001 /**
002 * Copyright 2005-2013 The Kuali Foundation
003 *
004 * Licensed under the Educational Community License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.opensource.org/licenses/ecl2.php
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016 package edu.samplu.krad.demo.travel.account;
017
018 import edu.samplu.common.SmokeTestBase;
019 import org.junit.Test;
020
021 /**
022 * @author Kuali Rice Team (rice.collab@kuali.org)
023 */
024 public class DemoTravelAccountMaintenanceNewSmokeTest extends SmokeTestBase {
025
026 /**
027 * //div[@class='fancybox-item fancybox-close']
028 */
029 public static final String FANCY_BOX_CLOSE_XPATH = "//div[@class='fancybox-item fancybox-close']";
030
031 /**
032 * //div[@class='fancybox-item fancybox-close']
033 */
034 public static final String FANCY_BOX_IFRAME_XPATH = "//iframe[@class='fancybox-iframe']";
035
036 /**
037 * /kr-krad/maintenance?methodToCall=start&dataObjectClassName=org.kuali.rice.krad.demo.travel.account.TravelAccount&hideReturnLink=true
038 */
039 public static final String BOOKMARK_URL = "/kr-krad/maintenance?methodToCall=start&dataObjectClassName=org.kuali.rice.krad.demo.travel.account.TravelAccount&hideReturnLink=true";
040
041
042 /**
043 * Description field
044 */
045 public static final String DESCRIPTION_FIELD = "document.documentHeader.documentDescription";
046
047 /**
048 * Explanation field
049 */
050 public static final String EXPLANATION_FIELD = "document.documentHeader.explanation";
051
052 /**
053 * Organization document number field
054 */
055 public static final String ORGANIZATION_DOCUMENT_NUMBER_FIELD = "document.documentHeader.organizationDocumentNumber";
056
057 /**
058 * Travel account name field
059 */
060 public static final String TRAVEL_ACCOUNT_NAME_FIELD = "document.newMaintainableObject.dataObject.name";
061
062 /**
063 * Travel account nUMBER field
064 */
065 public static final String TRAVEL_ACCOUNT_NUMBER_FIELD = "document.newMaintainableObject.dataObject.number";
066
067 /**
068 * Travel account type code field
069 */
070 public static final String TRAVEL_ACCOUNT_TYPE_CODE_FIELD = "document.newMaintainableObject.dataObject.extension.accountTypeCode";
071
072 /**
073 * Travel sub account field
074 */
075 public static final String SUB_ACCOUNT_FIELD = "document.newMaintainableObject.dataObject.subAccount";
076
077 /**
078 * Travel sub account name field
079 */
080 public static final String SUB_ACCOUNT_NAME_FIELD = "document.newMaintainableObject.dataObject.subAccountName";
081
082 /**
083 * Subsidized percent
084 */
085 public static final String SUBSIDIZED_PERCENT_FIELD = "document.newMaintainableObject.dataObject.subsidizedPercent";
086
087 /**
088 * Date created.
089 */
090 public static final String DATE_CREATED_FIELD = "document.newMaintainableObject.dataObject.createDate";
091
092 /**
093 * Fiscal officer ID
094 */
095 public static final String FISCAL_OFFICER_ID_FIELD = "document.newMaintainableObject.dataObject.foId";
096
097 @Override
098 public String getBookmarkUrl() {
099 return BOOKMARK_URL;
100 }
101
102 protected void navigate() throws Exception {
103 waitAndClickById("Demo-DemoLink", "");
104 waitAndClickByLinkText("Account Maintenance (New)");
105 }
106
107 protected void testTravelAccountMaintenanceNew() throws Exception {
108 waitAndTypeByName("document.documentHeader.documentDescription","Travel Account Maintenance New Test Document");
109 waitAndTypeByName("document.newMaintainableObject.dataObject.number","a1");
110 waitAndClickByXpath("//input[@alt='Direct Inquiry']");
111 waitAndClickByXpath(FANCY_BOX_CLOSE_XPATH);
112 assertTextPresent("Travel Account Maintenance");
113 }
114
115 protected void testTravelAccountMaintenanceEditXss() throws Exception {
116 waitAndTypeByName(DESCRIPTION_FIELD,"\"/><script>alert('!')</script>");
117 waitAndTypeByName(EXPLANATION_FIELD,"\"/><script>alert('!')</script>");
118 waitAndTypeByName(ORGANIZATION_DOCUMENT_NUMBER_FIELD,"\"/><script>alert('!')</script>");
119 waitAndTypeByName(TRAVEL_ACCOUNT_NAME_FIELD,"blah");
120 waitAndTypeByName(TRAVEL_ACCOUNT_NUMBER_FIELD,"blah");
121 waitAndTypeByName(TRAVEL_ACCOUNT_TYPE_CODE_FIELD,"CAT");
122 waitAndTypeByName(SUB_ACCOUNT_FIELD,"a1");
123 waitAndTypeByName(SUB_ACCOUNT_NAME_FIELD,"\"/><script>alert('!')</script>");
124 waitAndTypeByName(SUBSIDIZED_PERCENT_FIELD,"\"/><script>alert('!')</script>");
125 waitAndTypeByName(DATE_CREATED_FIELD,"\"/><script>alert('!')</script>");
126 waitAndTypeByName(FISCAL_OFFICER_ID_FIELD,"\"/><script>alert('!')</script>");
127 waitAndClickButtonByText("Save");
128 Thread.sleep(1000);
129 if(isAlertPresent()) {
130 fail("XSS vulnerability identified.");
131 }
132 }
133
134 public boolean isAlertPresent()
135 {
136 try
137 {
138 driver.switchTo().alert();
139 return true;
140 } // try
141 catch (Exception Ex)
142 {
143 return false;
144 } // catch
145 }
146
147 @Test
148 public void testDemoTravelAccountMaintenanceNewBookmark() throws Exception {
149 testTravelAccountMaintenanceEditXss();
150 testTravelAccountMaintenanceNew();
151 passed();
152 }
153
154 @Test
155 public void testDemoTravelAccountMaintenanceNewNav() throws Exception {
156 testTravelAccountMaintenanceEditXss();
157 testTravelAccountMaintenanceNew();
158 passed();
159 }
160 }