diff options
author | Manoop Talasila <talasila@research.att.com> | 2019-07-22 19:29:25 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2019-07-22 19:29:25 +0000 |
commit | e4bbb52912d2a28fd543fb6412c4e98c0730d1ce (patch) | |
tree | c5c40b199c0f57679c24afb59f69bb33386ddd09 /ecomp-portal-BE-os | |
parent | 59b6b42d465680f70334627e032f15a978c5a2c0 (diff) | |
parent | 5aab72338c356e035862b914be4ca294c9d17fc8 (diff) |
Merge "XSS Vulnerability fix in AppsController"
Diffstat (limited to 'ecomp-portal-BE-os')
2 files changed, 12 insertions, 21 deletions
diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java index 915c5e08..e109ef5d 100644 --- a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java +++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java @@ -47,8 +47,8 @@ import javax.validation.ConstraintViolation; import javax.validation.Validation; import javax.validation.Validator; import javax.validation.ValidatorFactory; +import lombok.NoArgsConstructor; import org.json.JSONObject; -import org.onap.portalapp.portal.controller.AppsController; import org.onap.portalapp.portal.domain.EPUser; import org.onap.portalapp.portal.ecomp.model.PortalRestResponse; import org.onap.portalapp.portal.ecomp.model.PortalRestStatusEnum; @@ -61,6 +61,7 @@ import org.onap.portalapp.util.EPUserUtils; import org.onap.portalapp.validation.SecureString; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.EnableAspectJAutoProxy; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestBody; @@ -69,27 +70,20 @@ import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RestController; @RestController -@org.springframework.context.annotation.Configuration +@Configuration @EnableAspectJAutoProxy @EPAuditLog +@NoArgsConstructor public class AppsOSController extends AppsController { private static final ValidatorFactory validatorFactory = Validation.buildDefaultValidatorFactory(); - static final String FAILURE = "failure"; - EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AppsOSController.class); + private static final String FAILURE = "failure"; + private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AppsOSController.class); @Autowired - AdminRolesService adminRolesService; - @Autowired - EPAppService appService; - @Autowired - PersUserAppService persUserAppService; - @Autowired UserService userService; - - - /** + /** * Create new application's contact us details. * * @param contactUs @@ -102,9 +96,9 @@ public class AppsOSController extends AppsController { return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, FAILURE, "New User cannot be null or empty"); - if (!(adminRolesService.isSuperAdmin(user) || adminRolesService.isAccountAdmin(user))){ + if (!(super.getAdminRolesService().isSuperAdmin(user) || super.getAdminRolesService().isAccountAdmin(user))){ if(!user.getLoginId().equalsIgnoreCase(newUser.getLoginId())) - return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, FAILURE, + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, FAILURE, "UnAuthorized"); } @@ -113,9 +107,9 @@ public class AppsOSController extends AppsController { try { saveNewUser = userService.saveNewUser(newUser,checkDuplicate); } catch (Exception e) { - return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, saveNewUser, e.getMessage()); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, saveNewUser, e.getMessage()); } - return new PortalRestResponse<String>(PortalRestStatusEnum.OK, saveNewUser, ""); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, saveNewUser, ""); } @RequestMapping(value = { "/portalApi/currentUserProfile/{loginId}" }, method = RequestMethod.GET, produces = "application/json") diff --git a/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java b/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java index 15fe1dd9..1083aed2 100644 --- a/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java +++ b/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java @@ -41,10 +41,8 @@ import static org.junit.Assert.assertEquals; import java.util.ArrayList; import java.util.List; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; - import org.junit.Before; import org.junit.Ignore; import org.junit.Test; @@ -52,7 +50,6 @@ import org.mockito.InjectMocks; import org.mockito.Mock; import org.mockito.Mockito; import org.mockito.MockitoAnnotations; -import org.onap.portalapp.portal.controller.AppsOSController; import org.onap.portalapp.portal.domain.EPUser; import org.onap.portalapp.portal.ecomp.model.PortalRestResponse; import org.onap.portalapp.portal.ecomp.model.PortalRestStatusEnum; @@ -87,7 +84,7 @@ public class AppsOSControllerTest { } @InjectMocks - AppsOSController appsOSController = new AppsOSController(); + AppsOSController appsOSController; MockitoTestSuite mockitoTestSuite = new MockitoTestSuite(); |