1 package org.onap.portalapp.portal.controller;
3 * ============LICENSE_START==========================================
5 * ===================================================================
6 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
7 * ===================================================================
9 * Unless otherwise specified, all software contained herein is licensed
10 * under the Apache License, Version 2.0 (the "License");
11 * you may not use this software except in compliance with the License.
12 * You may obtain a copy of the License at
14 * http://www.apache.org/licenses/LICENSE-2.0
16 * Unless required by applicable law or agreed to in writing, software
17 * distributed under the License is distributed on an "AS IS" BASIS,
18 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19 * See the License for the specific language governing permissions and
20 * limitations under the License.
22 * Unless otherwise specified, all documentation contained herein is licensed
23 * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
24 * you may not use this documentation except in compliance with the License.
25 * You may obtain a copy of the License at
27 * https://creativecommons.org/licenses/by/4.0/
29 * Unless required by applicable law or agreed to in writing, documentation
30 * distributed under the License is distributed on an "AS IS" BASIS,
31 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
32 * See the License for the specific language governing permissions and
33 * limitations under the License.
35 * ============LICENSE_END============================================
41 import static org.junit.Assert.assertNotNull;
43 import com.fasterxml.jackson.databind.ObjectMapper;
44 import java.util.ArrayList;
45 import java.util.HashMap;
46 import java.util.List;
48 import java.util.UUID;
49 import javax.servlet.http.HttpServletRequest;
50 import javax.servlet.http.HttpServletResponse;
51 import org.apache.commons.logging.Log;
52 import org.apache.commons.logging.LogFactory;
53 import org.json.JSONObject;
54 import org.junit.Before;
55 import org.junit.Test;
56 import org.junit.runner.RunWith;
57 import org.mockito.InjectMocks;
58 import org.mockito.Matchers;
59 import org.mockito.Mock;
60 import org.mockito.Mockito;
61 import org.mockito.MockitoAnnotations;
62 import org.onap.portalapp.portal.core.MockEPUser;
63 import org.onap.portalapp.portal.domain.SharedContext;
64 import org.onap.portalapp.portal.exceptions.NotValidDataException;
65 import org.onap.portalapp.portal.framework.MockitoTestSuite;
66 import org.onap.portalapp.portal.service.SharedContextService;
67 import org.onap.portalapp.portal.utils.EPCommonSystemProperties;
68 import org.powermock.api.mockito.PowerMockito;
69 import org.powermock.core.classloader.annotations.PrepareForTest;
70 import org.powermock.modules.junit4.PowerMockRunner;
73 * Tests the endpoints exposed by the Shared Context controller in Portal.
75 @RunWith(PowerMockRunner.class)
76 @PrepareForTest({SharedContext.class,EPCommonSystemProperties.class})
78 public class SharedContextRestControllerTest {
81 SharedContextService contextService;
84 SharedContextRestController sharedContextRestController=new SharedContextRestController(contextService);
88 MockitoAnnotations.initMocks(this);
92 MockEPUser mockUser = new MockEPUser();
93 MockitoTestSuite mockitoTestSuite = new MockitoTestSuite();
95 HttpServletRequest mockedRequest = mockitoTestSuite.getMockedRequest();
96 HttpServletResponse mockedResponse = mockitoTestSuite.getMockedResponse();
97 NullPointerException nullPointerException = new NullPointerException();
99 private final Log logger = LogFactory.getLog(getClass());
101 //private final SharedContextTestProperties properties;
103 private final String ckey = "ckey";
104 private final String cvalue = "cvalue";
106 // Supposed to be a Portal session ID
107 private final String cxid = UUID.randomUUID().toString();
109 private final String key = "key123";
110 private final String value1 = "first value";
111 private final String value2 = "second value";
113 /*public SharedContextRestControllerTest() throws IOException {
114 properties = new SharedContextTestProperties();
117 @SuppressWarnings("unchecked")
119 /*public void test() throws Exception {
120 String response = null, val = null;
121 ObjectMapper mapper = new ObjectMapper();
122 Map<String, Object> responseMap, jsonMap;
124 logger.info("Get on empty context");
125 response = SharedContextRestClient.getJson(properties, "get", cxid, key);
126 // Should not exist - just generated the UUID
127 Map<String, Object> responseMap1 = mapper.readValue(response, Map.class);
128 response = (String) responseMap1.get("response");
129 Assert.assertNull(response);
131 logger.info("Set a new context");
132 response = setContext(cxid, key, value1);
133 Assert.assertNotNull(response);
134 responseMap = mapper.readValue(response, Map.class);
135 String responseValue = (String) responseMap.get("response");
136 Assert.assertNotNull(responseValue);
137 Assert.assertEquals("added", responseValue);
139 logger.info("Get existing context");
140 response = SharedContextRestClient.getJson(properties, "get", cxid, key);
141 responseMap = mapper.readValue(response, Map.class);
142 jsonMap = (Map<String,Object>) responseMap.get("response");
143 Assert.assertNotNull(jsonMap);
144 val = (String) jsonMap.get(cvalue);
145 Assert.assertEquals(val, value1);
147 logger.info("Overwrite exiting context");
148 response = setContext(cxid, key, value2);
149 Assert.assertNotNull(response);
150 responseMap = mapper.readValue(response, Map.class);
151 response = (String) responseMap.get("response");
152 Assert.assertNotNull(responseValue);
153 // Assert.assertEquals("replaced", responseValue);
155 logger.info("Get existing context to verify overwrite");
156 response = SharedContextRestClient.getJson(properties, "get", cxid, key);
157 responseMap = mapper.readValue(response, Map.class);
158 jsonMap = (Map<String,Object>) responseMap.get("response");
159 Assert.assertNotNull(jsonMap);
160 val = (String) jsonMap.get(cvalue);
161 Assert.assertEquals(val, value2);
163 logger.info("Delete one context");
164 response = SharedContextRestClient.getJson(properties, "remove", cxid, key);
165 responseMap = mapper.readValue(response, Map.class);
166 response = (String) responseMap.get("response");
167 Assert.assertEquals(response, "removed");
169 logger.info("Clear the context");
170 response = SharedContextRestClient.getJson(properties, "clear", cxid, null);
171 Assert.assertEquals("", response);
174 private String setContext(String context, String id, String value) throws Exception {
175 ObjectMapper mapper = new ObjectMapper();
176 HashMap<String,String> stringMap = new HashMap<String,String>();
177 stringMap.put("context_id", cxid);
178 stringMap.put(ckey, key);
179 stringMap.put(cvalue, value2);
180 String json = mapper.writeValueAsString(stringMap);
181 String response = SharedContextRestClient.postJson(properties, "set", json);
186 public void getContextTest() throws Exception{
187 SharedContext sharedContext=new SharedContext();
188 sharedContext.setContext_id("test_contextid");
189 sharedContext.setCkey("test_ckey");
190 Mockito.when(contextService.getSharedContext(Matchers.any(), Matchers.any())).thenReturn(sharedContext);
191 String result = sharedContextRestController.getContext(mockedRequest, "12","test");
192 assertNotNull(result);
196 public void getContextTestWithContextNull() throws Exception{
197 SharedContext sharedContext=new SharedContext();
198 sharedContext.setContext_id("test_contextid");
199 sharedContext.setCkey("test_ckey");
200 Mockito.when(contextService.getSharedContext(Matchers.any(), Matchers.any())).thenReturn(null);
201 String result = sharedContextRestController.getContext(mockedRequest, "12","test");
202 assertNotNull(result);
205 @Test(expected=Exception.class)
206 public void getContextTestWithException() throws Exception{
207 sharedContextRestController.getContext(mockedRequest, null,null);
210 @Test(expected=NotValidDataException.class)
211 public void getContextTestNotValidDataException() throws Exception{
212 sharedContextRestController.getContext(mockedRequest, "<script>alert(\"hellox worldss\");</script>","test");
215 @Test(expected=NotValidDataException.class)
216 public void getContextTest2NotValidDataException() throws Exception{
217 sharedContextRestController.getContext(mockedRequest, "test","“><script>alert(“XSS”)</script>");
220 @Test(expected=NotValidDataException.class)
221 public void getContextTest3NotValidDataException() throws Exception{
222 sharedContextRestController.getContext(mockedRequest, "<ScRipT>alert(\"XSS\");</ScRipT>","“><script>alert(“XSS”)</script>");
225 @Test(expected= Exception.class)
226 public void getUserContextTest() throws Exception{
227 sharedContextRestController.getUserContext(mockedRequest, null);
230 @Test(expected= NotValidDataException.class)
231 public void getUserContextXSSTest() throws Exception{
232 sharedContextRestController.getUserContext(mockedRequest, "<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}");
236 public void getUserContextTestWithContext() throws Exception{
237 PowerMockito.mock(SharedContext.class);
238 SharedContext sharedContext=new SharedContext();
239 sharedContext.setContext_id("test_contextid");
240 sharedContext.setCkey("test_ckey");
241 List<SharedContext> listSharedContext = new ArrayList<SharedContext>();
242 listSharedContext.add(sharedContext);
243 Mockito.when(contextService.getSharedContext(Matchers.any(),Matchers.any())).thenReturn(sharedContext);
244 String response=sharedContextRestController.getUserContext(mockedRequest, "12");
245 assertNotNull(response);
249 public void checkContextTest() throws Exception{
250 SharedContext sharedContext=new SharedContext();
251 sharedContext.setContext_id("test_contextid");
252 sharedContext.setCkey("test_ckey");
253 Mockito.when(contextService.getSharedContext(Matchers.any(),Matchers.any())).thenReturn(sharedContext);
254 String response=sharedContextRestController.checkContext(mockedRequest, "12","test");
255 assertNotNull(response);
258 @Test(expected=Exception.class)
259 public void checkContextTestWithContextIdNull() throws Exception{
260 SharedContext sharedContext=new SharedContext();
261 sharedContext.setContext_id("test_contextid");
262 sharedContext.setCkey("test_ckey");
263 Mockito.when(contextService.getSharedContext(Matchers.any(),Matchers.any())).thenReturn(sharedContext);
264 sharedContextRestController.checkContext(mockedRequest, null,null);
267 @Test(expected=NotValidDataException.class)
268 public void checkContextTestWithContextXSSl() throws Exception{
269 SharedContext sharedContext=new SharedContext();
270 sharedContext.setContext_id("test_contextid");
271 sharedContext.setCkey("test_ckey");
272 Mockito.when(contextService.getSharedContext(Matchers.any(),Matchers.any())).thenReturn(sharedContext);
273 sharedContextRestController.checkContext(mockedRequest,
274 "<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?","<script>alert(123);</script>");
278 public void removeContextTest() throws Exception{
279 SharedContext sharedContext=new SharedContext();
280 sharedContext.setContext_id("test_contextid");
281 sharedContext.setCkey("test_ckey");
282 Mockito.when(contextService.getSharedContext(Matchers.any(),Matchers.any())).thenReturn(sharedContext);
284 //Mockito.when(contextService.deleteSharedContext(sharedContext));
285 String actual=sharedContextRestController.removeContext(mockedRequest, "12","test");
286 assertNotNull(actual);
290 @Test(expected=Exception.class)
291 public void removeContextTestWithContextNull() throws Exception{
292 SharedContext sharedContext=new SharedContext();
293 sharedContext.setContext_id("test_contextid");
294 sharedContext.setCkey("test_ckey");
295 Mockito.when(contextService.getSharedContext(Matchers.any(),Matchers.any())).thenReturn(sharedContext);
297 //Mockito.when(contextService.deleteSharedContext(sharedContext));
298 String actual=sharedContextRestController.removeContext(mockedRequest, null,null);
299 assertNotNull(actual);
303 @Test(expected=NotValidDataException.class)
304 public void removeContextTestWithContextXSS() throws Exception{
305 SharedContext sharedContext=new SharedContext();
306 sharedContext.setContext_id("test_contextid");
307 sharedContext.setCkey("test_ckey");
308 Mockito.when(contextService.getSharedContext(Matchers.any(),Matchers.any())).thenReturn(sharedContext);
310 //Mockito.when(contextService.deleteSharedContext(sharedContext));
311 String actual=sharedContextRestController.removeContext(mockedRequest,
312 "<script>alert(“XSS”)</script> ","<script>alert(/XSS/)</script>");
313 assertNotNull(actual);
317 @Test(expected=Exception.class)
318 public void clearContextTestwithContextIdNull() throws Exception{
320 Mockito.when(contextService.deleteSharedContexts(Matchers.any())).thenReturn(12);
322 String actual=sharedContextRestController.clearContext(mockedRequest,null);
323 assertNotNull(actual);
327 @Test(expected=NotValidDataException.class)
328 public void clearContextTestwithContextXSS() throws Exception{
330 Mockito.when(contextService.deleteSharedContexts(Matchers.any())).thenReturn(12);
332 String actual=sharedContextRestController.clearContext(mockedRequest,"<script>alert(123)</script>");
333 assertNotNull(actual);
338 public void clearContextTest() throws Exception{
340 Mockito.when(contextService.deleteSharedContexts(Matchers.any())).thenReturn(12);
342 String actual=sharedContextRestController.clearContext(mockedRequest,"12");
343 assertNotNull(actual);
348 public void setContextTest() throws Exception{
349 ObjectMapper mapper = new ObjectMapper();
350 Map<String, Object> userData = new HashMap<String, Object>();
351 userData.put("context_id", "test_contextId");
352 userData.put("ckey", "test_ckey");
353 userData.put("cvalue", "test_cvalue");
354 //String testUserJson=Matchers.anyString();
355 JSONObject testUserJson = new JSONObject();
356 testUserJson.put("context_id", "test1ContextId");
357 testUserJson.put("ckey", "testCkey");
358 testUserJson.put("cvalue", "testCValue");
359 Map<String, Object> userData1 = mapper.readValue(testUserJson.toString(), Map.class);
360 SharedContext sharedContext=new SharedContext();
361 sharedContext.setContext_id("test_contextid");
362 sharedContext.setCkey("test_ckey");
363 Mockito.when(contextService.getSharedContext(Matchers.any(),Matchers.any())).thenReturn(sharedContext);
364 // Mockito.when(mapper.readValue("true", Map.class)).thenReturn(userData);
365 String actual=sharedContextRestController.setContext(mockedRequest,testUserJson.toString());
369 @Test(expected=Exception.class)
370 public void setContextTestWithContextNull() throws Exception{
371 ObjectMapper mapper = new ObjectMapper();
372 Map<String, Object> userData = new HashMap<String, Object>();
373 userData.put("context_id", "test_contextId");
374 userData.put("ckey", "test_ckey");
375 userData.put("cvalue", "test_cvalue");
376 //String testUserJson=Matchers.anyString();
377 JSONObject testUserJson = new JSONObject();
378 testUserJson.put("context_id", "test1ContextId");
379 testUserJson.put("ckey", "testCkey");
380 testUserJson.put("cvalue", "testCValue");
381 Map<String, Object> userData1 = mapper.readValue(testUserJson.toString(), Map.class);
382 SharedContext sharedContext=new SharedContext();
383 sharedContext.setContext_id("test_contextid");
384 sharedContext.setCkey("test_ckey");
385 Mockito.when(contextService.getSharedContext(Matchers.any(),Matchers.any())).thenReturn(null);
386 Mockito.when(userData1.get(ckey)).thenReturn(null);
387 Mockito.when(userData1.get(cxid)).thenReturn(null);
389 // Mockito.when(mapper.readValue("true", Map.class)).thenReturn(userData);
390 String actual=sharedContextRestController.setContext(mockedRequest,testUserJson.toString());
394 @Test(expected=NotValidDataException.class)
395 public void setContextTestWithContextXSS() throws Exception{
396 ObjectMapper mapper = new ObjectMapper();
397 Map<String, Object> userData = new HashMap<String, Object>();
398 userData.put("context_id", "test_contextId");
399 userData.put("ckey", "<script>alert(‘XSS’)</script>");
400 userData.put("cvalue", "test_cvalue");
401 //String testUserJson=Matchers.anyString();
402 JSONObject testUserJson = new JSONObject();
403 testUserJson.put("context_id", "test1ContextId");
404 testUserJson.put("ckey", "testCkey");
405 testUserJson.put("cvalue", "<script>alert(‘XSS’)</script>");
406 Map<String, Object> userData1 = mapper.readValue(testUserJson.toString(), Map.class);
407 SharedContext sharedContext=new SharedContext();
408 sharedContext.setContext_id("test_contextid");
409 sharedContext.setCkey("test_ckey");
410 Mockito.when(contextService.getSharedContext(Matchers.any(),Matchers.any())).thenReturn(sharedContext);
411 // Mockito.when(mapper.readValue("true", Map.class)).thenReturn(userData);
412 String actual=sharedContextRestController.setContext(mockedRequest,testUserJson.toString());