import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNull;
-
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.util.Map;
import java.util.SortedSet;
import java.util.TreeSet;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-
import org.json.simple.JSONObject;
import org.junit.Before;
import org.junit.Test;
import org.springframework.http.ResponseEntity;
import org.springframework.mock.web.DelegatingServletInputStream;
import org.springframework.web.servlet.ModelAndView;
-
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
Mockito.when(externalAccessRolesService.getApp(CentralApp().getUebKey())).thenReturn(apps);
ResponseEntity<String> result = new ResponseEntity<>(HttpStatus.OK);
Mockito.when(externalAccessRolesService.getNameSpaceIfExists(apps.get(0))).thenReturn(result);
- CentralV2Role answer = new CentralV2Role();
+ CentralV2Role answer = new CentralV2Role.CentralV2RoleBuilder().createCentralV2Role();
Mockito.when(externalAccessRolesService.getRoleInfo((long) 1, "test")).thenReturn(answer);
List<CentralV2RoleFunction> finalRoleFunctionList = new ArrayList<>();
Mockito.when(externalAccessRolesService.getRoleFuncList("test")).thenReturn(finalRoleFunctionList);
@Test(expected = Exception.class)
public void getRoleExceptionTest() throws Exception {
Mockito.when(appService.getApp((long) 1)).thenReturn(mockApp());
- CentralV2Role answer = new CentralV2Role();
+ CentralV2Role answer = new CentralV2Role.CentralV2RoleBuilder().createCentralV2Role();
Mockito.when(externalAccessRolesService.getRoleInfo((long) 1, "test")).thenReturn(answer);
Mockito.when(externalAccessRolesService.getRoleFuncList("test")).thenThrow(nullPointerException);
roleManageController.getRole(mockedRequest, mockedResponse, (long) 1, null);
@Test
public void getRoleIfRoleIdNotNullTest() throws Exception {
Mockito.when(appService.getApp((long) 1)).thenReturn(CentralApp());
- CentralV2Role answer = new CentralV2Role();
+ CentralV2Role answer = new CentralV2Role.CentralV2RoleBuilder().createCentralV2Role();
Mockito.when(externalAccessRolesService.getRoleInfo((long) 1, "test")).thenReturn(answer);
List<CentralV2RoleFunction> finalRoleFunctionList = new ArrayList<>();
Mockito.when(externalAccessRolesService.getRoleFuncList("test")).thenReturn(finalRoleFunctionList);
StringWriter sw = new StringWriter();
PrintWriter writer = new PrintWriter(sw);
Mockito.when(mockedResponse.getWriter()).thenReturn(writer);
- CentralV2Role currentRole = new CentralV2Role();
+ CentralV2Role currentRole = new CentralV2Role.CentralV2RoleBuilder().createCentralV2Role();
SortedSet<CentralV2Role> parentRoles = new TreeSet<>();
- CentralV2Role centralV2Role = new CentralV2Role();
+ CentralV2Role centralV2Role = new CentralV2Role.CentralV2RoleBuilder().createCentralV2Role();
centralV2Role.setName("test");
parentRoles.add(centralV2Role);
currentRole.setParentRoles(parentRoles);
assertEquals(expected, actual);
}
+ @Test
+ public void saveRoleFunctionXSSTest() throws Exception {
+ PowerMockito.mockStatic(EPUserUtils.class);
+ PowerMockito.mockStatic(EcompPortalUtils.class);
+ EPUser user = mockUser.mockEPUser();
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+ Mockito.when(EcompPortalUtils.checkIfRemoteCentralAccessAllowed()).thenReturn(true);
+ Mockito.when(adminRolesService.isAccountAdminOfApplication(user, CentralApp())).thenReturn(true);
+ Mockito.when(appService.getApp((long) 1)).thenReturn(CentralApp());
+ Mockito.doNothing().when(roleFunctionListController).saveRoleFunction(mockedRequest, mockedResponse, "test");
+ CentralV2RoleFunction addNewFunc = new CentralV2RoleFunction();
+ addNewFunc.setCode("“><script>alert(“XSS”)</script>");
+ addNewFunc.setType("Test");
+ addNewFunc.setAction("Test");
+ addNewFunc.setName("Test");
+ CentralV2RoleFunction roleFunction = mockCentralRoleFunction();
+ roleFunction.setCode("Test|Test|Test");
+ Mockito.when(externalAccessRolesService.getRoleFunction("Test|Test|Test", "test")).thenReturn(roleFunction);
+ Mockito.when(externalAccessRolesService.saveCentralRoleFunction(Matchers.anyObject(), Matchers.anyObject()))
+ .thenReturn(true);
+ Mockito.when(EcompPortalUtils.getFunctionCode(roleFunction.getCode())).thenReturn("Test");
+ Mockito.when(EcompPortalUtils.getFunctionType(roleFunction.getCode())).thenReturn("Test");
+ Mockito.when(EcompPortalUtils.getFunctionAction(roleFunction.getCode())).thenReturn("Test");
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+ List<EPUser> userList = new ArrayList<>();
+ userList.add(user);
+ List<EPApp> appList = new ArrayList<>();
+ appList.add(CentralApp());
+ Mockito.when(externalAccessRolesService.getUser("guestT")).thenReturn(userList);
+ StringWriter sw = new StringWriter();
+ PrintWriter writer = new PrintWriter(sw);
+ Mockito.when(mockedResponse.getWriter()).thenReturn(writer);
+ ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.OK);
+ Mockito.when(externalAccessRolesService.getNameSpaceIfExists(Matchers.anyObject())).thenReturn(response);
+ Mockito.when(externalAccessRolesService.getApp(Matchers.anyString())).thenReturn(appList);
+ PortalRestResponse<String> actual = roleManageController.saveRoleFunction(mockedRequest, mockedResponse,
+ addNewFunc, (long) 1);
+ PortalRestResponse<String> expected = new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
+ "Data is not valid", "ERROR");
+ assertEquals(expected, actual);
+ }
+
@Test
public void saveRoleFunctionExceptionTest() throws Exception {
Mockito.when(appService.getApp((long) 1)).thenReturn(CentralApp());
assertEquals(expected, actual);
}
+ @Test
+ public void removeRoleFunctionXSSTest() throws Exception {
+ PowerMockito.mockStatic(EPUserUtils.class);
+ PowerMockito.mockStatic(EcompPortalUtils.class);
+ EPUser user = mockUser.mockEPUser();
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+ Mockito.when(EcompPortalUtils.checkIfRemoteCentralAccessAllowed()).thenReturn(true);
+ Mockito.when(adminRolesService.isAccountAdminOfApplication(user, CentralApp())).thenReturn(true);
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+ Mockito.when(appService.getApp((long) 1)).thenReturn(CentralApp());
+ String roleFun = "<script>alert(/XSS”)</script>";
+ CentralV2RoleFunction roleFunction = mockCentralRoleFunction();
+ Mockito.when(externalAccessRolesService.getRoleFunction("Test|Test|Test", "test")).thenReturn(roleFunction);
+ StringWriter sw = new StringWriter();
+ PrintWriter writer = new PrintWriter(sw);
+ Mockito.when(mockedResponse.getWriter()).thenReturn(writer);
+ Mockito.when(externalAccessRolesService.deleteCentralRoleFunction(Matchers.anyString(), Matchers.anyObject()))
+ .thenReturn(true);
+ List<EPApp> appList = new ArrayList<>();
+ appList.add(CentralApp());
+ ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.OK);
+ Mockito.when(externalAccessRolesService.getNameSpaceIfExists(Matchers.anyObject())).thenReturn(response);
+ Mockito.when(externalAccessRolesService.getApp(Matchers.anyString())).thenReturn(appList);
+ PortalRestResponse<String> actual = roleManageController.removeRoleFunction(mockedRequest, mockedResponse,
+ roleFun, (long) 1);
+ PortalRestResponse<String> expected = new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
+ "Data is not valid", "ERROR");
+ assertEquals(expected, actual);
+ }
+
@Test
public void removeRoleFunctionExceptionTest() throws Exception {
EPUser user = mockUser.mockEPUser();
.thenReturn(externalRequestFieldsValidator);
Map<String, Object> actual = roleManageController.saveRole(mockedRequest, mockedResponse, CentralApp().getId());
final Map<String, Object> expected = new HashMap<>();
- expected.put("role", new CentralV2Role(null, "test"));
+ expected.put("role",
+ new CentralV2Role.CentralV2RoleBuilder().setId(null).setName("test").createCentralV2Role());
expected.put("status", "Success");
assertEquals(expected, actual);
}
ExternalRequestFieldsValidator externalRequestFieldsValidator = new ExternalRequestFieldsValidator(true, "");
Mockito.when(externalAccessRolesService.saveRoleForApplication(Matchers.any(), Matchers.any()))
.thenReturn(externalRequestFieldsValidator);
- CentralV2Role cenV2Role = new CentralV2Role(1l, "test1");
+ CentralV2Role cenV2Role =
+ new CentralV2Role.CentralV2RoleBuilder().setId(1l).setName("test1").createCentralV2Role();
cenV2Role.setActive(true);
Mockito.when(externalAccessRolesService.getRoleInfo(Matchers.anyLong(), Matchers.any())).thenReturn(cenV2Role);
Map<String, Object> actual = roleManageController.saveRole(mockedRequest, mockedResponse, CentralApp().getId());
Mockito.when(externalAccessRolesService.getApp(Matchers.anyString())).thenReturn(appList);
ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.OK);
Mockito.when(externalAccessRolesService.getNameSpaceIfExists(Matchers.anyObject())).thenReturn(response);
- CentralV2Role role = new CentralV2Role(1l, "test");
+ CentralV2Role role = new CentralV2Role.CentralV2RoleBuilder().setId(1l).setName("test").createCentralV2Role();
role.setActive(true);
Role currentRole = new Role();
currentRole.setName("test");
Mockito.when(externalAccessRolesService.getApp(Matchers.anyString())).thenReturn(appList);
ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.OK);
Mockito.when(externalAccessRolesService.getNameSpaceIfExists(Matchers.anyObject())).thenReturn(response);
- CentralV2Role role = new CentralV2Role(1l, "test");
+ CentralV2Role role = new CentralV2Role.CentralV2RoleBuilder().setId(1l).setName("test").createCentralV2Role();
role.setActive(true);
Role currentRole = new Role();
currentRole.setName("test");
List<CentralizedApp> actual = roleManageController.getCentralizedAppRoles(mockedRequest, mockedResponse, user.getOrgUserId());
assertEquals(cenApps.size(), actual.size());
}
+
+ @Test
+ public void getCentralizedAppRolesXSSTest() throws IOException {
+ String id = ("<ScRipT>alert(\"XSS\");</ScRipT>");
+ List<CentralizedApp> actual = roleManageController.getCentralizedAppRoles(mockedRequest, mockedResponse, id);
+ assertNull(actual);
+ }
@Test
public void getCentralizedAppRolesExceptionTest() throws IOException {
Code Review / portal.git / blobdiff