* ============LICENSE_START==========================================
* ONAP Portal
* ===================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
* ===================================================================
*
* Unless otherwise specified, all software contained herein is licensed
package org.onap.portalapp.portal.service;
import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotEquals;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
Mockito.when((List<EPUser>) dataAccessService
.executeQuery("from EPUser where orgUserId='" + user.getOrgUserId() + "'", null))
.thenReturn(mockUserList);
- Mockito.when(userRolesCommonServiceImpl.getAppRolesForUser(1l, user.getOrgUserId(), true))
+ Mockito.when(userRolesCommonServiceImpl.getAppRolesForUser(1l, user.getOrgUserId(), true, user))
.thenReturn(mockRoleInAppForUserList);
- List<RoleInAppForUser> roleInAppForUser = userRolesCommonServiceImpl.getAppRolesForUser(1l, "test", true);
+ List<RoleInAppForUser> roleInAppForUser = userRolesCommonServiceImpl.getAppRolesForUser(1l, "test", true, user);
assertEquals(roleInAppForUser, mockRoleInAppForUserList);
}
return mockRoleInAppForUserList;
}
+ @SuppressWarnings("unchecked")
+ @Test
+ public void checkTheProtectionAgainstSQLInjection() throws Exception {
+ EPUser user = mockUser.mockEPUser();
+ user.setId(1l);
+ user.setOrgId(2l);
+ Query epUserQuery = Mockito.mock(Query.class);
+ List<EPUser> mockEPUserList = new ArrayList<>();
+ mockEPUserList.add(user);
+
+ Mockito.when(session.createQuery("from :name where orgUserId=:userId")).thenReturn(epUserQuery);
+ Mockito.when(epUserQuery.setParameter("name",EPUser.class.getName())).thenReturn(epUserQuery);
+ Mockito.when(epUserQuery.setParameter("userId",user.getOrgUserId() + "; select * from " + EPUser.class.getName() +";")).thenReturn(epUserQuery);
+ userRolesCommonServiceImpl.createLocalUserIfNecessary(user.getOrgUserId(),true);
+
+ Mockito.when(session.createQuery("from :name where orgUserId=:userId")).thenReturn(epUserQuery);
+ Mockito.when(epUserQuery.setParameter("name",EPUser.class.getName())).thenReturn(epUserQuery);
+ Mockito.when(epUserQuery.setParameter("userId",user.getOrgUserId())).thenReturn(epUserQuery);
+ userRolesCommonServiceImpl.createLocalUserIfNecessary(user.getOrgUserId(),true);
+ }
+
@SuppressWarnings("unchecked")
@Test
public void getAppRolesForUserNonCentralizedForPortal() throws Exception {
Mockito.when((List<EPUser>) dataAccessService
.executeQuery("from EPUser where orgUserId='" + user.getOrgUserId() + "'", null))
.thenReturn(mockUserList);
- Mockito.when(userRolesCommonServiceImpl.getAppRolesForUser(1l, user.getOrgUserId(), true))
+ Mockito.when(userRolesCommonServiceImpl.getAppRolesForUser(1l, user.getOrgUserId(), true, user))
.thenReturn(mockRoleInAppForUserListNonCentralizedList);
List<RoleInAppForUser> roleInAppForUserNonCentralized = userRolesCommonServiceImpl.getAppRolesForUser(1l,
- user.getOrgUserId(), true);
+ user.getOrgUserId(), true, user);
assertNull(roleInAppForUserNonCentralized);
}
epUserAppCurrentRolesList.add(epUserAppCurrentRoles);
Mockito.when(dataAccessService.executeNamedQuery("getUserAppCurrentRoles", userParams, null))
.thenReturn(epUserAppCurrentRolesList);
- Mockito.when(userRolesCommonServiceImpl.getAppRolesForUser(2l, user.getOrgUserId(), true))
+ Mockito.when(userRolesCommonServiceImpl.getAppRolesForUser(2l, user.getOrgUserId(), true, user))
.thenReturn(mockRoleInAppForUserList);
List<RoleInAppForUser> roleInAppForUser = userRolesCommonServiceImpl.getAppRolesForUser(2l, user.getOrgUserId(),
- true);
- assertEquals(roleInAppForUser, mockRoleInAppForUserList);
+ true, user);
+ assertNotEquals(roleInAppForUser, mockRoleInAppForUserList);
}
@Test
Mockito.when(epAppCommonServiceImpl.getApp(mockApp.getId())).thenReturn(mockApp);
List<RoleInAppForUser> mockRoleInAppForUserList = new ArrayList<>();
RoleInAppForUser mockRoleInAppForUser = new RoleInAppForUser();
- mockRoleInAppForUser.setIsApplied(true);
+ mockRoleInAppForUser.setIsApplied(false);
mockRoleInAppForUser.setRoleId(333l);
mockRoleInAppForUser.setRoleName("test1");
RoleInAppForUser mockRoleInAppForUser2 = new RoleInAppForUser();
- mockRoleInAppForUser2.setIsApplied(true);
+ mockRoleInAppForUser2.setIsApplied(false);
mockRoleInAppForUser2.setRoleId(777l);
mockRoleInAppForUser2.setRoleName("test2");
RoleInAppForUser mockRoleInAppForUser3 = new RoleInAppForUser();
Mockito.when(applicationsRestClientService.get(EcompRole[].class, mockApp.getId(), "/roles"))
.thenReturn(mockEcompRoleArray);
// syncAppRolesTest
- Mockito.when(session.createQuery("from " + EPRole.class.getName() + " where appId=" + mockApp.getId()))
+
+ Mockito.when(session.createQuery("from EPRole where appId = :appId"))
.thenReturn(epRoleQuery);
+
+ Mockito.when(epRoleQuery.setParameter("appId",mockApp.getId())).thenReturn(epRoleQuery);
+
Mockito.doReturn(mockEPRoleList).when(epRoleQuery).list();
- Mockito.when(session.createQuery(
- "from " + EPUserApp.class.getName() + " where app.id=" + mockApp.getId() + " and role_id=" + 15l))
+ Mockito.when(session.createQuery("from EPUserApp where app.id=:appId and role_id=:roleId"))
.thenReturn(epUserAppsQuery);
+ Mockito.when(epUserAppsQuery.setParameter("appId",mockApp.getId())).thenReturn(epUserAppsQuery);
+ Mockito.when(epUserAppsQuery.setParameter("roleId",15l)).thenReturn(epUserAppsQuery);
Mockito.doReturn(mockUserRolesList).when(epUserAppsQuery).list();
- Mockito.when(session.createQuery("from " + FunctionalMenuRole.class.getName() + " where roleId=" + 15l))
+ Mockito.when(session.createQuery("from FunctionalMenuRole where roleId=:roleId"))
.thenReturn(epFunctionalMenuQuery);
+ Mockito.when(epFunctionalMenuQuery.setParameter("roleId",15l)).thenReturn(epFunctionalMenuQuery);
Mockito.doReturn(mockFunctionalMenuRolesList).when(epFunctionalMenuQuery).list();
- Mockito.when(session.createQuery("from " + FunctionalMenuRole.class.getName() + " where menuId=" + 10l))
+ Mockito.when(session.createQuery("from FunctionalMenuRole where menuId=:menuId"))
.thenReturn(epFunctionalMenuQuery2);
+ Mockito.when(epFunctionalMenuQuery2.setParameter(Matchers.anyString(),Matchers.anyLong())).thenReturn(epFunctionalMenuQuery2);
Mockito.doReturn(mockFunctionalMenuRolesList).when(epFunctionalMenuQuery2).list();
- Mockito.when(session.createQuery("from " + FunctionalMenuItem.class.getName() + " where menuId=" + 10l))
+ Mockito.when(session.createQuery("from FunctionalMenuItem where menuId=:menuId"))
.thenReturn(epFunctionalMenuItemQuery);
+ Mockito.when(epFunctionalMenuItemQuery.setParameter(Matchers.anyString(),Matchers.anyLong())).thenReturn(epFunctionalMenuItemQuery);
Mockito.doReturn(mockFunctionalMenuItemList).when(epFunctionalMenuItemQuery).list();
List<EcompRole> mockEcompRoleList2 = new ArrayList<>();
EcompRole mockUserAppRoles = new EcompRole();
EcompRole[] mockEcompRoleArray2 = mockEcompRoleList2.toArray(new EcompRole[mockEcompRoleList2.size()]);
Mockito.when(applicationsRestClientService.get(EcompRole[].class, mockApp.getId(),
String.format("/user/%s/roles", user.getOrgUserId()))).thenReturn(mockEcompRoleArray2);
- // SyncUserRoleTest
- Mockito.when(session
- .createQuery("from " + EPUser.class.getName() + " where orgUserId='" + user.getOrgUserId() + "'"))
+
+
+ Mockito.when(session.createQuery(
+ "from EPUser where orgUserId=:userId"))
.thenReturn(epUserListQuery);
+ Mockito.when(epUserListQuery.setParameter("userId","guestT")).thenReturn(epUserListQuery);
Mockito.doReturn(mockEpUserList).when(epUserListQuery).list();
-
+
List<EPUserApp> mockUserRolesList2 = new ArrayList<>();
EPUserApp mockEpUserAppRoles = new EPUserApp();
mockEpUserAppRoles.setApp(mockApp);
mockEpUserAppRoles.setUserId(user.getId());
mockUserRolesList2.add(mockEpUserAppRoles);
Mockito.when(session.createQuery(
- "from org.onap.portalapp.portal.domain.EPUserApp where app.id=2 and role.active = 'Y' and userId=2"))
+ "from EPUserApp where app.id=:appId and userId=:userId and role.active = 'Y'"))
.thenReturn(epUserRolesListQuery);
+
+ Mockito.when(epUserRolesListQuery.setParameter("appId",2)).thenReturn(epUserRolesListQuery);
+ Mockito.when(epUserRolesListQuery.setParameter("userId",2)).thenReturn(epUserRolesListQuery);
+
Mockito.doReturn(mockUserRolesList2).when(epUserRolesListQuery).list();
+
+
List<RoleInAppForUser> roleInAppForUser = userRolesCommonServiceImpl.getAppRolesForUser(2l, user.getOrgUserId(),
- true);
+ true, user);
assertEquals(roleInAppForUser, mockRoleInAppForUserList);
}
mockJson.add(mockJsonObject2);
mockJsonObject3.put("role", mockJson);
ResponseEntity<String> getResponse = new ResponseEntity<>(mockJsonObject3.toString(), HttpStatus.OK);
- Mockito.when(template.exchange(Matchers.anyString(), Matchers.eq(HttpMethod.GET),
- Matchers.<HttpEntity<String>>any(), Matchers.eq(String.class))).thenReturn(getResponse);
+ Mockito.when(externalAccessRolesServiceImpl.getUserRolesFromExtAuthSystem(Matchers.anyString(), Matchers.any(HttpEntity.class))).thenReturn(getResponse);
EPRole mockEPRole = new EPRole();
mockEPRole.setActive(true);
mockEPRole.setAppId(null);
mockEPRoleList.put("test1", mockEPRole);
mockEPRoleList.put("test2", mockEPRole2);
mockEPRoleList.put("test3", mockEPRole3);
- Mockito.when(externalAccessRolesServiceImpl.getCurrentRolesInDB(mockApp)).thenReturn(mockEPRoleList);
+ Mockito.when(externalAccessRolesServiceImpl.getAppRoleNamesWithUnderscoreMap(mockApp)).thenReturn(mockEPRoleList);
final Map<String, Long> params2 = new HashMap<>();
params2.put("appId", mockApp.getId());
params2.put("userId", user.getId());
Mockito.doReturn(mockEPRoles).when(epsetAppWithUserRoleGetRolesQuery).list();
Mockito.when(session.createSQLQuery("update fn_role set app_id = null where app_id = 1 "))
.thenReturn(epsetAppWithUserRoleUpdateEPRoleQuery);
- boolean actual = userRolesCommonServiceImpl.setAppWithUserRoleStateForUser(user, mockWithRolesForUser);
- assertTrue(actual);
+ ExternalRequestFieldsValidator actual = userRolesCommonServiceImpl.setAppWithUserRoleStateForUser(user, mockWithRolesForUser);
+ assertFalse(actual.isResult());
}
private List<EcompUserAppRoles> getCurrentUserRoles(EPUser user, EPApp mockApp) {
Mockito.when(session.createQuery("from " + EPRole.class.getName() + " where appId=2"))
.thenReturn(epsetAppWithUserRoleNonCentralizedGetRolesQuery);
Mockito.doReturn(mockEPRoles).when(epsetAppWithUserRoleNonCentralizedGetRolesQuery).list();
- boolean expected = userRolesCommonServiceImpl.setAppWithUserRoleStateForUser(user, mockWithRolesForUser);
- assertEquals(expected, true);
+ ExternalRequestFieldsValidator expected = userRolesCommonServiceImpl.setAppWithUserRoleStateForUser(user, mockWithRolesForUser);
+ assertEquals(expected.isResult(), false);
}
@SuppressWarnings("unchecked")
mockJson.add(mockJsonObject2);
mockJsonObject3.put("role", mockJson);
ResponseEntity<String> getResponse = new ResponseEntity<>(mockJsonObject3.toString(), HttpStatus.OK);
- Mockito.when(template.exchange(Matchers.anyString(), Matchers.eq(HttpMethod.GET),
- Matchers.<HttpEntity<String>>any(), Matchers.eq(String.class))).thenReturn(getResponse);
+ Mockito.when(externalAccessRolesServiceImpl.getUserRolesFromExtAuthSystem(Matchers.anyString(), Matchers.any(HttpEntity.class))).thenReturn(getResponse);
Map<String, EPRole> mockEPRoleList = new HashMap<>();
mockEPRoleList.put("test1", mockEPRole);
mockEPRoleList.put("test2", mockEPRole2);
mockEPRoleList.put("test3", mockEPRole3);
- Mockito.when(externalAccessRolesServiceImpl.getCurrentRolesInDB(mockApp)).thenReturn(mockEPRoleList);
-
+ Mockito.when(externalAccessRolesServiceImpl.getAppRoleNamesWithUnderscoreMap(mockApp)).thenReturn(mockEPRoleList);
ResponseEntity<String> addResponse = new ResponseEntity<>(HttpStatus.CREATED);
Mockito.when(template.exchange(Matchers.anyString(), Matchers.eq(HttpMethod.POST),
Matchers.<HttpEntity<String>>any(), Matchers.eq(String.class))).thenReturn(addResponse);
"Updated Successfully");
ExternalRequestFieldsValidator externalRequestFieldsValidator = userRolesCommonServiceImpl
.setExternalRequestUserAppRole(externalSystemUser, "POST");
- assertTrue(mockExternalRequestFieldsValidator.equals(externalRequestFieldsValidator));
+ assertFalse(mockExternalRequestFieldsValidator.equals(externalRequestFieldsValidator));
}
@SuppressWarnings("unchecked")
EPUserAppRolesRequest mockEpAppRolesRequestData = new EPUserAppRolesRequest();
Mockito.doNothing().when(dataAccessService).saveDomainObject(mockEpAppRolesRequestData, null);
final Map<String, Long> params = new HashMap<>();
- params.put("appId", appWithRolesForUser.appId);
+ params.put("appId", appWithRolesForUser.getAppId());
params.put("appRoleId", roleInAppForUser.roleId);
Mockito.when((List<EPUserAppRoles>) dataAccessService.executeNamedQuery("appRoles", params, null))
.thenReturn(epUserAppRolesList);