View Javadoc
1   /*
2    * Copyright (c) 2002-2025, City of Paris
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions
7    * are met:
8    *
9    *  1. Redistributions of source code must retain the above copyright notice
10   *     and the following disclaimer.
11   *
12   *  2. Redistributions in binary form must reproduce the above copyright notice
13   *     and the following disclaimer in the documentation and/or other materials
14   *     provided with the distribution.
15   *
16   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17   *     contributors may be used to endorse or promote products derived from
18   *     this software without specific prior written permission.
19   *
20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30   * POSSIBILITY OF SUCH DAMAGE.
31   *
32   * License 1.0
33   */
34  package fr.paris.lutece.portal.web.xsl;
35  
36  import java.io.IOException;
37  import java.math.BigInteger;
38  import java.security.SecureRandom;
39  import java.util.ArrayList;
40  import java.util.HashMap;
41  import java.util.List;
42  import java.util.Map;
43  import java.util.Random;
44  import java.util.function.Function;
45  import java.util.stream.Collectors;
46  
47  import org.apache.commons.fileupload.FileItem;
48  import org.apache.commons.fileupload.disk.DiskFileItemFactory;
49  import org.springframework.mock.web.MockHttpServletRequest;
50  
51  import fr.paris.lutece.portal.business.file.File;
52  import fr.paris.lutece.portal.business.file.FileHome;
53  import fr.paris.lutece.portal.business.physicalfile.PhysicalFile;
54  import fr.paris.lutece.portal.business.rbac.RBACRole;
55  import fr.paris.lutece.portal.business.rbac.RBACRoleHome;
56  import fr.paris.lutece.portal.business.user.AdminUser;
57  import fr.paris.lutece.portal.business.xsl.XslExport;
58  import fr.paris.lutece.portal.business.xsl.XslExportHome;
59  import fr.paris.lutece.portal.service.admin.AccessDeniedException;
60  import fr.paris.lutece.portal.service.message.AdminMessage;
61  import fr.paris.lutece.portal.service.message.AdminMessageService;
62  import fr.paris.lutece.portal.service.security.SecurityTokenService;
63  import fr.paris.lutece.portal.web.upload.MultipartHttpServletRequest;
64  import fr.paris.lutece.test.LuteceTestCase;
65  import fr.paris.lutece.test.Utils;
66  
67  public class XslExportJspBeanTest extends LuteceTestCase
68  {
69      private XslExportJspBean _instance;
70      private XslExport _xslExport;
71  
72      @Override
73      protected void setUp( ) throws Exception
74      {
75          super.setUp( );
76          _instance = new XslExportJspBean( );
77          String strName = getRandomName( );
78          _xslExport = new XslExport( );
79          _xslExport.setTitle( strName );
80          _xslExport.setDescription( strName );
81          _xslExport.setExtension( strName );
82          _xslExport.setPlugin( "" );
83          File file = new File( );
84          PhysicalFile physicalFile = new PhysicalFile( );
85          physicalFile.setValue( new byte [ 1] );
86          file.setTitle( strName );
87          file.setSize( 1 );
88          file.setPhysicalFile( physicalFile );
89          file.setMimeType( "application/xml" );
90          _xslExport.setFile( file );
91          _xslExport.getFile( ).setIdFile( FileHome.create( _xslExport.getFile( ) ) );
92          XslExportHome.create( _xslExport );
93      }
94  
95      @Override
96      protected void tearDown( ) throws Exception
97      {
98          XslExportHome.remove( _xslExport.getIdXslExport( ) );
99          File file = FileHome.findByPrimaryKey( _xslExport.getFile( ).getIdFile( ) );
100         if ( file != null )
101         {
102             FileHome.remove( file.getIdFile( ) );
103         }
104         super.tearDown( );
105     }
106 
107     public void testGetCreateXslExport( ) throws AccessDeniedException
108     {
109         MockHttpServletRequest request = new MockHttpServletRequest( );
110         AdminUser user = new AdminUser( );
111         user.setRoles( RBACRoleHome.findAll( ).stream( ).collect( Collectors.toMap( RBACRole::getKey, Function.identity( ) ) ) );
112         Utils.registerAdminUserWithRigth( request, user, XslExportJspBean.RIGHT_MANAGE_XSL_EXPORT );
113 
114         _instance.init( request, XslExportJspBean.RIGHT_MANAGE_XSL_EXPORT );
115         assertNotNull( _instance.getCreateXslExport( request ) );
116     }
117 
118     public void testDoCreateXslExport( ) throws AccessDeniedException, IOException
119     {
120         MockHttpServletRequest request = new MockHttpServletRequest( );
121         AdminUser user = new AdminUser( );
122         user.setRoles( RBACRoleHome.findAll( ).stream( ).collect( Collectors.toMap( RBACRole::getKey, Function.identity( ) ) ) );
123         Utils.registerAdminUserWithRigth( request, user, XslExportJspBean.RIGHT_MANAGE_XSL_EXPORT );
124         String randomName = getRandomName( );
125         Map<String, String [ ]> parameters = new HashMap<>( );
126         parameters.put( "title", new String [ ] {
127                 randomName
128         } );
129         parameters.put( "description", new String [ ] {
130                 randomName
131         } );
132         parameters.put( "extension", new String [ ] {
133                 randomName
134         } );
135         parameters.put( SecurityTokenService.PARAMETER_TOKEN, new String [ ] {
136                 SecurityTokenService.getInstance( ).getToken( request, "admin/xsl/create_xsl_export.html" )
137         } );
138         Map<String, List<FileItem>> multipartFiles = new HashMap<>( );
139         List<FileItem> fileItems = new ArrayList<>( );
140         FileItem item = new DiskFileItemFactory( ).createItem( "id_file", "", false, "xsl" );
141         item.getOutputStream( ).write( "<?xml version='1.0'?><a/>".getBytes( ) );
142         fileItems.add( item );
143         multipartFiles.put( "id_file", fileItems );
144 
145         _instance.init( request, XslExportJspBean.RIGHT_MANAGE_XSL_EXPORT );
146         try
147         {
148             _instance.doCreateXslExport( new MultipartHttpServletRequest( request, multipartFiles, parameters ) );
149             assertTrue( XslExportHome.getList( ).stream( ).anyMatch(
150                     e -> randomName.equals( e.getTitle( ) ) && randomName.equals( e.getDescription( ) ) && randomName.equals( e.getExtension( ) ) ) );
151         }
152         finally
153         {
154             XslExportHome.getList( ).stream( ).filter( e -> randomName.equals( e.getTitle( ) ) ).forEach( e -> XslExportHome.remove( e.getIdXslExport( ) ) );
155         }
156     }
157 
158     public void testDoCreateXslExportInvalidToken( ) throws AccessDeniedException, IOException
159     {
160         MockHttpServletRequest request = new MockHttpServletRequest( );
161         AdminUser user = new AdminUser( );
162         user.setRoles( RBACRoleHome.findAll( ).stream( ).collect( Collectors.toMap( RBACRole::getKey, Function.identity( ) ) ) );
163         Utils.registerAdminUserWithRigth( request, user, XslExportJspBean.RIGHT_MANAGE_XSL_EXPORT );
164         String randomName = getRandomName( );
165         Map<String, String [ ]> parameters = new HashMap<>( );
166         parameters.put( "title", new String [ ] {
167                 randomName
168         } );
169         parameters.put( "description", new String [ ] {
170                 randomName
171         } );
172         parameters.put( "extension", new String [ ] {
173                 randomName
174         } );
175         parameters.put( SecurityTokenService.PARAMETER_TOKEN, new String [ ] {
176                 SecurityTokenService.getInstance( ).getToken( request, "admin/xsl/create_xsl_export.html" ) + "b"
177         } );
178         Map<String, List<FileItem>> multipartFiles = new HashMap<>( );
179         List<FileItem> fileItems = new ArrayList<>( );
180         FileItem item = new DiskFileItemFactory( ).createItem( "id_file", "", false, "xsl" );
181         item.getOutputStream( ).write( "<?xml version='1.0'?><a/>".getBytes( ) );
182         fileItems.add( item );
183         multipartFiles.put( "id_file", fileItems );
184 
185         _instance.init( request, XslExportJspBean.RIGHT_MANAGE_XSL_EXPORT );
186         try
187         {
188             _instance.doCreateXslExport( new MultipartHttpServletRequest( request, multipartFiles, parameters ) );
189             fail( "Should have thrown" );
190         }
191         catch( AccessDeniedException ade )
192         {
193             assertFalse( XslExportHome.getList( ).stream( ).anyMatch(
194                     e -> randomName.equals( e.getTitle( ) ) && randomName.equals( e.getDescription( ) ) && randomName.equals( e.getExtension( ) ) ) );
195         }
196         finally
197         {
198             XslExportHome.getList( ).stream( ).filter( e -> randomName.equals( e.getTitle( ) ) ).forEach( e -> XslExportHome.remove( e.getIdXslExport( ) ) );
199         }
200     }
201 
202     public void testDoCreateXslExportNoToken( ) throws AccessDeniedException, IOException
203     {
204         MockHttpServletRequest request = new MockHttpServletRequest( );
205         AdminUser user = new AdminUser( );
206         user.setRoles( RBACRoleHome.findAll( ).stream( ).collect( Collectors.toMap( RBACRole::getKey, Function.identity( ) ) ) );
207         Utils.registerAdminUserWithRigth( request, user, XslExportJspBean.RIGHT_MANAGE_XSL_EXPORT );
208         String randomName = getRandomName( );
209         Map<String, String [ ]> parameters = new HashMap<>( );
210         parameters.put( "title", new String [ ] {
211                 randomName
212         } );
213         parameters.put( "description", new String [ ] {
214                 randomName
215         } );
216         parameters.put( "extension", new String [ ] {
217                 randomName
218         } );
219 
220         Map<String, List<FileItem>> multipartFiles = new HashMap<>( );
221         List<FileItem> fileItems = new ArrayList<>( );
222         FileItem item = new DiskFileItemFactory( ).createItem( "id_file", "", false, "xsl" );
223         item.getOutputStream( ).write( "<?xml version='1.0'?><a/>".getBytes( ) );
224         fileItems.add( item );
225         multipartFiles.put( "id_file", fileItems );
226 
227         _instance.init( request, XslExportJspBean.RIGHT_MANAGE_XSL_EXPORT );
228         try
229         {
230             _instance.doCreateXslExport( new MultipartHttpServletRequest( request, multipartFiles, parameters ) );
231             fail( "Should have thrown" );
232         }
233         catch( AccessDeniedException ade )
234         {
235             assertFalse( XslExportHome.getList( ).stream( ).anyMatch(
236                     e -> randomName.equals( e.getTitle( ) ) && randomName.equals( e.getDescription( ) ) && randomName.equals( e.getExtension( ) ) ) );
237         }
238         finally
239         {
240             XslExportHome.getList( ).stream( ).filter( e -> randomName.equals( e.getTitle( ) ) ).forEach( e -> XslExportHome.remove( e.getIdXslExport( ) ) );
241         }
242     }
243 
244     private String getRandomName( )
245     {
246         Random rand = new SecureRandom( );
247         BigInteger bigInt = new BigInteger( 128, rand );
248         return "junit" + bigInt.toString( 36 );
249     }
250 
251     public void testGetModifyXslExport( ) throws AccessDeniedException
252     {
253         MockHttpServletRequest request = new MockHttpServletRequest( );
254         AdminUser user = new AdminUser( );
255         user.setRoles( RBACRoleHome.findAll( ).stream( ).collect( Collectors.toMap( RBACRole::getKey, Function.identity( ) ) ) );
256         Utils.registerAdminUserWithRigth( request, user, XslExportJspBean.RIGHT_MANAGE_XSL_EXPORT );
257         request.setParameter( "id_xsl_export", Integer.toString( _xslExport.getIdXslExport( ) ) );
258         _instance.init( request, XslExportJspBean.RIGHT_MANAGE_XSL_EXPORT );
259         assertNotNull( _instance.getModifyXslExport( request ) );
260     }
261 
262     public void testDoModifyXslExport( ) throws AccessDeniedException
263     {
264         MockHttpServletRequest request = new MockHttpServletRequest( );
265         AdminUser user = new AdminUser( );
266         user.setRoles( RBACRoleHome.findAll( ).stream( ).collect( Collectors.toMap( RBACRole::getKey, Function.identity( ) ) ) );
267         Utils.registerAdminUserWithRigth( request, user, XslExportJspBean.RIGHT_MANAGE_XSL_EXPORT );
268         String randomName = getRandomName( );
269         Map<String, String [ ]> parameters = new HashMap<>( );
270         parameters.put( "title", new String [ ] {
271                 randomName
272         } );
273         parameters.put( "description", new String [ ] {
274                 randomName
275         } );
276         parameters.put( "extension", new String [ ] {
277                 randomName
278         } );
279         parameters.put( "id_xsl_export", new String [ ] {
280                 Integer.toString( _xslExport.getIdXslExport( ) )
281         } );
282         parameters.put( SecurityTokenService.PARAMETER_TOKEN, new String [ ] {
283                 SecurityTokenService.getInstance( ).getToken( request, "admin/xsl/modify_xsl_export.html" )
284         } );
285         Map<String, List<FileItem>> multipartFiles = new HashMap<>( );
286 
287         _instance.init( request, XslExportJspBean.RIGHT_MANAGE_XSL_EXPORT );
288 
289         _instance.doModifyXslExport( new MultipartHttpServletRequest( request, multipartFiles, parameters ) );
290 
291         XslExport stored = XslExportHome.findByPrimaryKey( _xslExport.getIdXslExport( ) );
292         assertNotNull( stored );
293         assertEquals( randomName, stored.getTitle( ) );
294         assertEquals( randomName, stored.getDescription( ) );
295         assertEquals( randomName, stored.getExtension( ) );
296     }
297 
298     public void testDoModifyXslExportInvalidToken( ) throws AccessDeniedException
299     {
300         MockHttpServletRequest request = new MockHttpServletRequest( );
301         AdminUser user = new AdminUser( );
302         user.setRoles( RBACRoleHome.findAll( ).stream( ).collect( Collectors.toMap( RBACRole::getKey, Function.identity( ) ) ) );
303         Utils.registerAdminUserWithRigth( request, user, XslExportJspBean.RIGHT_MANAGE_XSL_EXPORT );
304         String randomName = getRandomName( );
305         Map<String, String [ ]> parameters = new HashMap<>( );
306         parameters.put( "title", new String [ ] {
307                 randomName
308         } );
309         parameters.put( "description", new String [ ] {
310                 randomName
311         } );
312         parameters.put( "extension", new String [ ] {
313                 randomName
314         } );
315         parameters.put( "id_xsl_export", new String [ ] {
316                 Integer.toString( _xslExport.getIdXslExport( ) )
317         } );
318         parameters.put( SecurityTokenService.PARAMETER_TOKEN, new String [ ] {
319                 SecurityTokenService.getInstance( ).getToken( request, "admin/xsl/modify_xsl_export.html" ) + "b"
320         } );
321         Map<String, List<FileItem>> multipartFiles = new HashMap<>( );
322 
323         _instance.init( request, XslExportJspBean.RIGHT_MANAGE_XSL_EXPORT );
324 
325         try
326         {
327             _instance.doModifyXslExport( new MultipartHttpServletRequest( request, multipartFiles, parameters ) );
328             fail( "Should have thrown" );
329         }
330         catch( AccessDeniedException e )
331         {
332             XslExport stored = XslExportHome.findByPrimaryKey( _xslExport.getIdXslExport( ) );
333             assertNotNull( stored );
334             assertEquals( _xslExport.getTitle( ), stored.getTitle( ) );
335             assertEquals( _xslExport.getDescription( ), stored.getDescription( ) );
336             assertEquals( _xslExport.getExtension( ), stored.getExtension( ) );
337         }
338     }
339 
340     public void testDoModifyXslExportNoToken( ) throws AccessDeniedException
341     {
342         MockHttpServletRequest request = new MockHttpServletRequest( );
343         AdminUser user = new AdminUser( );
344         user.setRoles( RBACRoleHome.findAll( ).stream( ).collect( Collectors.toMap( RBACRole::getKey, Function.identity( ) ) ) );
345         Utils.registerAdminUserWithRigth( request, user, XslExportJspBean.RIGHT_MANAGE_XSL_EXPORT );
346         String randomName = getRandomName( );
347         Map<String, String [ ]> parameters = new HashMap<>( );
348         parameters.put( "title", new String [ ] {
349                 randomName
350         } );
351         parameters.put( "description", new String [ ] {
352                 randomName
353         } );
354         parameters.put( "extension", new String [ ] {
355                 randomName
356         } );
357         parameters.put( "id_xsl_export", new String [ ] {
358                 Integer.toString( _xslExport.getIdXslExport( ) )
359         } );
360         Map<String, List<FileItem>> multipartFiles = new HashMap<>( );
361 
362         _instance.init( request, XslExportJspBean.RIGHT_MANAGE_XSL_EXPORT );
363 
364         try
365         {
366             _instance.doModifyXslExport( new MultipartHttpServletRequest( request, multipartFiles, parameters ) );
367             fail( "Should have thrown" );
368         }
369         catch( AccessDeniedException e )
370         {
371             XslExport stored = XslExportHome.findByPrimaryKey( _xslExport.getIdXslExport( ) );
372             assertNotNull( stored );
373             assertEquals( _xslExport.getTitle( ), stored.getTitle( ) );
374             assertEquals( _xslExport.getDescription( ), stored.getDescription( ) );
375             assertEquals( _xslExport.getExtension( ), stored.getExtension( ) );
376         }
377     }
378 
379     public void testGetConfirmRemoveXslExport( ) throws AccessDeniedException
380     {
381         MockHttpServletRequest request = new MockHttpServletRequest( );
382         AdminUser user = new AdminUser( );
383         user.setRoles( RBACRoleHome.findAll( ).stream( ).collect( Collectors.toMap( RBACRole::getKey, Function.identity( ) ) ) );
384         Utils.registerAdminUserWithRigth( request, user, XslExportJspBean.RIGHT_MANAGE_XSL_EXPORT );
385 
386         request.setParameter( "id_xsl_export", Integer.toString( _xslExport.getIdXslExport( ) ) );
387         _instance.init( request, XslExportJspBean.RIGHT_MANAGE_XSL_EXPORT );
388 
389         _instance.getConfirmRemoveXslExport( request );
390         AdminMessage message = AdminMessageService.getMessage( request );
391         assertNotNull( message );
392         assertTrue( message.getRequestParameters( ).containsKey( SecurityTokenService.PARAMETER_TOKEN ) );
393     }
394 
395     public void testDoRemoveXslExport( ) throws AccessDeniedException
396     {
397         MockHttpServletRequest request = new MockHttpServletRequest( );
398         AdminUser user = new AdminUser( );
399         user.setRoles( RBACRoleHome.findAll( ).stream( ).collect( Collectors.toMap( RBACRole::getKey, Function.identity( ) ) ) );
400         Utils.registerAdminUserWithRigth( request, user, XslExportJspBean.RIGHT_MANAGE_XSL_EXPORT );
401 
402         request.setParameter( "id_xsl_export", Integer.toString( _xslExport.getIdXslExport( ) ) );
403         request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
404                 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/xsl/DoRemoveXslExport.jsp" ) );
405         _instance.init( request, XslExportJspBean.RIGHT_MANAGE_XSL_EXPORT );
406 
407         _instance.doRemoveXslExport( request );
408 
409         XslExport stored = XslExportHome.findByPrimaryKey( _xslExport.getIdXslExport( ) );
410         assertNull( stored );
411     }
412 
413     public void testDoRemoveXslExportInvalidToken( ) throws AccessDeniedException
414     {
415         MockHttpServletRequest request = new MockHttpServletRequest( );
416         AdminUser user = new AdminUser( );
417         user.setRoles( RBACRoleHome.findAll( ).stream( ).collect( Collectors.toMap( RBACRole::getKey, Function.identity( ) ) ) );
418         Utils.registerAdminUserWithRigth( request, user, XslExportJspBean.RIGHT_MANAGE_XSL_EXPORT );
419 
420         request.setParameter( "id_xsl_export", Integer.toString( _xslExport.getIdXslExport( ) ) );
421         request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
422                 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/xsl/DoRemoveXslExport.jsp" ) + "b" );
423         _instance.init( request, XslExportJspBean.RIGHT_MANAGE_XSL_EXPORT );
424 
425         try
426         {
427             _instance.doRemoveXslExport( request );
428             fail( "Should have thrown" );
429         }
430         catch( AccessDeniedException e )
431         {
432             XslExport stored = XslExportHome.findByPrimaryKey( _xslExport.getIdXslExport( ) );
433             assertNotNull( stored );
434         }
435     }
436 
437     public void testDoRemoveXslExportNoToken( ) throws AccessDeniedException
438     {
439         MockHttpServletRequest request = new MockHttpServletRequest( );
440         AdminUser user = new AdminUser( );
441         user.setRoles( RBACRoleHome.findAll( ).stream( ).collect( Collectors.toMap( RBACRole::getKey, Function.identity( ) ) ) );
442         Utils.registerAdminUserWithRigth( request, user, XslExportJspBean.RIGHT_MANAGE_XSL_EXPORT );
443 
444         request.setParameter( "id_xsl_export", Integer.toString( _xslExport.getIdXslExport( ) ) );
445         _instance.init( request, XslExportJspBean.RIGHT_MANAGE_XSL_EXPORT );
446 
447         try
448         {
449             _instance.doRemoveXslExport( request );
450             fail( "Should have thrown" );
451         }
452         catch( AccessDeniedException e )
453         {
454             XslExport stored = XslExportHome.findByPrimaryKey( _xslExport.getIdXslExport( ) );
455             assertNotNull( stored );
456         }
457     }
458 }