X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=portal-BE%2Fsrc%2Ftest%2Fjava%2Forg%2Fonap%2Fportal%2Fcontroller%2FWidgetsControllerTest.java;h=168fcc7af6cd48d3937c92a3bf1fb7b06002f9a6;hb=ffd9af970318c1f5a0bad46d7aad5d4611414aae;hp=a90b38ff041f64366db4ffdc9b5ebb6b14b65339;hpb=99a220e3fccdabca5c5d1f63582a77a0379ac057;p=portal.git diff --git a/portal-BE/src/test/java/org/onap/portal/controller/WidgetsControllerTest.java b/portal-BE/src/test/java/org/onap/portal/controller/WidgetsControllerTest.java index a90b38ff..168fcc7a 100644 --- a/portal-BE/src/test/java/org/onap/portal/controller/WidgetsControllerTest.java +++ b/portal-BE/src/test/java/org/onap/portal/controller/WidgetsControllerTest.java @@ -44,51 +44,70 @@ import static junit.framework.TestCase.assertEquals; import static junit.framework.TestCase.assertNull; import static org.mockito.Mockito.when; +import java.io.IOException; import java.time.LocalDateTime; import java.util.ArrayList; import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.onap.portal.dao.fn.FnLanguageDao; import org.onap.portal.dao.fn.FnUserDao; import org.onap.portal.domain.db.fn.FnLanguage; import org.onap.portal.domain.db.fn.FnUser; +import org.onap.portal.domain.db.fn.FnWidget; +import org.onap.portal.domain.dto.transport.FieldsValidator; import org.onap.portal.domain.dto.transport.OnboardingWidget; +import org.onap.portal.domain.dto.transport.WidgetCatalogPersonalization; import org.onap.portal.framework.MockitoTestSuite; +import org.onap.portal.service.WidgetService; +import org.onap.portal.service.fn.FnLanguageService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.context.SpringBootTest; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.test.context.TestPropertySource; import org.springframework.test.context.junit4.SpringRunner; +import org.springframework.transaction.annotation.Transactional; @RunWith(SpringRunner.class) @SpringBootTest @TestPropertySource(locations = "classpath:test.properties") +@Transactional public class WidgetsControllerTest { - private UsernamePasswordAuthenticationToken principal = new UsernamePasswordAuthenticationToken("demo", + private final UsernamePasswordAuthenticationToken principal = new UsernamePasswordAuthenticationToken("demo", "demo123"); - MockitoTestSuite mockitoTestSuite = new MockitoTestSuite(); + final MockitoTestSuite mockitoTestSuite = new MockitoTestSuite(); - HttpServletRequest request = mockitoTestSuite.getMockedRequest(); - HttpServletResponse response = mockitoTestSuite.getMockedResponse(); + final HttpServletRequest request = mockitoTestSuite.getMockedRequest(); + final HttpServletResponse response = mockitoTestSuite.getMockedResponse(); @Autowired private WidgetsController widgetsController; @Autowired - private - FnUserDao fnUserDao; + private FnUserDao fnUserDao; @Autowired - private - FnLanguageDao fnLanguageDao; + private FnLanguageDao fnLanguageDao; + @Autowired + private WidgetService widgetService; + @Autowired + private FnLanguageService fnLanguageService; + + private FnLanguage language; + private FnUser questUser; + private FnUser notQuestUser; + + @Before + public void init(){ + this.language = getFnLanguage(); + this.questUser = getQuestUser(); + this.notQuestUser = getNotQuestUser(); + } - private FnLanguage language = getFnLanguage(); - private FnUser questUser = getQuestUser(); - private FnUser notQuestUser = getNotQuestUser(); @Test(expected = UsernameNotFoundException.class) public void getOnboardingWidgetsNullUserTest() { @@ -113,7 +132,8 @@ public class WidgetsControllerTest { @Test public void getOnboardingWidgetsUserTest() { - UsernamePasswordAuthenticationToken notQuestprincipal = new UsernamePasswordAuthenticationToken("notQuestUser", + UsernamePasswordAuthenticationToken notQuestprincipal = new UsernamePasswordAuthenticationToken( + "notQuestUser", "demo123"); fnUserDao.save(notQuestUser); List expected = new ArrayList<>(); @@ -128,7 +148,8 @@ public class WidgetsControllerTest { @Test public void getOnboardingWidgetsWrongHeaderTest() { - UsernamePasswordAuthenticationToken notQuestprincipal = new UsernamePasswordAuthenticationToken("notQuestUser", + UsernamePasswordAuthenticationToken notQuestprincipal = new UsernamePasswordAuthenticationToken( + "notQuestUser", "demo123"); fnUserDao.save(notQuestUser); when(request.getHeader("X-Widgets-Type")).thenReturn("test"); @@ -140,22 +161,212 @@ public class WidgetsControllerTest { } @Test - public void putOnboardingWidget() { + public void putOnboardingWidgetSameWidget() { + //Given + fnUserDao.save(notQuestUser); + when(request.getHeader("X-Widgets-Type")).thenReturn("managed"); + + OnboardingWidget onboardingWidget = OnboardingWidget.builder() + .id(123L) + .name("Application") + .appId(1421L) + .appName("Application name") + .width(123) + .height(45) + .url("testurl") + .build(); + + FnWidget fnWidget = FnWidget.builder() + .name("Application") + .appId(453L) + .width(123) + .height(45) + .url("testurl") + .build(); + + widgetService.saveOne(fnWidget); + + FieldsValidator expected = new FieldsValidator(); + //When + FieldsValidator actual = widgetsController + .putOnboardingWidget(principal, fnWidget.getWidgetId(), onboardingWidget, response); + //Then + assertEquals(expected.getErrorCode(), actual.getErrorCode()); + assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode()); + assertEquals(expected.getFields(), actual.getFields()); + } + + @Test + public void putOnboardingWidgetAOP() { + //Given + fnUserDao.save(notQuestUser); + when(request.getHeader("X-Widgets-Type")).thenReturn("managed"); + + OnboardingWidget onboardingWidget = OnboardingWidget.builder() + .id(123L) + .name("") + .appId(1L) + .appName("") + .width(123) + .height(45) + .url("testurl") + .build(); + + FnWidget fnWidget = FnWidget.builder() + .name("Application") + .appId(1421L) + .width(123) + .height(45) + .url("testurl") + .build(); + + widgetService.saveOne(fnWidget); + + FieldsValidator expected = new FieldsValidator(); + expected.setHttpStatusCode(406L); + expected.addProblematicFieldName("appName can't be blank, appId value must be higher than 1"); + //When + FieldsValidator actual = widgetsController + .putOnboardingWidget(principal, fnWidget.getWidgetId(), onboardingWidget, response); + //Then + assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode()); + assertEquals(expected.getFields().size(), actual.getFields().size()); + } + + @Test + public void putOnboardingWidgetAOPXSSTest() { + //Given + fnUserDao.save(notQuestUser); + when(request.getHeader("X-Widgets-Type")).thenReturn("managed"); + + OnboardingWidget onboardingWidget = OnboardingWidget.builder() + .id(123L) + .name("\n") + .appId(34L) + .appName("") + .width(123) + .height(45) + .url("testurl") + .build(); + + FieldsValidator expected = new FieldsValidator(); + expected.setHttpStatusCode(406L); + expected.addProblematicFieldName( + "appName may have unsafe html content, name may have unsafe html content"); + //When + FieldsValidator actual = widgetsController + .putOnboardingWidget(principal, 15L, onboardingWidget, response); + //Then + assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode()); + assertEquals(expected.getFields().size(), actual.getFields().size()); + } + + @Test + public void postOnboardingWidgetXSS() { + //Given + fnUserDao.save(notQuestUser); + when(request.getHeader("X-Widgets-Type")).thenReturn("managed"); + + OnboardingWidget onboardingWidget = OnboardingWidget.builder() + .id(123L) + .name("\n") + .appId(34L) + .appName("") + .width(123) + .height(45) + .url("testurl") + .build(); + + FieldsValidator expected = new FieldsValidator(); + expected.setHttpStatusCode(406L); + expected.addProblematicFieldName("appName may have unse html content, name may have unsafe html content"); + //When + FieldsValidator actual = widgetsController.postOnboardingWidget(principal, response, onboardingWidget); + //Then + assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode()); + assertEquals(expected.getFields().size(), actual.getFields().size()); } @Test public void postOnboardingWidget() { + //Given + fnUserDao.save(notQuestUser); + when(request.getHeader("X-Widgets-Type")).thenReturn("managed"); + + OnboardingWidget onboardingWidget = OnboardingWidget.builder() + .id(123L) + .name("appname") + .appId(34L) + .appName("appname") + .width(123) + .height(45) + .url("testurl") + .build(); + + FieldsValidator expected = new FieldsValidator(); + expected.setHttpStatusCode(200L); + //When + FieldsValidator actual = widgetsController.postOnboardingWidget(principal, response, onboardingWidget); + //Then + assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode()); + assertEquals(expected.getFields().size(), actual.getFields().size()); } @Test - public void deleteOnboardingWidget() { + public void deleteOnboardingWidgetSCFORBIDDEN() { + //Given + fnUserDao.save(notQuestUser); + when(request.getHeader("X-Widgets-Type")).thenReturn("managed"); + + OnboardingWidget onboardingWidget = OnboardingWidget.builder() + .id(123L) + .name("") + .appId(1L) + .appName("rtyrty") + .width(123) + .height(45) + .url("testurl") + .build(); + + FnWidget fnWidget = FnWidget.builder() + .name("Application") + .appId(1421L) + .width(123) + .height(45) + .url("testurl") + .build(); + + widgetService.saveOne(fnWidget); + + + + FieldsValidator expected = new FieldsValidator(); + expected.setHttpStatusCode(500L); + expected.addProblematicFieldName("appName can't be blank, appId value must be higher than 1"); + + //When + widgetsController.putOnboardingWidget(principal, fnWidget.getWidgetId(), onboardingWidget, response); + + FieldsValidator actual = widgetsController.deleteOnboardingWidget(principal, response, fnWidget.getWidgetId()); + //Then + assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode()); } @Test - public void putWidgetCatalogSelection() { + public void putWidgetCatalogSelection() throws IOException { + //Give + WidgetCatalogPersonalization personalization = new WidgetCatalogPersonalization(7L, true); + + FieldsValidator expected = new FieldsValidator(); + expected.setHttpStatusCode(200L); + expected.addProblematicFieldName(""); + //When + FieldsValidator actual = widgetsController.putWidgetCatalogSelection(principal, personalization, response); + //Then + assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode()); } - private FnUser getQuestUser(){ + private FnUser getQuestUser() { return FnUser.builder() .loginId("questUser") .loginPwd("demo123") @@ -165,11 +376,12 @@ public class WidgetsControllerTest { .modifiedDate(LocalDateTime.now()) .isInternalYn(true) .languageId(language) + .isSystemUser(true) .guest(true) .build(); } - private FnUser getNotQuestUser(){ + private FnUser getNotQuestUser() { return FnUser.builder() .loginId("notQuestUser") .loginPwd("demo123") @@ -178,12 +390,16 @@ public class WidgetsControllerTest { .createdDate(LocalDateTime.now()) .modifiedDate(LocalDateTime.now()) .isInternalYn(true) + .isSystemUser(true) .languageId(language) .guest(false) .build(); } - private FnLanguage getFnLanguage(){ - return FnLanguage.builder().languageName("Polish").languageAlias("Pl").build(); + + private FnLanguage getFnLanguage() { + FnLanguage tmp = FnLanguage.builder().languageName("Polish").languageAlias("Pl").build(); + fnLanguageService.save(tmp); + return tmp; } } \ No newline at end of file