001/** 002 * Copyright 2005-2013 The Kuali Foundation 003 * 004 * Licensed under the Educational Community License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.opensource.org/licenses/ecl2.php 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 */ 016package edu.samplu.krad.demo.travel.account; 017 018import edu.samplu.common.SmokeTestBase; 019import org.junit.Test; 020 021/** 022 * @author Kuali Rice Team (rice.collab@kuali.org) 023 */ 024public class DemoTravelAccountMaintenanceNewSmokeTest extends SmokeTestBase { 025 026 /** 027 * //div[@class='fancybox-item fancybox-close'] 028 */ 029 public static final String FANCY_BOX_CLOSE_XPATH = "//div[@class='fancybox-item fancybox-close']"; 030 031 /** 032 * //div[@class='fancybox-item fancybox-close'] 033 */ 034 public static final String FANCY_BOX_IFRAME_XPATH = "//iframe[@class='fancybox-iframe']"; 035 036 /** 037 * /kr-krad/maintenance?methodToCall=start&dataObjectClassName=org.kuali.rice.krad.demo.travel.account.TravelAccount&hideReturnLink=true 038 */ 039 public static final String BOOKMARK_URL = "/kr-krad/maintenance?methodToCall=start&dataObjectClassName=org.kuali.rice.krad.demo.travel.account.TravelAccount&hideReturnLink=true"; 040 041 042 /** 043 * Description field 044 */ 045 public static final String DESCRIPTION_FIELD = "document.documentHeader.documentDescription"; 046 047 /** 048 * Explanation field 049 */ 050 public static final String EXPLANATION_FIELD = "document.documentHeader.explanation"; 051 052 /** 053 * Organization document number field 054 */ 055 public static final String ORGANIZATION_DOCUMENT_NUMBER_FIELD = "document.documentHeader.organizationDocumentNumber"; 056 057 /** 058 * Travel account name field 059 */ 060 public static final String TRAVEL_ACCOUNT_NAME_FIELD = "document.newMaintainableObject.dataObject.name"; 061 062 /** 063 * Travel account nUMBER field 064 */ 065 public static final String TRAVEL_ACCOUNT_NUMBER_FIELD = "document.newMaintainableObject.dataObject.number"; 066 067 /** 068 * Travel account type code field 069 */ 070 public static final String TRAVEL_ACCOUNT_TYPE_CODE_FIELD = "document.newMaintainableObject.dataObject.extension.accountTypeCode"; 071 072 /** 073 * Travel sub account field 074 */ 075 public static final String SUB_ACCOUNT_FIELD = "document.newMaintainableObject.dataObject.subAccount"; 076 077 /** 078 * Travel sub account name field 079 */ 080 public static final String SUB_ACCOUNT_NAME_FIELD = "document.newMaintainableObject.dataObject.subAccountName"; 081 082 /** 083 * Subsidized percent 084 */ 085 public static final String SUBSIDIZED_PERCENT_FIELD = "document.newMaintainableObject.dataObject.subsidizedPercent"; 086 087 /** 088 * Date created. 089 */ 090 public static final String DATE_CREATED_FIELD = "document.newMaintainableObject.dataObject.createDate"; 091 092 /** 093 * Fiscal officer ID 094 */ 095 public static final String FISCAL_OFFICER_ID_FIELD = "document.newMaintainableObject.dataObject.foId"; 096 097 @Override 098 public String getBookmarkUrl() { 099 return BOOKMARK_URL; 100 } 101 102 protected void navigate() throws Exception { 103 waitAndClickById("Demo-DemoLink", ""); 104 waitAndClickByLinkText("Account Maintenance (New)"); 105 } 106 107 protected void testTravelAccountMaintenanceNew() throws Exception { 108 waitAndTypeByName("document.documentHeader.documentDescription","Travel Account Maintenance New Test Document"); 109 waitAndTypeByName("document.newMaintainableObject.dataObject.number","a1"); 110 waitAndClickByXpath("//input[@alt='Direct Inquiry']"); 111 waitAndClickByXpath(FANCY_BOX_CLOSE_XPATH); 112 assertTextPresent("Travel Account Maintenance"); 113 } 114 115 protected void testTravelAccountMaintenanceEditXss() throws Exception { 116 waitAndTypeByName(DESCRIPTION_FIELD,"\"/><script>alert('!')</script>"); 117 waitAndTypeByName(EXPLANATION_FIELD,"\"/><script>alert('!')</script>"); 118 waitAndTypeByName(ORGANIZATION_DOCUMENT_NUMBER_FIELD,"\"/><script>alert('!')</script>"); 119 waitAndTypeByName(TRAVEL_ACCOUNT_NAME_FIELD,"blah"); 120 waitAndTypeByName(TRAVEL_ACCOUNT_NUMBER_FIELD,"blah"); 121 waitAndTypeByName(TRAVEL_ACCOUNT_TYPE_CODE_FIELD,"CAT"); 122 waitAndTypeByName(SUB_ACCOUNT_FIELD,"a1"); 123 waitAndTypeByName(SUB_ACCOUNT_NAME_FIELD,"\"/><script>alert('!')</script>"); 124 waitAndTypeByName(SUBSIDIZED_PERCENT_FIELD,"\"/><script>alert('!')</script>"); 125 waitAndTypeByName(DATE_CREATED_FIELD,"\"/><script>alert('!')</script>"); 126 waitAndTypeByName(FISCAL_OFFICER_ID_FIELD,"\"/><script>alert('!')</script>"); 127 waitAndClickButtonByText("Save"); 128 Thread.sleep(1000); 129 if(isAlertPresent()) { 130 fail("XSS vulnerability identified."); 131 } 132 } 133 134 public boolean isAlertPresent() 135 { 136 try 137 { 138 driver.switchTo().alert(); 139 return true; 140 } // try 141 catch (Exception Ex) 142 { 143 return false; 144 } // catch 145 } 146 147 @Test 148 public void testDemoTravelAccountMaintenanceNewBookmark() throws Exception { 149 testTravelAccountMaintenanceEditXss(); 150 testTravelAccountMaintenanceNew(); 151 passed(); 152 } 153 154 @Test 155 public void testDemoTravelAccountMaintenanceNewNav() throws Exception { 156 testTravelAccountMaintenanceEditXss(); 157 testTravelAccountMaintenanceNew(); 158 passed(); 159 } 160}