
702 assertEquals(expected, actual);
706 public void handleRequestTest() throws Exception {
707 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/ticketevent");
708 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
709 Map<String, Object> beans = new HashMap<>();
710 beans.put("bean1", ticketEventVersionController);
711 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
712 PowerMockito.mockStatic(AopUtils.class);
713 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
714 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
715 assertNull(auxApiRequestMapperController.handleRequest(mockedRequest, mockedResponse, "test"));
719 public void handleRequestXSSTest() throws Exception {
720 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/ticketevent");
721 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
722 Map<String, Object> beans = new HashMap<>();
723 beans.put("bean1", ticketEventVersionController);
724 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
725 PowerMockito.mockStatic(AopUtils.class);
726 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
727 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
728 PortalRestResponse<String> actual = auxApiRequestMapperController.handleRequest(mockedRequest, mockedResponse, "<script>alert(“XSS”);</script>");
729 PortalRestResponse<String> expected = new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ticketEventJson is not valid", "Failed");
730 assertEquals(expected, actual);
734 public void postPortalAdminTest() throws Exception {
735 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/portalAdmin");
736 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
737 Map<String, Object> beans = new HashMap<>();
738 beans.put("bean1", appsControllerExternalVersionRequest);
739 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
740 PowerMockito.mockStatic(AopUtils.class);
741 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
742 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
743 EPUser epUser = new EPUser();
744 assertNull(auxApiRequestMapperController.postPortalAdmin(mockedRequest, mockedResponse, epUser));
748 public void postPortalAdminXSSTest() throws Exception {
749 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/portalAdmin");
750 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
751 Map<String, Object> beans = new HashMap<>();
752 beans.put("bean1", appsControllerExternalVersionRequest);
753 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
754 PowerMockito.mockStatic(AopUtils.class);
755 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
756 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
757 EPUser epUser = new EPUser();
758 epUser.setLoginId("<script>alert(/XSS”)</script>");
759 PortalRestResponse<String> actual = auxApiRequestMapperController.postPortalAdmin(mockedRequest, mockedResponse, epUser);
760 PortalRestResponse<String> expected = new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "EPUser is not valid", "Failed");
761 assertEquals(expected, actual);
765 public void getOnboardAppExternalTest() throws Exception {
766 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/onboardApp/1");
767 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
768 Map<String, Object> beans = new HashMap<>();
769 beans.put("bean1", appsControllerExternalVersionRequest);
770 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
771 PowerMockito.mockStatic(AopUtils.class);
772 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
773 Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
774 assertNull(auxApiRequestMapperController.getOnboardAppExternal(mockedRequest, mockedResponse, (long) 1));
778 public void postOnboardAppExternalTest() throws Exception {
779 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/onboardApp");
780 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
781 Map<String, Object> beans = new HashMap<>();
782 beans.put("bean1", appsControllerExternalVersionRequest);
783 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
784 PowerMockito.mockStatic(AopUtils.class);
785 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
786 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
787 OnboardingApp newOnboardApp = new OnboardingApp();
788 assertNull(auxApiRequestMapperController.postOnboardAppExternal(mockedRequest, mockedResponse, newOnboardApp));
792 public void postOnboardAppExternalXSSTest() throws Exception {
793 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/onboardApp");
794 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
795 Map<String, Object> beans = new HashMap<>();
796 beans.put("bean1", appsControllerExternalVersionRequest);
797 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
798 PowerMockito.mockStatic(AopUtils.class);
799 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
800 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
801 OnboardingApp newOnboardApp = new OnboardingApp();
802 newOnboardApp.setUebKey("�</form><input type=\"date\" onfocus=\"alert(1)\">");
803 PortalRestResponse<String> actual = auxApiRequestMapperController.postOnboardAppExternal(mockedRequest, mockedResponse, newOnboardApp);
804 PortalRestResponse<String> expected = new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "OnboardingApp is not valid", "Failed");
805 assertEquals(expected, actual);
809 public void putOnboardAppExternalTest() throws Exception {
810 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/onboardApp/1");
811 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
812 Map<String, Object> beans = new HashMap<>();
813 beans.put("bean1", appsControllerExternalVersionRequest);
814 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
815 PowerMockito.mockStatic(AopUtils.class);
816 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
817 Mockito.when(mockedRequest.getMethod()).thenReturn("PUT");
818 OnboardingApp newOnboardApp = new OnboardingApp();
819 assertNull(auxApiRequestMapperController.putOnboardAppExternal(mockedRequest, mockedResponse, (long) 1,
824 public void putOnboardAppExternalXSSTest() throws Exception {
825 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/onboardApp/1");
826 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
827 Map<String, Object> beans = new HashMap<>();
828 beans.put("bean1", appsControllerExternalVersionRequest);
829 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
830 PowerMockito.mockStatic(AopUtils.class);
831 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
832 Mockito.when(mockedRequest.getMethod()).thenReturn("PUT");
833 OnboardingApp newOnboardApp = new OnboardingApp();
834 newOnboardApp.setUebTopicName(" <blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera}");
835 PortalRestResponse<String> actual = auxApiRequestMapperController.putOnboardAppExternal(mockedRequest, mockedResponse, (long) 1,
837 PortalRestResponse<String> expected = new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "OnboardingApp is not valid", "Failed");
838 assertEquals(expected, actual);
842 public void publishNotificationTest() throws Exception {
843 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/publishNotification");
844 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
845 Map<String, Object> beans = new HashMap<>();
846 beans.put("bean1", externalAppsRestfulVersionController);
847 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
848 PowerMockito.mockStatic(AopUtils.class);
849 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
850 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
851 EpNotificationItem notificationItem = new EpNotificationItem();
852 assertNotNull(auxApiRequestMapperController.publishNotification(mockedRequest, notificationItem, mockedResponse));
856 public void publishNotificationXSSTest() throws Exception {
857 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/publishNotification");
858 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
859 Map<String, Object> beans = new HashMap<>();
860 beans.put("bean1", externalAppsRestfulVersionController);
861 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
862 PowerMockito.mockStatic(AopUtils.class);
863 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
864 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
865 EpNotificationItem notificationItem = new EpNotificationItem();
866 notificationItem.setIsForAllRoles("</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert(1) {Opera}");
867 PortalAPIResponse actual = auxApiRequestMapperController.publishNotification(mockedRequest, notificationItem, mockedResponse);
868 PortalAPIResponse expected = new PortalAPIResponse(false, "EpNotificationItem is not valid");
869 assertEquals(expected.getMessage(), actual.getMessage());
870 assertEquals(expected.getStatus(), actual.getStatus());
874 public void getFavoritesForUserTest() throws Exception {
875 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/getFavorites");
876 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
877 Map<String, Object> beans = new HashMap<>();
878 beans.put("bean1", externalAppsRestfulVersionController);
879 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
880 PowerMockito.mockStatic(AopUtils.class);
881 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
882 Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
883 assertNull(auxApiRequestMapperController.getFavoritesForUser(mockedRequest, mockedResponse));
887 public void functionalMenuItemsForUserTest() throws Exception {
888 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/functionalMenuItemsForUser");
889 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
890 Map<String, Object> beans = new HashMap<>();
891 beans.put("bean1", externalAppsRestfulVersionController);
892 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
893 PowerMockito.mockStatic(AopUtils.class);
894 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
895 Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
896 assertNull(auxApiRequestMapperController.getFunctionalMenuItemsForUser(mockedRequest, mockedResponse));
900 public void updateAppRoleDescriptionApiTest() throws Exception {
901 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/update/app/roleDescription");
902 PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
903 expectedportalRestResponse.setMessage("updateAppRoleDescription: null");
904 expectedportalRestResponse.setResponse("Failure");
905 expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
906 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
907 Map<String, Object> beans = new HashMap<>();
908 beans.put("bean1", rolesController);
909 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
910 PowerMockito.mockStatic(AopUtils.class);
911 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
912 Mockito.when(mockedRequest.getMethod()).thenReturn("PUT");
913 assertEquals(auxApiRequestMapperController.updateAppRoleDescription(mockedRequest, mockedResponse),
914 expectedportalRestResponse);