package org.sonar.server.authentication;

import com.google.common.collect.Sets;
import java.util.Arrays;
import java.util.Optional;
import java.util.Set;
import org.assertj.core.api.Assertions;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.mockito.Mockito;
import org.sonar.api.config.MapSettings;
import org.sonar.api.config.Settings;
import org.sonar.api.server.authentication.UserIdentity;
import org.sonar.api.utils.System2;
import org.sonar.api.utils.internal.AlwaysIncreasingSystem2;
import org.sonar.core.util.stream.Collectors;
import org.sonar.db.DbTester;
import org.sonar.db.organization.OrganizationDto;
import org.sonar.db.user.GroupDto;
import org.sonar.db.user.UserDto;
import org.sonar.db.user.UserTesting;
import org.sonar.server.authentication.event.AuthenticationEvent;
import org.sonar.server.authentication.event.AuthenticationExceptionMatcher;
import org.sonar.server.organization.DefaultOrganizationProvider;
import org.sonar.server.organization.OrganizationCreation;
import org.sonar.server.organization.TestDefaultOrganizationProvider;
import org.sonar.server.user.NewUserNotifier;
import org.sonar.server.user.UserUpdater;
import org.sonar.server.user.index.UserIndexer;

/* loaded from: input_file:org/sonar/server/authentication/UserIdentityAuthenticatorTest.class */
public class UserIdentityAuthenticatorTest {
    private static String USER_LOGIN = "github-johndoo";
    private static String DEFAULT_GROUP = "default";
    private static UserIdentity USER_IDENTITY = UserIdentity.builder().setProviderLogin("johndoo").setLogin(USER_LOGIN).setName("John").setEmail("john@email.com").build();
    private static TestIdentityProvider IDENTITY_PROVIDER = new TestIdentityProvider().setKey("github").setName("name of github").setEnabled(true).setAllowsUsersToSignUp(true);

    @Rule
    public ExpectedException thrown = ExpectedException.none();

    @Rule
    public DbTester db = DbTester.create(new AlwaysIncreasingSystem2());
    private Settings settings = new MapSettings();
    private DefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(this.db);
    private OrganizationCreation organizationCreation = (OrganizationCreation) Mockito.mock(OrganizationCreation.class);
    private UserUpdater userUpdater = new UserUpdater((NewUserNotifier) Mockito.mock(NewUserNotifier.class), this.settings, this.db.getDbClient(), (UserIndexer) Mockito.mock(UserIndexer.class), System2.INSTANCE, this.defaultOrganizationProvider, this.organizationCreation);
    private UserIdentityAuthenticator underTest = new UserIdentityAuthenticator(this.db.getDbClient(), this.userUpdater, this.defaultOrganizationProvider);
    private GroupDto defaultGroup;

    @Before
    public void setUp() throws Exception {
        this.settings.setProperty("sonar.defaultGroup", DEFAULT_GROUP);
        this.defaultGroup = this.db.users().insertGroup(this.db.getDefaultOrganization(), DEFAULT_GROUP);
    }

    @Test
    public void authenticate_new_user() throws Exception {
        this.underTest.authenticate(USER_IDENTITY, IDENTITY_PROVIDER, AuthenticationEvent.Source.realm(AuthenticationEvent.Method.BASIC, IDENTITY_PROVIDER.getName()));
        UserDto userDto = (UserDto) this.db.users().selectUserByLogin(USER_LOGIN).get();
        Assertions.assertThat(userDto).isNotNull();
        Assertions.assertThat(userDto.isActive()).isTrue();
        Assertions.assertThat(userDto.getName()).isEqualTo("John");
        Assertions.assertThat(userDto.getEmail()).isEqualTo("john@email.com");
        Assertions.assertThat(userDto.getExternalIdentity()).isEqualTo("johndoo");
        Assertions.assertThat(userDto.getExternalIdentityProvider()).isEqualTo("github");
        Assertions.assertThat(userDto.isRoot()).isFalse();
        Assertions.assertThat(this.db.users().selectGroupIdsOfUser(userDto)).containsOnly(new Long[]{this.defaultGroup.getId()});
    }

    @Test
    public void authenticate_new_user_with_groups() throws Exception {
        GroupDto insertGroup = this.db.users().insertGroup(this.db.getDefaultOrganization(), "group1");
        GroupDto insertGroup2 = this.db.users().insertGroup(this.db.getDefaultOrganization(), "group2");
        authenticate(USER_LOGIN, "group1", "group2", "group3");
        Optional selectUserByLogin = this.db.users().selectUserByLogin(USER_LOGIN);
        Assertions.assertThat(selectUserByLogin).isPresent();
        Assertions.assertThat(((UserDto) selectUserByLogin.get()).isRoot()).isFalse();
        Assertions.assertThat(this.db.users().selectGroupIdsOfUser((UserDto) selectUserByLogin.get())).containsOnly(new Long[]{insertGroup.getId(), insertGroup2.getId()});
    }

    @Test
    public void authenticate_existing_user() throws Exception {
        this.db.users().insertUser(UserTesting.newUserDto().setLogin(USER_LOGIN).setActive(true).setName("Old name").setEmail("Old email").setExternalIdentity("old identity").setExternalIdentityProvider("old provide"));
        this.underTest.authenticate(USER_IDENTITY, IDENTITY_PROVIDER, AuthenticationEvent.Source.local(AuthenticationEvent.Method.BASIC));
        UserDto userDto = (UserDto) this.db.users().selectUserByLogin(USER_LOGIN).get();
        Assertions.assertThat(userDto.isActive()).isTrue();
        Assertions.assertThat(userDto.getName()).isEqualTo("John");
        Assertions.assertThat(userDto.getEmail()).isEqualTo("john@email.com");
        Assertions.assertThat(userDto.getExternalIdentity()).isEqualTo("johndoo");
        Assertions.assertThat(userDto.getExternalIdentityProvider()).isEqualTo("github");
        Assertions.assertThat(userDto.isRoot()).isFalse();
    }

    @Test
    public void authenticate_existing_disabled_user() throws Exception {
        this.db.users().insertUser(UserTesting.newUserDto().setLogin(USER_LOGIN).setActive(false).setName("Old name").setEmail("Old email").setExternalIdentity("old identity").setExternalIdentityProvider("old provide"));
        this.underTest.authenticate(USER_IDENTITY, IDENTITY_PROVIDER, AuthenticationEvent.Source.local(AuthenticationEvent.Method.BASIC_TOKEN));
        UserDto userDto = (UserDto) this.db.users().selectUserByLogin(USER_LOGIN).get();
        Assertions.assertThat(userDto.isActive()).isTrue();
        Assertions.assertThat(userDto.getName()).isEqualTo("John");
        Assertions.assertThat(userDto.getEmail()).isEqualTo("john@email.com");
        Assertions.assertThat(userDto.getExternalIdentity()).isEqualTo("johndoo");
        Assertions.assertThat(userDto.getExternalIdentityProvider()).isEqualTo("github");
        Assertions.assertThat(userDto.isRoot()).isFalse();
    }

    @Test
    public void authenticate_existing_user_and_add_new_groups() throws Exception {
        UserDto insertUser = this.db.users().insertUser(UserTesting.newUserDto().setLogin(USER_LOGIN).setActive(true).setName("John"));
        GroupDto insertGroup = this.db.users().insertGroup(this.db.getDefaultOrganization(), "group1");
        GroupDto insertGroup2 = this.db.users().insertGroup(this.db.getDefaultOrganization(), "group2");
        authenticate(USER_LOGIN, "group1", "group2", "group3");
        Assertions.assertThat(this.db.users().selectGroupIdsOfUser(insertUser)).containsOnly(new Long[]{insertGroup.getId(), insertGroup2.getId()});
    }

    @Test
    public void authenticate_existing_user_and_remove_groups() throws Exception {
        UserDto insertUser = this.db.users().insertUser(UserTesting.newUserDto().setLogin(USER_LOGIN).setActive(true).setName("John"));
        GroupDto insertGroup = this.db.users().insertGroup(this.db.getDefaultOrganization(), "group1");
        GroupDto insertGroup2 = this.db.users().insertGroup(this.db.getDefaultOrganization(), "group2");
        this.db.users().insertMember(insertGroup, insertUser);
        this.db.users().insertMember(insertGroup2, insertUser);
        authenticate(USER_LOGIN, "group1");
        Assertions.assertThat(this.db.users().selectGroupIdsOfUser(insertUser)).containsOnly(new Long[]{insertGroup.getId()});
    }

    @Test
    public void authenticate_existing_user_and_remove_all_groups() throws Exception {
        UserDto insertUser = this.db.users().insertUser();
        GroupDto insertGroup = this.db.users().insertGroup(this.db.getDefaultOrganization(), "group1");
        GroupDto insertGroup2 = this.db.users().insertGroup(this.db.getDefaultOrganization(), "group2");
        this.db.users().insertMember(insertGroup, insertUser);
        this.db.users().insertMember(insertGroup2, insertUser);
        authenticate(insertUser.getLogin(), new String[0]);
        Assertions.assertThat(this.db.users().selectGroupIdsOfUser(insertUser)).isEmpty();
    }

    @Test
    public void ignore_groups_on_non_default_organizations() throws Exception {
        OrganizationDto insert = this.db.organizations().insert();
        UserDto insertUser = this.db.users().insertUser(UserTesting.newUserDto().setLogin(USER_LOGIN).setActive(true).setName("John"));
        GroupDto insertGroup = this.db.users().insertGroup(this.db.getDefaultOrganization(), "a-group");
        this.db.users().insertGroup(insert, "a-group");
        this.underTest.authenticate(UserIdentity.builder().setProviderLogin("johndoo").setLogin(insertUser.getLogin()).setName(insertUser.getName()).setGroups(Sets.newHashSet(new String[]{"a-group"})).build(), IDENTITY_PROVIDER, AuthenticationEvent.Source.sso());
        Assertions.assertThat(this.db.users().selectGroupIdsOfUser(insertUser)).containsOnly(new Long[]{insertGroup.getId()});
    }

    @Test
    public void fail_to_authenticate_new_user_when_allow_users_to_signup_is_false() throws Exception {
        TestIdentityProvider allowsUsersToSignUp = new TestIdentityProvider().setKey("github").setName("Github").setEnabled(true).setAllowsUsersToSignUp(false);
        AuthenticationEvent.Source realm = AuthenticationEvent.Source.realm(AuthenticationEvent.Method.FORM, allowsUsersToSignUp.getName());
        this.thrown.expect(AuthenticationExceptionMatcher.authenticationException().from(realm).withLogin(USER_IDENTITY.getLogin()).andPublicMessage("'github' users are not allowed to sign up"));
        this.thrown.expectMessage("User signup disabled for provider 'github'");
        this.underTest.authenticate(USER_IDENTITY, allowsUsersToSignUp, realm);
    }

    @Test
    public void fail_to_authenticate_new_user_when_email_already_exists() throws Exception {
        this.db.users().insertUser(UserTesting.newUserDto().setLogin("Existing user with same email").setActive(true).setEmail("john@email.com"));
        AuthenticationEvent.Source realm = AuthenticationEvent.Source.realm(AuthenticationEvent.Method.FORM, IDENTITY_PROVIDER.getName());
        this.thrown.expect(AuthenticationExceptionMatcher.authenticationException().from(realm).withLogin(USER_IDENTITY.getLogin()).andPublicMessage("You can't sign up because email 'john@email.com' is already used by an existing user. This means that you probably already registered with another account."));
        this.thrown.expectMessage("Email 'john@email.com' is already used");
        this.underTest.authenticate(USER_IDENTITY, IDENTITY_PROVIDER, realm);
    }

    private void authenticate(String str, String... strArr) {
        this.underTest.authenticate(UserIdentity.builder().setProviderLogin("johndoo").setLogin(str).setName("John").setGroups((Set) Arrays.stream(strArr).collect(Collectors.toSet())).build(), IDENTITY_PROVIDER, AuthenticationEvent.Source.sso());
    }
}
