package edu.cornell.mannlib.vitro.webapp.controller.edit;

import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
import edu.cornell.mannlib.vitro.testing.AbstractTestClass;
import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission;
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyStore;
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyTest;
import edu.cornell.mannlib.vitro.webapp.beans.PermissionSet;
import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
import edu.cornell.mannlib.vitro.webapp.config.ConfigurationProperties;
import edu.cornell.mannlib.vitro.webapp.controller.authenticate.AuthenticatorStub;
import edu.cornell.mannlib.vitro.webapp.controller.login.LoginProcessBean;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Level;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Ignore;
import org.junit.Test;
import stubs.edu.cornell.mannlib.vitro.webapp.config.ConfigurationPropertiesStub;
import stubs.edu.cornell.mannlib.vitro.webapp.dao.IndividualDaoStub;
import stubs.edu.cornell.mannlib.vitro.webapp.dao.UserAccountsDaoStub;
import stubs.edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactoryStub;
import stubs.edu.cornell.mannlib.vitro.webapp.i18n.I18nStub;
import stubs.edu.cornell.mannlib.vitro.webapp.modelaccess.ModelAccessFactoryStub;
import stubs.javax.servlet.ServletConfigStub;
import stubs.javax.servlet.ServletContextStub;
import stubs.javax.servlet.http.HttpServletRequestStub;
import stubs.javax.servlet.http.HttpServletResponseStub;
import stubs.javax.servlet.http.HttpSessionStub;

/* loaded from: input_file:edu/cornell/mannlib/vitro/webapp/controller/edit/AuthenticateTest.class */
public class AuthenticateTest extends AbstractTestClass {
    private AuthenticatorStub.Factory authenticatorFactory;
    private AuthenticatorStub authenticator;
    private ServletContextStub servletContext;
    private WebappDaoFactoryStub webappDaoFactory;
    private UserAccountsDaoStub userAccountsDao;
    private IndividualDaoStub individualDao;
    private ServletConfigStub servletConfig;
    private HttpSessionStub session;
    private HttpServletRequestStub request;
    private HttpServletResponseStub response;
    private Authenticate auth;
    private LoginProcessBean initialProcessBean;
    private static final String URL_LOGIN = "/vivo/login";
    private static final String URL_WIDGET = "/vivo/widgetPage";
    private static final String URL_RESTRICTED = "/vivo/resrictedPage";
    private static final String URL_WITH_LINK = "/vivo/linkPage";
    private static final String URL_HOME = "/vivo";
    private static final String URL_SITE_ADMIN = "/vivo/siteAdmin";
    private static final String URL_SELF_PROFILE = "/vivo/individual?uri=old_self_associated_uri";
    private static final String URL_SOMEWHERE_ELSE = "/vivo/somewhereElse";
    private static final String NO_USER = "";
    private static final String NO_MSG = "";
    private static final String NEW_DBA_NAME = "new_dba_name";
    private static final String NEW_DBA_PW = "new_dba_pw";
    private static final UserInfo NEW_DBA = new UserInfo(NEW_DBA_NAME, "new_dba_uri", NEW_DBA_PW, PolicyTest.ADMIN, 0);
    private static final String OLD_DBA_NAME = "old_dba_name";
    private static final String OLD_DBA_URI = "old_dba_uri";
    private static final String OLD_DBA_PW = "old_dba_pw";
    private static final UserInfo OLD_DBA = new UserInfo(OLD_DBA_NAME, OLD_DBA_URI, OLD_DBA_PW, PolicyTest.ADMIN, 5);
    private static final String OLD_SELF_NAME = "old_self_name";
    private static final String OLD_SELF_PW = "old_self_pw";
    private static final UserInfo OLD_SELF = new UserInfo(OLD_SELF_NAME, "old_self_uri", OLD_SELF_PW, PolicyTest.SELF_EDITOR, 100);
    private static final String OLD_STRANGER_NAME = "old_stranger_name";
    private static final String OLD_STRANGER_PW = "stranger_pw";
    private static final UserInfo OLD_STRANGER = new UserInfo(OLD_STRANGER_NAME, "old_stranger_uri", OLD_STRANGER_PW, PolicyTest.SELF_EDITOR, 20);
    private static List<UserAccount> userAccounts = new ArrayList();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:edu/cornell/mannlib/vitro/webapp/controller/edit/AuthenticateTest$UserInfo.class */
    public static class UserInfo {
        final String username;
        final String uri;
        final String password;
        final Set<String> permissionSetUris;
        final int loginCount;

        public UserInfo(String str, String str2, String str3, String str4, int i) {
            this.username = str;
            this.uri = str2;
            this.password = str3;
            this.permissionSetUris = Collections.singleton(str4);
            this.loginCount = i;
        }

        public String toString() {
            return "UserInfo[username=" + this.username + ", uri=" + this.uri + ", password=" + this.password + ", roleUri=" + this.permissionSetUris + ", loginCount=" + this.loginCount + "]";
        }
    }

    @BeforeClass
    public static void prepareUserAccounts() {
        userAccounts.add(createUserFromUserInfo(NEW_DBA));
        userAccounts.add(createUserFromUserInfo(OLD_DBA));
        userAccounts.add(createUserFromUserInfo(OLD_SELF));
        userAccounts.add(createUserFromUserInfo(OLD_STRANGER));
    }

    @Before
    public void setup() throws Exception {
        I18nStub.setup();
        this.authenticatorFactory = new AuthenticatorStub.Factory();
        this.authenticator = this.authenticatorFactory.m15getInstance((HttpServletRequest) this.request);
        Iterator<UserAccount> it = userAccounts.iterator();
        while (it.hasNext()) {
            this.authenticator.addUser(it.next());
        }
        this.authenticator.setAssociatedUri(OLD_SELF.username, "old_self_associated_uri");
        this.servletContext = new ServletContextStub();
        this.servletContext.setAttribute(AuthenticatorStub.FACTORY_ATTRIBUTE_NAME, this.authenticatorFactory);
        PermissionSet permissionSet = new PermissionSet();
        permissionSet.setUri(PolicyTest.ADMIN);
        permissionSet.setPermissionUris(Collections.singleton((String) SimplePermission.SEE_SITE_ADMIN_PAGE.ACTION.getObject().getUri().get()));
        this.userAccountsDao = new UserAccountsDaoStub();
        this.userAccountsDao.addPermissionSet(permissionSet);
        Iterator<UserAccount> it2 = userAccounts.iterator();
        while (it2.hasNext()) {
            this.userAccountsDao.addUser(it2.next());
        }
        this.individualDao = new IndividualDaoStub();
        this.webappDaoFactory = new WebappDaoFactoryStub();
        this.webappDaoFactory.setUserAccountsDao(this.userAccountsDao);
        this.webappDaoFactory.setIndividualDao(this.individualDao);
        new ModelAccessFactoryStub().get(this.servletContext).setWebappDaoFactory(this.webappDaoFactory);
        setLoggerLevel((Class<?>) PolicyStore.class, Level.WARN);
        this.servletConfig = new ServletConfigStub();
        this.servletConfig.setServletContext(this.servletContext);
        this.session = new HttpSessionStub();
        this.session.setServletContext(this.servletContext);
        this.request = new HttpServletRequestStub();
        this.request.setSession(this.session);
        this.request.setRequestUrlByParts("http://this.that", URL_HOME, "/authenticate", null);
        this.request.setMethod("POST");
        this.response = new HttpServletResponseStub();
        this.auth = new Authenticate();
        this.auth.init(this.servletConfig);
        setLoggerLevel((Class<?>) ConfigurationProperties.class, Level.WARN);
        new ConfigurationPropertiesStub().setBean(this.servletContext);
    }

    private static UserAccount createUserFromUserInfo(UserInfo userInfo) {
        UserAccount userAccount = new UserAccount();
        userAccount.setEmailAddress(userInfo.username);
        userAccount.setUri(userInfo.uri);
        userAccount.setPermissionSetUris(userInfo.permissionSetUris);
        userAccount.setArgon2Password(AuthenticatorStub.applyArgon2iEncodingStub(userInfo.password));
        userAccount.setMd5Password("");
        userAccount.setLoginCount(userInfo.loginCount);
        userAccount.setPasswordChangeRequired(Boolean.valueOf(userInfo.loginCount == 0));
        return userAccount;
    }

    @Test
    public void enterFromALoginLink() {
        setRequestFromLoginLink(URL_WITH_LINK);
        doTheRequest();
        assertProcessBean(LoginProcessBean.State.LOGGING_IN, "", "", "", URL_LOGIN, URL_WITH_LINK);
        assertRedirect(URL_LOGIN);
    }

    @Test
    public void enterFromABookmarkOfTheLoginLink() {
        setRequestFromLoginLink(null);
        doTheRequest();
        assertProcessBean(LoginProcessBean.State.LOGGING_IN, "", "", "", URL_LOGIN, URL_LOGIN);
        assertRedirect(URL_LOGIN);
    }

    @Test
    public void enterFromARestrictedPage() {
        setRequestFromRestrictedPage(URL_RESTRICTED);
        doTheRequest();
        assertProcessBean(LoginProcessBean.State.LOGGING_IN, "", "", "", URL_LOGIN, URL_RESTRICTED);
        assertRedirect(URL_LOGIN);
    }

    @Test
    public void enterFromAWidgetPage() {
        setRequestFromWidgetPage(URL_WIDGET);
        doTheRequest();
        assertProcessBean(LoginProcessBean.State.LOGGING_IN, "", "", "", URL_WIDGET, URL_WIDGET);
        assertRedirect(URL_WIDGET);
    }

    @Test
    public void enterFromTheLoginPage() {
        setRequestFromWidgetPage(URL_LOGIN);
        doTheRequest();
        assertProcessBean(LoginProcessBean.State.LOGGING_IN, "", "", "", URL_LOGIN, URL_LOGIN);
        assertRedirect(URL_LOGIN);
    }

    @Test
    @Ignore
    public void restartFromALoginLink() {
        setProcessBean(LoginProcessBean.State.LOGGING_IN, "username", URL_LOGIN, URL_SOMEWHERE_ELSE);
        enterFromALoginLink();
    }

    @Test
    @Ignore
    public void restartFromABookmarkOfTheLoginLink() {
        setProcessBean(LoginProcessBean.State.LOGGING_IN, "username", URL_LOGIN, URL_SOMEWHERE_ELSE);
        enterFromABookmarkOfTheLoginLink();
    }

    @Test
    @Ignore
    public void restartFromARestrictedPage() {
        setProcessBean(LoginProcessBean.State.LOGGING_IN, "username", URL_LOGIN, URL_SOMEWHERE_ELSE);
        enterFromARestrictedPage();
    }

    @Test
    @Ignore
    public void restartFromADifferentWidgetPage() {
        setProcessBean(LoginProcessBean.State.LOGGING_IN, "username", URL_LOGIN, URL_SOMEWHERE_ELSE);
        enterFromAWidgetPage();
    }

    @Test
    @Ignore
    public void restartFromTheLoginPageWhenWeWereUsingAWidgetPage() {
        setProcessBean(LoginProcessBean.State.LOGGING_IN, "username", URL_SOMEWHERE_ELSE, URL_SOMEWHERE_ELSE);
        enterFromTheLoginPage();
    }

    @Test
    public void loggingInNoUsername() {
        setProcessBean(LoginProcessBean.State.LOGGING_IN, "", URL_LOGIN, URL_WITH_LINK);
        doTheRequest();
        assertProcessBean(LoginProcessBean.State.LOGGING_IN, "", "", "error_no_email_address", URL_LOGIN, URL_WITH_LINK);
        assertRedirectToLoginProcessPage();
    }

    @Test
    public void loggingInUsernameNotRecognized() {
        setProcessBean(LoginProcessBean.State.LOGGING_IN, "", URL_LOGIN, URL_WITH_LINK);
        setLoginNameAndPassword("unknownBozo", null);
        doTheRequest();
        assertProcessBean(LoginProcessBean.State.LOGGING_IN, "unknownBozo", "", "error_incorrect_credentials", URL_LOGIN, URL_WITH_LINK);
        assertRedirectToLoginProcessPage();
    }

    @Test
    public void loggingInNoPassword() {
        setProcessBean(LoginProcessBean.State.LOGGING_IN, "", URL_LOGIN, URL_WITH_LINK);
        setLoginNameAndPassword(NEW_DBA_NAME, null);
        doTheRequest();
        assertProcessBean(LoginProcessBean.State.LOGGING_IN, NEW_DBA_NAME, "", "error_no_password", URL_LOGIN, URL_WITH_LINK);
        assertRedirectToLoginProcessPage();
    }

    @Test
    public void loggingInPasswordIsIncorrect() {
        setProcessBean(LoginProcessBean.State.LOGGING_IN, "", URL_LOGIN, URL_WITH_LINK);
        setLoginNameAndPassword(NEW_DBA_NAME, "bogus_password");
        doTheRequest();
        assertProcessBean(LoginProcessBean.State.LOGGING_IN, NEW_DBA_NAME, "", "error_incorrect_credentials", URL_LOGIN, URL_WITH_LINK);
        assertRedirectToLoginProcessPage();
    }

    @Test
    public void loggingInSuccessful() {
        setProcessBean(LoginProcessBean.State.LOGGING_IN, "", URL_LOGIN, URL_WITH_LINK);
        setLoginNameAndPassword(OLD_DBA_NAME, OLD_DBA_PW);
        doTheRequest();
        assertNoProcessBean();
        assertNewLoginSessions(OLD_DBA_NAME);
        assertRedirectToAfterLoginPage();
    }

    @Test
    public void loggingInForcesPasswordChange() {
        setProcessBean(LoginProcessBean.State.LOGGING_IN, "", URL_LOGIN, URL_WITH_LINK);
        setLoginNameAndPassword(NEW_DBA_NAME, NEW_DBA_PW);
        doTheRequest();
        assertProcessBean(LoginProcessBean.State.FORCED_PASSWORD_CHANGE, NEW_DBA_NAME, "", "", URL_LOGIN, URL_WITH_LINK);
        assertNewLoginSessions(new String[0]);
        assertRedirectToLoginProcessPage();
    }

    @Test
    public void changingPasswordCancel() {
        setProcessBean(LoginProcessBean.State.FORCED_PASSWORD_CHANGE, NEW_DBA_NAME, URL_LOGIN, URL_WITH_LINK);
        setCancel();
        doTheRequest();
        assertNoProcessBean();
        assertNewLoginSessions(new String[0]);
        assertRedirectToCancelUrl();
    }

    @Test
    public void changingPasswordWrongLength() {
        setProcessBean(LoginProcessBean.State.FORCED_PASSWORD_CHANGE, NEW_DBA_NAME, URL_LOGIN, URL_WITH_LINK);
        setNewPasswordAttempt("HI", "HI");
        doTheRequest();
        assertProcessBean(LoginProcessBean.State.FORCED_PASSWORD_CHANGE, NEW_DBA_NAME, "", "error_password_length", URL_LOGIN, URL_WITH_LINK);
        assertRedirectToLoginProcessPage();
    }

    @Test
    public void changingPasswordDontMatch() {
        setProcessBean(LoginProcessBean.State.FORCED_PASSWORD_CHANGE, NEW_DBA_NAME, URL_LOGIN, URL_WITH_LINK);
        setNewPasswordAttempt("LongEnough", "DoesNotMatch");
        doTheRequest();
        assertProcessBean(LoginProcessBean.State.FORCED_PASSWORD_CHANGE, NEW_DBA_NAME, "", "error_passwords_dont_match", URL_LOGIN, URL_WITH_LINK);
        assertRedirectToLoginProcessPage();
    }

    @Test
    public void changingPasswordSameAsBefore() {
        setProcessBean(LoginProcessBean.State.FORCED_PASSWORD_CHANGE, NEW_DBA_NAME, URL_LOGIN, URL_WITH_LINK);
        setNewPasswordAttempt(NEW_DBA_PW, NEW_DBA_PW);
        doTheRequest();
        assertProcessBean(LoginProcessBean.State.FORCED_PASSWORD_CHANGE, NEW_DBA_NAME, "", "error_previous_password", URL_LOGIN, URL_WITH_LINK);
        assertRedirectToLoginProcessPage();
    }

    @Test
    public void changingPasswordSuccess() {
        setProcessBean(LoginProcessBean.State.FORCED_PASSWORD_CHANGE, NEW_DBA_NAME, URL_LOGIN, URL_WITH_LINK);
        setNewPasswordAttempt("NewPassword", "NewPassword");
        doTheRequest();
        assertNoProcessBean();
        assertNewLoginSessions(NEW_DBA_NAME);
        assertPasswordChanges(NEW_DBA_NAME, "NewPassword");
        assertRedirectToAfterLoginPage();
    }

    @Test
    public void alreadyLoggedIn() {
        LoginStatusBean.setBean(this.session, new LoginStatusBean(OLD_DBA_URI, LoginStatusBean.AuthenticationSource.INTERNAL));
        setRequestFromLoginLink(URL_WITH_LINK);
        doTheRequest();
        assertNoProcessBean();
        assertNewLoginSessions(new String[0]);
        assertRedirect(URL_WITH_LINK);
    }

    @Test
    public void exitSelfEditor() {
        setProcessBean(LoginProcessBean.State.LOGGING_IN, "", URL_LOGIN, URL_WITH_LINK);
        setLoginNameAndPassword(OLD_SELF_NAME, OLD_SELF_PW);
        doTheRequest();
        assertNoProcessBean();
        assertNewLoginSessions(OLD_SELF_NAME);
        assertRedirect(URL_SELF_PROFILE);
    }

    @Test
    public void exitUnrecognizedSelfEditor() {
        setProcessBean(LoginProcessBean.State.LOGGING_IN, "", URL_LOGIN, URL_WITH_LINK);
        setLoginNameAndPassword(OLD_STRANGER_NAME, OLD_STRANGER_PW);
        doTheRequest();
        assertNoProcessBean();
        assertNewLoginSessions(OLD_STRANGER_NAME);
        assertRedirect(URL_WITH_LINK);
    }

    @Test
    public void exitDbaNormal() {
        setProcessBean(LoginProcessBean.State.LOGGING_IN, "", URL_LOGIN, URL_RESTRICTED);
        setLoginNameAndPassword(OLD_DBA_NAME, OLD_DBA_PW);
        doTheRequest();
        assertNoProcessBean();
        assertNewLoginSessions(OLD_DBA_NAME);
        assertRedirect(URL_RESTRICTED);
    }

    @Test
    @Ignore
    public void exitDbaFromLoginPage() {
        setProcessBean(LoginProcessBean.State.LOGGING_IN, "", URL_LOGIN, URL_LOGIN);
        setLoginNameAndPassword(OLD_DBA_NAME, OLD_DBA_PW);
        doTheRequest();
        assertNoProcessBean();
        assertNewLoginSessions(OLD_DBA_NAME);
        assertRedirect(URL_SITE_ADMIN);
    }

    private void setRequestFromLoginLink(String str) {
        this.request.addParameter("return", "");
        this.request.setHeader("referer", str);
    }

    private void setRequestFromRestrictedPage(String str) {
        this.request.addParameter("afterLogin", str);
        this.request.setHeader("referer", str);
    }

    private void setRequestFromWidgetPage(String str) {
        this.request.setHeader("referer", str);
    }

    private void setProcessBean(LoginProcessBean.State state, String str, String str2, String str3) {
        LoginProcessBean bean = LoginProcessBean.getBean(this.request);
        bean.setState(state);
        bean.setUsername(str);
        bean.setLoginPageUrl(str2);
        bean.setAfterLoginUrl(str3);
        this.initialProcessBean = bean;
    }

    private void setLoginNameAndPassword(String str, String str2) {
        this.request.addParameter("loginName", str);
        this.request.addParameter("loginPassword", str2);
    }

    private void setCancel() {
        this.request.addParameter("cancel", "true");
    }

    private void setNewPasswordAttempt(String str, String str2) {
        this.request.addParameter("newPassword", str);
        this.request.addParameter("confirmPassword", str2);
    }

    private void doTheRequest() {
        this.auth.doPost(this.request, this.response);
    }

    private void assertNoProcessBean() {
        if (LoginProcessBean.isBean(this.request)) {
            Assert.fail("Process bean: expected <null>, but was <" + LoginProcessBean.getBean(this.request) + ">");
        }
    }

    private void assertProcessBean(LoginProcessBean.State state, String str, String str2, String str3, String str4, String str5) {
        if (!LoginProcessBean.isBean(this.request)) {
            Assert.fail("login process bean is null");
        }
        LoginProcessBean bean = LoginProcessBean.getBean(this.request);
        Assert.assertEquals("state", state, bean.getState());
        Assert.assertEquals("username", str, bean.getUsername());
        Assert.assertEquals("info message", str2, bean.getInfoMessageAndClear());
        Assert.assertEquals("error message", str3, bean.getErrorMessageAndClear());
        Assert.assertEquals("login process URL", str4, bean.getLoginPageUrl());
        Assert.assertEquals("after login URL", str5, bean.getAfterLoginUrl());
    }

    private void assertRedirect(String str) {
        if (str.startsWith("http://")) {
            Assert.assertEquals("absolute redirect", str, this.response.getRedirectLocation());
        } else {
            Assert.assertEquals("relative redirect", str, this.response.getRedirectLocation());
        }
    }

    private void assertRedirectToLoginProcessPage() {
        assertRedirect(LoginProcessBean.getBean(this.request).getLoginPageUrl());
    }

    private void assertRedirectToAfterLoginPage() {
        Assert.assertNotNull("No reference to the initial LoginProcessBean", this.initialProcessBean);
        assertRedirect(this.initialProcessBean.getAfterLoginUrl());
    }

    private void assertRedirectToCancelUrl() {
        String afterLoginUrl = this.initialProcessBean.getAfterLoginUrl();
        if (afterLoginUrl == null || afterLoginUrl.equals(URL_LOGIN)) {
            assertRedirect(URL_HOME);
        } else {
            assertRedirect(afterLoginUrl);
        }
    }

    private void assertNewLoginSessions(String... strArr) {
        Assert.assertEquals("recorded logins", new HashSet(Arrays.asList(strArr)), new HashSet(this.authenticator.getRecordedLoginUsernames()));
    }

    private void assertPasswordChanges(String... strArr) {
        if (strArr.length % 2 != 0) {
            throw new RuntimeException("supply even number of args: username and password");
        }
        HashMap hashMap = new HashMap();
        for (int i = 0; i < strArr.length; i += 2) {
            hashMap.put(strArr[i], strArr[i + 1]);
        }
        Assert.assertEquals("password changes", hashMap, this.authenticator.getNewPasswordMap());
    }
}
