* ============LICENSE_START==========================================
* ONAP Portal
* ===================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
* ===================================================================
*
* Unless otherwise specified, all software contained herein is licensed
List<EPUser> mockEPUserList = new ArrayList<>();
mockEPUserList.add(user);
- // test with SQL injection, should return false
Mockito.when(session.createQuery("from :name where orgUserId=:userId")).thenReturn(epUserQuery);
Mockito.when(epUserQuery.setParameter("name",EPUser.class.getName())).thenReturn(epUserQuery);
Mockito.when(epUserQuery.setParameter("userId",user.getOrgUserId() + "; select * from " + EPUser.class.getName() +";")).thenReturn(epUserQuery);
- boolean ret = userRolesCommonServiceImpl.createLocalUserIfNecessary(user.getOrgUserId());
- assertFalse(ret);
+ userRolesCommonServiceImpl.createLocalUserIfNecessary(user.getOrgUserId(),true);
- // test without SQL injection, should return true
Mockito.when(session.createQuery("from :name where orgUserId=:userId")).thenReturn(epUserQuery);
Mockito.when(epUserQuery.setParameter("name",EPUser.class.getName())).thenReturn(epUserQuery);
Mockito.when(epUserQuery.setParameter("userId",user.getOrgUserId())).thenReturn(epUserQuery);
- ret = userRolesCommonServiceImpl.createLocalUserIfNecessary(user.getOrgUserId());
- assertTrue(ret);
+ userRolesCommonServiceImpl.createLocalUserIfNecessary(user.getOrgUserId(),true);
}
@SuppressWarnings("unchecked")
Mockito.when(applicationsRestClientService.get(EcompRole[].class, mockApp.getId(), "/roles"))
.thenReturn(mockEcompRoleArray);
// syncAppRolesTest
- Mockito.when(session.createQuery("from " + EPRole.class.getName() + " where appId=" + mockApp.getId()))
+
+ Mockito.when(session.createQuery("from :name where appId = :appId"))
.thenReturn(epRoleQuery);
+
+ Mockito.when(epRoleQuery.setParameter("name",EPRole.class.getName())).thenReturn(epRoleQuery);
+ Mockito.when(epRoleQuery.setParameter("appId",mockApp.getId())).thenReturn(epRoleQuery);
+
Mockito.doReturn(mockEPRoleList).when(epRoleQuery).list();
Mockito.when(session.createQuery(
"from " + EPUserApp.class.getName() + " where app.id=" + mockApp.getId() + " and role_id=" + 15l))
EPUserAppRolesRequest mockEpAppRolesRequestData = new EPUserAppRolesRequest();
Mockito.doNothing().when(dataAccessService).saveDomainObject(mockEpAppRolesRequestData, null);
final Map<String, Long> params = new HashMap<>();
- params.put("appId", appWithRolesForUser.appId);
+ params.put("appId", appWithRolesForUser.getAppId());
params.put("appRoleId", roleInAppForUser.roleId);
Mockito.when((List<EPUserAppRoles>) dataAccessService.executeNamedQuery("appRoles", params, null))
.thenReturn(epUserAppRolesList);