datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/FeedServletTest.java

   1 /*******************************************************************************
   2  * ============LICENSE_START==================================================
   3  * * org.onap.dmaap
   4  * * ===========================================================================
   5  * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
   6  * * ===========================================================================
   7  * * Licensed under the Apache License, Version 2.0 (the "License");
   8  * * you may not use this file except in compliance with the License.
   9  * * You may obtain a copy of the License at
  10  * *
  11  *  *      http://www.apache.org/licenses/LICENSE-2.0
  12  * *
  13  *  * Unless required by applicable law or agreed to in writing, software
  14  * * distributed under the License is distributed on an "AS IS" BASIS,
  15  * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * * See the License for the specific language governing permissions and
  17  * * limitations under the License.
  18  * * ============LICENSE_END====================================================
  19  * *
  20  * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
  21  * *
  22  ******************************************************************************/
  23 package org.onap.dmaap.datarouter.provisioning;
  24
  25 import org.apache.commons.lang3.reflect.FieldUtils;
  26 import org.jetbrains.annotations.NotNull;
  27 import org.json.JSONArray;
  28 import org.json.JSONObject;
  29 import org.junit.AfterClass;
  30 import org.junit.Before;
  31 import org.junit.BeforeClass;
  32 import org.junit.Test;
  33 import org.junit.runner.RunWith;
  34 import org.mockito.Mock;
  35 import org.onap.dmaap.datarouter.authz.AuthorizationResponse;
  36 import org.onap.dmaap.datarouter.authz.Authorizer;
  37 import org.onap.dmaap.datarouter.provisioning.beans.Feed;
  38 import org.onap.dmaap.datarouter.provisioning.beans.Updateable;
  39 import org.onap.dmaap.datarouter.provisioning.utils.DB;
  40 import org.powermock.modules.junit4.PowerMockRunner;
  41
  42 import javax.persistence.EntityManager;
  43 import javax.persistence.EntityManagerFactory;
  44 import javax.persistence.Persistence;
  45 import javax.servlet.ServletInputStream;
  46 import javax.servlet.ServletOutputStream;
  47 import javax.servlet.http.HttpServletRequest;
  48 import javax.servlet.http.HttpServletResponse;
  49 import java.sql.SQLException;
  50 import java.util.HashSet;
  51 import java.util.Set;
  52
  53 import static org.hamcrest.Matchers.notNullValue;
  54 import static org.mockito.Mockito.*;
  55 import static org.onap.dmaap.datarouter.provisioning.BaseServlet.BEHALF_HEADER;
  56
  57
  58 @RunWith(PowerMockRunner.class)
  59 public class FeedServletTest extends DrServletTestBase {
  60
  61     private static FeedServlet feedServlet;
  62
  63     @Mock
  64     private HttpServletRequest request;
  65     @Mock
  66     private HttpServletResponse response;
  67
  68     private static EntityManagerFactory emf;
  69     private static EntityManager em;
  70     private DB db;
  71
  72     @BeforeClass
  73     public static void init() {
  74         emf = Persistence.createEntityManagerFactory("dr-unit-tests");
  75         em = emf.createEntityManager();
  76         System.setProperty(
  77                 "org.onap.dmaap.datarouter.provserver.properties",
  78                 "src/test/resources/h2Database.properties");
  79     }
  80
  81     @AfterClass
  82     public static void tearDownClass() {
  83         em.clear();
  84         em.close();
  85         emf.close();
  86     }
  87
  88     @Before
  89     public void setUp() throws Exception {
  90         feedServlet = new FeedServlet();
  91         db = new DB();
  92         setAuthoriserToReturnRequestIsAuthorized();
  93         setUpValidAuthorisedRequest();
  94         setUpValidSecurityOnHttpRequest();
  95         setUpValidContentHeadersAndJSONOnHttpRequest();
  96     }
  97
  98     @Test
  99     public void Given_Request_Is_HTTP_DELETE_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated()
 100         throws Exception {
 101         when(request.isSecure()).thenReturn(false);
 102         feedServlet.doDelete(request, response);
 103         verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
 104     }
 105
 106
 107     @Test
 108     public void Given_Request_Is_HTTP_DELETE_And_BEHALF_HEADER_Is_Not_Set_In_Request_Then_Bad_Request_Response_Is_Generated()
 109         throws Exception {
 110         setBehalfHeader(null);
 111         feedServlet.doDelete(request, response);
 112         verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
 113     }
 114
 115
 116     @Test
 117     public void Given_Request_Is_HTTP_DELETE_And_Path_Header_Is_Not_Set_In_Request_With_Valid_Path_Then_Bad_Request_Response_Is_Generated()
 118         throws Exception {
 119         when(request.getPathInfo()).thenReturn(null);
 120         feedServlet.doDelete(request, response);
 121         verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
 122     }
 123
 124
 125     @Test
 126     public void Given_Request_Is_HTTP_DELETE_And_Feed_Id_Is_Invalid_Then_Not_Found_Response_Is_Generated()
 127         throws Exception {
 128         when(request.getPathInfo()).thenReturn("/123");
 129         feedServlet.doDelete(request, response);
 130         verify(response).sendError(eq(HttpServletResponse.SC_NOT_FOUND), argThat(notNullValue(String.class)));
 131     }
 132
 133
 134     @Test
 135     public void Given_Request_Is_HTTP_DELETE_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated()
 136         throws Exception {
 137         setAuthoriserToReturnRequestNotAuthorized();
 138         feedServlet.doDelete(request, response);
 139         verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
 140     }
 141
 142
 143     @Test
 144     public void Given_Request_Is_HTTP_DELETE_And_Delete_On_Database_Fails_An_Internal_Server_Error_Is_Reported()
 145         throws Exception {
 146         FeedServlet feedServlet = new FeedServlet() {
 147             protected boolean doUpdate(Updateable bean) {
 148                 return false;
 149             }
 150         };
 151         feedServlet.doDelete(request, response);
 152         verify(response)
 153             .sendError(eq(HttpServletResponse.SC_INTERNAL_SERVER_ERROR), argThat(notNullValue(String.class)));
 154     }
 155
 156
 157     @Test
 158     public void Given_Request_Is_HTTP_DELETE_And_Delete_On_Database_Succeeds_A_NO_CONTENT_Response_Is_Generated()
 159         throws Exception {
 160         feedServlet.doDelete(request, response);
 161         verify(response).setStatus(eq(HttpServletResponse.SC_NO_CONTENT));
 162         reinsertFeedIntoDb();
 163     }
 164
 165     @Test
 166     public void Given_Request_Is_HTTP_GET_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated()
 167         throws Exception {
 168         when(request.isSecure()).thenReturn(false);
 169         feedServlet.doGet(request, response);
 170         verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
 171     }
 172
 173     @Test
 174     public void Given_Request_Is_HTTP_GET_And_BEHALF_HEADER_Is_Not_Set_In_Request_Then_Bad_Request_Response_Is_Generated()
 175         throws Exception {
 176         setBehalfHeader(null);
 177         feedServlet.doGet(request, response);
 178         verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
 179     }
 180
 181
 182     @Test
 183     public void Given_Request_Is_HTTP_GET_And_Path_Header_Is_Not_Set_In_Request_With_Valid_Path_Then_Bad_Request_Response_Is_Generated()
 184         throws Exception {
 185         when(request.getPathInfo()).thenReturn(null);
 186         feedServlet.doGet(request, response);
 187         verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
 188     }
 189
 190
 191     @Test
 192     public void Given_Request_Is_HTTP_GET_And_Feed_Id_Is_Invalid_Then_Not_Found_Response_Is_Generated()
 193         throws Exception {
 194         when(request.getPathInfo()).thenReturn("/123");
 195         feedServlet.doGet(request, response);
 196         verify(response).sendError(eq(HttpServletResponse.SC_NOT_FOUND), argThat(notNullValue(String.class)));
 197     }
 198
 199
 200     @Test
 201     public void Given_Request_Is_HTTP_GET_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated()
 202         throws Exception {
 203         setAuthoriserToReturnRequestNotAuthorized();
 204         feedServlet.doGet(request, response);
 205         verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
 206     }
 207
 208
 209     @Test
 210     public void Given_Request_Is_HTTP_GET_And_Request_Succeeds() throws Exception {
 211         ServletOutputStream outStream = mock(ServletOutputStream.class);
 212         when(response.getOutputStream()).thenReturn(outStream);
 213         feedServlet.doGet(request, response);
 214         verify(response).setStatus(eq(HttpServletResponse.SC_OK));
 215     }
 216
 217
 218     @Test
 219     public void Given_Request_Is_HTTP_PUT_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated()
 220         throws Exception {
 221         when(request.isSecure()).thenReturn(false);
 222         feedServlet.doPut(request, response);
 223         verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
 224     }
 225
 226     @Test
 227     public void Given_Request_Is_HTTP_PUT_And_BEHALF_HEADER_Is_Not_Set_In_Request_Then_Bad_Request_Response_Is_Generated()
 228         throws Exception {
 229         setBehalfHeader(null);
 230         feedServlet.doPut(request, response);
 231         verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
 232     }
 233
 234
 235     @Test
 236     public void Given_Request_Is_HTTP_PUT_And_Path_Header_Is_Not_Set_In_Request_With_Valid_Path_Then_Bad_Request_Response_Is_Generated()
 237         throws Exception {
 238         when(request.getPathInfo()).thenReturn(null);
 239         feedServlet.doPut(request, response);
 240         verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
 241     }
 242
 243
 244     @Test
 245     public void Given_Request_Is_HTTP_PUT_And_Feed_Id_Is_Invalid_Then_Not_Found_Response_Is_Generated()
 246         throws Exception {
 247         when(request.getPathInfo()).thenReturn("/123");
 248         feedServlet.doPut(request, response);
 249         verify(response).sendError(eq(HttpServletResponse.SC_NOT_FOUND), argThat(notNullValue(String.class)));
 250     }
 251
 252     @Test
 253     public void Given_Request_Is_HTTP_PUT_And_Content_Header_Is_Not_Supported_Type_Then_Unsupported_Media_Type_Response_Is_Generated()
 254         throws Exception {
 255         when(request.getHeader("Content-Type")).thenReturn("application/vnd.att-dr.feed-fail; version=2.0");
 256         when(request.getContentType()).thenReturn("stub_contentType");
 257         feedServlet.doPut(request, response);
 258         verify(response)
 259             .sendError(eq(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE), argThat(notNullValue(String.class)));
 260     }
 261
 262     @Test
 263     public void Given_Request_Is_HTTP_PUT_And_Request_Contains_Badly_Formed_JSON_Then_Bad_Request_Response_Is_Generated()
 264         throws Exception {
 265         ServletInputStream inStream = mock(ServletInputStream.class);
 266         when(request.getInputStream()).thenReturn(inStream);
 267         feedServlet.doPut(request, response);
 268         verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
 269     }
 270
 271     @Test
 272     public void Given_Request_Is_HTTP_PUT_And_Request_Contains_Invalid_JSON_Then_Bad_Request_Response_Is_Generated() throws Exception {
 273         FeedServlet feedServlet = new FeedServlet() {
 274             protected JSONObject getJSONfromInput(HttpServletRequest req) {
 275                 return new JSONObject();
 276             }
 277         };
 278         feedServlet.doPut(request, response);
 279         verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
 280     }
 281
 282     @Test
 283     public void Given_Request_Is_HTTP_PUT_And_Feed_Change_Is_Not_Publisher_Who_Requested_Feed_Bad_Request_Response_Is_Generated() throws Exception {
 284         when(request.getHeader("X-ATT-DR-ON-BEHALF-OF-GROUP")).thenReturn(null);
 285         JSONObject JSObject = buildRequestJsonObject();
 286         FeedServlet feedServlet = new FeedServlet() {
 287             protected JSONObject getJSONfromInput(HttpServletRequest req) {
 288                 JSONObject jo = new JSONObject();
 289                 jo.put("name", "stub_name");
 290                 jo.put("version", "1.0");
 291                 jo.put("authorization", JSObject);
 292                 return jo;
 293             }
 294         };
 295
 296         feedServlet.doPut(request, response);
 297         verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
 298     }
 299
 300     @Test
 301     public void Given_Request_Is_HTTP_PUT_And_Feed_Name_Change_is_Requested_Bad_Request_Response_Is_Generated() throws Exception {
 302         JSONObject JSObject = buildRequestJsonObject();
 303         FeedServlet feedServlet = new FeedServlet() {
 304             protected JSONObject getJSONfromInput(HttpServletRequest req) {
 305                 JSONObject jo = new JSONObject();
 306                 jo.put("name", "not_stub_name");
 307                 jo.put("version", "1.0");
 308                 jo.put("authorization", JSObject);
 309                 return jo;
 310             }
 311         };
 312         feedServlet.doPut(request, response);
 313         verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
 314     }
 315
 316     @Test
 317     public void Given_Request_Is_HTTP_PUT_And_Feed_Version_Change_is_Requested_Bad_Request_Response_Is_Generated() throws Exception {
 318         JSONObject JSObject = buildRequestJsonObject();
 319         FeedServlet feedServlet = new FeedServlet() {
 320             protected JSONObject getJSONfromInput(HttpServletRequest req) {
 321                 JSONObject jo = new JSONObject();
 322                 jo.put("name", "stub_name");
 323                 jo.put("version", "2.0");
 324                 jo.put("authorization", JSObject);
 325                 return jo;
 326             }
 327         };
 328         feedServlet.doPut(request, response);
 329         verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
 330     }
 331
 332     @Test
 333     public void Given_Request_Is_HTTP_PUT_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated() throws Exception {
 334         JSONObject JSObject = buildRequestJsonObject();
 335         FeedServlet feedServlet = new FeedServlet() {
 336             protected JSONObject getJSONfromInput(HttpServletRequest req) {
 337                 JSONObject jo = new JSONObject();
 338                 jo.put("name", "Feed1");
 339                 jo.put("version", "v0.1");
 340                 jo.put("authorization", JSObject);
 341                 return jo;
 342             }
 343         };
 344         setAuthoriserToReturnRequestNotAuthorized();
 345         feedServlet.doPut(request, response);
 346         verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
 347     }
 348
 349     @Test
 350     public void Given_Request_Is_HTTP_PUT_And_Change_On_Feeds_Fails_An_Internal_Server_Error_Response_Is_Generated() throws Exception {
 351         ServletOutputStream outStream = mock(ServletOutputStream.class);
 352         when(response.getOutputStream()).thenReturn(outStream);
 353
 354         JSONObject JSObject = buildRequestJsonObject();
 355         FeedServlet feedServlet = new FeedServlet() {
 356             protected JSONObject getJSONfromInput(HttpServletRequest req) {
 357                 JSONObject jo = new JSONObject();
 358                 jo.put("name", "Feed1");
 359                 jo.put("version", "v0.1");
 360                 jo.put("authorization", JSObject);
 361                 return jo;
 362             }
 363
 364             @Override
 365             protected boolean doUpdate(Updateable bean) {
 366                 return false;
 367             }
 368         };
 369         feedServlet.doPut(request, response);
 370         verify(response).sendError(eq(HttpServletResponse.SC_INTERNAL_SERVER_ERROR), argThat(notNullValue(String.class)));
 371     }
 372
 373     @Test
 374     public void Given_Request_Is_HTTP_PUT_And_Change_On_Feeds_Suceeds_A_STATUS_OK_Response_Is_Generated() throws Exception {
 375         ServletOutputStream outStream = mock(ServletOutputStream.class);
 376         when(response.getOutputStream()).thenReturn(outStream);
 377         JSONObject JSObject = buildRequestJsonObject();
 378         FeedServlet feedServlet = new FeedServlet() {
 379             protected JSONObject getJSONfromInput(HttpServletRequest req) {
 380                 JSONObject jo = new JSONObject();
 381                 jo.put("name", "Feed1");
 382                 jo.put("version", "v0.1");
 383                 jo.put("authorization", JSObject);
 384                 return jo;
 385             }
 386
 387         };
 388         feedServlet.doPut(request, response);
 389         verify(response).setStatus(eq(HttpServletResponse.SC_OK));
 390     }
 391
 392     @Test
 393     public void Given_Request_Is_HTTP_POST_SC_METHOD_NOT_ALLOWED_Response_Is_Generated() throws Exception {
 394         feedServlet.doPost(request, response);
 395         verify(response).sendError(eq(HttpServletResponse.SC_METHOD_NOT_ALLOWED), argThat(notNullValue(String.class)));
 396     }
 397
 398     @NotNull
 399     private JSONObject buildRequestJsonObject() {
 400         JSONObject JSObject = new JSONObject();
 401         JSONArray endpointIDs = new JSONArray();
 402         JSONObject JOEndpointIDs = new JSONObject();
 403         JOEndpointIDs.put("id", "stub_endpoint_id");
 404         JOEndpointIDs.put("password", "stub_endpoint_password");
 405         endpointIDs.put(JOEndpointIDs);
 406
 407         JSONArray endpointAddresses = new JSONArray();
 408         endpointAddresses.put("127.0.0.1");
 409
 410         JSObject.put("classification", "stub_classification");
 411         JSObject.put("endpoint_ids", endpointIDs);
 412         JSObject.put("endpoint_addrs", endpointAddresses);
 413         return JSObject;
 414     }
 415
 416     private void setUpValidSecurityOnHttpRequest() throws Exception {
 417         when(request.isSecure()).thenReturn(true);
 418         Set<String> authAddressesAndNetworks = new HashSet<String>();
 419         authAddressesAndNetworks.add(("127.0.0.1"));
 420         FieldUtils
 421             .writeDeclaredStaticField(BaseServlet.class, "authorizedAddressesAndNetworks", authAddressesAndNetworks,
 422                 true);
 423         FieldUtils.writeDeclaredStaticField(BaseServlet.class, "requireCert", false, true);
 424     }
 425
 426     private void setBehalfHeader(String headerValue) {
 427         when(request.getHeader(BEHALF_HEADER)).thenReturn(headerValue);
 428     }
 429
 430     private void setValidPathInfoInHttpHeader() {
 431         when(request.getPathInfo()).thenReturn("/1");
 432     }
 433
 434     private void setAuthoriserToReturnRequestNotAuthorized() throws IllegalAccessException {
 435         AuthorizationResponse authResponse = mock(AuthorizationResponse.class);
 436         Authorizer authorizer = mock(Authorizer.class);
 437         FieldUtils.writeDeclaredStaticField(BaseServlet.class, "authz", authorizer, true);
 438         when(authorizer.decide(request)).thenReturn(authResponse);
 439         when(authResponse.isAuthorized()).thenReturn(false);
 440     }
 441
 442     private void setAuthoriserToReturnRequestIsAuthorized() throws IllegalAccessException {
 443         AuthorizationResponse authResponse = mock(AuthorizationResponse.class);
 444         Authorizer authorizer = mock(Authorizer.class);
 445         FieldUtils.writeDeclaredStaticField(BaseServlet.class, "authz", authorizer, true);
 446         when(authorizer.decide(request)).thenReturn(authResponse);
 447         when(authResponse.isAuthorized()).thenReturn(true);
 448     }
 449
 450     private void setUpValidAuthorisedRequest() throws Exception {
 451         setUpValidSecurityOnHttpRequest();
 452         setBehalfHeader("Stub_Value");
 453         setValidPathInfoInHttpHeader();
 454     }
 455
 456     private void setUpValidContentHeadersAndJSONOnHttpRequest() {
 457         when(request.getHeader("Content-Type")).thenReturn("application/vnd.att-dr.feed; version=1.0");
 458         when(request.getHeader("X-ATT-DR-ON-BEHALF-OF-GROUP")).thenReturn("stub_subjectGroup");
 459     }
 460
 461     private void reinsertFeedIntoDb() throws SQLException {
 462         Feed feed = new Feed("Feed1","v0.1", "First Feed for testing", "First Feed for testing");
 463         feed.setFeedid(1);
 464         feed.setGroupid(1);
 465         feed.setDeleted(false);
 466         feed.doUpdate(db.getConnection());
 467     }
 468 }