package com.atlassian.crowd.acceptance.tests.rest.service;

import com.atlassian.crowd.acceptance.rest.RestServer;
import com.atlassian.crowd.acceptance.tests.cluster.testutil.RestAdminClient;
import com.atlassian.crowd.acceptance.tests.rest.service.util.RestTestFixture;
import com.atlassian.crowd.integration.rest.entity.ErrorEntity;
import com.atlassian.crowd.integration.rest.entity.PasswordEntity;
import com.atlassian.crowd.integration.rest.entity.UserEntity;
import com.atlassian.crowd.plugin.rest.entity.admin.DirectoryMappingAuthenticationEntity;
import com.atlassian.crowd.plugin.rest.entity.admin.DirectoryMappingEntity;
import com.atlassian.crowd.test.util.RestUtils;
import com.google.common.collect.ImmutableList;
import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.api.client.WebResource;
import io.restassured.RestAssured;
import io.restassured.http.ContentType;
import io.restassured.specification.RequestSpecification;
import java.util.Collections;
import java.util.List;
import org.hamcrest.Matchers;
import org.junit.Assert;

/* loaded from: input_file:com/atlassian/crowd/acceptance/tests/rest/service/AuthenticationResourceTest.class */
public class AuthenticationResourceTest extends RestCrowdServiceAcceptanceTestCase {
    public AuthenticationResourceTest(String str) {
        super(str);
    }

    public AuthenticationResourceTest(String str, RestServer restServer) {
        super(str, restServer);
    }

    public void testUserAuthentication() {
        UserEntity authenticateUser = authenticateUser(RestCrowdServiceAcceptanceTestCase.EEEEP_USERNAME, RestCrowdServiceAcceptanceTestCase.EEEEP_PASSWORD);
        assertNotNull(authenticateUser);
        assertEquals(RestCrowdServiceAcceptanceTestCase.EEEEP_USERNAME, authenticateUser.getName());
    }

    public void testUserAuthentication_BadCredentials() {
        WebResource authenticationResource = getAuthenticationResource(RestCrowdServiceAcceptanceTestCase.EEEEP_USERNAME);
        ClientResponse clientResponse = (ClientResponse) authenticationResource.type("application/json").post(ClientResponse.class, new PasswordEntity("I am a bad credential"));
        assertEquals(400, clientResponse.getStatus());
        assertEquals(ErrorEntity.ErrorReason.INVALID_USER_AUTHENTICATION, ((ErrorEntity) clientResponse.getEntity(ErrorEntity.class)).getReason());
    }

    public void testUserAuthentication_InactiveUser() {
        intendToModifyData();
        deactivateUser(RestCrowdServiceAcceptanceTestCase.EEEEP_USERNAME);
        WebResource authenticationResource = getAuthenticationResource(RestCrowdServiceAcceptanceTestCase.EEEEP_USERNAME);
        ClientResponse clientResponse = (ClientResponse) authenticationResource.type("application/json").post(ClientResponse.class, new PasswordEntity(RestCrowdServiceAcceptanceTestCase.EEEEP_PASSWORD));
        assertEquals(400, clientResponse.getStatus());
        assertEquals(ErrorEntity.ErrorReason.INACTIVE_ACCOUNT, ((ErrorEntity) clientResponse.getEntity(ErrorEntity.class)).getReason());
    }

    public void testUserAuthentication_NoUser() {
        WebResource authenticationResource = getAuthenticationResource(RestCrowdServiceAcceptanceTestCase.NON_EXISTENT_USER);
        ClientResponse clientResponse = (ClientResponse) authenticationResource.type("application/json").post(ClientResponse.class, new PasswordEntity(RestCrowdServiceAcceptanceTestCase.EEEEP_PASSWORD));
        assertEquals(400, clientResponse.getStatus());
        assertEquals(ErrorEntity.ErrorReason.USER_NOT_FOUND, ((ErrorEntity) clientResponse.getEntity(ErrorEntity.class)).getReason());
    }

    public void testUserAuthentication_UnauthorisedGroupUser() {
        WebResource authenticationResource = getAuthenticationResource("dir1user");
        ClientResponse clientResponse = (ClientResponse) authenticationResource.type("application/json").post(ClientResponse.class, new PasswordEntity("dir1user"));
        assertEquals(400, clientResponse.getStatus());
        assertEquals(ErrorEntity.ErrorReason.INVALID_USER_AUTHENTICATION, ((ErrorEntity) clientResponse.getEntity(ErrorEntity.class)).getReason());
    }

    public void testUserAuthentication_AllowAllToAuthenticate() {
        authenticateUser("regularuser", "regularuser");
    }

    public void testUserAuthentication_CommonUserUnauthorised() {
        authenticateUser("secondadmin", "secondadmin");
        WebResource authenticationResource = getAuthenticationResource("secondadmin");
        ClientResponse clientResponse = (ClientResponse) authenticationResource.type("application/json").post(ClientResponse.class, new PasswordEntity("secondadmindir2"));
        assertEquals(400, clientResponse.getStatus());
        assertEquals(ErrorEntity.ErrorReason.INVALID_USER_AUTHENTICATION, ((ErrorEntity) clientResponse.getEntity(ErrorEntity.class)).getReason());
    }

    public void testUserAuthentication_NestedUser() {
        authenticateUser(RestCrowdServiceAcceptanceTestCase.PENNY_USERNAME, RestCrowdServiceAcceptanceTestCase.PENNY_USERNAME);
    }

    public void testAuthenticationNotify_shouldProcessDefaultGroups() {
        intendToModifyData();
        long currentTimeMillis = System.currentTimeMillis();
        new RestAdminClient(this.restServer.getBaseUrl()).updateDirectoryMapping(RestTestFixture.CROWD_APP_ID.intValue(), 2, new DirectoryMappingEntity((Long) null, (String) null, new DirectoryMappingAuthenticationEntity(true, ImmutableList.of(RestCrowdServiceAcceptanceTestCase.GROUP_CROWD_ADMINS)), Collections.singletonList(RestCrowdServiceAcceptanceTestCase.GROUP_BADGERS)));
        UserEntity userEntity = (UserEntity) crowdAppRequest().queryParam(UserPermissionAdminResourceTest.USERNAME_PARAM, new Object[]{"secondadmin"}).post(getBaseUriBuilder().path("authentication/notify").build(new Object[0])).then().assertThat().statusCode(200).extract().as(UserEntity.class);
        List list = crowdAppRequest().queryParam("groupname", new Object[]{RestCrowdServiceAcceptanceTestCase.GROUP_BADGERS}).get(getBaseUriBuilder().path("group/user/direct").build(new Object[0])).xmlPath().getList("users.user.@name");
        long longValue = Long.valueOf(((UserEntity) crowdAppRequest().queryParam(UserPermissionAdminResourceTest.USERNAME_PARAM, new Object[]{"secondadmin"}).queryParam("expand", new Object[]{"attributes"}).get(getBaseUriBuilder().path("user").build(new Object[0])).then().assertThat().statusCode(200).extract().as(UserEntity.class)).getAttributes().getValue("lastAuthenticated")).longValue();
        Assert.assertThat(userEntity.getName(), Matchers.equalTo("secondadmin"));
        Assert.assertThat(list, Matchers.hasItem("secondadmin"));
        Assert.assertThat(Long.valueOf(longValue), Matchers.greaterThanOrEqualTo(Long.valueOf(currentTimeMillis)));
    }

    public void testAuthenticationNotify_shouldErrorIfNotAllowedToLogin() {
        crowdAppRequest().queryParam(UserPermissionAdminResourceTest.USERNAME_PARAM, new Object[]{"dir1user"}).post(getBaseUriBuilder().path("authentication/notify").build(new Object[0])).then().assertThat().statusCode(400);
    }

    public void testAuthenticationNotify_shouldRequireAuth() {
        RestUtils.adminRequest().queryParam(UserPermissionAdminResourceTest.USERNAME_PARAM, new Object[]{"dir1user"}).post(getBaseUriBuilder().path("authentication/notify").build(new Object[0])).then().assertThat().statusCode(401);
        RestAssured.given().queryParam(UserPermissionAdminResourceTest.USERNAME_PARAM, new Object[]{"dir1user"}).post(getBaseUriBuilder().path("authentication/notify").build(new Object[0])).then().assertThat().statusCode(401);
    }

    private RequestSpecification crowdAppRequest() {
        return RestAssured.given().auth().preemptive().basic("crowd", "qybhDMZh").contentType(ContentType.XML);
    }

    private WebResource getAuthenticationResource(String str) {
        return getWebResource("crowd", "qybhDMZh", getBaseUriBuilder().path("authentication").queryParam(UserPermissionAdminResourceTest.USERNAME_PARAM, new Object[]{"{username}"}).build(new Object[]{str}));
    }
}
