X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=ecomp-portal-BE-common%2Fsrc%2Ftest%2Fjava%2Forg%2Fonap%2Fportalapp%2Fportal%2Fservice%2FUserRolesCommonServiceImplTest.java;h=785522d4daa38f226a2bc87a486c5e81ef4ab75c;hb=8fbf2846655dbad0e19789e510c51127ad35104d;hp=c98be5634537cee3a9536c300ed51a3a270cf6eb;hpb=d84a85d705b38d90b73809ead3e5034b8c066ca9;p=portal.git diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java index c98be563..785522d4 100644 --- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java +++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java @@ -2,7 +2,7 @@ * ============LICENSE_START========================================== * ONAP Portal * =================================================================== - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. * =================================================================== * * Unless otherwise specified, all software contained herein is licensed @@ -37,7 +37,11 @@ */ package org.onap.portalapp.portal.service; -import static org.junit.Assert.*; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotEquals; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertTrue; import java.util.ArrayList; import java.util.Date; @@ -78,18 +82,7 @@ import org.onap.portalapp.portal.domain.EPUserAppRoles; import org.onap.portalapp.portal.domain.EPUserAppRolesRequest; import org.onap.portalapp.portal.domain.EPUserAppRolesRequestDetail; import org.onap.portalapp.portal.domain.ExternalSystemAccess; -import org.onap.portalapp.portal.transport.AppWithRolesForUser; -import org.onap.portalapp.portal.transport.CentralV2Role; -import org.onap.portalapp.portal.transport.EPUserAppCurrentRoles; -import org.onap.portalapp.portal.transport.EcompUserAppRoles; -import org.onap.portalapp.portal.transport.ExternalRequestFieldsValidator; -import org.onap.portalapp.portal.transport.FieldsValidator; -import org.onap.portalapp.portal.transport.FunctionalMenuItem; -import org.onap.portalapp.portal.transport.FunctionalMenuRole; -import org.onap.portalapp.portal.transport.RemoteRole; -import org.onap.portalapp.portal.transport.RemoteUserWithRoles; -import org.onap.portalapp.portal.transport.RoleInAppForUser; -import org.onap.portalapp.portal.transport.UserApplicationRoles; +import org.onap.portalapp.portal.transport.*; import org.onap.portalapp.portal.utils.EPCommonSystemProperties; import org.onap.portalapp.portal.utils.EcompPortalUtils; import org.onap.portalapp.portal.utils.PortalConstants; @@ -200,10 +193,14 @@ public class UserRolesCommonServiceImplTest { Mockito.when(epAppCommonServiceImpl.getApp(mockApp.getId())).thenReturn(mockApp); List mockRoleInAppForUserList = getMockedRoleInAppUserList(); List mockCenV2Role = new ArrayList<>(); - CentralV2Role cenV2Role = new CentralV2Role(1l, null, null, null, null, null, "test1", true, null, - new TreeSet<>(), new TreeSet<>(), new TreeSet<>()); - CentralV2Role cenV2Role2 = new CentralV2Role(16l, null, null, null, null, null, "test2", true, null, - new TreeSet<>(), new TreeSet<>(), new TreeSet<>()); + CentralV2Role cenV2Role = new CentralV2Role.CentralV2RoleBuilder().setId(1l).setCreated(null).setModified(null) + .setCreatedId(null).setModifiedId(null).setRowNum(null).setName("test1").setActive(true) + .setPriority(null).setRoleFunctions(new TreeSet<>()).setChildRoles(new TreeSet<>()) + .setParentRoles(new TreeSet<>()).createCentralV2Role(); + CentralV2Role cenV2Role2 = new CentralV2Role.CentralV2RoleBuilder().setId(16l).setCreated(null) + .setModified(null).setCreatedId(null).setModifiedId(null).setRowNum(null).setName("test2") + .setActive(true).setPriority(null).setRoleFunctions(new TreeSet<>()).setChildRoles(new TreeSet<>()) + .setParentRoles(new TreeSet<>()).createCentralV2Role(); mockCenV2Role.add(cenV2Role); mockCenV2Role.add(cenV2Role2); Mockito.when(externalAccessRolesServiceImpl.getRolesForApp(mockApp.getUebKey())).thenReturn(mockCenV2Role); @@ -212,9 +209,9 @@ public class UserRolesCommonServiceImplTest { Mockito.when((List) dataAccessService .executeQuery("from EPUser where orgUserId='" + user.getOrgUserId() + "'", null)) .thenReturn(mockUserList); - Mockito.when(userRolesCommonServiceImpl.getAppRolesForUser(1l, user.getOrgUserId(), true)) + Mockito.when(userRolesCommonServiceImpl.getAppRolesForUser(1l, user.getOrgUserId(), true, user)) .thenReturn(mockRoleInAppForUserList); - List roleInAppForUser = userRolesCommonServiceImpl.getAppRolesForUser(1l, "test", true); + List roleInAppForUser = userRolesCommonServiceImpl.getAppRolesForUser(1l, "test", true, user); assertEquals(roleInAppForUser, mockRoleInAppForUserList); } @@ -233,6 +230,27 @@ public class UserRolesCommonServiceImplTest { return mockRoleInAppForUserList; } + @SuppressWarnings("unchecked") + @Test + public void checkTheProtectionAgainstSQLInjection() throws Exception { + EPUser user = mockUser.mockEPUser(); + user.setId(1l); + user.setOrgId(2l); + Query epUserQuery = Mockito.mock(Query.class); + List mockEPUserList = new ArrayList<>(); + mockEPUserList.add(user); + + Mockito.when(session.createQuery("from :name where orgUserId=:userId")).thenReturn(epUserQuery); + Mockito.when(epUserQuery.setParameter("name",EPUser.class.getName())).thenReturn(epUserQuery); + Mockito.when(epUserQuery.setParameter("userId",user.getOrgUserId() + "; select * from " + EPUser.class.getName() +";")).thenReturn(epUserQuery); + userRolesCommonServiceImpl.createLocalUserIfNecessary(user.getOrgUserId(),true); + + Mockito.when(session.createQuery("from :name where orgUserId=:userId")).thenReturn(epUserQuery); + Mockito.when(epUserQuery.setParameter("name",EPUser.class.getName())).thenReturn(epUserQuery); + Mockito.when(epUserQuery.setParameter("userId",user.getOrgUserId())).thenReturn(epUserQuery); + userRolesCommonServiceImpl.createLocalUserIfNecessary(user.getOrgUserId(),true); + } + @SuppressWarnings("unchecked") @Test public void getAppRolesForUserNonCentralizedForPortal() throws Exception { @@ -270,10 +288,10 @@ public class UserRolesCommonServiceImplTest { Mockito.when((List) dataAccessService .executeQuery("from EPUser where orgUserId='" + user.getOrgUserId() + "'", null)) .thenReturn(mockUserList); - Mockito.when(userRolesCommonServiceImpl.getAppRolesForUser(1l, user.getOrgUserId(), true)) + Mockito.when(userRolesCommonServiceImpl.getAppRolesForUser(1l, user.getOrgUserId(), true, user)) .thenReturn(mockRoleInAppForUserListNonCentralizedList); List roleInAppForUserNonCentralized = userRolesCommonServiceImpl.getAppRolesForUser(1l, - user.getOrgUserId(), true); + user.getOrgUserId(), true, user); assertNull(roleInAppForUserNonCentralized); } @@ -319,11 +337,11 @@ public class UserRolesCommonServiceImplTest { epUserAppCurrentRolesList.add(epUserAppCurrentRoles); Mockito.when(dataAccessService.executeNamedQuery("getUserAppCurrentRoles", userParams, null)) .thenReturn(epUserAppCurrentRolesList); - Mockito.when(userRolesCommonServiceImpl.getAppRolesForUser(2l, user.getOrgUserId(), true)) + Mockito.when(userRolesCommonServiceImpl.getAppRolesForUser(2l, user.getOrgUserId(), true, user)) .thenReturn(mockRoleInAppForUserList); List roleInAppForUser = userRolesCommonServiceImpl.getAppRolesForUser(2l, user.getOrgUserId(), - true); - assertEquals(roleInAppForUser, mockRoleInAppForUserList); + true, user); + assertNotEquals(roleInAppForUser, mockRoleInAppForUserList); } @Test @@ -338,11 +356,11 @@ public class UserRolesCommonServiceImplTest { Mockito.when(epAppCommonServiceImpl.getApp(mockApp.getId())).thenReturn(mockApp); List mockRoleInAppForUserList = new ArrayList<>(); RoleInAppForUser mockRoleInAppForUser = new RoleInAppForUser(); - mockRoleInAppForUser.setIsApplied(true); + mockRoleInAppForUser.setIsApplied(false); mockRoleInAppForUser.setRoleId(333l); mockRoleInAppForUser.setRoleName("test1"); RoleInAppForUser mockRoleInAppForUser2 = new RoleInAppForUser(); - mockRoleInAppForUser2.setIsApplied(true); + mockRoleInAppForUser2.setIsApplied(false); mockRoleInAppForUser2.setRoleId(777l); mockRoleInAppForUser2.setRoleName("test2"); RoleInAppForUser mockRoleInAppForUser3 = new RoleInAppForUser(); @@ -420,24 +438,32 @@ public class UserRolesCommonServiceImplTest { Mockito.when(applicationsRestClientService.get(EcompRole[].class, mockApp.getId(), "/roles")) .thenReturn(mockEcompRoleArray); // syncAppRolesTest - Mockito.when(session.createQuery("from " + EPRole.class.getName() + " where appId=" + mockApp.getId())) + + Mockito.when(session.createQuery("from EPRole where appId = :appId")) .thenReturn(epRoleQuery); + + Mockito.when(epRoleQuery.setParameter("appId",mockApp.getId())).thenReturn(epRoleQuery); + Mockito.doReturn(mockEPRoleList).when(epRoleQuery).list(); - Mockito.when(session.createQuery( - "from " + EPUserApp.class.getName() + " where app.id=" + mockApp.getId() + " and role_id=" + 15l)) + Mockito.when(session.createQuery("from EPUserApp where app.id=:appId and role_id=:roleId")) .thenReturn(epUserAppsQuery); + Mockito.when(epUserAppsQuery.setParameter("appId",mockApp.getId())).thenReturn(epUserAppsQuery); + Mockito.when(epUserAppsQuery.setParameter("roleId",15l)).thenReturn(epUserAppsQuery); Mockito.doReturn(mockUserRolesList).when(epUserAppsQuery).list(); - Mockito.when(session.createQuery("from " + FunctionalMenuRole.class.getName() + " where roleId=" + 15l)) + Mockito.when(session.createQuery("from FunctionalMenuRole where roleId=:roleId")) .thenReturn(epFunctionalMenuQuery); + Mockito.when(epFunctionalMenuQuery.setParameter("roleId",15l)).thenReturn(epFunctionalMenuQuery); Mockito.doReturn(mockFunctionalMenuRolesList).when(epFunctionalMenuQuery).list(); - Mockito.when(session.createQuery("from " + FunctionalMenuRole.class.getName() + " where menuId=" + 10l)) + Mockito.when(session.createQuery("from FunctionalMenuRole where menuId=:menuId")) .thenReturn(epFunctionalMenuQuery2); + Mockito.when(epFunctionalMenuQuery2.setParameter(Matchers.anyString(),Matchers.anyLong())).thenReturn(epFunctionalMenuQuery2); Mockito.doReturn(mockFunctionalMenuRolesList).when(epFunctionalMenuQuery2).list(); - Mockito.when(session.createQuery("from " + FunctionalMenuItem.class.getName() + " where menuId=" + 10l)) + Mockito.when(session.createQuery("from FunctionalMenuItem where menuId=:menuId")) .thenReturn(epFunctionalMenuItemQuery); + Mockito.when(epFunctionalMenuItemQuery.setParameter(Matchers.anyString(),Matchers.anyLong())).thenReturn(epFunctionalMenuItemQuery); Mockito.doReturn(mockFunctionalMenuItemList).when(epFunctionalMenuItemQuery).list(); List mockEcompRoleList2 = new ArrayList<>(); EcompRole mockUserAppRoles = new EcompRole(); @@ -451,12 +477,14 @@ public class UserRolesCommonServiceImplTest { EcompRole[] mockEcompRoleArray2 = mockEcompRoleList2.toArray(new EcompRole[mockEcompRoleList2.size()]); Mockito.when(applicationsRestClientService.get(EcompRole[].class, mockApp.getId(), String.format("/user/%s/roles", user.getOrgUserId()))).thenReturn(mockEcompRoleArray2); - // SyncUserRoleTest - Mockito.when(session - .createQuery("from " + EPUser.class.getName() + " where orgUserId='" + user.getOrgUserId() + "'")) + + + Mockito.when(session.createQuery( + "from EPUser where orgUserId=:userId")) .thenReturn(epUserListQuery); + Mockito.when(epUserListQuery.setParameter("userId","guestT")).thenReturn(epUserListQuery); Mockito.doReturn(mockEpUserList).when(epUserListQuery).list(); - + List mockUserRolesList2 = new ArrayList<>(); EPUserApp mockEpUserAppRoles = new EPUserApp(); mockEpUserAppRoles.setApp(mockApp); @@ -464,11 +492,17 @@ public class UserRolesCommonServiceImplTest { mockEpUserAppRoles.setUserId(user.getId()); mockUserRolesList2.add(mockEpUserAppRoles); Mockito.when(session.createQuery( - "from org.onap.portalapp.portal.domain.EPUserApp where app.id=2 and role.active = 'Y' and userId=2")) + "from EPUserApp where app.id=:appId and userId=:userId and role.active = 'Y'")) .thenReturn(epUserRolesListQuery); + + Mockito.when(epUserRolesListQuery.setParameter("appId",2)).thenReturn(epUserRolesListQuery); + Mockito.when(epUserRolesListQuery.setParameter("userId",2)).thenReturn(epUserRolesListQuery); + Mockito.doReturn(mockUserRolesList2).when(epUserRolesListQuery).list(); + + List roleInAppForUser = userRolesCommonServiceImpl.getAppRolesForUser(2l, user.getOrgUserId(), - true); + true, user); assertEquals(roleInAppForUser, mockRoleInAppForUserList); } @@ -583,7 +617,7 @@ public class UserRolesCommonServiceImplTest { mockEPRoleList.put("test1", mockEPRole); mockEPRoleList.put("test2", mockEPRole2); mockEPRoleList.put("test3", mockEPRole3); - Mockito.when(externalAccessRolesServiceImpl.getCurrentRolesInDB(mockApp)).thenReturn(mockEPRoleList); + Mockito.when(externalAccessRolesServiceImpl.getAppRoleNamesWithUnderscoreMap(mockApp)).thenReturn(mockEPRoleList); final Map params2 = new HashMap<>(); params2.put("appId", mockApp.getId()); params2.put("userId", user.getId()); @@ -631,8 +665,8 @@ public class UserRolesCommonServiceImplTest { Mockito.doReturn(mockEPRoles).when(epsetAppWithUserRoleGetRolesQuery).list(); Mockito.when(session.createSQLQuery("update fn_role set app_id = null where app_id = 1 ")) .thenReturn(epsetAppWithUserRoleUpdateEPRoleQuery); - boolean actual = userRolesCommonServiceImpl.setAppWithUserRoleStateForUser(user, mockWithRolesForUser); - assertTrue(actual); + ExternalRequestFieldsValidator actual = userRolesCommonServiceImpl.setAppWithUserRoleStateForUser(user, mockWithRolesForUser); + assertFalse(actual.isResult()); } private List getCurrentUserRoles(EPUser user, EPApp mockApp) { @@ -775,8 +809,8 @@ public class UserRolesCommonServiceImplTest { Mockito.when(session.createQuery("from " + EPRole.class.getName() + " where appId=2")) .thenReturn(epsetAppWithUserRoleNonCentralizedGetRolesQuery); Mockito.doReturn(mockEPRoles).when(epsetAppWithUserRoleNonCentralizedGetRolesQuery).list(); - boolean expected = userRolesCommonServiceImpl.setAppWithUserRoleStateForUser(user, mockWithRolesForUser); - assertEquals(expected, false); + ExternalRequestFieldsValidator expected = userRolesCommonServiceImpl.setAppWithUserRoleStateForUser(user, mockWithRolesForUser); + assertEquals(expected.isResult(), false); } @SuppressWarnings("unchecked") @@ -904,7 +938,7 @@ public class UserRolesCommonServiceImplTest { mockEPRoleList.put("test1", mockEPRole); mockEPRoleList.put("test2", mockEPRole2); mockEPRoleList.put("test3", mockEPRole3); - Mockito.when(externalAccessRolesServiceImpl.getCurrentRolesInDB(mockApp)).thenReturn(mockEPRoleList); + Mockito.when(externalAccessRolesServiceImpl.getAppRoleNamesWithUnderscoreMap(mockApp)).thenReturn(mockEPRoleList); ResponseEntity addResponse = new ResponseEntity<>(HttpStatus.CREATED); Mockito.when(template.exchange(Matchers.anyString(), Matchers.eq(HttpMethod.POST), Matchers.>any(), Matchers.eq(String.class))).thenReturn(addResponse); @@ -1310,7 +1344,7 @@ public class UserRolesCommonServiceImplTest { EPUserAppRolesRequest mockEpAppRolesRequestData = new EPUserAppRolesRequest(); Mockito.doNothing().when(dataAccessService).saveDomainObject(mockEpAppRolesRequestData, null); final Map params = new HashMap<>(); - params.put("appId", appWithRolesForUser.appId); + params.put("appId", appWithRolesForUser.getAppId()); params.put("appRoleId", roleInAppForUser.roleId); Mockito.when((List) dataAccessService.executeNamedQuery("appRoles", params, null)) .thenReturn(epUserAppRolesList);