package it.com.atlassian.jirawallboard;

import com.atlassian.jira.pageobjects.pages.AddDashboardPage;
import com.atlassian.jira.testkit.client.JIRAEnvironmentData;
import com.atlassian.jira.testkit.client.RestApiClient;
import com.sun.jersey.api.client.ClientResponse;
import java.util.Locale;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:it/com/atlassian/jirawallboard/WallboardSecurityTest.class */
public class WallboardSecurityTest extends AbstractWallboardTest {
    private static final int EMPTY_DASHBOARD_ID = 10010;

    /* loaded from: input_file:it/com/atlassian/jirawallboard/WallboardSecurityTest$WallboardClient.class */
    private static class WallboardClient extends RestApiClient<WallboardClient> {
        WallboardClient(JIRAEnvironmentData jIRAEnvironmentData) {
            super(jIRAEnvironmentData);
        }

        ClientResponse sendMaliciousRequest() {
            return (ClientResponse) resourceRoot(getEnvironmentData().getBaseUrl().toExternalForm()).path("ConfigureWallboard.jspa").header("Referer", getEnvironmentData().getBaseUrl().toExternalForm()).accept(new String[]{"text/html"}).type("application/x-www-form-urlencoded").entity(String.format("inline=true&decorator=dialog&dashboardId=%d&random=true&transitionFx=none&cyclePeriod=30", 10010)).post(ClientResponse.class);
        }
    }

    @Before
    public void setup() {
        this.jira.backdoor().restoreBlankInstance();
        this.jira.backdoor().flags().clearFlags();
        this.jira.backdoor().darkFeatures().enableForSite("jira.onboarding.feature.disabled");
        AddDashboardPage quickLoginAsAdmin = this.jira.quickLoginAsAdmin(AddDashboardPage.class, new Object[0]);
        quickLoginAsAdmin.setName("test dashboard");
        quickLoginAsAdmin.submit();
    }

    @Test
    public void configureWallboardFormIsXsrfResistant() {
        ClientResponse sendMaliciousRequest = new WallboardClient(this.jira.environmentData()).sendMaliciousRequest();
        Assert.assertTrue("Submitting a configure wallboard form without a token should fail the XSRF check", ((String) sendMaliciousRequest.getEntity(String.class)).contains(this.jira.backdoor().i18n().getText("xsrf.error.title", Locale.getDefault().toString())));
    }
}
