Code Review / portal.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
UserRolesController methods up
[portal.git] / portal-BE / src / test / java / org / onap / portal / controller / WidgetsControllerTest.java
1 /*
2  * ============LICENSE_START==========================================
3  * ONAP Portal
4  * ===================================================================
5  * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
6  * ===================================================================
7  * Modifications Copyright (c) 2019 Samsung
8  * ===================================================================
9  *
10  * Unless otherwise specified, all software contained herein is licensed
11  * under the Apache License, Version 2.0 (the "License");
12  * you may not use this software except in compliance with the License.
13  * You may obtain a copy of the License at
14  *
15  *             http://www.apache.org/licenses/LICENSE-2.0
16  *
17  * Unless required by applicable law or agreed to in writing, software
18  * distributed under the License is distributed on an "AS IS" BASIS,
19  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20  * See the License for the specific language governing permissions and
21  * limitations under the License.
22  *
23  * Unless otherwise specified, all documentation contained herein is licensed
24  * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
25  * you may not use this documentation except in compliance with the License.
26  * You may obtain a copy of the License at
27  *
28  *             https://creativecommons.org/licenses/by/4.0/
29  *
30  * Unless required by applicable law or agreed to in writing, documentation
31  * distributed under the License is distributed on an "AS IS" BASIS,
32  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
33  * See the License for the specific language governing permissions and
34  * limitations under the License.
35  *
36  * ============LICENSE_END============================================
37  *
38  *
39  */
40
41 package org.onap.portal.controller;
42
43 import static junit.framework.TestCase.assertEquals;
44 import static junit.framework.TestCase.assertNull;
45 import static org.mockito.Mockito.when;
46
47 import java.io.IOException;
48 import java.time.LocalDateTime;
49 import java.util.ArrayList;
50 import java.util.List;
51 import javax.servlet.http.HttpServletRequest;
52 import javax.servlet.http.HttpServletResponse;
53 import org.junit.Test;
54 import org.junit.runner.RunWith;
55 import org.onap.portal.dao.fn.FnLanguageDao;
56 import org.onap.portal.dao.fn.FnUserDao;
57 import org.onap.portal.domain.db.fn.FnLanguage;
58 import org.onap.portal.domain.db.fn.FnUser;
59 import org.onap.portal.domain.db.fn.FnWidget;
60 import org.onap.portal.domain.dto.transport.FieldsValidator;
61 import org.onap.portal.domain.dto.transport.OnboardingWidget;
62 import org.onap.portal.domain.dto.transport.WidgetCatalogPersonalization;
63 import org.onap.portal.framework.MockitoTestSuite;
64 import org.onap.portal.service.WidgetService;
65 import org.springframework.beans.factory.annotation.Autowired;
66 import org.springframework.boot.test.context.SpringBootTest;
67 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
68 import org.springframework.security.core.userdetails.UsernameNotFoundException;
69 import org.springframework.test.context.TestPropertySource;
70 import org.springframework.test.context.junit4.SpringRunner;
71 import org.springframework.transaction.annotation.Transactional;
72
73 @RunWith(SpringRunner.class)
74 @SpringBootTest
75 @TestPropertySource(locations = "classpath:test.properties")
76 @Transactional
77 public class WidgetsControllerTest {
78
79        private UsernamePasswordAuthenticationToken principal = new UsernamePasswordAuthenticationToken("demo",
80                "demo123");
81
82        MockitoTestSuite mockitoTestSuite = new MockitoTestSuite();
83
84        HttpServletRequest request = mockitoTestSuite.getMockedRequest();
85        HttpServletResponse response = mockitoTestSuite.getMockedResponse();
86
87        @Autowired
88        private WidgetsController widgetsController;
89        @Autowired
90        private FnUserDao fnUserDao;
91        @Autowired
92        private FnLanguageDao fnLanguageDao;
93        @Autowired
94        private WidgetService widgetService;
95
96        private FnLanguage language = getFnLanguage();
97        private FnUser questUser = getQuestUser();
98        private FnUser notQuestUser = getNotQuestUser();
99
100        @Test(expected = UsernameNotFoundException.class)
101        public void getOnboardingWidgetsNullUserTest() {
102               UsernamePasswordAuthenticationToken nullPrincipal = new UsernamePasswordAuthenticationToken("nulluser",
103                       "demo123");
104               widgetsController.getOnboardingWidgets(nullPrincipal, request, response);
105        }
106
107        @Test
108        public void getOnboardingWidgetsQuestUserTest() {
109               UsernamePasswordAuthenticationToken questPrincipal = new UsernamePasswordAuthenticationToken("questUser",
110                       "demo123");
111               fnUserDao.save(questUser);
112               List<OnboardingWidget> onboardingWidgets = widgetsController
113                       .getOnboardingWidgets(questPrincipal, request, response);
114               assertNull(onboardingWidgets);
115
116               //Clean up
117               fnUserDao.delete(questUser);
118               fnLanguageDao.delete(language);
119        }
120
121        @Test
122        public void getOnboardingWidgetsUserTest() {
123               UsernamePasswordAuthenticationToken notQuestprincipal = new UsernamePasswordAuthenticationToken(
124                       "notQuestUser",
125                       "demo123");
126               fnUserDao.save(notQuestUser);
127               List<OnboardingWidget> expected = new ArrayList<>();
128               when(request.getHeader("X-Widgets-Type")).thenReturn("managed");
129
130               List<OnboardingWidget> actual = widgetsController
131                       .getOnboardingWidgets(notQuestprincipal, request, response);
132
133               assertEquals(expected, actual);
134               fnUserDao.delete(notQuestUser);
135        }
136
137        @Test
138        public void getOnboardingWidgetsWrongHeaderTest() {
139               UsernamePasswordAuthenticationToken notQuestprincipal = new UsernamePasswordAuthenticationToken(
140                       "notQuestUser",
141                       "demo123");
142               fnUserDao.save(notQuestUser);
143               when(request.getHeader("X-Widgets-Type")).thenReturn("test");
144               List<OnboardingWidget> actual = widgetsController
145                       .getOnboardingWidgets(notQuestprincipal, request, response);
146
147               assertNull(actual);
148               fnUserDao.delete(notQuestUser);
149        }
150
151        @Test
152        public void putOnboardingWidgetSameWidget() {
153               //Given
154               fnUserDao.save(notQuestUser);
155               when(request.getHeader("X-Widgets-Type")).thenReturn("managed");
156
157               OnboardingWidget onboardingWidget = OnboardingWidget.builder()
158                       .id(123L)
159                       .name("Application")
160                       .appId(1421L)
161                       .appName("Application name")
162                       .width(123)
163                       .height(45)
164                       .url("testurl")
165                       .build();
166
167               FnWidget fnWidget = FnWidget.builder()
168                       .name("Application")
169                       .appId(453L)
170                       .width(123)
171                       .height(45)
172                       .url("testurl")
173                       .build();
174
175               widgetService.saveOne(fnWidget);
176
177               FieldsValidator expected = new FieldsValidator();
178               //When
179               FieldsValidator actual = widgetsController
180                       .putOnboardingWidget(principal, fnWidget.getWidgetId(), onboardingWidget, response);
181               //Then
182               assertEquals(expected.getErrorCode(), actual.getErrorCode());
183               assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode());
184               assertEquals(expected.getFields(), actual.getFields());
185        }
186
187        @Test
188        public void putOnboardingWidgetAOP() {
189               //Given
190               fnUserDao.save(notQuestUser);
191               when(request.getHeader("X-Widgets-Type")).thenReturn("managed");
192
193               OnboardingWidget onboardingWidget = OnboardingWidget.builder()
194                       .id(123L)
195                       .name("")
196                       .appId(1L)
197                       .appName("")
198                       .width(123)
199                       .height(45)
200                       .url("testurl")
201                       .build();
202
203               FnWidget fnWidget = FnWidget.builder()
204                       .name("Application")
205                       .appId(1421L)
206                       .width(123)
207                       .height(45)
208                       .url("testurl")
209                       .build();
210
211               widgetService.saveOne(fnWidget);
212
213               FieldsValidator expected = new FieldsValidator();
214               expected.setHttpStatusCode(406L);
215               expected.addProblematicFieldName("appName can't be blank, appId value must be higher than 1");
216               //When
217               FieldsValidator actual = widgetsController
218                       .putOnboardingWidget(principal, fnWidget.getWidgetId(), onboardingWidget, response);
219               //Then
220               assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode());
221               assertEquals(expected.getFields().size(), actual.getFields().size());
222        }
223
224        @Test
225        public void putOnboardingWidgetAOPXSSTest() {
226               //Given
227               fnUserDao.save(notQuestUser);
228               when(request.getHeader("X-Widgets-Type")).thenReturn("managed");
229
230               OnboardingWidget onboardingWidget = OnboardingWidget.builder()
231                       .id(123L)
232                       .name("<script>alert(“XSS”);</script>\n")
233                       .appId(34L)
234                       .appName("<ScRipT>alert(\"XSS\");</ScRipT>")
235                       .width(123)
236                       .height(45)
237                       .url("testurl")
238                       .build();
239
240               FieldsValidator expected = new FieldsValidator();
241               expected.setHttpStatusCode(406L);
242               expected.addProblematicFieldName(
243                       "appName may have unsafe html content, name may have unsafe html content");
244               //When
245               FieldsValidator actual = widgetsController
246                       .putOnboardingWidget(principal, 15L, onboardingWidget, response);
247               //Then
248               assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode());
249               assertEquals(expected.getFields().size(), actual.getFields().size());
250        }
251
252        @Test
253        public void postOnboardingWidgetXSS() {
254               //Given
255               fnUserDao.save(notQuestUser);
256               when(request.getHeader("X-Widgets-Type")).thenReturn("managed");
257
258               OnboardingWidget onboardingWidget = OnboardingWidget.builder()
259                       .id(123L)
260                       .name("<script>alert(“XSS”);</script>\n")
261                       .appId(34L)
262                       .appName("<ScRipT>alert(\"XSS\");</ScRipT>")
263                       .width(123)
264                       .height(45)
265                       .url("testurl")
266                       .build();
267
268               FieldsValidator expected = new FieldsValidator();
269               expected.setHttpStatusCode(406L);
270               expected.addProblematicFieldName("appName may have unse html content, name may have unsafe html content");
271               //When
272               FieldsValidator actual = widgetsController.postOnboardingWidget(principal, response, onboardingWidget);
273               //Then
274               assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode());
275               assertEquals(expected.getFields().size(), actual.getFields().size());
276        }
277
278        @Test
279        public void postOnboardingWidget() {
280               //Given
281               fnUserDao.save(notQuestUser);
282               when(request.getHeader("X-Widgets-Type")).thenReturn("managed");
283
284               OnboardingWidget onboardingWidget = OnboardingWidget.builder()
285                       .id(123L)
286                       .name("appname")
287                       .appId(34L)
288                       .appName("appname")
289                       .width(123)
290                       .height(45)
291                       .url("testurl")
292                       .build();
293
294               FieldsValidator expected = new FieldsValidator();
295               expected.setHttpStatusCode(200L);
296               //When
297               FieldsValidator actual = widgetsController.postOnboardingWidget(principal, response, onboardingWidget);
298               //Then
299               assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode());
300               assertEquals(expected.getFields().size(), actual.getFields().size());
301        }
302
303        @Test
304        public void deleteOnboardingWidgetSCFORBIDDEN() {
305               //Given
306               fnUserDao.save(notQuestUser);
307               when(request.getHeader("X-Widgets-Type")).thenReturn("managed");
308
309               OnboardingWidget onboardingWidget = OnboardingWidget.builder()
310                       .id(123L)
311                       .name("")
312                       .appId(1L)
313                       .appName("rtyrty")
314                       .width(123)
315                       .height(45)
316                       .url("testurl")
317                       .build();
318
319               FnWidget fnWidget = FnWidget.builder()
320                       .name("Application")
321                       .appId(1421L)
322                       .width(123)
323                       .height(45)
324                       .url("testurl")
325                       .build();
326
327               widgetService.saveOne(fnWidget);
328
329
330
331               FieldsValidator expected = new FieldsValidator();
332               expected.setHttpStatusCode(500L);
333               expected.addProblematicFieldName("appName can't be blank, appId value must be higher than 1");
334
335               //When
336               widgetsController.putOnboardingWidget(principal, fnWidget.getWidgetId(), onboardingWidget, response);
337
338               FieldsValidator actual = widgetsController.deleteOnboardingWidget(principal, response, fnWidget.getWidgetId());
339               //Then
340               assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode());
341        }
342
343        @Test
344        public void putWidgetCatalogSelection() throws IOException {
345               //Give
346               WidgetCatalogPersonalization personalization = new WidgetCatalogPersonalization(7L, true);
347
348               FieldsValidator expected = new FieldsValidator();
349               expected.setHttpStatusCode(200L);
350               expected.addProblematicFieldName("");
351               //When
352               FieldsValidator actual = widgetsController.putWidgetCatalogSelection(principal, personalization, response);
353               //Then
354               assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode());
355        }
356
357        private FnUser getQuestUser() {
358               return FnUser.builder()
359                       .loginId("questUser")
360                       .loginPwd("demo123")
361                       .lastLoginDate(LocalDateTime.now())
362                       .activeYn(true)
363                       .createdDate(LocalDateTime.now())
364                       .modifiedDate(LocalDateTime.now())
365                       .isInternalYn(true)
366                       .languageId(language)
367                       .isSystemUser(true)
368                       .guest(true)
369                       .build();
370        }
371
372        private FnUser getNotQuestUser() {
373               return FnUser.builder()
374                       .loginId("notQuestUser")
375                       .loginPwd("demo123")
376                       .lastLoginDate(LocalDateTime.now())
377                       .activeYn(true)
378                       .createdDate(LocalDateTime.now())
379                       .modifiedDate(LocalDateTime.now())
380                       .isInternalYn(true)
381                       .isSystemUser(true)
382                       .languageId(language)
383                       .guest(false)
384                       .build();
385        }
386
387        private FnLanguage getFnLanguage() {
388               return FnLanguage.builder().languageName("Polish").languageAlias("Pl").build();
389        }
390 }
ARCHIVED- 2022-02-15 at the request of the project