package org.sonar.server.authentication;

import com.google.common.collect.Sets;
import java.util.Collections;
import java.util.HashSet;
import javax.servlet.http.HttpSession;
import org.assertj.core.api.Assertions;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.mockito.Mockito;
import org.sonar.api.config.Settings;
import org.sonar.api.server.authentication.UnauthorizedException;
import org.sonar.api.server.authentication.UserIdentity;
import org.sonar.api.utils.System2;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.DbTester;
import org.sonar.db.user.GroupDao;
import org.sonar.db.user.GroupDto;
import org.sonar.db.user.UserDao;
import org.sonar.db.user.UserDto;
import org.sonar.db.user.UserGroupDto;
import org.sonar.db.user.UserTesting;
import org.sonar.server.user.NewUserNotifier;
import org.sonar.server.user.UserUpdater;
import org.sonar.server.user.index.UserIndexer;

/* loaded from: input_file:org/sonar/server/authentication/UserIdentityAuthenticatorTest.class */
public class UserIdentityAuthenticatorTest {
    static String USER_LOGIN = "github-johndoo";
    static String DEFAULT_GROUP = "default";
    static UserIdentity USER_IDENTITY = UserIdentity.builder().setProviderLogin("johndoo").setLogin(USER_LOGIN).setName("John").setEmail("john@email.com").build();
    static TestIdentityProvider IDENTITY_PROVIDER = new TestIdentityProvider().setKey("github").setEnabled(true).setAllowsUsersToSignUp(true);

    @Rule
    public ExpectedException thrown = ExpectedException.none();
    System2 system2 = (System2) Mockito.mock(System2.class);

    @Rule
    public DbTester dbTester = DbTester.create(this.system2);
    DbClient dbClient = this.dbTester.getDbClient();
    DbSession dbSession = this.dbTester.getSession();
    UserDao userDao = this.dbClient.userDao();
    GroupDao groupDao = this.dbClient.groupDao();
    Settings settings = new Settings();
    HttpSession httpSession = (HttpSession) Mockito.mock(HttpSession.class);
    UserUpdater userUpdater = new UserUpdater((NewUserNotifier) Mockito.mock(NewUserNotifier.class), this.settings, this.dbClient, (UserIndexer) Mockito.mock(UserIndexer.class), this.system2);
    UserIdentityAuthenticator underTest = new UserIdentityAuthenticator(this.dbClient, this.userUpdater);

    @Before
    public void setUp() throws Exception {
        this.settings.setProperty("sonar.defaultGroup", DEFAULT_GROUP);
        addGroup(DEFAULT_GROUP);
    }

    @Test
    public void authenticate_new_user() throws Exception {
        this.underTest.authenticate(USER_IDENTITY, IDENTITY_PROVIDER, this.httpSession);
        this.dbSession.commit();
        UserDto selectByLogin = this.userDao.selectByLogin(this.dbSession, USER_LOGIN);
        Assertions.assertThat(selectByLogin).isNotNull();
        Assertions.assertThat(selectByLogin.isActive()).isTrue();
        Assertions.assertThat(selectByLogin.getName()).isEqualTo("John");
        Assertions.assertThat(selectByLogin.getEmail()).isEqualTo("john@email.com");
        Assertions.assertThat(selectByLogin.getExternalIdentity()).isEqualTo("johndoo");
        Assertions.assertThat(selectByLogin.getExternalIdentityProvider()).isEqualTo("github");
        verifyUserGroups(USER_LOGIN, DEFAULT_GROUP);
    }

    @Test
    public void authenticate_new_user_with_groups() throws Exception {
        addGroup("group1");
        addGroup("group2");
        this.underTest.authenticate(UserIdentity.builder().setProviderLogin("johndoo").setLogin(USER_LOGIN).setName("John").setGroups(Sets.newHashSet(new String[]{"group1", "group2", "group3"})).build(), IDENTITY_PROVIDER, this.httpSession);
        this.dbSession.commit();
        Assertions.assertThat(this.userDao.selectByLogin(this.dbSession, USER_LOGIN)).isNotNull();
        verifyUserGroups(USER_LOGIN, "group1", "group2");
    }

    @Test
    public void authenticate_existing_user() throws Exception {
        this.userDao.insert(this.dbSession, new UserDto().setLogin(USER_LOGIN).setActive(true).setName("Old name").setEmail("Old email").setExternalIdentity("old identity").setExternalIdentityProvider("old provide"));
        this.dbSession.commit();
        this.underTest.authenticate(USER_IDENTITY, IDENTITY_PROVIDER, this.httpSession);
        this.dbSession.commit();
        UserDto selectByLogin = this.userDao.selectByLogin(this.dbSession, USER_LOGIN);
        Assertions.assertThat(selectByLogin).isNotNull();
        Assertions.assertThat(selectByLogin.isActive()).isTrue();
        Assertions.assertThat(selectByLogin.getName()).isEqualTo("John");
        Assertions.assertThat(selectByLogin.getEmail()).isEqualTo("john@email.com");
        Assertions.assertThat(selectByLogin.getExternalIdentity()).isEqualTo("johndoo");
        Assertions.assertThat(selectByLogin.getExternalIdentityProvider()).isEqualTo("github");
    }

    @Test
    public void authenticate_existing_disabled_user() throws Exception {
        this.userDao.insert(this.dbSession, new UserDto().setLogin(USER_LOGIN).setActive(false).setName("Old name").setEmail("Old email").setExternalIdentity("old identity").setExternalIdentityProvider("old provide"));
        this.dbSession.commit();
        this.underTest.authenticate(USER_IDENTITY, IDENTITY_PROVIDER, this.httpSession);
        this.dbSession.commit();
        UserDto selectByLogin = this.userDao.selectByLogin(this.dbSession, USER_LOGIN);
        Assertions.assertThat(selectByLogin).isNotNull();
        Assertions.assertThat(selectByLogin.isActive()).isTrue();
        Assertions.assertThat(selectByLogin.getName()).isEqualTo("John");
        Assertions.assertThat(selectByLogin.getEmail()).isEqualTo("john@email.com");
        Assertions.assertThat(selectByLogin.getExternalIdentity()).isEqualTo("johndoo");
        Assertions.assertThat(selectByLogin.getExternalIdentityProvider()).isEqualTo("github");
    }

    @Test
    public void authenticate_existing_user_and_add_new_groups() throws Exception {
        this.userDao.insert(this.dbSession, new UserDto().setLogin(USER_LOGIN).setActive(true).setName("John"));
        addGroup("group1");
        addGroup("group2");
        this.dbSession.commit();
        this.underTest.authenticate(UserIdentity.builder().setProviderLogin("johndoo").setLogin(USER_LOGIN).setName("John").setGroups(Sets.newHashSet(new String[]{"group1", "group2", "group3"})).build(), IDENTITY_PROVIDER, this.httpSession);
        this.dbSession.commit();
        Assertions.assertThat(new HashSet(this.dbClient.groupMembershipDao().selectGroupsByLogins(this.dbSession, Collections.singletonList(USER_LOGIN)).get(USER_LOGIN))).containsOnly(new String[]{"group1", "group2"});
    }

    @Test
    public void authenticate_existing_user_and_remove_groups() throws Exception {
        UserDto name = new UserDto().setLogin(USER_LOGIN).setActive(true).setName("John");
        this.userDao.insert(this.dbSession, name);
        GroupDto addGroup = addGroup("group1");
        GroupDto addGroup2 = addGroup("group2");
        this.dbClient.userGroupDao().insert(this.dbSession, new UserGroupDto().setUserId(name.getId()).setGroupId(addGroup.getId()));
        this.dbClient.userGroupDao().insert(this.dbSession, new UserGroupDto().setUserId(name.getId()).setGroupId(addGroup2.getId()));
        this.dbSession.commit();
        Assertions.assertThat(new HashSet(this.dbClient.groupMembershipDao().selectGroupsByLogins(this.dbSession, Collections.singletonList(USER_LOGIN)).get(USER_LOGIN))).containsOnly(new String[]{"group1", "group2"});
        this.underTest.authenticate(UserIdentity.builder().setProviderLogin("johndoo").setLogin(USER_LOGIN).setName("John").setGroups(Sets.newHashSet(new String[]{"group1"})).build(), IDENTITY_PROVIDER, this.httpSession);
        this.dbSession.commit();
        verifyUserGroups(USER_LOGIN, "group1");
    }

    @Test
    public void authenticate_existing_user_and_remove_all_groups() throws Exception {
        UserDto name = new UserDto().setLogin(USER_LOGIN).setActive(true).setName("John");
        this.userDao.insert(this.dbSession, name);
        GroupDto addGroup = addGroup("group1");
        GroupDto addGroup2 = addGroup("group2");
        this.dbClient.userGroupDao().insert(this.dbSession, new UserGroupDto().setUserId(name.getId()).setGroupId(addGroup.getId()));
        this.dbClient.userGroupDao().insert(this.dbSession, new UserGroupDto().setUserId(name.getId()).setGroupId(addGroup2.getId()));
        this.dbSession.commit();
        Assertions.assertThat(new HashSet(this.dbClient.groupMembershipDao().selectGroupsByLogins(this.dbSession, Collections.singletonList(USER_LOGIN)).get(USER_LOGIN))).containsOnly(new String[]{"group1", "group2"});
        this.underTest.authenticate(UserIdentity.builder().setProviderLogin("johndoo").setLogin(USER_LOGIN).setName("John").setGroups(Collections.emptySet()).build(), IDENTITY_PROVIDER, this.httpSession);
        this.dbSession.commit();
        verifyNoUserGroups(USER_LOGIN);
    }

    @Test
    public void update_session_for_rails() throws Exception {
        UserDto login = UserTesting.newUserDto().setLogin(USER_LOGIN);
        this.userDao.insert(this.dbSession, login);
        this.dbSession.commit();
        this.underTest.authenticate(USER_IDENTITY, IDENTITY_PROVIDER, this.httpSession);
        ((HttpSession) Mockito.verify(this.httpSession)).setAttribute("user_id", login.getId());
    }

    @Test
    public void fail_to_authenticate_new_user_when_allow_users_to_signup_is_false() throws Exception {
        TestIdentityProvider allowsUsersToSignUp = new TestIdentityProvider().setKey("github").setName("Github").setEnabled(true).setAllowsUsersToSignUp(false);
        this.thrown.expect(UnauthorizedException.class);
        this.thrown.expectMessage("'github' users are not allowed to sign up");
        this.underTest.authenticate(USER_IDENTITY, allowsUsersToSignUp, this.httpSession);
    }

    @Test
    public void fail_to_authenticate_new_user_when_email_already_exists() throws Exception {
        this.userDao.insert(this.dbSession, UserTesting.newUserDto().setLogin("Existing user with same email").setActive(true).setEmail("john@email.com"));
        this.dbSession.commit();
        this.thrown.expect(UnauthorizedException.class);
        this.thrown.expectMessage("You can't sign up because email 'john@email.com' is already used by an existing user. This means that you probably already registered with another account.");
        this.underTest.authenticate(USER_IDENTITY, IDENTITY_PROVIDER, this.httpSession);
    }

    private void verifyUserGroups(String str, String... strArr) {
        Assertions.assertThat(new HashSet(this.dbClient.groupMembershipDao().selectGroupsByLogins(this.dbSession, Collections.singletonList(USER_LOGIN)).get(str))).containsOnly(strArr);
    }

    private void verifyNoUserGroups(String str) {
        Assertions.assertThat(new HashSet(this.dbClient.groupMembershipDao().selectGroupsByLogins(this.dbSession, Collections.singletonList(USER_LOGIN)).get(str))).isEmpty();
    }

    private GroupDto addGroup(String str) {
        GroupDto name = new GroupDto().setName(str);
        this.groupDao.insert(this.dbSession, name);
        this.dbSession.commit();
        return name;
    }
}
