001    /**
002     * Copyright 2005-2013 The Kuali Foundation
003     *
004     * Licensed under the Educational Community License, Version 2.0 (the "License");
005     * you may not use this file except in compliance with the License.
006     * You may obtain a copy of the License at
007     *
008     * http://www.opensource.org/licenses/ecl2.php
009     *
010     * Unless required by applicable law or agreed to in writing, software
011     * distributed under the License is distributed on an "AS IS" BASIS,
012     * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013     * See the License for the specific language governing permissions and
014     * limitations under the License.
015     */
016    package edu.samplu.krad.demo.travel.account;
017    
018    import edu.samplu.common.SmokeTestBase;
019    import org.junit.Test;
020    
021    /**
022     * @author Kuali Rice Team (rice.collab@kuali.org)
023     */
024    public class DemoTravelAccountMaintenanceEditSmokeTest extends SmokeTestBase {
025    
026        /**
027         * /kr-krad/maintenance?methodToCall=maintenanceEdit&number=a14&dataObjectClassName=org.kuali.rice.krad.demo.travel.account.TravelAccount&hideReturnLink=true
028         */
029        public static final String BOOKMARK_URL = "/kr-krad/maintenance?methodToCall=maintenanceEdit&number=a14&dataObjectClassName=org.kuali.rice.krad.demo.travel.account.TravelAccount&hideReturnLink=true";
030    
031        /**
032         * Description field
033         */
034        public static final String DESCRIPTION_FIELD = "document.documentHeader.documentDescription";
035    
036        /**
037         * Explanation field
038         */
039        public static final String EXPLANATION_FIELD = "document.documentHeader.explanation";
040    
041        /**
042         * Organization document number field
043         */
044        public static final String ORGANIZATION_DOCUMENT_NUMBER_FIELD = "document.documentHeader.organizationDocumentNumber";
045    
046        /**
047         * Travel sub account field
048         */
049        public static final String SUB_ACCOUNT_FIELD = "document.newMaintainableObject.dataObject.subAccount";
050    
051        /**
052         * Travel sub account name field
053         */
054        public static final String SUB_ACCOUNT_NAME_FIELD = "document.newMaintainableObject.dataObject.subAccountName";
055    
056        /**
057         * Subsidized percent
058         */
059        public static final String SUBSIDIZED_PERCENT_FIELD = "document.newMaintainableObject.dataObject.subsidizedPercent";
060    
061        /**
062         * Date created.
063         */
064        public static final String DATE_CREATED_FIELD = "document.newMaintainableObject.dataObject.createDate";
065    
066        /**
067         * Fiscal officer ID
068         */
069        public static final String FISCAL_OFFICER_ID_FIELD = "document.newMaintainableObject.dataObject.foId";
070    
071        @Override
072        public String getBookmarkUrl() {
073            return BOOKMARK_URL;
074        }
075    
076        protected void navigate() throws Exception {
077            waitAndClickById("Demo-DemoLink", "");
078            waitAndClickByLinkText("Account Maintenance (Edit)");
079        }
080    
081        protected void testTravelAccountMaintenanceEdit() throws Exception {
082            if(!isTextPresent("Stacktrace (only in dev mode)")) {
083                //code goes here
084            } else {
085                fail("Development Exception (Error) on page. Test cannot be executed.");
086            }
087        }
088    
089        protected void testTravelAccountMaintenanceEditXss() throws Exception {
090            waitAndTypeByName(DESCRIPTION_FIELD,"\"/><script>alert('!')</script>");
091            waitAndTypeByName(EXPLANATION_FIELD,"\"/><script>alert('!')</script>");
092            waitAndTypeByName(ORGANIZATION_DOCUMENT_NUMBER_FIELD,"\"/><script>alert('!')</script>");
093            waitAndTypeByName(SUB_ACCOUNT_FIELD,"blah");
094            waitAndTypeByName(SUB_ACCOUNT_NAME_FIELD,"\"/><script>alert('!')</script>");
095            waitAndTypeByName(SUBSIDIZED_PERCENT_FIELD,"\"/><script>alert('!')</script>");
096            waitAndTypeByName(DATE_CREATED_FIELD,"\"/><script>alert('!')</script>");
097            waitAndTypeByName(FISCAL_OFFICER_ID_FIELD,"\"/><script>alert('!')</script>");
098            waitAndClickButtonByText("Save");
099            Thread.sleep(1000);
100            if(isAlertPresent())    {
101                fail("XSS vulnerability identified.");
102            }
103        }
104    
105        public boolean isAlertPresent()
106        {
107            try
108            {
109                driver.switchTo().alert();
110                return true;
111            }   // try
112            catch (Exception Ex)
113            {
114                return false;
115            }   // catch
116        }
117    
118        @Test
119        public void testDemoTravelAccountMaintenanceEditBookmark() throws Exception {
120            testTravelAccountMaintenanceEdit();
121            testTravelAccountMaintenanceEditXss();
122            passed();
123        }
124    
125        @Test
126        public void testDemoTravelAccountMaintenanceEditNav() throws Exception {
127            testTravelAccountMaintenanceEdit();
128            testTravelAccountMaintenanceEditXss();
129            passed();
130        }
131    }