Search in sources :

Example 1 with LogEventService

use of org.cerberus.crud.service.impl.LogEventService in project cerberus-source by cerberustesting.

the class UpdateTestDataLib method processRequest.

/**
 * Processes requests for both HTTP <code>GET</code> and <code>POST</code>
 * methods.
 *
 * @param request servlet request
 * @param response servlet response
 * @throws ServletException if a servlet-specific error occurs
 * @throws IOException if an I/O error occurs
 */
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    JSONObject jsonResponse = new JSONObject();
    ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
    Answer ans = new Answer();
    MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
    msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
    ans.setResultMessage(msg);
    PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
    String charset = request.getCharacterEncoding();
    IFactoryTestDataLibData tdldFactory = appContext.getBean(IFactoryTestDataLibData.class);
    ITestDataLibDataService tdldService = appContext.getBean(ITestDataLibDataService.class);
    IParameterService parameterService = appContext.getBean(IParameterService.class);
    response.setContentType("application/json");
    Map<String, String> fileData = new HashMap<String, String>();
    FileItem file = null;
    FileItemFactory factory = new DiskFileItemFactory();
    ServletFileUpload upload = new ServletFileUpload(factory);
    try {
        List<FileItem> fields = upload.parseRequest(request);
        Iterator<FileItem> it = fields.iterator();
        if (!it.hasNext()) {
            return;
        }
        while (it.hasNext()) {
            FileItem fileItem = it.next();
            boolean isFormField = fileItem.isFormField();
            if (isFormField) {
                fileData.put(fileItem.getFieldName(), ParameterParserUtil.parseStringParamAndDecode(fileItem.getString("UTF-8"), "", charset));
            } else {
                file = fileItem;
            }
        }
    } catch (FileUploadException e) {
        e.printStackTrace();
    }
    /**
     * Parsing and securing all required parameters.
     */
    // Parameter that are already controled by GUI (no need to decode) --> We SECURE them
    String type = policy.sanitize(fileData.get("type"));
    String system = policy.sanitize(fileData.get("system"));
    String environment = policy.sanitize(fileData.get("environment"));
    String country = policy.sanitize(fileData.get("country"));
    String database = policy.sanitize(fileData.get("database"));
    String databaseUrl = policy.sanitize(fileData.get("databaseUrl"));
    String databaseCsv = policy.sanitize(fileData.get("databaseCsv"));
    // Parameter that needs to be secured --> We SECURE+DECODE them
    // this is mandatory
    String name = fileData.get("name");
    String group = fileData.get("group");
    String description = fileData.get("libdescription");
    String service = fileData.get("service");
    // Parameter that we cannot secure as we need the html --> We DECODE them
    String script = fileData.get("script");
    String servicePath = fileData.get("servicepath");
    String method = fileData.get("method");
    String envelope = fileData.get("envelope");
    String csvUrl = fileData.get("csvUrl");
    String separator = fileData.get("separator");
    String activateAutoSubdata = fileData.get("subdataCheck");
    Integer testdatalibid = 0;
    boolean testdatalibid_error = true;
    try {
        if (fileData.get("testdatalibid") != null && !fileData.get("testdatalibid").isEmpty()) {
            testdatalibid = Integer.valueOf(fileData.get("testdatalibid"));
            testdatalibid_error = false;
        }
    } catch (NumberFormatException ex) {
        testdatalibid_error = true;
        LOG.warn(ex);
    }
    try {
        // Prepare the final answer.
        MessageEvent msg1 = new MessageEvent(MessageEventEnum.GENERIC_OK);
        Answer finalAnswer = new Answer(msg1);
        /**
         * Checking all constrains before calling the services.
         */
        if (StringUtil.isNullOrEmpty(name)) {
            msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
            msg.setDescription(msg.getDescription().replace("%ITEM%", "Test data library").replace("%OPERATION%", "Update").replace("%REASON%", "Test data library name is missing."));
            finalAnswer.setResultMessage(msg);
        } else if (testdatalibid_error) {
            msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
            msg.setDescription(msg.getDescription().replace("%ITEM%", "Test data library").replace("%OPERATION%", "Update").replace("%REASON%", "Could not manage to convert testdatalibid to an integer value or testdatalibid is missing."));
            finalAnswer.setResultMessage(msg);
        } else {
            /**
             * All data seems cleans so we can call the services.
             */
            // specific attributes
            ITestDataLibService libService = appContext.getBean(ITestDataLibService.class);
            AnswerItem resp = libService.readByKey(testdatalibid);
            if (!(resp.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode()) && resp.getItem() != null)) {
                /**
                 * Object could not be found. We stop here and report the
                 * error.
                 */
                finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) resp);
            } else {
                /**
                 * The service was able to perform the query and confirm the
                 * object exist, then we can update it.
                 */
                TestDataLib lib = (TestDataLib) resp.getItem();
                String fileName = lib.getCsvUrl();
                if (file != null) {
                    ans = libService.uploadFile(lib.getTestDataLibID(), file);
                    if (ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) {
                        fileName = file.getName();
                    }
                }
                lib.setName(name);
                lib.setType(type);
                lib.setGroup(group);
                lib.setDescription(description);
                lib.setSystem(system);
                lib.setEnvironment(environment);
                lib.setCountry(country);
                lib.setDatabase(database);
                lib.setScript(script);
                lib.setDatabaseUrl(databaseUrl);
                lib.setServicePath(servicePath);
                lib.setService(service);
                lib.setMethod(method);
                lib.setEnvelope(envelope);
                lib.setDatabaseCsv(databaseCsv);
                if (file == null) {
                    lib.setCsvUrl(csvUrl);
                } else {
                    lib.setCsvUrl(File.separator + lib.getTestDataLibID() + File.separator + fileName);
                }
                lib.setSeparator(separator);
                lib.setLastModifier(request.getRemoteUser());
                ans = libService.update(lib);
                finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) ans);
                if (ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) {
                    /**
                     * Update operation finished with success, then the
                     * logging entry must be added.
                     */
                    ILogEventService logEventService = appContext.getBean(LogEventService.class);
                    logEventService.createForPrivateCalls("/UpdateTestDataLib", "UPDATE", "Update TestDataLib - id: " + testdatalibid + " name: " + name + " system: " + system + " environment: " + environment + " country: " + country, request);
                }
                List<TestDataLibData> tdldList = new ArrayList();
                // Getting list of SubData from JSON Call
                if (fileData.get("subDataList") != null) {
                    JSONArray objSubDataArray = new JSONArray(fileData.get("subDataList"));
                    tdldList = getSubDataFromParameter(request, appContext, testdatalibid, objSubDataArray);
                }
                // When File has just been uploaded to servlet and flag to load the subdata value has been checked, we will parse it in order to automatically feed the subdata.
                if (file != null && activateAutoSubdata.equals("1")) {
                    String str = "";
                    try (BufferedReader reader = new BufferedReader(new FileReader(parameterService.getParameterStringByKey("cerberus_testdatalibcsv_path", "", null) + lib.getCsvUrl()))) {
                        // First line of the file is split by separator.
                        str = reader.readLine();
                        String[] subData = (!lib.getSeparator().isEmpty()) ? str.split(lib.getSeparator()) : str.split(",");
                        // We take the subdata from the servlet input.
                        TestDataLibData firstLine = tdldList.get(0);
                        tdldList = new ArrayList();
                        firstLine.setColumnPosition("1");
                        tdldList.add(firstLine);
                        int i = 1;
                        for (String item : subData) {
                            String subdataName = "SUBDATA" + i;
                            TestDataLibData tdld = tdldFactory.create(null, testdatalibid, subdataName, item, null, null, Integer.toString(i), null);
                            tdldList.add(tdld);
                            i++;
                        }
                    // Update the Database with the new list.
                    } finally {
                        try {
                            file.getInputStream().close();
                        } catch (Throwable ignore) {
                        }
                    }
                }
                ans = tdldService.compareListAndUpdateInsertDeleteElements(testdatalibid, tdldList);
                finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) ans);
            }
        }
        jsonResponse.put("messageType", finalAnswer.getResultMessage().getMessage().getCodeString());
        jsonResponse.put("message", finalAnswer.getResultMessage().getDescription());
        response.getWriter().print(jsonResponse);
        response.getWriter().flush();
    } catch (JSONException ex) {
        LOG.warn(ex);
        // returns a default error message with the json format that is able to be parsed by the client-side
        response.getWriter().print(AnswerUtil.createGenericErrorAnswer());
    }
}
Also used : PolicyFactory(org.owasp.html.PolicyFactory) HashMap(java.util.HashMap) MessageEvent(org.cerberus.engine.entity.MessageEvent) IFactoryTestDataLibData(org.cerberus.crud.factory.IFactoryTestDataLibData) ILogEventService(org.cerberus.crud.service.ILogEventService) LogEventService(org.cerberus.crud.service.impl.LogEventService) ArrayList(java.util.ArrayList) IParameterService(org.cerberus.crud.service.IParameterService) ITestDataLibDataService(org.cerberus.crud.service.ITestDataLibDataService) ApplicationContext(org.springframework.context.ApplicationContext) ServletFileUpload(org.apache.commons.fileupload.servlet.ServletFileUpload) ILogEventService(org.cerberus.crud.service.ILogEventService) ArrayList(java.util.ArrayList) List(java.util.List) FileReader(java.io.FileReader) TestDataLib(org.cerberus.crud.entity.TestDataLib) JSONArray(org.json.JSONArray) JSONException(org.json.JSONException) DiskFileItemFactory(org.apache.commons.fileupload.disk.DiskFileItemFactory) AnswerItem(org.cerberus.util.answer.AnswerItem) FileItemFactory(org.apache.commons.fileupload.FileItemFactory) DiskFileItemFactory(org.apache.commons.fileupload.disk.DiskFileItemFactory) Answer(org.cerberus.util.answer.Answer) FileItem(org.apache.commons.fileupload.FileItem) JSONObject(org.json.JSONObject) BufferedReader(java.io.BufferedReader) ITestDataLibService(org.cerberus.crud.service.ITestDataLibService) FileUploadException(org.apache.commons.fileupload.FileUploadException) IFactoryTestDataLibData(org.cerberus.crud.factory.IFactoryTestDataLibData) TestDataLibData(org.cerberus.crud.entity.TestDataLibData)

Example 2 with LogEventService

use of org.cerberus.crud.service.impl.LogEventService in project cerberus-source by cerberustesting.

the class CreateTestCaseExecutionQueue method processRequest.

/**
 * Processes requests for both HTTP <code>GET</code> and <code>POST</code>
 * methods.
 *
 * @param request servlet request
 * @param response servlet response
 * @throws ServletException if a servlet-specific error occurs
 * @throws IOException if an I/O error occurs
 */
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, CerberusException, JSONException {
    JSONObject jsonResponse = new JSONObject();
    JSONObject executionQueue = new JSONObject();
    ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
    Answer ans = new Answer();
    AnswerItem ansItem = new AnswerItem();
    MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
    msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
    ans.setResultMessage(msg);
    PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
    String charset = request.getCharacterEncoding();
    response.setContentType("application/json");
    // Calling Servlet Transversal Util.
    ServletUtil.servletStart(request);
    /**
     * Parsing and securing all required parameters.
     */
    // Parameter that are already controled by GUI (no need to decode) --> We SECURE them
    String actionState = policy.sanitize(request.getParameter("actionState"));
    String actionSave = policy.sanitize(request.getParameter("actionSave"));
    String environment = policy.sanitize(request.getParameter("environment"));
    String country = policy.sanitize(request.getParameter("country"));
    String manualEnvData = policy.sanitize(request.getParameter("manualEnvData"));
    // Parameter that needs to be secured --> We SECURE+DECODE them
    String test = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("test"), "", charset);
    String testcase = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("testCase"), "", charset);
    int manualURL = ParameterParserUtil.parseIntegerParamAndDecode(request.getParameter("manualURL"), 0, charset);
    String manualHost = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("manualHost"), "", charset);
    String manualContextRoot = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("manualContextRoot"), "", charset);
    String manualLoginRelativeURL = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("manualLoginRelativeURL"), "", charset);
    String tag = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("tag"), "", charset);
    String robot = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("robot"), "", charset);
    String robotIP = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("robotIP"), "", charset);
    String robotPort = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("robotPort"), "", charset);
    String browser = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("browser"), "", charset);
    String browserVersion = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("browserVersion"), "", charset);
    String platform = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("platform"), "", charset);
    String screenSize = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("screenSize"), "", charset);
    int verbose = ParameterParserUtil.parseIntegerParamAndDecode(request.getParameter("verbose"), 1, charset);
    int screenshot = ParameterParserUtil.parseIntegerParamAndDecode(request.getParameter("screenshot"), 0, charset);
    int pageSource = ParameterParserUtil.parseIntegerParamAndDecode(request.getParameter("pageSource"), 0, charset);
    int seleniumLog = ParameterParserUtil.parseIntegerParamAndDecode(request.getParameter("seleniumLog"), 0, charset);
    String timeout = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("timeout"), "", charset);
    int retries = ParameterParserUtil.parseIntegerParamAndDecode(request.getParameter("retries"), 0, charset);
    String manualExecution = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("manualExecution"), "", charset);
    String debugFlag = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("debugFlag"), "N", charset);
    // Parameter that we cannot secure as we need the html --> We DECODE them
    String[] myIds = request.getParameterValues("id");
    if (myIds == null) {
        myIds = new String[1];
        myIds[0] = "0";
    }
    long id = 0;
    Integer priority = TestCaseExecutionQueue.PRIORITY_DEFAULT;
    boolean prio_error = false;
    try {
        if (request.getParameter("priority") != null && !request.getParameter("priority").equals("")) {
            priority = Integer.valueOf(policy.sanitize(request.getParameter("priority")));
        }
    } catch (Exception ex) {
        prio_error = true;
    }
    boolean id_error = false;
    IExecutionThreadPoolService executionThreadPoolService = appContext.getBean(IExecutionThreadPoolService.class);
    // Create Tag when exist.
    if (!StringUtil.isNullOrEmpty(tag)) {
        // We create or update it.
        ITagService tagService = appContext.getBean(ITagService.class);
        tagService.createAuto(tag, "", request.getRemoteUser());
    }
    // Prepare the final answer.
    MessageEvent msg1 = new MessageEvent(MessageEventEnum.GENERIC_OK);
    Answer finalAnswer = new Answer(msg1);
    List<TestCaseExecutionQueue> insertedList = new ArrayList();
    for (String myId : myIds) {
        id_error = false;
        id = 0;
        try {
            id = Long.valueOf(myId);
        } catch (NumberFormatException ex) {
            id_error = true;
        }
        /**
         * Checking all constrains before calling the services.
         */
        if (id_error) {
            msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
            msg.setDescription(msg.getDescription().replace("%ITEM%", "Execution Queue").replace("%OPERATION%", "Update").replace("%REASON%", "Could not manage to convert id to an integer value."));
            ans.setResultMessage(msg);
            finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) ans);
        } else if (prio_error || priority > 2147483647 || priority < -2147483648) {
            msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
            msg.setDescription(msg.getDescription().replace("%ITEM%", "Execution Queue").replace("%OPERATION%", "Update").replace("%REASON%", "Could not manage to convert priority to an integer value."));
            ans.setResultMessage(msg);
            finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) ans);
        } else {
            try {
                /**
                 * All data seems cleans so we can call the services.
                 */
                ITestCaseExecutionQueueService executionQueueService = appContext.getBean(ITestCaseExecutionQueueService.class);
                IFactoryTestCaseExecutionQueue executionQueueFactory = appContext.getBean(IFactoryTestCaseExecutionQueue.class);
                if (actionSave.equals("save")) {
                    /**
                     * The service was able to perform the query and confirm
                     * the object exist, then we can update it.
                     */
                    TestCaseExecutionQueue executionQueueData;
                    if (id == 0) {
                        // If id is not defined, we build the execution queue from all request datas.
                        executionQueueData = executionQueueFactory.create(test, testcase, country, environment, robot, robotIP, robotPort, browser, browserVersion, platform, screenSize, manualURL, manualHost, manualContextRoot, manualLoginRelativeURL, manualEnvData, tag, screenshot, verbose, timeout, pageSource, seleniumLog, 0, retries, manualExecution, priority, request.getRemoteUser(), null, null, null);
                        executionQueueData.setDebugFlag(debugFlag);
                    } else {
                        // If id is defined, we get the execution queue from database.
                        executionQueueData = executionQueueService.convert(executionQueueService.readByKey(id));
                        executionQueueData.setState(TestCaseExecutionQueue.State.QUEUED);
                        executionQueueData.setComment("");
                        executionQueueData.setDebugFlag("N");
                        executionQueueData.setPriority(TestCaseExecutionQueue.PRIORITY_DEFAULT);
                        executionQueueData.setUsrCreated(request.getRemoteUser());
                    }
                    ansItem = executionQueueService.create(executionQueueData);
                    finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) ansItem);
                    if (ansItem.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) {
                        TestCaseExecutionQueue addedExecution = (TestCaseExecutionQueue) ansItem.getItem();
                        insertedList.add(addedExecution);
                    }
                    if (myIds.length <= 1) {
                        if (ansItem.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) {
                            /**
                             * Update was successful. Adding Log entry.
                             */
                            ILogEventService logEventService = appContext.getBean(LogEventService.class);
                            logEventService.createForPrivateCalls("/CreateTestCaseExecutionQueue", "CREATE", "Created ExecutionQueue : ['" + id + "']", request);
                        }
                    }
                }
            } catch (FactoryCreationException ex) {
                LOG.warn(ex);
            }
        }
    }
    // Update is done, we now check what action needs to be performed.
    if (actionState.equals("toQUEUED")) {
        executionThreadPoolService.executeNextInQueueAsynchroneously(false);
    }
    /**
     * Formating and returning the json result.
     */
    jsonResponse.put("messageType", finalAnswer.getResultMessage().getMessage().getCodeString());
    jsonResponse.put("message", finalAnswer.getResultMessage().getDescription());
    if (insertedList.isEmpty()) {
        jsonResponse.put("addedEntries", 0);
    } else {
        JSONArray executionList = new JSONArray();
        for (TestCaseExecutionQueue testCaseExecutionQueue : insertedList) {
            JSONObject myExecution = new JSONObject();
            myExecution.append("id", testCaseExecutionQueue.getId());
            executionList.put(myExecution);
        }
        jsonResponse.put("testCaseExecutionQueueList", executionList);
        jsonResponse.put("addedEntries", insertedList.size());
    }
    response.getWriter().print(jsonResponse);
    response.getWriter().flush();
}
Also used : PolicyFactory(org.owasp.html.PolicyFactory) MessageEvent(org.cerberus.engine.entity.MessageEvent) ArrayList(java.util.ArrayList) ILogEventService(org.cerberus.crud.service.ILogEventService) LogEventService(org.cerberus.crud.service.impl.LogEventService) FactoryCreationException(org.cerberus.exception.FactoryCreationException) ApplicationContext(org.springframework.context.ApplicationContext) ILogEventService(org.cerberus.crud.service.ILogEventService) TestCaseExecutionQueue(org.cerberus.crud.entity.TestCaseExecutionQueue) IFactoryTestCaseExecutionQueue(org.cerberus.crud.factory.IFactoryTestCaseExecutionQueue) ITestCaseExecutionQueueService(org.cerberus.crud.service.ITestCaseExecutionQueueService) JSONArray(org.json.JSONArray) AnswerItem(org.cerberus.util.answer.AnswerItem) ServletException(javax.servlet.ServletException) JSONException(org.json.JSONException) FactoryCreationException(org.cerberus.exception.FactoryCreationException) IOException(java.io.IOException) CerberusException(org.cerberus.exception.CerberusException) IFactoryTestCaseExecutionQueue(org.cerberus.crud.factory.IFactoryTestCaseExecutionQueue) Answer(org.cerberus.util.answer.Answer) JSONObject(org.json.JSONObject) IExecutionThreadPoolService(org.cerberus.engine.threadpool.IExecutionThreadPoolService) ITagService(org.cerberus.crud.service.ITagService)

Example 3 with LogEventService

use of org.cerberus.crud.service.impl.LogEventService in project cerberus-source by cerberustesting.

the class UpdateUser method doPost.

@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, IndexOutOfBoundsException {
    // TODO create class Validator to validate all parameter from page
    JSONObject jsonResponse = new JSONObject();
    MessageEvent msg1 = new MessageEvent(MessageEventEnum.GENERIC_OK);
    Answer ans = new Answer();
    Answer finalAnswer = new Answer(msg1);
    MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
    msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
    ans.setResultMessage(msg);
    String id = request.getParameter("id");
    String login = request.getParameter("login");
    String name = request.getParameter("name");
    String email = request.getParameter("email");
    String team = request.getParameter("team");
    String systems = request.getParameter("systems");
    String requests = request.getParameter("request");
    String groups = request.getParameter("groups");
    String defaultSystem = request.getParameter("defaultSystem");
    if (StringUtil.isNullOrEmpty(login) || StringUtil.isNullOrEmpty(id)) {
        msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
        msg.setDescription(msg.getDescription().replace("%ITEM%", "User").replace("%OPERATION%", "Update").replace("%REASON%", "User login is missing."));
        ans.setResultMessage(msg);
    } else {
        LOG.info("Updating user " + login);
        ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
        IUserService userService = appContext.getBean(UserService.class);
        IUserGroupService userGroupService = appContext.getBean(UserGroupService.class);
        IFactoryUserSystem userSystemFactory = appContext.getBean(IFactoryUserSystem.class);
        IUserSystemService userSystemService = appContext.getBean(IUserSystemService.class);
        IFactoryUserGroup factoryGroup = new FactoryUserGroup();
        User myUser;
        List<UserGroup> newGroups = null;
        List<UserSystem> newSystems = null;
        try {
            myUser = userService.findUserByKey(id);
            List<String> listGroup = new ArrayList<String>();
            JSONArray GroupArray = new JSONArray(request.getParameter("groups"));
            for (int i = 0; i < GroupArray.length(); i++) {
                listGroup.add(GroupArray.getString(i));
            }
            newGroups = new ArrayList<UserGroup>();
            for (String group : listGroup) {
                newGroups.add(factoryGroup.create(group));
            }
            myUser.setLogin(login);
            myUser.setName(name);
            myUser.setTeam(team);
            newSystems = new ArrayList<UserSystem>();
            JSONArray SystemArray = new JSONArray(request.getParameter("systems"));
            List<String> listSystem = new ArrayList<String>();
            for (int i = 0; i < SystemArray.length(); i++) {
                listSystem.add(SystemArray.getString(i));
            }
            for (String system : listSystem) {
                newSystems.add(userSystemFactory.create(login, system));
            }
            myUser.setDefaultSystem(defaultSystem);
            myUser.setRequest(requests);
            myUser.setEmail(email);
            try {
                ans = userService.update(myUser);
                AnswerUtil.agregateAnswer(finalAnswer, (Answer) ans);
                if (ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) {
                    /**
                     * Update was successful. Adding Log entry.
                     */
                    ILogEventService logEventService = appContext.getBean(LogEventService.class);
                    logEventService.createForPrivateCalls("/UpdateUser", "UPDATE", "Updated user : " + login, request);
                    if (!newGroups.isEmpty()) {
                        userGroupService.updateUserGroups(myUser, newGroups);
                        /**
                         * Adding Log entry.
                         */
                        logEventService = appContext.getBean(LogEventService.class);
                        logEventService.createForPrivateCalls("/UpdateUser", "UPDATE", "Updated user groups : " + login, request);
                    }
                    if (!newSystems.isEmpty()) {
                        request.getSession().setAttribute("MySystem", newSystems.get(0).getSystem());
                        userSystemService.updateUserSystems(myUser, newSystems);
                        /**
                         * Adding Log entry.
                         */
                        logEventService = appContext.getBean(LogEventService.class);
                        logEventService.createForPrivateCalls("/UpdateUser", "UPDATE", "Updated user system : " + login, request);
                    }
                }
                /**
                 * Adding Log entry.
                 */
                finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) ans);
                AnswerUtil.agregateAnswer(finalAnswer, (Answer) ans);
                jsonResponse.put("messageType", finalAnswer.getResultMessage().getMessage().getCodeString());
                jsonResponse.put("message", finalAnswer.getResultMessage().getDescription());
                response.getWriter().print(jsonResponse);
            } catch (CerberusException ex) {
                response.getWriter().print(ex.getMessageError().getDescription());
            }
        } catch (CerberusException ex) {
            response.getWriter().print(ex.getMessageError().getDescription());
        } catch (JSONException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
    }
}
Also used : User(org.cerberus.crud.entity.User) UserSystem(org.cerberus.crud.entity.UserSystem) IFactoryUserSystem(org.cerberus.crud.factory.IFactoryUserSystem) MessageEvent(org.cerberus.engine.entity.MessageEvent) ArrayList(java.util.ArrayList) ILogEventService(org.cerberus.crud.service.ILogEventService) LogEventService(org.cerberus.crud.service.impl.LogEventService) IUserGroupService(org.cerberus.crud.service.IUserGroupService) FactoryUserGroup(org.cerberus.crud.factory.impl.FactoryUserGroup) IFactoryUserGroup(org.cerberus.crud.factory.IFactoryUserGroup) UserGroup(org.cerberus.crud.entity.UserGroup) ApplicationContext(org.springframework.context.ApplicationContext) IFactoryUserSystem(org.cerberus.crud.factory.IFactoryUserSystem) ILogEventService(org.cerberus.crud.service.ILogEventService) IUserSystemService(org.cerberus.crud.service.IUserSystemService) CerberusException(org.cerberus.exception.CerberusException) JSONArray(org.json.JSONArray) JSONException(org.json.JSONException) FactoryUserGroup(org.cerberus.crud.factory.impl.FactoryUserGroup) IFactoryUserGroup(org.cerberus.crud.factory.IFactoryUserGroup) Answer(org.cerberus.util.answer.Answer) JSONObject(org.json.JSONObject) IUserService(org.cerberus.crud.service.IUserService) IFactoryUserGroup(org.cerberus.crud.factory.IFactoryUserGroup)

Example 4 with LogEventService

use of org.cerberus.crud.service.impl.LogEventService in project cerberus-source by cerberustesting.

the class DeleteInvariant method processRequest.

/**
 * Processes requests for both HTTP <code>GET</code> and <code>POST</code>
 * methods.
 *
 * @param request servlet request
 * @param response servlet response
 * @throws ServletException if a servlet-specific error occurs
 * @throws IOException if an I/O error occurs
 */
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, CerberusException, JSONException {
    JSONObject jsonResponse = new JSONObject();
    Answer ans = new Answer();
    MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
    msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
    ans.setResultMessage(msg);
    PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
    String charset = request.getCharacterEncoding();
    response.setContentType("application/json");
    String id = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("idName"), "", charset);
    String value = request.getParameter("value");
    boolean userHasPermissions = request.isUserInRole("Administrator");
    /**
     * Checking all constrains before calling the services.
     */
    if (StringUtil.isNullOrEmpty(id)) {
        msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
        msg.setDescription(msg.getDescription().replace("%ITEM%", "Invariant").replace("%OPERATION%", "Delete").replace("%REASON%", "Invariant name is missing!"));
        ans.setResultMessage(msg);
    } else if (!userHasPermissions) {
        msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
        msg.setDescription(msg.getDescription().replace("%ITEM%", "Invariant").replace("%OPERATION%", "Delete").replace("%REASON%", "You don't have the right to do that"));
        ans.setResultMessage(msg);
    } else {
        /**
         * All data seems cleans so we can call the services.
         */
        ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
        IInvariantService invariantService = appContext.getBean(IInvariantService.class);
        Invariant invariantData = invariantService.convert(invariantService.readByKey(id, value));
        if (invariantService.hasPermissionsDelete(invariantData, request)) {
            ans = invariantService.delete(invariantData);
            if (ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) {
                /**
                 * Object updated. Adding Log entry.
                 */
                ILogEventService logEventService = appContext.getBean(LogEventService.class);
                logEventService.createForPrivateCalls("/DeleteInvariant2", "DELETE", "Delete Invariant : ['" + id + "']", request);
            }
        } else {
            msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
            msg.setDescription(msg.getDescription().replace("%ITEM%", "Invariant").replace("%OPERATION%", "Delete").replace("%REASON%", "You don't have the right to do that."));
            ans.setResultMessage(msg);
        }
    }
    /**
     * Formating and returning the json result.
     */
    jsonResponse.put("messageType", ans.getResultMessage().getMessage().getCodeString());
    jsonResponse.put("message", ans.getResultMessage().getDescription());
    response.getWriter().print(jsonResponse.toString());
    response.getWriter().flush();
}
Also used : Answer(org.cerberus.util.answer.Answer) Invariant(org.cerberus.crud.entity.Invariant) ApplicationContext(org.springframework.context.ApplicationContext) JSONObject(org.json.JSONObject) PolicyFactory(org.owasp.html.PolicyFactory) MessageEvent(org.cerberus.engine.entity.MessageEvent) IInvariantService(org.cerberus.crud.service.IInvariantService) LogEventService(org.cerberus.crud.service.impl.LogEventService) ILogEventService(org.cerberus.crud.service.ILogEventService) ILogEventService(org.cerberus.crud.service.ILogEventService)

Example 5 with LogEventService

use of org.cerberus.crud.service.impl.LogEventService in project cerberus-source by cerberustesting.

the class UpdateApplicationObject method processRequest.

/**
 * Processes requests for both HTTP <code>GET</code> and <code>POST</code>
 * methods.
 *
 * @param request servlet request
 * @param response servlet response
 * @throws ServletException if a servlet-specific error occurs
 * @throws IOException if an I/O error occurs
 */
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, CerberusException, JSONException {
    JSONObject jsonResponse = new JSONObject();
    ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
    Answer ans = new Answer();
    MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
    msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
    ans.setResultMessage(msg);
    String charset = request.getCharacterEncoding();
    response.setContentType("application/json");
    // Calling Servlet Transversal Util.
    ServletUtil.servletStart(request);
    Map<String, String> fileData = new HashMap<String, String>();
    FileItem file = null;
    FileItemFactory factory = new DiskFileItemFactory();
    ServletFileUpload upload = new ServletFileUpload(factory);
    try {
        List<FileItem> fields = upload.parseRequest(request);
        Iterator<FileItem> it = fields.iterator();
        if (!it.hasNext()) {
            return;
        }
        while (it.hasNext()) {
            FileItem fileItem = it.next();
            boolean isFormField = fileItem.isFormField();
            if (isFormField) {
                fileData.put(fileItem.getFieldName(), fileItem.getString("UTF-8"));
            } else {
                file = fileItem;
            }
        }
    } catch (FileUploadException e) {
        e.printStackTrace();
    }
    /**
     * Parsing and securing all required parameters.
     */
    // Parameter that are already controled by GUI (no need to decode) --> We SECURE them
    // Parameter that needs to be secured --> We SECURE+DECODE them
    String application = ParameterParserUtil.parseStringParamAndDecode(fileData.get("application"), null, charset);
    String object = ParameterParserUtil.parseStringParamAndDecode(fileData.get("object"), null, charset);
    String value = ParameterParserUtil.parseStringParam(fileData.get("value"), null);
    String usrmodif = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getRemoteUser(), "", charset);
    String datemodif = new Timestamp(new java.util.Date().getTime()).toString();
    // Parameter that we cannot secure as we need the html --> We DECODE them
    // Getting list of application from JSON Call
    // Prepare the final answer.
    MessageEvent msg1 = new MessageEvent(MessageEventEnum.GENERIC_OK);
    Answer finalAnswer = new Answer(msg1);
    /**
     * Checking all constrains before calling the services.
     */
    if (StringUtil.isNullOrEmpty(application)) {
        msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
        msg.setDescription(msg.getDescription().replace("%ITEM%", "ApplicationObject").replace("%OPERATION%", "Update").replace("%REASON%", "Application name (applicationobject) is missing."));
        ans.setResultMessage(msg);
    } else if (StringUtil.isNullOrEmpty(object)) {
        msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
        msg.setDescription(msg.getDescription().replace("%ITEM%", "ApplicationObject").replace("%OPERATION%", "Update").replace("%REASON%", "Object name (applicationobject) is missing."));
        ans.setResultMessage(msg);
    } else {
        /**
         * All data seems cleans so we can call the services.
         */
        IApplicationObjectService applicationObjectService = appContext.getBean(IApplicationObjectService.class);
        AnswerItem resp = applicationObjectService.readByKey(application, object);
        if (!(resp.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode()) && resp.getItem() != null)) {
            /**
             * Object could not be found. We stop here and report the error.
             */
            finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) resp);
        } else {
            /**
             * The service was able to perform the query and confirm the
             * object exist, then we can update it.
             */
            ApplicationObject applicationData = (ApplicationObject) resp.getItem();
            String fileName = applicationData.getScreenShotFileName();
            if (file != null) {
                ans = applicationObjectService.uploadFile(applicationData.getID(), file);
                if (ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) {
                    fileName = file.getName();
                }
            }
            applicationData.setValue(value);
            applicationData.setScreenShotFileName(fileName);
            applicationData.setUsrModif(usrmodif);
            applicationData.setDateModif(datemodif);
            ans = applicationObjectService.update(applicationData.getApplication(), applicationData.getObject(), applicationData);
            finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) ans);
            if (ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) {
                /**
                 * Update was successful. Adding Log entry.
                 */
                ILogEventService logEventService = appContext.getBean(LogEventService.class);
                logEventService.createForPrivateCalls("/UpdateApplication", "UPDATE", "Updated Application : ['" + application + "']", request);
            }
            finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) ans);
        }
    }
    /**
     * Formating and returning the json result.
     */
    jsonResponse.put("messageType", finalAnswer.getResultMessage().getMessage().getCodeString());
    jsonResponse.put("message", finalAnswer.getResultMessage().getDescription());
    response.getWriter().print(jsonResponse);
    response.getWriter().flush();
}
Also used : MessageEvent(org.cerberus.engine.entity.MessageEvent) ApplicationObject(org.cerberus.crud.entity.ApplicationObject) ILogEventService(org.cerberus.crud.service.ILogEventService) LogEventService(org.cerberus.crud.service.impl.LogEventService) IApplicationObjectService(org.cerberus.crud.service.IApplicationObjectService) DiskFileItemFactory(org.apache.commons.fileupload.disk.DiskFileItemFactory) Timestamp(java.sql.Timestamp) AnswerItem(org.cerberus.util.answer.AnswerItem) FileItemFactory(org.apache.commons.fileupload.FileItemFactory) DiskFileItemFactory(org.apache.commons.fileupload.disk.DiskFileItemFactory) Answer(org.cerberus.util.answer.Answer) FileItem(org.apache.commons.fileupload.FileItem) ApplicationContext(org.springframework.context.ApplicationContext) ServletFileUpload(org.apache.commons.fileupload.servlet.ServletFileUpload) JSONObject(org.json.JSONObject) java.util(java.util) ILogEventService(org.cerberus.crud.service.ILogEventService) FileUploadException(org.apache.commons.fileupload.FileUploadException)

Aggregations

LogEventService (org.cerberus.crud.service.impl.LogEventService)14 JSONObject (org.json.JSONObject)14 ILogEventService (org.cerberus.crud.service.ILogEventService)13 MessageEvent (org.cerberus.engine.entity.MessageEvent)13 Answer (org.cerberus.util.answer.Answer)13 ApplicationContext (org.springframework.context.ApplicationContext)13 PolicyFactory (org.owasp.html.PolicyFactory)11 AnswerItem (org.cerberus.util.answer.AnswerItem)10 JSONArray (org.json.JSONArray)6 ArrayList (java.util.ArrayList)5 JSONException (org.json.JSONException)5 CerberusException (org.cerberus.exception.CerberusException)4 IOException (java.io.IOException)3 HashMap (java.util.HashMap)3 List (java.util.List)3 ServletException (javax.servlet.ServletException)3 FileItem (org.apache.commons.fileupload.FileItem)3 FileItemFactory (org.apache.commons.fileupload.FileItemFactory)3 FileUploadException (org.apache.commons.fileupload.FileUploadException)3 DiskFileItemFactory (org.apache.commons.fileupload.disk.DiskFileItemFactory)3