Code Review / portal.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Merge "Sonar: Reduce cyclomatic complexity"
[portal.git] / ecomp-portal-BE-common / src / test / java / org / onap / portalapp / portal / controller / RoleManageControllerTest.java
diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/RoleManageControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/RoleManageControllerTest.java
index d7f64c1..9673cb2 100644 (file)
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/RoleManageControllerTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/RoleManageControllerTest.java
@@ -4,6 +4,8 @@
  * ===================================================================
  * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
  * ===================================================================
+ * Modifications Copyright (c) 2019 Samsung
+ * ===================================================================
  *
  * Unless otherwise specified, all software contained herein is licensed
  * under the Apache License, Version 2.0 (the "License");
@@ -33,7 +35,7 @@
  *
  * ============LICENSE_END============================================
  *
- * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * 
  */
 package org.onap.portalapp.portal.controller;
 
@@ -76,6 +78,7 @@ import org.onap.portalapp.portal.domain.EPApp;
 import org.onap.portalapp.portal.domain.EPUser;
 import org.onap.portalapp.portal.ecomp.model.PortalRestResponse;
 import org.onap.portalapp.portal.ecomp.model.PortalRestStatusEnum;
+import org.onap.portalapp.portal.ecomp.model.UploadRoleFunctionExtSystem;
 import org.onap.portalapp.portal.framework.MockitoTestSuite;
 import org.onap.portalapp.portal.service.AdminRolesService;
 import org.onap.portalapp.portal.service.EPAppService;
@@ -142,6 +145,8 @@ public class RoleManageControllerTest {
        NullPointerException nullPointerException = new NullPointerException();
        MockEPUser mockUser = new MockEPUser();
 
+       private DelegatingServletInputStream dsi;
+
        @Test
        public void removeRoleRoleFunctionTest() throws Exception {
 
@@ -365,6 +370,48 @@ public class RoleManageControllerTest {
                assertEquals(expected, actual);
        }
 
+       @Test
+       public void saveRoleFunctionXSSTest() throws Exception {
+               PowerMockito.mockStatic(EPUserUtils.class);
+               PowerMockito.mockStatic(EcompPortalUtils.class);
+               EPUser user = mockUser.mockEPUser();
+               Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+               Mockito.when(EcompPortalUtils.checkIfRemoteCentralAccessAllowed()).thenReturn(true);
+               Mockito.when(adminRolesService.isAccountAdminOfApplication(user, CentralApp())).thenReturn(true);
+               Mockito.when(appService.getApp((long) 1)).thenReturn(CentralApp());
+               Mockito.doNothing().when(roleFunctionListController).saveRoleFunction(mockedRequest, mockedResponse, "test");
+               CentralV2RoleFunction addNewFunc = new CentralV2RoleFunction();
+               addNewFunc.setCode("“><script>alert(“XSS”)</script>");
+               addNewFunc.setType("Test");
+               addNewFunc.setAction("Test");
+               addNewFunc.setName("Test");
+               CentralV2RoleFunction roleFunction = mockCentralRoleFunction();
+               roleFunction.setCode("Test|Test|Test");
+               Mockito.when(externalAccessRolesService.getRoleFunction("Test|Test|Test", "test")).thenReturn(roleFunction);
+               Mockito.when(externalAccessRolesService.saveCentralRoleFunction(Matchers.anyObject(), Matchers.anyObject()))
+                       .thenReturn(true);
+               Mockito.when(EcompPortalUtils.getFunctionCode(roleFunction.getCode())).thenReturn("Test");
+               Mockito.when(EcompPortalUtils.getFunctionType(roleFunction.getCode())).thenReturn("Test");
+               Mockito.when(EcompPortalUtils.getFunctionAction(roleFunction.getCode())).thenReturn("Test");
+               Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+               List<EPUser> userList = new ArrayList<>();
+               userList.add(user);
+               List<EPApp> appList = new ArrayList<>();
+               appList.add(CentralApp());
+               Mockito.when(externalAccessRolesService.getUser("guestT")).thenReturn(userList);
+               StringWriter sw = new StringWriter();
+               PrintWriter writer = new PrintWriter(sw);
+               Mockito.when(mockedResponse.getWriter()).thenReturn(writer);
+               ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.OK);
+               Mockito.when(externalAccessRolesService.getNameSpaceIfExists(Matchers.anyObject())).thenReturn(response);
+               Mockito.when(externalAccessRolesService.getApp(Matchers.anyString())).thenReturn(appList);
+               PortalRestResponse<String> actual = roleManageController.saveRoleFunction(mockedRequest, mockedResponse,
+                       addNewFunc, (long) 1);
+               PortalRestResponse<String> expected = new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
+                       "Data is not valid", "ERROR");
+               assertEquals(expected, actual);
+       }
+
        @Test
        public void saveRoleFunctionExceptionTest() throws Exception {
                Mockito.when(appService.getApp((long) 1)).thenReturn(CentralApp());
@@ -415,6 +462,36 @@ public class RoleManageControllerTest {
                assertEquals(expected, actual);
        }
 
+       @Test
+       public void removeRoleFunctionXSSTest() throws Exception {
+               PowerMockito.mockStatic(EPUserUtils.class);
+               PowerMockito.mockStatic(EcompPortalUtils.class);
+               EPUser user = mockUser.mockEPUser();
+               Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+               Mockito.when(EcompPortalUtils.checkIfRemoteCentralAccessAllowed()).thenReturn(true);
+               Mockito.when(adminRolesService.isAccountAdminOfApplication(user, CentralApp())).thenReturn(true);
+               Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+               Mockito.when(appService.getApp((long) 1)).thenReturn(CentralApp());
+               String roleFun = "<script>alert(/XSS”)</script>";
+               CentralV2RoleFunction roleFunction = mockCentralRoleFunction();
+               Mockito.when(externalAccessRolesService.getRoleFunction("Test|Test|Test", "test")).thenReturn(roleFunction);
+               StringWriter sw = new StringWriter();
+               PrintWriter writer = new PrintWriter(sw);
+               Mockito.when(mockedResponse.getWriter()).thenReturn(writer);
+               Mockito.when(externalAccessRolesService.deleteCentralRoleFunction(Matchers.anyString(), Matchers.anyObject()))
+                       .thenReturn(true);
+               List<EPApp> appList = new ArrayList<>();
+               appList.add(CentralApp());
+               ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.OK);
+               Mockito.when(externalAccessRolesService.getNameSpaceIfExists(Matchers.anyObject())).thenReturn(response);
+               Mockito.when(externalAccessRolesService.getApp(Matchers.anyString())).thenReturn(appList);
+               PortalRestResponse<String> actual = roleManageController.removeRoleFunction(mockedRequest, mockedResponse,
+                       roleFun, (long) 1);
+               PortalRestResponse<String> expected = new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
+                       "Data is not valid", "ERROR");
+               assertEquals(expected, actual);
+       }
+
        @Test
        public void removeRoleFunctionExceptionTest() throws Exception {
                EPUser user = mockUser.mockEPUser();
@@ -472,6 +549,9 @@ public class RoleManageControllerTest {
 
        @Test
        public void syncRolesException() throws Exception {
+      EPUser user = mockUser.mockEPUser();
+      Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+      Mockito.when(adminRolesService.isAccountAdminOfApplication(user, null)).thenReturn(true);
                Mockito.when(appService.getAppDetailByAppName("test")).thenThrow(nullPointerException);
                PortalRestResponse<String> actual = roleManageController.syncRoles(mockedRequest, mockedResponse, 1l);
                PortalRestResponse<String> portalRestResponse = new PortalRestResponse<>();
@@ -481,6 +561,18 @@ public class RoleManageControllerTest {
                assertEquals(portalRestResponse, actual);
        }
 
+    @Test
+    public void syncRolesUserNullException() throws Exception {
+        Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(null);
+        Mockito.when(appService.getAppDetailByAppName("test")).thenThrow(nullPointerException);
+        PortalRestResponse<String> actual = roleManageController.syncRoles(mockedRequest, mockedResponse, 1l);
+        PortalRestResponse<String> portalRestResponse = new PortalRestResponse<>();
+        portalRestResponse.setMessage("Unauthorized User");
+        portalRestResponse.setResponse("Failure");
+        portalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+        assertEquals(portalRestResponse, actual);
+    }
+
        @Test
        public void syncRolesFunctionsTest() throws Exception {
                PowerMockito.mockStatic(EPUserUtils.class);
@@ -508,7 +600,10 @@ public class RoleManageControllerTest {
 
        @Test
        public void syncRolesFunctionsException() throws Exception {
-               Mockito.when(appService.getAppDetailByAppName("test")).thenThrow(nullPointerException);
+      EPUser user = mockUser.mockEPUser();
+      Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+      Mockito.when(adminRolesService.isAccountAdminOfApplication(user, null)).thenReturn(true);
+      Mockito.when(appService.getAppDetailByAppName("test")).thenThrow(nullPointerException);
                PortalRestResponse<String> actual = roleManageController.syncFunctions(mockedRequest, mockedResponse, 1l);
                PortalRestResponse<String> portalRestResponse = new PortalRestResponse<>();
                portalRestResponse.setMessage(null);
@@ -517,6 +612,18 @@ public class RoleManageControllerTest {
                assertEquals(portalRestResponse, actual);
        }
 
+    @Test
+    public void syncRolesFunctionsUserNullException() throws Exception {
+        Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(null);
+        Mockito.when(appService.getAppDetailByAppName("test")).thenThrow(nullPointerException);
+        PortalRestResponse<String> actual = roleManageController.syncFunctions(mockedRequest, mockedResponse, 1l);
+        PortalRestResponse<String> portalRestResponse = new PortalRestResponse<>();
+        portalRestResponse.setMessage("Unauthorized User");
+        portalRestResponse.setResponse("Failure");
+        portalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+        assertEquals(portalRestResponse, actual);
+    }
+
        @Test
        public void addChildRoleTest() throws Exception {
                ModelAndView modelandView = new ModelAndView("login.htm");
@@ -595,8 +702,9 @@ public class RoleManageControllerTest {
                roleJson2.put("roleFunctions", roleFunctions);
                ObjectMapper mapper = new ObjectMapper();
                JsonNode actualObj = mapper.readTree(roleJson2.toString());
-               Mockito.when(mockedRequest.getInputStream()).thenReturn(new DelegatingServletInputStream(
-                               new ByteArrayInputStream(actualObj.toString().getBytes(StandardCharsets.UTF_8))));
+               dsi = new DelegatingServletInputStream(
+                               new ByteArrayInputStream(actualObj.toString().getBytes(StandardCharsets.UTF_8)));
+               Mockito.when(mockedRequest.getInputStream()).thenReturn(dsi);
                Mockito.when(mockedRequest.getReader()).thenReturn(new BufferedReader(new StringReader(actualObj.toString())));
                Mockito.when(mockedRequest.getContentType()).thenReturn("application/json");
                Mockito.when(mockedRequest.getCharacterEncoding()).thenReturn("UTF-8");
@@ -647,8 +755,9 @@ public class RoleManageControllerTest {
                roleJson2.put("roleFunctions", roleFunctions);
                ObjectMapper mapper = new ObjectMapper();
                JsonNode actualObj = mapper.readTree(roleJson2.toString());
-               Mockito.when(mockedRequest.getInputStream()).thenReturn(new DelegatingServletInputStream(
-                               new ByteArrayInputStream(actualObj.toString().getBytes(StandardCharsets.UTF_8))));
+               dsi = new DelegatingServletInputStream(
+                               new ByteArrayInputStream(actualObj.toString().getBytes(StandardCharsets.UTF_8)));
+               Mockito.when(mockedRequest.getInputStream()).thenReturn(dsi);
                Mockito.when(mockedRequest.getReader()).thenReturn(new BufferedReader(new StringReader(actualObj.toString())));
                Mockito.when(mockedRequest.getContentType()).thenReturn("application/json");
                Mockito.when(mockedRequest.getCharacterEncoding()).thenReturn("UTF-8");
@@ -701,8 +810,9 @@ public class RoleManageControllerTest {
                roleJson2.put("roleFunctions", roleFunctions);
                ObjectMapper mapper = new ObjectMapper();
                JsonNode actualObj = mapper.readTree(roleJson2.toString());
-               Mockito.when(mockedRequest.getInputStream()).thenReturn(new DelegatingServletInputStream(
-                               new ByteArrayInputStream(actualObj.toString().getBytes(StandardCharsets.UTF_8))));
+               dsi = new DelegatingServletInputStream(
+                               new ByteArrayInputStream(actualObj.toString().getBytes(StandardCharsets.UTF_8)));
+               Mockito.when(mockedRequest.getInputStream()).thenReturn(dsi);
                Mockito.when(mockedRequest.getReader()).thenReturn(new BufferedReader(new StringReader(actualObj.toString())));
                Mockito.when(mockedRequest.getContentType()).thenReturn("application/json");
                Mockito.when(mockedRequest.getCharacterEncoding()).thenReturn("UTF-8");
@@ -870,6 +980,13 @@ public class RoleManageControllerTest {
                List<CentralizedApp> actual  = roleManageController.getCentralizedAppRoles(mockedRequest, mockedResponse, user.getOrgUserId());
                assertEquals(cenApps.size(), actual.size());
        }
+
+       @Test
+       public void getCentralizedAppRolesXSSTest() throws IOException {
+               String id = ("<ScRipT>alert(\"XSS\");</ScRipT>");
+               List<CentralizedApp> actual  = roleManageController.getCentralizedAppRoles(mockedRequest, mockedResponse, id);
+               assertNull(actual);
+       }
        
        @Test
        public void getCentralizedAppRolesExceptionTest() throws IOException {
@@ -885,6 +1002,16 @@ public class RoleManageControllerTest {
                List<CentralizedApp> actual  = roleManageController.getCentralizedAppRoles(mockedRequest, mockedResponse, user.getOrgUserId());
                assertNull(actual);
        }
+
+       @Test
+  public void bulkUploadRoleFuncUserNullTest() {
+      UploadRoleFunctionExtSystem data = Mockito.mock(UploadRoleFunctionExtSystem.class);
+      Mockito.when(appService.getApp(127L)).thenReturn(null);
+      PortalRestResponse<String> response = roleManageController.bulkUploadRoleFunc(mockedRequest, mockedResponse, data, 127L);
+      assertEquals(PortalRestStatusEnum.ERROR, response.getStatus());
+      assertEquals("Unauthorized User", response.getMessage());
+      assertEquals("Failure", response.getResponse());
+  }
        
        public CentralV2RoleFunction mockCentralRoleFunction() {
                CentralV2RoleFunction roleFunction = new CentralV2RoleFunction();
ARCHIVED- 2022-02-15 at the request of the project