2 * ============LICENSE_START==========================================
4 * ===================================================================
5 * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
6 * ===================================================================
7 * Modifications Copyright (c) 2019 Samsung
8 * ===================================================================
10 * Unless otherwise specified, all software contained herein is licensed
11 * under the Apache License, Version 2.0 (the "License");
12 * you may not use this software except in compliance with the License.
13 * You may obtain a copy of the License at
15 * http://www.apache.org/licenses/LICENSE-2.0
17 * Unless required by applicable law or agreed to in writing, software
18 * distributed under the License is distributed on an "AS IS" BASIS,
19 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20 * See the License for the specific language governing permissions and
21 * limitations under the License.
23 * Unless otherwise specified, all documentation contained herein is licensed
24 * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
25 * you may not use this documentation except in compliance with the License.
26 * You may obtain a copy of the License at
28 * https://creativecommons.org/licenses/by/4.0/
30 * Unless required by applicable law or agreed to in writing, documentation
31 * distributed under the License is distributed on an "AS IS" BASIS,
32 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
33 * See the License for the specific language governing permissions and
34 * limitations under the License.
36 * ============LICENSE_END============================================
41 package org.onap.portal.controller;
43 import static junit.framework.TestCase.assertEquals;
44 import static junit.framework.TestCase.assertNull;
45 import static org.mockito.Mockito.when;
47 import java.io.IOException;
48 import java.time.LocalDateTime;
49 import java.util.ArrayList;
50 import java.util.List;
51 import javax.servlet.http.HttpServletRequest;
52 import javax.servlet.http.HttpServletResponse;
53 import org.junit.Before;
54 import org.junit.Test;
55 import org.junit.runner.RunWith;
56 import org.onap.portal.domain.db.fn.FnLanguage;
57 import org.onap.portal.domain.db.fn.FnUser;
58 import org.onap.portal.domain.db.fn.FnWidget;
59 import org.onap.portal.domain.dto.transport.FieldsValidator;
60 import org.onap.portal.domain.dto.transport.OnboardingWidget;
61 import org.onap.portal.domain.dto.transport.WidgetCatalogPersonalization;
62 import org.onap.portal.framework.MockitoTestSuite;
63 import org.onap.portal.service.user.FnUserService;
64 import org.onap.portal.service.widget.WidgetService;
65 import org.onap.portal.service.language.FnLanguageService;
66 import org.springframework.beans.factory.annotation.Autowired;
67 import org.springframework.boot.test.context.SpringBootTest;
68 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
69 import org.springframework.security.core.userdetails.UsernameNotFoundException;
70 import org.springframework.test.context.TestPropertySource;
71 import org.springframework.test.context.junit4.SpringRunner;
72 import org.springframework.transaction.annotation.Transactional;
74 @RunWith(SpringRunner.class)
76 @TestPropertySource(locations = "classpath:test.properties")
78 public class WidgetsControllerTest {
80 private final UsernamePasswordAuthenticationToken principal = new UsernamePasswordAuthenticationToken("demo",
83 final MockitoTestSuite mockitoTestSuite = new MockitoTestSuite();
85 final HttpServletRequest request = mockitoTestSuite.getMockedRequest();
86 final HttpServletResponse response = mockitoTestSuite.getMockedResponse();
89 private WidgetsController widgetsController;
91 private WidgetService widgetService;
93 private FnLanguageService fnLanguageService;
95 FnUserService fnUserService;
96 private FnLanguage language;
97 private FnUser questUser;
98 private FnUser notQuestUser;
102 this.language = getFnLanguage();
103 this.questUser = getQuestUser();
104 this.notQuestUser = getNotQuestUser();
108 @Test(expected = UsernameNotFoundException.class)
109 public void getOnboardingWidgetsNullUserTest() {
110 UsernamePasswordAuthenticationToken nullPrincipal = new UsernamePasswordAuthenticationToken("nulluser",
112 widgetsController.getOnboardingWidgets(nullPrincipal, request, response);
116 public void getOnboardingWidgetsQuestUserTest() {
117 UsernamePasswordAuthenticationToken questPrincipal = new UsernamePasswordAuthenticationToken("questUser",
119 fnUserService.save(questUser);
120 List<OnboardingWidget> onboardingWidgets = widgetsController
121 .getOnboardingWidgets(questPrincipal, request, response);
122 assertNull(onboardingWidgets);
125 fnUserService.delete(questUser);
126 fnLanguageService.delete(language);
130 public void getOnboardingWidgetsUserTest() {
131 UsernamePasswordAuthenticationToken notQuestprincipal = new UsernamePasswordAuthenticationToken(
134 fnUserService.save(notQuestUser);
135 List<OnboardingWidget> expected = new ArrayList<>();
136 when(request.getHeader("X-Widgets-Type")).thenReturn("managed");
138 List<OnboardingWidget> actual = widgetsController
139 .getOnboardingWidgets(notQuestprincipal, request, response);
141 assertEquals(expected, actual);
142 fnUserService.delete(notQuestUser);
146 public void getOnboardingWidgetsWrongHeaderTest() {
147 UsernamePasswordAuthenticationToken notQuestprincipal = new UsernamePasswordAuthenticationToken(
150 fnUserService.save(notQuestUser);
151 when(request.getHeader("X-Widgets-Type")).thenReturn("test");
152 List<OnboardingWidget> actual = widgetsController
153 .getOnboardingWidgets(notQuestprincipal, request, response);
156 fnUserService.delete(notQuestUser);
160 public void putOnboardingWidgetSameWidget() {
162 fnUserService.save(notQuestUser);
163 when(request.getHeader("X-Widgets-Type")).thenReturn("managed");
165 OnboardingWidget onboardingWidget = OnboardingWidget.builder()
169 .appName("Application name")
175 FnWidget fnWidget = FnWidget.builder()
183 widgetService.saveOne(fnWidget);
185 FieldsValidator expected = new FieldsValidator();
187 FieldsValidator actual = widgetsController
188 .putOnboardingWidget(principal, fnWidget.getWidgetId(), onboardingWidget, response);
190 assertEquals(expected.getErrorCode(), actual.getErrorCode());
191 assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode());
192 assertEquals(expected.getFields(), actual.getFields());
196 public void putOnboardingWidgetAOP() {
198 fnUserService.save(notQuestUser);
199 when(request.getHeader("X-Widgets-Type")).thenReturn("managed");
201 OnboardingWidget onboardingWidget = OnboardingWidget.builder()
211 FnWidget fnWidget = FnWidget.builder()
219 widgetService.saveOne(fnWidget);
221 FieldsValidator expected = new FieldsValidator();
222 expected.setHttpStatusCode(406L);
223 expected.addProblematicFieldName("appName can't be blank, appId value must be higher than 1");
225 FieldsValidator actual = widgetsController
226 .putOnboardingWidget(principal, fnWidget.getWidgetId(), onboardingWidget, response);
228 assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode());
229 assertEquals(expected.getFields().size(), actual.getFields().size());
233 public void putOnboardingWidgetAOPXSSTest() {
235 fnUserService.save(notQuestUser);
236 when(request.getHeader("X-Widgets-Type")).thenReturn("managed");
238 OnboardingWidget onboardingWidget = OnboardingWidget.builder()
240 .name("<script>alert(“XSS”);</script>\n")
242 .appName("<ScRipT>alert(\"XSS\");</ScRipT>")
248 FieldsValidator expected = new FieldsValidator();
249 expected.setHttpStatusCode(406L);
250 expected.addProblematicFieldName(
251 "appName may have unsafe html content, name may have unsafe html content");
253 FieldsValidator actual = widgetsController
254 .putOnboardingWidget(principal, 15L, onboardingWidget, response);
256 assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode());
257 assertEquals(expected.getFields().size(), actual.getFields().size());
261 public void postOnboardingWidgetXSS() {
263 fnUserService.save(notQuestUser);
264 when(request.getHeader("X-Widgets-Type")).thenReturn("managed");
266 OnboardingWidget onboardingWidget = OnboardingWidget.builder()
268 .name("<script>alert(“XSS”);</script>\n")
270 .appName("<ScRipT>alert(\"XSS\");</ScRipT>")
276 FieldsValidator expected = new FieldsValidator();
277 expected.setHttpStatusCode(406L);
278 expected.addProblematicFieldName("appName may have unse html content, name may have unsafe html content");
280 FieldsValidator actual = widgetsController.postOnboardingWidget(principal, response, onboardingWidget);
282 assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode());
283 assertEquals(expected.getFields().size(), actual.getFields().size());
287 public void postOnboardingWidget() {
289 fnUserService.save(notQuestUser);
290 when(request.getHeader("X-Widgets-Type")).thenReturn("managed");
292 OnboardingWidget onboardingWidget = OnboardingWidget.builder()
302 FieldsValidator expected = new FieldsValidator();
303 expected.setHttpStatusCode(200L);
305 FieldsValidator actual = widgetsController.postOnboardingWidget(principal, response, onboardingWidget);
307 assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode());
308 assertEquals(expected.getFields().size(), actual.getFields().size());
312 public void deleteOnboardingWidgetSCFORBIDDEN() {
314 fnUserService.save(notQuestUser);
315 when(request.getHeader("X-Widgets-Type")).thenReturn("managed");
317 OnboardingWidget onboardingWidget = OnboardingWidget.builder()
327 FnWidget fnWidget = FnWidget.builder()
335 widgetService.saveOne(fnWidget);
339 FieldsValidator expected = new FieldsValidator();
340 expected.setHttpStatusCode(500L);
341 expected.addProblematicFieldName("appName can't be blank, appId value must be higher than 1");
344 widgetsController.putOnboardingWidget(principal, fnWidget.getWidgetId(), onboardingWidget, response);
346 FieldsValidator actual = widgetsController.deleteOnboardingWidget(principal, response, fnWidget.getWidgetId());
348 assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode());
352 public void putWidgetCatalogSelection() throws IOException {
354 WidgetCatalogPersonalization personalization = new WidgetCatalogPersonalization(7L, true);
356 FieldsValidator expected = new FieldsValidator();
357 expected.setHttpStatusCode(200L);
358 expected.addProblematicFieldName("");
360 FieldsValidator actual = widgetsController.putWidgetCatalogSelection(principal, personalization, response);
362 assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode());
365 private FnUser getQuestUser() {
366 return FnUser.builder()
367 .loginId("questUser")
369 .lastLoginDate(LocalDateTime.now())
371 .createdDate(LocalDateTime.now())
372 .modifiedDate(LocalDateTime.now())
374 .languageId(language)
380 private FnUser getNotQuestUser() {
381 return FnUser.builder()
382 .loginId("notQuestUser")
384 .lastLoginDate(LocalDateTime.now())
386 .createdDate(LocalDateTime.now())
387 .modifiedDate(LocalDateTime.now())
390 .languageId(language)
396 private FnLanguage getFnLanguage() {
397 FnLanguage tmp = FnLanguage.builder().languageName("Polish").languageAlias("Pl").build();
398 fnLanguageService.save(tmp);