From 7d6bdfe982472827b1fd365bb9de86afab6c7999 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aitor=20Mag=C3=A1n?= Date: Wed, 23 Dec 2015 18:11:05 +0100 Subject: [PATCH] Add tests to check that the HTML is escaped when creating/editing stores --- .../marketplace/bo/impl/StoreBoImplTest.java | 53 +++++++++++++++++++ 1 file changed, 53 insertions(+) diff --git a/src/test/java/org/fiware/apps/marketplace/bo/impl/StoreBoImplTest.java b/src/test/java/org/fiware/apps/marketplace/bo/impl/StoreBoImplTest.java index 574fc1e..cc7b982 100644 --- a/src/test/java/org/fiware/apps/marketplace/bo/impl/StoreBoImplTest.java +++ b/src/test/java/org/fiware/apps/marketplace/bo/impl/StoreBoImplTest.java @@ -61,10 +61,12 @@ import org.junit.Rule; import org.junit.Test; import org.junit.rules.TemporaryFolder; +import org.mockito.InOrder; import org.mockito.InjectMocks; import org.mockito.Mock; import org.mockito.MockitoAnnotations; import org.springframework.test.util.ReflectionTestUtils; +import org.springframework.web.util.HtmlUtils; public class StoreBoImplTest { @@ -206,6 +208,26 @@ public void testSaveWithoutImage() { testSave(false); } + @Test + public void testHtmlIsEscapedWhenCreating() throws Exception { + + String html = ""; + + Store store = mock(Store.class); + when(store.getName()).thenReturn(NAME); + when(store.getDisplayName()).thenReturn(DISPLAY_NAME); + when(store.getComment()).thenReturn(html); + when(storeAuthMock.canCreate(store)).thenReturn(true); + + InOrder order = inOrder(store, storeDaoMock); + + storeBo.save(store); + + order.verify(store).setComment(HtmlUtils.htmlEscape(html)); + order.verify(storeDaoMock).save(store); + + } + /////////////////////////////////////////////////////////////////////////////////////// /////////////////////////////////////// UPDATE //////////////////////////////////////// @@ -324,6 +346,10 @@ private void testUpdateStoreField(Store updatedStore) { // Assert that last modifier has changed assertThat(store.getLasteditor()).isEqualTo(user); + + // Check that the store has been modified in the data base + verify(storeDaoMock).update(store); + } catch (Exception ex) { // It's not supposed to happen fail("Exception " + ex + " is not supposed to happen"); @@ -358,6 +384,33 @@ public void testUpdateStoreImage() { testUpdateStoreField(newStore); } + @Test + public void testHtmlIsEscapedWhenUpdating() throws Exception { + + + String html = ""; + + Store updatedStore = mock(Store.class); + when(updatedStore.getComment()).thenReturn(html); + + Store storeToBeUpdated = mock(Store.class); + + // Mock + doReturn(storeToBeUpdated).when(storeDaoMock).findByName(NAME); + when(storeAuthMock.canUpdate(storeToBeUpdated)).thenReturn(true); + + InOrder order = inOrder(storeToBeUpdated, storeDaoMock); + + // Call the method + storeBo.update(NAME, updatedStore); + + // Verify that the html has been escaped before inserting it + // in the database + order.verify(storeToBeUpdated).setComment(HtmlUtils.htmlEscape(html)); + order.verify(storeDaoMock).update(storeToBeUpdated); + + } + /////////////////////////////////////////////////////////////////////////////////////// /////////////////////////////////////// DELETE ////////////////////////////////////////