+ public void putOnboardingWidgetSameWidget() {
+ //Given
+ UsernamePasswordAuthenticationToken notQuestprincipal = new UsernamePasswordAuthenticationToken("cs0008",
+ "demo123");
+ fnUserDao.save(notQuestUser);
+ when(request.getHeader("X-Widgets-Type")).thenReturn("managed");
+
+ OnboardingWidget onboardingWidget = OnboardingWidget.builder()
+ .id(123L)
+ .name("Application")
+ .appId(1421L)
+ .appName("Application name")
+ .width(123)
+ .height(45)
+ .url("testurl")
+ .build();
+
+
+ FnWidget fnWidget = FnWidget.builder()
+ .name("Application")
+ .appId(453L)
+ .width(123)
+ .height(45)
+ .url("testurl")
+ .build();
+
+ widgetService.saveOne(fnWidget);
+
+ FieldsValidator expected = new FieldsValidator();
+ //When
+ FieldsValidator actual = widgetsController.putOnboardingWidget(principal, fnWidget.getWidgetId(), onboardingWidget, response);
+ //Then
+ assertEquals(expected.getErrorCode(), actual.getErrorCode());
+ assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode());
+ assertEquals(expected.getFields(), actual.getFields());
+ }
+
+ @Test
+ public void putOnboardingWidgetAOP() {
+ //Given
+ UsernamePasswordAuthenticationToken notQuestprincipal = new UsernamePasswordAuthenticationToken("cs0008",
+ "demo123");
+ fnUserDao.save(notQuestUser);
+ when(request.getHeader("X-Widgets-Type")).thenReturn("managed");
+
+ OnboardingWidget onboardingWidget = OnboardingWidget.builder()
+ .id(123L)
+ .name("")
+ .appId(1L)
+ .appName("")
+ .width(123)
+ .height(45)
+ .url("testurl")
+ .build();
+
+
+ FnWidget fnWidget = FnWidget.builder()
+ .name("Application")
+ .appId(1421L)
+ .width(123)
+ .height(45)
+ .url("testurl")
+ .build();
+
+ widgetService.saveOne(fnWidget);
+
+ FieldsValidator expected = new FieldsValidator();
+ expected.setHttpStatusCode(406L);
+ expected.addProblematicFieldName("appName can't be blank, appId value must be higher than 1");
+ //When
+ FieldsValidator actual = widgetsController.putOnboardingWidget(principal, fnWidget.getWidgetId(), onboardingWidget, response);
+ //Then
+ assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode());
+ assertEquals(expected.getFields().size(), actual.getFields().size());
+ }
+
+ @Test
+ public void putOnboardingWidgetAOPXSSTest() {
+ //Given
+ UsernamePasswordAuthenticationToken notQuestprincipal = new UsernamePasswordAuthenticationToken("cs0008",
+ "demo123");
+ fnUserDao.save(notQuestUser);
+ when(request.getHeader("X-Widgets-Type")).thenReturn("managed");
+
+ OnboardingWidget onboardingWidget = OnboardingWidget.builder()
+ .id(123L)
+ .name("<script>alert(“XSS”);</script>\n")
+ .appId(34L)
+ .appName("<ScRipT>alert(\"XSS\");</ScRipT>")
+ .width(123)
+ .height(45)
+ .url("testurl")
+ .build();
+
+ FieldsValidator expected = new FieldsValidator();
+ expected.setHttpStatusCode(406L);
+ expected.addProblematicFieldName("appName may have unsafe html content, name may have unsafe html content");
+ //When
+ FieldsValidator actual = widgetsController.putOnboardingWidget(principal, 15L, onboardingWidget, response);
+ //Then
+ assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode());
+ assertEquals(expected.getFields().size(), actual.getFields().size());