portal-BE/src/test/java/org/onap/portal/controller/WidgetsControllerTest.java

   1 /*
   2  * ============LICENSE_START==========================================
   3  * ONAP Portal
   4  * ===================================================================
   5  * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
   6  * ===================================================================
   7  * Modifications Copyright (c) 2019 Samsung
   8  * ===================================================================
   9  *
  10  * Unless otherwise specified, all software contained herein is licensed
  11  * under the Apache License, Version 2.0 (the "License");
  12  * you may not use this software except in compliance with the License.
  13  * You may obtain a copy of the License at
  14  *
  15  *             http://www.apache.org/licenses/LICENSE-2.0
  16  *
  17  * Unless required by applicable law or agreed to in writing, software
  18  * distributed under the License is distributed on an "AS IS" BASIS,
  19  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  20  * See the License for the specific language governing permissions and
  21  * limitations under the License.
  22  *
  23  * Unless otherwise specified, all documentation contained herein is licensed
  24  * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
  25  * you may not use this documentation except in compliance with the License.
  26  * You may obtain a copy of the License at
  27  *
  28  *             https://creativecommons.org/licenses/by/4.0/
  29  *
  30  * Unless required by applicable law or agreed to in writing, documentation
  31  * distributed under the License is distributed on an "AS IS" BASIS,
  32  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  33  * See the License for the specific language governing permissions and
  34  * limitations under the License.
  35  *
  36  * ============LICENSE_END============================================
  37  *
  38  *
  39  */
  40
  41 package org.onap.portal.controller;
  42
  43 import static junit.framework.TestCase.assertEquals;
  44 import static junit.framework.TestCase.assertNull;
  45 import static org.mockito.Mockito.when;
  46
  47 import java.io.IOException;
  48 import java.time.LocalDateTime;
  49 import java.util.ArrayList;
  50 import java.util.List;
  51 import javax.servlet.http.HttpServletRequest;
  52 import javax.servlet.http.HttpServletResponse;
  53 import org.junit.Before;
  54 import org.junit.Test;
  55 import org.junit.runner.RunWith;
  56 import org.onap.portal.dao.fn.FnLanguageDao;
  57 import org.onap.portal.dao.fn.FnUserDao;
  58 import org.onap.portal.domain.db.fn.FnLanguage;
  59 import org.onap.portal.domain.db.fn.FnUser;
  60 import org.onap.portal.domain.db.fn.FnWidget;
  61 import org.onap.portal.domain.dto.transport.FieldsValidator;
  62 import org.onap.portal.domain.dto.transport.OnboardingWidget;
  63 import org.onap.portal.domain.dto.transport.WidgetCatalogPersonalization;
  64 import org.onap.portal.framework.MockitoTestSuite;
  65 import org.onap.portal.service.WidgetService;
  66 import org.onap.portal.service.fn.FnLanguageService;
  67 import org.springframework.beans.factory.annotation.Autowired;
  68 import org.springframework.boot.test.context.SpringBootTest;
  69 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
  70 import org.springframework.security.core.userdetails.UsernameNotFoundException;
  71 import org.springframework.test.context.TestPropertySource;
  72 import org.springframework.test.context.junit4.SpringRunner;
  73 import org.springframework.transaction.annotation.Transactional;
  74
  75 @RunWith(SpringRunner.class)
  76 @SpringBootTest
  77 @TestPropertySource(locations = "classpath:test.properties")
  78 @Transactional
  79 public class WidgetsControllerTest {
  80
  81        private final UsernamePasswordAuthenticationToken principal = new UsernamePasswordAuthenticationToken("demo",
  82                "demo123");
  83
  84        final MockitoTestSuite mockitoTestSuite = new MockitoTestSuite();
  85
  86        final HttpServletRequest request = mockitoTestSuite.getMockedRequest();
  87        final HttpServletResponse response = mockitoTestSuite.getMockedResponse();
  88
  89        @Autowired
  90        private WidgetsController widgetsController;
  91        @Autowired
  92        private FnUserDao fnUserDao;
  93        @Autowired
  94        private FnLanguageDao fnLanguageDao;
  95        @Autowired
  96        private WidgetService widgetService;
  97        @Autowired
  98        private  FnLanguageService fnLanguageService;
  99
 100        private FnLanguage language;
 101        private FnUser questUser;
 102        private FnUser notQuestUser;
 103
 104        @Before
 105        public void init(){
 106               this.language = getFnLanguage();
 107               this.questUser = getQuestUser();
 108               this.notQuestUser = getNotQuestUser();
 109        }
 110
 111
 112        @Test(expected = UsernameNotFoundException.class)
 113        public void getOnboardingWidgetsNullUserTest() {
 114               UsernamePasswordAuthenticationToken nullPrincipal = new UsernamePasswordAuthenticationToken("nulluser",
 115                       "demo123");
 116               widgetsController.getOnboardingWidgets(nullPrincipal, request, response);
 117        }
 118
 119        @Test
 120        public void getOnboardingWidgetsQuestUserTest() {
 121               UsernamePasswordAuthenticationToken questPrincipal = new UsernamePasswordAuthenticationToken("questUser",
 122                       "demo123");
 123               fnUserDao.save(questUser);
 124               List<OnboardingWidget> onboardingWidgets = widgetsController
 125                       .getOnboardingWidgets(questPrincipal, request, response);
 126               assertNull(onboardingWidgets);
 127
 128               //Clean up
 129               fnUserDao.delete(questUser);
 130               fnLanguageDao.delete(language);
 131        }
 132
 133        @Test
 134        public void getOnboardingWidgetsUserTest() {
 135               UsernamePasswordAuthenticationToken notQuestprincipal = new UsernamePasswordAuthenticationToken(
 136                       "notQuestUser",
 137                       "demo123");
 138               fnUserDao.save(notQuestUser);
 139               List<OnboardingWidget> expected = new ArrayList<>();
 140               when(request.getHeader("X-Widgets-Type")).thenReturn("managed");
 141
 142               List<OnboardingWidget> actual = widgetsController
 143                       .getOnboardingWidgets(notQuestprincipal, request, response);
 144
 145               assertEquals(expected, actual);
 146               fnUserDao.delete(notQuestUser);
 147        }
 148
 149        @Test
 150        public void getOnboardingWidgetsWrongHeaderTest() {
 151               UsernamePasswordAuthenticationToken notQuestprincipal = new UsernamePasswordAuthenticationToken(
 152                       "notQuestUser",
 153                       "demo123");
 154               fnUserDao.save(notQuestUser);
 155               when(request.getHeader("X-Widgets-Type")).thenReturn("test");
 156               List<OnboardingWidget> actual = widgetsController
 157                       .getOnboardingWidgets(notQuestprincipal, request, response);
 158
 159               assertNull(actual);
 160               fnUserDao.delete(notQuestUser);
 161        }
 162
 163        @Test
 164        public void putOnboardingWidgetSameWidget() {
 165               //Given
 166               fnUserDao.save(notQuestUser);
 167               when(request.getHeader("X-Widgets-Type")).thenReturn("managed");
 168
 169               OnboardingWidget onboardingWidget = OnboardingWidget.builder()
 170                       .id(123L)
 171                       .name("Application")
 172                       .appId(1421L)
 173                       .appName("Application name")
 174                       .width(123)
 175                       .height(45)
 176                       .url("testurl")
 177                       .build();
 178
 179               FnWidget fnWidget = FnWidget.builder()
 180                       .name("Application")
 181                       .appId(453L)
 182                       .width(123)
 183                       .height(45)
 184                       .url("testurl")
 185                       .build();
 186
 187               widgetService.saveOne(fnWidget);
 188
 189               FieldsValidator expected = new FieldsValidator();
 190               //When
 191               FieldsValidator actual = widgetsController
 192                       .putOnboardingWidget(principal, fnWidget.getWidgetId(), onboardingWidget, response);
 193               //Then
 194               assertEquals(expected.getErrorCode(), actual.getErrorCode());
 195               assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode());
 196               assertEquals(expected.getFields(), actual.getFields());
 197        }
 198
 199        @Test
 200        public void putOnboardingWidgetAOP() {
 201               //Given
 202               fnUserDao.save(notQuestUser);
 203               when(request.getHeader("X-Widgets-Type")).thenReturn("managed");
 204
 205               OnboardingWidget onboardingWidget = OnboardingWidget.builder()
 206                       .id(123L)
 207                       .name("")
 208                       .appId(1L)
 209                       .appName("")
 210                       .width(123)
 211                       .height(45)
 212                       .url("testurl")
 213                       .build();
 214
 215               FnWidget fnWidget = FnWidget.builder()
 216                       .name("Application")
 217                       .appId(1421L)
 218                       .width(123)
 219                       .height(45)
 220                       .url("testurl")
 221                       .build();
 222
 223               widgetService.saveOne(fnWidget);
 224
 225               FieldsValidator expected = new FieldsValidator();
 226               expected.setHttpStatusCode(406L);
 227               expected.addProblematicFieldName("appName can't be blank, appId value must be higher than 1");
 228               //When
 229               FieldsValidator actual = widgetsController
 230                       .putOnboardingWidget(principal, fnWidget.getWidgetId(), onboardingWidget, response);
 231               //Then
 232               assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode());
 233               assertEquals(expected.getFields().size(), actual.getFields().size());
 234        }
 235
 236        @Test
 237        public void putOnboardingWidgetAOPXSSTest() {
 238               //Given
 239               fnUserDao.save(notQuestUser);
 240               when(request.getHeader("X-Widgets-Type")).thenReturn("managed");
 241
 242               OnboardingWidget onboardingWidget = OnboardingWidget.builder()
 243                       .id(123L)
 244                       .name("<script>alert(“XSS”);</script>\n")
 245                       .appId(34L)
 246                       .appName("<ScRipT>alert(\"XSS\");</ScRipT>")
 247                       .width(123)
 248                       .height(45)
 249                       .url("testurl")
 250                       .build();
 251
 252               FieldsValidator expected = new FieldsValidator();
 253               expected.setHttpStatusCode(406L);
 254               expected.addProblematicFieldName(
 255                       "appName may have unsafe html content, name may have unsafe html content");
 256               //When
 257               FieldsValidator actual = widgetsController
 258                       .putOnboardingWidget(principal, 15L, onboardingWidget, response);
 259               //Then
 260               assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode());
 261               assertEquals(expected.getFields().size(), actual.getFields().size());
 262        }
 263
 264        @Test
 265        public void postOnboardingWidgetXSS() {
 266               //Given
 267               fnUserDao.save(notQuestUser);
 268               when(request.getHeader("X-Widgets-Type")).thenReturn("managed");
 269
 270               OnboardingWidget onboardingWidget = OnboardingWidget.builder()
 271                       .id(123L)
 272                       .name("<script>alert(“XSS”);</script>\n")
 273                       .appId(34L)
 274                       .appName("<ScRipT>alert(\"XSS\");</ScRipT>")
 275                       .width(123)
 276                       .height(45)
 277                       .url("testurl")
 278                       .build();
 279
 280               FieldsValidator expected = new FieldsValidator();
 281               expected.setHttpStatusCode(406L);
 282               expected.addProblematicFieldName("appName may have unse html content, name may have unsafe html content");
 283               //When
 284               FieldsValidator actual = widgetsController.postOnboardingWidget(principal, response, onboardingWidget);
 285               //Then
 286               assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode());
 287               assertEquals(expected.getFields().size(), actual.getFields().size());
 288        }
 289
 290        @Test
 291        public void postOnboardingWidget() {
 292               //Given
 293               fnUserDao.save(notQuestUser);
 294               when(request.getHeader("X-Widgets-Type")).thenReturn("managed");
 295
 296               OnboardingWidget onboardingWidget = OnboardingWidget.builder()
 297                       .id(123L)
 298                       .name("appname")
 299                       .appId(34L)
 300                       .appName("appname")
 301                       .width(123)
 302                       .height(45)
 303                       .url("testurl")
 304                       .build();
 305
 306               FieldsValidator expected = new FieldsValidator();
 307               expected.setHttpStatusCode(200L);
 308               //When
 309               FieldsValidator actual = widgetsController.postOnboardingWidget(principal, response, onboardingWidget);
 310               //Then
 311               assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode());
 312               assertEquals(expected.getFields().size(), actual.getFields().size());
 313        }
 314
 315        @Test
 316        public void deleteOnboardingWidgetSCFORBIDDEN() {
 317               //Given
 318               fnUserDao.save(notQuestUser);
 319               when(request.getHeader("X-Widgets-Type")).thenReturn("managed");
 320
 321               OnboardingWidget onboardingWidget = OnboardingWidget.builder()
 322                       .id(123L)
 323                       .name("")
 324                       .appId(1L)
 325                       .appName("rtyrty")
 326                       .width(123)
 327                       .height(45)
 328                       .url("testurl")
 329                       .build();
 330
 331               FnWidget fnWidget = FnWidget.builder()
 332                       .name("Application")
 333                       .appId(1421L)
 334                       .width(123)
 335                       .height(45)
 336                       .url("testurl")
 337                       .build();
 338
 339               widgetService.saveOne(fnWidget);
 340
 341
 342
 343               FieldsValidator expected = new FieldsValidator();
 344               expected.setHttpStatusCode(500L);
 345               expected.addProblematicFieldName("appName can't be blank, appId value must be higher than 1");
 346
 347               //When
 348               widgetsController.putOnboardingWidget(principal, fnWidget.getWidgetId(), onboardingWidget, response);
 349
 350               FieldsValidator actual = widgetsController.deleteOnboardingWidget(principal, response, fnWidget.getWidgetId());
 351               //Then
 352               assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode());
 353        }
 354
 355        @Test
 356        public void putWidgetCatalogSelection() throws IOException {
 357               //Give
 358               WidgetCatalogPersonalization personalization = new WidgetCatalogPersonalization(7L, true);
 359
 360               FieldsValidator expected = new FieldsValidator();
 361               expected.setHttpStatusCode(200L);
 362               expected.addProblematicFieldName("");
 363               //When
 364               FieldsValidator actual = widgetsController.putWidgetCatalogSelection(principal, personalization, response);
 365               //Then
 366               assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode());
 367        }
 368
 369        private FnUser getQuestUser() {
 370               return FnUser.builder()
 371                       .loginId("questUser")
 372                       .loginPwd("demo123")
 373                       .lastLoginDate(LocalDateTime.now())
 374                       .activeYn(true)
 375                       .createdDate(LocalDateTime.now())
 376                       .modifiedDate(LocalDateTime.now())
 377                       .isInternalYn(true)
 378                       .languageId(language)
 379                       .isSystemUser(true)
 380                       .guest(true)
 381                       .build();
 382        }
 383
 384        private FnUser getNotQuestUser() {
 385               return FnUser.builder()
 386                       .loginId("notQuestUser")
 387                       .loginPwd("demo123")
 388                       .lastLoginDate(LocalDateTime.now())
 389                       .activeYn(true)
 390                       .createdDate(LocalDateTime.now())
 391                       .modifiedDate(LocalDateTime.now())
 392                       .isInternalYn(true)
 393                       .isSystemUser(true)
 394                       .languageId(language)
 395                       .guest(false)
 396                       .build();
 397        }
 398
 399
 400        private FnLanguage getFnLanguage() {
 401               FnLanguage tmp = FnLanguage.builder().languageName("Polish").languageAlias("Pl").build();
 402               fnLanguageService.save(tmp);
 403               return tmp;
 404        }
 405 }