X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=ecomp-portal-BE-common%2Fsrc%2Ftest%2Fjava%2Forg%2Fonap%2Fportalapp%2Fportal%2Fcontroller%2FRoleManageControllerTest.java;h=9673cb2c077c6bb63e1a95bac964a183f19af99d;hb=8b67487fa29e61ad15ac961231ebb3b6621d39dc;hp=ff9fcffc72f055d944d44160084ee2bf41fd94d8;hpb=d84a85d705b38d90b73809ead3e5034b8c066ca9;p=portal.git

diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/RoleManageControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/RoleManageControllerTest.java
index ff9fcffc..9673cb2c 100644
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/RoleManageControllerTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/RoleManageControllerTest.java
@@ -4,6 +4,8 @@
  * ===================================================================
  * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
  * ===================================================================
+ * Modifications Copyright (c) 2019 Samsung
+ * ===================================================================
  *
  * Unless otherwise specified, all software contained herein is licensed
  * under the Apache License, Version 2.0 (the "License");
@@ -76,6 +78,7 @@ import org.onap.portalapp.portal.domain.EPApp;
 import org.onap.portalapp.portal.domain.EPUser;
 import org.onap.portalapp.portal.ecomp.model.PortalRestResponse;
 import org.onap.portalapp.portal.ecomp.model.PortalRestStatusEnum;
+import org.onap.portalapp.portal.ecomp.model.UploadRoleFunctionExtSystem;
 import org.onap.portalapp.portal.framework.MockitoTestSuite;
 import org.onap.portalapp.portal.service.AdminRolesService;
 import org.onap.portalapp.portal.service.EPAppService;
@@ -367,6 +370,48 @@ public class RoleManageControllerTest {
 		assertEquals(expected, actual);
 	}
 
+	@Test
+	public void saveRoleFunctionXSSTest() throws Exception {
+		PowerMockito.mockStatic(EPUserUtils.class);
+		PowerMockito.mockStatic(EcompPortalUtils.class);
+		EPUser user = mockUser.mockEPUser();
+		Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+		Mockito.when(EcompPortalUtils.checkIfRemoteCentralAccessAllowed()).thenReturn(true);
+		Mockito.when(adminRolesService.isAccountAdminOfApplication(user, CentralApp())).thenReturn(true);
+		Mockito.when(appService.getApp((long) 1)).thenReturn(CentralApp());
+		Mockito.doNothing().when(roleFunctionListController).saveRoleFunction(mockedRequest, mockedResponse, "test");
+		CentralV2RoleFunction addNewFunc = new CentralV2RoleFunction();
+		addNewFunc.setCode("â><script>alert(âXSSâ)</script>");
+		addNewFunc.setType("Test");
+		addNewFunc.setAction("Test");
+		addNewFunc.setName("Test");
+		CentralV2RoleFunction roleFunction = mockCentralRoleFunction();
+		roleFunction.setCode("Test|Test|Test");
+		Mockito.when(externalAccessRolesService.getRoleFunction("Test|Test|Test", "test")).thenReturn(roleFunction);
+		Mockito.when(externalAccessRolesService.saveCentralRoleFunction(Matchers.anyObject(), Matchers.anyObject()))
+			.thenReturn(true);
+		Mockito.when(EcompPortalUtils.getFunctionCode(roleFunction.getCode())).thenReturn("Test");
+		Mockito.when(EcompPortalUtils.getFunctionType(roleFunction.getCode())).thenReturn("Test");
+		Mockito.when(EcompPortalUtils.getFunctionAction(roleFunction.getCode())).thenReturn("Test");
+		Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+		List<EPUser> userList = new ArrayList<>();
+		userList.add(user);
+		List<EPApp> appList = new ArrayList<>();
+		appList.add(CentralApp());
+		Mockito.when(externalAccessRolesService.getUser("guestT")).thenReturn(userList);
+		StringWriter sw = new StringWriter();
+		PrintWriter writer = new PrintWriter(sw);
+		Mockito.when(mockedResponse.getWriter()).thenReturn(writer);
+		ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.OK);
+		Mockito.when(externalAccessRolesService.getNameSpaceIfExists(Matchers.anyObject())).thenReturn(response);
+		Mockito.when(externalAccessRolesService.getApp(Matchers.anyString())).thenReturn(appList);
+		PortalRestResponse<String> actual = roleManageController.saveRoleFunction(mockedRequest, mockedResponse,
+			addNewFunc, (long) 1);
+		PortalRestResponse<String> expected = new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
+			"Data is not valid", "ERROR");
+		assertEquals(expected, actual);
+	}
+
 	@Test
 	public void saveRoleFunctionExceptionTest() throws Exception {
 		Mockito.when(appService.getApp((long) 1)).thenReturn(CentralApp());
@@ -417,6 +462,36 @@ public class RoleManageControllerTest {
 		assertEquals(expected, actual);
 	}
 
+	@Test
+	public void removeRoleFunctionXSSTest() throws Exception {
+		PowerMockito.mockStatic(EPUserUtils.class);
+		PowerMockito.mockStatic(EcompPortalUtils.class);
+		EPUser user = mockUser.mockEPUser();
+		Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+		Mockito.when(EcompPortalUtils.checkIfRemoteCentralAccessAllowed()).thenReturn(true);
+		Mockito.when(adminRolesService.isAccountAdminOfApplication(user, CentralApp())).thenReturn(true);
+		Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+		Mockito.when(appService.getApp((long) 1)).thenReturn(CentralApp());
+		String roleFun = "<script>alert(/XSSâ)</script>";
+		CentralV2RoleFunction roleFunction = mockCentralRoleFunction();
+		Mockito.when(externalAccessRolesService.getRoleFunction("Test|Test|Test", "test")).thenReturn(roleFunction);
+		StringWriter sw = new StringWriter();
+		PrintWriter writer = new PrintWriter(sw);
+		Mockito.when(mockedResponse.getWriter()).thenReturn(writer);
+		Mockito.when(externalAccessRolesService.deleteCentralRoleFunction(Matchers.anyString(), Matchers.anyObject()))
+			.thenReturn(true);
+		List<EPApp> appList = new ArrayList<>();
+		appList.add(CentralApp());
+		ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.OK);
+		Mockito.when(externalAccessRolesService.getNameSpaceIfExists(Matchers.anyObject())).thenReturn(response);
+		Mockito.when(externalAccessRolesService.getApp(Matchers.anyString())).thenReturn(appList);
+		PortalRestResponse<String> actual = roleManageController.removeRoleFunction(mockedRequest, mockedResponse,
+			roleFun, (long) 1);
+		PortalRestResponse<String> expected = new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
+			"Data is not valid", "ERROR");
+		assertEquals(expected, actual);
+	}
+
 	@Test
 	public void removeRoleFunctionExceptionTest() throws Exception {
 		EPUser user = mockUser.mockEPUser();
@@ -474,6 +549,9 @@ public class RoleManageControllerTest {
 
 	@Test
 	public void syncRolesException() throws Exception {
+      EPUser user = mockUser.mockEPUser();
+      Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+      Mockito.when(adminRolesService.isAccountAdminOfApplication(user, null)).thenReturn(true);
 		Mockito.when(appService.getAppDetailByAppName("test")).thenThrow(nullPointerException);
 		PortalRestResponse<String> actual = roleManageController.syncRoles(mockedRequest, mockedResponse, 1l);
 		PortalRestResponse<String> portalRestResponse = new PortalRestResponse<>();
@@ -483,6 +561,18 @@ public class RoleManageControllerTest {
 		assertEquals(portalRestResponse, actual);
 	}
 
+    @Test
+    public void syncRolesUserNullException() throws Exception {
+        Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(null);
+        Mockito.when(appService.getAppDetailByAppName("test")).thenThrow(nullPointerException);
+        PortalRestResponse<String> actual = roleManageController.syncRoles(mockedRequest, mockedResponse, 1l);
+        PortalRestResponse<String> portalRestResponse = new PortalRestResponse<>();
+        portalRestResponse.setMessage("Unauthorized User");
+        portalRestResponse.setResponse("Failure");
+        portalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+        assertEquals(portalRestResponse, actual);
+    }
+
 	@Test
 	public void syncRolesFunctionsTest() throws Exception {
 		PowerMockito.mockStatic(EPUserUtils.class);
@@ -510,7 +600,10 @@ public class RoleManageControllerTest {
 
 	@Test
 	public void syncRolesFunctionsException() throws Exception {
-		Mockito.when(appService.getAppDetailByAppName("test")).thenThrow(nullPointerException);
+      EPUser user = mockUser.mockEPUser();
+      Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+      Mockito.when(adminRolesService.isAccountAdminOfApplication(user, null)).thenReturn(true);
+      Mockito.when(appService.getAppDetailByAppName("test")).thenThrow(nullPointerException);
 		PortalRestResponse<String> actual = roleManageController.syncFunctions(mockedRequest, mockedResponse, 1l);
 		PortalRestResponse<String> portalRestResponse = new PortalRestResponse<>();
 		portalRestResponse.setMessage(null);
@@ -519,6 +612,18 @@ public class RoleManageControllerTest {
 		assertEquals(portalRestResponse, actual);
 	}
 
+    @Test
+    public void syncRolesFunctionsUserNullException() throws Exception {
+        Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(null);
+        Mockito.when(appService.getAppDetailByAppName("test")).thenThrow(nullPointerException);
+        PortalRestResponse<String> actual = roleManageController.syncFunctions(mockedRequest, mockedResponse, 1l);
+        PortalRestResponse<String> portalRestResponse = new PortalRestResponse<>();
+        portalRestResponse.setMessage("Unauthorized User");
+        portalRestResponse.setResponse("Failure");
+        portalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+        assertEquals(portalRestResponse, actual);
+    }
+
 	@Test
 	public void addChildRoleTest() throws Exception {
 		ModelAndView modelandView = new ModelAndView("login.htm");
@@ -875,6 +980,13 @@ public class RoleManageControllerTest {
 		List<CentralizedApp> actual  = roleManageController.getCentralizedAppRoles(mockedRequest, mockedResponse, user.getOrgUserId());
 		assertEquals(cenApps.size(), actual.size());
 	}
+
+	@Test
+	public void getCentralizedAppRolesXSSTest() throws IOException {
+		String id = ("<ScRipT>alert(\"XSS\");</ScRipT>");
+		List<CentralizedApp> actual  = roleManageController.getCentralizedAppRoles(mockedRequest, mockedResponse, id);
+		assertNull(actual);
+	}
 	
 	@Test
 	public void getCentralizedAppRolesExceptionTest() throws IOException {
@@ -890,6 +1002,16 @@ public class RoleManageControllerTest {
 		List<CentralizedApp> actual  = roleManageController.getCentralizedAppRoles(mockedRequest, mockedResponse, user.getOrgUserId());
 		assertNull(actual);
 	}
+
+	@Test
+  public void bulkUploadRoleFuncUserNullTest() {
+      UploadRoleFunctionExtSystem data = Mockito.mock(UploadRoleFunctionExtSystem.class);
+      Mockito.when(appService.getApp(127L)).thenReturn(null);
+      PortalRestResponse<String> response = roleManageController.bulkUploadRoleFunc(mockedRequest, mockedResponse, data, 127L);
+      assertEquals(PortalRestStatusEnum.ERROR, response.getStatus());
+      assertEquals("Unauthorized User", response.getMessage());
+      assertEquals("Failure", response.getResponse());
+  }
 	
 	public CentralV2RoleFunction mockCentralRoleFunction() {
 		CentralV2RoleFunction roleFunction = new CentralV2RoleFunction();
