package it.rest.com.atlassian.confluence.plugins.synchrony;

import com.atlassian.confluence.api.model.content.Content;
import com.atlassian.confluence.api.model.content.Space;
import com.atlassian.confluence.rest.client.authentication.AuthenticatedWebResourceProvider;
import com.atlassian.confluence.test.api.model.person.UserWithDetails;
import com.atlassian.confluence.test.properties.TestProperties;
import com.atlassian.confluence.test.rpc.api.ConfluenceRpcClient;
import com.atlassian.confluence.test.rpc.api.permissions.SpacePermission;
import com.atlassian.confluence.test.stateless.ConfluenceStatelessRestTestRunner;
import com.atlassian.confluence.test.stateless.fixtures.Fixture;
import com.atlassian.confluence.test.stateless.fixtures.PageFixture;
import com.atlassian.confluence.test.stateless.fixtures.SpaceFixture;
import com.atlassian.confluence.test.stateless.fixtures.UserFixture;
import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.api.client.WebResource;
import javax.annotation.Nullable;
import javax.inject.Inject;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;

@RunWith(ConfluenceStatelessRestTestRunner.class)
/* loaded from: input_file:it/rest/com/atlassian/confluence/plugins/synchrony/SynchronyTokenResourceStatelessRestTest.class */
public class SynchronyTokenResourceStatelessRestTest {

    @Inject
    private static ConfluenceRpcClient rpc;

    @Inject
    private static AuthenticatedWebResourceProvider restClientProvider;

    @Fixture
    private static UserFixture fullPermissionUser = UserFixture.userFixture().existingGroup(TestProperties.DEFAULT_USERS_GROUP).build();

    @Fixture
    private static UserFixture editPermissionUser = UserFixture.userFixture().existingGroup(TestProperties.DEFAULT_USERS_GROUP).build();

    @Fixture
    private static UserFixture noPermissionUser = UserFixture.userFixture().existingGroup(TestProperties.DEFAULT_USERS_GROUP).build();

    @Fixture
    private static SpaceFixture space = SpaceFixture.spaceFixture().keyPrefix("TokenGenerationTest").permission(fullPermissionUser, SpacePermission.values()).permission(editPermissionUser, new SpacePermission[]{SpacePermission.VIEW, SpacePermission.PAGE_EDIT}).build();
    private static final String TITLE = "Token test page";

    @Fixture
    private static PageFixture page = PageFixture.pageFixture().author(fullPermissionUser).title(TITLE).content("contents").space(space).build();

    @Before
    public void setUp() {
        restClientProvider.clearAuthContext();
        rpc.getAdminSession().getUserComponent().removeUserFromGroup(((UserWithDetails) noPermissionUser.get()).getUsername(), TestProperties.DEFAULT_USERS_GROUP);
    }

    @After
    public void teardown() {
        restClientProvider.clearAuthContext();
    }

    @Test
    public void LoginUserCanGenerateTokenForAccessiblePage() {
        ClientResponse tokenGenerationResponse = getTokenGenerationResponse(page, editPermissionUser);
        try {
            Assert.assertEquals(200L, tokenGenerationResponse.getStatus());
            Assert.assertTrue(((String) tokenGenerationResponse.getEntity(String.class)).contains("synchronyToken"));
        } finally {
            tokenGenerationResponse.close();
        }
    }

    @Test
    public void LoginUserCanNotGenerateTokenForInaccessiblePage() {
        ClientResponse tokenGenerationResponse = getTokenGenerationResponse(page, noPermissionUser);
        try {
            Assert.assertEquals(401L, tokenGenerationResponse.getStatus());
        } finally {
            tokenGenerationResponse.close();
        }
    }

    @Test
    public void AnonymousUserCanGenerateTokenForPageWhenGlobalAndSpaceAnonymousEditEnabled() {
        grantAnonymousPermission();
        ClientResponse tokenGenerationResponse = getTokenGenerationResponse(page, (UserFixture) null);
        try {
            Assert.assertEquals(200L, tokenGenerationResponse.getStatus());
            Assert.assertTrue(((String) tokenGenerationResponse.getEntity(String.class)).contains("synchronyToken"));
        } finally {
            tokenGenerationResponse.close();
            revokeAnonymousPermission();
        }
    }

    @Test
    public void AnonymousUserCanNotGenerateTokenForPageWhenGlobalOrSpaceAnonymousEditDisabled() {
        revokeAnonymousPermission();
        ClientResponse tokenGenerationResponse = getTokenGenerationResponse(page, (UserFixture) null);
        try {
            Assert.assertEquals(401L, tokenGenerationResponse.getStatus());
        } finally {
            tokenGenerationResponse.close();
        }
    }

    private static void restLoginAs(UserFixture userFixture) {
        restClientProvider.setAuthContext(((UserWithDetails) userFixture.get()).getUsername(), ((UserWithDetails) userFixture.get()).getPassword().toCharArray());
    }

    private ClientResponse getTokenGenerationResponse(PageFixture pageFixture, @Nullable UserFixture userFixture) {
        return getTokenGenerationResponse(Long.valueOf(((Content) pageFixture.get()).getId().asLong()), userFixture);
    }

    private ClientResponse getTokenGenerationResponse(Long l, @Nullable UserFixture userFixture) {
        if (userFixture != null) {
            restLoginAs(userFixture);
        }
        return (ClientResponse) getWebResourceForTokenGeneration(l).get(ClientResponse.class);
    }

    private WebResource getWebResourceForTokenGeneration(Long l) {
        return restClientProvider.newRestWebResource().path("rest/synchrony/1.0/token/" + l + "/generate");
    }

    private void grantAnonymousPermission() {
        rpc.getAdminSession().getSystemComponent().enableAnonymousAccess();
        rpc.getAdminSession().getPermissionsComponent().grantAnonymousPermission(SpacePermission.VIEW, (Space) space.get());
        rpc.getAdminSession().getPermissionsComponent().grantAnonymousPermission(SpacePermission.PAGE_EDIT, (Space) space.get());
    }

    private void revokeAnonymousPermission() {
        rpc.getAdminSession().getSystemComponent().disableAnonymousAccess();
        rpc.getAdminSession().getPermissionsComponent().revokeAnonymousPermission(SpacePermission.VIEW, (Space) space.get());
        rpc.getAdminSession().getPermissionsComponent().revokeAnonymousPermission(SpacePermission.PAGE_EDIT, (Space) space.get());
    }
}
