diff options
| author |   Dominik Mizyn <d.mizyn@samsung.com> | 2019-10-07 13:10:38 +0200 |
|---|---|---|
| committer | Dominik Mizyn <d.mizyn@samsung.com> | 2019-10-07 13:10:48 +0200 |
| commit | 0cd9645a9dc83b9a5a2eddcc15cdfaf30fdade3a (patch) | |
| tree | db1efb7b735f1f94d97124e7a7e5aa4049ed6137 /portal-BE/src/test | |
| parent | 26abc89a7ce21999cccd88b77cd2ecda21cbe905 (diff) | |
WidgetsController test coverage up
WidgetsController test coverage up
Issue-ID: PORTAL-710
Change-Id: Ie2473ea00ac5cb569a9461060924427d5cceada0
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Diffstat (limited to 'portal-BE/src/test')
| -rw-r--r-- | portal-BE/src/test/java/org/onap/portal/controller/WidgetsControllerTest.java | 131 |
1 files changed, 112 insertions, 19 deletions
diff --git a/portal-BE/src/test/java/org/onap/portal/controller/WidgetsControllerTest.java b/portal-BE/src/test/java/org/onap/portal/controller/WidgetsControllerTest.java index 0f277471..48035908 100644 --- a/portal-BE/src/test/java/org/onap/portal/controller/WidgetsControllerTest.java +++ b/portal-BE/src/test/java/org/onap/portal/controller/WidgetsControllerTest.java @@ -44,6 +44,7 @@ import static junit.framework.TestCase.assertEquals; import static junit.framework.TestCase.assertNull; import static org.mockito.Mockito.when; +import java.io.IOException; import java.time.LocalDateTime; import java.util.ArrayList; import java.util.List; @@ -58,6 +59,7 @@ import org.onap.portal.domain.db.fn.FnUser; import org.onap.portal.domain.db.fn.FnWidget; import org.onap.portal.domain.dto.transport.FieldsValidator; import org.onap.portal.domain.dto.transport.OnboardingWidget; +import org.onap.portal.domain.dto.transport.WidgetCatalogPersonalization; import org.onap.portal.framework.MockitoTestSuite; import org.onap.portal.service.WidgetService; import org.springframework.beans.factory.annotation.Autowired; @@ -118,7 +120,8 @@ public class WidgetsControllerTest { @Test public void getOnboardingWidgetsUserTest() { - UsernamePasswordAuthenticationToken notQuestprincipal = new UsernamePasswordAuthenticationToken("notQuestUser", + UsernamePasswordAuthenticationToken notQuestprincipal = new UsernamePasswordAuthenticationToken( + "notQuestUser", "demo123"); fnUserDao.save(notQuestUser); List<OnboardingWidget> expected = new ArrayList<>(); @@ -133,7 +136,8 @@ public class WidgetsControllerTest { @Test public void getOnboardingWidgetsWrongHeaderTest() { - UsernamePasswordAuthenticationToken notQuestprincipal = new UsernamePasswordAuthenticationToken("notQuestUser", + UsernamePasswordAuthenticationToken notQuestprincipal = new UsernamePasswordAuthenticationToken( + "notQuestUser", "demo123"); fnUserDao.save(notQuestUser); when(request.getHeader("X-Widgets-Type")).thenReturn("test"); @@ -147,8 +151,6 @@ public class WidgetsControllerTest { @Test public void putOnboardingWidgetSameWidget() { //Given - UsernamePasswordAuthenticationToken notQuestprincipal = new UsernamePasswordAuthenticationToken("cs0008", - "demo123"); fnUserDao.save(notQuestUser); when(request.getHeader("X-Widgets-Type")).thenReturn("managed"); @@ -162,7 +164,6 @@ public class WidgetsControllerTest { .url("testurl") .build(); - FnWidget fnWidget = FnWidget.builder() .name("Application") .appId(453L) @@ -175,7 +176,8 @@ public class WidgetsControllerTest { FieldsValidator expected = new FieldsValidator(); //When - FieldsValidator actual = widgetsController.putOnboardingWidget(principal, fnWidget.getWidgetId(), onboardingWidget, response); + FieldsValidator actual = widgetsController + .putOnboardingWidget(principal, fnWidget.getWidgetId(), onboardingWidget, response); //Then assertEquals(expected.getErrorCode(), actual.getErrorCode()); assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode()); @@ -185,8 +187,6 @@ public class WidgetsControllerTest { @Test public void putOnboardingWidgetAOP() { //Given - UsernamePasswordAuthenticationToken notQuestprincipal = new UsernamePasswordAuthenticationToken("cs0008", - "demo123"); fnUserDao.save(notQuestUser); when(request.getHeader("X-Widgets-Type")).thenReturn("managed"); @@ -200,7 +200,6 @@ public class WidgetsControllerTest { .url("testurl") .build(); - FnWidget fnWidget = FnWidget.builder() .name("Application") .appId(1421L) @@ -215,7 +214,8 @@ public class WidgetsControllerTest { expected.setHttpStatusCode(406L); expected.addProblematicFieldName("appName can't be blank, appId value must be higher than 1"); //When - FieldsValidator actual = widgetsController.putOnboardingWidget(principal, fnWidget.getWidgetId(), onboardingWidget, response); + FieldsValidator actual = widgetsController + .putOnboardingWidget(principal, fnWidget.getWidgetId(), onboardingWidget, response); //Then assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode()); assertEquals(expected.getFields().size(), actual.getFields().size()); @@ -224,8 +224,6 @@ public class WidgetsControllerTest { @Test public void putOnboardingWidgetAOPXSSTest() { //Given - UsernamePasswordAuthenticationToken notQuestprincipal = new UsernamePasswordAuthenticationToken("cs0008", - "demo123"); fnUserDao.save(notQuestUser); when(request.getHeader("X-Widgets-Type")).thenReturn("managed"); @@ -241,9 +239,37 @@ public class WidgetsControllerTest { FieldsValidator expected = new FieldsValidator(); expected.setHttpStatusCode(406L); - expected.addProblematicFieldName("appName may have unsafe html content, name may have unsafe html content"); + expected.addProblematicFieldName( + "appName may have unsafe html content, name may have unsafe html content"); //When - FieldsValidator actual = widgetsController.putOnboardingWidget(principal, 15L, onboardingWidget, response); + FieldsValidator actual = widgetsController + .putOnboardingWidget(principal, 15L, onboardingWidget, response); + //Then + assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode()); + assertEquals(expected.getFields().size(), actual.getFields().size()); + } + + @Test + public void postOnboardingWidgetXSS() { + //Given + fnUserDao.save(notQuestUser); + when(request.getHeader("X-Widgets-Type")).thenReturn("managed"); + + OnboardingWidget onboardingWidget = OnboardingWidget.builder() + .id(123L) + .name("<script>alert(“XSS”);</script>\n") + .appId(34L) + .appName("<ScRipT>alert(\"XSS\");</ScRipT>") + .width(123) + .height(45) + .url("testurl") + .build(); + + FieldsValidator expected = new FieldsValidator(); + expected.setHttpStatusCode(406L); + expected.addProblematicFieldName("appName may have unse html content, name may have unsafe html content"); + //When + FieldsValidator actual = widgetsController.postOnboardingWidget(principal, response, onboardingWidget); //Then assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode()); assertEquals(expected.getFields().size(), actual.getFields().size()); @@ -251,17 +277,84 @@ public class WidgetsControllerTest { @Test public void postOnboardingWidget() { + //Given + fnUserDao.save(notQuestUser); + when(request.getHeader("X-Widgets-Type")).thenReturn("managed"); + + OnboardingWidget onboardingWidget = OnboardingWidget.builder() + .id(123L) + .name("appname") + .appId(34L) + .appName("appname") + .width(123) + .height(45) + .url("testurl") + .build(); + + FieldsValidator expected = new FieldsValidator(); + expected.setHttpStatusCode(200L); + //When + FieldsValidator actual = widgetsController.postOnboardingWidget(principal, response, onboardingWidget); + //Then + assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode()); + assertEquals(expected.getFields().size(), actual.getFields().size()); } @Test - public void deleteOnboardingWidget() { + public void deleteOnboardingWidgetSCFORBIDDEN() { + //Given + fnUserDao.save(notQuestUser); + when(request.getHeader("X-Widgets-Type")).thenReturn("managed"); + + OnboardingWidget onboardingWidget = OnboardingWidget.builder() + .id(123L) + .name("") + .appId(1L) + .appName("rtyrty") + .width(123) + .height(45) + .url("testurl") + .build(); + + FnWidget fnWidget = FnWidget.builder() + .name("Application") + .appId(1421L) + .width(123) + .height(45) + .url("testurl") + .build(); + + widgetService.saveOne(fnWidget); + + + + FieldsValidator expected = new FieldsValidator(); + expected.setHttpStatusCode(403L); + expected.addProblematicFieldName("appName can't be blank, appId value must be higher than 1"); + + //When + widgetsController.putOnboardingWidget(principal, fnWidget.getWidgetId(), onboardingWidget, response); + + FieldsValidator actual = widgetsController.deleteOnboardingWidget(principal, response, fnWidget.getWidgetId()); + //Then + assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode()); } @Test - public void putWidgetCatalogSelection() { + public void putWidgetCatalogSelection() throws IOException { + //Give + WidgetCatalogPersonalization personalization = new WidgetCatalogPersonalization(7L, true); + + FieldsValidator expected = new FieldsValidator(); + expected.setHttpStatusCode(200L); + expected.addProblematicFieldName(""); + //When + FieldsValidator actual = widgetsController.putWidgetCatalogSelection(principal, personalization, response); + //Then + assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode()); } - private FnUser getQuestUser(){ + private FnUser getQuestUser() { return FnUser.builder() .loginId("questUser") .loginPwd("demo123") @@ -275,7 +368,7 @@ public class WidgetsControllerTest { .build(); } - private FnUser getNotQuestUser(){ + private FnUser getNotQuestUser() { return FnUser.builder() .loginId("notQuestUser") .loginPwd("demo123") @@ -289,7 +382,7 @@ public class WidgetsControllerTest { .build(); } - private FnLanguage getFnLanguage(){ + private FnLanguage getFnLanguage() { return FnLanguage.builder().languageName("Polish").languageAlias("Pl").build(); } }
\ No newline at end of file |