*
* ============LICENSE_END============================================
*
- * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ *
*/
package org.onap.portalapp.portal.controller;
import java.io.IOException;
import java.util.ArrayList;
+import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletResponse;
import org.junit.Before;
+import org.junit.Ignore;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.MockitoAnnotations;
-import org.onap.portalapp.portal.controller.DashboardController;
import org.onap.portalapp.portal.core.MockEPUser;
import org.onap.portalapp.portal.domain.EPUser;
import org.onap.portalapp.portal.ecomp.model.PortalRestResponse;
import org.onap.portalapp.portal.ecomp.model.PortalRestStatusEnum;
+import org.onap.portalapp.portal.ecomp.model.SearchResultItem;
import org.onap.portalapp.portal.framework.MockitoTestSuite;
import org.onap.portalapp.portal.service.AdminRolesService;
import org.onap.portalapp.portal.service.AdminRolesServiceImpl;
import org.onap.portalapp.portal.transport.CommonWidgetMeta;
import org.onap.portalapp.portal.utils.EPCommonSystemProperties;
import org.onap.portalapp.util.EPUserUtils;
+import org.onap.portalsdk.core.domain.AuditLog;
import org.onap.portalsdk.core.domain.support.CollaborateList;
+import org.onap.portalsdk.core.service.AuditService;
import org.onap.portalsdk.core.util.SystemProperties;
import org.powermock.api.mockito.PowerMockito;
import org.powermock.core.classloader.annotations.PrepareForTest;
import org.powermock.modules.junit4.PowerMockRunner;
+import org.springframework.beans.factory.annotation.Autowired;
@RunWith(PowerMockRunner.class)
@Mock
DashboardSearchService searchService = new DashboardSearchServiceImpl();
-
+
@InjectMocks
- DashboardController dashboardController = new DashboardController();
+ DashboardController dashboardController;
@Mock
AdminRolesService adminRolesService = new AdminRolesServiceImpl();
+
+ @Autowired
+ AuditService auditService;
+
+
@Before
public void setup() {
MockitoAnnotations.initMocks(this);
commonWidget.setHref("testhref");
commonWidget.setTitle("testTitle");
commonWidget.setContent("testcontent");
- commonWidget.setEventDate("testDate");
+ commonWidget.setEventDate("2017-03-24");
commonWidget.setSortOrder(1);
widgetList.add(commonWidget);
commonWidgetMeta.setItems(widgetList);
PortalRestResponse<CommonWidgetMeta> actualResponse = dashboardController.getWidgetData(mockedRequest, resourceType);
assertEquals(expectedData,actualResponse);
- }
-
+ }
+
+ @Test
+ public void getWidgetDataTestXSS() {
+
+ String resourceType = "“><script>alert(“XSS”)</script>";
+ PortalRestResponse<CommonWidgetMeta> expectedData = new PortalRestResponse<>();
+ expectedData.setStatus(PortalRestStatusEnum.ERROR);
+ expectedData.setMessage("Unexpected resource type “><script>alert(“XSS”)</script>");
+ expectedData.setResponse(null);
+
+ PortalRestResponse<CommonWidgetMeta> actualResponse = dashboardController.getWidgetData(mockedRequest, resourceType);
+ assertEquals(expectedData, actualResponse);
+ }
+
@Test
public void getWidgetDataWithValidResourceTest() throws IOException {
String resourceType = "EVENTS";
PortalRestResponse<String> actualResponse = dashboardController.saveWidgetDataBulk(commonWidgetMeta);
assertEquals(expectedData,actualResponse);
}
+
+ @Test
+ public void saveWidgetDataBulkXSSTest() {
+ CommonWidgetMeta commonWidgetMeta= mockCommonWidgetMeta();
+ commonWidgetMeta.setCategory("<script>alert(‘XSS’)</script>");
+
+ PortalRestResponse<String> expectedData = new PortalRestResponse<>();
+ expectedData.setStatus(PortalRestStatusEnum.ERROR);
+ expectedData.setResponse("ERROR");
+ expectedData.setMessage("Unsafe resource type " + commonWidgetMeta.toString());
+
+ PortalRestResponse<String> actualResponse = dashboardController.saveWidgetDataBulk(commonWidgetMeta);
+ assertEquals(expectedData,actualResponse);
+ }
@Test
public void saveWidgetUnexpectedDataBulkTest() throws IOException {
CommonWidget commonWidget = new CommonWidget("EVENTS", "http://test.com", "testTitle", "testcontent", "2017-07-01", 1);
widgetList.add(commonWidget);
CommonWidgetMeta commonWidgetMeta= new CommonWidgetMeta("EVENTS", widgetList);
-
-
-
- /* commonWidgetMeta.setItems(widgetList);
-
- commonWidgetMeta.setCategory("EVENTS");*/
-
+ commonWidgetMeta.setItems(widgetList);
+ commonWidgetMeta.setCategory("EVENTS");
PortalRestResponse<String> expectedData = new PortalRestResponse<String>();
expectedData.setStatus(PortalRestStatusEnum.OK);
expectedData.setMessage("success");
expectedData.setStatus(PortalRestStatusEnum.ERROR);
expectedData.setMessage("ERROR");
expectedData.setResponse("Category cannot be null or empty");
-
+
Mockito.when(adminRolesService.isSuperAdmin(Matchers.anyObject())).thenReturn(true);
PortalRestResponse<String> actualResponse = dashboardController.saveWidgetData(commonWidget, mockedRequest, mockedResponse);
assertEquals(expectedData,actualResponse);
}
+
+ @Test
+ public void saveWidgetDataXSSTest() {
+
+ CommonWidget commonWidget = mockCommonWidget();
+ commonWidget.setId((long)1);
+ commonWidget.setContent("test");
+ commonWidget.setCategory("<form><a href=\"javascript:\\u0061lert(1)\">X");
+ PortalRestResponse<String> expectedData = new PortalRestResponse<String>();
+ expectedData.setStatus(PortalRestStatusEnum.ERROR);
+ expectedData.setResponse("ERROR");
+ expectedData.setMessage("Unsafe resource type " + commonWidget.toString());
+
+ Mockito.when(adminRolesService.isSuperAdmin(Matchers.anyObject())).thenReturn(true);
+ PortalRestResponse<String> actualResponse = dashboardController.saveWidgetData(commonWidget, mockedRequest, mockedResponse);
+ assertEquals(expectedData,actualResponse);
+
+ }
+
+ @Test
+ public void saveWidgetDataTitleTest() throws IOException {
+ CommonWidget commonWidget = mockCommonWidget();
+ commonWidget.setId((long)1);
+ commonWidget.setContent("test");
+ commonWidget.setTitle("test");
+ commonWidget.setEventDate("2017-05-06");
+ PortalRestResponse<String> expectedData = new PortalRestResponse<String>();
+ expectedData.setStatus(PortalRestStatusEnum.ERROR);
+ expectedData.setMessage("Invalid category: test");
+ expectedData.setResponse(null);
+ Mockito.when(adminRolesService.isSuperAdmin(Matchers.anyObject())).thenReturn(true);
+ PortalRestResponse<String> actualResponse = dashboardController.saveWidgetData(commonWidget, mockedRequest, mockedResponse);
+ assertEquals(expectedData.getMessage(),actualResponse.getMessage());
+ }
@Test
public void saveWidgetDataErrorTest() throws IOException {
- CommonWidget commonWidget = mockCommonWidget();
+ CommonWidget commonWidget = mockCommonWidget();
+ commonWidget.setEventDate("2017-03-05");
PortalRestResponse<String> expectedData = new PortalRestResponse<String>();
expectedData.setStatus(PortalRestStatusEnum.ERROR);
expectedData.setMessage("Invalid category: test");
expectedData.setResponse(null);
Mockito.when(adminRolesService.isSuperAdmin(Matchers.anyObject())).thenReturn(true);
- PortalRestResponse<String> actualResponse = dashboardController.saveWidgetData(commonWidget, mockedRequest, mockedResponse);
+ PortalRestResponse<String> actualResponse = dashboardController.saveWidgetData(commonWidget,mockedRequest, mockedResponse);
assertEquals(expectedData,actualResponse);
}
public void deleteWidgetDataTest() throws IOException {
CommonWidget commonWidget = mockCommonWidget();
-
+ commonWidget.setEventDate("2017-03-25");
PortalRestResponse<String> expectedData = new PortalRestResponse<String>();
expectedData.setStatus(PortalRestStatusEnum.OK);
expectedData.setMessage("success");
assertEquals(expectedData,actualResponse);
}
+
+ @Test
+ public void deleteWidgetDataXSSTest() {
+
+ CommonWidget commonWidget = mockCommonWidget();
+ commonWidget.setCategory("<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}");
+ PortalRestResponse<String> expectedData = new PortalRestResponse<>();
+ expectedData.setStatus(PortalRestStatusEnum.ERROR);
+ expectedData.setMessage("Unsafe resource type " + commonWidget.toString());
+ expectedData.setResponse("ERROR");
+ PortalRestResponse<String> actualResponse = dashboardController.deleteWidgetData(commonWidget);
+ assertEquals(expectedData,actualResponse);
+
+ }
@Test
public void getActiveUsersTest(){
PortalRestResponse<List<String>> actualResponse = dashboardController.activeUsers(mockedRequest);
assertTrue(actualResponse.getStatus().compareTo(PortalRestStatusEnum.ERROR) == 0);
}
+ @Test
+ public void searchPortalTestWhenSearchStringIsNull(){
+ EPUser user = mockUser.mockEPUser();
+ user.setLoginId("test");
+ user.setId(1L);
+ String searchString = null;
+ //user.setLoginId("test");
+ PortalRestResponse<List<String>> expectedData = new PortalRestResponse<List<String>>();
+ expectedData.setStatus(PortalRestStatusEnum.ERROR);
+ expectedData.setMessage("null - check logs.");
+ expectedData.setResponse(Matchers.any());
+
+ PowerMockito.mockStatic(EPUserUtils.class);
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+ PortalRestResponse<Map<String, List<SearchResultItem>>> expectedResult = new PortalRestResponse<Map<String, List<SearchResultItem>>>();
+ expectedResult.setMessage("null - check logs.");
+ expectedResult.setResponse(null);
+ expectedResult.setStatus(PortalRestStatusEnum.ERROR);
+ //Mockito.doNothing().when(auditService).logActivity(auditLog, null);
+
+ //Mockito.when(auditService.logActivity(auditLog, null).;
+ //Mockito.when(searchService.searchResults(user.getLoginId(), searchString )).thenReturn((Map<String, List<SearchResultItem>>) expectedResult);
+ PortalRestResponse<Map<String, List<SearchResultItem>>> actualResponse = dashboardController.searchPortal(mockedRequest, null);
+ assertTrue(actualResponse.getStatus().compareTo(PortalRestStatusEnum.ERROR) == 0);
+ }
+
+ @Test
+ public void searchPortalTest(){
+ EPUser user = null;
+ String searchString = null;
+ //user.setLoginId("test");
+ PortalRestResponse<List<String>> expectedData = new PortalRestResponse<List<String>>();
+ expectedData.setStatus(PortalRestStatusEnum.ERROR);
+ expectedData.setMessage("null - check logs.");
+ expectedData.setResponse(Matchers.any());
+
+ PowerMockito.mockStatic(EPUserUtils.class);
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+ PortalRestResponse<Map<String, List<SearchResultItem>>> expectedResult = new PortalRestResponse<Map<String, List<SearchResultItem>>>();
+ expectedResult.setMessage("null - check logs.");
+ expectedResult.setResponse(null);
+ expectedResult.setStatus(PortalRestStatusEnum.ERROR);
+ //Mockito.doNothing().when(auditService).logActivity(auditLog, null);
+
+ //Mockito.when(auditService.logActivity(auditLog, null).;
+ //Mockito.when(searchService.searchResults(user.getLoginId(), searchString )).thenReturn((Map<String, List<SearchResultItem>>) expectedResult);
+ PortalRestResponse<Map<String, List<SearchResultItem>>> actualResponse = dashboardController.searchPortal(mockedRequest, null);
+ assertTrue(actualResponse.getStatus().compareTo(PortalRestStatusEnum.ERROR) == 0);
+ }
+
+ @Test
+ public void searchPortalXSSTest(){
+ EPUser user = null;
+ String searchString = "\n"
+ + "<form><textarea onkeyup='\\u0061\\u006C\\u0065\\u0072\\u0074(1)'>";
+ PowerMockito.mockStatic(EPUserUtils.class);
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+ PortalRestResponse<Map<String, List<SearchResultItem>>> expectedResult = new PortalRestResponse<>();
+ expectedResult.setMessage("searchPortal: String string is not safe");
+ expectedResult.setResponse(new HashMap<>());
+ expectedResult.setStatus(PortalRestStatusEnum.ERROR);
+
+ PortalRestResponse<Map<String, List<SearchResultItem>>> actualResponse = dashboardController.searchPortal(mockedRequest, searchString);
+ assertEquals(expectedResult, actualResponse);
+ }
+
+ @Test
+ public void searchPortalTestWithException(){
+ EPUser user = mockUser.mockEPUser();
+ user.setLoginId("test");
+ user.setId(1L);
+
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+ String searchString = "test";
+ List<SearchResultItem> searchResultItemList = new ArrayList<SearchResultItem>();
+ SearchResultItem searchResultItem = new SearchResultItem();
+
+ searchResultItem.setId((long) 1);
+ searchResultItem.setCategory("test");
+ searchResultItem.setName("test_name");
+ searchResultItem.setTarget("test_target");
+ searchResultItem.setUuid("test_UUId");
+ searchResultItemList.add(searchResultItem);
+ Map<String, List<SearchResultItem>> expectedResultMap = new HashMap<String, List<SearchResultItem>>();
+ expectedResultMap.put(searchString, searchResultItemList);
+
+ AuditLog auditLog = new AuditLog();
+ auditLog.setUserId(1L);
+ auditLog.setActivityCode("test");
+ auditLog.setComments("test");
+ PortalRestResponse<Map<String, List<SearchResultItem>>> expectedResult = new PortalRestResponse<Map<String, List<SearchResultItem>>>();
+ expectedResult.setMessage("null - check logs.");
+ expectedResult.setResponse(null);
+ expectedResult.setStatus(PortalRestStatusEnum.ERROR);
+ //Mockito.doNothing().when(auditService).logActivity(auditLog, null);
+
+ //Mockito.when(auditService.logActivity(auditLog, null).;
+ Mockito.when(searchService.searchResults(user.getLoginId(), searchString)).thenReturn(expectedResultMap);
+ PortalRestResponse<Map<String, List<SearchResultItem>>> actualResult = dashboardController.searchPortal(mockedRequest, searchString);
+
+ assertTrue(expectedResult.getStatus().compareTo(PortalRestStatusEnum.ERROR) == 0);
+
+ }
+
+ @Test
+ public void searchPortalUserNullTest(){
+ EPUser user = null;
+ PortalRestResponse<Map<String, List<SearchResultItem>>> expectedData = new PortalRestResponse<Map<String, List<SearchResultItem>>>();
+ expectedData.setMessage("searchPortal: User object is null? - check logs");
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+ PortalRestResponse<Map<String, List<SearchResultItem>>> actualData = dashboardController.searchPortal(mockedRequest, null);
+ assertEquals(actualData.getMessage(), expectedData.getMessage());
+ }
+
+ @Test
+ public void searchPortalsearchStringNullTest(){
+ EPUser user = mockUser.mockEPUser();
+ String searchString = null;
+ PortalRestResponse<Map<String, List<SearchResultItem>>> expectedData = new PortalRestResponse<Map<String, List<SearchResultItem>>>();
+ expectedData.setMessage("searchPortal: String string is null");
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+ PortalRestResponse<Map<String, List<SearchResultItem>>> actualData = dashboardController.searchPortal(mockedRequest, searchString);
+ assertEquals(actualData.getMessage(), expectedData.getMessage());
+ }
+ @Ignore
+ @Test
+ public void searchPortalsearchStringTest(){
+ EPUser user = mockUser.mockEPUser();
+ String searchString = "test";
+ PortalRestResponse<Map<String, List<SearchResultItem>>> expectedData = new PortalRestResponse<Map<String, List<SearchResultItem>>>();
+ expectedData.setMessage("success");
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+ Mockito.doNothing().when(auditService).logActivity(null, null);
+ PortalRestResponse<Map<String, List<SearchResultItem>>> actualData = dashboardController.searchPortal(mockedRequest, searchString);
+ assertEquals(actualData.getMessage(), expectedData.getMessage());
+ }
+ //@Ignore
+ @Test
+ public void searchPortalsearchStringExceptionTest(){
+ EPUser user = mockUser.mockEPUser();
+ String searchString = "test";
+ PortalRestResponse<Map<String, List<SearchResultItem>>> expectedData = new PortalRestResponse<Map<String, List<SearchResultItem>>>();
+ expectedData.setMessage("searchPortal: String string is null");
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+ Mockito.when(dashboardController.searchPortal(mockedRequest, searchString)).thenThrow(nullPointerException);
+ }
+
+
}
Code Review / portal.git / blobdiff