package com.atlassian.crowd.acceptance.tests.rest.service.security;

import com.atlassian.crowd.integration.springsecurity.LoginRequest;
import com.atlassian.crowd.integration.springsecurity.RestAuthenticationFailureHandler;
import com.sun.jersey.api.client.ClientResponse;
import io.restassured.RestAssured;
import io.restassured.http.ContentType;
import io.restassured.mapper.ObjectMapperType;
import io.restassured.response.Response;
import java.net.MalformedURLException;
import java.util.Locale;
import java.util.ResourceBundle;
import org.hamcrest.Matcher;
import org.hamcrest.Matchers;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:com/atlassian/crowd/acceptance/tests/rest/service/security/RestAuthenticationTest.class */
public class RestAuthenticationTest extends BaseAuthenticationTestCase {
    @Test
    public void shouldReturnUnauthorizedCodeForInvalidLogin() {
        Response login = login("invalid", "invalid", true);
        Assert.assertThat(getLoginError(login), Matchers.is(RestAuthenticationFailureHandler.LoginError.FAILED));
        assertCookiesNotSet(login, "crowd.token_key", "crowd.rememberme.token");
    }

    @Test
    public void shouldReturnUnauthorizedCodeForExpiredPassword() {
        this.fixture.getTestkitClientForModifications().createUserWithExpiredPassword("expired", 1L);
        Response login = login("expired", "expired", true);
        Assert.assertThat(getLoginError(login), Matchers.is(RestAuthenticationFailureHandler.LoginError.EXPIRED_PASSWORD));
        assertCookiesNotSet(login, "crowd.token_key", "crowd.rememberme.token");
    }

    @Test
    public void shouldReturnOkCodeForValidLogin() {
        Response login = login("admin", "admin", false);
        login.then().statusCode(ClientResponse.Status.OK.getStatusCode()).cookie("crowd.token_key", cookieSet());
        assertCookiesNotSet(login, "crowd.rememberme.token");
    }

    @Test
    public void shouldSetRememberMeCookieWhenRequested() {
        login("admin", "admin", true).then().statusCode(ClientResponse.Status.OK.getStatusCode()).cookie("crowd.token_key", cookieSet()).cookie("crowd.rememberme.token", cookieSet());
    }

    @Test
    public void shouldClearCookiesAfterSuccessfulLogin() {
        Response login = login("admin", "admin", true);
        login("secondadmin", "secondadmin", false, login.cookies()).then().statusCode(ClientResponse.Status.OK.getStatusCode()).cookie("crowd.token_key", Matchers.not(login.getCookie("crowd.token_key"))).cookie("crowd.rememberme.token", cookieCleared());
    }

    @Test
    public void shouldClearCookiesAfterFailedLogin() {
        login("invalid", "invalid", false, login("admin", "admin", true).getCookies()).then().statusCode(ClientResponse.Status.UNAUTHORIZED.getStatusCode()).cookie("crowd.token_key", cookieCleared()).cookie("crowd.rememberme.token", cookieCleared());
    }

    @Test
    public void shouldClearCookiesAfterExpiredLogin() {
        Response login = login("admin", "admin", true);
        this.fixture.getTestkitClientForModifications().createUserWithExpiredPassword("expired", 1L);
        login("expired", "expired", false, login.getCookies()).then().statusCode(ClientResponse.Status.UNAUTHORIZED.getStatusCode()).cookie("crowd.token_key", cookieCleared()).cookie("crowd.rememberme.token", cookieCleared());
    }

    @Test
    public void shouldSupportExpiredPasswordChangePage() {
        this.fixture.getTestkitClientForModifications().createUserWithExpiredPassword("expired", 1L);
        Response login = login("expired", "expired", true);
        login.then().statusCode(ClientResponse.Status.UNAUTHORIZED.getStatusCode());
        RestAssured.given().cookies(login.cookies()).get("/console/changeexpiredpassword.action", new Object[0]).then().statusCode(ClientResponse.Status.OK.getStatusCode()).content(Matchers.containsString(ResourceBundle.getBundle("com.atlassian.crowd.console.action.BaseAction", Locale.US).getString("error.changepassword.required")), new Matcher[0]);
    }

    @Test
    public void shouldReturnForbiddenCodeWhenXsrfProtectionsMissing() {
        RestAssured.given().contentType(ContentType.JSON).body(new LoginRequest("admin", "admin", true), ObjectMapperType.JACKSON_1).post("/rest/security/login", new Object[0]).then().statusCode(ClientResponse.Status.FORBIDDEN.getStatusCode());
    }

    @Test
    public void shouldNotLoginToGoogleApps() throws MalformedURLException {
        Response withoutRedirects = getWithoutRedirects(NO_COOKIES, "/console/plugin/secure/saml/samlauth.action");
        assertRedirectTo(withoutRedirects, "/console/login.action");
        Assert.assertThat(getLoginError(login("admin", "admin", true, withoutRedirects.getCookies())), Matchers.is(RestAuthenticationFailureHandler.LoginError.FAILED));
    }

    @Test
    public void shouldLoginToGoogleApps() throws MalformedURLException {
        this.fixture.getTestkitClientForModifications().updateApplicationMapping(163842, 2, true);
        Response withoutRedirects = getWithoutRedirects(NO_COOKIES, "/console/plugin/secure/saml/samlauth.action");
        assertRedirectTo(withoutRedirects, "/console/login.action");
        Response login = login("admin", "admin", true, withoutRedirects.getCookies());
        login.then().statusCode(ClientResponse.Status.OK.getStatusCode());
        Assert.assertThat(getRelativeRedirects(login.getCookies(), "/rest/security/after-login-redirect"), Matchers.contains(new String[]{"/console/plugin/secure/saml/samlauth.action"}));
    }

    private static Response assertCookiesNotSet(Response response, String... strArr) {
        for (String str : strArr) {
            Assert.assertThat(response.getCookie(str), Matchers.emptyOrNullString());
        }
        return response;
    }

    private static Matcher<String> cookieCleared() {
        return Matchers.oneOf(new String[]{"", "\"\""});
    }

    private static Matcher<String> cookieSet() {
        return Matchers.not(Matchers.emptyOrNullString());
    }
}
