2 * ============LICENSE_START==========================================
4 * ===================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
6 * ===================================================================
8 * Unless otherwise specified, all software contained herein is licensed
9 * under the Apache License, Version 2.0 (the "License");
10 * you may not use this software except in compliance with the License.
11 * You may obtain a copy of the License at
13 * http://www.apache.org/licenses/LICENSE-2.0
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS,
17 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
21 * Unless otherwise specified, all documentation contained herein is licensed
22 * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
23 * you may not use this documentation except in compliance with the License.
24 * You may obtain a copy of the License at
26 * https://creativecommons.org/licenses/by/4.0/
28 * Unless required by applicable law or agreed to in writing, documentation
29 * distributed under the License is distributed on an "AS IS" BASIS,
30 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
31 * See the License for the specific language governing permissions and
32 * limitations under the License.
34 * ============LICENSE_END============================================
37 package org.onap.portalapp.portal.controller;
39 import static org.junit.Assert.assertEquals;
40 import static org.junit.Assert.assertNotNull;
41 import static org.junit.Assert.assertNull;
43 import java.lang.reflect.Method;
44 import java.util.ArrayList;
45 import java.util.HashMap;
46 import java.util.List;
48 import javax.servlet.http.HttpServletRequest;
49 import javax.servlet.http.HttpServletResponse;
50 import org.junit.Before;
51 import org.junit.Test;
52 import org.junit.runner.RunWith;
53 import org.mockito.InjectMocks;
54 import org.mockito.Matchers;
55 import org.mockito.Mock;
56 import org.mockito.Mockito;
57 import org.mockito.MockitoAnnotations;
58 import org.onap.portalapp.annotation.ApiVersion;
59 import org.onap.portalapp.controller.sessionmgt.SessionCommunicationVersionController;
60 import org.onap.portalapp.externalsystemapproval.model.ExternalSystemUser;
61 import org.onap.portalapp.portal.domain.EPUser;
62 import org.onap.portalapp.portal.ecomp.model.PortalRestResponse;
63 import org.onap.portalapp.portal.ecomp.model.PortalRestStatusEnum;
64 import org.onap.portalapp.portal.framework.MockitoTestSuite;
65 import org.onap.portalapp.portal.transport.Analytics;
66 import org.onap.portalapp.portal.transport.EpNotificationItem;
67 import org.onap.portalapp.portal.transport.OnboardingApp;
68 import org.onap.portalsdk.core.domain.Role;
69 import org.onap.portalsdk.core.onboarding.crossapi.PortalAPIResponse;
70 import org.powermock.api.mockito.PowerMockito;
71 import org.powermock.core.classloader.annotations.PrepareForTest;
72 import org.powermock.modules.junit4.PowerMockRunner;
73 import org.springframework.aop.support.AopUtils;
74 import org.springframework.context.ApplicationContext;
76 @RunWith(PowerMockRunner.class)
77 @PrepareForTest(AopUtils.class)
78 public class AuxApiRequestMapperControllerTest {
80 AuxApiRequestMapperController auxApiRequestMapperController = new AuxApiRequestMapperController();
84 MockitoAnnotations.initMocks(this);
87 RolesController rolesController = new RolesController();
88 SessionCommunicationVersionController sessionCommunicationController = new SessionCommunicationVersionController();
89 WebAnalyticsExtAppVersionController webAnalyticsExtAppController = new WebAnalyticsExtAppVersionController();
90 RolesApprovalSystemVersionController rolesApprovalSystemController = new RolesApprovalSystemVersionController();
91 TicketEventVersionController ticketEventVersionController = new TicketEventVersionController();
92 AppsControllerExternalVersionRequest appsControllerExternalVersionRequest = new AppsControllerExternalVersionRequest();
93 ExternalAppsRestfulVersionController externalAppsRestfulVersionController = new ExternalAppsRestfulVersionController();
96 ApplicationContext context;
99 MockitoTestSuite mockitoTestSuite = new MockitoTestSuite();
100 HttpServletRequest mockedRequest = mockitoTestSuite.getMockedRequest();
101 HttpServletResponse mockedResponse = mockitoTestSuite.getMockedResponse();
102 NullPointerException nullPointerException = new NullPointerException();
105 public void getUserTest() throws Exception {
106 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/roles");
107 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
108 Map<String, Object> beans = new HashMap<>();
109 beans.put("bean1", rolesController);
110 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
111 PowerMockito.mockStatic(AopUtils.class);
112 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
113 Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
114 assertNull(auxApiRequestMapperController.getUser(mockedRequest, mockedResponse, "test12"));
118 public void getUserXSSTest() throws Exception {
119 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/roles");
120 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
121 Map<String, Object> beans = new HashMap<>();
122 beans.put("bean1", rolesController);
123 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
124 PowerMockito.mockStatic(AopUtils.class);
125 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
126 Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
127 String expected = "Provided data is not valid";
128 String actual = auxApiRequestMapperController.getUser(mockedRequest, mockedResponse, "“><script>alert(“XSS”)</script>");
129 assertEquals(expected, actual);
133 public void getUserTestWithException() throws Exception {
134 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/roles");
135 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
136 Map<String, Object> beans = new HashMap<>();
137 beans.put("bean1", rolesController);
138 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
139 PowerMockito.mockStatic(AopUtils.class);
140 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
141 Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
142 assertNull(auxApiRequestMapperController.getUser(mockedRequest, mockedResponse, "test12"));
146 public void getRolesTest() throws Exception {
147 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/roles");
148 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
149 Map<String, Object> beans = new HashMap<>();
150 beans.put("bean1", rolesController);
151 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
152 PowerMockito.mockStatic(AopUtils.class);
153 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
154 Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
155 assertNull(auxApiRequestMapperController.getRoles(mockedRequest, mockedResponse));
159 public void saveRoleTest() throws Exception {
160 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/role");
161 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
162 Map<String, Object> beans = new HashMap<>();
163 beans.put("bean1", rolesController);
164 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
165 PowerMockito.mockStatic(AopUtils.class);
166 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
167 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
168 Role role = new Role();
169 assertNull(auxApiRequestMapperController.saveRole(mockedRequest, mockedResponse, role));
173 public void getEPRolesTest() throws Exception {
174 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v4/roles");
175 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
176 Map<String, Object> beans = new HashMap<>();
177 beans.put("bean1", rolesController);
178 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
179 PowerMockito.mockStatic(AopUtils.class);
180 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
181 Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
182 assertNull(auxApiRequestMapperController.getRoles(mockedRequest, mockedResponse));
186 public void getUser1Test() throws Exception {
187 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/user/test12");
188 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
189 Map<String, Object> beans = new HashMap<>();
190 beans.put("bean1", rolesController);
191 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
192 PowerMockito.mockStatic(AopUtils.class);
193 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
194 Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
195 assertNull(auxApiRequestMapperController.getUser(mockedRequest, mockedResponse, "test12"));
199 public void getRoleTest() throws Exception {
200 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/role/1");
201 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
202 Map<String, Object> beans = new HashMap<>();
203 beans.put("bean1", rolesController);
204 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
205 PowerMockito.mockStatic(AopUtils.class);
206 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
207 Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
208 assertNull(auxApiRequestMapperController.getRoleInfo(mockedRequest, mockedResponse, (long) 1));
212 public void getUsersOfApplicationTest() throws Exception {
213 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/users");
214 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
215 Map<String, Object> beans = new HashMap<>();
216 beans.put("bean1", rolesController);
217 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
218 PowerMockito.mockStatic(AopUtils.class);
219 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
220 Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
221 assertNull(auxApiRequestMapperController.getUsersOfApplication(mockedRequest, mockedResponse));
225 public void getRoleFunctionsListTest() throws Exception {
226 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/functions");
227 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
228 Map<String, Object> beans = new HashMap<>();
229 beans.put("bean1", rolesController);
230 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
231 PowerMockito.mockStatic(AopUtils.class);
232 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
233 Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
234 assertNull(auxApiRequestMapperController.getRoleFunctionsList(mockedRequest, mockedResponse));
238 public void getRoleFunctionTest() throws Exception {
239 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/function/test");
240 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
241 Map<String, Object> beans = new HashMap<>();
242 beans.put("bean1", rolesController);
243 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
244 PowerMockito.mockStatic(AopUtils.class);
245 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
246 Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
247 assertNull(auxApiRequestMapperController.getRoleFunction(mockedRequest, mockedResponse, "test"));
252 public void saveRoleFunctionTest() throws Exception {
253 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/roleFunction");
254 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
255 Map<String, Object> beans = new HashMap<>();
256 beans.put("bean1", rolesController);
257 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
258 PowerMockito.mockStatic(AopUtils.class);
259 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
260 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
261 PortalRestResponse<String> response = auxApiRequestMapperController.saveRoleFunction(mockedRequest, mockedResponse, "test");
262 assertNotNull(response);
266 public void saveRoleFunctionXSSTest() throws Exception {
267 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/roleFunction");
268 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
269 Map<String, Object> beans = new HashMap<>();
270 beans.put("bean1", rolesController);
271 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
272 PowerMockito.mockStatic(AopUtils.class);
273 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
274 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
275 PortalRestResponse<String> actual = auxApiRequestMapperController.saveRoleFunction(mockedRequest, mockedResponse, "<script>alert(123)</script>");
276 PortalRestResponse<String> expected = new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Provided data is not valid", "Failed");
277 assertEquals(expected, actual);
281 public void deleteRoleFunctionTest() throws Exception {
282 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/roleFunction/test");
283 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
284 Map<String, Object> beans = new HashMap<>();
285 beans.put("bean1", rolesController);
286 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
287 PowerMockito.mockStatic(AopUtils.class);
288 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
289 Mockito.when(mockedRequest.getMethod()).thenReturn("DELETE");
290 assertNull(auxApiRequestMapperController.deleteRoleFunction(mockedRequest, mockedResponse, "test"));
294 public void deleteRoleFunctionXSSTest() throws Exception {
295 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/roleFunction/test");
296 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
297 Map<String, Object> beans = new HashMap<>();
298 beans.put("bean1", rolesController);
299 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
300 PowerMockito.mockStatic(AopUtils.class);
301 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
302 Mockito.when(mockedRequest.getMethod()).thenReturn("DELETE");
303 PortalRestResponse<String> actual = auxApiRequestMapperController.deleteRoleFunction(mockedRequest, mockedResponse,
304 "<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}");
305 PortalRestResponse<String> expected = new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Provided data is not valid", "Failed");
306 assertEquals(expected, actual);
310 public void deleteRoleTest() throws Exception {
311 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/deleteRole/1");
312 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
313 Map<String, Object> beans = new HashMap<>();
314 beans.put("bean1", rolesController);
315 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
316 PowerMockito.mockStatic(AopUtils.class);
317 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
318 Mockito.when(mockedRequest.getMethod()).thenReturn("DELETE");
319 assertNull(auxApiRequestMapperController.deleteRole(mockedRequest, mockedResponse, (long) 1));
323 public void getActiveRolesTest() throws Exception {
324 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/activeRoles");
325 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
326 Map<String, Object> beans = new HashMap<>();
327 beans.put("bean1", rolesController);
328 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
329 PowerMockito.mockStatic(AopUtils.class);
330 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
331 Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
332 assertNull(auxApiRequestMapperController.getActiveRoles(mockedRequest, mockedResponse));
336 public void getEcompUserTest() throws Exception {
337 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v4/user/test");
338 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
339 Map<String, Object> beans = new HashMap<>();
340 beans.put("bean1", rolesController);
341 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
342 PowerMockito.mockStatic(AopUtils.class);
343 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
344 Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
345 assertNull(auxApiRequestMapperController.getEcompUser(mockedRequest, mockedResponse, "test"));
349 public void getEcompUserXSSTest() throws Exception {
350 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v4/user/test");
351 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
352 Map<String, Object> beans = new HashMap<>();
353 beans.put("bean1", rolesController);
354 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
355 PowerMockito.mockStatic(AopUtils.class);
356 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
357 Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
358 assertNull(auxApiRequestMapperController.getEcompUser(mockedRequest, mockedResponse, "<script>alert(‘XSS’)</script>"));
362 public void getEcompRolesOfApplicationTest() throws Exception {
363 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v4/roles");
364 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
365 Map<String, Object> beans = new HashMap<>();
366 beans.put("bean1", rolesController);
367 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
368 PowerMockito.mockStatic(AopUtils.class);
369 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
370 Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
371 assertNull(auxApiRequestMapperController.getEcompRolesOfApplication(mockedRequest, mockedResponse));
375 public void getSessionSlotCheckIntervalTest() throws Exception {
376 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/getSessionSlotCheckInterval");
377 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
378 Map<String, Object> beans = new HashMap<>();
379 beans.put("bean1", sessionCommunicationController);
380 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
381 PowerMockito.mockStatic(AopUtils.class);
382 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
383 Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
384 assertNull(auxApiRequestMapperController.getSessionSlotCheckInterval(mockedRequest, mockedResponse));
388 public void extendSessionTimeOutsTest() throws Exception {
389 String sessionMap = "test";
390 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/extendSessionTimeOuts");
391 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
392 Map<String, Object> beans = new HashMap<>();
393 beans.put("bean1", sessionCommunicationController);
394 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
395 PowerMockito.mockStatic(AopUtils.class);
396 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
397 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
398 assertNull(auxApiRequestMapperController.extendSessionTimeOuts(mockedRequest, mockedResponse, sessionMap));
402 public void extendSessionTimeOutsXSSTest() throws Exception {
403 String sessionMap = "<script>alert(“XSS”)</script>";
404 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/extendSessionTimeOuts");
405 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
406 Map<String, Object> beans = new HashMap<>();
407 beans.put("bean1", sessionCommunicationController);
408 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
409 PowerMockito.mockStatic(AopUtils.class);
410 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
411 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
412 assertNull(auxApiRequestMapperController.extendSessionTimeOuts(mockedRequest, mockedResponse, sessionMap));
416 public void getAnalyticsScriptTest() throws Exception {
417 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/analytics");
418 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
419 Map<String, Object> beans = new HashMap<>();
420 beans.put("bean1", webAnalyticsExtAppController);
421 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
422 PowerMockito.mockStatic(AopUtils.class);
423 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
424 Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
425 assertNull(auxApiRequestMapperController.getAnalyticsScript(mockedRequest, mockedResponse));
429 public void storeAnalyticsScriptTest() throws Exception {
430 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/storeAnalytics");
431 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
432 Map<String, Object> beans = new HashMap<>();
433 beans.put("bean1", webAnalyticsExtAppController);
434 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
435 PowerMockito.mockStatic(AopUtils.class);
436 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
437 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
438 Analytics analyticsMap = new Analytics();
439 assertNull(auxApiRequestMapperController.storeAnalyticsScript(mockedRequest, mockedResponse, analyticsMap));
443 public void storeAnalyticsScriptXSSTest() throws Exception {
444 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/storeAnalytics");
445 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
446 Map<String, Object> beans = new HashMap<>();
447 beans.put("bean1", webAnalyticsExtAppController);
448 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
449 PowerMockito.mockStatic(AopUtils.class);
450 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
451 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
452 Analytics analyticsMap = new Analytics();
453 analyticsMap.setPage("<script>alert(“XSS”);</script>");
454 PortalAPIResponse actual = auxApiRequestMapperController.storeAnalyticsScript(mockedRequest, mockedResponse, analyticsMap);
455 PortalAPIResponse expected = new PortalAPIResponse(true, "analyticsScript is not valid");
456 assertEquals(expected.getMessage(), actual.getMessage());
460 public void bulkUploadFunctionsTest() throws Exception {
461 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/upload/portal/functions");
462 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
463 Map<String, Object> beans = new HashMap<>();
464 beans.put("bean1", rolesController);
465 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
466 PowerMockito.mockStatic(AopUtils.class);
467 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
468 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
469 PortalRestResponse res = new PortalRestResponse();
470 res.setStatus(PortalRestStatusEnum.ERROR);
471 res.setMessage("Failed to bulkUploadFunctions");
472 res.setResponse("Failed");
473 assertEquals(res, auxApiRequestMapperController.bulkUploadFunctions(mockedRequest, mockedResponse));
477 public void bulkUploadRolesTest() throws Exception {
478 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/upload/portal/roles");
479 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
480 Map<String, Object> beans = new HashMap<>();
481 beans.put("bean1", rolesController);
482 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
483 PowerMockito.mockStatic(AopUtils.class);
484 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
485 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
486 PortalRestResponse res = new PortalRestResponse();
487 res.setStatus(PortalRestStatusEnum.ERROR);
488 res.setMessage("Failed to bulkUploadRoles");
489 res.setResponse("Failed");
490 assertEquals(res, auxApiRequestMapperController.bulkUploadRoles(mockedRequest, mockedResponse));
494 public void bulkUploadRoleFunctionsTest() throws Exception {
495 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/upload/portal/roleFunctions");
496 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
497 Map<String, Object> beans = new HashMap<>();
498 beans.put("bean1", rolesController);
499 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
500 PowerMockito.mockStatic(AopUtils.class);
501 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
502 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
503 PortalRestResponse res = new PortalRestResponse();
504 res.setStatus(PortalRestStatusEnum.ERROR);
505 res.setMessage("Failed to bulkUploadRoleFunctions");
506 res.setResponse("Failed");
507 assertEquals(res, auxApiRequestMapperController.bulkUploadRoleFunctions(mockedRequest, mockedResponse));
511 public void bulkUploadUserRolesTest() throws Exception {
512 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/upload/portal/userRoles");
513 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
514 Map<String, Object> beans = new HashMap<>();
515 beans.put("bean1", rolesController);
516 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
517 PowerMockito.mockStatic(AopUtils.class);
518 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
519 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
520 PortalRestResponse res = new PortalRestResponse();
521 res.setStatus(PortalRestStatusEnum.ERROR);
522 res.setMessage("Failed to bulkUploadUserRoles");
523 res.setResponse("Failed");
524 assertEquals(res, auxApiRequestMapperController.bulkUploadUserRoles(mockedRequest, mockedResponse));
528 public void bulkUploadUsersSingleRoleTest() throws Exception {
529 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/upload/portal/userRole/1");
530 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
531 Map<String, Object> beans = new HashMap<>();
532 beans.put("bean1", rolesController);
533 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
534 PowerMockito.mockStatic(AopUtils.class);
535 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
536 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
537 PortalRestResponse res = new PortalRestResponse();
538 res.setStatus(PortalRestStatusEnum.ERROR);
539 res.setMessage("Failed to bulkUploadUsersSingleRole");
540 res.setResponse("Failed");
542 auxApiRequestMapperController.bulkUploadUsersSingleRole(mockedRequest, mockedResponse, (long) 1));
546 public void bulkUploadPartnerFunctionsTest() throws Exception {
547 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/upload/partner/roleFunctions");
548 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
549 Map<String, Object> beans = new HashMap<>();
550 beans.put("bean1", rolesController);
551 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
552 PowerMockito.mockStatic(AopUtils.class);
553 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
554 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
555 PortalRestResponse res = new PortalRestResponse();
556 res.setStatus(PortalRestStatusEnum.ERROR);
557 res.setMessage("Failed to bulkUploadPartnerRoleFunctions");
558 res.setResponse("Failed");
559 assertEquals(res, auxApiRequestMapperController.bulkUploadPartnerFunctions(mockedRequest, mockedResponse));
563 public void bulkUploadPartnerRolesTest() throws Exception {
564 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/upload/partner/roles");
565 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
566 Map<String, Object> beans = new HashMap<>();
567 beans.put("bean1", rolesController);
568 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
569 PowerMockito.mockStatic(AopUtils.class);
570 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
571 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
572 List<Role> upload = new ArrayList<>();
573 PortalRestResponse res = new PortalRestResponse();
574 res.setStatus(PortalRestStatusEnum.ERROR);
575 res.setMessage("Failed to bulkUploadRoles");
576 res.setResponse("Failed");
577 assertEquals(res, auxApiRequestMapperController.bulkUploadPartnerRoles(mockedRequest, mockedResponse, upload));
581 public void bulkUploadPartnerRoleFunctionsTest() throws Exception {
582 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/upload/partner/roleFunctions");
583 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
584 Map<String, Object> beans = new HashMap<>();
585 beans.put("bean1", rolesController);
586 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
587 PowerMockito.mockStatic(AopUtils.class);
588 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
589 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
590 PortalRestResponse res = new PortalRestResponse();
591 res.setStatus(PortalRestStatusEnum.ERROR);
592 res.setMessage("Failed to bulkUploadPartnerRoleFunctions");
593 res.setResponse("Failed");
594 assertEquals(res, auxApiRequestMapperController.bulkUploadPartnerRoleFunctions(mockedRequest, mockedResponse));
598 public void getMenuFunctionsTest() throws Exception {
599 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/menuFunctions");
600 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
601 Map<String, Object> beans = new HashMap<>();
602 beans.put("bean1", rolesController);
603 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
604 PowerMockito.mockStatic(AopUtils.class);
605 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
606 Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
607 assertNull(auxApiRequestMapperController.getMenuFunctions(mockedRequest, mockedResponse));
611 public void postUserProfileTest() throws Exception {
612 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/userProfile");
613 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
614 Map<String, Object> beans = new HashMap<>();
615 beans.put("bean1", rolesApprovalSystemController);
616 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
617 PowerMockito.mockStatic(AopUtils.class);
618 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
619 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
620 ExternalSystemUser extSysUser = new ExternalSystemUser();
621 assertNull(auxApiRequestMapperController.postUserProfile(mockedRequest, extSysUser, mockedResponse));
625 public void postUserProfileXSSTest() {
626 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/userProfile");
627 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
628 Map<String, Object> beans = new HashMap<>();
629 beans.put("bean1", rolesApprovalSystemController);
630 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
631 PowerMockito.mockStatic(AopUtils.class);
632 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
633 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
634 ExternalSystemUser extSysUser = new ExternalSystemUser();
635 extSysUser.setLoginId("<script>alert(“XSS”);</script>");
636 PortalRestResponse<String> actual = auxApiRequestMapperController.postUserProfile(mockedRequest, extSysUser, mockedResponse);
637 PortalRestResponse<String> expected = new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ExternalSystemUser is not valid", "Failed");
638 assertEquals(expected, actual);
642 public void putUserProfileTest() throws Exception {
643 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/userProfile");
644 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
645 Map<String, Object> beans = new HashMap<>();
646 beans.put("bean1", rolesApprovalSystemController);
647 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
648 PowerMockito.mockStatic(AopUtils.class);
649 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
650 Mockito.when(mockedRequest.getMethod()).thenReturn("PUT");
651 ExternalSystemUser extSysUser = new ExternalSystemUser();
652 assertNull(auxApiRequestMapperController.putUserProfile(mockedRequest, extSysUser, mockedResponse));
656 public void putUserProfileXSSTest() {
657 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/userProfile");
658 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
659 Map<String, Object> beans = new HashMap<>();
660 beans.put("bean1", rolesApprovalSystemController);
661 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
662 PowerMockito.mockStatic(AopUtils.class);
663 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
664 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
665 ExternalSystemUser extSysUser = new ExternalSystemUser();
666 extSysUser.setLoginId("<script>alert(“XSS”);</script>");
667 PortalRestResponse<String> actual = auxApiRequestMapperController.putUserProfile(mockedRequest, extSysUser, mockedResponse);
668 PortalRestResponse<String> expected = new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ExternalSystemUser is not valid", "Failed");
669 assertEquals(expected, actual);
673 public void deleteUserProfileTest() throws Exception {
674 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/userProfile");
675 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
676 Map<String, Object> beans = new HashMap<>();
677 beans.put("bean1", rolesApprovalSystemController);
678 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
679 PowerMockito.mockStatic(AopUtils.class);
680 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
681 Mockito.when(mockedRequest.getMethod()).thenReturn("DELETE");
682 ExternalSystemUser extSysUser = new ExternalSystemUser();
683 assertNull(auxApiRequestMapperController.deleteUserProfile(mockedRequest, extSysUser, mockedResponse));
687 public void deleteUserProfileXSSTest() throws Exception {
688 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/userProfile");
689 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
690 Map<String, Object> beans = new HashMap<>();
691 beans.put("bean1", rolesApprovalSystemController);
692 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
693 PowerMockito.mockStatic(AopUtils.class);
694 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
695 Mockito.when(mockedRequest.getMethod()).thenReturn("DELETE");
696 ExternalSystemUser extSysUser = new ExternalSystemUser();
697 extSysUser.setLoginId("<script>alert(“XSS”);</script>");
698 PortalRestResponse<String> actual = auxApiRequestMapperController.deleteUserProfile(mockedRequest, extSysUser, mockedResponse);
699 PortalRestResponse<String> expected = new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ExternalSystemUser is not valid", "Failed");
700 assertEquals(expected, actual);
704 public void handleRequestTest() throws Exception {
705 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/ticketevent");
706 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
707 Map<String, Object> beans = new HashMap<>();
708 beans.put("bean1", ticketEventVersionController);
709 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
710 PowerMockito.mockStatic(AopUtils.class);
711 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
712 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
713 assertNull(auxApiRequestMapperController.handleRequest(mockedRequest, mockedResponse, "test"));
717 public void handleRequestXSSTest() throws Exception {
718 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/ticketevent");
719 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
720 Map<String, Object> beans = new HashMap<>();
721 beans.put("bean1", ticketEventVersionController);
722 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
723 PowerMockito.mockStatic(AopUtils.class);
724 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
725 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
726 PortalRestResponse<String> actual = auxApiRequestMapperController.handleRequest(mockedRequest, mockedResponse, "<script>alert(“XSS”);</script>");
727 PortalRestResponse<String> expected = new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ticketEventJson is not valid", "Failed");
728 assertEquals(expected, actual);
732 public void postPortalAdminTest() throws Exception {
733 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/portalAdmin");
734 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
735 Map<String, Object> beans = new HashMap<>();
736 beans.put("bean1", appsControllerExternalVersionRequest);
737 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
738 PowerMockito.mockStatic(AopUtils.class);
739 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
740 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
741 EPUser epUser = new EPUser();
742 assertNull(auxApiRequestMapperController.postPortalAdmin(mockedRequest, mockedResponse, epUser));
746 public void postPortalAdminXSSTest() throws Exception {
747 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/portalAdmin");
748 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
749 Map<String, Object> beans = new HashMap<>();
750 beans.put("bean1", appsControllerExternalVersionRequest);
751 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
752 PowerMockito.mockStatic(AopUtils.class);
753 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
754 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
755 EPUser epUser = new EPUser();
756 epUser.setLoginId("<script>alert(/XSS”)</script>");
757 PortalRestResponse<String> actual = auxApiRequestMapperController.postPortalAdmin(mockedRequest, mockedResponse, epUser);
758 PortalRestResponse<String> expected = new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "EPUser is not valid", "Failed");
759 assertEquals(expected, actual);
763 public void getOnboardAppExternalTest() throws Exception {
764 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/onboardApp/1");
765 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
766 Map<String, Object> beans = new HashMap<>();
767 beans.put("bean1", appsControllerExternalVersionRequest);
768 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
769 PowerMockito.mockStatic(AopUtils.class);
770 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
771 Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
772 assertNull(auxApiRequestMapperController.getOnboardAppExternal(mockedRequest, mockedResponse, (long) 1));
776 public void postOnboardAppExternalTest() throws Exception {
777 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/onboardApp");
778 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
779 Map<String, Object> beans = new HashMap<>();
780 beans.put("bean1", appsControllerExternalVersionRequest);
781 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
782 PowerMockito.mockStatic(AopUtils.class);
783 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
784 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
785 OnboardingApp newOnboardApp = new OnboardingApp();
786 assertNull(auxApiRequestMapperController.postOnboardAppExternal(mockedRequest, mockedResponse, newOnboardApp));
790 public void postOnboardAppExternalXSSTest() throws Exception {
791 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/onboardApp");
792 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
793 Map<String, Object> beans = new HashMap<>();
794 beans.put("bean1", appsControllerExternalVersionRequest);
795 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
796 PowerMockito.mockStatic(AopUtils.class);
797 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
798 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
799 OnboardingApp newOnboardApp = new OnboardingApp();
800 newOnboardApp.setUebKey("�</form><input type=\"date\" onfocus=\"alert(1)\">");
801 PortalRestResponse<String> actual = auxApiRequestMapperController.postOnboardAppExternal(mockedRequest, mockedResponse, newOnboardApp);
802 PortalRestResponse<String> expected = new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "OnboardingApp is not valid", "Failed");
803 assertEquals(expected, actual);
807 public void putOnboardAppExternalTest() throws Exception {
808 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/onboardApp/1");
809 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
810 Map<String, Object> beans = new HashMap<>();
811 beans.put("bean1", appsControllerExternalVersionRequest);
812 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
813 PowerMockito.mockStatic(AopUtils.class);
814 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
815 Mockito.when(mockedRequest.getMethod()).thenReturn("PUT");
816 OnboardingApp newOnboardApp = new OnboardingApp();
817 assertNull(auxApiRequestMapperController.putOnboardAppExternal(mockedRequest, mockedResponse, (long) 1,
822 public void putOnboardAppExternalXSSTest() throws Exception {
823 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/onboardApp/1");
824 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
825 Map<String, Object> beans = new HashMap<>();
826 beans.put("bean1", appsControllerExternalVersionRequest);
827 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
828 PowerMockito.mockStatic(AopUtils.class);
829 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
830 Mockito.when(mockedRequest.getMethod()).thenReturn("PUT");
831 OnboardingApp newOnboardApp = new OnboardingApp();
832 newOnboardApp.setUebTopicName(" <blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera}");
833 PortalRestResponse<String> actual = auxApiRequestMapperController.putOnboardAppExternal(mockedRequest, mockedResponse, (long) 1,
835 PortalRestResponse<String> expected = new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "OnboardingApp is not valid", "Failed");
836 assertEquals(expected, actual);
840 public void publishNotificationTest() throws Exception {
841 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/publishNotification");
842 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
843 Map<String, Object> beans = new HashMap<>();
844 beans.put("bean1", externalAppsRestfulVersionController);
845 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
846 PowerMockito.mockStatic(AopUtils.class);
847 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
848 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
849 EpNotificationItem notificationItem = new EpNotificationItem();
850 assertNotNull(auxApiRequestMapperController.publishNotification(mockedRequest, notificationItem, mockedResponse));
854 public void publishNotificationXSSTest() throws Exception {
855 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/publishNotification");
856 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
857 Map<String, Object> beans = new HashMap<>();
858 beans.put("bean1", externalAppsRestfulVersionController);
859 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
860 PowerMockito.mockStatic(AopUtils.class);
861 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
862 Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
863 EpNotificationItem notificationItem = new EpNotificationItem();
864 notificationItem.setIsForAllRoles("</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert(1) {Opera}");
865 PortalAPIResponse actual = auxApiRequestMapperController.publishNotification(mockedRequest, notificationItem, mockedResponse);
866 PortalAPIResponse expected = new PortalAPIResponse(false, "EpNotificationItem is not valid");
867 assertEquals(expected.getMessage(), actual.getMessage());
868 assertEquals(expected.getStatus(), actual.getStatus());
872 public void getFavoritesForUserTest() throws Exception {
873 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/getFavorites");
874 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
875 Map<String, Object> beans = new HashMap<>();
876 beans.put("bean1", externalAppsRestfulVersionController);
877 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
878 PowerMockito.mockStatic(AopUtils.class);
879 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
880 Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
881 assertNull(auxApiRequestMapperController.getFavoritesForUser(mockedRequest, mockedResponse));
885 public void functionalMenuItemsForUserTest() throws Exception {
886 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/functionalMenuItemsForUser");
887 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
888 Map<String, Object> beans = new HashMap<>();
889 beans.put("bean1", externalAppsRestfulVersionController);
890 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
891 PowerMockito.mockStatic(AopUtils.class);
892 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
893 Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
894 assertNull(auxApiRequestMapperController.getFunctionalMenuItemsForUser(mockedRequest, mockedResponse));
898 public void updateAppRoleDescriptionApiTest() throws Exception {
899 Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/update/app/roleDescription");
900 PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
901 expectedportalRestResponse.setMessage("updateAppRoleDescription: null");
902 expectedportalRestResponse.setResponse("Failure");
903 expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
904 Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
905 Map<String, Object> beans = new HashMap<>();
906 beans.put("bean1", rolesController);
907 Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
908 PowerMockito.mockStatic(AopUtils.class);
909 Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
910 Mockito.when(mockedRequest.getMethod()).thenReturn("PUT");
911 assertEquals(auxApiRequestMapperController.updateAppRoleDescription(mockedRequest, mockedResponse),
912 expectedportalRestResponse);