2 * ============LICENSE_START==========================================
4 * ===================================================================
5 * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
6 * ===================================================================
7 * Modifications Copyright (c) 2019 Samsung
8 * ===================================================================
10 * Unless otherwise specified, all software contained herein is licensed
11 * under the Apache License, Version 2.0 (the "License");
12 * you may not use this software except in compliance with the License.
13 * You may obtain a copy of the License at
15 * http://www.apache.org/licenses/LICENSE-2.0
17 * Unless required by applicable law or agreed to in writing, software
18 * distributed under the License is distributed on an "AS IS" BASIS,
19 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20 * See the License for the specific language governing permissions and
21 * limitations under the License.
23 * Unless otherwise specified, all documentation contained herein is licensed
24 * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
25 * you may not use this documentation except in compliance with the License.
26 * You may obtain a copy of the License at
28 * https://creativecommons.org/licenses/by/4.0/
30 * Unless required by applicable law or agreed to in writing, documentation
31 * distributed under the License is distributed on an "AS IS" BASIS,
32 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
33 * See the License for the specific language governing permissions and
34 * limitations under the License.
36 * ============LICENSE_END============================================
41 package org.onap.portal.controller;
43 import static junit.framework.TestCase.assertEquals;
44 import static junit.framework.TestCase.assertNull;
45 import static org.mockito.Mockito.when;
47 import java.time.LocalDateTime;
48 import java.util.ArrayList;
49 import java.util.List;
50 import javax.servlet.http.HttpServletRequest;
51 import javax.servlet.http.HttpServletResponse;
52 import org.junit.Test;
53 import org.junit.runner.RunWith;
54 import org.onap.portal.dao.fn.FnLanguageDao;
55 import org.onap.portal.dao.fn.FnUserDao;
56 import org.onap.portal.domain.db.fn.FnLanguage;
57 import org.onap.portal.domain.db.fn.FnUser;
58 import org.onap.portal.domain.db.fn.FnWidget;
59 import org.onap.portal.domain.dto.transport.FieldsValidator;
60 import org.onap.portal.domain.dto.transport.OnboardingWidget;
61 import org.onap.portal.framework.MockitoTestSuite;
62 import org.onap.portal.service.WidgetService;
63 import org.springframework.beans.factory.annotation.Autowired;
64 import org.springframework.boot.test.context.SpringBootTest;
65 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
66 import org.springframework.security.core.userdetails.UsernameNotFoundException;
67 import org.springframework.test.context.TestPropertySource;
68 import org.springframework.test.context.junit4.SpringRunner;
69 import org.springframework.transaction.annotation.Transactional;
71 @RunWith(SpringRunner.class)
73 @TestPropertySource(locations = "classpath:test.properties")
75 public class WidgetsControllerTest {
77 private UsernamePasswordAuthenticationToken principal = new UsernamePasswordAuthenticationToken("demo",
80 MockitoTestSuite mockitoTestSuite = new MockitoTestSuite();
82 HttpServletRequest request = mockitoTestSuite.getMockedRequest();
83 HttpServletResponse response = mockitoTestSuite.getMockedResponse();
86 private WidgetsController widgetsController;
88 private FnUserDao fnUserDao;
90 private FnLanguageDao fnLanguageDao;
92 private WidgetService widgetService;
94 private FnLanguage language = getFnLanguage();
95 private FnUser questUser = getQuestUser();
96 private FnUser notQuestUser = getNotQuestUser();
98 @Test(expected = UsernameNotFoundException.class)
99 public void getOnboardingWidgetsNullUserTest() {
100 UsernamePasswordAuthenticationToken nullPrincipal = new UsernamePasswordAuthenticationToken("nulluser",
102 widgetsController.getOnboardingWidgets(nullPrincipal, request, response);
106 public void getOnboardingWidgetsQuestUserTest() {
107 UsernamePasswordAuthenticationToken questPrincipal = new UsernamePasswordAuthenticationToken("questUser",
109 fnUserDao.save(questUser);
110 List<OnboardingWidget> onboardingWidgets = widgetsController
111 .getOnboardingWidgets(questPrincipal, request, response);
112 assertNull(onboardingWidgets);
115 fnUserDao.delete(questUser);
116 fnLanguageDao.delete(language);
120 public void getOnboardingWidgetsUserTest() {
121 UsernamePasswordAuthenticationToken notQuestprincipal = new UsernamePasswordAuthenticationToken("notQuestUser",
123 fnUserDao.save(notQuestUser);
124 List<OnboardingWidget> expected = new ArrayList<>();
125 when(request.getHeader("X-Widgets-Type")).thenReturn("managed");
127 List<OnboardingWidget> actual = widgetsController
128 .getOnboardingWidgets(notQuestprincipal, request, response);
130 assertEquals(expected, actual);
131 fnUserDao.delete(notQuestUser);
135 public void getOnboardingWidgetsWrongHeaderTest() {
136 UsernamePasswordAuthenticationToken notQuestprincipal = new UsernamePasswordAuthenticationToken("notQuestUser",
138 fnUserDao.save(notQuestUser);
139 when(request.getHeader("X-Widgets-Type")).thenReturn("test");
140 List<OnboardingWidget> actual = widgetsController
141 .getOnboardingWidgets(notQuestprincipal, request, response);
144 fnUserDao.delete(notQuestUser);
148 public void putOnboardingWidgetSameWidget() {
150 UsernamePasswordAuthenticationToken notQuestprincipal = new UsernamePasswordAuthenticationToken("cs0008",
152 fnUserDao.save(notQuestUser);
153 when(request.getHeader("X-Widgets-Type")).thenReturn("managed");
155 OnboardingWidget onboardingWidget = OnboardingWidget.builder()
159 .appName("Application name")
166 FnWidget fnWidget = FnWidget.builder()
174 widgetService.saveOne(fnWidget);
176 FieldsValidator expected = new FieldsValidator();
178 FieldsValidator actual = widgetsController.putOnboardingWidget(principal, fnWidget.getWidgetId(), onboardingWidget, response);
180 assertEquals(expected.getErrorCode(), actual.getErrorCode());
181 assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode());
182 assertEquals(expected.getFields(), actual.getFields());
186 public void putOnboardingWidgetAOP() {
188 UsernamePasswordAuthenticationToken notQuestprincipal = new UsernamePasswordAuthenticationToken("cs0008",
190 fnUserDao.save(notQuestUser);
191 when(request.getHeader("X-Widgets-Type")).thenReturn("managed");
193 OnboardingWidget onboardingWidget = OnboardingWidget.builder()
204 FnWidget fnWidget = FnWidget.builder()
212 widgetService.saveOne(fnWidget);
214 FieldsValidator expected = new FieldsValidator();
215 expected.setHttpStatusCode(406L);
216 expected.addProblematicFieldName("appName can't be blank, appId value must be higher than 1");
218 FieldsValidator actual = widgetsController.putOnboardingWidget(principal, fnWidget.getWidgetId(), onboardingWidget, response);
220 assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode());
221 assertEquals(expected.getFields().size(), actual.getFields().size());
225 public void putOnboardingWidgetAOPXSSTest() {
227 UsernamePasswordAuthenticationToken notQuestprincipal = new UsernamePasswordAuthenticationToken("cs0008",
229 fnUserDao.save(notQuestUser);
230 when(request.getHeader("X-Widgets-Type")).thenReturn("managed");
232 OnboardingWidget onboardingWidget = OnboardingWidget.builder()
234 .name("<script>alert(“XSS”);</script>\n")
236 .appName("<ScRipT>alert(\"XSS\");</ScRipT>")
242 FieldsValidator expected = new FieldsValidator();
243 expected.setHttpStatusCode(406L);
244 expected.addProblematicFieldName("appName may have unsafe html content, name may have unsafe html content");
246 FieldsValidator actual = widgetsController.putOnboardingWidget(principal, 15L, onboardingWidget, response);
248 assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode());
249 assertEquals(expected.getFields().size(), actual.getFields().size());
253 public void postOnboardingWidget() {
257 public void deleteOnboardingWidget() {
261 public void putWidgetCatalogSelection() {
264 private FnUser getQuestUser(){
265 return FnUser.builder()
266 .loginId("questUser")
268 .lastLoginDate(LocalDateTime.now())
270 .createdDate(LocalDateTime.now())
271 .modifiedDate(LocalDateTime.now())
273 .languageId(language)
278 private FnUser getNotQuestUser(){
279 return FnUser.builder()
280 .loginId("notQuestUser")
282 .lastLoginDate(LocalDateTime.now())
284 .createdDate(LocalDateTime.now())
285 .modifiedDate(LocalDateTime.now())
287 .languageId(language)
292 private FnLanguage getFnLanguage(){
293 return FnLanguage.builder().languageName("Polish").languageAlias("Pl").build();