View Javadoc
1   /**
2    * Copyright 2005-2014 The Kuali Foundation
3    *
4    * Licensed under the Educational Community License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.opensource.org/licenses/ecl2.php
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.rice.krad.demo.travel.account;
17  
18  import org.kuali.rice.testtools.selenium.WebDriverLegacyITBase;
19  import org.openqa.selenium.By;
20  import org.apache.commons.lang.RandomStringUtils;
21  import org.junit.Test;
22  
23  /**
24   * @author Kuali Rice Team (rice.collab@kuali.org)
25   */
26  public class DemoTravelAccountMaintenanceEditAft extends WebDriverLegacyITBase {
27  
28      /**
29       * /kr-krad/maintenance?methodToCall=maintenanceEdit&number=a14&dataObjectClassName=org.kuali.rice.krad.demo.travel.dataobject.TravelAccount&hideReturnLink=true
30       */
31      public static final String BOOKMARK_URL = "/kr-krad/maintenance?methodToCall=maintenanceEdit&number=a14&dataObjectClassName=org.kuali.rice.krad.demo.travel.dataobject.TravelAccount&hideReturnLink=true";
32  
33      /**
34       * Description field
35       */
36      public static final String DESCRIPTION_FIELD = "document.documentHeader.documentDescription";
37  
38      /**
39       * Explanation field
40       */
41      public static final String EXPLANATION_FIELD = "document.documentHeader.explanation";
42  
43      /**
44       * Organization document number field
45       */
46      public static final String ORGANIZATION_DOCUMENT_NUMBER_FIELD = "document.documentHeader.organizationDocumentNumber";
47  
48      /**
49       * Travel sub account field
50       */
51      public static final String SUB_ACCOUNT_FIELD = "newCollectionLines['document.newMaintainableObject.dataObject.subAccounts'].subAccount";
52  
53      /**
54       * Travel sub account name field
55       */
56      public static final String SUB_ACCOUNT_NAME_FIELD = "newCollectionLines['document.newMaintainableObject.dataObject.subAccounts'].subAccountName";
57  
58      /**
59       * Subsidized percent
60       */
61      public static final String SUBSIDIZED_PERCENT_FIELD = "document.newMaintainableObject.dataObject.subsidizedPercent";
62  
63      /**
64       * Date created.
65       */
66      public static final String DATE_CREATED_FIELD = "document.newMaintainableObject.dataObject.createDate";
67  
68      /**
69       * Fiscal officer ID
70       */
71      public static final String FISCAL_OFFICER_ID_FIELD = "document.newMaintainableObject.dataObject.foId";
72  
73      @Override
74      public String getBookmarkUrl() {
75          return BOOKMARK_URL;
76      }
77  
78      protected void navigate() throws Exception {
79          waitAndClickById("Demo-DemoLink", "");
80          waitAndClickByLinkText("Travel Account Maintenance (Edit)");
81      }
82  
83      protected void testTravelAccountMaintenanceEdit() throws Exception {
84          waitAndTypeByName("document.documentHeader.documentDescription", "Travel Account Edit"+RandomStringUtils.randomAlphabetic(2));
85  
86          // Verify that adding a duplicate Sub Account is not allowed.
87          String subAccountDuplicate = "A";
88          waitAndTypeByName(SUB_ACCOUNT_FIELD, subAccountDuplicate);
89          waitAndTypeByName("newCollectionLines['document.newMaintainableObject.dataObject.subAccounts'].subAccountName", "Sub Account 1"+RandomStringUtils.randomAlphabetic(2));
90          waitAndClickButtonByText("add");
91          String errorMessage []={"Duplicate Sub Accounts (Travel Sub Account Number) are not allowed."};
92          assertTextPresent(errorMessage);
93  
94          // Verify that adding a duplicate Sub Account and Sub Account Name is not allowed.
95          waitAndTypeByName(SUB_ACCOUNT_FIELD, subAccountDuplicate);
96          waitAndTypeByName("newCollectionLines['document.newMaintainableObject.dataObject.subAccounts'].subAccountName", "Sub Account A");
97          waitAndClickButtonByText("add");
98          String errorMessage2 []={"Duplicate Sub Accounts (Travel Sub Account Number) are not allowed."};
99          assertTextPresent(errorMessage2);
100 
101         // Add a new sub account
102         String subAccount = "Z1" + RandomStringUtils.randomAlphabetic(2);
103         waitAndTypeByName(SUB_ACCOUNT_FIELD, subAccount);
104         waitAndTypeByName("newCollectionLines['document.newMaintainableObject.dataObject.subAccounts'].subAccountName", "Sub Account 1"+RandomStringUtils.randomAlphabetic(2));
105         waitForElementPresentByXpath("//input[@name='document.newMaintainableObject.dataObject.number' and @value='a14']");
106         waitForElementPresentByXpath("//input[@name='document.newMaintainableObject.dataObject.name' and @value='Travel Account 14']");
107         waitForElementPresentByXpath("//input[@name='document.newMaintainableObject.dataObject.foId' and @value='fran']");
108         waitAndClickButtonByText("add");
109         waitForElementPresentByXpath("//a[contains(text(),subAccount)]");
110 
111         waitAndClickButtonByText("Save");
112         waitForTextPresent("Document was successfully saved.");
113         waitAndClickButtonByText("submit");
114         waitAndClickButtonByText("reload");
115         assertTextPresent("FINAL");
116 
117     }
118 
119     protected void testTravelAccountMaintenanceEditXss() throws Exception {
120         waitAndTypeByName(DESCRIPTION_FIELD,"\"/><script>alert('!')</script>");
121         waitAndTypeByName(EXPLANATION_FIELD,"\"/><script>alert('!')</script>");
122         waitAndTypeByName(ORGANIZATION_DOCUMENT_NUMBER_FIELD,"\"/><script>alert('!')</script>");
123         waitAndTypeByName(SUB_ACCOUNT_FIELD,"blah");
124         waitAndTypeByName(SUB_ACCOUNT_NAME_FIELD,"\"/><script>alert('!')</script>");
125         waitAndTypeByName(SUBSIDIZED_PERCENT_FIELD,"\"/><script>alert('!')</script>");
126 //        waitAndTypeByName(DATE_CREATED_FIELD,"\"/><script>alert('!')</script>"); // no longer an input field
127 //        waitAndTypeByName(FISCAL_OFFICER_ID_FIELD,"\"/><script>alert('!')</script>");
128         waitAndClickButtonByText("Save");
129         Thread.sleep(1000);
130         if(isAlertPresent())    {
131             fail("XSS vulnerability identified.");
132         }
133     }
134 
135     protected boolean isAlertPresent() {
136         try {
137             driver.switchTo().alert();
138             return true;
139         }   // try
140         catch (Exception Ex) {
141             return false;
142         }   // catch
143     }
144     
145     protected void testEditFiscalOfficer() throws Exception {
146         if(!isElementPresentByXpath("//input[@name='document.newMaintainableObject.dataObject.foId' and @value='fran']")) {
147             jiraAwareFail("Fiscal Officer at start of test is not fran");
148         }
149         checkForRequiredFields();
150         changeFiscalOfficer("eric");
151         
152         // change eric back to fran
153         changeFiscalOfficer("fran");
154     }
155     
156     protected void testSubAccountOperations() throws Exception {
157         waitForElementNotPresent(By.xpath("//button[contains(text(),'Delete')]"));
158         waitAndTypeByXpath("//div[@data-label='Travel Sub Account Number']/input","A");
159         waitAndTypeByXpath("//div[@data-label='Sub Account Name']/input","Sub Account A");
160         waitAndClickButtonByExactText("add");
161         waitForTextPresent("Duplicate Sub Accounts (Travel Sub Account Number) are not allowed.");
162     }
163 
164     private void changeFiscalOfficer(String newUser) throws Exception {
165         waitAndTypeByName("document.documentHeader.documentDescription", "Edit Fiscal Officer to " + newUser + " "  + RandomStringUtils.randomAlphabetic(2));
166         clearTextByName("document.newMaintainableObject.dataObject.foId");
167         waitAndTypeByName("document.newMaintainableObject.dataObject.foId", newUser);
168         waitAndClickButtonByText("blanket approve");
169         navigate();
170         if(!isElementPresentByXpath("//input[@name='document.newMaintainableObject.dataObject.foId' and @value='" + newUser + "']")) {
171             jiraAwareFail("Fiscal Officer Not Changed to " + newUser);
172         }
173     }
174 
175     private void checkForRequiredFields() throws Exception{
176     	waitForElementPresentByXpath("//label[contains(text(),'Description')]/span[contains(text(),'*')]");
177     	waitForElementPresentByXpath("//label[contains(text(),'Travel Account Number:')]/span[contains(text(),'*')]");
178     	waitForElementPresentByXpath("//label[contains(text(),'Travel Account Name:')]/span[contains(text(),'*')]");
179     	waitForElementPresentByXpath("//label[contains(text(),'Travel Account Type Code:')]/span[contains(text(),'*')]");
180     	waitForElementPresentByXpath("//label[contains(text(),'Date Created:')]/span[contains(text(),'*')]");
181     	waitForElementPresentByXpath("//label[contains(text(),'Travel Sub Account Number:')]/span[contains(text(),'*')]");
182     	waitForElementPresentByXpath("//label[contains(text(),'Sub Account Name:')]/span[contains(text(),'*')]");
183         jGrowl("Verify required messages are displayed");
184     	waitAndClickButtonByText("submit");
185     	String requiredMessage []={"Description: Required"};
186     	assertTextPresent(requiredMessage);
187     	waitAndClickButtonByText("Save");
188     	assertTextPresent(requiredMessage);
189     	waitAndClickButtonByText("blanket approve");
190     	assertTextPresent(requiredMessage);
191     	waitAndClickButtonByText("add");
192     	String addRequiredMessage [] ={"Travel Sub Account Number: Required","Sub Account Name: Required"};
193     	assertTextPresent(addRequiredMessage);
194     	waitForElementPresentByXpath("//div[@data-label='Date Created']");
195     }
196 
197     @Test
198     public void testDemoTravelAccountMaintenanceEditBookmark() throws Exception {
199         testTravelAccountMaintenanceEdit();
200         passed();
201     }
202 
203     @Test
204     public void testDemoTravelAccountMaintenanceEditNav() throws Exception {
205         testTravelAccountMaintenanceEdit();
206         passed();
207     }
208 
209     @Test
210     public void testDemoTravelAccountMaintenanceEditXssBookmark() throws Exception {
211         testTravelAccountMaintenanceEditXss();
212         passed();
213     }
214 
215     @Test
216     public void testDemoTravelAccountMaintenanceEditXssNav() throws Exception {
217         testTravelAccountMaintenanceEditXss();
218         passed();
219     }
220     
221     @Test
222     public void testDemoTravelAccountMaintenanceEditFiscalOfficerBookmark() throws Exception {
223     	testEditFiscalOfficer();
224         passed();
225     }
226     
227     @Test
228     public void testDemoTravelAccountMaintenanceSubAccountOperationsBookmark() throws Exception {
229     	testSubAccountOperations();
230         passed();
231     }
232 
233 }