package org.sonar.server.authentication;

import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.assertj.core.api.Assertions;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.mockito.Matchers;
import org.mockito.Mockito;
import org.sonar.api.config.MapSettings;
import org.sonar.api.config.Settings;
import org.sonar.api.utils.System2;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.DbTester;
import org.sonar.db.user.UserDto;
import org.sonar.db.user.UserTesting;
import org.sonar.server.exceptions.UnauthorizedException;
import org.sonar.server.user.ServerUserSession;
import org.sonar.server.user.ThreadLocalUserSession;
import org.sonar.server.user.UserSession;

/* loaded from: input_file:org/sonar/server/authentication/UserSessionInitializerTest.class */
public class UserSessionInitializerTest {

    @Rule
    public DbTester dbTester = DbTester.create(System2.INSTANCE);
    DbClient dbClient = this.dbTester.getDbClient();
    DbSession dbSession = this.dbTester.getSession();
    ThreadLocalUserSession userSession = (ThreadLocalUserSession) Mockito.mock(ThreadLocalUserSession.class);
    HttpServletRequest request = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
    HttpServletResponse response = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
    JwtHttpHandler jwtHttpHandler = (JwtHttpHandler) Mockito.mock(JwtHttpHandler.class);
    BasicAuthenticator basicAuthenticator = (BasicAuthenticator) Mockito.mock(BasicAuthenticator.class);
    Settings settings = new MapSettings();
    UserDto user = UserTesting.newUserDto();
    UserSessionInitializer underTest = new UserSessionInitializer(this.dbClient, this.settings, this.jwtHttpHandler, this.basicAuthenticator, this.userSession);

    @Before
    public void setUp() throws Exception {
        this.dbClient.userDao().insert(this.dbSession, this.user);
        this.dbSession.commit();
        Mockito.when(this.request.getContextPath()).thenReturn("");
        Mockito.when(this.request.getRequestURI()).thenReturn("/measures");
    }

    @Test
    public void check_urls() throws Exception {
        assertPathIsNotIgnored("/");
        assertPathIsNotIgnored("/foo");
        assertPathIsNotIgnored("/api/server_id/show");
        assertPathIsIgnored("/api/authentication/login");
        assertPathIsIgnored("/api/authentication/validate");
        assertPathIsIgnored("/batch/index");
        assertPathIsIgnored("/batch/file");
        assertPathIsIgnored("/maintenance/index");
        assertPathIsIgnored("/setup/index");
        assertPathIsIgnored("/sessions/new");
        assertPathIsIgnored("/sessions/logout");
        assertPathIsIgnored("/api/system/db_migration_status");
        assertPathIsIgnored("/api/system/status");
        assertPathIsIgnored("/api/system/migrate_db");
        assertPathIsIgnored("/api/server/index");
        assertPathIsIgnored("/api/server/setup");
        assertPathIsIgnored("/api/server/version");
        assertPathIsIgnored("/css/style.css");
        assertPathIsIgnored("/fonts/font.ttf");
        assertPathIsIgnored("/images/logo.png");
        assertPathIsIgnored("/js/jquery.js");
    }

    @Test
    public void validate_session_from_token() throws Exception {
        Mockito.when(Boolean.valueOf(this.userSession.isLoggedIn())).thenReturn(true);
        Mockito.when(this.jwtHttpHandler.validateToken(this.request, this.response)).thenReturn(Optional.of(this.user));
        Assertions.assertThat(this.underTest.initUserSession(this.request, this.response)).isTrue();
        ((JwtHttpHandler) Mockito.verify(this.jwtHttpHandler)).validateToken(this.request, this.response);
        ((HttpServletResponse) Mockito.verify(this.response, Mockito.never())).setStatus(Matchers.anyInt());
    }

    @Test
    public void validate_session_from_basic_authentication() throws Exception {
        Mockito.when(Boolean.valueOf(this.userSession.isLoggedIn())).thenReturn(false).thenReturn(true);
        Mockito.when(this.basicAuthenticator.authenticate(this.request)).thenReturn(Optional.of(this.user));
        Mockito.when(this.jwtHttpHandler.validateToken(this.request, this.response)).thenReturn(Optional.empty());
        Assertions.assertThat(this.underTest.initUserSession(this.request, this.response)).isTrue();
        ((JwtHttpHandler) Mockito.verify(this.jwtHttpHandler)).validateToken(this.request, this.response);
        ((BasicAuthenticator) Mockito.verify(this.basicAuthenticator)).authenticate(this.request);
        ((ThreadLocalUserSession) Mockito.verify(this.userSession)).set((UserSession) Matchers.any(ServerUserSession.class));
        ((HttpServletResponse) Mockito.verify(this.response, Mockito.never())).setStatus(Matchers.anyInt());
    }

    @Test
    public void return_code_401_when_invalid_token_exception() throws Exception {
        ((JwtHttpHandler) Mockito.doThrow(new UnauthorizedException("invalid token")).when(this.jwtHttpHandler)).validateToken(this.request, this.response);
        Assertions.assertThat(this.underTest.initUserSession(this.request, this.response)).isTrue();
        ((HttpServletResponse) Mockito.verify(this.response)).setStatus(401);
        Mockito.verifyZeroInteractions(new Object[]{this.userSession});
    }

    @Test
    public void return_code_401_when_not_authenticated_and_with_force_authentication() throws Exception {
        Mockito.when(Boolean.valueOf(this.userSession.isLoggedIn())).thenReturn(false);
        Mockito.when(this.basicAuthenticator.authenticate(this.request)).thenReturn(Optional.empty());
        Mockito.when(this.jwtHttpHandler.validateToken(this.request, this.response)).thenReturn(Optional.empty());
        this.settings.setProperty("sonar.forceAuthentication", true);
        Assertions.assertThat(this.underTest.initUserSession(this.request, this.response)).isTrue();
        ((HttpServletResponse) Mockito.verify(this.response)).setStatus(401);
        Mockito.verifyZeroInteractions(new Object[]{this.userSession});
    }

    @Test
    public void return_401_and_stop_on_ws() throws Exception {
        Mockito.when(this.request.getRequestURI()).thenReturn("/api/issues");
        ((JwtHttpHandler) Mockito.doThrow(new UnauthorizedException("invalid token")).when(this.jwtHttpHandler)).validateToken(this.request, this.response);
        Assertions.assertThat(this.underTest.initUserSession(this.request, this.response)).isFalse();
        ((HttpServletResponse) Mockito.verify(this.response)).setStatus(401);
        Mockito.verifyZeroInteractions(new Object[]{this.userSession});
    }

    @Test
    public void return_401_and_stop_on_batch_ws() throws Exception {
        Mockito.when(this.request.getRequestURI()).thenReturn("/batch/global");
        ((JwtHttpHandler) Mockito.doThrow(new UnauthorizedException("invalid token")).when(this.jwtHttpHandler)).validateToken(this.request, this.response);
        Assertions.assertThat(this.underTest.initUserSession(this.request, this.response)).isFalse();
        ((HttpServletResponse) Mockito.verify(this.response)).setStatus(401);
        Mockito.verifyZeroInteractions(new Object[]{this.userSession});
    }

    private void assertPathIsIgnored(String str) {
        Mockito.when(this.request.getRequestURI()).thenReturn(str);
        Assertions.assertThat(this.underTest.initUserSession(this.request, this.response)).isTrue();
        Mockito.verifyZeroInteractions(new Object[]{this.userSession, this.jwtHttpHandler, this.basicAuthenticator});
        Mockito.reset(new Object[]{this.userSession, this.jwtHttpHandler, this.basicAuthenticator});
    }

    private void assertPathIsNotIgnored(String str) {
        Mockito.when(this.request.getRequestURI()).thenReturn(str);
        Mockito.when(this.jwtHttpHandler.validateToken(this.request, this.response)).thenReturn(Optional.of(this.user));
        Assertions.assertThat(this.underTest.initUserSession(this.request, this.response)).isTrue();
        ((ThreadLocalUserSession) Mockito.verify(this.userSession)).set((UserSession) Matchers.any(UserSession.class));
        Mockito.reset(new Object[]{this.userSession, this.jwtHttpHandler, this.basicAuthenticator});
    }
}
