Source code

001/**
002 * Copyright 2005-2013 The Kuali Foundation
003 *
004 * Licensed under the Educational Community License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.opensource.org/licenses/ecl2.php
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016package edu.samplu.krad.demo.travel.account;
017
018import edu.samplu.common.SmokeTestBase;
019import org.junit.Test;
020
021/**
022 * @author Kuali Rice Team (rice.collab@kuali.org)
023 */
024public class DemoTravelAccountMaintenanceEditSmokeTest extends SmokeTestBase {
025
026    /**
027     * /kr-krad/maintenance?methodToCall=maintenanceEdit&number=a14&dataObjectClassName=org.kuali.rice.krad.demo.travel.account.TravelAccount&hideReturnLink=true
028     */
029    public static final String BOOKMARK_URL = "/kr-krad/maintenance?methodToCall=maintenanceEdit&number=a14&dataObjectClassName=org.kuali.rice.krad.demo.travel.account.TravelAccount&hideReturnLink=true";
030
031    /**
032     * Description field
033     */
034    public static final String DESCRIPTION_FIELD = "document.documentHeader.documentDescription";
035
036    /**
037     * Explanation field
038     */
039    public static final String EXPLANATION_FIELD = "document.documentHeader.explanation";
040
041    /**
042     * Organization document number field
043     */
044    public static final String ORGANIZATION_DOCUMENT_NUMBER_FIELD = "document.documentHeader.organizationDocumentNumber";
045
046    /**
047     * Travel sub account field
048     */
049    public static final String SUB_ACCOUNT_FIELD = "document.newMaintainableObject.dataObject.subAccount";
050
051    /**
052     * Travel sub account name field
053     */
054    public static final String SUB_ACCOUNT_NAME_FIELD = "document.newMaintainableObject.dataObject.subAccountName";
055
056    /**
057     * Subsidized percent
058     */
059    public static final String SUBSIDIZED_PERCENT_FIELD = "document.newMaintainableObject.dataObject.subsidizedPercent";
060
061    /**
062     * Date created.
063     */
064    public static final String DATE_CREATED_FIELD = "document.newMaintainableObject.dataObject.createDate";
065
066    /**
067     * Fiscal officer ID
068     */
069    public static final String FISCAL_OFFICER_ID_FIELD = "document.newMaintainableObject.dataObject.foId";
070
071    @Override
072    public String getBookmarkUrl() {
073        return BOOKMARK_URL;
074    }
075
076    protected void navigate() throws Exception {
077        waitAndClickById("Demo-DemoLink", "");
078        waitAndClickByLinkText("Account Maintenance (Edit)");
079    }
080
081    protected void testTravelAccountMaintenanceEdit() throws Exception {
082        if(!isTextPresent("Stacktrace (only in dev mode)")) {
083            //code goes here
084        } else {
085            fail("Development Exception (Error) on page. Test cannot be executed.");
086        }
087    }
088
089    protected void testTravelAccountMaintenanceEditXss() throws Exception {
090        waitAndTypeByName(DESCRIPTION_FIELD,"\"/><script>alert('!')</script>");
091        waitAndTypeByName(EXPLANATION_FIELD,"\"/><script>alert('!')</script>");
092        waitAndTypeByName(ORGANIZATION_DOCUMENT_NUMBER_FIELD,"\"/><script>alert('!')</script>");
093        waitAndTypeByName(SUB_ACCOUNT_FIELD,"blah");
094        waitAndTypeByName(SUB_ACCOUNT_NAME_FIELD,"\"/><script>alert('!')</script>");
095        waitAndTypeByName(SUBSIDIZED_PERCENT_FIELD,"\"/><script>alert('!')</script>");
096        waitAndTypeByName(DATE_CREATED_FIELD,"\"/><script>alert('!')</script>");
097        waitAndTypeByName(FISCAL_OFFICER_ID_FIELD,"\"/><script>alert('!')</script>");
098        waitAndClickButtonByText("Save");
099        Thread.sleep(1000);
100        if(isAlertPresent())    {
101            fail("XSS vulnerability identified.");
102        }
103    }
104
105    public boolean isAlertPresent()
106    {
107        try
108        {
109            driver.switchTo().alert();
110            return true;
111        }   // try
112        catch (Exception Ex)
113        {
114            return false;
115        }   // catch
116    }
117
118    @Test
119    public void testDemoTravelAccountMaintenanceEditBookmark() throws Exception {
120        testTravelAccountMaintenanceEdit();
121        testTravelAccountMaintenanceEditXss();
122        passed();
123    }
124
125    @Test
126    public void testDemoTravelAccountMaintenanceEditNav() throws Exception {
127        testTravelAccountMaintenanceEdit();
128        testTravelAccountMaintenanceEditXss();
129        passed();
130    }
131}