From d832e0acf41e74b6036ae256429a127252782f1b Mon Sep 17 00:00:00 2001 From: st398c Date: Tue, 23 Jul 2019 14:02:06 -0400 Subject: Blackduck scan fixes and PenTest Issue-ID: PORTAL-631 Change-Id: I606837e3aefd0bbb7ff45ac2e597d214da06e7ed Signed-off-by: st398c --- .../controller/core/ProfileController.java | 59 ++++--------------- .../controller/core/ProfileSearchController.java | 40 +++++-------- .../controller/core/ProfileControllerTest.java | 68 +--------------------- .../core/ProfileSearchControllerTest.java | 25 -------- 4 files changed, 24 insertions(+), 168 deletions(-) (limited to 'ecomp-sdk/epsdk-app-common') diff --git a/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/core/ProfileController.java b/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/core/ProfileController.java index 24ea203f..5c96e169 100644 --- a/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/core/ProfileController.java +++ b/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/core/ProfileController.java @@ -42,6 +42,7 @@ import java.io.PrintWriter; import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.Set; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -51,6 +52,7 @@ import org.json.JSONObject; import org.onap.portalsdk.core.controller.RestrictedBaseController; import org.onap.portalsdk.core.domain.Role; import org.onap.portalsdk.core.domain.User; +import org.onap.portalsdk.core.domain.UserApp; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.onap.portalsdk.core.service.RoleService; import org.onap.portalsdk.core.service.UserProfileService; @@ -95,55 +97,6 @@ public class ProfileController extends RestrictedBaseController { @Autowired private RoleService roleService; - @RequestMapping(value = { "/profile" }, method = RequestMethod.GET) - public ModelAndView profile(HttpServletRequest request) throws IOException { - Map model = new HashMap<>(); - ObjectMapper mapper = new ObjectMapper(); - User user = UserUtils.getUserSession(request); - - User profile; - Long profileId; - if (request.getRequestURI().indexOf("self_profile.htm") > -1) { - profile = UserUtils.getUserSession(request); - profileId = profile.getId(); - } else { - profileId = Long.parseLong(request.getParameter(PROFILE_ID)); - profile = userService.getUser(String.valueOf(profileId)); - } - - try { - model.put(STATE_LIST, mapper.writeValueAsString(getStates())); - model.put(COUNTRIES, mapper.writeValueAsString(getCountries())); - model.put(TIME_ZONES, mapper.writeValueAsString(getTimeZones())); - model.put(AVAILABLE_ROLES, mapper.writeValueAsString(getAvailableRoles(user.getOrgUserId()))); - model.put(PROFILE, mapper.writeValueAsString(profile)); - model.put(PROFILEID, mapper.writeValueAsString(profileId)); - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "profile: failed to write JSON", e); - } - return new ModelAndView(PROFILE, "model", model); - } - - @RequestMapping(value = { "/self_profile" }, method = RequestMethod.GET) - public ModelAndView selfProfile(HttpServletRequest request) { - Map model = new HashMap<>(); - ObjectMapper mapper = new ObjectMapper(); - - Long profileId = null; - User user = UserUtils.getUserSession(request); - User profile = UserUtils.getUserSession(request); - try { - model.put(STATE_LIST, mapper.writeValueAsString(getStates())); - model.put(COUNTRIES, mapper.writeValueAsString(getCountries())); - model.put(TIME_ZONES, mapper.writeValueAsString(getTimeZones())); - model.put(AVAILABLE_ROLES, mapper.writeValueAsString(getAvailableRoles(user.getOrgUserId()))); - model.put(PROFILE, mapper.writeValueAsString(profile)); - model.put(PROFILEID, mapper.writeValueAsString(profileId)); - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "self_profile: failed to write JSON", e); - } - return new ModelAndView(PROFILE, "model", model); - } @RequestMapping(value = { "/get_self_profile" }, method = RequestMethod.GET) public void getSelfProfile(HttpServletRequest request, HttpServletResponse response) { @@ -153,6 +106,10 @@ public class ProfileController extends RestrictedBaseController { Long profileId = null; User profile = UserUtils.getUserSession(request); + @SuppressWarnings("unchecked") + Set userapps = user.getUserApps(); + Set userapplications = UserUtils.getUserApps(userapps); + profile.setUserApps(userapplications); try { model.put(STATE_LIST, mapper.writeValueAsString(getStates())); model.put(COUNTRIES, mapper.writeValueAsString(getCountries())); @@ -184,6 +141,10 @@ public class ProfileController extends RestrictedBaseController { profileId = Long.parseLong(request.getParameter(PROFILE_ID)); profile = userService.getUser(String.valueOf(profileId)); } + @SuppressWarnings("unchecked") + Set userapps = user.getUserApps(); + Set userapplications = UserUtils.getUserApps(userapps); + profile.setUserApps(userapplications); model.put(STATE_LIST, mapper.writeValueAsString(getStates())); model.put(COUNTRIES, mapper.writeValueAsString(getCountries())); model.put(TIME_ZONES, mapper.writeValueAsString(getTimeZones())); diff --git a/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/core/ProfileSearchController.java b/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/core/ProfileSearchController.java index a94c3b46..fdd26bab 100644 --- a/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/core/ProfileSearchController.java +++ b/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/core/ProfileSearchController.java @@ -54,6 +54,7 @@ import org.onap.portalsdk.core.auth.LoginStrategy; import org.onap.portalsdk.core.controller.RestrictedBaseController; import org.onap.portalsdk.core.domain.MenuData; import org.onap.portalsdk.core.domain.User; +import org.onap.portalsdk.core.domain.UserApp; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.onap.portalsdk.core.onboarding.exception.PortalAPIException; import org.onap.portalsdk.core.service.FnMenuService; @@ -61,6 +62,7 @@ import org.onap.portalsdk.core.service.UserProfileService; import org.onap.portalsdk.core.service.UserService; import org.onap.portalsdk.core.util.SystemProperties; import org.onap.portalsdk.core.web.support.JsonMessage; +import org.onap.portalsdk.core.web.support.UserUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; @@ -105,31 +107,6 @@ public class ProfileSearchController extends RestrictedBaseController { return new ModelAndView(getViewName(), "model", model); } - @RequestMapping(value = { "/get_user" }, method = RequestMethod.GET) - public void getUser(HttpServletRequest request, HttpServletResponse response) { - logger.info(EELFLoggerDelegate.applicationLogger, "Initiating get_user in ProfileSearchController"); - String userId = ""; - try { - userId = loginStrategy.getUserId(request); - } catch (PortalAPIException e1) { - logger.error(EELFLoggerDelegate.applicationLogger, "No User found in request", e1); - } - - final String requestedUserId = userId; - ObjectMapper mapper = new ObjectMapper(); - List profileList = null; - try { - profileList = service.findAll(); - User user = profileList.stream() - .filter(x -> x.getOrgUserId().equals(requestedUserId)).findAny().orElse(null); - JsonMessage msg = new JsonMessage(mapper.writeValueAsString(user)); - JSONObject j = new JSONObject(msg); - response.setContentType(APPLICATION_JSON); - response.getWriter().write(j.toString()); - } catch (Exception e) { - logger.error(EELFLoggerDelegate.applicationLogger, "getUser failed", e); - } - } @RequestMapping(value = { "/get_user_pagination" }, method = RequestMethod.GET) public void getUserPagination(HttpServletRequest request, HttpServletResponse response) { @@ -139,16 +116,25 @@ public class ProfileSearchController extends RestrictedBaseController { int pageNum = Integer.parseInt(request.getParameter("pageNum")); int viewPerPage = Integer.parseInt(request.getParameter("viewPerPage")); List profileList = null; + List profileFinalList = new ArrayList<>(); try { profileList = service.findAll(); + for(User user: profileList) + { + Set userapps = user.getUserApps(); + Set userapplications = UserUtils.getUserApps(userapps); + user.setUserApps(userapplications); + profileFinalList.add(user); + } + model.put("totalPage", (int) Math.ceil((double) profileList.size() / viewPerPage)); profileList = profileList.subList( viewPerPage * (pageNum - 1) < profileList.size() ? viewPerPage * (pageNum - 1) : profileList.size(), viewPerPage * pageNum < profileList.size() ? viewPerPage * pageNum : profileList.size()); - model.put("profileList", mapper.writeValueAsString(profileList)); + model.put("profileList", mapper.writeValueAsString(profileFinalList)); JsonMessage msg = new JsonMessage(mapper.writeValueAsString(model)); JSONObject j = new JSONObject(msg); - response.setContentType(APPLICATION_JSON); + response.setContentType("application/json"); response.getWriter().write(j.toString()); } catch (Exception e) { logger.error(EELFLoggerDelegate.applicationLogger, "getUserPagination failed", e); diff --git a/ecomp-sdk/epsdk-app-common/src/test/java/org/onap/portalapp/controller/core/ProfileControllerTest.java b/ecomp-sdk/epsdk-app-common/src/test/java/org/onap/portalapp/controller/core/ProfileControllerTest.java index fc0871a9..e3158bf2 100644 --- a/ecomp-sdk/epsdk-app-common/src/test/java/org/onap/portalapp/controller/core/ProfileControllerTest.java +++ b/ecomp-sdk/epsdk-app-common/src/test/java/org/onap/portalapp/controller/core/ProfileControllerTest.java @@ -108,73 +108,7 @@ public class ProfileControllerTest { @Mock UserUtils userUtils = new UserUtils(); - @Test - public void profileTest() throws IOException { - ModelAndView actualModelAndView = new ModelAndView("profile"); - User user = new User(); - user.setOrgUserId("test"); - Long profileId = null; - PowerMockito.mockStatic(AppUtils.class); - PowerMockito.mockStatic(UserUtils.class); - Mockito.when(mockedRequest.getRequestURI()).thenReturn("self_profile.htm"); - Mockito.when(mockedRequest.getParameter("profile_id")).thenReturn("test"); - Mockito.when(UserUtils.getUserSession(mockedRequest)).thenReturn(user); - Mockito.when(AppUtils.getLookupList("FN_LU_STATE", "STATE_CD", "STATE", null, "STATE_CD")) - .thenReturn(new ArrayList<>()); - Mockito.when(userService.getUser(String.valueOf(profileId))).thenReturn(user); - ModelAndView expectedModelAndView = profileController.profile(mockedRequest); - assertEquals(actualModelAndView.getViewName(), expectedModelAndView.getViewName()); - } - - @Test - public void profileRequestURITest() throws IOException { - ModelAndView actualModelAndView = new ModelAndView("profile"); - User user = new User(); - user.setOrgUserId("test"); - int profileId = 1; - PowerMockito.mockStatic(AppUtils.class); - PowerMockito.mockStatic(UserUtils.class); - Mockito.when(mockedRequest.getRequestURI()).thenReturn("test"); - Mockito.when(mockedRequest.getParameter("profile_id")).thenReturn("1"); - Mockito.when(UserUtils.getUserSession(mockedRequest)).thenReturn(user); - Mockito.when(userService.getUser(String.valueOf(profileId))).thenReturn(user); - Mockito.when(AppUtils.getLookupList("FN_LU_STATE", "STATE_CD", "STATE", null, "STATE_CD")) - .thenReturn(new ArrayList<>()); - Mockito.when(userService.getUser(String.valueOf(profileId))).thenReturn(user); - ModelAndView expectedModelAndView = profileController.profile(mockedRequest); - assertEquals(actualModelAndView.getViewName(), expectedModelAndView.getViewName()); - } - - @Test - public void profileExceptionTest() throws IOException { - ModelAndView actualModelAndView = new ModelAndView("profile"); - User profile = null; - Long profileId = null; - Mockito.when(mockedRequest.getRequestURI()).thenReturn("self_profile.htm"); - Mockito.when(mockedRequest.getParameter("profile_id")).thenReturn("test"); - Mockito.when(UserUtils.getUserSession(mockedRequest)).thenReturn(user); - Mockito.when(userService.getUser(String.valueOf(profileId))).thenReturn(profile); - ModelAndView expectedModelAndView = profileController.profile(mockedRequest); - assertEquals(actualModelAndView.getViewName(), expectedModelAndView.getViewName()); - } - - @Test - public void selfProfileTest() throws Exception { - ModelAndView actualModelAndView = new ModelAndView("profile"); - PowerMockito.mockStatic(AppUtils.class); - PowerMockito.mockStatic(UserUtils.class); - Mockito.when(AppUtils.getLookupList("FN_LU_STATE", "STATE_CD", "STATE", null, "STATE_CD")) - .thenReturn(new ArrayList<>()); - Mockito.when(UserUtils.getUserSession(mockedRequest)).thenReturn(user); - ModelAndView expectedModelAndView = profileController.selfProfile(mockedRequest); - assertEquals(actualModelAndView.getViewName(), expectedModelAndView.getViewName()); - } - - @Test - public void selfProfileExceptionTest() throws Exception { - Mockito.when(UserUtils.getUserSession(mockedRequest)).thenReturn(user); - profileController.selfProfile(mockedRequest); - } + @SuppressWarnings("rawtypes") @Test diff --git a/ecomp-sdk/epsdk-app-common/src/test/java/org/onap/portalapp/controller/core/ProfileSearchControllerTest.java b/ecomp-sdk/epsdk-app-common/src/test/java/org/onap/portalapp/controller/core/ProfileSearchControllerTest.java index cc672156..185672ff 100644 --- a/ecomp-sdk/epsdk-app-common/src/test/java/org/onap/portalapp/controller/core/ProfileSearchControllerTest.java +++ b/ecomp-sdk/epsdk-app-common/src/test/java/org/onap/portalapp/controller/core/ProfileSearchControllerTest.java @@ -119,31 +119,6 @@ public class ProfileSearchControllerTest { profileSearchController.profileSearch(mockedRequest); } - @Test - public void getUserTest() throws IOException, PortalAPIException{ - List profileList = new ArrayList<>(); - User user = new User(); - user.setOrgUserId("test"); - StringWriter sw = new StringWriter(); - PrintWriter writer = new PrintWriter(sw); - Mockito.when(loginStrategy.getUserId(mockedRequest)).thenReturn("test"); - Mockito.when(mockedResponse.getWriter()).thenReturn(writer); - Mockito.when(service.findAll()).thenReturn(profileList); - profileSearchController.getUser(mockedRequest, mockedResponse); - } - - @Test - public void getUserExceptionTest() throws IOException, PortalAPIException{ - List profileList = null; - User user = new User(); - user.setOrgUserId("test"); - StringWriter sw = new StringWriter(); - PrintWriter writer = new PrintWriter(sw); - Mockito.when(loginStrategy.getUserId(mockedRequest)).thenReturn("test"); - Mockito.when(mockedResponse.getWriter()).thenReturn(writer); - Mockito.when(service.findAll()).thenReturn(profileList); - profileSearchController.getUser(mockedRequest, mockedResponse); - } @Test public void getUserPaginationTest() throws IOException{ -- cgit 1.2.3-korg