X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=ecomp-portal-BE-common%2Fsrc%2Ftest%2Fjava%2Forg%2Fonap%2Fportalapp%2Fportal%2Fservice%2FUserRolesCommonServiceImplTest.java;h=785522d4daa38f226a2bc87a486c5e81ef4ab75c;hb=8fbf2846655dbad0e19789e510c51127ad35104d;hp=c907a6e516f49c993f8be804c5b95bce1ebf48a2;hpb=a70761c096192e38800bf38d6c7f61f52bf72007;p=portal.git diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java index c907a6e5..785522d4 100644 --- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java +++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java @@ -2,7 +2,7 @@ * ============LICENSE_START========================================== * ONAP Portal * =================================================================== - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. * =================================================================== * * Unless otherwise specified, all software contained herein is licensed @@ -82,18 +82,7 @@ import org.onap.portalapp.portal.domain.EPUserAppRoles; import org.onap.portalapp.portal.domain.EPUserAppRolesRequest; import org.onap.portalapp.portal.domain.EPUserAppRolesRequestDetail; import org.onap.portalapp.portal.domain.ExternalSystemAccess; -import org.onap.portalapp.portal.transport.AppWithRolesForUser; -import org.onap.portalapp.portal.transport.CentralV2Role; -import org.onap.portalapp.portal.transport.EPUserAppCurrentRoles; -import org.onap.portalapp.portal.transport.EcompUserAppRoles; -import org.onap.portalapp.portal.transport.ExternalRequestFieldsValidator; -import org.onap.portalapp.portal.transport.FieldsValidator; -import org.onap.portalapp.portal.transport.FunctionalMenuItem; -import org.onap.portalapp.portal.transport.FunctionalMenuRole; -import org.onap.portalapp.portal.transport.RemoteRole; -import org.onap.portalapp.portal.transport.RemoteUserWithRoles; -import org.onap.portalapp.portal.transport.RoleInAppForUser; -import org.onap.portalapp.portal.transport.UserApplicationRoles; +import org.onap.portalapp.portal.transport.*; import org.onap.portalapp.portal.utils.EPCommonSystemProperties; import org.onap.portalapp.portal.utils.EcompPortalUtils; import org.onap.portalapp.portal.utils.PortalConstants; @@ -204,10 +193,14 @@ public class UserRolesCommonServiceImplTest { Mockito.when(epAppCommonServiceImpl.getApp(mockApp.getId())).thenReturn(mockApp); List mockRoleInAppForUserList = getMockedRoleInAppUserList(); List mockCenV2Role = new ArrayList<>(); - CentralV2Role cenV2Role = new CentralV2Role(1l, null, null, null, null, null, "test1", true, null, - new TreeSet<>(), new TreeSet<>(), new TreeSet<>()); - CentralV2Role cenV2Role2 = new CentralV2Role(16l, null, null, null, null, null, "test2", true, null, - new TreeSet<>(), new TreeSet<>(), new TreeSet<>()); + CentralV2Role cenV2Role = new CentralV2Role.CentralV2RoleBuilder().setId(1l).setCreated(null).setModified(null) + .setCreatedId(null).setModifiedId(null).setRowNum(null).setName("test1").setActive(true) + .setPriority(null).setRoleFunctions(new TreeSet<>()).setChildRoles(new TreeSet<>()) + .setParentRoles(new TreeSet<>()).createCentralV2Role(); + CentralV2Role cenV2Role2 = new CentralV2Role.CentralV2RoleBuilder().setId(16l).setCreated(null) + .setModified(null).setCreatedId(null).setModifiedId(null).setRowNum(null).setName("test2") + .setActive(true).setPriority(null).setRoleFunctions(new TreeSet<>()).setChildRoles(new TreeSet<>()) + .setParentRoles(new TreeSet<>()).createCentralV2Role(); mockCenV2Role.add(cenV2Role); mockCenV2Role.add(cenV2Role2); Mockito.when(externalAccessRolesServiceImpl.getRolesForApp(mockApp.getUebKey())).thenReturn(mockCenV2Role); @@ -237,6 +230,27 @@ public class UserRolesCommonServiceImplTest { return mockRoleInAppForUserList; } + @SuppressWarnings("unchecked") + @Test + public void checkTheProtectionAgainstSQLInjection() throws Exception { + EPUser user = mockUser.mockEPUser(); + user.setId(1l); + user.setOrgId(2l); + Query epUserQuery = Mockito.mock(Query.class); + List mockEPUserList = new ArrayList<>(); + mockEPUserList.add(user); + + Mockito.when(session.createQuery("from :name where orgUserId=:userId")).thenReturn(epUserQuery); + Mockito.when(epUserQuery.setParameter("name",EPUser.class.getName())).thenReturn(epUserQuery); + Mockito.when(epUserQuery.setParameter("userId",user.getOrgUserId() + "; select * from " + EPUser.class.getName() +";")).thenReturn(epUserQuery); + userRolesCommonServiceImpl.createLocalUserIfNecessary(user.getOrgUserId(),true); + + Mockito.when(session.createQuery("from :name where orgUserId=:userId")).thenReturn(epUserQuery); + Mockito.when(epUserQuery.setParameter("name",EPUser.class.getName())).thenReturn(epUserQuery); + Mockito.when(epUserQuery.setParameter("userId",user.getOrgUserId())).thenReturn(epUserQuery); + userRolesCommonServiceImpl.createLocalUserIfNecessary(user.getOrgUserId(),true); + } + @SuppressWarnings("unchecked") @Test public void getAppRolesForUserNonCentralizedForPortal() throws Exception { @@ -342,11 +356,11 @@ public class UserRolesCommonServiceImplTest { Mockito.when(epAppCommonServiceImpl.getApp(mockApp.getId())).thenReturn(mockApp); List mockRoleInAppForUserList = new ArrayList<>(); RoleInAppForUser mockRoleInAppForUser = new RoleInAppForUser(); - mockRoleInAppForUser.setIsApplied(true); + mockRoleInAppForUser.setIsApplied(false); mockRoleInAppForUser.setRoleId(333l); mockRoleInAppForUser.setRoleName("test1"); RoleInAppForUser mockRoleInAppForUser2 = new RoleInAppForUser(); - mockRoleInAppForUser2.setIsApplied(true); + mockRoleInAppForUser2.setIsApplied(false); mockRoleInAppForUser2.setRoleId(777l); mockRoleInAppForUser2.setRoleName("test2"); RoleInAppForUser mockRoleInAppForUser3 = new RoleInAppForUser(); @@ -424,24 +438,32 @@ public class UserRolesCommonServiceImplTest { Mockito.when(applicationsRestClientService.get(EcompRole[].class, mockApp.getId(), "/roles")) .thenReturn(mockEcompRoleArray); // syncAppRolesTest - Mockito.when(session.createQuery("from " + EPRole.class.getName() + " where appId=" + mockApp.getId())) + + Mockito.when(session.createQuery("from EPRole where appId = :appId")) .thenReturn(epRoleQuery); + + Mockito.when(epRoleQuery.setParameter("appId",mockApp.getId())).thenReturn(epRoleQuery); + Mockito.doReturn(mockEPRoleList).when(epRoleQuery).list(); - Mockito.when(session.createQuery( - "from " + EPUserApp.class.getName() + " where app.id=" + mockApp.getId() + " and role_id=" + 15l)) + Mockito.when(session.createQuery("from EPUserApp where app.id=:appId and role_id=:roleId")) .thenReturn(epUserAppsQuery); + Mockito.when(epUserAppsQuery.setParameter("appId",mockApp.getId())).thenReturn(epUserAppsQuery); + Mockito.when(epUserAppsQuery.setParameter("roleId",15l)).thenReturn(epUserAppsQuery); Mockito.doReturn(mockUserRolesList).when(epUserAppsQuery).list(); - Mockito.when(session.createQuery("from " + FunctionalMenuRole.class.getName() + " where roleId=" + 15l)) + Mockito.when(session.createQuery("from FunctionalMenuRole where roleId=:roleId")) .thenReturn(epFunctionalMenuQuery); + Mockito.when(epFunctionalMenuQuery.setParameter("roleId",15l)).thenReturn(epFunctionalMenuQuery); Mockito.doReturn(mockFunctionalMenuRolesList).when(epFunctionalMenuQuery).list(); - Mockito.when(session.createQuery("from " + FunctionalMenuRole.class.getName() + " where menuId=" + 10l)) + Mockito.when(session.createQuery("from FunctionalMenuRole where menuId=:menuId")) .thenReturn(epFunctionalMenuQuery2); + Mockito.when(epFunctionalMenuQuery2.setParameter(Matchers.anyString(),Matchers.anyLong())).thenReturn(epFunctionalMenuQuery2); Mockito.doReturn(mockFunctionalMenuRolesList).when(epFunctionalMenuQuery2).list(); - Mockito.when(session.createQuery("from " + FunctionalMenuItem.class.getName() + " where menuId=" + 10l)) + Mockito.when(session.createQuery("from FunctionalMenuItem where menuId=:menuId")) .thenReturn(epFunctionalMenuItemQuery); + Mockito.when(epFunctionalMenuItemQuery.setParameter(Matchers.anyString(),Matchers.anyLong())).thenReturn(epFunctionalMenuItemQuery); Mockito.doReturn(mockFunctionalMenuItemList).when(epFunctionalMenuItemQuery).list(); List mockEcompRoleList2 = new ArrayList<>(); EcompRole mockUserAppRoles = new EcompRole(); @@ -455,12 +477,14 @@ public class UserRolesCommonServiceImplTest { EcompRole[] mockEcompRoleArray2 = mockEcompRoleList2.toArray(new EcompRole[mockEcompRoleList2.size()]); Mockito.when(applicationsRestClientService.get(EcompRole[].class, mockApp.getId(), String.format("/user/%s/roles", user.getOrgUserId()))).thenReturn(mockEcompRoleArray2); - // SyncUserRoleTest - Mockito.when(session - .createQuery("from " + EPUser.class.getName() + " where orgUserId='" + user.getOrgUserId() + "'")) + + + Mockito.when(session.createQuery( + "from EPUser where orgUserId=:userId")) .thenReturn(epUserListQuery); + Mockito.when(epUserListQuery.setParameter("userId","guestT")).thenReturn(epUserListQuery); Mockito.doReturn(mockEpUserList).when(epUserListQuery).list(); - + List mockUserRolesList2 = new ArrayList<>(); EPUserApp mockEpUserAppRoles = new EPUserApp(); mockEpUserAppRoles.setApp(mockApp); @@ -468,9 +492,15 @@ public class UserRolesCommonServiceImplTest { mockEpUserAppRoles.setUserId(user.getId()); mockUserRolesList2.add(mockEpUserAppRoles); Mockito.when(session.createQuery( - "from org.onap.portalapp.portal.domain.EPUserApp where app.id=2 and role.active = 'Y' and userId=2")) + "from EPUserApp where app.id=:appId and userId=:userId and role.active = 'Y'")) .thenReturn(epUserRolesListQuery); + + Mockito.when(epUserRolesListQuery.setParameter("appId",2)).thenReturn(epUserRolesListQuery); + Mockito.when(epUserRolesListQuery.setParameter("userId",2)).thenReturn(epUserRolesListQuery); + Mockito.doReturn(mockUserRolesList2).when(epUserRolesListQuery).list(); + + List roleInAppForUser = userRolesCommonServiceImpl.getAppRolesForUser(2l, user.getOrgUserId(), true, user); assertEquals(roleInAppForUser, mockRoleInAppForUserList); @@ -636,7 +666,7 @@ public class UserRolesCommonServiceImplTest { Mockito.when(session.createSQLQuery("update fn_role set app_id = null where app_id = 1 ")) .thenReturn(epsetAppWithUserRoleUpdateEPRoleQuery); ExternalRequestFieldsValidator actual = userRolesCommonServiceImpl.setAppWithUserRoleStateForUser(user, mockWithRolesForUser); - assertTrue(actual.isResult()); + assertFalse(actual.isResult()); } private List getCurrentUserRoles(EPUser user, EPApp mockApp) { @@ -783,7 +813,7 @@ public class UserRolesCommonServiceImplTest { assertEquals(expected.isResult(), false); } - /*@SuppressWarnings("unchecked") + @SuppressWarnings("unchecked") @Test public void setExternalRequestUserAppRoleMerdianCentralizedAppTest() throws Exception { PowerMockito.mockStatic(SystemProperties.class); @@ -951,7 +981,7 @@ public class UserRolesCommonServiceImplTest { .setExternalRequestUserAppRole(externalSystemUser, "POST"); assertTrue(mockExternalRequestFieldsValidator.equals(externalRequestFieldsValidator)); } -*/ + @SuppressWarnings("unchecked") @Test public void setExternalRequestUserAppRoleMerdianNonCentralizedAppTest() throws Exception { @@ -1314,7 +1344,7 @@ public class UserRolesCommonServiceImplTest { EPUserAppRolesRequest mockEpAppRolesRequestData = new EPUserAppRolesRequest(); Mockito.doNothing().when(dataAccessService).saveDomainObject(mockEpAppRolesRequestData, null); final Map params = new HashMap<>(); - params.put("appId", appWithRolesForUser.appId); + params.put("appId", appWithRolesForUser.getAppId()); params.put("appRoleId", roleInAppForUser.roleId); Mockito.when((List) dataAccessService.executeNamedQuery("appRoles", params, null)) .thenReturn(epUserAppRolesList);