View Javadoc

1   /**
2    * Copyright 2005-2013 The Kuali Foundation
3    *
4    * Licensed under the Educational Community License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.opensource.org/licenses/ecl2.php
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package edu.samplu.krad.demo.travel.account;
17  
18  import org.kuali.rice.testtools.selenium.SmokeTestBase;
19  
20  import org.apache.commons.lang.RandomStringUtils;
21  import org.junit.Test;
22  
23  /**
24   * @author Kuali Rice Team (rice.collab@kuali.org)
25   */
26  public class DemoTravelAccountMaintenanceEditSmokeTest extends SmokeTestBase {
27  
28      /**
29       * /kr-krad/maintenance?methodToCall=maintenanceEdit&number=a14&dataObjectClassName=org.kuali.rice.krad.demo.travel.dataobject.TravelAccount&hideReturnLink=true
30       */
31      public static final String BOOKMARK_URL = "/kr-krad/maintenance?methodToCall=maintenanceEdit&number=a14&dataObjectClassName=org.kuali.rice.krad.demo.travel.dataobject.TravelAccount&hideReturnLink=true";
32  
33      /**
34       * Description field
35       */
36      public static final String DESCRIPTION_FIELD = "document.documentHeader.documentDescription";
37  
38      /**
39       * Explanation field
40       */
41      public static final String EXPLANATION_FIELD = "document.documentHeader.explanation";
42  
43      /**
44       * Organization document number field
45       */
46      public static final String ORGANIZATION_DOCUMENT_NUMBER_FIELD = "document.documentHeader.organizationDocumentNumber";
47  
48      /**
49       * Travel sub account field
50       */
51      public static final String SUB_ACCOUNT_FIELD = "newCollectionLines['document.newMaintainableObject.dataObject.subAccounts'].subAccount";
52  
53      /**
54       * Travel sub account name field
55       */
56      public static final String SUB_ACCOUNT_NAME_FIELD = "newCollectionLines['document.newMaintainableObject.dataObject.subAccounts'].subAccountName";
57  
58      /**
59       * Subsidized percent
60       */
61      public static final String SUBSIDIZED_PERCENT_FIELD = "document.newMaintainableObject.dataObject.subsidizedPercent";
62  
63      /**
64       * Date created.
65       */
66      public static final String DATE_CREATED_FIELD = "document.newMaintainableObject.dataObject.createDate";
67  
68      /**
69       * Fiscal officer ID
70       */
71      public static final String FISCAL_OFFICER_ID_FIELD = "document.newMaintainableObject.dataObject.foId";
72  
73      @Override
74      public String getBookmarkUrl() {
75          return BOOKMARK_URL;
76      }
77  
78      protected void navigate() throws Exception {
79          waitAndClickById("Demo-DemoLink", "");
80          waitAndClickByLinkText("Travel Account Maintenance (Edit)");
81      }
82  
83      protected void testTravelAccountMaintenanceEdit() throws Exception {
84          waitAndTypeByName("document.documentHeader.documentDescription", "Travel Account Edit"+RandomStringUtils.randomAlphabetic(2));
85          waitAndTypeByName(SUB_ACCOUNT_FIELD, "a1");
86          waitAndTypeByName("newCollectionLines['document.newMaintainableObject.dataObject.subAccounts'].subAccountName", "Sub Account 1"+RandomStringUtils.randomAlphabetic(2));
87          gotoIframeByXpath("//iframe[@id='routeLogIFrame']");
88          checkForIncidentReport();
89          selectFrameIframePortlet();
90          waitAndClickButtonByText("submit");
91          Thread.sleep(10000);
92          checkForIncidentReport("Account Maintenance (Edit)");
93          assertTextPresent("Document was successfully submitted.");
94      }
95  
96      protected void testTravelAccountMaintenanceEditXss() throws Exception {
97          waitAndTypeByName(DESCRIPTION_FIELD,"\"/><script>alert('!')</script>");
98          waitAndTypeByName(EXPLANATION_FIELD,"\"/><script>alert('!')</script>");
99          waitAndTypeByName(ORGANIZATION_DOCUMENT_NUMBER_FIELD,"\"/><script>alert('!')</script>");
100         waitAndTypeByName(SUB_ACCOUNT_FIELD,"blah");
101         waitAndTypeByName(SUB_ACCOUNT_NAME_FIELD,"\"/><script>alert('!')</script>");
102         waitAndTypeByName(SUBSIDIZED_PERCENT_FIELD,"\"/><script>alert('!')</script>");
103         waitAndTypeByName(DATE_CREATED_FIELD,"\"/><script>alert('!')</script>");
104 //        waitAndTypeByName(FISCAL_OFFICER_ID_FIELD,"\"/><script>alert('!')</script>");
105         waitAndClickButtonByText("Save");
106         Thread.sleep(1000);
107         if(isAlertPresent())    {
108             fail("XSS vulnerability identified.");
109         }
110     }
111 
112     protected boolean isAlertPresent() {
113         try {
114             driver.switchTo().alert();
115             return true;
116         }   // try
117         catch (Exception Ex) {
118             return false;
119         }   // catch
120     }
121 
122     @Test
123     public void testDemoTravelAccountMaintenanceEditBookmark() throws Exception {
124         testTravelAccountMaintenanceEdit();
125         passed();
126     }
127 
128     @Test
129     public void testDemoTravelAccountMaintenanceEditNav() throws Exception {
130         testTravelAccountMaintenanceEdit();
131         passed();
132     }
133 
134     @Test
135     public void testDemoTravelAccountMaintenanceEditXssBookmark() throws Exception {
136         testTravelAccountMaintenanceEditXss();
137         passed();
138     }
139 
140     @Test
141     public void testDemoTravelAccountMaintenanceEditXssNav() throws Exception {
142         testTravelAccountMaintenanceEditXss();
143         passed();
144     }
145 
146 }