X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=portal-BE%2Fsrc%2Ftest%2Fjava%2Forg%2Fonap%2Fportal%2Fcontroller%2FWidgetsControllerTest.java;h=168fcc7af6cd48d3937c92a3bf1fb7b06002f9a6;hb=ffd9af970318c1f5a0bad46d7aad5d4611414aae;hp=0f27747133939939ff6be65370206ce1604f334d;hpb=26abc89a7ce21999cccd88b77cd2ecda21cbe905;p=portal.git diff --git a/portal-BE/src/test/java/org/onap/portal/controller/WidgetsControllerTest.java b/portal-BE/src/test/java/org/onap/portal/controller/WidgetsControllerTest.java index 0f277471..168fcc7a 100644 --- a/portal-BE/src/test/java/org/onap/portal/controller/WidgetsControllerTest.java +++ b/portal-BE/src/test/java/org/onap/portal/controller/WidgetsControllerTest.java @@ -44,11 +44,13 @@ import static junit.framework.TestCase.assertEquals; import static junit.framework.TestCase.assertNull; import static org.mockito.Mockito.when; +import java.io.IOException; import java.time.LocalDateTime; import java.util.ArrayList; import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.onap.portal.dao.fn.FnLanguageDao; @@ -58,8 +60,10 @@ import org.onap.portal.domain.db.fn.FnUser; import org.onap.portal.domain.db.fn.FnWidget; import org.onap.portal.domain.dto.transport.FieldsValidator; import org.onap.portal.domain.dto.transport.OnboardingWidget; +import org.onap.portal.domain.dto.transport.WidgetCatalogPersonalization; import org.onap.portal.framework.MockitoTestSuite; import org.onap.portal.service.WidgetService; +import org.onap.portal.service.fn.FnLanguageService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.context.SpringBootTest; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; @@ -74,13 +78,13 @@ import org.springframework.transaction.annotation.Transactional; @Transactional public class WidgetsControllerTest { - private UsernamePasswordAuthenticationToken principal = new UsernamePasswordAuthenticationToken("demo", + private final UsernamePasswordAuthenticationToken principal = new UsernamePasswordAuthenticationToken("demo", "demo123"); - MockitoTestSuite mockitoTestSuite = new MockitoTestSuite(); + final MockitoTestSuite mockitoTestSuite = new MockitoTestSuite(); - HttpServletRequest request = mockitoTestSuite.getMockedRequest(); - HttpServletResponse response = mockitoTestSuite.getMockedResponse(); + final HttpServletRequest request = mockitoTestSuite.getMockedRequest(); + final HttpServletResponse response = mockitoTestSuite.getMockedResponse(); @Autowired private WidgetsController widgetsController; @@ -90,10 +94,20 @@ public class WidgetsControllerTest { private FnLanguageDao fnLanguageDao; @Autowired private WidgetService widgetService; + @Autowired + private FnLanguageService fnLanguageService; + + private FnLanguage language; + private FnUser questUser; + private FnUser notQuestUser; + + @Before + public void init(){ + this.language = getFnLanguage(); + this.questUser = getQuestUser(); + this.notQuestUser = getNotQuestUser(); + } - private FnLanguage language = getFnLanguage(); - private FnUser questUser = getQuestUser(); - private FnUser notQuestUser = getNotQuestUser(); @Test(expected = UsernameNotFoundException.class) public void getOnboardingWidgetsNullUserTest() { @@ -118,7 +132,8 @@ public class WidgetsControllerTest { @Test public void getOnboardingWidgetsUserTest() { - UsernamePasswordAuthenticationToken notQuestprincipal = new UsernamePasswordAuthenticationToken("notQuestUser", + UsernamePasswordAuthenticationToken notQuestprincipal = new UsernamePasswordAuthenticationToken( + "notQuestUser", "demo123"); fnUserDao.save(notQuestUser); List expected = new ArrayList<>(); @@ -133,7 +148,8 @@ public class WidgetsControllerTest { @Test public void getOnboardingWidgetsWrongHeaderTest() { - UsernamePasswordAuthenticationToken notQuestprincipal = new UsernamePasswordAuthenticationToken("notQuestUser", + UsernamePasswordAuthenticationToken notQuestprincipal = new UsernamePasswordAuthenticationToken( + "notQuestUser", "demo123"); fnUserDao.save(notQuestUser); when(request.getHeader("X-Widgets-Type")).thenReturn("test"); @@ -147,8 +163,6 @@ public class WidgetsControllerTest { @Test public void putOnboardingWidgetSameWidget() { //Given - UsernamePasswordAuthenticationToken notQuestprincipal = new UsernamePasswordAuthenticationToken("cs0008", - "demo123"); fnUserDao.save(notQuestUser); when(request.getHeader("X-Widgets-Type")).thenReturn("managed"); @@ -162,7 +176,6 @@ public class WidgetsControllerTest { .url("testurl") .build(); - FnWidget fnWidget = FnWidget.builder() .name("Application") .appId(453L) @@ -175,7 +188,8 @@ public class WidgetsControllerTest { FieldsValidator expected = new FieldsValidator(); //When - FieldsValidator actual = widgetsController.putOnboardingWidget(principal, fnWidget.getWidgetId(), onboardingWidget, response); + FieldsValidator actual = widgetsController + .putOnboardingWidget(principal, fnWidget.getWidgetId(), onboardingWidget, response); //Then assertEquals(expected.getErrorCode(), actual.getErrorCode()); assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode()); @@ -185,8 +199,6 @@ public class WidgetsControllerTest { @Test public void putOnboardingWidgetAOP() { //Given - UsernamePasswordAuthenticationToken notQuestprincipal = new UsernamePasswordAuthenticationToken("cs0008", - "demo123"); fnUserDao.save(notQuestUser); when(request.getHeader("X-Widgets-Type")).thenReturn("managed"); @@ -200,7 +212,6 @@ public class WidgetsControllerTest { .url("testurl") .build(); - FnWidget fnWidget = FnWidget.builder() .name("Application") .appId(1421L) @@ -215,7 +226,8 @@ public class WidgetsControllerTest { expected.setHttpStatusCode(406L); expected.addProblematicFieldName("appName can't be blank, appId value must be higher than 1"); //When - FieldsValidator actual = widgetsController.putOnboardingWidget(principal, fnWidget.getWidgetId(), onboardingWidget, response); + FieldsValidator actual = widgetsController + .putOnboardingWidget(principal, fnWidget.getWidgetId(), onboardingWidget, response); //Then assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode()); assertEquals(expected.getFields().size(), actual.getFields().size()); @@ -224,8 +236,6 @@ public class WidgetsControllerTest { @Test public void putOnboardingWidgetAOPXSSTest() { //Given - UsernamePasswordAuthenticationToken notQuestprincipal = new UsernamePasswordAuthenticationToken("cs0008", - "demo123"); fnUserDao.save(notQuestUser); when(request.getHeader("X-Widgets-Type")).thenReturn("managed"); @@ -241,9 +251,37 @@ public class WidgetsControllerTest { FieldsValidator expected = new FieldsValidator(); expected.setHttpStatusCode(406L); - expected.addProblematicFieldName("appName may have unsafe html content, name may have unsafe html content"); + expected.addProblematicFieldName( + "appName may have unsafe html content, name may have unsafe html content"); + //When + FieldsValidator actual = widgetsController + .putOnboardingWidget(principal, 15L, onboardingWidget, response); + //Then + assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode()); + assertEquals(expected.getFields().size(), actual.getFields().size()); + } + + @Test + public void postOnboardingWidgetXSS() { + //Given + fnUserDao.save(notQuestUser); + when(request.getHeader("X-Widgets-Type")).thenReturn("managed"); + + OnboardingWidget onboardingWidget = OnboardingWidget.builder() + .id(123L) + .name("\n") + .appId(34L) + .appName("") + .width(123) + .height(45) + .url("testurl") + .build(); + + FieldsValidator expected = new FieldsValidator(); + expected.setHttpStatusCode(406L); + expected.addProblematicFieldName("appName may have unse html content, name may have unsafe html content"); //When - FieldsValidator actual = widgetsController.putOnboardingWidget(principal, 15L, onboardingWidget, response); + FieldsValidator actual = widgetsController.postOnboardingWidget(principal, response, onboardingWidget); //Then assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode()); assertEquals(expected.getFields().size(), actual.getFields().size()); @@ -251,17 +289,84 @@ public class WidgetsControllerTest { @Test public void postOnboardingWidget() { + //Given + fnUserDao.save(notQuestUser); + when(request.getHeader("X-Widgets-Type")).thenReturn("managed"); + + OnboardingWidget onboardingWidget = OnboardingWidget.builder() + .id(123L) + .name("appname") + .appId(34L) + .appName("appname") + .width(123) + .height(45) + .url("testurl") + .build(); + + FieldsValidator expected = new FieldsValidator(); + expected.setHttpStatusCode(200L); + //When + FieldsValidator actual = widgetsController.postOnboardingWidget(principal, response, onboardingWidget); + //Then + assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode()); + assertEquals(expected.getFields().size(), actual.getFields().size()); } @Test - public void deleteOnboardingWidget() { + public void deleteOnboardingWidgetSCFORBIDDEN() { + //Given + fnUserDao.save(notQuestUser); + when(request.getHeader("X-Widgets-Type")).thenReturn("managed"); + + OnboardingWidget onboardingWidget = OnboardingWidget.builder() + .id(123L) + .name("") + .appId(1L) + .appName("rtyrty") + .width(123) + .height(45) + .url("testurl") + .build(); + + FnWidget fnWidget = FnWidget.builder() + .name("Application") + .appId(1421L) + .width(123) + .height(45) + .url("testurl") + .build(); + + widgetService.saveOne(fnWidget); + + + + FieldsValidator expected = new FieldsValidator(); + expected.setHttpStatusCode(500L); + expected.addProblematicFieldName("appName can't be blank, appId value must be higher than 1"); + + //When + widgetsController.putOnboardingWidget(principal, fnWidget.getWidgetId(), onboardingWidget, response); + + FieldsValidator actual = widgetsController.deleteOnboardingWidget(principal, response, fnWidget.getWidgetId()); + //Then + assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode()); } @Test - public void putWidgetCatalogSelection() { + public void putWidgetCatalogSelection() throws IOException { + //Give + WidgetCatalogPersonalization personalization = new WidgetCatalogPersonalization(7L, true); + + FieldsValidator expected = new FieldsValidator(); + expected.setHttpStatusCode(200L); + expected.addProblematicFieldName(""); + //When + FieldsValidator actual = widgetsController.putWidgetCatalogSelection(principal, personalization, response); + //Then + assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode()); } - private FnUser getQuestUser(){ + private FnUser getQuestUser() { return FnUser.builder() .loginId("questUser") .loginPwd("demo123") @@ -271,11 +376,12 @@ public class WidgetsControllerTest { .modifiedDate(LocalDateTime.now()) .isInternalYn(true) .languageId(language) + .isSystemUser(true) .guest(true) .build(); } - private FnUser getNotQuestUser(){ + private FnUser getNotQuestUser() { return FnUser.builder() .loginId("notQuestUser") .loginPwd("demo123") @@ -284,12 +390,16 @@ public class WidgetsControllerTest { .createdDate(LocalDateTime.now()) .modifiedDate(LocalDateTime.now()) .isInternalYn(true) + .isSystemUser(true) .languageId(language) .guest(false) .build(); } - private FnLanguage getFnLanguage(){ - return FnLanguage.builder().languageName("Polish").languageAlias("Pl").build(); + + private FnLanguage getFnLanguage() { + FnLanguage tmp = FnLanguage.builder().languageName("Polish").languageAlias("Pl").build(); + fnLanguageService.save(tmp); + return tmp; } } \ No newline at end of file