package org.sonar.server.authentication;

import javax.servlet.FilterChain;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.assertj.core.api.Assertions;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.mockito.ArgumentCaptor;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;
import org.sonar.api.platform.Server;
import org.sonar.api.server.authentication.OAuth2IdentityProvider;
import org.sonar.api.server.authentication.UnauthorizedException;
import org.sonar.api.server.authentication.UserIdentity;
import org.sonar.api.utils.log.LogTester;
import org.sonar.api.utils.log.LoggerLevel;
import org.sonar.db.user.UserDto;
import org.sonar.db.user.UserTesting;
import org.sonar.server.authentication.event.AuthenticationEvent;
import org.sonar.server.authentication.event.AuthenticationException;
import org.sonar.server.authentication.exception.EmailAlreadyExistsRedirectionException;

/* loaded from: input_file:org/sonar/server/authentication/OAuth2CallbackFilterTest.class */
public class OAuth2CallbackFilterTest {
    private static final String OAUTH2_PROVIDER_KEY = "github";
    private static final String LOGIN = "foo";

    @Rule
    public LogTester logTester = new LogTester();

    @Rule
    public ExpectedException thrown = ExpectedException.none();

    @Rule
    public IdentityProviderRepositoryRule identityProviderRepository = new IdentityProviderRepositoryRule();
    private OAuth2ContextFactory oAuth2ContextFactory = (OAuth2ContextFactory) Mockito.mock(OAuth2ContextFactory.class);
    private HttpServletRequest request = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
    private HttpServletResponse response = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
    private Server server = (Server) Mockito.mock(Server.class);
    private FilterChain chain = (FilterChain) Mockito.mock(FilterChain.class);
    private FakeOAuth2IdentityProvider oAuth2IdentityProvider = new WellbehaveFakeOAuth2IdentityProvider(OAUTH2_PROVIDER_KEY, true, "foo");
    private AuthenticationEvent authenticationEvent = (AuthenticationEvent) Mockito.mock(AuthenticationEvent.class);
    private OAuth2AuthenticationParameters oAuthRedirection = (OAuth2AuthenticationParameters) Mockito.mock(OAuth2AuthenticationParameters.class);
    private ArgumentCaptor<AuthenticationException> authenticationExceptionCaptor = ArgumentCaptor.forClass(AuthenticationException.class);
    private OAuth2CallbackFilter underTest = new OAuth2CallbackFilter(this.identityProviderRepository, this.oAuth2ContextFactory, this.server, this.authenticationEvent, this.oAuthRedirection);

    /* loaded from: input_file:org/sonar/server/authentication/OAuth2CallbackFilterTest$FailWithEmailAlreadyExistException.class */
    private static class FailWithEmailAlreadyExistException extends FailingIdentityProvider {
        private final UserDto existingUser;

        public FailWithEmailAlreadyExistException(UserDto userDto) {
            this.existingUser = userDto;
        }

        public void callback(OAuth2IdentityProvider.CallbackContext callbackContext) {
            throw new EmailAlreadyExistsRedirectionException(this.existingUser.getEmail(), this.existingUser, UserIdentity.builder().setProviderLogin("john.github").setLogin("john.github").setName(this.existingUser.getName()).setEmail(this.existingUser.getEmail()).build(), this);
        }
    }

    /* loaded from: input_file:org/sonar/server/authentication/OAuth2CallbackFilterTest$FailWithIllegalStateException.class */
    private static class FailWithIllegalStateException extends FailingIdentityProvider {
        private FailWithIllegalStateException() {
        }

        public void callback(OAuth2IdentityProvider.CallbackContext callbackContext) {
            throw new IllegalStateException("Failure !");
        }
    }

    /* loaded from: input_file:org/sonar/server/authentication/OAuth2CallbackFilterTest$FailWithUnauthorizedExceptionIdProvider.class */
    private static class FailWithUnauthorizedExceptionIdProvider extends FailingIdentityProvider {
        private FailWithUnauthorizedExceptionIdProvider() {
        }

        public void callback(OAuth2IdentityProvider.CallbackContext callbackContext) {
            throw new UnauthorizedException("Email john@email.com is already used");
        }
    }

    /* loaded from: input_file:org/sonar/server/authentication/OAuth2CallbackFilterTest$FailingIdentityProvider.class */
    private static abstract class FailingIdentityProvider extends TestIdentityProvider implements OAuth2IdentityProvider {
        FailingIdentityProvider() {
            setKey("failing");
            setName("Failing");
            setEnabled(true);
        }

        public void init(OAuth2IdentityProvider.InitContext initContext) {
        }
    }

    /* loaded from: input_file:org/sonar/server/authentication/OAuth2CallbackFilterTest$WellbehaveFakeOAuth2IdentityProvider.class */
    private static class WellbehaveFakeOAuth2IdentityProvider extends FakeOAuth2IdentityProvider {
        private final String login;

        public WellbehaveFakeOAuth2IdentityProvider(String str, boolean z, String str2) {
            super(str, z);
            this.login = str2;
        }

        @Override // org.sonar.server.authentication.FakeOAuth2IdentityProvider
        public void callback(OAuth2IdentityProvider.CallbackContext callbackContext) {
            super.callback(callbackContext);
            callbackContext.authenticate(UserIdentity.builder().setLogin(this.login).setProviderLogin(this.login).setEmail(this.login + "@toto.com").setName("name of " + this.login).build());
        }
    }

    @Before
    public void setUp() throws Exception {
        Mockito.when(this.oAuth2ContextFactory.newCallback(this.request, this.response, this.oAuth2IdentityProvider)).thenReturn(Mockito.mock(OAuth2IdentityProvider.CallbackContext.class));
        Mockito.when(this.server.getContextPath()).thenReturn("");
    }

    @Test
    public void do_get_pattern() {
        Assertions.assertThat(this.underTest.doGetPattern()).isNotNull();
    }

    @Test
    public void do_filter_with_context() {
        Mockito.when(this.server.getContextPath()).thenReturn("/sonarqube");
        Mockito.when(this.request.getRequestURI()).thenReturn("/sonarqube/oauth2/callback/github");
        this.identityProviderRepository.addIdentityProvider(this.oAuth2IdentityProvider);
        this.underTest.doFilter(this.request, this.response, this.chain);
        assertCallbackCalled(this.oAuth2IdentityProvider);
        ((AuthenticationEvent) Mockito.verify(this.authenticationEvent)).loginSuccess(this.request, "foo", AuthenticationEvent.Source.oauth2(this.oAuth2IdentityProvider));
    }

    @Test
    public void do_filter_with_context_no_log_if_provider_did_not_call_authenticate_on_context() {
        Mockito.when(this.server.getContextPath()).thenReturn("/sonarqube");
        Mockito.when(this.request.getRequestURI()).thenReturn("/sonarqube/oauth2/callback/github");
        FakeOAuth2IdentityProvider fakeOAuth2IdentityProvider = new FakeOAuth2IdentityProvider(OAUTH2_PROVIDER_KEY, true);
        this.identityProviderRepository.addIdentityProvider(fakeOAuth2IdentityProvider);
        this.underTest.doFilter(this.request, this.response, this.chain);
        assertCallbackCalled(fakeOAuth2IdentityProvider);
        ((AuthenticationEvent) Mockito.verify(this.authenticationEvent)).loginFailure((HttpServletRequest) ArgumentMatchers.eq(this.request), (AuthenticationException) this.authenticationExceptionCaptor.capture());
        AuthenticationException authenticationException = (AuthenticationException) this.authenticationExceptionCaptor.getValue();
        Assertions.assertThat(authenticationException).hasMessage("Plugin did not call authenticate");
        Assertions.assertThat(authenticationException.getSource()).isEqualTo(AuthenticationEvent.Source.oauth2(fakeOAuth2IdentityProvider));
        Assertions.assertThat(authenticationException.getLogin()).isNull();
        Assertions.assertThat(authenticationException.getPublicMessage()).isNull();
    }

    @Test
    public void do_filter_on_auth2_identity_provider() {
        Mockito.when(this.request.getRequestURI()).thenReturn("/oauth2/callback/github");
        this.identityProviderRepository.addIdentityProvider(this.oAuth2IdentityProvider);
        this.underTest.doFilter(this.request, this.response, this.chain);
        assertCallbackCalled(this.oAuth2IdentityProvider);
        ((AuthenticationEvent) Mockito.verify(this.authenticationEvent)).loginSuccess(this.request, "foo", AuthenticationEvent.Source.oauth2(this.oAuth2IdentityProvider));
    }

    @Test
    public void fail_on_not_oauth2_provider() throws Exception {
        Mockito.when(this.request.getRequestURI()).thenReturn("/oauth2/callback/openid");
        this.identityProviderRepository.addIdentityProvider(new FakeBasicIdentityProvider("openid", true));
        this.underTest.doFilter(this.request, this.response, this.chain);
        assertError("Not an OAuth2IdentityProvider: class org.sonar.server.authentication.FakeBasicIdentityProvider");
        Mockito.verifyZeroInteractions(new Object[]{this.authenticationEvent});
    }

    @Test
    public void fail_on_disabled_provider() throws Exception {
        Mockito.when(this.request.getRequestURI()).thenReturn("/oauth2/callback/github");
        this.identityProviderRepository.addIdentityProvider(new FakeOAuth2IdentityProvider(OAUTH2_PROVIDER_KEY, false));
        this.underTest.doFilter(this.request, this.response, this.chain);
        assertError("Failed to retrieve IdentityProvider for key 'github'");
        Mockito.verifyZeroInteractions(new Object[]{this.authenticationEvent});
    }

    @Test
    public void redirect_when_failing_because_of_UnauthorizedExceptionException() throws Exception {
        FailWithUnauthorizedExceptionIdProvider failWithUnauthorizedExceptionIdProvider = new FailWithUnauthorizedExceptionIdProvider();
        Mockito.when(this.request.getRequestURI()).thenReturn("/oauth2/callback/" + failWithUnauthorizedExceptionIdProvider.getKey());
        this.identityProviderRepository.addIdentityProvider(failWithUnauthorizedExceptionIdProvider);
        this.underTest.doFilter(this.request, this.response, this.chain);
        ((HttpServletResponse) Mockito.verify(this.response)).sendRedirect("/sessions/unauthorized?message=Email+john%40email.com+is+already+used");
        ((AuthenticationEvent) Mockito.verify(this.authenticationEvent)).loginFailure((HttpServletRequest) ArgumentMatchers.eq(this.request), (AuthenticationException) this.authenticationExceptionCaptor.capture());
        AuthenticationException authenticationException = (AuthenticationException) this.authenticationExceptionCaptor.getValue();
        Assertions.assertThat(authenticationException).hasMessage("Email john@email.com is already used");
        Assertions.assertThat(authenticationException.getSource()).isEqualTo(AuthenticationEvent.Source.oauth2(failWithUnauthorizedExceptionIdProvider));
        Assertions.assertThat(authenticationException.getLogin()).isNull();
        Assertions.assertThat(authenticationException.getPublicMessage()).isEqualTo("Email john@email.com is already used");
        ((OAuth2AuthenticationParameters) Mockito.verify(this.oAuthRedirection)).delete((HttpServletRequest) ArgumentMatchers.eq(this.request), (HttpServletResponse) ArgumentMatchers.eq(this.response));
    }

    @Test
    public void redirect_with_context_path_when_failing_because_of_UnauthorizedExceptionException() throws Exception {
        Mockito.when(this.server.getContextPath()).thenReturn("/sonarqube");
        FailWithUnauthorizedExceptionIdProvider failWithUnauthorizedExceptionIdProvider = new FailWithUnauthorizedExceptionIdProvider();
        Mockito.when(this.request.getRequestURI()).thenReturn("/sonarqube/oauth2/callback/" + failWithUnauthorizedExceptionIdProvider.getKey());
        this.identityProviderRepository.addIdentityProvider(failWithUnauthorizedExceptionIdProvider);
        this.underTest.doFilter(this.request, this.response, this.chain);
        ((HttpServletResponse) Mockito.verify(this.response)).sendRedirect("/sonarqube/sessions/unauthorized?message=Email+john%40email.com+is+already+used");
        ((OAuth2AuthenticationParameters) Mockito.verify(this.oAuthRedirection)).delete((HttpServletRequest) ArgumentMatchers.eq(this.request), (HttpServletResponse) ArgumentMatchers.eq(this.response));
    }

    @Test
    public void redirect_when_failing_because_of_Exception() throws Exception {
        FailWithIllegalStateException failWithIllegalStateException = new FailWithIllegalStateException();
        Mockito.when(this.request.getRequestURI()).thenReturn("/oauth2/callback/" + failWithIllegalStateException.getKey());
        this.identityProviderRepository.addIdentityProvider(failWithIllegalStateException);
        this.underTest.doFilter(this.request, this.response, this.chain);
        ((HttpServletResponse) Mockito.verify(this.response)).sendRedirect("/sessions/unauthorized");
        Assertions.assertThat(this.logTester.logs(LoggerLevel.ERROR)).containsExactlyInAnyOrder(new String[]{"Fail to callback authentication with 'failing'"});
        ((OAuth2AuthenticationParameters) Mockito.verify(this.oAuthRedirection)).delete((HttpServletRequest) ArgumentMatchers.eq(this.request), (HttpServletResponse) ArgumentMatchers.eq(this.response));
    }

    @Test
    public void redirect_when_failing_because_of_EmailAlreadyExistException() throws Exception {
        FailWithEmailAlreadyExistException failWithEmailAlreadyExistException = new FailWithEmailAlreadyExistException(UserTesting.newUserDto().setEmail("john@email.com").setExternalLogin("john.bitbucket").setExternalIdentityProvider("bitbucket"));
        Mockito.when(this.request.getRequestURI()).thenReturn("/oauth2/callback/" + failWithEmailAlreadyExistException.getKey());
        this.identityProviderRepository.addIdentityProvider(failWithEmailAlreadyExistException);
        this.underTest.doFilter(this.request, this.response, this.chain);
        ((HttpServletResponse) Mockito.verify(this.response)).sendRedirect("/sessions/email_already_exists?email=john%40email.com&login=john.github&provider=failing&existingLogin=john.bitbucket&existingProvider=bitbucket");
        ((OAuth2AuthenticationParameters) Mockito.verify(this.oAuthRedirection)).delete((HttpServletRequest) ArgumentMatchers.eq(this.request), (HttpServletResponse) ArgumentMatchers.eq(this.response));
    }

    @Test
    public void fail_when_no_oauth2_provider_provided() throws Exception {
        Mockito.when(this.request.getRequestURI()).thenReturn("/oauth2/callback");
        this.underTest.doFilter(this.request, this.response, this.chain);
        assertError("No provider key found in URI");
        Mockito.verifyZeroInteractions(new Object[]{this.authenticationEvent});
    }

    private void assertCallbackCalled(FakeOAuth2IdentityProvider fakeOAuth2IdentityProvider) {
        Assertions.assertThat(this.logTester.logs(LoggerLevel.ERROR)).isEmpty();
        Assertions.assertThat(fakeOAuth2IdentityProvider.isCallbackCalled()).isTrue();
    }

    private void assertError(String str) throws Exception {
        Assertions.assertThat(this.logTester.logs(LoggerLevel.ERROR)).contains(new String[]{str});
        ((HttpServletResponse) Mockito.verify(this.response)).sendRedirect("/sessions/unauthorized");
        Assertions.assertThat(this.oAuth2IdentityProvider.isInitCalled()).isFalse();
    }
}
