diff options
Diffstat (limited to 'portal-BE')
19 files changed, 479 insertions, 113 deletions
diff --git a/portal-BE/docker-compose.yml b/portal-BE/docker-compose.yml index 2228a997..e74888d2 100644 --- a/portal-BE/docker-compose.yml +++ b/portal-BE/docker-compose.yml @@ -10,12 +10,12 @@ version: '3.1' services: portal-db: - image: mariadb -# image: mysql +# image: mariadb + image: mysql container_name: portal_mariaDB ports: - 3306:3306 - restart: on-failure + restart: always environment: - MYSQL_DATABASE=testdb - MYSQL_USER=portal @@ -29,7 +29,7 @@ services: portal-app: image: portal_app container_name: portal_APP - restart: on-failure + restart: always ports: - 8080:8080 depends_on: diff --git a/portal-BE/pom.xml b/portal-BE/pom.xml index 843e33d8..8251dbf0 100644 --- a/portal-BE/pom.xml +++ b/portal-BE/pom.xml @@ -157,6 +157,34 @@ <artifactId>swagger-annotations</artifactId> <version>1.5.20</version> </dependency> + <dependency> + <groupId>io.swagger</groupId> + <artifactId>swagger-annotations</artifactId> + <version>2.0.0-rc2</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>io.swagger</groupId> + <artifactId>swagger-annotations</artifactId> + <version>1.5.20</version> + </dependency> + <dependency> + <groupId>io.swagger</groupId> + <artifactId>swagger-annotations</artifactId> + <version>2.0.0-rc2</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>io.swagger</groupId> + <artifactId>swagger-annotations</artifactId> + <version>2.0.0-rc2</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>io.swagger</groupId> + <artifactId>swagger-annotations</artifactId> + <version>1.5.20</version> + </dependency> </dependencies> <properties> <docker.image.prefix>portal</docker.image.prefix> diff --git a/portal-BE/src/main/java/org/onap/portal/aop/service/FnUserServiceAOP.java b/portal-BE/src/main/java/org/onap/portal/aop/service/FnUserServiceAOP.java index 8c2ff74b..65fc88d9 100644 --- a/portal-BE/src/main/java/org/onap/portal/aop/service/FnUserServiceAOP.java +++ b/portal-BE/src/main/java/org/onap/portal/aop/service/FnUserServiceAOP.java @@ -62,14 +62,11 @@ public class FnUserServiceAOP { private final DataValidator dataValidator; private final FnUserMapper fnUserMapper; - private final FnUserService fnUserService; @Autowired - public FnUserServiceAOP(final DataValidator dataValidator, final FnUserMapper fnUserMapper, - final FnUserService fnUserService) { + public FnUserServiceAOP(final DataValidator dataValidator, final FnUserMapper fnUserMapper) { this.dataValidator = dataValidator; this.fnUserMapper = fnUserMapper; - this.fnUserService = fnUserService; } @Before("execution(* org.onap.portal.service.fn.FnUserService.saveFnUser(..)) && args(principal, fnUser)") diff --git a/portal-BE/src/main/java/org/onap/portal/aop/service/WidgetServiceAOP.java b/portal-BE/src/main/java/org/onap/portal/aop/service/WidgetServiceAOP.java new file mode 100644 index 00000000..cc168578 --- /dev/null +++ b/portal-BE/src/main/java/org/onap/portal/aop/service/WidgetServiceAOP.java @@ -0,0 +1,33 @@ +package org.onap.portal.aop.service; + +import org.aspectj.lang.annotation.Aspect; +import org.aspectj.lang.annotation.Before; +import org.onap.portal.domain.db.fn.FnUser; +import org.onap.portal.domain.dto.transport.OnboardingWidget; +import org.onap.portal.validation.DataValidator; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +@Aspect +@Component +public class WidgetServiceAOP { + private final Long LONG_ECOMP_APP_ID = 1L; + + private static final Logger LOGGER = LoggerFactory.getLogger(WidgetServiceAOP.class); + + private final DataValidator dataValidator; + + @Autowired + public WidgetServiceAOP(DataValidator dataValidator) { + this.dataValidator = dataValidator; + } + + @Before("execution(* org.onap.portal.service.WidgetService.setOnboardingWidget(..)) && args(fnUser, onboardingWidget)") + public void setOnboardingWidget(final FnUser fnUser, OnboardingWidget onboardingWidget) { + if (!dataValidator.isValid(onboardingWidget)) { + throw new IllegalArgumentException(dataValidator.getConstraintViolationsString(onboardingWidget)); + } + } +} diff --git a/portal-BE/src/main/java/org/onap/portal/controller/WidgetsCatalogController.java b/portal-BE/src/main/java/org/onap/portal/controller/WidgetsCatalogController.java index ff8426a3..07695aeb 100644 --- a/portal-BE/src/main/java/org/onap/portal/controller/WidgetsCatalogController.java +++ b/portal-BE/src/main/java/org/onap/portal/controller/WidgetsCatalogController.java @@ -301,7 +301,8 @@ public class WidgetsCatalogController { } @GetMapping(value = {"/portalApi/microservices/parameters/{widgetId}"}) - public PortalRestResponse<List<WidgetParameterResult>> getWidgetParameterResult(Principal principal, HttpServletRequest request, + public PortalRestResponse<List<WidgetParameterResult>> getWidgetParameterResult(Principal principal, + HttpServletRequest request, @PathVariable("widgetId") long widgetId) throws Exception { FnUser user = fnUserService.loadUserByUsername(principal.getName()); @@ -317,14 +318,15 @@ public class WidgetsCatalogController { return new PortalRestResponse<>(PortalRestStatusEnum.WARN, "No service parameters for this widget", list); } else { - List<MicroserviceParameter> defaultParam = epMicroserviceParameterService.getParametersById(serviceId); + List<MicroserviceParameter> defaultParam = epMicroserviceParameterService + .getParametersById(serviceId); for (MicroserviceParameter param : defaultParam) { WidgetParameterResult userResult = new WidgetParameterResult(); userResult.setParamId(param.getId()); userResult.setDefaultValue(param.getPara_value()); userResult.setParamKey(param.getPara_key()); EpWidgetCatalogParameter userValue = epWidgetCatalogParameterService - .getUserParamById(widgetId, user.getId(), + .getUserParamById(widgetId, user.getUserId(), param.getId()); if (userValue == null) { userResult.setUserValue(param.getPara_value()); @@ -334,7 +336,7 @@ public class WidgetsCatalogController { list.add(userResult); } } - return new PortalRestResponse<List<WidgetParameterResult>>(PortalRestStatusEnum.OK, "SUCCESS", list); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, "SUCCESS", list); } @GetMapping(value = {"/portalApi/microservices/services/{paramId}"}) @@ -347,7 +349,7 @@ public class WidgetsCatalogController { try { epWidgetCatalogParameterService.deleteUserParameterById(paramId); return true; - }catch (Exception e){ + } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, e.getMessage()); return false; } @@ -401,29 +403,34 @@ public class WidgetsCatalogController { } @PostMapping(value = {"/portalApi/microservices/parameters"}) - public PortalRestResponse<String> saveWidgetParameter(Principal principal, HttpServletRequest request, + public PortalRestResponse<String> saveWidgetParameter(Principal principal, @RequestBody EpWidgetCatalogParameter widgetParameters) { FnUser user = fnUserService.loadUserByUsername(principal.getName()); widgetParameters.setUserId(user); try { EpWidgetCatalogParameter oldParam = epWidgetCatalogParameterService .getUserParamById(widgetParameters.getWidgetId().getWidgetId(), - widgetParameters.getUserId().getId(), widgetParameters.getParamId().getId()); + widgetParameters.getUserId().getUserId(), widgetParameters.getParamId().getId()); if (oldParam != null) { - widgetParameters.setId(oldParam.getId()); + oldParam.setParamId(widgetParameters.getParamId()); + oldParam.setUserId(widgetParameters.getUserId()); + oldParam.setUserValue(widgetParameters.getUserValue()); + oldParam.setWidgetId(widgetParameters.getWidgetId()); + epWidgetCatalogParameterService.saveUserParameter(oldParam); + } else { + epWidgetCatalogParameterService.saveUserParameter(widgetParameters); } - epWidgetCatalogParameterService.saveUserParameter(widgetParameters); } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "saveWidgetParameter failed", e); - return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "FAILURE", e.getMessage()); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "FAILURE", e.getMessage()); } return new PortalRestResponse<>(PortalRestStatusEnum.OK, "SUCCESS", ""); } @GetMapping(value = {"/portalApi/microservices/uploadFlag"}) public String getUploadFlag() { - String uplaodFlag = ""; + String uplaodFlag; try { uplaodFlag = SystemProperties.getProperty(EPCommonSystemProperties.MS_WIDGET_UPLOAD_FLAG); } catch (Exception e) { diff --git a/portal-BE/src/main/java/org/onap/portal/controller/WidgetsCatalogMarkupController.java b/portal-BE/src/main/java/org/onap/portal/controller/WidgetsCatalogMarkupController.java index 06dd62da..e63de2e8 100644 --- a/portal-BE/src/main/java/org/onap/portal/controller/WidgetsCatalogMarkupController.java +++ b/portal-BE/src/main/java/org/onap/portal/controller/WidgetsCatalogMarkupController.java @@ -77,14 +77,8 @@ public class WidgetsCatalogMarkupController { static { // for localhost testing only - javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(new javax.net.ssl.HostnameVerifier() { - - public boolean verify(String hostname, javax.net.ssl.SSLSession sslSession) { - if (hostname.equals("localhost")) { - return true; - } - return false; - } + javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier((hostname, sslSession) -> { + return hostname.equals("localhost"); }); } diff --git a/portal-BE/src/main/java/org/onap/portal/controller/WidgetsController.java b/portal-BE/src/main/java/org/onap/portal/controller/WidgetsController.java index c2915275..571cbc13 100644 --- a/portal-BE/src/main/java/org/onap/portal/controller/WidgetsController.java +++ b/portal-BE/src/main/java/org/onap/portal/controller/WidgetsController.java @@ -43,13 +43,13 @@ package org.onap.portal.controller; import java.io.IOException; import java.security.Principal; import java.util.List; -import java.util.Optional; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.onap.portal.domain.db.fn.FnUser; import org.onap.portal.domain.dto.transport.FieldsValidator; import org.onap.portal.domain.dto.transport.OnboardingWidget; import org.onap.portal.domain.dto.transport.WidgetCatalogPersonalization; +import org.onap.portal.exception.NotValidDataException; import org.onap.portal.logging.aop.EPAuditLog; import org.onap.portal.service.AdminRolesService; import org.onap.portal.service.PersUserWidgetService; @@ -59,9 +59,9 @@ import org.onap.portal.utils.EcompPortalUtils; import org.onap.portal.validation.DataValidator; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.EnableAspectJAutoProxy; import org.springframework.http.MediaType; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.DeleteMapping; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PathVariable; @@ -99,7 +99,6 @@ public class WidgetsController { HttpServletResponse response) { FnUser user = fnUserService.loadUserByUsername(principal.getName()); List<OnboardingWidget> onboardingWidgets = null; - if (user.getGuest()) { EcompPortalUtils.setBadPermissions(user, response, "getOnboardingWidgets"); } else { @@ -119,26 +118,25 @@ public class WidgetsController { } @PutMapping(value = {"/portalApi/widgets/{widgetId}"}, produces = MediaType.APPLICATION_JSON_VALUE) - public FieldsValidator putOnboardingWidget(Principal principal, HttpServletRequest request, - @PathVariable("widgetId") Long widgetId, + @PreAuthorize("hasRole('System_Administrator')") + public FieldsValidator putOnboardingWidget(Principal principal, @PathVariable("widgetId") Long widgetId, @RequestBody OnboardingWidget onboardingWidget, HttpServletResponse response) { FnUser user = fnUserService.loadUserByUsername(principal.getName()); FieldsValidator fieldsValidator = null; - if (onboardingWidget != null) { - if (!dataValidator.isValid(onboardingWidget)) { - fieldsValidator = new FieldsValidator(); - fieldsValidator.setHttpStatusCode((long) HttpServletResponse.SC_NOT_ACCEPTABLE); - return fieldsValidator; - } - } - if (userHasPermissions(user, response, "putOnboardingWidget")) { - assert onboardingWidget != null; - onboardingWidget.setId(widgetId); - onboardingWidget.normalize(); + assert onboardingWidget != null; + onboardingWidget.setId(widgetId); + onboardingWidget.normalize(); + try { fieldsValidator = widgetService.setOnboardingWidget(user, onboardingWidget); response.setStatus(fieldsValidator.getHttpStatusCode().intValue()); + } catch (IllegalArgumentException e) { + fieldsValidator = new FieldsValidator(); + fieldsValidator.setHttpStatusCode((long) HttpServletResponse.SC_NOT_ACCEPTABLE); + fieldsValidator.addProblematicFieldName(e.getMessage()); + return fieldsValidator; } + EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/widgets/" + widgetId, "GET result =", response.getStatus()); @@ -154,14 +152,13 @@ public class WidgetsController { } @PostMapping(value = {"/portalApi/widgets"}, produces = MediaType.APPLICATION_JSON_VALUE) - public FieldsValidator postOnboardingWidget(Principal principal, HttpServletRequest request, - @RequestBody OnboardingWidget onboardingWidget, HttpServletResponse response) { + public FieldsValidator postOnboardingWidget(Principal principal, HttpServletResponse response, + @RequestBody OnboardingWidget onboardingWidget) { FnUser user = fnUserService.loadUserByUsername(principal.getName()); - FieldsValidator fieldsValidator = null; + FieldsValidator fieldsValidator = new FieldsValidator(); if (onboardingWidget != null) { if (!dataValidator.isValid(onboardingWidget)) { - fieldsValidator = new FieldsValidator(); fieldsValidator.setHttpStatusCode((long) HttpServletResponse.SC_NOT_ACCEPTABLE); return fieldsValidator; } @@ -170,7 +167,11 @@ public class WidgetsController { if (userHasPermissions(user, response, "postOnboardingWidget")) { onboardingWidget.setId(null); onboardingWidget.normalize(); - fieldsValidator = widgetService.setOnboardingWidget(user, onboardingWidget); + try { + fieldsValidator = widgetService.setOnboardingWidget(user, onboardingWidget); + } catch (Exception e) { + fieldsValidator.setHttpStatusCode((long) HttpServletResponse.SC_BAD_REQUEST); + } response.setStatus(fieldsValidator.getHttpStatusCode().intValue()); } @@ -180,8 +181,8 @@ public class WidgetsController { } @DeleteMapping(value = {"/portalApi/widgets/{widgetId}"}, produces = MediaType.APPLICATION_JSON_VALUE) - public FieldsValidator deleteOnboardingWidget(Principal principal, HttpServletRequest request, - @PathVariable("widgetId") Long widgetId, HttpServletResponse response) { + public FieldsValidator deleteOnboardingWidget(Principal principal, HttpServletResponse response, + @PathVariable("widgetId") Long widgetId) { FnUser user = fnUserService.loadUserByUsername(principal.getName()); FieldsValidator fieldsValidator = null; @@ -196,7 +197,7 @@ public class WidgetsController { } @PutMapping(value = {"portalApi/widgetCatalogSelection"}, produces = MediaType.APPLICATION_JSON_VALUE) - public FieldsValidator putWidgetCatalogSelection(Principal principal, HttpServletRequest request, + public FieldsValidator putWidgetCatalogSelection(Principal principal, @RequestBody WidgetCatalogPersonalization persRequest, HttpServletResponse response) throws IOException { FieldsValidator result = new FieldsValidator(); FnUser user = fnUserService.loadUserByUsername(principal.getName()); @@ -208,6 +209,7 @@ public class WidgetsController { } } try { + assert persRequest != null; if (persRequest.getWidgetId() == null || user == null) { EcompPortalUtils.setBadPermissions(user, response, "putWidgetCatalogSelection"); } else { diff --git a/portal-BE/src/main/java/org/onap/portal/dao/fn/FnWidgetDao.java b/portal-BE/src/main/java/org/onap/portal/dao/fn/FnWidgetDao.java index a47a1a0d..9c3e7a1f 100644 --- a/portal-BE/src/main/java/org/onap/portal/dao/fn/FnWidgetDao.java +++ b/portal-BE/src/main/java/org/onap/portal/dao/fn/FnWidgetDao.java @@ -40,8 +40,12 @@ package org.onap.portal.dao.fn; +import java.util.List; +import java.util.Optional; import org.onap.portal.domain.db.fn.FnWidget; import org.springframework.data.jpa.repository.JpaRepository; +import org.springframework.data.jpa.repository.Query; +import org.springframework.data.repository.query.Param; import org.springframework.stereotype.Repository; import org.springframework.transaction.annotation.Transactional; @@ -49,4 +53,6 @@ import org.springframework.transaction.annotation.Transactional; @Transactional public interface FnWidgetDao extends JpaRepository<FnWidget, Long> { + @Query + Optional<List<FnWidget>> getForUrlNameAndAppId(final @Param("URL") String url, final @Param("NAME") String name, final @Param("APPID") Long appId); } diff --git a/portal-BE/src/main/java/org/onap/portal/domain/db/fn/FnWidget.java b/portal-BE/src/main/java/org/onap/portal/domain/db/fn/FnWidget.java index 649267bf..f595536f 100644 --- a/portal-BE/src/main/java/org/onap/portal/domain/db/fn/FnWidget.java +++ b/portal-BE/src/main/java/org/onap/portal/domain/db/fn/FnWidget.java @@ -42,21 +42,36 @@ package org.onap.portal.domain.db.fn; import javax.persistence.Column; import javax.persistence.Entity; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; import javax.persistence.Id; +import javax.persistence.NamedNativeQueries; +import javax.persistence.NamedNativeQuery; +import javax.persistence.NamedQueries; +import javax.persistence.NamedQuery; import javax.persistence.Table; import lombok.AllArgsConstructor; +import lombok.Builder; import lombok.Getter; import lombok.NoArgsConstructor; import lombok.Setter; -@Table(name = "fn_widget") -@NoArgsConstructor -@AllArgsConstructor +@NamedQueries({ + @NamedQuery(name = "FnWidget.getForUrlNameAndAppId", + query = "FROM FnWidget where url =:URL and name =:NAME and appId =:APPID") +}) + @Getter @Setter @Entity +@Builder +@NoArgsConstructor +@AllArgsConstructor +@Table(name = "fn_widget") public class FnWidget { + @Id + @GeneratedValue(strategy = GenerationType.AUTO) private Long widgetId; @Column(name = "WDG_NAME") private String name; diff --git a/portal-BE/src/main/java/org/onap/portal/domain/dto/transport/FieldsValidator.java b/portal-BE/src/main/java/org/onap/portal/domain/dto/transport/FieldsValidator.java index 1999d236..75f04dfd 100644 --- a/portal-BE/src/main/java/org/onap/portal/domain/dto/transport/FieldsValidator.java +++ b/portal-BE/src/main/java/org/onap/portal/domain/dto/transport/FieldsValidator.java @@ -42,6 +42,7 @@ package org.onap.portal.domain.dto.transport; import java.util.ArrayList; import java.util.List; +import java.util.Objects; import javax.servlet.http.HttpServletResponse; import lombok.AllArgsConstructor; import lombok.Getter; @@ -71,5 +72,22 @@ public class FieldsValidator { @AllArgsConstructor public class FieldName { public String name; + + @Override + public boolean equals(Object o) { + if (this == o) { + return true; + } + if (!(o instanceof FieldName)) { + return false; + } + FieldName fieldName = (FieldName) o; + return Objects.equals(name, fieldName.name); + } + + @Override + public int hashCode() { + return Objects.hash(name); + } } } diff --git a/portal-BE/src/main/java/org/onap/portal/domain/dto/transport/OnboardingWidget.java b/portal-BE/src/main/java/org/onap/portal/domain/dto/transport/OnboardingWidget.java index de13bec5..ccc9a785 100644 --- a/portal-BE/src/main/java/org/onap/portal/domain/dto/transport/OnboardingWidget.java +++ b/portal-BE/src/main/java/org/onap/portal/domain/dto/transport/OnboardingWidget.java @@ -41,27 +41,39 @@ package org.onap.portal.domain.dto.transport; import java.io.Serializable; +import javax.validation.constraints.Min; +import javax.validation.constraints.NotNull; +import javax.validation.constraints.Positive; +import lombok.Builder; import lombok.Getter; import lombok.NoArgsConstructor; import lombok.Setter; +import org.hibernate.validator.constraints.NotBlank; import org.hibernate.validator.constraints.SafeHtml; @Getter @Setter +@Builder @NoArgsConstructor public class OnboardingWidget implements Serializable { private static final long serialVersionUID = 1L; private Long id; - @SafeHtml + @SafeHtml(message = "name may have unsafe html content") private String name; + @NotNull(message = "appId can't be null") + @Min(message = "appId value must be higher than 1",value = 2) private Long appId; - @SafeHtml + @SafeHtml(message = "appName may have unsafe html content") + @NotBlank(message = "appName can't be blank") private String appName; + @Positive(message = "width must be positive number") private Integer width; + @Positive(message = "height must be positive number") private Integer height; - @SafeHtml + @SafeHtml(message = "url may have unsafe html content") + @NotBlank(message = "url can't be blank") private String url; public OnboardingWidget(Long id, String name, Long appId, diff --git a/portal-BE/src/main/java/org/onap/portal/exception/NotValidDataException.java b/portal-BE/src/main/java/org/onap/portal/exception/NotValidDataException.java new file mode 100644 index 00000000..7a8aadef --- /dev/null +++ b/portal-BE/src/main/java/org/onap/portal/exception/NotValidDataException.java @@ -0,0 +1,48 @@ +/* + * ============LICENSE_START========================================== + * ONAP Portal + * =================================================================== + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * Modifications Copyright (c) 2019 Samsung + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * + */ + +package org.onap.portal.exception; + +public class NotValidDataException extends Exception { + + public NotValidDataException(String exceptionMsg) { + super(exceptionMsg); + } +} diff --git a/portal-BE/src/main/java/org/onap/portal/exception/RoleFunctionException.java b/portal-BE/src/main/java/org/onap/portal/exception/RoleFunctionException.java index 75ecfa39..8ae396cf 100644 --- a/portal-BE/src/main/java/org/onap/portal/exception/RoleFunctionException.java +++ b/portal-BE/src/main/java/org/onap/portal/exception/RoleFunctionException.java @@ -1,8 +1,10 @@ -/*- +/* * ============LICENSE_START========================================== * ONAP Portal * =================================================================== - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * Modifications Copyright (c) 2019 Samsung * =================================================================== * * Unless otherwise specified, all software contained herein is licensed @@ -33,7 +35,7 @@ * * ============LICENSE_END============================================ * - * + * */ package org.onap.portal.exception; diff --git a/portal-BE/src/main/java/org/onap/portal/service/AdminRolesService.java b/portal-BE/src/main/java/org/onap/portal/service/AdminRolesService.java index c948ece4..90a28df2 100644 --- a/portal-BE/src/main/java/org/onap/portal/service/AdminRolesService.java +++ b/portal-BE/src/main/java/org/onap/portal/service/AdminRolesService.java @@ -101,7 +101,7 @@ public class AdminRolesService { userParams.put("userId", user.getId()); logger.debug(EELFLoggerDelegate.debugLogger, ADMIN_ACCOUNT, user.getId()); List<Integer> userAdminApps; - String query = "select fa.app_id from fn_user_role ur,fn_app fa where ur.user_id =:userId and ur.app_id=fa.app_id and ur.role_id= 999 and (fa.enabled = 'Y' || fa.app_id=1)"; + String query = "select fa.app_id from fn_user_role ur,fn_app fa where ur.user_id =:userId and ur.app_id=fa.app_id and ur.role_id= 999 and (fa.enabled = 'Y' || fa.app_id=1)"; userAdminApps = entityManager.createQuery(query, Integer.class).setParameter("userId", user.getId()).getResultList(); logger.debug(EELFLoggerDelegate.debugLogger, "Is account admin for userAdminApps() - for user {}, found userAdminAppsSize {}", user.getOrgUserId(), userAdminApps.size()); diff --git a/portal-BE/src/main/java/org/onap/portal/service/WidgetService.java b/portal-BE/src/main/java/org/onap/portal/service/WidgetService.java index 794f9336..90d6ab78 100644 --- a/portal-BE/src/main/java/org/onap/portal/service/WidgetService.java +++ b/portal-BE/src/main/java/org/onap/portal/service/WidgetService.java @@ -44,6 +44,7 @@ import java.util.ArrayList; import java.util.List; import javax.persistence.EntityManager; import javax.servlet.http.HttpServletResponse; +import javax.validation.constraints.NotNull; import org.onap.portal.dao.fn.FnWidgetDao; import org.onap.portal.domain.db.fn.FnUser; import org.onap.portal.domain.db.fn.FnWidget; @@ -54,14 +55,17 @@ import org.onap.portal.domain.dto.transport.OnboardingWidget; import org.onap.portal.utils.EPCommonSystemProperties; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.EnableAspectJAutoProxy; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; @Service +@EnableAspectJAutoProxy +@Transactional public class WidgetService { private final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(WidgetService.class); - private final Long LONG_ECOMP_APP_ID = 1L; private final Long ACCOUNT_ADMIN_ROLE_ID = 999L; private static String baseSqlToken = @@ -122,16 +126,9 @@ public class WidgetService { + ":USERID"; } - public FieldsValidator setOnboardingWidget(FnUser user, OnboardingWidget onboardingWidget) { - if (onboardingWidget.getAppName().isEmpty() || onboardingWidget.getUrl().isEmpty() - || onboardingWidget.getAppId() == null - || onboardingWidget.getAppId().equals(LONG_ECOMP_APP_ID) || onboardingWidget.getWidth() <= 0 || - onboardingWidget.getHeight() <= 0) { - FieldsValidator fieldsValidator = new FieldsValidator(); - fieldsValidator.setHttpStatusCode((long) HttpServletResponse.SC_BAD_REQUEST); - return fieldsValidator; - } - return this.updateOrSaveWidget(adminRolesService.isSuperAdmin(user), user.getId(), onboardingWidget); + @PreAuthorize("hasRole('System_Administrator')") + public FieldsValidator setOnboardingWidget(final FnUser user, final OnboardingWidget onboardingWidget) { + return this.updateOrSaveWidget(true, user.getId(), onboardingWidget); } private FieldsValidator updateOrSaveWidget(boolean superAdmin, Long userId, OnboardingWidget onboardingWidget) { @@ -178,7 +175,6 @@ public class WidgetService { .getResultList(); } - @Transactional private void applyOnboardingWidget(OnboardingWidget onboardingWidget, FieldsValidator fieldsValidator) { boolean result; FnWidget widget; @@ -199,11 +195,11 @@ public class WidgetService { } private void validateOnboardingWidget(OnboardingWidget onboardingWidget, FieldsValidator fieldsValidator) { - List<Widget> widgets = getWidgets(onboardingWidget); + List<FnWidget> widgets = getWidgets(onboardingWidget); boolean dublicatedUrl = false; boolean dublicatedName = false; - for (Widget widget : widgets) { - if (onboardingWidget.getId() != null && onboardingWidget.getId().equals(widget.getId())) { + for (FnWidget widget : widgets) { + if (onboardingWidget.getId() != null && onboardingWidget.getId().equals(widget.getWidgetId())) { // widget should not be compared with itself continue; } @@ -233,18 +229,10 @@ public class WidgetService { } } - private List<Widget> getWidgets(OnboardingWidget onboardingWidget) { - return entityManager.createQuery( - "SELECT new org.onap.portal.domain.dto.ecomp.Widget(fn.APP_ID, fn.WDG_NAME, fn.WDG_URL) FROM FnWidget fn" - + "WHERE fn.WDG_URL = :WDGURL " - + "AND fn.WDG_NAME = :WDGNAME " - + "AND fn.APP_ID = :APPID", Widget.class) - .setParameter("WDGURL", onboardingWidget.getUrl()) - .setParameter("WDGNAME", onboardingWidget.getName()) - .getResultList(); + private List<FnWidget> getWidgets(final OnboardingWidget onboardingWidget) { + return fnWidgetDao.getForUrlNameAndAppId(onboardingWidget.getUrl(), onboardingWidget.getName(), onboardingWidget.getAppId()).orElse(new ArrayList<>()); } - @Transactional public FieldsValidator deleteOnboardingWidget(FnUser user, Long onboardingWidgetId) { FieldsValidator fieldsValidator = new FieldsValidator(); synchronized (syncRests) { @@ -262,4 +250,8 @@ public class WidgetService { } return fieldsValidator; } + + public FnWidget saveOne(final FnWidget widget){ + return fnWidgetDao.saveAndFlush(widget); + } } diff --git a/portal-BE/src/main/java/org/onap/portal/service/ep/EpWidgetCatalogParameterService.java b/portal-BE/src/main/java/org/onap/portal/service/ep/EpWidgetCatalogParameterService.java index 75cc9aa7..d43acc04 100644 --- a/portal-BE/src/main/java/org/onap/portal/service/ep/EpWidgetCatalogParameterService.java +++ b/portal-BE/src/main/java/org/onap/portal/service/ep/EpWidgetCatalogParameterService.java @@ -75,6 +75,10 @@ public class EpWidgetCatalogParameterService { epMicroserviceParameterService.deleteMicroserviceParameterById(paramId)); } + public EpWidgetCatalogParameter getById(final Long id){ + return epWidgetCatalogParameterDao.getOne(id); + } + @Transactional public boolean deleteByParamId(final Long paramId) { try { @@ -90,8 +94,8 @@ public class EpWidgetCatalogParameterService { EpWidgetCatalogParameter widgetParam = null; List<EpWidgetCatalogParameter> list = epWidgetCatalogParameterDao .getUserParamById(widgetId, userId, paramId) - .orElse(new ArrayList<>()); - if (list.size() != 0) { + .orElse(null); + if (list != null && !list.isEmpty()) { widgetParam = list.get(0); } logger.debug(EELFLoggerDelegate.debugLogger, @@ -99,7 +103,6 @@ public class EpWidgetCatalogParameterService { return widgetParam; } - @Transactional public void saveUserParameter(final EpWidgetCatalogParameter newParameter) { epWidgetCatalogParameterDao.save(newParameter); } diff --git a/portal-BE/src/test/java/org/onap/portal/controller/WidgetsCatalogControllerTest.java b/portal-BE/src/test/java/org/onap/portal/controller/WidgetsCatalogControllerTest.java index c04f50e4..b82ac2f7 100644 --- a/portal-BE/src/test/java/org/onap/portal/controller/WidgetsCatalogControllerTest.java +++ b/portal-BE/src/test/java/org/onap/portal/controller/WidgetsCatalogControllerTest.java @@ -49,6 +49,7 @@ import java.time.LocalDateTime; import java.util.Collections; import java.util.HashSet; import java.util.List; +import javax.servlet.http.HttpServletRequest; import javax.transaction.Transactional; import org.junit.Test; import org.junit.runner.RunWith; @@ -58,6 +59,7 @@ import org.onap.portal.domain.db.ep.EpWidgetCatalogParameter; import org.onap.portal.domain.db.fn.FnLanguage; import org.onap.portal.domain.db.fn.FnUser; import org.onap.portal.domain.dto.ecomp.WidgetCatalog; +import org.onap.portal.framework.MockitoTestSuite; import org.onap.portal.service.ep.EpMicroserviceParameterService; import org.onap.portal.service.ep.EpWidgetCatalogParameterService; import org.onap.portal.service.ep.EpWidgetCatalogService; @@ -70,20 +72,21 @@ import org.springframework.test.context.junit4.SpringRunner; @RunWith(SpringRunner.class) @SpringBootTest +@Transactional @TestPropertySource(locations = "classpath:test.properties") public class WidgetsCatalogControllerTest { private UsernamePasswordAuthenticationToken principal = new UsernamePasswordAuthenticationToken("demo", "demo123"); @Autowired - WidgetsCatalogController widgetsCatalogController; + private WidgetsCatalogController widgetsCatalogController; @Autowired - FnLanguageService fnLanguageService; + private FnLanguageService fnLanguageService; @Autowired - EpWidgetCatalogParameterService epWidgetCatalogParameterService; + private EpWidgetCatalogParameterService epWidgetCatalogParameterService; @Autowired - EpMicroserviceParameterService epMicroserviceParameterService; + private EpMicroserviceParameterService epMicroserviceParameterService; @Autowired - EpWidgetCatalogService epWidgetCatalogService; + private EpWidgetCatalogService epWidgetCatalogService; @Test public void getUserWidgetCatalog() { @@ -128,7 +131,6 @@ public class WidgetsCatalogControllerTest { } @Test - @Transactional public void getUserParameterById() { //Given EpWidgetCatalog widget = EpWidgetCatalog.builder() @@ -155,7 +157,6 @@ public class WidgetsCatalogControllerTest { } @Test - @Transactional public void deleteUserParameterById() { //Given EpWidgetCatalog widget = EpWidgetCatalog.builder() @@ -189,10 +190,72 @@ public class WidgetsCatalogControllerTest { @Test public void saveWidgetParameter() { + //Given + EpWidgetCatalog widget = EpWidgetCatalog.builder() + .wdgName("Name") + .wdgFileLoc("loc") + .allUserFlag(true) + .build(); + epWidgetCatalogService.save(widget); + EpMicroserviceParameter parameter = new EpMicroserviceParameter(); + epMicroserviceParameterService.save(parameter); + FnLanguage language = FnLanguage.builder().languageAlias("TS").languageName("TEST").build(); + fnLanguageService.save(principal, language); + FnUser user = buildFnUser(); + language.setFnUsers(new HashSet<>(Collections.singleton(user))); + user.setLanguageId(language); + EpWidgetCatalogParameter data = EpWidgetCatalogParameter.builder() + .widgetId(widget).userId(user).paramId(parameter).userValue("TestData").build(); + + //When + widgetsCatalogController.saveWidgetParameter(principal, data); + //Then + EpWidgetCatalogParameter actual = epWidgetCatalogParameterService.getById(data.getId()); + + assertEquals("TestData", actual.getUserValue()); + + } + + @Test + public void saveWidgetParameterOldParamTest() { + //Given + EpWidgetCatalog widget = EpWidgetCatalog.builder() + .wdgName("Name") + .wdgFileLoc("loc") + .allUserFlag(true) + .build(); + epWidgetCatalogService.save(widget); + EpMicroserviceParameter parameter = new EpMicroserviceParameter(); + epMicroserviceParameterService.save(parameter); + FnLanguage language = FnLanguage.builder().languageAlias("TS").languageName("TEST").build(); + fnLanguageService.save(principal, language); + FnUser user = buildFnUser(); + language.setFnUsers(new HashSet<>(Collections.singleton(user))); + user.setLanguageId(language); + EpWidgetCatalogParameter old = EpWidgetCatalogParameter.builder() + .widgetId(widget).userId(user).paramId(parameter).userValue("TestData").build(); + + //When + widgetsCatalogController.saveWidgetParameter(principal, old); + + EpWidgetCatalogParameter newWidgetParameter = EpWidgetCatalogParameter.builder() + .widgetId(widget).userId(user).paramId(parameter).userValue("TestData2").build(); + + widgetsCatalogController.saveWidgetParameter(principal, newWidgetParameter); + + EpWidgetCatalogParameter oldOne = epWidgetCatalogParameterService.getById(old.getId()); + + //Then + assertEquals("TestData2", oldOne.getUserValue()); + } @Test public void getUploadFlag() { + String expected = ""; + String actual = widgetsCatalogController.getUploadFlag(); + + assertEquals(expected, actual); } private FnUser buildFnUser(){ diff --git a/portal-BE/src/test/java/org/onap/portal/controller/WidgetsControllerTest.java b/portal-BE/src/test/java/org/onap/portal/controller/WidgetsControllerTest.java index a90b38ff..0f277471 100644 --- a/portal-BE/src/test/java/org/onap/portal/controller/WidgetsControllerTest.java +++ b/portal-BE/src/test/java/org/onap/portal/controller/WidgetsControllerTest.java @@ -55,18 +55,23 @@ import org.onap.portal.dao.fn.FnLanguageDao; import org.onap.portal.dao.fn.FnUserDao; import org.onap.portal.domain.db.fn.FnLanguage; import org.onap.portal.domain.db.fn.FnUser; +import org.onap.portal.domain.db.fn.FnWidget; +import org.onap.portal.domain.dto.transport.FieldsValidator; import org.onap.portal.domain.dto.transport.OnboardingWidget; import org.onap.portal.framework.MockitoTestSuite; +import org.onap.portal.service.WidgetService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.context.SpringBootTest; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.test.context.TestPropertySource; import org.springframework.test.context.junit4.SpringRunner; +import org.springframework.transaction.annotation.Transactional; @RunWith(SpringRunner.class) @SpringBootTest @TestPropertySource(locations = "classpath:test.properties") +@Transactional public class WidgetsControllerTest { private UsernamePasswordAuthenticationToken principal = new UsernamePasswordAuthenticationToken("demo", @@ -80,11 +85,11 @@ public class WidgetsControllerTest { @Autowired private WidgetsController widgetsController; @Autowired - private - FnUserDao fnUserDao; + private FnUserDao fnUserDao; @Autowired - private - FnLanguageDao fnLanguageDao; + private FnLanguageDao fnLanguageDao; + @Autowired + private WidgetService widgetService; private FnLanguage language = getFnLanguage(); private FnUser questUser = getQuestUser(); @@ -140,7 +145,108 @@ public class WidgetsControllerTest { } @Test - public void putOnboardingWidget() { + public void putOnboardingWidgetSameWidget() { + //Given + UsernamePasswordAuthenticationToken notQuestprincipal = new UsernamePasswordAuthenticationToken("cs0008", + "demo123"); + fnUserDao.save(notQuestUser); + when(request.getHeader("X-Widgets-Type")).thenReturn("managed"); + + OnboardingWidget onboardingWidget = OnboardingWidget.builder() + .id(123L) + .name("Application") + .appId(1421L) + .appName("Application name") + .width(123) + .height(45) + .url("testurl") + .build(); + + + FnWidget fnWidget = FnWidget.builder() + .name("Application") + .appId(453L) + .width(123) + .height(45) + .url("testurl") + .build(); + + widgetService.saveOne(fnWidget); + + FieldsValidator expected = new FieldsValidator(); + //When + FieldsValidator actual = widgetsController.putOnboardingWidget(principal, fnWidget.getWidgetId(), onboardingWidget, response); + //Then + assertEquals(expected.getErrorCode(), actual.getErrorCode()); + assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode()); + assertEquals(expected.getFields(), actual.getFields()); + } + + @Test + public void putOnboardingWidgetAOP() { + //Given + UsernamePasswordAuthenticationToken notQuestprincipal = new UsernamePasswordAuthenticationToken("cs0008", + "demo123"); + fnUserDao.save(notQuestUser); + when(request.getHeader("X-Widgets-Type")).thenReturn("managed"); + + OnboardingWidget onboardingWidget = OnboardingWidget.builder() + .id(123L) + .name("") + .appId(1L) + .appName("") + .width(123) + .height(45) + .url("testurl") + .build(); + + + FnWidget fnWidget = FnWidget.builder() + .name("Application") + .appId(1421L) + .width(123) + .height(45) + .url("testurl") + .build(); + + widgetService.saveOne(fnWidget); + + FieldsValidator expected = new FieldsValidator(); + expected.setHttpStatusCode(406L); + expected.addProblematicFieldName("appName can't be blank, appId value must be higher than 1"); + //When + FieldsValidator actual = widgetsController.putOnboardingWidget(principal, fnWidget.getWidgetId(), onboardingWidget, response); + //Then + assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode()); + assertEquals(expected.getFields().size(), actual.getFields().size()); + } + + @Test + public void putOnboardingWidgetAOPXSSTest() { + //Given + UsernamePasswordAuthenticationToken notQuestprincipal = new UsernamePasswordAuthenticationToken("cs0008", + "demo123"); + fnUserDao.save(notQuestUser); + when(request.getHeader("X-Widgets-Type")).thenReturn("managed"); + + OnboardingWidget onboardingWidget = OnboardingWidget.builder() + .id(123L) + .name("<script>alert(“XSS”);</script>\n") + .appId(34L) + .appName("<ScRipT>alert(\"XSS\");</ScRipT>") + .width(123) + .height(45) + .url("testurl") + .build(); + + FieldsValidator expected = new FieldsValidator(); + expected.setHttpStatusCode(406L); + expected.addProblematicFieldName("appName may have unsafe html content, name may have unsafe html content"); + //When + FieldsValidator actual = widgetsController.putOnboardingWidget(principal, 15L, onboardingWidget, response); + //Then + assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode()); + assertEquals(expected.getFields().size(), actual.getFields().size()); } @Test diff --git a/portal-BE/src/test/java/org/onap/portal/service/ep/EpWidgetCatalogParameterServiceTest.java b/portal-BE/src/test/java/org/onap/portal/service/ep/EpWidgetCatalogParameterServiceTest.java index f123f95a..6a6c06b9 100644 --- a/portal-BE/src/test/java/org/onap/portal/service/ep/EpWidgetCatalogParameterServiceTest.java +++ b/portal-BE/src/test/java/org/onap/portal/service/ep/EpWidgetCatalogParameterServiceTest.java @@ -40,7 +40,7 @@ package org.onap.portal.service.ep; -import static org.junit.jupiter.api.Assertions.*; +import static org.junit.jupiter.api.Assertions.assertEquals; import java.time.LocalDateTime; import java.util.Collections; @@ -63,29 +63,38 @@ import org.springframework.transaction.annotation.Transactional; @RunWith(SpringRunner.class) @SpringBootTest +@Transactional @TestPropertySource(locations = "classpath:test.properties") class EpWidgetCatalogParameterServiceTest { + private UsernamePasswordAuthenticationToken principal = new UsernamePasswordAuthenticationToken("demo", "demo123"); - @Autowired + private EpWidgetCatalogParameterService epWidgetCatalogParameterService; - @Autowired private WidgetsCatalogController widgetsCatalogController; - @Autowired - private - FnLanguageService fnLanguageService; - @Autowired + private FnLanguageService fnLanguageService; private EpMicroserviceParameterService epMicroserviceParameterService; + private EpWidgetCatalogService epWidgetCatalogService; + @Autowired - private - EpWidgetCatalogService epWidgetCatalogService; + public EpWidgetCatalogParameterServiceTest( + EpWidgetCatalogParameterService epWidgetCatalogParameterService, + WidgetsCatalogController widgetsCatalogController, + FnLanguageService fnLanguageService, + EpMicroserviceParameterService epMicroserviceParameterService, + EpWidgetCatalogService epWidgetCatalogService) { + this.epWidgetCatalogParameterService = epWidgetCatalogParameterService; + this.widgetsCatalogController = widgetsCatalogController; + this.fnLanguageService = fnLanguageService; + this.epMicroserviceParameterService = epMicroserviceParameterService; + this.epWidgetCatalogService = epWidgetCatalogService; + } @Test void deleteUserParameterById() { } @Test - @Transactional void deleteByParamId() { //Given EpWidgetCatalog widget = EpWidgetCatalog.builder() @@ -101,7 +110,7 @@ class EpWidgetCatalogParameterServiceTest { FnUser user = buildFnUser(); language.setFnUsers(new HashSet<>(Collections.singleton(user))); user.setLanguageId(language); - EpWidgetCatalogParameter data = EpWidgetCatalogParameter.builder() + EpWidgetCatalogParameter data = EpWidgetCatalogParameter.builder() .widgetId(widget).userId(user).paramId(parameter).userValue("TestData").build(); //When assertEquals(0, widgetsCatalogController.getUserParameterById(parameter.getId()).size()); @@ -112,10 +121,41 @@ class EpWidgetCatalogParameterServiceTest { assertEquals(0, epWidgetCatalogParameterService.getUserParameterById(parameter.getId()).size()); //Clean + } + + @Test + void getUserParamById() { + //Given + EpWidgetCatalog widget = EpWidgetCatalog.builder() + .wdgName("Name") + .wdgFileLoc("loc") + .allUserFlag(true) + .build(); + epWidgetCatalogService.save(widget); + EpMicroserviceParameter parameter = new EpMicroserviceParameter(); + epMicroserviceParameterService.save(parameter); + FnLanguage language = FnLanguage.builder().languageAlias("TS").languageName("TEST").build(); + fnLanguageService.save(principal, language); + FnUser user = buildFnUser(); + language.setFnUsers(new HashSet<>(Collections.singleton(user))); + user.setLanguageId(language); + EpWidgetCatalogParameter data = EpWidgetCatalogParameter.builder() + .widgetId(widget).userId(user).paramId(parameter).userValue("TestData").build(); + //When + assertEquals(0, widgetsCatalogController.getUserParameterById(parameter.getId()).size()); + epWidgetCatalogParameterService.saveUserParameter(data); + Long id = data.getId(); + assertEquals(1, epWidgetCatalogParameterService.getUserParameterById(parameter.getId()).size()); + EpWidgetCatalogParameter actual = epWidgetCatalogParameterService.getUserParamById(widget.getWidgetId(), user.getUserId(), parameter.getId()); + //Then + assertEquals(id, actual.getId()); + assertEquals(data.getUserValue(), actual.getUserValue()); + assertEquals(data.getWidgetId().getWidgetId(), actual.getWidgetId().getWidgetId()); + assertEquals(data.getParamId().getId(), actual.getParamId().getId()); } - private FnUser buildFnUser(){ + private FnUser buildFnUser() { return FnUser.builder() .lastLoginDate(LocalDateTime.now()) .activeYn(true) |