package org.sonar.server.authentication;

import java.util.Arrays;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.assertj.core.api.Assertions;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.mockito.ArgumentCaptor;
import org.mockito.Matchers;
import org.mockito.Mockito;
import org.sonar.api.config.Settings;
import org.sonar.api.security.Authenticator;
import org.sonar.api.security.ExternalGroupsProvider;
import org.sonar.api.security.ExternalUsersProvider;
import org.sonar.api.security.SecurityRealm;
import org.sonar.api.security.UserDetails;
import org.sonar.api.server.authentication.IdentityProvider;
import org.sonar.api.server.authentication.UserIdentity;
import org.sonar.db.user.UserDto;
import org.sonar.db.user.UserTesting;
import org.sonar.server.exceptions.UnauthorizedException;
import org.sonar.server.user.SecurityRealmFactory;

/* loaded from: input_file:org/sonar/server/authentication/RealmAuthenticatorTest.class */
public class RealmAuthenticatorTest {
    static final String LOGIN = "LOGIN";
    static final String PASSWORD = "PASSWORD";
    static final UserDto USER = UserTesting.newUserDto();

    @Rule
    public ExpectedException expectedException = ExpectedException.none();
    ArgumentCaptor<UserIdentity> userIdentityArgumentCaptor = ArgumentCaptor.forClass(UserIdentity.class);
    ArgumentCaptor<IdentityProvider> identityProviderArgumentCaptor = ArgumentCaptor.forClass(IdentityProvider.class);
    Settings settings = new Settings();
    SecurityRealmFactory securityRealmFactory = (SecurityRealmFactory) Mockito.mock(SecurityRealmFactory.class);
    SecurityRealm realm = (SecurityRealm) Mockito.mock(SecurityRealm.class);
    Authenticator authenticator = (Authenticator) Mockito.mock(Authenticator.class);
    ExternalUsersProvider externalUsersProvider = (ExternalUsersProvider) Mockito.mock(ExternalUsersProvider.class);
    ExternalGroupsProvider externalGroupsProvider = (ExternalGroupsProvider) Mockito.mock(ExternalGroupsProvider.class);
    UserIdentityAuthenticator userIdentityAuthenticator = (UserIdentityAuthenticator) Mockito.mock(UserIdentityAuthenticator.class);
    HttpServletRequest request = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
    HttpServletResponse response = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
    RealmAuthenticator underTest = new RealmAuthenticator(this.settings, this.securityRealmFactory, this.userIdentityAuthenticator);

    @Test
    public void authenticate() throws Exception {
        executeStartWithoutGroupSync();
        Mockito.when(Boolean.valueOf(this.authenticator.doAuthenticate((Authenticator.Context) Matchers.any(Authenticator.Context.class)))).thenReturn(true);
        UserDetails userDetails = new UserDetails();
        userDetails.setName("name");
        userDetails.setEmail("email");
        Mockito.when(this.externalUsersProvider.doGetUserDetails((ExternalUsersProvider.Context) Matchers.any(ExternalUsersProvider.Context.class))).thenReturn(userDetails);
        Mockito.when(this.userIdentityAuthenticator.authenticate((UserIdentity) Matchers.any(UserIdentity.class), (IdentityProvider) Matchers.any(IdentityProvider.class))).thenReturn(USER);
        this.underTest.authenticate(LOGIN, PASSWORD, this.request);
        ((UserIdentityAuthenticator) Mockito.verify(this.userIdentityAuthenticator)).authenticate((UserIdentity) this.userIdentityArgumentCaptor.capture(), (IdentityProvider) this.identityProviderArgumentCaptor.capture());
        UserIdentity userIdentity = (UserIdentity) this.userIdentityArgumentCaptor.getValue();
        Assertions.assertThat(userIdentity.getLogin()).isEqualTo(LOGIN);
        Assertions.assertThat(userIdentity.getProviderLogin()).isEqualTo(LOGIN);
        Assertions.assertThat(userIdentity.getName()).isEqualTo("name");
        Assertions.assertThat(userIdentity.getEmail()).isEqualTo("email");
        Assertions.assertThat(userIdentity.shouldSyncGroups()).isFalse();
    }

    @Test
    public void authenticate_with_sonarqube_identity_provider() throws Exception {
        executeStartWithoutGroupSync();
        Mockito.when(Boolean.valueOf(this.authenticator.doAuthenticate((Authenticator.Context) Matchers.any(Authenticator.Context.class)))).thenReturn(true);
        UserDetails userDetails = new UserDetails();
        userDetails.setName("name");
        userDetails.setEmail("email");
        Mockito.when(this.externalUsersProvider.doGetUserDetails((ExternalUsersProvider.Context) Matchers.any(ExternalUsersProvider.Context.class))).thenReturn(userDetails);
        Mockito.when(this.userIdentityAuthenticator.authenticate((UserIdentity) Matchers.any(UserIdentity.class), (IdentityProvider) Matchers.any(IdentityProvider.class))).thenReturn(USER);
        this.underTest.authenticate(LOGIN, PASSWORD, this.request);
        ((UserIdentityAuthenticator) Mockito.verify(this.userIdentityAuthenticator)).authenticate((UserIdentity) this.userIdentityArgumentCaptor.capture(), (IdentityProvider) this.identityProviderArgumentCaptor.capture());
        Assertions.assertThat(((IdentityProvider) this.identityProviderArgumentCaptor.getValue()).getKey()).isEqualTo("sonarqube");
        Assertions.assertThat(((IdentityProvider) this.identityProviderArgumentCaptor.getValue()).getName()).isEqualTo("sonarqube");
        Assertions.assertThat(((IdentityProvider) this.identityProviderArgumentCaptor.getValue()).getDisplay()).isNull();
        Assertions.assertThat(((IdentityProvider) this.identityProviderArgumentCaptor.getValue()).isEnabled()).isTrue();
    }

    @Test
    public void login_is_used_when_no_name_provided() throws Exception {
        executeStartWithoutGroupSync();
        Mockito.when(Boolean.valueOf(this.authenticator.doAuthenticate((Authenticator.Context) Matchers.any(Authenticator.Context.class)))).thenReturn(true);
        UserDetails userDetails = new UserDetails();
        userDetails.setEmail("email");
        Mockito.when(this.externalUsersProvider.doGetUserDetails((ExternalUsersProvider.Context) Matchers.any(ExternalUsersProvider.Context.class))).thenReturn(userDetails);
        Mockito.when(this.userIdentityAuthenticator.authenticate((UserIdentity) Matchers.any(UserIdentity.class), (IdentityProvider) Matchers.any(IdentityProvider.class))).thenReturn(USER);
        this.underTest.authenticate(LOGIN, PASSWORD, this.request);
        ((UserIdentityAuthenticator) Mockito.verify(this.userIdentityAuthenticator)).authenticate((UserIdentity) this.userIdentityArgumentCaptor.capture(), (IdentityProvider) this.identityProviderArgumentCaptor.capture());
        Assertions.assertThat(((IdentityProvider) this.identityProviderArgumentCaptor.getValue()).getName()).isEqualTo("sonarqube");
    }

    @Test
    public void authenticate_with_group_sync() throws Exception {
        Mockito.when(this.externalGroupsProvider.doGetGroups((ExternalGroupsProvider.Context) Matchers.any(ExternalGroupsProvider.Context.class))).thenReturn(Arrays.asList("group1", "group2"));
        Mockito.when(this.userIdentityAuthenticator.authenticate((UserIdentity) Matchers.any(UserIdentity.class), (IdentityProvider) Matchers.any(IdentityProvider.class))).thenReturn(USER);
        executeStartWithGroupSync();
        executeAuthenticate();
        ((UserIdentityAuthenticator) Mockito.verify(this.userIdentityAuthenticator)).authenticate((UserIdentity) this.userIdentityArgumentCaptor.capture(), (IdentityProvider) this.identityProviderArgumentCaptor.capture());
        UserIdentity userIdentity = (UserIdentity) this.userIdentityArgumentCaptor.getValue();
        Assertions.assertThat(userIdentity.shouldSyncGroups()).isTrue();
        Assertions.assertThat(userIdentity.getGroups()).containsOnly(new String[]{"group1", "group2"});
    }

    @Test
    public void use_login_if_user_details_contains_no_name() throws Exception {
        executeStartWithoutGroupSync();
        Mockito.when(Boolean.valueOf(this.authenticator.doAuthenticate((Authenticator.Context) Matchers.any(Authenticator.Context.class)))).thenReturn(true);
        UserDetails userDetails = new UserDetails();
        userDetails.setName((String) null);
        Mockito.when(this.externalUsersProvider.doGetUserDetails((ExternalUsersProvider.Context) Matchers.any(ExternalUsersProvider.Context.class))).thenReturn(userDetails);
        Mockito.when(this.userIdentityAuthenticator.authenticate((UserIdentity) Matchers.any(UserIdentity.class), (IdentityProvider) Matchers.any(IdentityProvider.class))).thenReturn(USER);
        this.underTest.authenticate(LOGIN, PASSWORD, this.request);
        ((UserIdentityAuthenticator) Mockito.verify(this.userIdentityAuthenticator)).authenticate((UserIdentity) this.userIdentityArgumentCaptor.capture(), (IdentityProvider) this.identityProviderArgumentCaptor.capture());
        Assertions.assertThat(((UserIdentity) this.userIdentityArgumentCaptor.getValue()).getName()).isEqualTo(LOGIN);
    }

    @Test
    public void allow_to_sign_up_property() throws Exception {
        this.settings.setProperty("sonar.authenticator.createUsers", true);
        Mockito.when(this.userIdentityAuthenticator.authenticate((UserIdentity) Matchers.any(UserIdentity.class), (IdentityProvider) Matchers.any(IdentityProvider.class))).thenReturn(USER);
        executeStartWithoutGroupSync();
        executeAuthenticate();
        ((UserIdentityAuthenticator) Mockito.verify(this.userIdentityAuthenticator)).authenticate((UserIdentity) this.userIdentityArgumentCaptor.capture(), (IdentityProvider) this.identityProviderArgumentCaptor.capture());
        Assertions.assertThat(((IdentityProvider) this.identityProviderArgumentCaptor.getValue()).allowsUsersToSignUp()).isTrue();
    }

    @Test
    public void does_not_allow_to_sign_up_property() throws Exception {
        this.settings.setProperty("sonar.authenticator.createUsers", false);
        Mockito.when(this.userIdentityAuthenticator.authenticate((UserIdentity) Matchers.any(UserIdentity.class), (IdentityProvider) Matchers.any(IdentityProvider.class))).thenReturn(USER);
        executeStartWithoutGroupSync();
        executeAuthenticate();
        ((UserIdentityAuthenticator) Mockito.verify(this.userIdentityAuthenticator)).authenticate((UserIdentity) this.userIdentityArgumentCaptor.capture(), (IdentityProvider) this.identityProviderArgumentCaptor.capture());
        Assertions.assertThat(((IdentityProvider) this.identityProviderArgumentCaptor.getValue()).allowsUsersToSignUp()).isFalse();
    }

    @Test
    public void use_downcase_login() throws Exception {
        this.settings.setProperty("sonar.authenticator.downcase", true);
        Mockito.when(this.userIdentityAuthenticator.authenticate((UserIdentity) Matchers.any(UserIdentity.class), (IdentityProvider) Matchers.any(IdentityProvider.class))).thenReturn(USER);
        executeStartWithoutGroupSync();
        executeAuthenticate(LOGIN);
        ((UserIdentityAuthenticator) Mockito.verify(this.userIdentityAuthenticator)).authenticate((UserIdentity) this.userIdentityArgumentCaptor.capture(), (IdentityProvider) this.identityProviderArgumentCaptor.capture());
        UserIdentity userIdentity = (UserIdentity) this.userIdentityArgumentCaptor.getValue();
        Assertions.assertThat(userIdentity.getLogin()).isEqualTo("login");
        Assertions.assertThat(userIdentity.getProviderLogin()).isEqualTo("login");
    }

    @Test
    public void does_not_user_downcase_login() throws Exception {
        this.settings.setProperty("sonar.authenticator.downcase", false);
        Mockito.when(this.userIdentityAuthenticator.authenticate((UserIdentity) Matchers.any(UserIdentity.class), (IdentityProvider) Matchers.any(IdentityProvider.class))).thenReturn(USER);
        executeStartWithoutGroupSync();
        executeAuthenticate("LoGiN");
        ((UserIdentityAuthenticator) Mockito.verify(this.userIdentityAuthenticator)).authenticate((UserIdentity) this.userIdentityArgumentCaptor.capture(), (IdentityProvider) this.identityProviderArgumentCaptor.capture());
        UserIdentity userIdentity = (UserIdentity) this.userIdentityArgumentCaptor.getValue();
        Assertions.assertThat(userIdentity.getLogin()).isEqualTo("LoGiN");
        Assertions.assertThat(userIdentity.getProviderLogin()).isEqualTo("LoGiN");
    }

    @Test
    public void fail_to_authenticate_when_user_details_are_null() throws Exception {
        executeStartWithoutGroupSync();
        Mockito.when(Boolean.valueOf(this.authenticator.doAuthenticate((Authenticator.Context) Matchers.any(Authenticator.Context.class)))).thenReturn(true);
        Mockito.when(this.externalUsersProvider.doGetUserDetails((ExternalUsersProvider.Context) Matchers.any(ExternalUsersProvider.Context.class))).thenReturn((Object) null);
        this.expectedException.expect(UnauthorizedException.class);
        this.underTest.authenticate(LOGIN, PASSWORD, this.request);
    }

    @Test
    public void fail_to_authenticate_when_external_authentication_fails() throws Exception {
        executeStartWithoutGroupSync();
        Mockito.when(this.externalUsersProvider.doGetUserDetails((ExternalUsersProvider.Context) Matchers.any(ExternalUsersProvider.Context.class))).thenReturn(new UserDetails());
        Mockito.when(Boolean.valueOf(this.authenticator.doAuthenticate((Authenticator.Context) Matchers.any(Authenticator.Context.class)))).thenReturn(false);
        this.expectedException.expect(UnauthorizedException.class);
        this.underTest.authenticate(LOGIN, PASSWORD, this.request);
    }

    @Test
    public void fail_to_authenticate_when_any_exception_is_thrown() throws Exception {
        executeStartWithoutGroupSync();
        ((Authenticator) Mockito.doThrow(IllegalArgumentException.class).when(this.authenticator)).doAuthenticate((Authenticator.Context) Matchers.any(Authenticator.Context.class));
        Mockito.when(this.externalUsersProvider.doGetUserDetails((ExternalUsersProvider.Context) Matchers.any(ExternalUsersProvider.Context.class))).thenReturn((Object) null);
        this.expectedException.expect(UnauthorizedException.class);
        this.underTest.authenticate(LOGIN, PASSWORD, this.request);
    }

    @Test
    public void return_empty_user_when_no_realm() throws Exception {
        Assertions.assertThat(this.underTest.authenticate(LOGIN, PASSWORD, this.request)).isEmpty();
    }

    @Test
    public void fail_to_start_when_no_authenticator() throws Exception {
        Mockito.when(this.realm.doGetAuthenticator()).thenReturn((Object) null);
        Mockito.when(this.securityRealmFactory.getRealm()).thenReturn(this.realm);
        this.expectedException.expect(NullPointerException.class);
        this.expectedException.expectMessage("No authenticator available");
        this.underTest.start();
    }

    @Test
    public void fail_to_start_when_no_user_provider() throws Exception {
        Mockito.when(this.realm.doGetAuthenticator()).thenReturn(this.authenticator);
        Mockito.when(this.realm.getUsersProvider()).thenReturn((Object) null);
        Mockito.when(this.securityRealmFactory.getRealm()).thenReturn(this.realm);
        this.expectedException.expect(NullPointerException.class);
        this.expectedException.expectMessage("No users provider available");
        this.underTest.start();
    }

    private void executeStartWithoutGroupSync() {
        Mockito.when(this.realm.doGetAuthenticator()).thenReturn(this.authenticator);
        Mockito.when(this.realm.getUsersProvider()).thenReturn(this.externalUsersProvider);
        Mockito.when(this.securityRealmFactory.getRealm()).thenReturn(this.realm);
        this.underTest.start();
    }

    private void executeStartWithGroupSync() {
        Mockito.when(this.realm.doGetAuthenticator()).thenReturn(this.authenticator);
        Mockito.when(this.realm.getUsersProvider()).thenReturn(this.externalUsersProvider);
        Mockito.when(this.realm.getGroupsProvider()).thenReturn(this.externalGroupsProvider);
        Mockito.when(this.securityRealmFactory.getRealm()).thenReturn(this.realm);
        this.underTest.start();
    }

    private void executeAuthenticate() {
        executeAuthenticate(LOGIN);
    }

    private void executeAuthenticate(String str) {
        Mockito.when(Boolean.valueOf(this.authenticator.doAuthenticate((Authenticator.Context) Matchers.any(Authenticator.Context.class)))).thenReturn(true);
        UserDetails userDetails = new UserDetails();
        userDetails.setName("name");
        Mockito.when(this.externalUsersProvider.doGetUserDetails((ExternalUsersProvider.Context) Matchers.any(ExternalUsersProvider.Context.class))).thenReturn(userDetails);
        this.underTest.authenticate(str, PASSWORD, this.request);
    }
}
