2 * ============LICENSE_START==========================================
4 * ===================================================================
5 * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
6 * ===================================================================
7 * Modifications Copyright (c) 2019 Samsung
8 * ===================================================================
10 * Unless otherwise specified, all software contained herein is licensed
11 * under the Apache License, Version 2.0 (the "License");
12 * you may not use this software except in compliance with the License.
13 * You may obtain a copy of the License at
15 * http://www.apache.org/licenses/LICENSE-2.0
17 * Unless required by applicable law or agreed to in writing, software
18 * distributed under the License is distributed on an "AS IS" BASIS,
19 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20 * See the License for the specific language governing permissions and
21 * limitations under the License.
23 * Unless otherwise specified, all documentation contained herein is licensed
24 * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
25 * you may not use this documentation except in compliance with the License.
26 * You may obtain a copy of the License at
28 * https://creativecommons.org/licenses/by/4.0/
30 * Unless required by applicable law or agreed to in writing, documentation
31 * distributed under the License is distributed on an "AS IS" BASIS,
32 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
33 * See the License for the specific language governing permissions and
34 * limitations under the License.
36 * ============LICENSE_END============================================
41 package org.onap.portal.controller;
43 import static junit.framework.TestCase.assertEquals;
44 import static junit.framework.TestCase.assertNull;
45 import static org.mockito.Mockito.when;
47 import java.io.IOException;
48 import java.time.LocalDateTime;
49 import java.util.ArrayList;
50 import java.util.List;
51 import javax.servlet.http.HttpServletRequest;
52 import javax.servlet.http.HttpServletResponse;
53 import org.junit.Test;
54 import org.junit.runner.RunWith;
55 import org.onap.portal.dao.fn.FnLanguageDao;
56 import org.onap.portal.dao.fn.FnUserDao;
57 import org.onap.portal.domain.db.fn.FnLanguage;
58 import org.onap.portal.domain.db.fn.FnUser;
59 import org.onap.portal.domain.db.fn.FnWidget;
60 import org.onap.portal.domain.dto.transport.FieldsValidator;
61 import org.onap.portal.domain.dto.transport.OnboardingWidget;
62 import org.onap.portal.domain.dto.transport.WidgetCatalogPersonalization;
63 import org.onap.portal.framework.MockitoTestSuite;
64 import org.onap.portal.service.WidgetService;
65 import org.springframework.beans.factory.annotation.Autowired;
66 import org.springframework.boot.test.context.SpringBootTest;
67 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
68 import org.springframework.security.core.userdetails.UsernameNotFoundException;
69 import org.springframework.test.context.TestPropertySource;
70 import org.springframework.test.context.junit4.SpringRunner;
71 import org.springframework.transaction.annotation.Transactional;
73 @RunWith(SpringRunner.class)
75 @TestPropertySource(locations = "classpath:test.properties")
77 public class WidgetsControllerTest {
79 private UsernamePasswordAuthenticationToken principal = new UsernamePasswordAuthenticationToken("demo",
82 MockitoTestSuite mockitoTestSuite = new MockitoTestSuite();
84 HttpServletRequest request = mockitoTestSuite.getMockedRequest();
85 HttpServletResponse response = mockitoTestSuite.getMockedResponse();
88 private WidgetsController widgetsController;
90 private FnUserDao fnUserDao;
92 private FnLanguageDao fnLanguageDao;
94 private WidgetService widgetService;
96 private FnLanguage language = getFnLanguage();
97 private FnUser questUser = getQuestUser();
98 private FnUser notQuestUser = getNotQuestUser();
100 @Test(expected = UsernameNotFoundException.class)
101 public void getOnboardingWidgetsNullUserTest() {
102 UsernamePasswordAuthenticationToken nullPrincipal = new UsernamePasswordAuthenticationToken("nulluser",
104 widgetsController.getOnboardingWidgets(nullPrincipal, request, response);
108 public void getOnboardingWidgetsQuestUserTest() {
109 UsernamePasswordAuthenticationToken questPrincipal = new UsernamePasswordAuthenticationToken("questUser",
111 fnUserDao.save(questUser);
112 List<OnboardingWidget> onboardingWidgets = widgetsController
113 .getOnboardingWidgets(questPrincipal, request, response);
114 assertNull(onboardingWidgets);
117 fnUserDao.delete(questUser);
118 fnLanguageDao.delete(language);
122 public void getOnboardingWidgetsUserTest() {
123 UsernamePasswordAuthenticationToken notQuestprincipal = new UsernamePasswordAuthenticationToken(
126 fnUserDao.save(notQuestUser);
127 List<OnboardingWidget> expected = new ArrayList<>();
128 when(request.getHeader("X-Widgets-Type")).thenReturn("managed");
130 List<OnboardingWidget> actual = widgetsController
131 .getOnboardingWidgets(notQuestprincipal, request, response);
133 assertEquals(expected, actual);
134 fnUserDao.delete(notQuestUser);
138 public void getOnboardingWidgetsWrongHeaderTest() {
139 UsernamePasswordAuthenticationToken notQuestprincipal = new UsernamePasswordAuthenticationToken(
142 fnUserDao.save(notQuestUser);
143 when(request.getHeader("X-Widgets-Type")).thenReturn("test");
144 List<OnboardingWidget> actual = widgetsController
145 .getOnboardingWidgets(notQuestprincipal, request, response);
148 fnUserDao.delete(notQuestUser);
152 public void putOnboardingWidgetSameWidget() {
154 fnUserDao.save(notQuestUser);
155 when(request.getHeader("X-Widgets-Type")).thenReturn("managed");
157 OnboardingWidget onboardingWidget = OnboardingWidget.builder()
161 .appName("Application name")
167 FnWidget fnWidget = FnWidget.builder()
175 widgetService.saveOne(fnWidget);
177 FieldsValidator expected = new FieldsValidator();
179 FieldsValidator actual = widgetsController
180 .putOnboardingWidget(principal, fnWidget.getWidgetId(), onboardingWidget, response);
182 assertEquals(expected.getErrorCode(), actual.getErrorCode());
183 assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode());
184 assertEquals(expected.getFields(), actual.getFields());
188 public void putOnboardingWidgetAOP() {
190 fnUserDao.save(notQuestUser);
191 when(request.getHeader("X-Widgets-Type")).thenReturn("managed");
193 OnboardingWidget onboardingWidget = OnboardingWidget.builder()
203 FnWidget fnWidget = FnWidget.builder()
211 widgetService.saveOne(fnWidget);
213 FieldsValidator expected = new FieldsValidator();
214 expected.setHttpStatusCode(406L);
215 expected.addProblematicFieldName("appName can't be blank, appId value must be higher than 1");
217 FieldsValidator actual = widgetsController
218 .putOnboardingWidget(principal, fnWidget.getWidgetId(), onboardingWidget, response);
220 assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode());
221 assertEquals(expected.getFields().size(), actual.getFields().size());
225 public void putOnboardingWidgetAOPXSSTest() {
227 fnUserDao.save(notQuestUser);
228 when(request.getHeader("X-Widgets-Type")).thenReturn("managed");
230 OnboardingWidget onboardingWidget = OnboardingWidget.builder()
232 .name("<script>alert(“XSS”);</script>\n")
234 .appName("<ScRipT>alert(\"XSS\");</ScRipT>")
240 FieldsValidator expected = new FieldsValidator();
241 expected.setHttpStatusCode(406L);
242 expected.addProblematicFieldName(
243 "appName may have unsafe html content, name may have unsafe html content");
245 FieldsValidator actual = widgetsController
246 .putOnboardingWidget(principal, 15L, onboardingWidget, response);
248 assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode());
249 assertEquals(expected.getFields().size(), actual.getFields().size());
253 public void postOnboardingWidgetXSS() {
255 fnUserDao.save(notQuestUser);
256 when(request.getHeader("X-Widgets-Type")).thenReturn("managed");
258 OnboardingWidget onboardingWidget = OnboardingWidget.builder()
260 .name("<script>alert(“XSS”);</script>\n")
262 .appName("<ScRipT>alert(\"XSS\");</ScRipT>")
268 FieldsValidator expected = new FieldsValidator();
269 expected.setHttpStatusCode(406L);
270 expected.addProblematicFieldName("appName may have unse html content, name may have unsafe html content");
272 FieldsValidator actual = widgetsController.postOnboardingWidget(principal, response, onboardingWidget);
274 assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode());
275 assertEquals(expected.getFields().size(), actual.getFields().size());
279 public void postOnboardingWidget() {
281 fnUserDao.save(notQuestUser);
282 when(request.getHeader("X-Widgets-Type")).thenReturn("managed");
284 OnboardingWidget onboardingWidget = OnboardingWidget.builder()
294 FieldsValidator expected = new FieldsValidator();
295 expected.setHttpStatusCode(200L);
297 FieldsValidator actual = widgetsController.postOnboardingWidget(principal, response, onboardingWidget);
299 assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode());
300 assertEquals(expected.getFields().size(), actual.getFields().size());
304 public void deleteOnboardingWidgetSCFORBIDDEN() {
306 fnUserDao.save(notQuestUser);
307 when(request.getHeader("X-Widgets-Type")).thenReturn("managed");
309 OnboardingWidget onboardingWidget = OnboardingWidget.builder()
319 FnWidget fnWidget = FnWidget.builder()
327 widgetService.saveOne(fnWidget);
331 FieldsValidator expected = new FieldsValidator();
332 expected.setHttpStatusCode(500L);
333 expected.addProblematicFieldName("appName can't be blank, appId value must be higher than 1");
336 widgetsController.putOnboardingWidget(principal, fnWidget.getWidgetId(), onboardingWidget, response);
338 FieldsValidator actual = widgetsController.deleteOnboardingWidget(principal, response, fnWidget.getWidgetId());
340 assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode());
344 public void putWidgetCatalogSelection() throws IOException {
346 WidgetCatalogPersonalization personalization = new WidgetCatalogPersonalization(7L, true);
348 FieldsValidator expected = new FieldsValidator();
349 expected.setHttpStatusCode(200L);
350 expected.addProblematicFieldName("");
352 FieldsValidator actual = widgetsController.putWidgetCatalogSelection(principal, personalization, response);
354 assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode());
357 private FnUser getQuestUser() {
358 return FnUser.builder()
359 .loginId("questUser")
361 .lastLoginDate(LocalDateTime.now())
363 .createdDate(LocalDateTime.now())
364 .modifiedDate(LocalDateTime.now())
366 .languageId(language)
372 private FnUser getNotQuestUser() {
373 return FnUser.builder()
374 .loginId("notQuestUser")
376 .lastLoginDate(LocalDateTime.now())
378 .createdDate(LocalDateTime.now())
379 .modifiedDate(LocalDateTime.now())
382 .languageId(language)
387 private FnLanguage getFnLanguage() {
388 return FnLanguage.builder().languageName("Polish").languageAlias("Pl").build();