2 * ============LICENSE_START==========================================
4 * ===================================================================
5 * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
6 * ===================================================================
7 * Modifications Copyright (c) 2019 Samsung
8 * ===================================================================
10 * Unless otherwise specified, all software contained herein is licensed
11 * under the Apache License, Version 2.0 (the "License");
12 * you may not use this software except in compliance with the License.
13 * You may obtain a copy of the License at
15 * http://www.apache.org/licenses/LICENSE-2.0
17 * Unless required by applicable law or agreed to in writing, software
18 * distributed under the License is distributed on an "AS IS" BASIS,
19 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20 * See the License for the specific language governing permissions and
21 * limitations under the License.
23 * Unless otherwise specified, all documentation contained herein is licensed
24 * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
25 * you may not use this documentation except in compliance with the License.
26 * You may obtain a copy of the License at
28 * https://creativecommons.org/licenses/by/4.0/
30 * Unless required by applicable law or agreed to in writing, documentation
31 * distributed under the License is distributed on an "AS IS" BASIS,
32 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
33 * See the License for the specific language governing permissions and
34 * limitations under the License.
36 * ============LICENSE_END============================================
41 package org.onap.portal.controller;
43 import static junit.framework.TestCase.assertEquals;
44 import static junit.framework.TestCase.assertNull;
45 import static org.mockito.Mockito.when;
47 import java.io.IOException;
48 import java.time.LocalDateTime;
49 import java.util.ArrayList;
50 import java.util.List;
51 import javax.servlet.http.HttpServletRequest;
52 import javax.servlet.http.HttpServletResponse;
53 import org.junit.Before;
54 import org.junit.Test;
55 import org.junit.runner.RunWith;
56 import org.onap.portal.dao.fn.FnLanguageDao;
57 import org.onap.portal.dao.fn.FnUserDao;
58 import org.onap.portal.domain.db.fn.FnLanguage;
59 import org.onap.portal.domain.db.fn.FnUser;
60 import org.onap.portal.domain.db.fn.FnWidget;
61 import org.onap.portal.domain.dto.transport.FieldsValidator;
62 import org.onap.portal.domain.dto.transport.OnboardingWidget;
63 import org.onap.portal.domain.dto.transport.WidgetCatalogPersonalization;
64 import org.onap.portal.framework.MockitoTestSuite;
65 import org.onap.portal.service.WidgetService;
66 import org.onap.portal.service.fn.FnLanguageService;
67 import org.springframework.beans.factory.annotation.Autowired;
68 import org.springframework.boot.test.context.SpringBootTest;
69 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
70 import org.springframework.security.core.userdetails.UsernameNotFoundException;
71 import org.springframework.test.context.TestPropertySource;
72 import org.springframework.test.context.junit4.SpringRunner;
73 import org.springframework.transaction.annotation.Transactional;
75 @RunWith(SpringRunner.class)
77 @TestPropertySource(locations = "classpath:test.properties")
79 public class WidgetsControllerTest {
81 private final UsernamePasswordAuthenticationToken principal = new UsernamePasswordAuthenticationToken("demo",
84 final MockitoTestSuite mockitoTestSuite = new MockitoTestSuite();
86 final HttpServletRequest request = mockitoTestSuite.getMockedRequest();
87 final HttpServletResponse response = mockitoTestSuite.getMockedResponse();
90 private WidgetsController widgetsController;
92 private FnUserDao fnUserDao;
94 private FnLanguageDao fnLanguageDao;
96 private WidgetService widgetService;
98 private FnLanguageService fnLanguageService;
100 private FnLanguage language;
101 private FnUser questUser;
102 private FnUser notQuestUser;
106 this.language = getFnLanguage();
107 this.questUser = getQuestUser();
108 this.notQuestUser = getNotQuestUser();
112 @Test(expected = UsernameNotFoundException.class)
113 public void getOnboardingWidgetsNullUserTest() {
114 UsernamePasswordAuthenticationToken nullPrincipal = new UsernamePasswordAuthenticationToken("nulluser",
116 widgetsController.getOnboardingWidgets(nullPrincipal, request, response);
120 public void getOnboardingWidgetsQuestUserTest() {
121 UsernamePasswordAuthenticationToken questPrincipal = new UsernamePasswordAuthenticationToken("questUser",
123 fnUserDao.save(questUser);
124 List<OnboardingWidget> onboardingWidgets = widgetsController
125 .getOnboardingWidgets(questPrincipal, request, response);
126 assertNull(onboardingWidgets);
129 fnUserDao.delete(questUser);
130 fnLanguageDao.delete(language);
134 public void getOnboardingWidgetsUserTest() {
135 UsernamePasswordAuthenticationToken notQuestprincipal = new UsernamePasswordAuthenticationToken(
138 fnUserDao.save(notQuestUser);
139 List<OnboardingWidget> expected = new ArrayList<>();
140 when(request.getHeader("X-Widgets-Type")).thenReturn("managed");
142 List<OnboardingWidget> actual = widgetsController
143 .getOnboardingWidgets(notQuestprincipal, request, response);
145 assertEquals(expected, actual);
146 fnUserDao.delete(notQuestUser);
150 public void getOnboardingWidgetsWrongHeaderTest() {
151 UsernamePasswordAuthenticationToken notQuestprincipal = new UsernamePasswordAuthenticationToken(
154 fnUserDao.save(notQuestUser);
155 when(request.getHeader("X-Widgets-Type")).thenReturn("test");
156 List<OnboardingWidget> actual = widgetsController
157 .getOnboardingWidgets(notQuestprincipal, request, response);
160 fnUserDao.delete(notQuestUser);
164 public void putOnboardingWidgetSameWidget() {
166 fnUserDao.save(notQuestUser);
167 when(request.getHeader("X-Widgets-Type")).thenReturn("managed");
169 OnboardingWidget onboardingWidget = OnboardingWidget.builder()
173 .appName("Application name")
179 FnWidget fnWidget = FnWidget.builder()
187 widgetService.saveOne(fnWidget);
189 FieldsValidator expected = new FieldsValidator();
191 FieldsValidator actual = widgetsController
192 .putOnboardingWidget(principal, fnWidget.getWidgetId(), onboardingWidget, response);
194 assertEquals(expected.getErrorCode(), actual.getErrorCode());
195 assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode());
196 assertEquals(expected.getFields(), actual.getFields());
200 public void putOnboardingWidgetAOP() {
202 fnUserDao.save(notQuestUser);
203 when(request.getHeader("X-Widgets-Type")).thenReturn("managed");
205 OnboardingWidget onboardingWidget = OnboardingWidget.builder()
215 FnWidget fnWidget = FnWidget.builder()
223 widgetService.saveOne(fnWidget);
225 FieldsValidator expected = new FieldsValidator();
226 expected.setHttpStatusCode(406L);
227 expected.addProblematicFieldName("appName can't be blank, appId value must be higher than 1");
229 FieldsValidator actual = widgetsController
230 .putOnboardingWidget(principal, fnWidget.getWidgetId(), onboardingWidget, response);
232 assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode());
233 assertEquals(expected.getFields().size(), actual.getFields().size());
237 public void putOnboardingWidgetAOPXSSTest() {
239 fnUserDao.save(notQuestUser);
240 when(request.getHeader("X-Widgets-Type")).thenReturn("managed");
242 OnboardingWidget onboardingWidget = OnboardingWidget.builder()
244 .name("<script>alert(“XSS”);</script>\n")
246 .appName("<ScRipT>alert(\"XSS\");</ScRipT>")
252 FieldsValidator expected = new FieldsValidator();
253 expected.setHttpStatusCode(406L);
254 expected.addProblematicFieldName(
255 "appName may have unsafe html content, name may have unsafe html content");
257 FieldsValidator actual = widgetsController
258 .putOnboardingWidget(principal, 15L, onboardingWidget, response);
260 assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode());
261 assertEquals(expected.getFields().size(), actual.getFields().size());
265 public void postOnboardingWidgetXSS() {
267 fnUserDao.save(notQuestUser);
268 when(request.getHeader("X-Widgets-Type")).thenReturn("managed");
270 OnboardingWidget onboardingWidget = OnboardingWidget.builder()
272 .name("<script>alert(“XSS”);</script>\n")
274 .appName("<ScRipT>alert(\"XSS\");</ScRipT>")
280 FieldsValidator expected = new FieldsValidator();
281 expected.setHttpStatusCode(406L);
282 expected.addProblematicFieldName("appName may have unse html content, name may have unsafe html content");
284 FieldsValidator actual = widgetsController.postOnboardingWidget(principal, response, onboardingWidget);
286 assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode());
287 assertEquals(expected.getFields().size(), actual.getFields().size());
291 public void postOnboardingWidget() {
293 fnUserDao.save(notQuestUser);
294 when(request.getHeader("X-Widgets-Type")).thenReturn("managed");
296 OnboardingWidget onboardingWidget = OnboardingWidget.builder()
306 FieldsValidator expected = new FieldsValidator();
307 expected.setHttpStatusCode(200L);
309 FieldsValidator actual = widgetsController.postOnboardingWidget(principal, response, onboardingWidget);
311 assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode());
312 assertEquals(expected.getFields().size(), actual.getFields().size());
316 public void deleteOnboardingWidgetSCFORBIDDEN() {
318 fnUserDao.save(notQuestUser);
319 when(request.getHeader("X-Widgets-Type")).thenReturn("managed");
321 OnboardingWidget onboardingWidget = OnboardingWidget.builder()
331 FnWidget fnWidget = FnWidget.builder()
339 widgetService.saveOne(fnWidget);
343 FieldsValidator expected = new FieldsValidator();
344 expected.setHttpStatusCode(500L);
345 expected.addProblematicFieldName("appName can't be blank, appId value must be higher than 1");
348 widgetsController.putOnboardingWidget(principal, fnWidget.getWidgetId(), onboardingWidget, response);
350 FieldsValidator actual = widgetsController.deleteOnboardingWidget(principal, response, fnWidget.getWidgetId());
352 assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode());
356 public void putWidgetCatalogSelection() throws IOException {
358 WidgetCatalogPersonalization personalization = new WidgetCatalogPersonalization(7L, true);
360 FieldsValidator expected = new FieldsValidator();
361 expected.setHttpStatusCode(200L);
362 expected.addProblematicFieldName("");
364 FieldsValidator actual = widgetsController.putWidgetCatalogSelection(principal, personalization, response);
366 assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode());
369 private FnUser getQuestUser() {
370 return FnUser.builder()
371 .loginId("questUser")
373 .lastLoginDate(LocalDateTime.now())
375 .createdDate(LocalDateTime.now())
376 .modifiedDate(LocalDateTime.now())
378 .languageId(language)
384 private FnUser getNotQuestUser() {
385 return FnUser.builder()
386 .loginId("notQuestUser")
388 .lastLoginDate(LocalDateTime.now())
390 .createdDate(LocalDateTime.now())
391 .modifiedDate(LocalDateTime.now())
394 .languageId(language)
400 private FnLanguage getFnLanguage() {
401 FnLanguage tmp = FnLanguage.builder().languageName("Polish").languageAlias("Pl").build();
402 fnLanguageService.save(tmp);