From: Sotiropoulos, Ioannis (is948x) <Ioannis.Sotiropoulos@amdocs.com>
Date: Wed, 6 Jun 2018 09:56:36 +0000 (+0100)
Subject: Add validation for request header
X-Git-Tag: 1.3.0~24
X-Git-Url: https://gerrit.onap.org/r/gitweb?p=aai%2Fgizmo.git;a=commitdiff_plain;h=c57a430c6dbd6951091978404a164000024fce20

Add validation for request header

Add validation for inclusion of X-FromAppId
and X-TransactionId in request header

Issue-ID: AAI-1190

Change-Id: Ie1d2b64a7243c013982992196048e1d6635d5e66
Signed-off-by: Sotiropoulos, Ioannis (is948x) <Ioannis.Sotiropoulos@amdocs.com>
---

diff --git a/pom.xml b/pom.xml
index a6af37a..408a0cd 100644
--- a/pom.xml
+++ b/pom.xml
@@ -127,9 +127,15 @@ limitations under the License.
         </dependency>
         <dependency>
             <groupId>org.mockito</groupId>
-            <artifactId>mockito-all</artifactId>
-            <version>1.9.5</version>
+            <artifactId>mockito-core</artifactId>
+            <version>1.10.19</version>
             <scope>test</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.hamcrest</groupId>
+                    <artifactId>hamcrest-library</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>dom4j</groupId>
diff --git a/src/main/java/org/onap/crud/service/CrudRestService.java b/src/main/java/org/onap/crud/service/CrudRestService.java
index 5539374..2cbb87c 100644
--- a/src/main/java/org/onap/crud/service/CrudRestService.java
+++ b/src/main/java/org/onap/crud/service/CrudRestService.java
@@ -790,16 +790,29 @@ public class CrudRestService {
       return false;
     }
 
-    String sourceOfTruth = null;
-    if (headers.getRequestHeaders().containsKey("X-FromAppId")) {
-      sourceOfTruth = headers.getRequestHeaders().getFirst("X-FromAppId");
-    }
+    validateRequestHeader(headers);
+    
+    return isValid;
+  }
+  
+  public void validateRequestHeader(HttpHeaders headers) throws CrudException {
+      String sourceOfTruth = null;
+      if (headers.getRequestHeaders().containsKey("X-FromAppId")) {
+        sourceOfTruth = headers.getRequestHeaders().getFirst("X-FromAppId");
+      }
 
-    if (sourceOfTruth == null || sourceOfTruth.trim() == "") {
-      throw new CrudException("Invalid request, Missing X-FromAppId header", Status.BAD_REQUEST);
-    }
+      if (sourceOfTruth == null || sourceOfTruth.trim() == "") {
+        throw new CrudException("Invalid request, Missing X-FromAppId header", Status.BAD_REQUEST);
+      }
+      
+      String transId = null;
+      if (headers.getRequestHeaders().containsKey("X-TransactionId")) {
+          transId = headers.getRequestHeaders().getFirst("X-TransactionId");
+      }
 
-    return isValid;
+      if (transId == null || transId.trim() == "") {
+        throw new CrudException("Invalid request, Missing X-TransactionId header", Status.BAD_REQUEST);
+      }
   }
 
   void logResult(Action op, String uri, Exception e) {
diff --git a/src/test/java/org/onap/crud/service/CrudRestServiceTest.java b/src/test/java/org/onap/crud/service/CrudRestServiceTest.java
index 029fd52..b61f234 100644
--- a/src/test/java/org/onap/crud/service/CrudRestServiceTest.java
+++ b/src/test/java/org/onap/crud/service/CrudRestServiceTest.java
@@ -20,19 +20,19 @@
  */
 package org.onap.crud.service;
 
-import static org.junit.Assert.*;
-
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
 import java.io.BufferedReader;
 import java.io.File;
 import java.io.FileReader;
 import java.io.IOException;
-
 import javax.servlet.http.HttpServletRequest;
 import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.Response;
-
 import org.junit.Before;
+import org.junit.Rule;
 import org.junit.Test;
+import org.junit.rules.ExpectedException;
 import org.mockito.Mockito;
 import org.onap.crud.exception.CrudException;
 import org.onap.schema.RelationshipSchemaLoader;
@@ -69,6 +69,9 @@ public class CrudRestServiceTest {
   
   private CrudRestService mockService;
   
+  @Rule
+  public ExpectedException thrown = ExpectedException.none();
+
   @Before
   public void init() throws Exception {
       ClassLoader classLoader = getClass().getClassLoader();
@@ -141,7 +144,7 @@ public class CrudRestServiceTest {
   @Test
   public void testUpdateVertex() throws CrudException {
     Response response;
-    
+
     // Test ID mismatch
     response = mockService.updateVertex(putVertexPayload, "v11", "pserver", "bad-id", 
         "services/inventory/v11", new TestHeaders(), null, new TestRequest());
@@ -202,6 +205,42 @@ public class CrudRestServiceTest {
     assertTrue(response.getStatus() == 200);
   }
   
+  @Test
+  public void testValidRequestHeader() throws CrudException {
+    TestHeaders testHeaders = new TestHeaders();
+    mockService.validateRequestHeader(testHeaders);
+  }
+
+  @Test
+  public void testInvalidRequestHeaderXTransactionId() throws CrudException {
+    thrown.expect(CrudException.class);
+    thrown.expectMessage("Invalid request, Missing X-TransactionId header");
+
+    TestHeaders testHeaders = new TestHeaders();
+    testHeaders.clearRequestHeader("X-TransactionId");
+    mockService.validateRequestHeader(testHeaders);
+  }
+
+  @Test
+  public void testInvalidRequestHeaderXFromAppId() throws CrudException {
+    thrown.expect(CrudException.class);
+    thrown.expectMessage("Invalid request, Missing X-FromAppId header");
+
+    TestHeaders testHeaders = new TestHeaders();
+    testHeaders.clearRequestHeader("X-FromAppId");
+    mockService.validateRequestHeader(testHeaders);
+  }
+
+  @Test
+  public void testEmptyRequestHeader() throws CrudException {
+    thrown.expect(CrudException.class);
+    thrown.expectMessage("Invalid request, Missing X-FromAppId header");
+
+    TestHeaders testHeaders = new TestHeaders();
+    testHeaders.clearRequestHeader("X-TransactionId", "X-FromAppId");
+    mockService.validateRequestHeader(testHeaders);
+  }
+
   @Test
   public void testBulk() throws CrudException, IOException {
     Response response;
@@ -238,4 +277,4 @@ public class CrudRestServiceTest {
     }
   }
 
-}
+}
\ No newline at end of file
diff --git a/src/test/java/org/onap/crud/service/TestHeaders.java b/src/test/java/org/onap/crud/service/TestHeaders.java
index 6e30471..835840f 100644
--- a/src/test/java/org/onap/crud/service/TestHeaders.java
+++ b/src/test/java/org/onap/crud/service/TestHeaders.java
@@ -33,6 +33,14 @@ import javax.ws.rs.core.MultivaluedMap;
 
 public class TestHeaders implements HttpHeaders {
 
+  private MultivaluedMap<String, String> headers;
+
+  public TestHeaders() {
+    headers = new MultivaluedHashMap<String, String>();
+    headers.add("X-FromAppId", "test-app");
+    headers.add("X-TransactionId", "65f7e29c-57fd-45b2-bfd5-19e25c59110e");
+  }
+
   @Override
   public List<Locale> getAcceptableLanguages() {
     return null;
@@ -82,10 +90,13 @@ public class TestHeaders implements HttpHeaders {
 
   @Override
   public MultivaluedMap<String, String> getRequestHeaders() {
-    MultivaluedMap<String, String> map = new MultivaluedHashMap<String, String>();
-    map.add("X-FromAppId", "test-app");
-    map.add("X-TransactionId", "65f7e29c-57fd-45b2-bfd5-19e25c59110e");
-    return map;
+    return headers;
+  }
+
+  public void clearRequestHeader(String... keys) {
+      for (String key : keys) {
+          headers.remove(key);
+      }
   }
 
 }