import org.onap.portalapp.portal.domain.EPApp;
import org.onap.portalapp.portal.domain.EPRole;
import org.onap.portalapp.portal.domain.EPUser;
+import org.onap.portalapp.portal.domain.EpAppType;
import org.onap.portalapp.portal.framework.MockitoTestSuite;
import org.onap.portalapp.portal.service.AdminRolesService;
import org.onap.portalapp.portal.service.AdminRolesServiceImpl;
app.setName("Test");
app.setImageUrl("test");
app.setNameSpace("com.test.app");
- app.setCentralAuth(true);
- app.setDescription("test");
- app.setNotes("test");
- app.setUrl("test");
+ app.setRolesInAAF(true);
+ app.setAppDescription("test");
+ app.setAppNotes("test");
+ app.setLandingPage("test");
app.setId((long) 10);
app.setAppRestEndpoint("test");
- app.setAlternateUrl("test");
+ app.setAlternateLandingPage("test");
app.setName("test");
app.setMlAppName("test");
app.setMlAppAdminId("test");
- app.setUsername("test");
- app.setAppPassword("test");
+ app.setAppBasicAuthUsername("test");
+ app.setAppBasicAuthPassword("test");
app.setOpen(false);
app.setEnabled(true);
app.setUebKey("test");
app.setUebSecret("test");
app.setUebTopicName("test");
- app.setAppType(1);
+ app.setAppType(EpAppType.GUI);
return app;
}
assertEquals(543L, createdNofification.getRoleIds().get(0).longValue());
}
+ @Test
+ public void publishNotificationXSSTest() throws Exception {
+ // input
+ EpNotificationItem notificationItem = new EpNotificationItem();
+ List<Long> roleList = new ArrayList<Long>();
+ Long role1 = 1L;
+ roleList.add(role1);
+ notificationItem.setRoleIds(roleList);
+ notificationItem.setPriority(1L);
+ notificationItem.setMsgHeader("<script>alert(‘XSS’)</script>");
+ notificationItem.setMsgDescription("Test Description");
+ Date currentDate = new Date();
+ Calendar c = Calendar.getInstance();
+ c.setTime(currentDate);
+ c.add(Calendar.DATE, 1);
+ Date currentDatePlusOne = c.getTime();
+ notificationItem.setStartTime(currentDate);
+ notificationItem.setEndTime(currentDatePlusOne);
+
+ // mock calls
+ Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn("RxH3983AHiyBOQmj");
+ Map<String, String> params = new HashMap<>();
+ params.put("appKey", "RxH3983AHiyBOQmj");
+ List<EPApp> apps = new ArrayList<>();
+ EPApp app = new EPApp();
+ app.setId(123L);
+ apps.add(app);
+ Mockito.when(DataAccessService.executeNamedQuery("getMyAppDetailsByUebKey", params, null)).thenReturn(apps);
+ EPRole role = new EPRole();
+ role.setId(543L);
+ Mockito.when(epRoleService.getRole(123L, 1L)).thenReturn(role);
+
+ // run
+ Mockito.when(userNotificationService.saveNotification(notificationItem)).thenReturn("Test");
+ PortalAPIResponse response = externalAppsRestfulController.publishNotification(mockedRequest, notificationItem);
+ // verify answer
+ assertNotNull(response);
+ assertEquals("error", response.getStatus());
+ assertEquals("failed", response.getMessage());
+ }
+
@Test
public void publishNotificationTest_EmptyAppHeader() throws Exception {
// input
Code Review / portal.git / blobdiff