View Javadoc

1   /**
2    * Copyright 2005-2013 The Kuali Foundation
3    *
4    * Licensed under the Educational Community License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.opensource.org/licenses/ecl2.php
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package edu.samplu.krad.demo.travel.account;
17  
18  import edu.samplu.common.SmokeTestBase;
19  import org.junit.Test;
20  
21  /**
22   * @author Kuali Rice Team (rice.collab@kuali.org)
23   */
24  public class DemoTravelAccountMaintenanceNewSmokeTest extends SmokeTestBase {
25  
26      /**
27       * //div[@class='fancybox-item fancybox-close']
28       */
29      public static final String FANCY_BOX_CLOSE_XPATH = "//div[@class='fancybox-item fancybox-close']";
30      
31      /**
32       * //div[@class='fancybox-item fancybox-close']
33       */
34      public static final String FANCY_BOX_IFRAME_XPATH = "//iframe[@class='fancybox-iframe']";
35  
36      /**
37       * /kr-krad/maintenance?methodToCall=start&dataObjectClassName=org.kuali.rice.krad.demo.travel.account.TravelAccount&hideReturnLink=true
38       */
39      public static final String BOOKMARK_URL = "/kr-krad/maintenance?methodToCall=start&dataObjectClassName=org.kuali.rice.krad.demo.travel.account.TravelAccount&hideReturnLink=true";
40  
41  
42      /**
43       * Description field
44       */
45      public static final String DESCRIPTION_FIELD = "document.documentHeader.documentDescription";
46  
47      /**
48       * Explanation field
49       */
50      public static final String EXPLANATION_FIELD = "document.documentHeader.explanation";
51  
52      /**
53       * Organization document number field
54       */
55      public static final String ORGANIZATION_DOCUMENT_NUMBER_FIELD = "document.documentHeader.organizationDocumentNumber";
56  
57      /**
58       * Travel account name field
59       */
60      public static final String TRAVEL_ACCOUNT_NAME_FIELD = "document.newMaintainableObject.dataObject.name";
61  
62      /**
63       * Travel account nUMBER field
64       */
65      public static final String TRAVEL_ACCOUNT_NUMBER_FIELD = "document.newMaintainableObject.dataObject.number";
66  
67      /**
68       * Travel account type code field
69       */
70      public static final String TRAVEL_ACCOUNT_TYPE_CODE_FIELD = "document.newMaintainableObject.dataObject.extension.accountTypeCode";
71  
72      /**
73       * Travel sub account field
74       */
75      public static final String SUB_ACCOUNT_FIELD = "document.newMaintainableObject.dataObject.subAccount";
76  
77      /**
78       * Travel sub account name field
79       */
80      public static final String SUB_ACCOUNT_NAME_FIELD = "document.newMaintainableObject.dataObject.subAccountName";
81  
82      /**
83       * Subsidized percent
84       */
85      public static final String SUBSIDIZED_PERCENT_FIELD = "document.newMaintainableObject.dataObject.subsidizedPercent";
86  
87      /**
88       * Date created.
89       */
90      public static final String DATE_CREATED_FIELD = "document.newMaintainableObject.dataObject.createDate";
91  
92      /**
93       * Fiscal officer ID
94       */
95      public static final String FISCAL_OFFICER_ID_FIELD = "document.newMaintainableObject.dataObject.foId";
96  
97      @Override
98      public String getBookmarkUrl() {
99          return BOOKMARK_URL;
100     }
101 
102     protected void navigate() throws Exception {
103         waitAndClickById("Demo-DemoLink", "");
104         waitAndClickByLinkText("Account Maintenance (New)");
105     }
106 
107     protected void testTravelAccountMaintenanceNew() throws Exception {
108         waitAndTypeByName("document.documentHeader.documentDescription","Travel Account Maintenance New Test Document");
109         waitAndTypeByName("document.newMaintainableObject.dataObject.number","a1");
110         waitAndClickByXpath("//input[@alt='Direct Inquiry']");
111         waitAndClickByXpath(FANCY_BOX_CLOSE_XPATH);
112         assertTextPresent("Travel Account Maintenance");
113     }
114 
115     protected void testTravelAccountMaintenanceEditXss() throws Exception {
116         waitAndTypeByName(DESCRIPTION_FIELD,"\"/><script>alert('!')</script>");
117         waitAndTypeByName(EXPLANATION_FIELD,"\"/><script>alert('!')</script>");
118         waitAndTypeByName(ORGANIZATION_DOCUMENT_NUMBER_FIELD,"\"/><script>alert('!')</script>");
119         waitAndTypeByName(TRAVEL_ACCOUNT_NAME_FIELD,"blah");
120         waitAndTypeByName(TRAVEL_ACCOUNT_NUMBER_FIELD,"blah");
121         waitAndTypeByName(TRAVEL_ACCOUNT_TYPE_CODE_FIELD,"CAT");
122         waitAndTypeByName(SUB_ACCOUNT_FIELD,"a1");
123         waitAndTypeByName(SUB_ACCOUNT_NAME_FIELD,"\"/><script>alert('!')</script>");
124         waitAndTypeByName(SUBSIDIZED_PERCENT_FIELD,"\"/><script>alert('!')</script>");
125         waitAndTypeByName(DATE_CREATED_FIELD,"\"/><script>alert('!')</script>");
126         waitAndTypeByName(FISCAL_OFFICER_ID_FIELD,"\"/><script>alert('!')</script>");
127         waitAndClickButtonByText("Save");
128         Thread.sleep(1000);
129         if(isAlertPresent())    {
130             fail("XSS vulnerability identified.");
131         }
132     }
133 
134     public boolean isAlertPresent()
135     {
136         try
137         {
138             driver.switchTo().alert();
139             return true;
140         }   // try
141         catch (Exception Ex)
142         {
143             return false;
144         }   // catch
145     }
146 
147     @Test
148     public void testDemoTravelAccountMaintenanceNewBookmark() throws Exception {
149         testTravelAccountMaintenanceEditXss();
150         testTravelAccountMaintenanceNew();
151         passed();
152     }
153 
154     @Test
155     public void testDemoTravelAccountMaintenanceNewNav() throws Exception {
156         testTravelAccountMaintenanceEditXss();
157         testTravelAccountMaintenanceNew();
158         passed();
159     }
160 }