package org.sonar.server.user.ws;

import com.google.common.collect.Lists;
import org.assertj.core.api.Assertions;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.mockito.Mockito;
import org.sonar.api.config.MapSettings;
import org.sonar.api.utils.System2;
import org.sonar.db.DbTester;
import org.sonar.db.user.GroupTesting;
import org.sonar.server.es.EsTester;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.exceptions.NotFoundException;
import org.sonar.server.organization.OrganizationCreation;
import org.sonar.server.organization.TestDefaultOrganizationProvider;
import org.sonar.server.tester.UserSessionRule;
import org.sonar.server.user.ExternalIdentity;
import org.sonar.server.user.NewUser;
import org.sonar.server.user.NewUserNotifier;
import org.sonar.server.user.UserUpdater;
import org.sonar.server.user.index.UserIndexDefinition;
import org.sonar.server.user.index.UserIndexer;
import org.sonar.server.ws.WsTester;

/* loaded from: input_file:org/sonar/server/user/ws/ChangePasswordActionTest.class */
public class ChangePasswordActionTest {

    @Rule
    public ExpectedException expectedException = ExpectedException.none();

    @Rule
    public DbTester db = DbTester.create();

    @Rule
    public EsTester esTester = new EsTester(new UserIndexDefinition(new MapSettings()));

    @Rule
    public UserSessionRule userSessionRule = UserSessionRule.standalone().logIn();
    private UserUpdater userUpdater = new UserUpdater((NewUserNotifier) Mockito.mock(NewUserNotifier.class), new MapSettings(), this.db.getDbClient(), new UserIndexer(System2.INSTANCE, this.db.getDbClient(), this.esTester.client()), System2.INSTANCE, TestDefaultOrganizationProvider.from(this.db), (OrganizationCreation) Mockito.mock(OrganizationCreation.class));
    private WsTester tester = new WsTester(new UsersWs(new UsersWsAction[]{new ChangePasswordAction(this.db.getDbClient(), this.userUpdater, this.userSessionRule)}));

    @Before
    public void setUp() {
        this.db.users().insertGroup(GroupTesting.newGroupDto().setName("sonar-users"));
    }

    @Test
    public void fail_on_missing_permission() throws Exception {
        createUser();
        this.userSessionRule.logIn("polop");
        this.expectedException.expect(ForbiddenException.class);
        this.tester.newPostRequest("api/users", "change_password").setParam("login", "john").execute();
    }

    @Test
    public void fail_on_unknown_user() throws Exception {
        this.userSessionRule.logIn().setSystemAdministrator();
        this.expectedException.expect(NotFoundException.class);
        this.tester.newPostRequest("api/users", "change_password").setParam("login", "polop").setParam("password", "polop").execute();
    }

    @Test
    public void system_administrator_can_update_password_of_user() throws Exception {
        this.userSessionRule.logIn().setSystemAdministrator();
        createUser();
        String cryptedPassword = this.db.getDbClient().userDao().selectOrFailByLogin(this.db.getSession(), "john").getCryptedPassword();
        this.tester.newPostRequest("api/users", "change_password").setParam("login", "john").setParam("password", "Valar Morghulis").execute().assertNoContent();
        Assertions.assertThat(this.db.getDbClient().userDao().selectOrFailByLogin(this.db.getSession(), "john").getCryptedPassword()).isNotEqualTo(cryptedPassword);
    }

    @Test
    public void a_user_can_update_his_password() throws Exception {
        createUser();
        String cryptedPassword = this.db.getDbClient().userDao().selectOrFailByLogin(this.db.getSession(), "john").getCryptedPassword();
        this.userSessionRule.logIn("john");
        this.tester.newPostRequest("api/users", "change_password").setParam("login", "john").setParam("previousPassword", "Valar Dohaeris").setParam("password", "Valar Morghulis").execute().assertNoContent();
        Assertions.assertThat(this.db.getDbClient().userDao().selectOrFailByLogin(this.db.getSession(), "john").getCryptedPassword()).isNotEqualTo(cryptedPassword);
    }

    @Test
    public void fail_to_update_password_on_self_without_old_password() throws Exception {
        createUser();
        this.userSessionRule.logIn("john");
        this.expectedException.expect(IllegalArgumentException.class);
        this.tester.newPostRequest("api/users", "change_password").setParam("login", "john").setParam("password", "Valar Morghulis").execute();
    }

    @Test
    public void fail_to_update_password_on_self_with_bad_old_password() throws Exception {
        createUser();
        this.userSessionRule.logIn("john");
        this.expectedException.expect(IllegalArgumentException.class);
        this.tester.newPostRequest("api/users", "change_password").setParam("login", "john").setParam("previousPassword", "I dunno").setParam("password", "Valar Morghulis").execute();
    }

    @Test
    public void fail_to_update_password_on_external_auth() throws Exception {
        this.userSessionRule.logIn().setSystemAdministrator();
        this.userUpdater.create(NewUser.builder().setEmail("john@email.com").setLogin("john").setName("John").setScmAccounts(Lists.newArrayList(new String[]{"jn"})).setExternalIdentity(new ExternalIdentity("gihhub", "john")).build());
        this.expectedException.expect(BadRequestException.class);
        this.tester.newPostRequest("api/users", "change_password").setParam("login", "john").setParam("password", "Valar Morghulis").execute();
    }

    private void createUser() {
        this.userUpdater.create(NewUser.builder().setEmail("john@email.com").setLogin("john").setName("John").setScmAccounts(Lists.newArrayList(new String[]{"jn"})).setPassword("Valar Dohaeris").build());
    }
}
