package org.sonar.server.authentication;

import javax.servlet.FilterChain;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.assertj.core.api.Assertions;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.mockito.Mockito;
import org.sonar.api.server.authentication.BaseIdentityProvider;
import org.sonar.api.server.authentication.Display;
import org.sonar.api.server.authentication.IdentityProvider;
import org.sonar.api.server.authentication.OAuth2IdentityProvider;
import org.sonar.api.utils.log.LogTester;
import org.sonar.api.utils.log.LoggerLevel;

/* loaded from: input_file:org/sonar/server/authentication/InitFilterTest.class */
public class InitFilterTest {
    static String OAUTH2_PROVIDER_KEY = "github";
    static String BASIC_PROVIDER_KEY = "openid";

    @Rule
    public LogTester logTester = new LogTester();

    @Rule
    public ExpectedException thrown = ExpectedException.none();

    @Rule
    public IdentityProviderRepositoryRule identityProviderRepository = new IdentityProviderRepositoryRule();
    BaseContextFactory baseContextFactory = (BaseContextFactory) Mockito.mock(BaseContextFactory.class);
    OAuth2ContextFactory oAuth2ContextFactory = (OAuth2ContextFactory) Mockito.mock(OAuth2ContextFactory.class);
    HttpServletRequest request = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
    HttpServletResponse response = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
    FilterChain chain = (FilterChain) Mockito.mock(FilterChain.class);
    FakeOAuth2IdentityProvider oAuth2IdentityProvider = new FakeOAuth2IdentityProvider(OAUTH2_PROVIDER_KEY, true);
    OAuth2IdentityProvider.InitContext oauth2Context = (OAuth2IdentityProvider.InitContext) Mockito.mock(OAuth2IdentityProvider.InitContext.class);
    FakeBasicIdentityProvider baseIdentityProvider = new FakeBasicIdentityProvider(BASIC_PROVIDER_KEY, true);
    BaseIdentityProvider.Context baseContext = (BaseIdentityProvider.Context) Mockito.mock(BaseIdentityProvider.Context.class);
    InitFilter underTest = new InitFilter(this.identityProviderRepository, this.baseContextFactory, this.oAuth2ContextFactory);

    /* loaded from: input_file:org/sonar/server/authentication/InitFilterTest$FailWithEmailAlreadyExistsExceptionIdProvider.class */
    private static class FailWithEmailAlreadyExistsExceptionIdProvider extends FakeBasicIdentityProvider {
        public FailWithEmailAlreadyExistsExceptionIdProvider(String str) {
            super(str, true);
        }

        @Override // org.sonar.server.authentication.FakeBasicIdentityProvider
        public void init(BaseIdentityProvider.Context context) {
            throw new EmailAlreadyExistsException("john@email.com");
        }
    }

    /* loaded from: input_file:org/sonar/server/authentication/InitFilterTest$FailWithNotAllowUserToSignUpIdProvider.class */
    private static class FailWithNotAllowUserToSignUpIdProvider extends FakeBasicIdentityProvider {
        public FailWithNotAllowUserToSignUpIdProvider(String str) {
            super(str, true);
        }

        @Override // org.sonar.server.authentication.TestIdentityProvider
        public String getName() {
            return "Failing provider";
        }

        @Override // org.sonar.server.authentication.FakeBasicIdentityProvider
        public void init(BaseIdentityProvider.Context context) {
            throw new NotAllowUserToSignUpException(this);
        }
    }

    @Before
    public void setUp() throws Exception {
        Mockito.when(this.oAuth2ContextFactory.newContext(this.request, this.response, this.oAuth2IdentityProvider)).thenReturn(this.oauth2Context);
        Mockito.when(this.baseContextFactory.newContext(this.request, this.response, this.baseIdentityProvider)).thenReturn(this.baseContext);
    }

    @Test
    public void do_get_pattern() throws Exception {
        Assertions.assertThat(this.underTest.doGetPattern()).isNotNull();
    }

    @Test
    public void do_filter_on_auth2_identity_provider() throws Exception {
        Mockito.when(this.request.getRequestURI()).thenReturn("/sessions/init/" + OAUTH2_PROVIDER_KEY);
        this.identityProviderRepository.addIdentityProvider(this.oAuth2IdentityProvider);
        this.underTest.doFilter(this.request, this.response, this.chain);
        assertOAuth2InitCalled();
    }

    @Test
    public void do_filter_on_basic_identity_provider() throws Exception {
        Mockito.when(this.request.getRequestURI()).thenReturn("/sessions/init/" + BASIC_PROVIDER_KEY);
        this.identityProviderRepository.addIdentityProvider(this.baseIdentityProvider);
        this.underTest.doFilter(this.request, this.response, this.chain);
        assertBasicInitCalled();
    }

    @Test
    public void fail_if_identity_provider_key_is_empty() throws Exception {
        Mockito.when(this.request.getRequestURI()).thenReturn("/sessions/init/");
        this.underTest.doFilter(this.request, this.response, this.chain);
        assertError("Fail to initialize authentication with provider ''");
    }

    @Test
    public void fail_if_identity_provider_class_is_unsuported() throws Exception {
        Mockito.when(this.request.getRequestURI()).thenReturn("/sessions/init/unsupported");
        this.identityProviderRepository.addIdentityProvider(new IdentityProvider() { // from class: org.sonar.server.authentication.InitFilterTest.1
            public String getKey() {
                return "unsupported";
            }

            public String getName() {
                return null;
            }

            public Display getDisplay() {
                return null;
            }

            public boolean isEnabled() {
                return true;
            }

            public boolean allowsUsersToSignUp() {
                return false;
            }
        });
        this.underTest.doFilter(this.request, this.response, this.chain);
        assertError("Fail to initialize authentication with provider 'unsupported'");
    }

    @Test
    public void redirect_when_failing_because_of_NotAllowUserToSignUpException() throws Exception {
        FailWithNotAllowUserToSignUpIdProvider failWithNotAllowUserToSignUpIdProvider = new FailWithNotAllowUserToSignUpIdProvider("failing");
        Mockito.when(this.request.getRequestURI()).thenReturn("/sessions/init/" + failWithNotAllowUserToSignUpIdProvider.getKey());
        this.identityProviderRepository.addIdentityProvider(failWithNotAllowUserToSignUpIdProvider);
        this.underTest.doFilter(this.request, this.response, this.chain);
        ((HttpServletResponse) Mockito.verify(this.response)).sendRedirect("/sessions/not_allowed_to_sign_up?providerName=Failing provider");
    }

    @Test
    public void redirect_when_failing_because_of_EmailAlreadyExistsException() throws Exception {
        FailWithEmailAlreadyExistsExceptionIdProvider failWithEmailAlreadyExistsExceptionIdProvider = new FailWithEmailAlreadyExistsExceptionIdProvider("failing");
        Mockito.when(this.request.getRequestURI()).thenReturn("/sessions/init/" + failWithEmailAlreadyExistsExceptionIdProvider.getKey());
        this.identityProviderRepository.addIdentityProvider(failWithEmailAlreadyExistsExceptionIdProvider);
        this.underTest.doFilter(this.request, this.response, this.chain);
        ((HttpServletResponse) Mockito.verify(this.response)).sendRedirect("/sessions/email_already_exists?email=john@email.com");
    }

    private void assertOAuth2InitCalled() {
        Assertions.assertThat(this.logTester.logs(LoggerLevel.ERROR)).isEmpty();
        Assertions.assertThat(this.oAuth2IdentityProvider.isInitCalled()).isTrue();
    }

    private void assertBasicInitCalled() {
        Assertions.assertThat(this.logTester.logs(LoggerLevel.ERROR)).isEmpty();
        Assertions.assertThat(this.baseIdentityProvider.isInitCalled()).isTrue();
    }

    private void assertError(String str) throws Exception {
        Assertions.assertThat(this.logTester.logs(LoggerLevel.ERROR)).contains(new String[]{str});
        ((HttpServletResponse) Mockito.verify(this.response)).sendRedirect("/sessions/unauthorized");
        Assertions.assertThat(this.oAuth2IdentityProvider.isInitCalled()).isFalse();
    }
}
