package org.sonar.server.authentication;

import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.assertj.core.api.Assertions;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.mockito.ArgumentCaptor;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;
import org.sonar.api.platform.Server;
import org.sonar.api.server.authentication.OAuth2IdentityProvider;
import org.sonar.api.server.authentication.UserIdentity;
import org.sonar.db.user.UserDto;
import org.sonar.server.authentication.UserIdentityAuthenticatorParameters;
import org.sonar.server.user.TestUserSessionFactory;
import org.sonar.server.user.ThreadLocalUserSession;
import org.sonar.server.user.UserSession;

/* loaded from: input_file:org/sonar/server/authentication/OAuth2ContextFactoryTest.class */
public class OAuth2ContextFactoryTest {
    private static final String PROVIDER_KEY = "github";
    private static final String SECURED_PUBLIC_ROOT_URL = "https://mydomain.com";
    private static final String PROVIDER_NAME = "provider name";
    private static final UserIdentity USER_IDENTITY = UserIdentity.builder().setProviderId("ABCD").setProviderLogin("johndoo").setLogin("id:johndoo").setName("John").setEmail("john@email.com").build();

    @Rule
    public ExpectedException thrown = ExpectedException.none();
    private ThreadLocalUserSession threadLocalUserSession = (ThreadLocalUserSession) Mockito.mock(ThreadLocalUserSession.class);
    private TestUserIdentityAuthenticator userIdentityAuthenticator = new TestUserIdentityAuthenticator();
    private Server server = (Server) Mockito.mock(Server.class);
    private OAuthCsrfVerifier csrfVerifier = (OAuthCsrfVerifier) Mockito.mock(OAuthCsrfVerifier.class);
    private JwtHttpHandler jwtHttpHandler = (JwtHttpHandler) Mockito.mock(JwtHttpHandler.class);
    private TestUserSessionFactory userSessionFactory = TestUserSessionFactory.standalone();
    private OAuth2AuthenticationParameters oAuthParameters = (OAuth2AuthenticationParameters) Mockito.mock(OAuth2AuthenticationParameters.class);
    private HttpServletRequest request = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
    private HttpServletResponse response = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
    private HttpSession session = (HttpSession) Mockito.mock(HttpSession.class);
    private OAuth2IdentityProvider identityProvider = (OAuth2IdentityProvider) Mockito.mock(OAuth2IdentityProvider.class);
    private OAuth2ContextFactory underTest = new OAuth2ContextFactory(this.threadLocalUserSession, this.userIdentityAuthenticator, this.server, this.csrfVerifier, this.jwtHttpHandler, this.userSessionFactory, this.oAuthParameters);

    @Before
    public void setUp() throws Exception {
        Mockito.when(this.request.getSession()).thenReturn(this.session);
        Mockito.when(this.identityProvider.getKey()).thenReturn(PROVIDER_KEY);
        Mockito.when(this.identityProvider.getName()).thenReturn(PROVIDER_NAME);
    }

    @Test
    public void create_context() {
        Mockito.when(this.server.getPublicRootUrl()).thenReturn(SECURED_PUBLIC_ROOT_URL);
        OAuth2IdentityProvider.InitContext newInitContext = newInitContext();
        Assertions.assertThat(newInitContext.getRequest()).isEqualTo(this.request);
        Assertions.assertThat(newInitContext.getResponse()).isEqualTo(this.response);
        Assertions.assertThat(newInitContext.getCallbackUrl()).isEqualTo("https://mydomain.com/oauth2/callback/github");
    }

    @Test
    public void generate_csrf_state() {
        newInitContext().generateCsrfState();
        ((OAuthCsrfVerifier) Mockito.verify(this.csrfVerifier)).generateState(this.request, this.response);
    }

    @Test
    public void redirect_to() throws Exception {
        newInitContext().redirectTo("/test");
        ((HttpServletResponse) Mockito.verify(this.response)).sendRedirect("/test");
    }

    @Test
    public void create_callback() {
        Mockito.when(this.server.getPublicRootUrl()).thenReturn(SECURED_PUBLIC_ROOT_URL);
        OAuth2IdentityProvider.CallbackContext newCallbackContext = newCallbackContext();
        Assertions.assertThat(newCallbackContext.getRequest()).isEqualTo(this.request);
        Assertions.assertThat(newCallbackContext.getResponse()).isEqualTo(this.response);
        Assertions.assertThat(newCallbackContext.getCallbackUrl()).isEqualTo("https://mydomain.com/oauth2/callback/github");
    }

    @Test
    public void authenticate() {
        newCallbackContext().authenticate(USER_IDENTITY);
        Assertions.assertThat(this.userIdentityAuthenticator.isAuthenticated()).isTrue();
        ((ThreadLocalUserSession) Mockito.verify(this.threadLocalUserSession)).set((UserSession) ArgumentMatchers.any(UserSession.class));
        ArgumentCaptor forClass = ArgumentCaptor.forClass(UserDto.class);
        ((JwtHttpHandler) Mockito.verify(this.jwtHttpHandler)).generateToken((UserDto) forClass.capture(), (HttpServletRequest) ArgumentMatchers.eq(this.request), (HttpServletResponse) ArgumentMatchers.eq(this.response));
        Assertions.assertThat(((UserDto) forClass.getValue()).getLogin()).isEqualTo(USER_IDENTITY.getLogin());
        Assertions.assertThat(((UserDto) forClass.getValue()).getExternalId()).isEqualTo(USER_IDENTITY.getProviderId());
        Assertions.assertThat(((UserDto) forClass.getValue()).getExternalLogin()).isEqualTo(USER_IDENTITY.getProviderLogin());
        Assertions.assertThat(((UserDto) forClass.getValue()).getExternalIdentityProvider()).isEqualTo(PROVIDER_KEY);
    }

    @Test
    public void authenticate_with_allow_email_shift() {
        Mockito.when(this.oAuthParameters.getAllowEmailShift(this.request)).thenReturn(Optional.of(true));
        newCallbackContext().authenticate(USER_IDENTITY);
        Assertions.assertThat(this.userIdentityAuthenticator.isAuthenticated()).isTrue();
        Assertions.assertThat(this.userIdentityAuthenticator.getAuthenticatorParameters().getExistingEmailStrategy()).isEqualTo(UserIdentityAuthenticatorParameters.ExistingEmailStrategy.ALLOW);
    }

    @Test
    public void authenticate_without_email_shift() {
        Mockito.when(this.oAuthParameters.getAllowEmailShift(this.request)).thenReturn(Optional.of(false));
        newCallbackContext().authenticate(USER_IDENTITY);
        Assertions.assertThat(this.userIdentityAuthenticator.isAuthenticated()).isTrue();
        Assertions.assertThat(this.userIdentityAuthenticator.getAuthenticatorParameters().getExistingEmailStrategy()).isEqualTo(UserIdentityAuthenticatorParameters.ExistingEmailStrategy.WARN);
    }

    @Test
    public void authenticate_with_allow_login_update() {
        Mockito.when(this.oAuthParameters.getAllowUpdateLogin(this.request)).thenReturn(Optional.of(true));
        newCallbackContext().authenticate(USER_IDENTITY);
        Assertions.assertThat(this.userIdentityAuthenticator.isAuthenticated()).isTrue();
        Assertions.assertThat(this.userIdentityAuthenticator.getAuthenticatorParameters().getUpdateLoginStrategy()).isEqualTo(UserIdentityAuthenticatorParameters.UpdateLoginStrategy.ALLOW);
    }

    @Test
    public void authenticate_without_allowing_login_update() {
        Mockito.when(this.oAuthParameters.getAllowUpdateLogin(this.request)).thenReturn(Optional.of(false));
        newCallbackContext().authenticate(USER_IDENTITY);
        Assertions.assertThat(this.userIdentityAuthenticator.isAuthenticated()).isTrue();
        Assertions.assertThat(this.userIdentityAuthenticator.getAuthenticatorParameters().getUpdateLoginStrategy()).isEqualTo(UserIdentityAuthenticatorParameters.UpdateLoginStrategy.WARN);
    }

    @Test
    public void redirect_to_home() throws Exception {
        Mockito.when(this.server.getContextPath()).thenReturn("");
        Mockito.when(this.oAuthParameters.getReturnTo(this.request)).thenReturn(Optional.empty());
        newCallbackContext().redirectToRequestedPage();
        ((HttpServletResponse) Mockito.verify(this.response)).sendRedirect("/");
    }

    @Test
    public void redirect_to_home_with_context() throws Exception {
        Mockito.when(this.server.getContextPath()).thenReturn("/sonarqube");
        Mockito.when(this.oAuthParameters.getReturnTo(this.request)).thenReturn(Optional.empty());
        newCallbackContext().redirectToRequestedPage();
        ((HttpServletResponse) Mockito.verify(this.response)).sendRedirect("/sonarqube/");
    }

    @Test
    public void redirect_to_requested_page() throws Exception {
        Mockito.when(this.oAuthParameters.getReturnTo(this.request)).thenReturn(Optional.of("/settings"));
        Mockito.when(this.server.getContextPath()).thenReturn("");
        newCallbackContext().redirectToRequestedPage();
        ((HttpServletResponse) Mockito.verify(this.response)).sendRedirect("/settings");
    }

    @Test
    public void redirect_to_requested_page_does_not_need_context() throws Exception {
        Mockito.when(this.oAuthParameters.getReturnTo(this.request)).thenReturn(Optional.of("/sonarqube/settings"));
        Mockito.when(this.server.getContextPath()).thenReturn("/other");
        newCallbackContext().redirectToRequestedPage();
        ((HttpServletResponse) Mockito.verify(this.response)).sendRedirect("/sonarqube/settings");
    }

    @Test
    public void verify_csrf_state() {
        newCallbackContext().verifyCsrfState();
        ((OAuthCsrfVerifier) Mockito.verify(this.csrfVerifier)).verifyState(this.request, this.response, this.identityProvider);
    }

    @Test
    public void delete_oauth2_parameters_during_redirection() {
        Mockito.when(this.oAuthParameters.getReturnTo(this.request)).thenReturn(Optional.of("/settings"));
        Mockito.when(this.server.getContextPath()).thenReturn("");
        newCallbackContext().redirectToRequestedPage();
        ((OAuth2AuthenticationParameters) Mockito.verify(this.oAuthParameters)).delete((HttpServletRequest) ArgumentMatchers.eq(this.request), (HttpServletResponse) ArgumentMatchers.eq(this.response));
    }

    private OAuth2IdentityProvider.InitContext newInitContext() {
        return this.underTest.newContext(this.request, this.response, this.identityProvider);
    }

    private OAuth2IdentityProvider.CallbackContext newCallbackContext() {
        return this.underTest.newCallback(this.request, this.response, this.identityProvider);
    }
}
