package org.sonar.server.authentication;

import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.assertj.core.api.Assertions;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.mockito.ArgumentCaptor;
import org.mockito.Matchers;
import org.mockito.Mockito;
import org.sonar.api.config.internal.MapSettings;
import org.sonar.api.server.authentication.BaseIdentityProvider;
import org.sonar.api.utils.System2;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.DbTester;
import org.sonar.db.user.UserDto;
import org.sonar.db.user.UserTesting;
import org.sonar.server.authentication.event.AuthenticationEvent;
import org.sonar.server.authentication.event.AuthenticationException;
import org.sonar.server.user.TestUserSessionFactory;
import org.sonar.server.user.ThreadLocalUserSession;
import org.sonar.server.user.UserSession;

/* loaded from: input_file:org/sonar/server/authentication/UserSessionInitializerTest.class */
public class UserSessionInitializerTest {

    @Rule
    public DbTester dbTester = DbTester.create(System2.INSTANCE);
    private DbClient dbClient = this.dbTester.getDbClient();
    private DbSession dbSession = this.dbTester.getSession();
    private ThreadLocalUserSession userSession = (ThreadLocalUserSession) Mockito.mock(ThreadLocalUserSession.class);
    private HttpServletRequest request = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
    private HttpServletResponse response = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
    private Authenticators authenticators = (Authenticators) Mockito.mock(Authenticators.class);
    private AuthenticationEvent authenticationEvent = (AuthenticationEvent) Mockito.mock(AuthenticationEvent.class);
    private TestUserSessionFactory userSessionFactory = TestUserSessionFactory.standalone();
    private MapSettings settings = new MapSettings();
    private UserDto user = UserTesting.newUserDto();
    private UserSessionInitializer underTest = new UserSessionInitializer(this.settings.asConfig(), this.userSession, this.authenticationEvent, this.userSessionFactory, this.authenticators);

    @Before
    public void setUp() throws Exception {
        this.dbClient.userDao().insert(this.dbSession, this.user);
        this.dbSession.commit();
        Mockito.when(this.request.getContextPath()).thenReturn("");
        Mockito.when(this.request.getRequestURI()).thenReturn("/measures");
    }

    @Test
    public void check_urls() throws Exception {
        assertPathIsNotIgnored("/");
        assertPathIsNotIgnored("/foo");
        assertPathIsNotIgnored("/api/server_id/show");
        assertPathIsIgnored("/api/authentication/login");
        assertPathIsIgnored("/api/authentication/logout");
        assertPathIsIgnored("/api/authentication/validate");
        assertPathIsIgnored("/batch/index");
        assertPathIsIgnored("/batch/file");
        assertPathIsIgnored("/maintenance/index");
        assertPathIsIgnored("/setup/index");
        assertPathIsIgnored("/sessions/new");
        assertPathIsIgnored("/sessions/logout");
        assertPathIsIgnored("/sessions/unauthorized");
        assertPathIsIgnored("/oauth2/callback/github");
        assertPathIsIgnored("/oauth2/callback/foo");
        assertPathIsIgnored("/api/system/db_migration_status");
        assertPathIsIgnored("/api/system/status");
        assertPathIsIgnored("/api/system/migrate_db");
        assertPathIsIgnored("/api/server/version");
        assertPathIsIgnored("/api/users/identity_providers");
        assertPathIsIgnored("/api/l10n/index");
        assertPathIsIgnored("/css/style.css");
        assertPathIsIgnored("/fonts/font.ttf");
        assertPathIsIgnored("/images/logo.png");
        assertPathIsIgnored("/js/jquery.js");
    }

    @Test
    public void return_code_401_when_not_authenticated_and_with_force_authentication() throws Exception {
        ArgumentCaptor forClass = ArgumentCaptor.forClass(AuthenticationException.class);
        Mockito.when(Boolean.valueOf(this.userSession.isLoggedIn())).thenReturn(false);
        Mockito.when(this.authenticators.authenticate(this.request, this.response)).thenReturn(Optional.empty());
        this.settings.setProperty("sonar.forceAuthentication", true);
        Assertions.assertThat(this.underTest.initUserSession(this.request, this.response)).isTrue();
        Mockito.verifyZeroInteractions(new Object[]{this.response});
        ((AuthenticationEvent) Mockito.verify(this.authenticationEvent)).loginFailure((HttpServletRequest) Matchers.eq(this.request), (AuthenticationException) forClass.capture());
        Mockito.verifyZeroInteractions(new Object[]{this.userSession});
        AuthenticationException authenticationException = (AuthenticationException) forClass.getValue();
        Assertions.assertThat(authenticationException.getSource()).isEqualTo(AuthenticationEvent.Source.local(AuthenticationEvent.Method.BASIC));
        Assertions.assertThat(authenticationException.getLogin()).isNull();
        Assertions.assertThat(authenticationException.getMessage()).isEqualTo("User must be authenticated");
        Assertions.assertThat(authenticationException.getPublicMessage()).isNull();
    }

    @Test
    public void return_401_and_stop_on_ws() throws Exception {
        Mockito.when(this.request.getRequestURI()).thenReturn("/api/issues");
        AuthenticationException build = AuthenticationException.newBuilder().setSource(AuthenticationEvent.Source.jwt()).setMessage("Token id hasn't been found").build();
        ((Authenticators) Mockito.doThrow(build).when(this.authenticators)).authenticate(this.request, this.response);
        Assertions.assertThat(this.underTest.initUserSession(this.request, this.response)).isFalse();
        ((HttpServletResponse) Mockito.verify(this.response)).setStatus(401);
        ((AuthenticationEvent) Mockito.verify(this.authenticationEvent)).loginFailure(this.request, build);
        Mockito.verifyZeroInteractions(new Object[]{this.userSession});
    }

    @Test
    public void return_401_and_stop_on_batch_ws() throws Exception {
        Mockito.when(this.request.getRequestURI()).thenReturn("/batch/global");
        ((Authenticators) Mockito.doThrow(AuthenticationException.newBuilder().setSource(AuthenticationEvent.Source.jwt()).setMessage("Token id hasn't been found").build()).when(this.authenticators)).authenticate(this.request, this.response);
        Assertions.assertThat(this.underTest.initUserSession(this.request, this.response)).isFalse();
        ((HttpServletResponse) Mockito.verify(this.response)).setStatus(401);
        Mockito.verifyZeroInteractions(new Object[]{this.userSession});
    }

    @Test
    public void return_to_session_unauthorized_when_error_on_from_external_provider() throws Exception {
        ((Authenticators) Mockito.doThrow(AuthenticationException.newBuilder().setSource(AuthenticationEvent.Source.external(newBasicIdentityProvider("failing"))).setPublicMessage("Token id hasn't been found").build()).when(this.authenticators)).authenticate(this.request, this.response);
        Assertions.assertThat(this.underTest.initUserSession(this.request, this.response)).isFalse();
        ((HttpServletResponse) Mockito.verify(this.response)).sendRedirect("/sessions/unauthorized?message=Token+id+hasn%27t+been+found");
    }

    @Test
    public void return_to_session_unauthorized_when_error_on_from_external_provider_with_context_path() throws Exception {
        Mockito.when(this.request.getContextPath()).thenReturn("/sonarqube");
        ((Authenticators) Mockito.doThrow(AuthenticationException.newBuilder().setSource(AuthenticationEvent.Source.external(newBasicIdentityProvider("failing"))).setPublicMessage("Token id hasn't been found").build()).when(this.authenticators)).authenticate(this.request, this.response);
        Assertions.assertThat(this.underTest.initUserSession(this.request, this.response)).isFalse();
        ((HttpServletResponse) Mockito.verify(this.response)).sendRedirect("/sonarqube/sessions/unauthorized?message=Token+id+hasn%27t+been+found");
    }

    private void assertPathIsIgnored(String str) {
        Mockito.when(this.request.getRequestURI()).thenReturn(str);
        Assertions.assertThat(this.underTest.initUserSession(this.request, this.response)).isTrue();
        Mockito.verifyZeroInteractions(new Object[]{this.userSession, this.authenticators});
        Mockito.reset(new Object[]{this.userSession, this.authenticators});
    }

    private void assertPathIsNotIgnored(String str) {
        Mockito.when(this.request.getRequestURI()).thenReturn(str);
        Mockito.when(this.authenticators.authenticate(this.request, this.response)).thenReturn(Optional.of(this.user));
        Assertions.assertThat(this.underTest.initUserSession(this.request, this.response)).isTrue();
        ((ThreadLocalUserSession) Mockito.verify(this.userSession)).set((UserSession) Matchers.any(UserSession.class));
        Mockito.reset(new Object[]{this.userSession, this.authenticators});
    }

    private static BaseIdentityProvider newBasicIdentityProvider(String str) {
        BaseIdentityProvider baseIdentityProvider = (BaseIdentityProvider) Mockito.mock(BaseIdentityProvider.class);
        Mockito.when(baseIdentityProvider.getName()).thenReturn(str);
        return baseIdentityProvider;
    }
}
