package org.sonar.server.authentication.ws;

import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.assertj.core.api.Assertions;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.mockito.Matchers;
import org.mockito.Mockito;
import org.sonar.api.utils.System2;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.DbTester;
import org.sonar.db.user.UserDto;
import org.sonar.db.user.UserTesting;
import org.sonar.server.authentication.CredentialsAuthenticator;
import org.sonar.server.authentication.JwtHttpHandler;
import org.sonar.server.authentication.event.AuthenticationEvent;
import org.sonar.server.authentication.event.AuthenticationException;
import org.sonar.server.exceptions.UnauthorizedException;
import org.sonar.server.user.TestUserSessionFactory;
import org.sonar.server.user.ThreadLocalUserSession;

/* loaded from: input_file:org/sonar/server/authentication/ws/LoginActionTest.class */
public class LoginActionTest {
    private static final String LOGIN = "LOGIN";
    private static final String PASSWORD = "PASSWORD";

    @Rule
    public DbTester dbTester = DbTester.create(System2.INSTANCE);
    private DbClient dbClient = this.dbTester.getDbClient();
    private DbSession dbSession = this.dbTester.getSession();
    private ThreadLocalUserSession threadLocalUserSession = new ThreadLocalUserSession();
    private HttpServletRequest request = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
    private HttpServletResponse response = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
    private FilterChain chain = (FilterChain) Mockito.mock(FilterChain.class);
    private CredentialsAuthenticator credentialsAuthenticator = (CredentialsAuthenticator) Mockito.mock(CredentialsAuthenticator.class);
    private JwtHttpHandler jwtHttpHandler = (JwtHttpHandler) Mockito.mock(JwtHttpHandler.class);
    private AuthenticationEvent authenticationEvent = (AuthenticationEvent) Mockito.mock(AuthenticationEvent.class);
    private TestUserSessionFactory userSessionFactory = TestUserSessionFactory.standalone();
    private UserDto user = UserTesting.newUserDto().setLogin(LOGIN);
    private LoginAction underTest = new LoginAction(this.credentialsAuthenticator, this.jwtHttpHandler, this.threadLocalUserSession, this.authenticationEvent, this.userSessionFactory);

    @Before
    public void setUp() throws Exception {
        this.threadLocalUserSession.unload();
        this.dbClient.userDao().insert(this.dbSession, this.user);
        this.dbSession.commit();
    }

    @Test
    public void do_get_pattern() throws Exception {
        Assertions.assertThat(this.underTest.doGetPattern().matches("/api/authentication/login")).isTrue();
        Assertions.assertThat(this.underTest.doGetPattern().matches("/api/authentication/logout")).isFalse();
        Assertions.assertThat(this.underTest.doGetPattern().matches("/foo")).isFalse();
    }

    @Test
    public void do_authenticate() throws Exception {
        Mockito.when(this.credentialsAuthenticator.authenticate(LOGIN, PASSWORD, this.request, AuthenticationEvent.Method.FORM)).thenReturn(this.user);
        executeRequest(LOGIN, PASSWORD);
        Assertions.assertThat(this.threadLocalUserSession.isLoggedIn()).isTrue();
        ((CredentialsAuthenticator) Mockito.verify(this.credentialsAuthenticator)).authenticate(LOGIN, PASSWORD, this.request, AuthenticationEvent.Method.FORM);
        ((JwtHttpHandler) Mockito.verify(this.jwtHttpHandler)).generateToken(this.user, this.request, this.response);
        Mockito.verifyZeroInteractions(new Object[]{this.chain});
        Mockito.verifyZeroInteractions(new Object[]{this.authenticationEvent});
    }

    @Test
    public void ignore_get_request() throws Exception {
        Mockito.when(this.request.getMethod()).thenReturn("GET");
        this.underTest.doFilter(this.request, this.response, this.chain);
        Mockito.verifyZeroInteractions(new Object[]{this.credentialsAuthenticator, this.jwtHttpHandler, this.chain});
        Mockito.verifyZeroInteractions(new Object[]{this.authenticationEvent});
    }

    @Test
    public void return_authorized_code_when_unauthorized_exception_is_thrown() throws Exception {
        ((CredentialsAuthenticator) Mockito.doThrow(new UnauthorizedException("error !")).when(this.credentialsAuthenticator)).authenticate(LOGIN, PASSWORD, this.request, AuthenticationEvent.Method.FORM);
        executeRequest(LOGIN, PASSWORD);
        ((HttpServletResponse) Mockito.verify(this.response)).setStatus(401);
        Assertions.assertThat(this.threadLocalUserSession.hasSession()).isFalse();
        Mockito.verifyZeroInteractions(new Object[]{this.authenticationEvent});
    }

    @Test
    public void return_unauthorized_code_when_no_login() throws Exception {
        executeRequest(null, PASSWORD);
        ((HttpServletResponse) Mockito.verify(this.response)).setStatus(401);
        ((AuthenticationEvent) Mockito.verify(this.authenticationEvent)).loginFailure((HttpServletRequest) Matchers.eq(this.request), (AuthenticationException) Matchers.any(AuthenticationException.class));
    }

    @Test
    public void return_unauthorized_code_when_empty_login() throws Exception {
        executeRequest("", PASSWORD);
        ((HttpServletResponse) Mockito.verify(this.response)).setStatus(401);
        ((AuthenticationEvent) Mockito.verify(this.authenticationEvent)).loginFailure((HttpServletRequest) Matchers.eq(this.request), (AuthenticationException) Matchers.any(AuthenticationException.class));
    }

    @Test
    public void return_unauthorized_code_when_no_password() throws Exception {
        executeRequest(LOGIN, null);
        ((HttpServletResponse) Mockito.verify(this.response)).setStatus(401);
        ((AuthenticationEvent) Mockito.verify(this.authenticationEvent)).loginFailure((HttpServletRequest) Matchers.eq(this.request), (AuthenticationException) Matchers.any(AuthenticationException.class));
    }

    @Test
    public void return_unauthorized_code_when_empty_password() throws Exception {
        executeRequest(LOGIN, "");
        ((HttpServletResponse) Mockito.verify(this.response)).setStatus(401);
        ((AuthenticationEvent) Mockito.verify(this.authenticationEvent)).loginFailure((HttpServletRequest) Matchers.eq(this.request), (AuthenticationException) Matchers.any(AuthenticationException.class));
    }

    private void executeRequest(String str, String str2) throws IOException, ServletException {
        Mockito.when(this.request.getMethod()).thenReturn("POST");
        Mockito.when(this.request.getParameter("login")).thenReturn(str);
        Mockito.when(this.request.getParameter("password")).thenReturn(str2);
        this.underTest.doFilter(this.request, this.response, this.chain);
    }
}
