001 /**
002 * Copyright 2005-2013 The Kuali Foundation
003 *
004 * Licensed under the Educational Community License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.opensource.org/licenses/ecl2.php
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016 package edu.samplu.krad.demo.travel.account;
017
018 import org.kuali.rice.testtools.selenium.SmokeTestBase;
019
020 import org.apache.commons.lang.RandomStringUtils;
021 import org.junit.Test;
022
023 /**
024 * @author Kuali Rice Team (rice.collab@kuali.org)
025 */
026 public class DemoTravelAccountMaintenanceEditSmokeTest extends SmokeTestBase {
027
028 /**
029 * /kr-krad/maintenance?methodToCall=maintenanceEdit&number=a14&dataObjectClassName=org.kuali.rice.krad.demo.travel.dataobject.TravelAccount&hideReturnLink=true
030 */
031 public static final String BOOKMARK_URL = "/kr-krad/maintenance?methodToCall=maintenanceEdit&number=a14&dataObjectClassName=org.kuali.rice.krad.demo.travel.dataobject.TravelAccount&hideReturnLink=true";
032
033 /**
034 * Description field
035 */
036 public static final String DESCRIPTION_FIELD = "document.documentHeader.documentDescription";
037
038 /**
039 * Explanation field
040 */
041 public static final String EXPLANATION_FIELD = "document.documentHeader.explanation";
042
043 /**
044 * Organization document number field
045 */
046 public static final String ORGANIZATION_DOCUMENT_NUMBER_FIELD = "document.documentHeader.organizationDocumentNumber";
047
048 /**
049 * Travel sub account field
050 */
051 public static final String SUB_ACCOUNT_FIELD = "newCollectionLines['document.newMaintainableObject.dataObject.subAccounts'].subAccount";
052
053 /**
054 * Travel sub account name field
055 */
056 public static final String SUB_ACCOUNT_NAME_FIELD = "newCollectionLines['document.newMaintainableObject.dataObject.subAccounts'].subAccountName";
057
058 /**
059 * Subsidized percent
060 */
061 public static final String SUBSIDIZED_PERCENT_FIELD = "document.newMaintainableObject.dataObject.subsidizedPercent";
062
063 /**
064 * Date created.
065 */
066 public static final String DATE_CREATED_FIELD = "document.newMaintainableObject.dataObject.createDate";
067
068 /**
069 * Fiscal officer ID
070 */
071 public static final String FISCAL_OFFICER_ID_FIELD = "document.newMaintainableObject.dataObject.foId";
072
073 @Override
074 public String getBookmarkUrl() {
075 return BOOKMARK_URL;
076 }
077
078 protected void navigate() throws Exception {
079 waitAndClickById("Demo-DemoLink", "");
080 waitAndClickByLinkText("Travel Account Maintenance (Edit)");
081 }
082
083 protected void testTravelAccountMaintenanceEdit() throws Exception {
084 waitAndTypeByName("document.documentHeader.documentDescription", "Travel Account Edit"+RandomStringUtils.randomAlphabetic(2));
085 waitAndTypeByName(SUB_ACCOUNT_FIELD, "a1");
086 waitAndTypeByName("newCollectionLines['document.newMaintainableObject.dataObject.subAccounts'].subAccountName", "Sub Account 1"+RandomStringUtils.randomAlphabetic(2));
087 gotoIframeByXpath("//iframe[@id='routeLogIFrame']");
088 checkForIncidentReport();
089 selectFrameIframePortlet();
090 waitAndClickButtonByText("submit");
091 Thread.sleep(10000);
092 checkForIncidentReport("Account Maintenance (Edit)");
093 assertTextPresent("Document was successfully submitted.");
094 }
095
096 protected void testTravelAccountMaintenanceEditXss() throws Exception {
097 waitAndTypeByName(DESCRIPTION_FIELD,"\"/><script>alert('!')</script>");
098 waitAndTypeByName(EXPLANATION_FIELD,"\"/><script>alert('!')</script>");
099 waitAndTypeByName(ORGANIZATION_DOCUMENT_NUMBER_FIELD,"\"/><script>alert('!')</script>");
100 waitAndTypeByName(SUB_ACCOUNT_FIELD,"blah");
101 waitAndTypeByName(SUB_ACCOUNT_NAME_FIELD,"\"/><script>alert('!')</script>");
102 waitAndTypeByName(SUBSIDIZED_PERCENT_FIELD,"\"/><script>alert('!')</script>");
103 waitAndTypeByName(DATE_CREATED_FIELD,"\"/><script>alert('!')</script>");
104 // waitAndTypeByName(FISCAL_OFFICER_ID_FIELD,"\"/><script>alert('!')</script>");
105 waitAndClickButtonByText("Save");
106 Thread.sleep(1000);
107 if(isAlertPresent()) {
108 fail("XSS vulnerability identified.");
109 }
110 }
111
112 protected boolean isAlertPresent() {
113 try {
114 driver.switchTo().alert();
115 return true;
116 } // try
117 catch (Exception Ex) {
118 return false;
119 } // catch
120 }
121
122 @Test
123 public void testDemoTravelAccountMaintenanceEditBookmark() throws Exception {
124 testTravelAccountMaintenanceEdit();
125 passed();
126 }
127
128 @Test
129 public void testDemoTravelAccountMaintenanceEditNav() throws Exception {
130 testTravelAccountMaintenanceEdit();
131 passed();
132 }
133
134 @Test
135 public void testDemoTravelAccountMaintenanceEditXssBookmark() throws Exception {
136 testTravelAccountMaintenanceEditXss();
137 passed();
138 }
139
140 @Test
141 public void testDemoTravelAccountMaintenanceEditXssNav() throws Exception {
142 testTravelAccountMaintenanceEditXss();
143 passed();
144 }
145
146 }