From d832e0acf41e74b6036ae256429a127252782f1b Mon Sep 17 00:00:00 2001 From: st398c Date: Tue, 23 Jul 2019 14:02:06 -0400 Subject: Blackduck scan fixes and PenTest Issue-ID: PORTAL-631 Change-Id: I606837e3aefd0bbb7ff45ac2e597d214da06e7ed Signed-off-by: st398c --- .../controller/core/ProfileController.java | 59 ++++------------------ .../controller/core/ProfileSearchController.java | 40 +++++---------- 2 files changed, 23 insertions(+), 76 deletions(-) (limited to 'ecomp-sdk/epsdk-app-common/src/main') diff --git a/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/core/ProfileController.java b/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/core/ProfileController.java index 24ea203f..5c96e169 100644 --- a/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/core/ProfileController.java +++ b/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/core/ProfileController.java @@ -42,6 +42,7 @@ import java.io.PrintWriter; import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.Set; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -51,6 +52,7 @@ import org.json.JSONObject; import org.onap.portalsdk.core.controller.RestrictedBaseController; import org.onap.portalsdk.core.domain.Role; import org.onap.portalsdk.core.domain.User; +import org.onap.portalsdk.core.domain.UserApp; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.onap.portalsdk.core.service.RoleService; import org.onap.portalsdk.core.service.UserProfileService; @@ -95,55 +97,6 @@ public class ProfileController extends RestrictedBaseController { @Autowired private RoleService roleService; - @RequestMapping(value = { "/profile" }, method = RequestMethod.GET) - public ModelAndView profile(HttpServletRequest request) throws IOException { - Map model = new HashMap<>(); - ObjectMapper mapper = new ObjectMapper(); - User user = UserUtils.getUserSession(request); - - User profile; - Long profileId; - if (request.getRequestURI().indexOf("self_profile.htm") > -1) { - profile = UserUtils.getUserSession(request); - profileId = profile.getId(); - } else { - profileId = Long.parseLong(request.getParameter(PROFILE_ID)); - profile = userService.getUser(String.valueOf(profileId)); - } - - try { - model.put(STATE_LIST, mapper.writeValueAsString(getStates())); - model.put(COUNTRIES, mapper.writeValueAsString(getCountries())); - model.put(TIME_ZONES, mapper.writeValueAsString(getTimeZones())); - model.put(AVAILABLE_ROLES, mapper.writeValueAsString(getAvailableRoles(user.getOrgUserId()))); - model.put(PROFILE, mapper.writeValueAsString(profile)); - model.put(PROFILEID, mapper.writeValueAsString(profileId)); - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "profile: failed to write JSON", e); - } - return new ModelAndView(PROFILE, "model", model); - } - - @RequestMapping(value = { "/self_profile" }, method = RequestMethod.GET) - public ModelAndView selfProfile(HttpServletRequest request) { - Map model = new HashMap<>(); - ObjectMapper mapper = new ObjectMapper(); - - Long profileId = null; - User user = UserUtils.getUserSession(request); - User profile = UserUtils.getUserSession(request); - try { - model.put(STATE_LIST, mapper.writeValueAsString(getStates())); - model.put(COUNTRIES, mapper.writeValueAsString(getCountries())); - model.put(TIME_ZONES, mapper.writeValueAsString(getTimeZones())); - model.put(AVAILABLE_ROLES, mapper.writeValueAsString(getAvailableRoles(user.getOrgUserId()))); - model.put(PROFILE, mapper.writeValueAsString(profile)); - model.put(PROFILEID, mapper.writeValueAsString(profileId)); - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "self_profile: failed to write JSON", e); - } - return new ModelAndView(PROFILE, "model", model); - } @RequestMapping(value = { "/get_self_profile" }, method = RequestMethod.GET) public void getSelfProfile(HttpServletRequest request, HttpServletResponse response) { @@ -153,6 +106,10 @@ public class ProfileController extends RestrictedBaseController { Long profileId = null; User profile = UserUtils.getUserSession(request); + @SuppressWarnings("unchecked") + Set userapps = user.getUserApps(); + Set userapplications = UserUtils.getUserApps(userapps); + profile.setUserApps(userapplications); try { model.put(STATE_LIST, mapper.writeValueAsString(getStates())); model.put(COUNTRIES, mapper.writeValueAsString(getCountries())); @@ -184,6 +141,10 @@ public class ProfileController extends RestrictedBaseController { profileId = Long.parseLong(request.getParameter(PROFILE_ID)); profile = userService.getUser(String.valueOf(profileId)); } + @SuppressWarnings("unchecked") + Set userapps = user.getUserApps(); + Set userapplications = UserUtils.getUserApps(userapps); + profile.setUserApps(userapplications); model.put(STATE_LIST, mapper.writeValueAsString(getStates())); model.put(COUNTRIES, mapper.writeValueAsString(getCountries())); model.put(TIME_ZONES, mapper.writeValueAsString(getTimeZones())); diff --git a/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/core/ProfileSearchController.java b/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/core/ProfileSearchController.java index a94c3b46..fdd26bab 100644 --- a/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/core/ProfileSearchController.java +++ b/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/core/ProfileSearchController.java @@ -54,6 +54,7 @@ import org.onap.portalsdk.core.auth.LoginStrategy; import org.onap.portalsdk.core.controller.RestrictedBaseController; import org.onap.portalsdk.core.domain.MenuData; import org.onap.portalsdk.core.domain.User; +import org.onap.portalsdk.core.domain.UserApp; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.onap.portalsdk.core.onboarding.exception.PortalAPIException; import org.onap.portalsdk.core.service.FnMenuService; @@ -61,6 +62,7 @@ import org.onap.portalsdk.core.service.UserProfileService; import org.onap.portalsdk.core.service.UserService; import org.onap.portalsdk.core.util.SystemProperties; import org.onap.portalsdk.core.web.support.JsonMessage; +import org.onap.portalsdk.core.web.support.UserUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; @@ -105,31 +107,6 @@ public class ProfileSearchController extends RestrictedBaseController { return new ModelAndView(getViewName(), "model", model); } - @RequestMapping(value = { "/get_user" }, method = RequestMethod.GET) - public void getUser(HttpServletRequest request, HttpServletResponse response) { - logger.info(EELFLoggerDelegate.applicationLogger, "Initiating get_user in ProfileSearchController"); - String userId = ""; - try { - userId = loginStrategy.getUserId(request); - } catch (PortalAPIException e1) { - logger.error(EELFLoggerDelegate.applicationLogger, "No User found in request", e1); - } - - final String requestedUserId = userId; - ObjectMapper mapper = new ObjectMapper(); - List profileList = null; - try { - profileList = service.findAll(); - User user = profileList.stream() - .filter(x -> x.getOrgUserId().equals(requestedUserId)).findAny().orElse(null); - JsonMessage msg = new JsonMessage(mapper.writeValueAsString(user)); - JSONObject j = new JSONObject(msg); - response.setContentType(APPLICATION_JSON); - response.getWriter().write(j.toString()); - } catch (Exception e) { - logger.error(EELFLoggerDelegate.applicationLogger, "getUser failed", e); - } - } @RequestMapping(value = { "/get_user_pagination" }, method = RequestMethod.GET) public void getUserPagination(HttpServletRequest request, HttpServletResponse response) { @@ -139,16 +116,25 @@ public class ProfileSearchController extends RestrictedBaseController { int pageNum = Integer.parseInt(request.getParameter("pageNum")); int viewPerPage = Integer.parseInt(request.getParameter("viewPerPage")); List profileList = null; + List profileFinalList = new ArrayList<>(); try { profileList = service.findAll(); + for(User user: profileList) + { + Set userapps = user.getUserApps(); + Set userapplications = UserUtils.getUserApps(userapps); + user.setUserApps(userapplications); + profileFinalList.add(user); + } + model.put("totalPage", (int) Math.ceil((double) profileList.size() / viewPerPage)); profileList = profileList.subList( viewPerPage * (pageNum - 1) < profileList.size() ? viewPerPage * (pageNum - 1) : profileList.size(), viewPerPage * pageNum < profileList.size() ? viewPerPage * pageNum : profileList.size()); - model.put("profileList", mapper.writeValueAsString(profileList)); + model.put("profileList", mapper.writeValueAsString(profileFinalList)); JsonMessage msg = new JsonMessage(mapper.writeValueAsString(model)); JSONObject j = new JSONObject(msg); - response.setContentType(APPLICATION_JSON); + response.setContentType("application/json"); response.getWriter().write(j.toString()); } catch (Exception e) { logger.error(EELFLoggerDelegate.applicationLogger, "getUserPagination failed", e); -- cgit 1.2.3-korg