package com.atlassian.pats.web.filter;

import com.atlassian.pats.api.TokenAuthenticationService;
import com.atlassian.pats.checker.ProductUserProvider;
import com.atlassian.pats.db.TokenDTO;
import com.atlassian.pats.helper.TestHelper;
import com.atlassian.sal.api.auth.AuthenticationListener;
import com.atlassian.sal.api.auth.Authenticator;
import com.atlassian.sal.api.message.I18nResolver;
import com.atlassian.sal.api.permission.AuthorisationException;
import com.atlassian.sal.api.user.UserKey;
import java.io.IOException;
import java.io.Serializable;
import java.time.Clock;
import java.time.Instant;
import java.time.ZoneId;
import java.util.Map;
import java.util.Optional;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.assertj.core.api.Assertions;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.contrib.java.lang.system.RestoreSystemProperties;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;

/* loaded from: input_file:com/atlassian/pats/web/filter/TokenBasedAuthenticationFilterTest.class */
public class TokenBasedAuthenticationFilterTest {
    private static final Instant FIXED_INSTANT = Instant.ofEpochMilli(0);
    private TokenBasedAuthenticationFilter target;
    private final FilterChain filterChain = (FilterChain) Mockito.mock(FilterChain.class);
    private final HttpServletRequest request = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
    private final HttpServletResponse response = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
    private final AuthenticationListener authenticationListener = (AuthenticationListener) Mockito.mock(AuthenticationListener.class);
    private final TokenAuthenticationService tokenAuthenticationService = (TokenAuthenticationService) Mockito.mock(TokenAuthenticationService.class);
    private final I18nResolver i18nResolver = (I18nResolver) Mockito.mock(I18nResolver.class);
    private final HttpSession httpSession = (HttpSession) Mockito.mock(HttpSession.class);
    private final ProductUserProvider productUserProvider = (ProductUserProvider) Mockito.mock(ProductUserProvider.class);
    private final Clock clock = Clock.fixed(FIXED_INSTANT, ZoneId.of("UTC"));
    private final LastAccessedTimeBatcher collector = new LastAccessedTimeBatcher();
    private final Long tokenId = 12345L;

    @Rule
    public final RestoreSystemProperties restoreSystemProperties = new RestoreSystemProperties();

    @Before
    public void beforeTest() {
        System.setProperty("atlassian.pats.enabled", "true");
        Mockito.when(this.i18nResolver.createMessage((String) ArgumentMatchers.any(), new Serializable[0])).thenReturn(TestHelper.createMessage());
        this.target = new TokenBasedAuthenticationFilter(this.authenticationListener, this.i18nResolver, this.clock, this.collector, this.tokenAuthenticationService, this.productUserProvider);
    }

    @Test
    public void shouldNotAuthenticateRequestWithMissingToken() throws IOException, ServletException {
        Mockito.when(this.request.getSession(ArgumentMatchers.anyBoolean())).thenReturn(this.httpSession);
        Mockito.when(this.request.getHeader("Authorization")).thenReturn("Bearer ");
        this.target.doFilter(this.request, this.response, this.filterChain);
        ((FilterChain) Mockito.verify(this.filterChain)).doFilter((ServletRequest) ArgumentMatchers.any(), (ServletResponse) ArgumentMatchers.any());
        verifyWebSudoAttributeNotSet();
        Mockito.verifyZeroInteractions(new Object[]{this.authenticationListener});
    }

    @Test
    public void shouldNotAuthenticateBasicAuthRequest() throws IOException, ServletException {
        Mockito.when(this.request.getSession(ArgumentMatchers.anyBoolean())).thenReturn(this.httpSession);
        Mockito.when(this.request.getHeader("Authorization")).thenReturn("Basic YWRtaW46YWRtaW4=");
        this.target.doFilter(this.request, this.response, this.filterChain);
        ((FilterChain) Mockito.verify(this.filterChain)).doFilter((ServletRequest) ArgumentMatchers.any(), (ServletResponse) ArgumentMatchers.any());
        verifyWebSudoAttributeNotSet();
        Mockito.verifyZeroInteractions(new Object[]{this.authenticationListener});
    }

    @Test
    public void shouldNotAuthenticateRequestWithBlankAuthorizationHeader() throws IOException, ServletException {
        Mockito.when(this.request.getHeader("Authorization")).thenReturn(" ");
        this.target.doFilter(this.request, this.response, this.filterChain);
        ((FilterChain) Mockito.verify(this.filterChain)).doFilter((ServletRequest) ArgumentMatchers.any(), (ServletResponse) ArgumentMatchers.any());
        verifyWebSudoAttributeNotSet();
        Mockito.verifyZeroInteractions(new Object[]{this.authenticationListener});
    }

    @Test
    public void shouldNotAuthenticateRequestWithNoAuthorizationHeader() throws IOException, ServletException {
        Mockito.when(this.request.getHeader("Authorization")).thenReturn((Object) null);
        this.target.doFilter(this.request, this.response, this.filterChain);
        ((FilterChain) Mockito.verify(this.filterChain)).doFilter((ServletRequest) ArgumentMatchers.any(), (ServletResponse) ArgumentMatchers.any());
        verifyWebSudoAttributeNotSet();
        Mockito.verifyZeroInteractions(new Object[]{this.authenticationListener});
    }

    @Test
    public void shouldAuthenticateRequest() throws Exception {
        Mockito.when(this.request.getSession(ArgumentMatchers.anyBoolean())).thenReturn(this.httpSession);
        Mockito.when(this.request.getHeader("Authorization")).thenReturn("      Bearer         YWRtaW46YWRtaW4=           ");
        Mockito.when(this.tokenAuthenticationService.authenticate("YWRtaW46YWRtaW4=")).thenReturn(authenticatedToken());
        ((ProductUserProvider) Mockito.doReturn(Optional.of(TestHelper.createPrincipal())).when(this.productUserProvider)).getActiveUserByKey((UserKey) ArgumentMatchers.any(UserKey.class));
        this.target.doFilter(this.request, this.response, this.filterChain);
        ((AuthenticationListener) Mockito.verify(this.authenticationListener)).authenticationSuccess((Authenticator.Result) ArgumentMatchers.any(Authenticator.Result.Success.class), (HttpServletRequest) ArgumentMatchers.any(), (HttpServletResponse) ArgumentMatchers.any());
        Assertions.assertThat(this.collector.collect()).containsOnly(new Map.Entry[]{Assertions.entry(this.tokenId, FIXED_INSTANT)});
        ((FilterChain) Mockito.verify(this.filterChain)).doFilter((ServletRequest) ArgumentMatchers.any(), (ServletResponse) ArgumentMatchers.any());
        ((HttpServletRequest) Mockito.verify(this.request)).setAttribute("access.token.request", true);
    }

    private TokenDTO authenticatedToken() {
        TokenDTO createToken = TestHelper.createToken();
        createToken.setId(this.tokenId);
        return createToken;
    }

    @Test
    public void shouldNotBlockWhenFailingToFindUser() throws Exception {
        Mockito.when(this.request.getSession(ArgumentMatchers.anyBoolean())).thenReturn(this.httpSession);
        Mockito.when(this.request.getHeader("Authorization")).thenReturn("      Bearer         YWRtaW46YWRtaW4=           ");
        Mockito.when(this.tokenAuthenticationService.authenticate("YWRtaW46YWRtaW4=")).thenReturn(authenticatedToken());
        ((ProductUserProvider) Mockito.doReturn(Optional.empty()).when(this.productUserProvider)).getActiveUserByKey((UserKey) ArgumentMatchers.any(UserKey.class));
        this.target.doFilter(this.request, this.response, this.filterChain);
        ((FilterChain) Mockito.verify(this.filterChain)).doFilter((ServletRequest) ArgumentMatchers.any(), (ServletResponse) ArgumentMatchers.any());
        verifyWebSudoAttributeNotSet();
        Mockito.verifyZeroInteractions(new Object[]{this.authenticationListener});
    }

    @Test
    public void shouldNotAuthenticateRequestWhenFeatureDisabled() throws Exception {
        System.setProperty("atlassian.pats.enabled", "false");
        this.target.doFilter(this.request, this.response, this.filterChain);
        ((FilterChain) Mockito.verify(this.filterChain)).doFilter((ServletRequest) ArgumentMatchers.any(), (ServletResponse) ArgumentMatchers.any());
        verifyWebSudoAttributeNotSet();
        Mockito.verifyZeroInteractions(new Object[]{this.authenticationListener});
    }

    @Test
    public void shouldLogoutWhenAuthenticationFails() throws IOException, ServletException {
        Mockito.when(this.request.getSession(ArgumentMatchers.anyBoolean())).thenReturn(this.httpSession);
        Mockito.when(this.request.getHeader("Authorization")).thenReturn("Bearer 123");
        Mockito.when(this.tokenAuthenticationService.authenticate("123")).thenThrow(new Throwable[]{new AuthorisationException("Authentication fails")});
        this.target.doFilter(this.request, this.response, this.filterChain);
        Mockito.verifyZeroInteractions(new Object[]{this.authenticationListener});
        Mockito.verifyZeroInteractions(new Object[]{this.productUserProvider});
        verifyWebSudoAttributeNotSet();
        Mockito.verifyNoMoreInteractions(new Object[]{this.httpSession});
    }

    private void verifyWebSudoAttributeNotSet() {
        ((HttpServletRequest) Mockito.verify(this.request, Mockito.never())).setAttribute((String) ArgumentMatchers.eq("access.token.request"), ArgumentMatchers.any());
    }
}
