From a37fe92b5daca76aabd50ff1e6920670b30b84ee Mon Sep 17 00:00:00 2001
From: st782s <statta@research.att.com>
Date: Thu, 2 Nov 2017 17:05:10 -0400
Subject: Security vulnerability

Handle Session issues and security vulnerability login issue to by
preventing sql injection attack

Issue: PORTAL-137
Change-Id: I16eeacd6958af1a8274259e5dc0a008c5f64fb9f
Signed-off-by: st782s <statta@research.att.com>
---
 .../main/webapp/WEB-INF/fusion/orm/Fusion.hbm.xml   | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

(limited to 'ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/fusion/orm/Fusion.hbm.xml')

diff --git a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/fusion/orm/Fusion.hbm.xml b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/fusion/orm/Fusion.hbm.xml
index 098a5857..dbe53d5b 100644
--- a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/fusion/orm/Fusion.hbm.xml
+++ b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/fusion/orm/Fusion.hbm.xml
@@ -352,14 +352,14 @@
     <query name="getAllUsers">
       select id, firstName, lastName from User where active = true order by lastName, firstName
     </query>
-	
+
     <query name="getRoleNameById">
       select name from Role where id = :role_id
     </query>
 
     <query name="getAllRoles">
       select id, name from Role order by name
-    </query>	
+    </query>
     
     <query name="getReportSecurityUsers">
       select repId, orderNo, roleId, userId, readOnlyYn from ReportUserRole where repId = :report_id and userId is not null
@@ -369,11 +369,6 @@
       select repId, orderNo, roleId, userId, readOnlyYn from ReportUserRole where repId = :report_id and roleId is not null
     </query>
 
-<!--     <query name="insertReportSecurityUsers">
-		insert into ReportUserRole (repId, roleId, userId, readOnlyYn) values (:report_id, :role_id, :user_id, :read_only_yn)
-    </query> -->
-    
-
     <query name="deleteReportSecurityUsers">
       delete from ReportUserRole where repId = :report_id and userId =:user_id
     </query>
@@ -390,4 +385,16 @@
       select id from User where orgUserId = :orgUserId
     </query>
 
+     <query name="getUserByOrgUserId">
+       FROM User WHERE orgUserId = :org_user_id
+     </query>
+
+     <query name="getUserByLoginId">
+       FROM User WHERE loginId = :login_id
+     </query>
+
+     <query name="getUserByLoginIdLoginPwd">
+       FROM User WHERE loginId = :login_id and loginPwd = :login_pwd
+     </query>
+
 </hibernate-mapping>
-- 
cgit 1.2.3-korg