View Javadoc
1   /**
2    * Copyright 2005-2015 The Kuali Foundation
3    *
4    * Licensed under the Educational Community License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.opensource.org/licenses/ecl2.php
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.rice.krad.labs.transactional;
17  
18  import org.apache.commons.lang.StringUtils;
19  import org.kuali.rice.testtools.selenium.WebDriverUtils;
20  import org.openqa.selenium.By;
21  import org.openqa.selenium.JavascriptExecutor;
22  import org.openqa.selenium.WebDriver;
23  import org.openqa.selenium.WebElement;
24  
25  /**
26   * @author Kuali Rice Team (rice.collab@kuali.org)
27   */
28  public class LabsLookupSecurityTravelAuthorizationDocumentBase extends LabsTransactionalBase {
29  
30      /**
31       * /kr-krad/approval?methodToCall=docHandler&command=initiate&docTypeName=TravelAuthorization&viewName=LabsLookupSecurityTravelAuthorization
32       */
33      public static final String BOOKMARK_URL = "/kr-krad/approval?methodToCall=docHandler&command=initiate&docTypeName=TravelAuthorization&viewName=LabsLookupSecurityTravelAuthorization";
34  
35      public static final String FRAME_URL = "/kr-krad/lookup?conversionFields=";
36  
37      private static final String PHONE_NUMBER_NAME = "document.travelerDetail.phoneNumber";
38      private static final String PHONE_NUMBER_DECRYPTED = "8005551212";
39  
40      private static final String CUSTOMER_NUMBER_NAME = "document.travelerDetail.customerNumber";
41      private static final String CUSTOMER_NUMBER_DECRYPTED = "CUST";
42  
43      private static final String EMAIL_ADDRESS_NAME = "document.travelerDetail.emailAddress";
44  
45      private static final String TRAVELER_TYPE_CODE_NAME = "travelerType.code";
46  
47      private static final String CONVERSION_FIELDS = "conversionFields=";
48      private static final String ERRANT_CONVERSION_FIELD = TRAVELER_TYPE_CODE_NAME + "%3A" + EMAIL_ADDRESS_NAME + "%2C";
49  
50      @Override
51      protected String getBookmarkUrl() {
52          return BOOKMARK_URL;
53      }
54  
55      @Override
56      protected void navigate() throws Exception {
57          navigateToTransactional("Transactional Sample - Lookup Security");
58          waitAndClickByLinkText("Travel Authorization Transactional Sample - Lookup Security");
59      }
60  
61      /**
62       * Tests the basic case in which the phone number does not appear anywhere on the page decrypted.
63       *
64       * @throws Exception
65       */
66      protected void testTransactionalLookupSecurity() throws Exception {
67          waitAndClickTravelerQuickfinder();
68  
69          gotoLightBoxIframe();
70          waitAndClickSearch3();
71          waitAndClickReturnValue();
72          String phoneNumber = waitAndGetLabeledText("Phone Number:");
73  
74          assertTrue("Secure field phoneNumber was not empty", StringUtils.isBlank(phoneNumber));
75          assertTextNotPresent(PHONE_NUMBER_DECRYPTED);
76      }
77  
78      private void waitAndClickTravelerQuickfinder() throws InterruptedException {
79          jGrowl("Click Traveler Quickfinder Icon");
80          waitAndClick(By.id("travelerQuickfinder_quickfinder_act"));
81          waitForPageToLoad();
82      }
83  
84      /**
85       * Tests the case in which the data dictionary phone number conversion field is changed to have it appear in the
86       * email address field, which is not secured.
87       *
88       * @throws Exception
89       */
90      protected void testTransactionalLookupSecurityAddDataDictionaryConversionField() throws Exception {
91          waitAndClickTravelerQuickfinder();
92  
93          final String xpathExpression = "//iframe[contains(@src,'" + FRAME_URL + "')]";
94          driver.switchTo().frame(driver.findElement(By.xpath(xpathExpression)));
95  
96          String newUrl = StringUtils.replace(driver.getCurrentUrl(), PHONE_NUMBER_NAME, EMAIL_ADDRESS_NAME);
97          jGrowl("Opening -> "+newUrl);
98          open(newUrl);
99          waitForPageToLoad();
100 
101         waitAndClickSearch3();
102         waitAndClickReturnValue();
103 
104         final String xpathExpression2 = "//div[contains(@data-label,'Email Address')]";
105         String emailAddress = waitAndGetAttribute(By.xpath(xpathExpression2),"value");
106 
107         assertTrue("Non-secure field emailAddress was not empty", StringUtils.isBlank(emailAddress));
108         assertTextNotPresent(PHONE_NUMBER_DECRYPTED);
109     }
110 
111     /**
112      * Tests the case in which the UIf customer number conversion field is changed to have it appear in the email
113      * address field, which is not secured.
114      *
115      * @throws Exception
116      */
117     protected void testTransactionalLookupSecurityAddUifConversionField() throws Exception {
118         waitAndClickTravelerQuickfinder();
119 
120         final String xpathExpression = "//iframe[contains(@src,'" + FRAME_URL + "')]";
121         driver.switchTo().frame(driver.findElement(By.xpath(xpathExpression)));
122 
123         String newUrl = StringUtils.replace(driver.getCurrentUrl(), CUSTOMER_NUMBER_NAME, EMAIL_ADDRESS_NAME);
124         jGrowl("Opening -> "+newUrl);
125         open(newUrl);
126         waitForPageToLoad();
127 
128         waitAndClickSearch3();
129         waitAndClickReturnValue();
130 
131         final String xpathExpression2 = "//div[contains(@data-label,'Email Address')]";
132         String emailAddress = waitAndGetAttribute(By.xpath(xpathExpression2),"value");
133 
134         assertTrue("Non-secure field emailAddress was not empty", StringUtils.isBlank(emailAddress));
135         assertTextNotPresent(CUSTOMER_NUMBER_DECRYPTED);
136     }
137 
138     /**
139      * Tests the case in which the a new conversion field is added so that a field that is not referenced in either the
140      * data dictionary or the Uif (the traveler type code) appears in the email address field, which is not secured.
141      *
142      * @throws Exception
143      */
144     protected void testTransactionalLookupSecurityAddHiddenConversionField() throws Exception {
145         waitAndClickTravelerQuickfinder();
146 
147         final String xpathExpression = "//iframe[contains(@src,'" + FRAME_URL + "')]";
148         driver.switchTo().frame(driver.findElement(By.xpath(xpathExpression)));
149 
150         final String currentUrl = driver.getCurrentUrl();
151 
152         assertTrue("Url doesn't have CONVERSION_FIELDS (" + CONVERSION_FIELDS + ")", StringUtils.indexOf(currentUrl, CONVERSION_FIELDS) > -1);
153         int splitPosition = StringUtils.indexOf(currentUrl, CONVERSION_FIELDS) + CONVERSION_FIELDS.length();
154         String before = StringUtils.substring(currentUrl, 0, splitPosition);
155         String after = StringUtils.substring(currentUrl, splitPosition);
156         String newUrl = before + ERRANT_CONVERSION_FIELD + after;
157         jGrowl("Opening -> "+newUrl);
158         open(newUrl);
159         waitForPageToLoad();
160 
161         waitAndClickSearch3();
162         waitAndClickReturnValue();
163 
164         final String xpathExpression2 = "//div[contains(@data-label,'Email Address')]";
165         String emailAddress = waitAndGetAttribute(By.xpath(xpathExpression2),"value");
166 
167         assertTrue("Non-secure field emailAddress was not empty", StringUtils.isBlank(emailAddress));
168     }
169 
170 }