001 /**
002 * Copyright 2005-2013 The Kuali Foundation
003 *
004 * Licensed under the Educational Community License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.opensource.org/licenses/ecl2.php
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016 package edu.samplu.krad.demo.travel.account;
017
018 import org.kuali.rice.testtools.selenium.SmokeTestBase;
019 import org.junit.Test;
020
021 /**
022 * @author Kuali Rice Team (rice.collab@kuali.org)
023 */
024 public class DemoTravelAccountMaintenanceNewSmokeTest extends SmokeTestBase {
025
026 /**
027 * //div[@class='fancybox-item fancybox-close']
028 */
029 public static final String FANCY_BOX_CLOSE_XPATH = "//div[@class='fancybox-item fancybox-close']";
030
031 /**
032 * //div[@class='fancybox-item fancybox-close']
033 */
034 public static final String FANCY_BOX_IFRAME_XPATH = "//iframe[@class='fancybox-iframe']";
035
036 /**
037 * /kr-krad/maintenance?methodToCall=start&dataObjectClassName=org.kuali.rice.krad.demo.travel.dataobject.TravelAccount&hideReturnLink=true
038 */
039 public static final String BOOKMARK_URL = "/kr-krad/maintenance?methodToCall=start&dataObjectClassName=org.kuali.rice.krad.demo.travel.dataobject.TravelAccount&hideReturnLink=true";
040
041 /**
042 * Description field
043 */
044 public static final String DESCRIPTION_FIELD = "document.documentHeader.documentDescription";
045
046 /**
047 * Explanation field
048 */
049 public static final String EXPLANATION_FIELD = "document.documentHeader.explanation";
050
051 /**
052 * Organization document number field
053 */
054 public static final String ORGANIZATION_DOCUMENT_NUMBER_FIELD = "document.documentHeader.organizationDocumentNumber";
055
056 /**
057 * Travel account name field
058 */
059 public static final String TRAVEL_ACCOUNT_NAME_FIELD = "document.newMaintainableObject.dataObject.name";
060
061 /**
062 * Travel account nUMBER field
063 */
064 public static final String TRAVEL_ACCOUNT_NUMBER_FIELD = "document.newMaintainableObject.dataObject.number";
065
066 /**
067 * Travel account type code field
068 */
069 public static final String TRAVEL_ACCOUNT_TYPE_CODE_FIELD = "document.newMaintainableObject.dataObject.accountTypeCode";
070
071 /**
072 * Travel sub account field
073 */
074 public static final String SUB_ACCOUNT_FIELD_XPATH = "//div[@data-label='Travel Sub Account Number']/fieldset/input";
075
076 /**
077 * Travel sub account name field
078 */
079 public static final String SUB_ACCOUNT_NAME_FIELD_XPATH = "//div[@data-label='Sub Account Name']/input";
080
081 /**
082 * Subsidized percent
083 */
084 public static final String SUBSIDIZED_PERCENT_FIELD = "document.newMaintainableObject.dataObject.subsidizedPercent";
085
086 /**
087 * Date created.
088 */
089 public static final String DATE_CREATED_FIELD = "document.newMaintainableObject.dataObject.createDate";
090
091 /**
092 * Fiscal officer ID
093 */
094 public static final String FISCAL_OFFICER_ID_FIELD = "document.newMaintainableObject.dataObject.fiscalOfficer.principalName";
095
096 @Override
097 public String getBookmarkUrl() {
098 return BOOKMARK_URL;
099 }
100
101 protected void navigate() throws Exception {
102 waitAndClickById("Demo-DemoLink", "");
103 waitAndClickByLinkText("Account Maintenance (New)");
104 }
105
106 protected void testTravelAccountMaintenanceNew() throws Exception {
107 waitAndTypeByName("document.documentHeader.documentDescription","Travel Account Maintenance New Test Document");
108 waitAndTypeByName("document.newMaintainableObject.dataObject.number","a1");
109 assertTextPresent("Travel Account Maintenance");
110 }
111
112 protected void testTravelAccountMaintenanceEditXss() throws Exception {
113 waitAndTypeByName(DESCRIPTION_FIELD,"\"/><script>alert('!')</script>");
114 waitAndTypeByName(EXPLANATION_FIELD,"\"/><script>alert('!')</script>");
115 waitAndTypeByName(ORGANIZATION_DOCUMENT_NUMBER_FIELD,"\"/><script>alert('!')</script>");
116 waitAndTypeByName(TRAVEL_ACCOUNT_NAME_FIELD,"blah");
117 waitAndTypeByName(TRAVEL_ACCOUNT_NUMBER_FIELD,"blah");
118 selectByName(TRAVEL_ACCOUNT_TYPE_CODE_FIELD,"Clearing Account Type");
119 waitAndTypeByXpath(SUB_ACCOUNT_FIELD_XPATH,"a1");
120 waitAndTypeByXpath(SUB_ACCOUNT_NAME_FIELD_XPATH,"\"/><script>alert('!')</script>");
121 waitAndTypeByName(SUBSIDIZED_PERCENT_FIELD,"\"/><script>alert('!')</script>");
122 waitAndTypeByName(DATE_CREATED_FIELD,"\"/><script>alert('!')</script>");
123 waitAndTypeByName(FISCAL_OFFICER_ID_FIELD,"\"/><script>alert('!')</script>");
124 waitAndClickButtonByText("Save");
125 Thread.sleep(1000);
126 if(isAlertPresent()) {
127 fail("XSS vulnerability identified.");
128 }
129 }
130
131 public boolean isAlertPresent()
132 {
133 try
134 {
135 driver.switchTo().alert();
136 return true;
137 } // try
138 catch (Exception Ex)
139 {
140 return false;
141 } // catch
142 }
143
144 @Test
145 public void testDemoTravelAccountMaintenanceNewBookmark() throws Exception {
146 testTravelAccountMaintenanceEditXss();
147 testTravelAccountMaintenanceNew();
148 passed();
149 }
150
151 // @Test
152 public void testDemoTravelAccountMaintenanceNewNav() throws Exception {
153 testTravelAccountMaintenanceEditXss();
154 testTravelAccountMaintenanceNew();
155 passed();
156 }
157 }