diff options
author | Dominik Mizyn <d.mizyn@samsung.com> | 2019-07-15 14:03:18 +0200 |
---|---|---|
committer | Dominik Mizyn <d.mizyn@samsung.com> | 2019-07-15 14:04:35 +0200 |
commit | caa971f0393d349985878a085e3519782335ac1f (patch) | |
tree | 1e13946cde3a14cfd3a4cf7e1bebbe2b12185d9e | |
parent | b8a540c2aa08175b2d4c144c6a27d774c8e76acb (diff) |
XSS Vulnerability fix in ExternalAccessRolesControllerDashboardController
Custom data validator used to fix this issue.
Issue-ID: OJSI-15
Change-Id: I9a978846ffc50d840a676b994aa4fb89248b5372
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
5 files changed, 436 insertions, 212 deletions
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AuxApiRequestMapperController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AuxApiRequestMapperController.java index 9ca88c0f..969605ce 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AuxApiRequestMapperController.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AuxApiRequestMapperController.java @@ -46,6 +46,8 @@ import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.Optional; +import java.util.concurrent.atomic.AtomicReference; import java.util.jar.Attributes; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -226,22 +228,24 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B @RequestMapping(value = { "/v3/roleFunction" }, method = RequestMethod.POST, produces = "application/json") public PortalRestResponse<String> saveRoleFunction(HttpServletRequest request, HttpServletResponse response, @RequestBody String roleFunc) throws Exception { - PortalRestResponse<String> result = null; - if (roleFunc!=null){ SecureString secureRoleFunc = new SecureString(roleFunc); if(!dataValidator.isValid(secureRoleFunc)) return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Provided data is not valid", "Failed"); } - + Optional<PortalRestResponse<String>> result = null; Map<String, Object> res = getMethod(request, response); try { - result = (PortalRestResponse<String>) invokeMethod(res, request, response, roleFunc); - return result; + result = Optional.ofNullable((PortalRestResponse<String>) invokeMethod(res, request, response)); + if (!result.isPresent()){ + logger.error(EELFLoggerDelegate.errorLogger, "saveRoleFunction failed", new Exception("saveRoleFunction failed")); + return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "saveRoleFunction failed", "Failed"); + } } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "saveRoleFunction failed", e); return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); } + return result.get(); } @SuppressWarnings("unchecked") @@ -279,7 +283,7 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B return result; } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "deleteRole failed", e); - return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); } } @@ -413,16 +417,19 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B "/v3/upload/portal/functions" }, method = RequestMethod.POST, produces = "application/json") public PortalRestResponse<String> bulkUploadFunctions(HttpServletRequest request, HttpServletResponse response) throws Exception { - PortalRestResponse<String> result = null; + Optional<PortalRestResponse<String>> result = null; Map<String, Object> res = getMethod(request, response); try { - result = (PortalRestResponse<String>) invokeMethod(res, request, response); - return result; + result = Optional.ofNullable((PortalRestResponse<String>) invokeMethod(res, request, response)); + if (!result.isPresent()){ + logger.error(EELFLoggerDelegate.errorLogger, "Failed to bulkUploadFunctions", new Exception("Failed to bulkUploadFunctions")); + return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadFunctions", "Failed"); + } } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadFunctions failed", e); return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); } - + return result.get(); } @SuppressWarnings("unchecked") @@ -430,11 +437,15 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B @RequestMapping(value = { "/v3/upload/portal/roles" }, method = RequestMethod.POST, produces = "application/json") public PortalRestResponse<String> bulkUploadRoles(HttpServletRequest request, HttpServletResponse response) throws Exception { - PortalRestResponse<String> result = null; + Optional<PortalRestResponse<String>> result; Map<String, Object> res = getMethod(request, response); try { - result = (PortalRestResponse<String>) invokeMethod(res, request, response); - return result; + result = Optional.ofNullable((PortalRestResponse<String>) invokeMethod(res, request, response)); + if (!result.isPresent()){ + logger.error(EELFLoggerDelegate.errorLogger, "Failed to bulkUploadRoles", new Exception("Failed to bulkUploadRoles")); + return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadRoles", "Failed"); + } + return result.get(); } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadRoles failed", e); return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); @@ -447,11 +458,15 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B "/v3/upload/portal/roleFunctions" }, method = RequestMethod.POST, produces = "application/json") public PortalRestResponse<String> bulkUploadRoleFunctions(HttpServletRequest request, HttpServletResponse response) throws Exception { - PortalRestResponse<String> result = null; + Optional<PortalRestResponse<String>> result; Map<String, Object> res = getMethod(request, response); try { - result = (PortalRestResponse<String>) invokeMethod(res, request, response); - return result; + result = Optional.ofNullable((PortalRestResponse<String>) invokeMethod(res, request, response)); + if (!result.isPresent()){ + logger.error(EELFLoggerDelegate.errorLogger, "Failed to bulkUploadRoleFunctions", new Exception("Failed to bulkUploadRoleFunctions")); + return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadRoleFunctions", "Failed"); + } + return result.get(); } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadRoleFunctions failed", e); return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); @@ -464,11 +479,15 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B "/v3/upload/portal/userRoles" }, method = RequestMethod.POST, produces = "application/json") public PortalRestResponse<String> bulkUploadUserRoles(HttpServletRequest request, HttpServletResponse response) throws Exception { - PortalRestResponse<String> result = null; + Optional<PortalRestResponse<String>> result; Map<String, Object> res = getMethod(request, response); try { - result = (PortalRestResponse<String>) invokeMethod(res, request, response); - return result; + result = Optional.ofNullable((PortalRestResponse<String>) invokeMethod(res, request, response)); + if (!result.isPresent()){ + logger.error(EELFLoggerDelegate.errorLogger, "Failed to bulkUploadUserRoles", new Exception("Failed to bulkUploadUserRoles")); + return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadUserRoles", "Failed"); + } + return result.get(); } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadUserRoles failed", e); return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); @@ -482,11 +501,15 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B "/v3/upload/portal/userRole/{roleId}" }, method = RequestMethod.POST, produces = "application/json") public PortalRestResponse<String> bulkUploadUsersSingleRole(HttpServletRequest request, HttpServletResponse response, @PathVariable Long roleId) throws Exception { - PortalRestResponse<String> result = null; + Optional<PortalRestResponse<String>> result = null; Map<String, Object> res = getMethod(request, response); try { - result = (PortalRestResponse<String>) invokeMethod(res, request, response, roleId); - return result; + result = Optional.ofNullable((PortalRestResponse<String>) invokeMethod(res, request, response)); + if (!result.isPresent()){ + logger.error(EELFLoggerDelegate.errorLogger, "Failed to bulkUploadUsersSingleRole", new Exception("Failed to bulkUploadUsersSingleRole")); + return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadUsersSingleRole", "Failed"); + } + return result.get(); } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadUsersSingleRole failed", e); return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); @@ -499,11 +522,15 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B "/v3/upload/partner/functions" }, method = RequestMethod.POST, produces = "application/json") public PortalRestResponse<String> bulkUploadPartnerFunctions(HttpServletRequest request, HttpServletResponse response) throws Exception { - PortalRestResponse<String> result = null; + Optional<PortalRestResponse<String>> result = null; Map<String, Object> res = getMethod(request, response); try { - result = (PortalRestResponse<String>) invokeMethod(res, request, response); - return result; + result = Optional.ofNullable((PortalRestResponse<String>) invokeMethod(res, request, response)); + if (!result.isPresent()){ + logger.error(EELFLoggerDelegate.errorLogger, "Failed to bulkUploadPartnerRoleFunctions", new Exception("Failed to bulkUploadPartnerRoleFunctions")); + return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadPartnerRoleFunctions", "Failed"); + } + return result.get(); } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadPartnerFunctions failed", e); return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); @@ -516,11 +543,15 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B @RequestMapping(value = { "/v3/upload/partner/roles" }, method = RequestMethod.POST, produces = "application/json") public PortalRestResponse<String> bulkUploadPartnerRoles(HttpServletRequest request, HttpServletResponse response, @RequestBody List<Role> upload) throws Exception { - PortalRestResponse<String> result = null; + Optional<PortalRestResponse<String>> result = null; Map<String, Object> res = getMethod(request, response); try { - result = (PortalRestResponse<String>) invokeMethod(res, request, response, upload); - return result; + result = Optional.ofNullable((PortalRestResponse<String>) invokeMethod(res, request, response)); + if (!result.isPresent()){ + logger.error(EELFLoggerDelegate.errorLogger, "Failed to bulkUploadRoles", new Exception("Failed to bulkUploadRoles")); + return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadRoles", "Failed"); + } + return result.get(); } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadPartnerRoles failed", e); return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); @@ -533,11 +564,15 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B "/v3/upload/partner/roleFunctions" }, method = RequestMethod.POST, produces = "application/json") public PortalRestResponse<String> bulkUploadPartnerRoleFunctions(HttpServletRequest request, HttpServletResponse response) throws Exception { - PortalRestResponse<String> result = null; + Optional<PortalRestResponse<String>> result = null; Map<String, Object> res = getMethod(request, response); try { - result = (PortalRestResponse<String>) invokeMethod(res, request, response); - return result; + result = Optional.ofNullable((PortalRestResponse<String>) invokeMethod(res, request, response)); + if (!result.isPresent()){ + logger.error(EELFLoggerDelegate.errorLogger, "Failed to bulkUploadPartnerRoleFunctions", new Exception("Failed to bulkUploadPartnerRoleFunctions")); + return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadPartnerRoleFunctions", "Failed"); + } + return result.get(); } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadPartnerRoleFunctions failed", e); return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/ExternalAccessRolesController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/ExternalAccessRolesController.java index 5f6818f1..46493d86 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/ExternalAccessRolesController.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/ExternalAccessRolesController.java @@ -69,6 +69,8 @@ import org.onap.portalapp.portal.transport.ExternalRequestFieldsValidator; import org.onap.portalapp.portal.utils.EPCommonSystemProperties; import org.onap.portalapp.portal.utils.EcompPortalUtils; import org.onap.portalapp.portal.utils.PortalConstants; +import org.onap.portalapp.validation.DataValidator; +import org.onap.portalapp.validation.SecureString; import org.onap.portalsdk.core.domain.AuditLog; import org.onap.portalsdk.core.domain.Role; import org.onap.portalsdk.core.domain.User; @@ -76,7 +78,6 @@ import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.onap.portalsdk.core.restful.domain.EcompRole; import org.onap.portalsdk.core.restful.domain.EcompUser; import org.onap.portalsdk.core.service.AuditService; -import org.onap.portalsdk.core.service.UserService; import org.onap.portalsdk.core.service.UserServiceCentalizedImpl; import org.onap.portalsdk.core.util.SystemProperties; import org.onap.portalsdk.core.web.support.UserUtils; @@ -90,7 +91,6 @@ import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RestController; -import org.springframework.web.client.RestTemplate; import com.fasterxml.jackson.databind.DeserializationFeature; import com.fasterxml.jackson.databind.ObjectMapper; @@ -104,36 +104,39 @@ import io.swagger.annotations.ApiOperation; @EnableAspectJAutoProxy @EPAuditLog public class ExternalAccessRolesController implements BasicAuthenticationController { - private static final String ROLE_INVALID_CHARS = "%=():,\"\""; - private static final String SUCCESSFULLY_DELETED = "Successfully Deleted"; - private static final String INVALID_UEB_KEY = "Invalid credentials!"; - private static final String LOGIN_ID = "LoginId"; - - RestTemplate template = new RestTemplate(); - - @Autowired - private AuditService auditService; - private static final String UEBKEY = "uebkey"; - private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(ExternalAccessRolesController.class); + private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(ExternalAccessRolesController.class); + private static final DataValidator DATA_VALIDATOR = new DataValidator(); - @Autowired + private AuditService auditService; private ExternalAccessRolesService externalAccessRolesService; + private UserServiceCentalizedImpl userservice; @Autowired - private UserService userservice = new UserServiceCentalizedImpl(); + public ExternalAccessRolesController(AuditService auditService, + ExternalAccessRolesService externalAccessRolesService, + UserServiceCentalizedImpl userservice) { + this.auditService = auditService; + this.externalAccessRolesService = externalAccessRolesService; + this.userservice = userservice; + } + @ApiOperation(value = "Gets user role for an application.", response = CentralUser.class, responseContainer="List") @RequestMapping(value = { "/user/{loginId}" }, method = RequestMethod.GET, produces = "application/json") public CentralUser getUser(HttpServletRequest request, HttpServletResponse response, @PathVariable("loginId") String loginId) throws Exception { - + if (!DATA_VALIDATOR.isValid(new SecureString(loginId))){ + sendErrorResponse(response, new Exception("Data is not valid")); + logger.error(EELFLoggerDelegate.errorLogger, "getUser not valid data"); + return null; + } CentralUser answer = null; try { fieldsValidation(request); @@ -150,6 +153,11 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl "/v1/user/{loginId}" }, method = RequestMethod.GET, produces = "application/json") public String getV2UserList(HttpServletRequest request, HttpServletResponse response, @PathVariable("loginId") String loginId) throws Exception { + if (!DATA_VALIDATOR.isValid(new SecureString(loginId))){ + sendErrorResponse(response, new Exception("Data is not valid")); + logger.error(EELFLoggerDelegate.errorLogger, "getV2UserList not valid data"); + return "Data is not valid"; + } String answer = null; try { fieldsValidation(request); @@ -300,6 +308,10 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl @PathVariable("code") String code) throws Exception { CentralV2RoleFunction centralV2RoleFunction = null; CentralRoleFunction centralRoleFunction = new CentralRoleFunction(); + if(!DATA_VALIDATOR.isValid(new SecureString(code))){ + sendErrorResponse(response, new Exception("Data is not valid")); + logger.error(EELFLoggerDelegate.errorLogger, "getRoleFunction failed", new Exception("Data is not valid")); + } try { fieldsValidation(request); centralV2RoleFunction = externalAccessRolesService.getRoleFunction(code, request.getHeader(UEBKEY)); @@ -318,6 +330,10 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl public CentralV2RoleFunction getV2RoleFunction(HttpServletRequest request, HttpServletResponse response, @PathVariable("code") String code) throws Exception { CentralV2RoleFunction centralV2RoleFunction = null; + if(!DATA_VALIDATOR.isValid(new SecureString(code))){ + sendErrorResponse(response, new Exception("Data is not valid")); + logger.error(EELFLoggerDelegate.errorLogger, "getV2RoleFunction failed", new Exception("Data is not valid")); + } try { fieldsValidation(request); centralV2RoleFunction = externalAccessRolesService.getRoleFunction(code, request.getHeader(UEBKEY)); @@ -334,16 +350,20 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl @ApiOperation(value = "Saves role function for an application.", response = PortalRestResponse.class, responseContainer = "Json") @RequestMapping(value = { "/roleFunction" }, method = RequestMethod.POST, produces = "application/json") public PortalRestResponse<String> saveRoleFunction(HttpServletRequest request, HttpServletResponse response, - @RequestBody String roleFunc) throws Exception { + @RequestBody String roleFunc) { String status = "Successfully saved!"; + if(!DATA_VALIDATOR.isValid(new SecureString(roleFunc))){ + logger.error(EELFLoggerDelegate.errorLogger, "saveRoleFunction failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, + "Failed to roleFunc, not valid data.", "Failed"); + } try { fieldsValidation(request); - String data = roleFunc; - ObjectMapper mapper = new ObjectMapper(); + ObjectMapper mapper = new ObjectMapper(); List<EPApp> applicationList = externalAccessRolesService.getApp(request.getHeader(UEBKEY)); EPApp requestedApp = applicationList.get(0); mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false); - CentralV2RoleFunction availableRoleFunction = mapper.readValue(data, CentralV2RoleFunction.class); + CentralV2RoleFunction availableRoleFunction = mapper.readValue(roleFunc, CentralV2RoleFunction.class); CentralV2RoleFunction domainRoleFunction = null; boolean isCentralV2Version = false; if(availableRoleFunction.getType()!=null && availableRoleFunction.getAction()!= null) { @@ -405,8 +425,8 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl MDC.remove(SystemProperties.MDC_TIMER); } else { logger.error(EELFLoggerDelegate.errorLogger, "saveRoleFunction failed"); - return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, - "Failed to saveRoleFunction for '" + availableRoleFunction.getCode() + "'", "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, + "Failed to saveRoleFunction for '" + availableRoleFunction.getCode() + "'", "Failed"); } } catch (Exception e) { if (e.getMessage() == null ||e.getMessage().contains(INVALID_UEB_KEY)) { @@ -415,15 +435,20 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); } logger.error(EELFLoggerDelegate.errorLogger, "saveRoleFunction failed", e); - return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); } - return new PortalRestResponse<String>(PortalRestStatusEnum.OK, status, "Success"); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, status, "Success"); } @ApiOperation(value = "Deletes role function for an application.", response = PortalRestResponse.class, responseContainer = "Json") @RequestMapping(value = { "/roleFunction/{code}" }, method = RequestMethod.DELETE, produces = "application/json") public PortalRestResponse<String> deleteRoleFunction(HttpServletRequest request, HttpServletResponse response, - @PathVariable("code") String code) throws Exception { + @PathVariable("code") String code) { + if(!DATA_VALIDATOR.isValid(new SecureString(code))){ + logger.error(EELFLoggerDelegate.errorLogger, "deleteRoleFunction failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, + "Failed to deleteRoleFunction, not valid data.", "Failed"); + } try { fieldsValidation(request); EPUser user = externalAccessRolesService.getUser(request.getHeader(LOGIN_ID)).get(0); @@ -454,8 +479,8 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl MDC.remove(SystemProperties.MDC_TIMER); } else { logger.error(EELFLoggerDelegate.errorLogger, "deleteRoleFunction failed"); - return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, - "Failed to deleteRoleFunction for '" + code + "'", "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, + "Failed to deleteRoleFunction for '" + code + "'", "Failed"); } } catch (Exception e) { if (e.getMessage().contains(INVALID_UEB_KEY)) { @@ -473,7 +498,7 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl @ApiOperation(value = "Saves role for an application.", response = PortalRestResponse.class, responseContainer = "Json") @RequestMapping(value = { "/role" }, method = RequestMethod.POST, produces = "application/json") public PortalRestResponse<String> saveRole(HttpServletRequest request, HttpServletResponse response, - @RequestBody Role role) throws Exception { + @RequestBody Role role) { try { fieldsValidation(request); ExternalRequestFieldsValidator saveRoleResult = null; @@ -526,15 +551,20 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); } logger.error(EELFLoggerDelegate.errorLogger, "saveRole failed", e); - return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); } - return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "Successfully Saved", "Success"); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, "Successfully Saved", "Success"); } @ApiOperation(value = "Deletes role for an application.", response = PortalRestResponse.class, responseContainer = "Json") @RequestMapping(value = { "/deleteRole/{code}" }, method = RequestMethod.DELETE, produces = "application/json") public PortalRestResponse<String> deleteRole(HttpServletRequest request, HttpServletResponse response, - @PathVariable String code) throws Exception { + @PathVariable String code) { + if(!DATA_VALIDATOR.isValid(new SecureString(code))){ + logger.error(EELFLoggerDelegate.errorLogger, "deleteRole failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, + "Failed to deleteRole, not valid data.", "Failed"); + } try { fieldsValidation(request); boolean deleteResponse = externalAccessRolesService.deleteRoleForApplication(code, @@ -566,8 +596,8 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl MDC.remove(SystemProperties.MDC_TIMER); } else { logger.error(EELFLoggerDelegate.errorLogger, "deleteRole failed"); - return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, - "Failed to deleteRole for '" + code + "'", "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, + "Failed to deleteRole for '" + code + "'", "Failed"); } } catch (Exception e) { if (e.getMessage().contains(INVALID_UEB_KEY)) { @@ -576,9 +606,9 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl response.setStatus(HttpServletResponse.SC_BAD_REQUEST); } logger.error(EELFLoggerDelegate.errorLogger, "deleteRole failed", e); - return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); } - return new PortalRestResponse<String>(PortalRestStatusEnum.OK, SUCCESSFULLY_DELETED, "Success"); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, SUCCESSFULLY_DELETED, "Success"); } @ApiOperation(value = "Gets active roles for an application.", response = CentralRole.class, responseContainer = "Json") @@ -615,7 +645,7 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl @ApiOperation(value = "deletes user roles for an application.", response = PortalRestResponse.class, responseContainer = "Json") @RequestMapping(value = { "/deleteDependcyRoleRecord/{roleId}" }, method = RequestMethod.DELETE, produces = "application/json") public PortalRestResponse<String> deleteDependencyRoleRecord(HttpServletRequest request, HttpServletResponse response, - @PathVariable("roleId") Long roleId) throws Exception { + @PathVariable("roleId") Long roleId) { ExternalRequestFieldsValidator removeResult = null; try { fieldsValidation(request); @@ -642,7 +672,7 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl @ApiOperation(value = "deletes roles for an application.", response = PortalRestResponse.class, responseContainer = "Json") @RequestMapping(value = { "/v2/deleteRole/{roleId}" }, method = RequestMethod.DELETE, produces = "application/json") public PortalRestResponse<String> deleteRole(HttpServletRequest request, HttpServletResponse response, - @PathVariable("roleId") Long roleId) throws Exception { + @PathVariable("roleId") Long roleId) { ExternalRequestFieldsValidator removeResult = null; try { fieldsValidation(request); @@ -668,63 +698,63 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl @ApiOperation(value = "Bulk upload functions for an application.", response = PortalRestResponse.class, responseContainer = "Json") @RequestMapping(value = { "/upload/portal/functions" }, method = RequestMethod.POST, produces = "application/json") - public PortalRestResponse<String> bulkUploadFunctions(HttpServletRequest request, HttpServletResponse response) throws Exception { + public PortalRestResponse<String> bulkUploadFunctions(HttpServletRequest request, HttpServletResponse response) { Integer result = 0; try { result = externalAccessRolesService.bulkUploadFunctions(request.getHeader(UEBKEY)); } catch (Exception e) { response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadFunctions failed", e); - return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadFunctions", "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadFunctions", "Failed"); } - return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "Successfully added: "+result, "Success"); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, "Successfully added: " + result, "Success"); } @ApiOperation(value = "Bulk upload roles for an application.", response = PortalRestResponse.class, responseContainer = "Json") @RequestMapping(value = { "/upload/portal/roles" }, method = RequestMethod.POST, produces = "application/json") - public PortalRestResponse<String> bulkUploadRoles(HttpServletRequest request, HttpServletResponse response) throws Exception { + public PortalRestResponse<String> bulkUploadRoles(HttpServletRequest request, HttpServletResponse response) { Integer result = 0; try { result = externalAccessRolesService.bulkUploadRoles(request.getHeader(UEBKEY)); } catch (Exception e) { response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadRoles failed", e); - return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadRoles", "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadRoles", "Failed"); } - return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "Successfully added: "+result, "Success"); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, "Successfully added: " + result, "Success"); } @ApiOperation(value = "Bulk upload role functions for an application.", response = PortalRestResponse.class, responseContainer = "Json") @RequestMapping(value = { "/upload/portal/roleFunctions" }, method = RequestMethod.POST, produces = "application/json") - public PortalRestResponse<String> bulkUploadRoleFunctions(HttpServletRequest request, HttpServletResponse response) throws Exception { + public PortalRestResponse<String> bulkUploadRoleFunctions(HttpServletRequest request, HttpServletResponse response) { Integer result = 0; try { result = externalAccessRolesService.bulkUploadRolesFunctions(request.getHeader(UEBKEY)); } catch (Exception e) { response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadRoleFunctions failed", e); - return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadRoleFunctions", "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadRoleFunctions", "Failed"); } - return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "Successfully added: "+result, "Success"); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, "Successfully added: " + result, "Success"); } @ApiOperation(value = "Bulk upload user roles for an application.", response = PortalRestResponse.class, responseContainer = "Json") @RequestMapping(value = { "/upload/portal/userRoles" }, method = RequestMethod.POST, produces = "application/json") - public PortalRestResponse<String> bulkUploadUserRoles(HttpServletRequest request, HttpServletResponse response) throws Exception { + public PortalRestResponse<String> bulkUploadUserRoles(HttpServletRequest request, HttpServletResponse response) { Integer result = 0; try { result = externalAccessRolesService.bulkUploadUserRoles(request.getHeader(UEBKEY)); } catch (Exception e) { response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadUserRoles failed", e); - return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadUserRoles", "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadUserRoles", "Failed"); } - return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "Successfully added: "+result, "Success"); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, "Successfully added: " + result, "Success"); } @ApiOperation(value = "Bulk upload users for renamed role of an application.", response = PortalRestResponse.class, responseContainer = "Json") @RequestMapping(value = { "/upload/portal/userRole/{roleId}" }, method = RequestMethod.POST, produces = "application/json") - public PortalRestResponse<String> bulkUploadUsersSingleRole(HttpServletRequest request, HttpServletResponse response, @PathVariable Long roleId) throws Exception { + public PortalRestResponse<String> bulkUploadUsersSingleRole(HttpServletRequest request, HttpServletResponse response, @PathVariable Long roleId) { Integer result = 0; try { String roleName = request.getHeader("RoleName"); @@ -732,50 +762,53 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl } catch (Exception e) { response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadUsersSingleRole failed", e); - return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadUsersSingleRole", "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadUsersSingleRole", "Failed"); } - return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "Successfully added: "+result, "Success"); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, "Successfully added: " + result, "Success"); } @ApiOperation(value = "Bulk upload functions for an partner application.", response = PortalRestResponse.class, responseContainer = "Json") @RequestMapping(value = { "/upload/partner/functions" }, method = RequestMethod.POST, produces = "application/json") - public PortalRestResponse<String> bulkUploadPartnerFunctions(HttpServletRequest request, HttpServletResponse response) throws Exception { + public PortalRestResponse<String> bulkUploadPartnerFunctions(HttpServletRequest request, HttpServletResponse response) { Integer addedFunctions = 0; try { addedFunctions = externalAccessRolesService.bulkUploadPartnerFunctions(request.getHeader(UEBKEY)); } catch (Exception e) { response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadFunctions failed", e); - return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadFunctions", "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadFunctions", "Failed"); } - return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "Successfully added: '"+addedFunctions+"' functions", "Success"); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, + "Successfully added: '" + addedFunctions + "' functions", "Success"); } @ApiOperation(value = "Bulk upload roles for an partner application.", response = PortalRestResponse.class, responseContainer = "Json") @RequestMapping(value = { "/upload/partner/roles" }, method = RequestMethod.POST, produces = "application/json") - public PortalRestResponse<String> bulkUploadPartnerRoles(HttpServletRequest request, HttpServletResponse response, @RequestBody List<Role> upload) throws Exception { + public PortalRestResponse<String> bulkUploadPartnerRoles(HttpServletRequest request, HttpServletResponse response, @RequestBody List<Role> upload) { try { externalAccessRolesService.bulkUploadPartnerRoles(request.getHeader(UEBKEY), upload); } catch (Exception e) { response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadRoles failed", e); - return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadRoles", "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadRoles", "Failed"); } - return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "Successfully added", "Success"); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, "Successfully added", "Success"); } @ApiOperation(value = "Bulk upload role functions for an partner application.", response = PortalRestResponse.class, responseContainer = "Json") @RequestMapping(value = { "/upload/partner/roleFunctions" }, method = RequestMethod.POST, produces = "application/json") - public PortalRestResponse<String> bulkUploadPartnerRoleFunctions(HttpServletRequest request, HttpServletResponse response) throws Exception { + public PortalRestResponse<String> bulkUploadPartnerRoleFunctions(HttpServletRequest request, HttpServletResponse response) { Integer addedRoleFunctions = 0; try { addedRoleFunctions = externalAccessRolesService.bulkUploadPartnerRoleFunctions(request.getHeader(UEBKEY)); } catch (Exception e) { response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadPartnerRoleFunctions failed", e); - return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadPartnerRoleFunctions", "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadPartnerRoleFunctions", + "Failed"); } - return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "Successfully added: '"+addedRoleFunctions + "' role functions", "Success"); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, + "Successfully added: '" + addedRoleFunctions + "' role functions", "Success"); } @ApiOperation(value = "Gets all functions along with global functions", response = List.class, responseContainer = "Json") @@ -856,6 +889,10 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl @RequestMapping(value = { "/v2/user/{loginId}" }, method = RequestMethod.GET, produces = "application/json") public String getEcompUser(HttpServletRequest request, HttpServletResponse response, @PathVariable("loginId") String loginId) throws Exception { + if(!DATA_VALIDATOR.isValid(new SecureString(loginId))){ + sendErrorResponse(response, new Exception("getEcompUser failed")); + logger.error(EELFLoggerDelegate.errorLogger, "getEcompUser failed", new Exception("getEcompUser failed")); + } EcompUser user = new EcompUser(); ObjectMapper mapper = new ObjectMapper(); String answer = null; @@ -868,7 +905,7 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl user = UserUtils.convertToEcompUser(ecompUser); List<EcompRole> missingRolesOfUser = externalAccessRolesService.missingUserApplicationRoles(request.getHeader(UEBKEY), loginId, user.getRoles()); if (missingRolesOfUser.size() > 0) { - Set<EcompRole> roles = new TreeSet<EcompRole>(missingRolesOfUser); + Set<EcompRole> roles = new TreeSet<>(missingRolesOfUser); user.getRoles().addAll(roles); } } diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/RolesController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/RolesController.java index c976629a..a319c6b3 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/RolesController.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/RolesController.java @@ -79,7 +79,7 @@ public class RolesController implements BasicAuthenticationController { private ExternalAccessRolesService externalAccessRolesService; @Autowired - ExternalAccessRolesController externalAccessRolesController = new ExternalAccessRolesController(); + ExternalAccessRolesController externalAccessRolesController; @ApiOperation(value = "Gets roles for an application which is upgraded to newer version.", response = CentralV2Role.class, responseContainer = "Json") diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AuxApiRequestMapperControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AuxApiRequestMapperControllerTest.java index 5f49c744..8ef2d32a 100644 --- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AuxApiRequestMapperControllerTest.java +++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AuxApiRequestMapperControllerTest.java @@ -466,11 +466,11 @@ public class AuxApiRequestMapperControllerTest { PowerMockito.mockStatic(AopUtils.class); Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false); Mockito.when(mockedRequest.getMethod()).thenReturn("POST"); - PortalRestResponse res = new PortalRestResponse(); - res.setStatus(PortalRestStatusEnum.ERROR); - res.setMessage("Failed to bulkUploadFunctions"); - res.setResponse("Failed"); - assertEquals(res, auxApiRequestMapperController.bulkUploadFunctions(mockedRequest, mockedResponse)); + PortalRestResponse expected = new PortalRestResponse(); + expected.setStatus(PortalRestStatusEnum.ERROR); + expected.setMessage("Failed to bulkUploadFunctions"); + expected.setResponse("Failed"); + assertEquals(expected, auxApiRequestMapperController.bulkUploadFunctions(mockedRequest, mockedResponse)); } @Test @@ -483,11 +483,13 @@ public class AuxApiRequestMapperControllerTest { PowerMockito.mockStatic(AopUtils.class); Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false); Mockito.when(mockedRequest.getMethod()).thenReturn("POST"); - PortalRestResponse res = new PortalRestResponse(); - res.setStatus(PortalRestStatusEnum.ERROR); - res.setMessage("Failed to bulkUploadRoles"); - res.setResponse("Failed"); - assertEquals(res, auxApiRequestMapperController.bulkUploadRoles(mockedRequest, mockedResponse)); + PortalRestResponse expected = new PortalRestResponse(); + expected.setStatus(PortalRestStatusEnum.ERROR); + expected.setMessage("Failed to bulkUploadRoles"); + expected.setResponse("Failed"); + PortalRestResponse actual = auxApiRequestMapperController.bulkUploadRoles(mockedRequest, mockedResponse); + System.out.println(actual.toString()); + assertEquals(expected, actual); } @Test @@ -500,11 +502,11 @@ public class AuxApiRequestMapperControllerTest { PowerMockito.mockStatic(AopUtils.class); Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false); Mockito.when(mockedRequest.getMethod()).thenReturn("POST"); - PortalRestResponse res = new PortalRestResponse(); - res.setStatus(PortalRestStatusEnum.ERROR); - res.setMessage("Failed to bulkUploadRoleFunctions"); - res.setResponse("Failed"); - assertEquals(res, auxApiRequestMapperController.bulkUploadRoleFunctions(mockedRequest, mockedResponse)); + PortalRestResponse expected = new PortalRestResponse(); + expected.setStatus(PortalRestStatusEnum.ERROR); + expected.setMessage("Failed to bulkUploadRoleFunctions"); + expected.setResponse("Failed"); + assertEquals(expected, auxApiRequestMapperController.bulkUploadRoleFunctions(mockedRequest, mockedResponse)); } @Test @@ -517,11 +519,11 @@ public class AuxApiRequestMapperControllerTest { PowerMockito.mockStatic(AopUtils.class); Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false); Mockito.when(mockedRequest.getMethod()).thenReturn("POST"); - PortalRestResponse res = new PortalRestResponse(); - res.setStatus(PortalRestStatusEnum.ERROR); - res.setMessage("Failed to bulkUploadUserRoles"); - res.setResponse("Failed"); - assertEquals(res, auxApiRequestMapperController.bulkUploadUserRoles(mockedRequest, mockedResponse)); + PortalRestResponse expected = new PortalRestResponse(); + expected.setStatus(PortalRestStatusEnum.ERROR); + expected.setMessage("Failed to bulkUploadUserRoles"); + expected.setResponse("Failed"); + assertEquals(expected, auxApiRequestMapperController.bulkUploadUserRoles(mockedRequest, mockedResponse)); } @Test @@ -534,11 +536,11 @@ public class AuxApiRequestMapperControllerTest { PowerMockito.mockStatic(AopUtils.class); Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false); Mockito.when(mockedRequest.getMethod()).thenReturn("POST"); - PortalRestResponse res = new PortalRestResponse(); - res.setStatus(PortalRestStatusEnum.ERROR); - res.setMessage("Failed to bulkUploadUsersSingleRole"); - res.setResponse("Failed"); - assertEquals(res, + PortalRestResponse expected = new PortalRestResponse(); + expected.setStatus(PortalRestStatusEnum.ERROR); + expected.setMessage("Failed to bulkUploadUsersSingleRole"); + expected.setResponse("Failed"); + assertEquals(expected, auxApiRequestMapperController.bulkUploadUsersSingleRole(mockedRequest, mockedResponse, (long) 1)); } @@ -552,11 +554,11 @@ public class AuxApiRequestMapperControllerTest { PowerMockito.mockStatic(AopUtils.class); Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false); Mockito.when(mockedRequest.getMethod()).thenReturn("POST"); - PortalRestResponse res = new PortalRestResponse(); - res.setStatus(PortalRestStatusEnum.ERROR); - res.setMessage("Failed to bulkUploadPartnerRoleFunctions"); - res.setResponse("Failed"); - assertEquals(res, auxApiRequestMapperController.bulkUploadPartnerFunctions(mockedRequest, mockedResponse)); + PortalRestResponse expected = new PortalRestResponse(); + expected.setStatus(PortalRestStatusEnum.ERROR); + expected.setMessage("Failed to bulkUploadPartnerRoleFunctions"); + expected.setResponse("Failed"); + assertEquals(expected, auxApiRequestMapperController.bulkUploadPartnerFunctions(mockedRequest, mockedResponse)); } @Test @@ -570,11 +572,11 @@ public class AuxApiRequestMapperControllerTest { Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false); Mockito.when(mockedRequest.getMethod()).thenReturn("POST"); List<Role> upload = new ArrayList<>(); - PortalRestResponse res = new PortalRestResponse(); - res.setStatus(PortalRestStatusEnum.ERROR); - res.setMessage("Failed to bulkUploadRoles"); - res.setResponse("Failed"); - assertEquals(res, auxApiRequestMapperController.bulkUploadPartnerRoles(mockedRequest, mockedResponse, upload)); + PortalRestResponse expected = new PortalRestResponse(); + expected.setStatus(PortalRestStatusEnum.ERROR); + expected.setMessage("Failed to bulkUploadRoles"); + expected.setResponse("Failed"); + assertEquals(expected, auxApiRequestMapperController.bulkUploadPartnerRoles(mockedRequest, mockedResponse, upload)); } @Test @@ -587,11 +589,11 @@ public class AuxApiRequestMapperControllerTest { PowerMockito.mockStatic(AopUtils.class); Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false); Mockito.when(mockedRequest.getMethod()).thenReturn("POST"); - PortalRestResponse res = new PortalRestResponse(); - res.setStatus(PortalRestStatusEnum.ERROR); - res.setMessage("Failed to bulkUploadPartnerRoleFunctions"); - res.setResponse("Failed"); - assertEquals(res, auxApiRequestMapperController.bulkUploadPartnerRoleFunctions(mockedRequest, mockedResponse)); + PortalRestResponse expected = new PortalRestResponse(); + expected.setStatus(PortalRestStatusEnum.ERROR); + expected.setMessage("Failed to bulkUploadPartnerRoleFunctions"); + expected.setResponse("Failed"); + assertEquals(expected, auxApiRequestMapperController.bulkUploadPartnerRoleFunctions(mockedRequest, mockedResponse)); } @Test diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/ExternalAccessRolesControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/ExternalAccessRolesControllerTest.java index b476a72d..3373ef92 100644 --- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/ExternalAccessRolesControllerTest.java +++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/ExternalAccessRolesControllerTest.java @@ -103,7 +103,7 @@ public class ExternalAccessRolesControllerTest { @Mock ExternalAccessRolesService externalAccessRolesService = new ExternalAccessRolesServiceImpl(); @InjectMocks - ExternalAccessRolesController externalAccessRolesController = new ExternalAccessRolesController(); + ExternalAccessRolesController externalAccessRolesController; @Mock UserService userservice = new UserServiceCentalizedImpl(); @Mock @@ -186,6 +186,18 @@ public class ExternalAccessRolesControllerTest { } @Test + public void getUserXSSTest() throws Exception { + String loginId = "<script ~~~>alert(0%0)</script ~~~>"; + String expected = getXSSKeyJson(); + StringWriter sw = new StringWriter(); + PrintWriter writer = new PrintWriter(sw); + Mockito.when(mockedResponse.getWriter()).thenReturn(writer); + externalAccessRolesController.getUser(mockedRequest, mockedResponse, loginId); + String actual = sw.getBuffer().toString().trim(); + assertEquals(expected, actual); + } + + @Test public void getV2UserListTest() throws Exception { String expectedCentralUser = "test"; String loginId = "test"; @@ -223,8 +235,8 @@ public class ExternalAccessRolesControllerTest { @Test public void getRolesForAppCentralRoleTest() throws Exception { - List<CentralRole> expectedCentralRoleList = new ArrayList<CentralRole>(); - List<EPApp> applicationList = new ArrayList<EPApp>(); + List<CentralRole> expectedCentralRoleList = new ArrayList<>(); + List<EPApp> applicationList = new ArrayList<>(); List<CentralV2Role> centralV2RoleList = new ArrayList<>(); List<CentralRole> centralRoleList = new ArrayList<>(); EPApp app = mockApp(); @@ -246,7 +258,7 @@ public class ExternalAccessRolesControllerTest { @Test(expected = NullPointerException.class) public void getRolesForAppCentralRoleExceptionTest() throws Exception { - List<EPApp> applicationList = new ArrayList<EPApp>(); + List<EPApp> applicationList = new ArrayList<>(); List<CentralV2Role> centralV2RoleList = new ArrayList<>(); List<CentralRole> centralRoleList = new ArrayList<>(); EPApp app = mockApp(); @@ -268,8 +280,8 @@ public class ExternalAccessRolesControllerTest { @Test public void getV2RolesForAppTest() throws Exception { - List<CentralRole> expectedCentralRoleList = new ArrayList<CentralRole>(); - List<EPApp> applicationList = new ArrayList<EPApp>(); + List<CentralRole> expectedCentralRoleList = new ArrayList<>(); + List<EPApp> applicationList = new ArrayList<>(); List<CentralV2Role> centralV2Role = new ArrayList<>(); EPApp app = mockApp(); app.setCentralAuth(true); @@ -288,8 +300,8 @@ public class ExternalAccessRolesControllerTest { @Test(expected = NullPointerException.class) public void getV2RolesForAppExceptionTest() throws Exception { - List<CentralRole> expectedCentralRoleList = new ArrayList<CentralRole>(); - List<EPApp> applicationList = new ArrayList<EPApp>(); + List<CentralRole> expectedCentralRoleList = new ArrayList<>(); + List<EPApp> applicationList = new ArrayList<>(); List<CentralV2Role> centralV2Role = new ArrayList<>(); EPApp app = mockApp(); app.setCentralAuth(true); @@ -308,7 +320,7 @@ public class ExternalAccessRolesControllerTest { @Test(expected = NullPointerException.class) public void getRolesForAppTest() throws Exception { - List<EPApp> applicationList = new ArrayList<EPApp>(); + List<EPApp> applicationList = new ArrayList<>(); List<CentralV2Role> answer = new ArrayList<>(); EPApp app = mockApp(); applicationList.add(app); @@ -320,7 +332,7 @@ public class ExternalAccessRolesControllerTest { @Test(expected = NullPointerException.class) public void getRolesForAppExceptionTest() throws Exception { - List<EPApp> applicationList = new ArrayList<EPApp>(); + List<EPApp> applicationList = new ArrayList<>(); EPApp app = mockApp(); applicationList.add(app); Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList); @@ -332,9 +344,9 @@ public class ExternalAccessRolesControllerTest { @Test public void getRoleFunctionsListTest() throws Exception { - List<CentralRole> expectedCentralRoleList = new ArrayList<CentralRole>(); - List<CentralRoleFunction> roleFuncList = new ArrayList<CentralRoleFunction>(); - List<EPApp> applicationList = new ArrayList<EPApp>(); + List<CentralRole> expectedCentralRoleList = new ArrayList<>(); + List<CentralRoleFunction> roleFuncList = new ArrayList<>(); + List<EPApp> applicationList = new ArrayList<>(); List<CentralV2RoleFunction> centralV2RoleFunction = new ArrayList<>(); EPApp app = mockApp(); app.setCentralAuth(true); @@ -366,8 +378,8 @@ public class ExternalAccessRolesControllerTest { @Test public void getV2RoleFunctionsListTest() throws Exception { - List<CentralV2RoleFunction> expectedCentralV2RoleFunctionList = new ArrayList<CentralV2RoleFunction>(); - List<EPApp> applicationList = new ArrayList<EPApp>(); + List<CentralV2RoleFunction> expectedCentralV2RoleFunctionList = new ArrayList<>(); + List<EPApp> applicationList = new ArrayList<>(); List<CentralV2RoleFunction> centralV2RoleFunction = new ArrayList<>(); EPApp app = mockApp(); app.setCentralAuth(true); @@ -398,7 +410,7 @@ public class ExternalAccessRolesControllerTest { @Test public void getRoleInfoValidationTest() throws Exception { CentralRole expectedCentralRole = null; - List<EPApp> applicationList = new ArrayList<EPApp>(); + List<EPApp> applicationList = new ArrayList<>(); long roleId = 1; CentralV2Role centralV2Role = new CentralV2Role(); EPApp app = mockApp(); @@ -446,7 +458,7 @@ public class ExternalAccessRolesControllerTest { public void getV2RoleInfoValidationTest() throws Exception { CentralV2Role expectedCentralRole = new CentralV2Role(); expectedCentralRole.setActive(false); - List<EPApp> applicationList = new ArrayList<EPApp>(); + List<EPApp> applicationList = new ArrayList<>(); long roleId = 1; CentralV2Role centralV2Role = new CentralV2Role(); EPApp app = mockApp(); @@ -491,10 +503,10 @@ public class ExternalAccessRolesControllerTest { } @Test - public void getV2RoleFunctionTest() throws HttpClientErrorException, Exception { + public void getV2RoleFunctionTest() throws Exception { CentralV2RoleFunction expectedCentralV2RoleFunction = new CentralV2RoleFunction(); expectedCentralV2RoleFunction.setCode("test"); - List<EPApp> applicationList = new ArrayList<EPApp>(); + List<EPApp> applicationList = new ArrayList<>(); String code = "test"; CentralV2RoleFunction centralV2RoleFunction = new CentralV2RoleFunction(); centralV2RoleFunction.setCode("test"); @@ -512,10 +524,11 @@ public class ExternalAccessRolesControllerTest { assertEquals(actualCentralV2RoleFunction.getCode(), expectedCentralV2RoleFunction.getCode()); } + @Test - public void getV2RoleFunctionNullCheckTest() throws HttpClientErrorException, Exception { + public void getV2RoleFunctionNullCheckTest() throws Exception { CentralV2RoleFunction expectedCentralV2RoleFunction = new CentralV2RoleFunction(); - List<EPApp> applicationList = new ArrayList<EPApp>(); + List<EPApp> applicationList = new ArrayList<>(); String code = "test"; CentralV2RoleFunction centralV2RoleFunction = null; EPApp app = mockApp(); @@ -586,13 +599,40 @@ public class ExternalAccessRolesControllerTest { } @Test + public void getRoleFunctionXSSTest() throws Exception { + String expected = getXSSKeyJson(); + EPApp mockApp = mockApp(); + mockApp.setCentralAuth(true); + List<EPApp> mockAppList = new ArrayList<>(); + mockAppList.add(mockApp); + StringWriter sw = new StringWriter(); + PrintWriter writer = new PrintWriter(sw); + Mockito.when(mockedResponse.getWriter()).thenReturn(writer); + CentralV2RoleFunction roleFunction1 = new CentralV2RoleFunction(); + CentralRoleFunction roleFunction2 = new CentralRoleFunction(); + roleFunction1.setCode("test2"); + String code = "<script>alert(‘XSS’)</script>"; + Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(uebKey); + Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader("uebkey"))).thenReturn(mockAppList); + ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.FOUND); + Mockito.when(externalAccessRolesService.getNameSpaceIfExists(mockAppList.get(0))).thenReturn(response); + Mockito.when(externalAccessRolesService.getRoleFunction(code, mockedRequest.getHeader("uebkey"))) + .thenReturn(roleFunction1); + CentralRoleFunction returnedValue = externalAccessRolesController.getRoleFunction(mockedRequest, mockedResponse, + code); + assertEquals(returnedValue, roleFunction2); + String result = sw.getBuffer().toString().trim(); + assertEquals(expected, result); + } + + @Test public void saveRoleFunctionIfIsNotDeletedTest() throws Exception { - List<EPApp> applicationList = new ArrayList<EPApp>(); + List<EPApp> applicationList = new ArrayList<>(); EPApp app = mockApp(); applicationList.add(app); Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList); PortalRestResponse<String> portalRestResponse = null; - PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); expectedportalRestResponse.setMessage(null); expectedportalRestResponse.setResponse("Failed"); expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR); @@ -609,13 +649,13 @@ public class ExternalAccessRolesControllerTest { @Test public void saveRoleFunctionExceptionTest() throws Exception { - List<EPApp> applicationList = new ArrayList<EPApp>(); + List<EPApp> applicationList = new ArrayList<>(); EPApp app = mockApp(); app.setCentralAuth(true); applicationList.add(app); Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList); PortalRestResponse<String> portalRestResponse = null; - PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); expectedportalRestResponse.setMessage(null); expectedportalRestResponse.setResponse("Failed"); expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR); @@ -627,10 +667,9 @@ public class ExternalAccessRolesControllerTest { assertEquals(portalRestResponse, expectedportalRestResponse); } - @SuppressWarnings("static-access") @Test public void saveRoleFunctionTest() throws Exception { - List<EPApp> applicationList = new ArrayList<EPApp>(); + List<EPApp> applicationList = new ArrayList<>(); EPUser user = mockUser.mockEPUser(); List<EPUser> userList = new ArrayList<>(); userList.add(user); @@ -648,7 +687,7 @@ public class ExternalAccessRolesControllerTest { saveRoleFunc.setAppId(app.getId()); Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList); PortalRestResponse<String> portalRestResponse = null; - PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); expectedportalRestResponse.setMessage("Successfully saved!"); expectedportalRestResponse.setResponse("Success"); expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK); @@ -670,13 +709,54 @@ public class ExternalAccessRolesControllerTest { } @Test + public void saveRoleFunctionXSSTest() throws Exception { + List<EPApp> applicationList = new ArrayList<>(); + EPUser user = mockUser.mockEPUser(); + List<EPUser> userList = new ArrayList<>(); + userList.add(user); + EPApp app = mockApp(); + app.setCentralAuth(true); + applicationList.add(app); + JSONObject roleFunc = new JSONObject(); + roleFunc.put("type", "<script>alert(“XSS”)</script> "); + roleFunc.put("code", "test_instance"); + roleFunc.put("action", "test_action"); + roleFunc.put("name", "test_name"); + ObjectMapper mapper = new ObjectMapper(); + mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false); + CentralV2RoleFunction saveRoleFunc = mapper.readValue(roleFunc.toString(), CentralV2RoleFunction.class); + saveRoleFunc.setAppId(app.getId()); + Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList); + PortalRestResponse<String> portalRestResponse = null; + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); + expectedportalRestResponse.setMessage("Failed to roleFunc, not valid data."); + expectedportalRestResponse.setResponse("Failed"); + expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR); + Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(uebKey); + Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader("uebkey"))).thenReturn(applicationList); + ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.FOUND); + Mockito.when(externalAccessRolesService.getNameSpaceIfExists(applicationList.get(0))).thenReturn(response); + Mockito.when(externalAccessRolesService.getRoleFunction("test_type|test_instance|test_action", app.getUebKey())) + .thenReturn(null); + Mockito.when(externalAccessRolesService.saveCentralRoleFunction(Matchers.any(CentralV2RoleFunction.class), + Matchers.any(EPApp.class))).thenReturn(true); + Mockito.when(externalAccessRolesService.getUser(mockedRequest.getHeader(Matchers.anyString()))) + .thenReturn(userList); + Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(Matchers.anyString()))) + .thenReturn(applicationList); + portalRestResponse = externalAccessRolesController.saveRoleFunction(mockedRequest, mockedResponse, + roleFunc.toString()); + assertEquals(expectedportalRestResponse, portalRestResponse); + } + + @Test public void deleteRoleFunctionTest() throws Exception { PowerMockito.mockStatic(EcompPortalUtils.class); PowerMockito.mockStatic(SystemProperties.class); PowerMockito.mockStatic(EPCommonSystemProperties.class); PowerMockito.mockStatic(PortalConstants.class); PortalRestResponse<String> portalRestResponse = null; - PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); expectedportalRestResponse.setMessage("Successfully Deleted"); expectedportalRestResponse.setResponse("Success"); EPUser user = mockUser.mockEPUser(); @@ -700,6 +780,36 @@ public class ExternalAccessRolesControllerTest { } @Test + public void deleteRoleFunctionXSSTest() throws Exception { + PowerMockito.mockStatic(EcompPortalUtils.class); + PowerMockito.mockStatic(SystemProperties.class); + PowerMockito.mockStatic(EPCommonSystemProperties.class); + PowerMockito.mockStatic(PortalConstants.class); + PortalRestResponse<String> portalRestResponse = null; + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); + expectedportalRestResponse.setMessage("Failed to deleteRoleFunction, not valid data."); + expectedportalRestResponse.setResponse("Failed"); + expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR); + EPUser user = mockUser.mockEPUser(); + List<EPUser> userList = new ArrayList<>(); + userList.add(user); + EPApp app = mockApp(); + app.setCentralAuth(true); + List<EPApp> appList = new ArrayList<>(); + appList.add(app); + String code = "<script>alert(‘XSS’)</script>"; + Mockito.when(mockedRequest.getHeader("LoginId")).thenReturn("guestT"); + Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(uebKey); + Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader("uebkey"))).thenReturn(appList); + ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.FOUND); + Mockito.when(externalAccessRolesService.getNameSpaceIfExists(appList.get(0))).thenReturn(response); + Mockito.when(externalAccessRolesService.getUser(mockedRequest.getHeader("LoginId"))).thenReturn(userList); + Mockito.when(externalAccessRolesService.deleteCentralRoleFunction(code, app)).thenReturn(true); + portalRestResponse = externalAccessRolesController.deleteRoleFunction(mockedRequest, mockedResponse, code); + assertEquals(portalRestResponse, expectedportalRestResponse); + } + + @Test public void getActiveRolesTest() throws Exception { String reason = getInvalidKeyJson(); StringWriter sw = new StringWriter(); @@ -717,9 +827,9 @@ public class ExternalAccessRolesControllerTest { List<CentralRole> expectedRolesList = null; EPApp app = mockApp(); app.setCentralAuth(true); - List<EPApp> appList = new ArrayList<EPApp>(); + List<EPApp> appList = new ArrayList<>(); appList.add(app); - List<CentralV2Role> cenRoles = new ArrayList<CentralV2Role>(); + List<CentralV2Role> cenRoles = new ArrayList<>(); Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(uebKey); Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader("uebkey"))).thenReturn(appList); ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.FOUND); @@ -757,10 +867,19 @@ public class ExternalAccessRolesControllerTest { return reason; } + private String getXSSKeyJson() throws JsonProcessingException { + final Map<String, String> uebkeyResponse = new HashMap<>(); + String reason = ""; + ObjectMapper mapper = new ObjectMapper(); + uebkeyResponse.put("error", "Data is not valid"); + reason = mapper.writeValueAsString(uebkeyResponse); + return reason; + } + @Test - public void deleteDependcyRoleRecordExceptionTest() throws Exception { + public void deleteDependcyRoleRecordExceptionTest() { PortalRestResponse<String> portalRestResponse = null; - PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); expectedportalRestResponse.setMessage("Invalid credentials!"); expectedportalRestResponse.setResponse("Failed"); expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR); @@ -776,7 +895,7 @@ public class ExternalAccessRolesControllerTest { Mockito.when(externalAccessRolesService.bulkUploadFunctions(mockedRequest.getHeader(uebKey))) .thenReturn(result); PortalRestResponse<String> portalRestResponse = null; - PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); expectedportalRestResponse.setMessage("Successfully added: 0"); expectedportalRestResponse.setResponse("Success"); expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK); @@ -789,7 +908,7 @@ public class ExternalAccessRolesControllerTest { Mockito.when(externalAccessRolesService.bulkUploadFunctions(mockedRequest.getHeader(uebKey))) .thenThrow(httpClientErrorException); PortalRestResponse<String> portalRestResponse = null; - PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); expectedportalRestResponse.setMessage("Failed to bulkUploadFunctions"); expectedportalRestResponse.setResponse("Failed"); expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR); @@ -801,7 +920,7 @@ public class ExternalAccessRolesControllerTest { public void bulkUploadRolesTest() throws Exception { Integer result = 0; PortalRestResponse<String> portalRestResponse = null; - PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); expectedportalRestResponse.setMessage("Successfully added: 0"); expectedportalRestResponse.setResponse("Success"); expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK); @@ -815,7 +934,7 @@ public class ExternalAccessRolesControllerTest { Mockito.when(externalAccessRolesService.bulkUploadRoles(mockedRequest.getHeader(uebKey))) .thenThrow(httpClientErrorException); PortalRestResponse<String> portalRestResponse = null; - PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); expectedportalRestResponse.setMessage("Failed to bulkUploadRoles"); expectedportalRestResponse.setResponse("Failed"); expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR); @@ -827,7 +946,7 @@ public class ExternalAccessRolesControllerTest { public void bulkUploadRoleFunctionsTest() throws Exception { Integer result = 0; PortalRestResponse<String> portalRestResponse = null; - PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); expectedportalRestResponse.setMessage("Successfully added: 0"); expectedportalRestResponse.setResponse("Success"); expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK); @@ -842,7 +961,7 @@ public class ExternalAccessRolesControllerTest { Mockito.when(externalAccessRolesService.bulkUploadRolesFunctions(mockedRequest.getHeader(uebKey))) .thenThrow(httpClientErrorException); PortalRestResponse<String> portalRestResponse = null; - PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); expectedportalRestResponse.setMessage("Failed to bulkUploadRoleFunctions"); expectedportalRestResponse.setResponse("Failed"); expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR); @@ -854,7 +973,7 @@ public class ExternalAccessRolesControllerTest { public void bulkUploadUserRolesTest() throws Exception { Integer result = 0; PortalRestResponse<String> portalRestResponse = null; - PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); expectedportalRestResponse.setMessage("Successfully added: 0"); expectedportalRestResponse.setResponse("Success"); expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK); @@ -869,7 +988,7 @@ public class ExternalAccessRolesControllerTest { Mockito.when(externalAccessRolesService.bulkUploadUserRoles(mockedRequest.getHeader(uebKey))) .thenThrow(httpClientErrorException); PortalRestResponse<String> portalRestResponse = null; - PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); expectedportalRestResponse.setMessage("Failed to bulkUploadUserRoles"); expectedportalRestResponse.setResponse("Failed"); expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR); @@ -878,9 +997,9 @@ public class ExternalAccessRolesControllerTest { } @Test - public void bulkUploadPartnerFunctionsTest() throws Exception { + public void bulkUploadPartnerFunctionsTest() { PortalRestResponse<String> portalRestResponse = null; - PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); expectedportalRestResponse.setMessage("Successfully added: '0' functions"); expectedportalRestResponse.setResponse("Success"); expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK); @@ -889,9 +1008,9 @@ public class ExternalAccessRolesControllerTest { } @Test - public void bulkUploadPartnerRolesTest() throws Exception { + public void bulkUploadPartnerRolesTest() { PortalRestResponse<String> portalRestResponse = null; - PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); expectedportalRestResponse.setMessage("Successfully added"); expectedportalRestResponse.setResponse("Success"); expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK); @@ -902,9 +1021,9 @@ public class ExternalAccessRolesControllerTest { } @Test - public void bulkUploadPartnerRolesExceptionTest() throws Exception { + public void bulkUploadPartnerRolesExceptionTest() { PortalRestResponse<String> portalRestResponse = null; - PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); expectedportalRestResponse.setMessage("Successfully added"); expectedportalRestResponse.setResponse("Success"); expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK); @@ -942,10 +1061,10 @@ public class ExternalAccessRolesControllerTest { } @Test - public void saveRoleExceptionTest() throws Exception { + public void saveRoleExceptionTest() { Role role = new Role(); PortalRestResponse<String> portalRestResponse = null; - PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); expectedportalRestResponse.setMessage("Invalid credentials!"); expectedportalRestResponse.setResponse("Failed"); expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR); @@ -954,10 +1073,10 @@ public class ExternalAccessRolesControllerTest { } @Test - public void deleteRoleExceptionTest() throws Exception { + public void deleteRoleExceptionTest() { String role = "TestNew"; PortalRestResponse<String> portalRestResponse = null; - PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); expectedportalRestResponse.setMessage("Invalid credentials!"); expectedportalRestResponse.setResponse("Failed"); expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR); @@ -966,9 +1085,9 @@ public class ExternalAccessRolesControllerTest { } @Test - public void bulkUploadPartnerRoleFunctionsTest() throws Exception { + public void bulkUploadPartnerRoleFunctionsTest() { PortalRestResponse<String> portalRestResponse = null; - PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); expectedportalRestResponse.setMessage("Successfully added: '0' role functions"); expectedportalRestResponse.setResponse("Success"); expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK); @@ -986,7 +1105,7 @@ public class ExternalAccessRolesControllerTest { StringWriter sw = new StringWriter(); PrintWriter writer = new PrintWriter(sw); Mockito.when(mockedResponse.getWriter()).thenReturn(writer); - List<EPApp> applicationList = new ArrayList<EPApp>(); + List<EPApp> applicationList = new ArrayList<>(); EPApp app = mockApp(); app.setCentralAuth(true); applicationList.add(app); @@ -1012,7 +1131,7 @@ public class ExternalAccessRolesControllerTest { @Test(expected = NullPointerException.class) public void deleteRoleV2Test() throws Exception { - List<EPApp> applicationList = new ArrayList<EPApp>(); + List<EPApp> applicationList = new ArrayList<>(); EPApp app = mockApp(); applicationList.add(app); Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList); @@ -1020,7 +1139,7 @@ public class ExternalAccessRolesControllerTest { "Success"); Mockito.when(externalAccessRolesService.deleteDependencyRoleRecord(Matchers.anyLong(), Matchers.anyString(), Matchers.anyString())).thenReturn(externalRequestFieldsValidator); - PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); expectedportalRestResponse.setMessage("Successfully Deleted"); expectedportalRestResponse.setResponse("Success"); expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK); @@ -1031,12 +1150,12 @@ public class ExternalAccessRolesControllerTest { @Test public void deleteRoleV2InvalidUebKeyTest() throws Exception { - List<EPApp> applicationList = new ArrayList<EPApp>(); + List<EPApp> applicationList = new ArrayList<>(); EPApp app = mockApp(); applicationList.add(app); Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))) .thenThrow(new Exception("Invalid credentials!")); - PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); expectedportalRestResponse.setMessage("Invalid credentials!"); expectedportalRestResponse.setResponse("Failed"); expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR); @@ -1047,12 +1166,12 @@ public class ExternalAccessRolesControllerTest { @Test public void deleteRoleV2InvalidUebKeyWithDiffErrorTest() throws Exception { - List<EPApp> applicationList = new ArrayList<EPApp>(); + List<EPApp> applicationList = new ArrayList<>(); EPApp app = mockApp(); applicationList.add(app); Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))) .thenThrow(new Exception("test")); - PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); expectedportalRestResponse.setMessage("test"); expectedportalRestResponse.setResponse("Failed"); expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR); @@ -1063,7 +1182,7 @@ public class ExternalAccessRolesControllerTest { @Test(expected = NullPointerException.class) public void deleteRoleV2ExceptionTest() throws Exception { - List<EPApp> applicationList = new ArrayList<EPApp>(); + List<EPApp> applicationList = new ArrayList<>(); EPApp app = mockApp(); applicationList.add(app); Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList); @@ -1071,7 +1190,7 @@ public class ExternalAccessRolesControllerTest { "failed"); Mockito.when(externalAccessRolesService.deleteDependencyRoleRecord(Matchers.anyLong(), Matchers.anyString(), Matchers.anyString())).thenReturn(externalRequestFieldsValidator); - PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); expectedportalRestResponse.setMessage("Failed to deleteRole"); expectedportalRestResponse.setResponse("Failed"); expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR); @@ -1082,7 +1201,7 @@ public class ExternalAccessRolesControllerTest { @Test public void getEpUserNullTest() throws Exception { - List<EPApp> applicationList = new ArrayList<EPApp>(); + List<EPApp> applicationList = new ArrayList<>(); EPApp app = mockApp(); app.setUebKey("uebKey"); app.setCentralAuth(true); @@ -1095,7 +1214,7 @@ public class ExternalAccessRolesControllerTest { @Test public void getEpUserTest() throws Exception { - List<EPApp> applicationList = new ArrayList<EPApp>(); + List<EPApp> applicationList = new ArrayList<>(); EPApp app = mockApp(); app.setUebKey("uebKey"); app.setCentralAuth(true); @@ -1103,7 +1222,7 @@ public class ExternalAccessRolesControllerTest { Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList); ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.OK); Mockito.when(externalAccessRolesService.getNameSpaceIfExists(app)).thenReturn(response); - String user = "{\"id\":null,\"created\":null,\"modified\":null,\"createdId\":null,\"modifiedId\":null,\"rowNum\":null,\"auditUserId\":null,\"auditTrail\":null,\"orgId\":null,\"managerId\":null,\"firstName\":\"test\",\"middleInitial\":null,\"lastName\":null,\"phone\":null,\"fax\":null,\"cellular\":null,\"email\":null,\"addressId\":null,\"alertMethodCd\":null,\"hrid\":null,\"orgUserId\":null,\"orgCode\":null,\"address1\":null,\"address2\":null,\"city\":null,\"state\":null,\"zipCode\":null,\"country\":null,\"orgManagerUserId\":null,\"locationClli\":null,\"businessCountryCode\":null,\"businessCountryName\":null,\"businessUnit\":null,\"businessUnitName\":null,\"department\":null,\"departmentName\":null,\"companyCode\":null,\"company\":null,\"zipCodeSuffix\":null,\"jobTitle\":null,\"commandChain\":null,\"siloStatus\":null,\"costCenter\":null,\"financialLocCode\":null,\"loginId\":null,\"loginPwd\":null,\"lastLoginDate\":null,\"active\":false,\"internal\":false,\"selectedProfileId\":null,\"timeZoneId\":null,\"online\":false,\"chatId\":null,\"userApps\":[],\"pseudoRoles\":[],\"defaultUserApp\":null,\"roles\":[],\"fullName\":\"test null\"}"; + String user = "{\"id\":null,\"created\":null,\"modified\":null,\"createdId\":null,\"modifiedId\":null,\"rowNum\":null,\"auditUserId\":null,\"auditTrail\":null,\"orgId\":null,\"managerId\":null,\"firstName\":\"test\",\"middleInitial\":null,\"lastName\":null,\"phone\":null,\"fax\":null,\"cellular\":null,\"email\":null,\"addressId\":null,\"alertMethodCd\":null,\"hrid\":null,\"orgUserId\":null,\"orgCode\":null,\"address1\":null,\"address2\":null,\"city\":null,\"state\":null,\"zipCode\":null,\"country\":null,\"orgManagerUserId\":null,\"locationClli\":null,\"businessCountryCode\":null,\"businessCountryName\":null,\"businessUnit\":null,\"businessUnitName\":null,\"department\":null,\"departmentName\":null,\"companyCode\":null,\"company\":null,\"zipCodeSuffix\":null,\"jobTitle\":null,\"commandChain\":null,\"siloStatus\":null,\"costCenter\":null,\"financialLocCode\":null,\"loginId\":null,\"loginPwd\":null,\"lastLoginDate\":null,\"active\":false,\"internal\":false,\"selectedProfileId\":null,\"timeZoneId\":null,\"online\":false,\"chatId\":null,\"userApps\":[],\"pseudoRoles\":[],\"roles\":[]}"; Mockito.when(externalAccessRolesService.getV2UserWithRoles("test12", mockedRequest.getHeader(uebKey))) .thenReturn(user); User EPuser = new User(); @@ -1115,7 +1234,7 @@ public class ExternalAccessRolesControllerTest { @Test public void getEpUserExceptionTest() throws Exception { - List<EPApp> applicationList = new ArrayList<EPApp>(); + List<EPApp> applicationList = new ArrayList<>(); EPApp app = mockApp(); app.setCentralAuth(true); Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList); @@ -1127,7 +1246,7 @@ public class ExternalAccessRolesControllerTest { @Test public void getEPRolesOfApplicationTest() throws Exception { - List<EPApp> applicationList = new ArrayList<EPApp>(); + List<EPApp> applicationList = new ArrayList<>(); EPApp app = mockApp(); app.setUebKey("uebKey"); app.setCentralAuth(true); @@ -1152,7 +1271,7 @@ public class ExternalAccessRolesControllerTest { @Test public void getEPRolesOfApplicationNullTest() throws Exception { - List<EPApp> applicationList = new ArrayList<EPApp>(); + List<EPApp> applicationList = new ArrayList<>(); EPApp app = mockApp(); app.setUebKey("uebKey"); app.setCentralAuth(true); @@ -1171,7 +1290,7 @@ public class ExternalAccessRolesControllerTest { @Test public void getEPRolesOfApplicationExceptionTest() throws Exception { - List<EPApp> applicationList = new ArrayList<EPApp>(); + List<EPApp> applicationList = new ArrayList<>(); EPApp app = mockApp(); app.setCentralAuth(true); Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList); @@ -1188,7 +1307,7 @@ public class ExternalAccessRolesControllerTest { PowerMockito.mockStatic(EPCommonSystemProperties.class); PowerMockito.mockStatic(PortalConstants.class); PortalRestResponse<String> actualPortalRestResponse = null; - PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); expectedportalRestResponse.setMessage("Successfully Saved"); expectedportalRestResponse.setResponse("Success"); EPUser user = mockUser.mockEPUser(); @@ -1220,7 +1339,7 @@ public class ExternalAccessRolesControllerTest { PowerMockito.mockStatic(EPCommonSystemProperties.class); PowerMockito.mockStatic(PortalConstants.class); PortalRestResponse<String> actualPortalRestResponse = null; - PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); expectedportalRestResponse.setMessage("Successfully Saved"); expectedportalRestResponse.setResponse("Success"); EPUser user = mockUser.mockEPUser(); @@ -1252,7 +1371,7 @@ public class ExternalAccessRolesControllerTest { PowerMockito.mockStatic(EPCommonSystemProperties.class); PowerMockito.mockStatic(PortalConstants.class); PortalRestResponse<String> actualPortalRestResponse = null; - PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); expectedportalRestResponse.setMessage("Successfully Saved"); expectedportalRestResponse.setResponse("Failed"); EPUser user = mockUser.mockEPUser(); @@ -1279,7 +1398,7 @@ public class ExternalAccessRolesControllerTest { @Test(expected = NullPointerException.class) public void saveRoleNullExceptionTest() throws Exception { - List<EPApp> applicationList = new ArrayList<EPApp>(); + List<EPApp> applicationList = new ArrayList<>(); EPApp app = mockApp(); applicationList.add(app); Role role = new Role(); @@ -1288,7 +1407,7 @@ public class ExternalAccessRolesControllerTest { "failed"); Mockito.when(externalAccessRolesService.deleteDependencyRoleRecord(Matchers.anyLong(), Matchers.anyString(), Matchers.anyString())).thenReturn(externalRequestFieldsValidator); - PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); expectedportalRestResponse.setMessage("Failed to deleteRole"); expectedportalRestResponse.setResponse("Failed"); expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR); @@ -1304,7 +1423,7 @@ public class ExternalAccessRolesControllerTest { PowerMockito.mockStatic(EPCommonSystemProperties.class); PowerMockito.mockStatic(PortalConstants.class); PortalRestResponse<String> actualPortalRestResponse = null; - PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); expectedportalRestResponse.setMessage("Successfully Deleted"); expectedportalRestResponse.setResponse("Success"); EPUser user = mockUser.mockEPUser(); @@ -1329,13 +1448,44 @@ public class ExternalAccessRolesControllerTest { } @Test + public void deleteRoleXSSTest() throws Exception { + PowerMockito.mockStatic(EcompPortalUtils.class); + PowerMockito.mockStatic(SystemProperties.class); + PowerMockito.mockStatic(EPCommonSystemProperties.class); + PowerMockito.mockStatic(PortalConstants.class); + PortalRestResponse<String> actualPortalRestResponse = null; + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); + expectedportalRestResponse.setMessage("Failed to deleteRole, not valid data."); + expectedportalRestResponse.setResponse("Failed"); + expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR); + EPUser user = mockUser.mockEPUser(); + List<EPUser> userList = new ArrayList<>(); + userList.add(user); + EPApp app = mockApp(); + app.setCentralAuth(true); + List<EPApp> appList = new ArrayList<>(); + appList.add(app); + String code = "<img src=xss onerror=alert(1)>"; + boolean deleteResponse = true; + Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(uebKey); + Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader("uebkey"))).thenReturn(appList); + ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.FOUND); + Mockito.when(externalAccessRolesService.getNameSpaceIfExists(appList.get(0))).thenReturn(response); + Mockito.when(externalAccessRolesService.getUser(mockedRequest.getHeader("LoginId"))).thenReturn(userList); + Mockito.when(externalAccessRolesService.deleteRoleForApplication(code, mockedRequest.getHeader("uebkey"))) + .thenReturn(deleteResponse); + actualPortalRestResponse = externalAccessRolesController.deleteRole(mockedRequest, mockedResponse, code); + assertEquals(actualPortalRestResponse.getStatus(), expectedportalRestResponse.getStatus()); + } + + @Test public void deleteRoleNegativeTest() throws Exception { PowerMockito.mockStatic(EcompPortalUtils.class); PowerMockito.mockStatic(SystemProperties.class); PowerMockito.mockStatic(EPCommonSystemProperties.class); PowerMockito.mockStatic(PortalConstants.class); PortalRestResponse<String> actualPortalRestResponse = null; - PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); expectedportalRestResponse.setMessage("Failed to delete Role for 'test"); expectedportalRestResponse.setResponse("Failed"); EPUser user = mockUser.mockEPUser(); @@ -1363,13 +1513,13 @@ public class ExternalAccessRolesControllerTest { public void deleteDependcyRoleRecordTest() throws Exception { ExternalRequestFieldsValidator removeResult = new ExternalRequestFieldsValidator(true, "success"); PortalRestResponse<String> portalRestResponse = null; - PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); expectedportalRestResponse.setMessage("Invalid credentials!"); expectedportalRestResponse.setResponse("Failed"); expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR); long roleId = 123; String LoginId = "loginId"; - List<EPApp> appList = new ArrayList<EPApp>(); + List<EPApp> appList = new ArrayList<>(); Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(uebKey); Mockito.when(mockedRequest.getHeader("LoginId")).thenReturn(LoginId); Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader("uebkey"))).thenReturn(appList); |