package org.sonar.server.user.ws;

import com.google.common.collect.Lists;
import org.assertj.core.api.Assertions;
import org.junit.After;
import org.junit.Before;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.mockito.Mockito;
import org.sonar.api.config.Settings;
import org.sonar.api.server.ws.WebService;
import org.sonar.api.utils.System2;
import org.sonar.db.Dao;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.DbTester;
import org.sonar.db.user.GroupDao;
import org.sonar.db.user.GroupDto;
import org.sonar.db.user.UserDao;
import org.sonar.db.user.UserGroupDao;
import org.sonar.server.es.EsTester;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.exceptions.NotFoundException;
import org.sonar.server.tester.UserSessionRule;
import org.sonar.server.user.ExternalIdentity;
import org.sonar.server.user.NewUser;
import org.sonar.server.user.NewUserNotifier;
import org.sonar.server.user.SecurityRealmFactory;
import org.sonar.server.user.UserUpdater;
import org.sonar.server.user.index.UserIndex;
import org.sonar.server.user.index.UserIndexDefinition;
import org.sonar.server.user.index.UserIndexer;
import org.sonar.server.ws.WsTester;

/* loaded from: input_file:org/sonar/server/user/ws/ChangePasswordActionTest.class */
public class ChangePasswordActionTest {
    WebService.Controller controller;
    WsTester tester;
    UserIndex index;
    DbClient dbClient;
    UserUpdater userUpdater;
    UserIndexer userIndexer;
    DbSession session;
    static final Settings settings = new Settings().setProperty("sonar.defaultGroup", "sonar-users");

    @ClassRule
    public static final EsTester esTester = new EsTester().addDefinitions(new UserIndexDefinition(settings));

    @Rule
    public DbTester dbTester = DbTester.create(System2.INSTANCE);

    @Rule
    public UserSessionRule userSessionRule = UserSessionRule.standalone().login("admin").setGlobalPermissions("admin");
    SecurityRealmFactory realmFactory = (SecurityRealmFactory) Mockito.mock(SecurityRealmFactory.class);

    @Before
    public void setUp() {
        this.dbTester.truncateTables();
        esTester.truncateIndices();
        System2 system2 = new System2();
        Dao userDao = new UserDao(this.dbTester.myBatis(), system2);
        Dao userGroupDao = new UserGroupDao();
        Dao groupDao = new GroupDao(system2);
        this.dbClient = new DbClient(this.dbTester.database(), this.dbTester.myBatis(), new Dao[]{userDao, userGroupDao, groupDao});
        this.session = this.dbClient.openSession(false);
        groupDao.insert(this.session, new GroupDto().setName("sonar-users"));
        this.session.commit();
        this.userIndexer = new UserIndexer(this.dbClient, esTester.client()).setEnabled(true);
        this.index = new UserIndex(esTester.client());
        this.userUpdater = new UserUpdater((NewUserNotifier) Mockito.mock(NewUserNotifier.class), settings, this.dbClient, this.userIndexer, system2);
        this.tester = new WsTester(new UsersWs(new UsersWsAction[]{new ChangePasswordAction(this.userUpdater, this.userSessionRule)}));
        this.controller = this.tester.controller("api/users");
    }

    @After
    public void tearDown() {
        this.session.close();
    }

    @Test(expected = ForbiddenException.class)
    public void fail_on_missing_permission() throws Exception {
        createUser();
        this.userSessionRule.login("polop");
        this.tester.newPostRequest("api/users", "change_password").setParam("login", "john").execute();
    }

    @Test(expected = NotFoundException.class)
    public void fail_on_unknown_user() throws Exception {
        this.tester.newPostRequest("api/users", "change_password").setParam("login", "polop").setParam("password", "polop").execute();
    }

    @Test
    public void update_password() throws Exception {
        createUser();
        this.session.clearCache();
        String cryptedPassword = this.dbClient.userDao().selectOrFailByLogin(this.session, "john").getCryptedPassword();
        this.tester.newPostRequest("api/users", "change_password").setParam("login", "john").setParam("password", "Valar Morghulis").execute().assertNoContent();
        this.session.clearCache();
        Assertions.assertThat(this.dbClient.userDao().selectOrFailByLogin(this.session, "john").getCryptedPassword()).isNotEqualTo(cryptedPassword);
    }

    @Test
    public void update_password_on_self() throws Exception {
        createUser();
        this.session.clearCache();
        String cryptedPassword = this.dbClient.userDao().selectOrFailByLogin(this.session, "john").getCryptedPassword();
        this.userSessionRule.login("john");
        this.tester.newPostRequest("api/users", "change_password").setParam("login", "john").setParam("previousPassword", "Valar Dohaeris").setParam("password", "Valar Morghulis").execute().assertNoContent();
        this.session.clearCache();
        Assertions.assertThat(this.dbClient.userDao().selectOrFailByLogin(this.session, "john").getCryptedPassword()).isNotEqualTo(cryptedPassword);
    }

    @Test(expected = IllegalArgumentException.class)
    public void fail_to_update_password_on_self_without_old_password() throws Exception {
        createUser();
        this.session.clearCache();
        this.userSessionRule.login("john");
        this.tester.newPostRequest("api/users", "change_password").setParam("login", "john").setParam("password", "Valar Morghulis").execute();
    }

    @Test(expected = IllegalArgumentException.class)
    public void fail_to_update_password_on_self_with_bad_old_password() throws Exception {
        createUser();
        this.session.clearCache();
        this.userSessionRule.login("john");
        this.tester.newPostRequest("api/users", "change_password").setParam("login", "john").setParam("previousPassword", "I dunno").setParam("password", "Valar Morghulis").execute();
    }

    @Test(expected = BadRequestException.class)
    public void fail_to_update_password_on_external_auth() throws Exception {
        this.userUpdater.create(NewUser.create().setEmail("john@email.com").setLogin("john").setName("John").setScmAccounts(Lists.newArrayList(new String[]{"jn"})).setExternalIdentity(new ExternalIdentity("gihhub", "john")));
        this.session.clearCache();
        Mockito.when(Boolean.valueOf(this.realmFactory.hasExternalAuthentication())).thenReturn(true);
        this.tester.newPostRequest("api/users", "change_password").setParam("login", "john").setParam("password", "Valar Morghulis").execute();
    }

    private void createUser() {
        this.userUpdater.create(NewUser.create().setEmail("john@email.com").setLogin("john").setName("John").setScmAccounts(Lists.newArrayList(new String[]{"jn"})).setPassword("Valar Dohaeris"));
    }
}
