* ===================================================================
* Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
* ===================================================================
+ * Modifications Copyright (c) 2019 Samsung
+ * ===================================================================
*
* Unless otherwise specified, all software contained herein is licensed
* under the Apache License, Version 2.0 (the "License");
import org.onap.portalapp.portal.domain.EPUser;
import org.onap.portalapp.portal.ecomp.model.PortalRestResponse;
import org.onap.portalapp.portal.ecomp.model.PortalRestStatusEnum;
+import org.onap.portalapp.portal.ecomp.model.UploadRoleFunctionExtSystem;
import org.onap.portalapp.portal.framework.MockitoTestSuite;
import org.onap.portalapp.portal.service.AdminRolesService;
import org.onap.portalapp.portal.service.EPAppService;
NullPointerException nullPointerException = new NullPointerException();
MockEPUser mockUser = new MockEPUser();
+ private DelegatingServletInputStream dsi;
+
@Test
public void removeRoleRoleFunctionTest() throws Exception {
assertEquals(expected, actual);
}
+ @Test
+ public void saveRoleFunctionXSSTest() throws Exception {
+ PowerMockito.mockStatic(EPUserUtils.class);
+ PowerMockito.mockStatic(EcompPortalUtils.class);
+ EPUser user = mockUser.mockEPUser();
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+ Mockito.when(EcompPortalUtils.checkIfRemoteCentralAccessAllowed()).thenReturn(true);
+ Mockito.when(adminRolesService.isAccountAdminOfApplication(user, CentralApp())).thenReturn(true);
+ Mockito.when(appService.getApp((long) 1)).thenReturn(CentralApp());
+ Mockito.doNothing().when(roleFunctionListController).saveRoleFunction(mockedRequest, mockedResponse, "test");
+ CentralV2RoleFunction addNewFunc = new CentralV2RoleFunction();
+ addNewFunc.setCode("“><script>alert(“XSS”)</script>");
+ addNewFunc.setType("Test");
+ addNewFunc.setAction("Test");
+ addNewFunc.setName("Test");
+ CentralV2RoleFunction roleFunction = mockCentralRoleFunction();
+ roleFunction.setCode("Test|Test|Test");
+ Mockito.when(externalAccessRolesService.getRoleFunction("Test|Test|Test", "test")).thenReturn(roleFunction);
+ Mockito.when(externalAccessRolesService.saveCentralRoleFunction(Matchers.anyObject(), Matchers.anyObject()))
+ .thenReturn(true);
+ Mockito.when(EcompPortalUtils.getFunctionCode(roleFunction.getCode())).thenReturn("Test");
+ Mockito.when(EcompPortalUtils.getFunctionType(roleFunction.getCode())).thenReturn("Test");
+ Mockito.when(EcompPortalUtils.getFunctionAction(roleFunction.getCode())).thenReturn("Test");
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+ List<EPUser> userList = new ArrayList<>();
+ userList.add(user);
+ List<EPApp> appList = new ArrayList<>();
+ appList.add(CentralApp());
+ Mockito.when(externalAccessRolesService.getUser("guestT")).thenReturn(userList);
+ StringWriter sw = new StringWriter();
+ PrintWriter writer = new PrintWriter(sw);
+ Mockito.when(mockedResponse.getWriter()).thenReturn(writer);
+ ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.OK);
+ Mockito.when(externalAccessRolesService.getNameSpaceIfExists(Matchers.anyObject())).thenReturn(response);
+ Mockito.when(externalAccessRolesService.getApp(Matchers.anyString())).thenReturn(appList);
+ PortalRestResponse<String> actual = roleManageController.saveRoleFunction(mockedRequest, mockedResponse,
+ addNewFunc, (long) 1);
+ PortalRestResponse<String> expected = new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
+ "Data is not valid", "ERROR");
+ assertEquals(expected, actual);
+ }
+
@Test
public void saveRoleFunctionExceptionTest() throws Exception {
Mockito.when(appService.getApp((long) 1)).thenReturn(CentralApp());
assertEquals(expected, actual);
}
+ @Test
+ public void removeRoleFunctionXSSTest() throws Exception {
+ PowerMockito.mockStatic(EPUserUtils.class);
+ PowerMockito.mockStatic(EcompPortalUtils.class);
+ EPUser user = mockUser.mockEPUser();
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+ Mockito.when(EcompPortalUtils.checkIfRemoteCentralAccessAllowed()).thenReturn(true);
+ Mockito.when(adminRolesService.isAccountAdminOfApplication(user, CentralApp())).thenReturn(true);
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+ Mockito.when(appService.getApp((long) 1)).thenReturn(CentralApp());
+ String roleFun = "<script>alert(/XSS”)</script>";
+ CentralV2RoleFunction roleFunction = mockCentralRoleFunction();
+ Mockito.when(externalAccessRolesService.getRoleFunction("Test|Test|Test", "test")).thenReturn(roleFunction);
+ StringWriter sw = new StringWriter();
+ PrintWriter writer = new PrintWriter(sw);
+ Mockito.when(mockedResponse.getWriter()).thenReturn(writer);
+ Mockito.when(externalAccessRolesService.deleteCentralRoleFunction(Matchers.anyString(), Matchers.anyObject()))
+ .thenReturn(true);
+ List<EPApp> appList = new ArrayList<>();
+ appList.add(CentralApp());
+ ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.OK);
+ Mockito.when(externalAccessRolesService.getNameSpaceIfExists(Matchers.anyObject())).thenReturn(response);
+ Mockito.when(externalAccessRolesService.getApp(Matchers.anyString())).thenReturn(appList);
+ PortalRestResponse<String> actual = roleManageController.removeRoleFunction(mockedRequest, mockedResponse,
+ roleFun, (long) 1);
+ PortalRestResponse<String> expected = new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
+ "Data is not valid", "ERROR");
+ assertEquals(expected, actual);
+ }
+
@Test
public void removeRoleFunctionExceptionTest() throws Exception {
EPUser user = mockUser.mockEPUser();
@Test
public void syncRolesException() throws Exception {
+ EPUser user = mockUser.mockEPUser();
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+ Mockito.when(adminRolesService.isAccountAdminOfApplication(user, null)).thenReturn(true);
Mockito.when(appService.getAppDetailByAppName("test")).thenThrow(nullPointerException);
PortalRestResponse<String> actual = roleManageController.syncRoles(mockedRequest, mockedResponse, 1l);
PortalRestResponse<String> portalRestResponse = new PortalRestResponse<>();
assertEquals(portalRestResponse, actual);
}
+ @Test
+ public void syncRolesUserNullException() throws Exception {
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(null);
+ Mockito.when(appService.getAppDetailByAppName("test")).thenThrow(nullPointerException);
+ PortalRestResponse<String> actual = roleManageController.syncRoles(mockedRequest, mockedResponse, 1l);
+ PortalRestResponse<String> portalRestResponse = new PortalRestResponse<>();
+ portalRestResponse.setMessage("Unauthorized User");
+ portalRestResponse.setResponse("Failure");
+ portalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+ assertEquals(portalRestResponse, actual);
+ }
+
@Test
public void syncRolesFunctionsTest() throws Exception {
PowerMockito.mockStatic(EPUserUtils.class);
@Test
public void syncRolesFunctionsException() throws Exception {
- Mockito.when(appService.getAppDetailByAppName("test")).thenThrow(nullPointerException);
+ EPUser user = mockUser.mockEPUser();
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+ Mockito.when(adminRolesService.isAccountAdminOfApplication(user, null)).thenReturn(true);
+ Mockito.when(appService.getAppDetailByAppName("test")).thenThrow(nullPointerException);
PortalRestResponse<String> actual = roleManageController.syncFunctions(mockedRequest, mockedResponse, 1l);
PortalRestResponse<String> portalRestResponse = new PortalRestResponse<>();
portalRestResponse.setMessage(null);
assertEquals(portalRestResponse, actual);
}
+ @Test
+ public void syncRolesFunctionsUserNullException() throws Exception {
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(null);
+ Mockito.when(appService.getAppDetailByAppName("test")).thenThrow(nullPointerException);
+ PortalRestResponse<String> actual = roleManageController.syncFunctions(mockedRequest, mockedResponse, 1l);
+ PortalRestResponse<String> portalRestResponse = new PortalRestResponse<>();
+ portalRestResponse.setMessage("Unauthorized User");
+ portalRestResponse.setResponse("Failure");
+ portalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+ assertEquals(portalRestResponse, actual);
+ }
+
@Test
public void addChildRoleTest() throws Exception {
ModelAndView modelandView = new ModelAndView("login.htm");
roleJson2.put("roleFunctions", roleFunctions);
ObjectMapper mapper = new ObjectMapper();
JsonNode actualObj = mapper.readTree(roleJson2.toString());
- Mockito.when(mockedRequest.getInputStream()).thenReturn(new DelegatingServletInputStream(
- new ByteArrayInputStream(actualObj.toString().getBytes(StandardCharsets.UTF_8))));
+ dsi = new DelegatingServletInputStream(
+ new ByteArrayInputStream(actualObj.toString().getBytes(StandardCharsets.UTF_8)));
+ Mockito.when(mockedRequest.getInputStream()).thenReturn(dsi);
Mockito.when(mockedRequest.getReader()).thenReturn(new BufferedReader(new StringReader(actualObj.toString())));
Mockito.when(mockedRequest.getContentType()).thenReturn("application/json");
Mockito.when(mockedRequest.getCharacterEncoding()).thenReturn("UTF-8");
roleJson2.put("roleFunctions", roleFunctions);
ObjectMapper mapper = new ObjectMapper();
JsonNode actualObj = mapper.readTree(roleJson2.toString());
- Mockito.when(mockedRequest.getInputStream()).thenReturn(new DelegatingServletInputStream(
- new ByteArrayInputStream(actualObj.toString().getBytes(StandardCharsets.UTF_8))));
+ dsi = new DelegatingServletInputStream(
+ new ByteArrayInputStream(actualObj.toString().getBytes(StandardCharsets.UTF_8)));
+ Mockito.when(mockedRequest.getInputStream()).thenReturn(dsi);
Mockito.when(mockedRequest.getReader()).thenReturn(new BufferedReader(new StringReader(actualObj.toString())));
Mockito.when(mockedRequest.getContentType()).thenReturn("application/json");
Mockito.when(mockedRequest.getCharacterEncoding()).thenReturn("UTF-8");
roleJson2.put("roleFunctions", roleFunctions);
ObjectMapper mapper = new ObjectMapper();
JsonNode actualObj = mapper.readTree(roleJson2.toString());
- Mockito.when(mockedRequest.getInputStream()).thenReturn(new DelegatingServletInputStream(
- new ByteArrayInputStream(actualObj.toString().getBytes(StandardCharsets.UTF_8))));
+ dsi = new DelegatingServletInputStream(
+ new ByteArrayInputStream(actualObj.toString().getBytes(StandardCharsets.UTF_8)));
+ Mockito.when(mockedRequest.getInputStream()).thenReturn(dsi);
Mockito.when(mockedRequest.getReader()).thenReturn(new BufferedReader(new StringReader(actualObj.toString())));
Mockito.when(mockedRequest.getContentType()).thenReturn("application/json");
Mockito.when(mockedRequest.getCharacterEncoding()).thenReturn("UTF-8");
List<CentralizedApp> actual = roleManageController.getCentralizedAppRoles(mockedRequest, mockedResponse, user.getOrgUserId());
assertEquals(cenApps.size(), actual.size());
}
+
+ @Test
+ public void getCentralizedAppRolesXSSTest() throws IOException {
+ String id = ("<ScRipT>alert(\"XSS\");</ScRipT>");
+ List<CentralizedApp> actual = roleManageController.getCentralizedAppRoles(mockedRequest, mockedResponse, id);
+ assertNull(actual);
+ }
@Test
public void getCentralizedAppRolesExceptionTest() throws IOException {
List<CentralizedApp> actual = roleManageController.getCentralizedAppRoles(mockedRequest, mockedResponse, user.getOrgUserId());
assertNull(actual);
}
+
+ @Test
+ public void bulkUploadRoleFuncUserNullTest() {
+ UploadRoleFunctionExtSystem data = Mockito.mock(UploadRoleFunctionExtSystem.class);
+ Mockito.when(appService.getApp(127L)).thenReturn(null);
+ PortalRestResponse<String> response = roleManageController.bulkUploadRoleFunc(mockedRequest, mockedResponse, data, 127L);
+ assertEquals(PortalRestStatusEnum.ERROR, response.getStatus());
+ assertEquals("Unauthorized User", response.getMessage());
+ assertEquals("Failure", response.getResponse());
+ }
public CentralV2RoleFunction mockCentralRoleFunction() {
CentralV2RoleFunction roleFunction = new CentralV2RoleFunction();