package edu.cornell.mannlib.vitro.webapp.controller.authenticate;

import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
import edu.cornell.mannlib.vitro.testing.AbstractTestClass;
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyTest;
import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
import edu.cornell.mannlib.vitro.webapp.controller.authenticate.AuthenticatorStub;
import java.io.IOException;
import java.net.URL;
import java.util.Collections;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import stubs.javax.servlet.ServletConfigStub;
import stubs.javax.servlet.ServletContextStub;
import stubs.javax.servlet.http.HttpServletRequestStub;
import stubs.javax.servlet.http.HttpServletResponseStub;
import stubs.javax.servlet.http.HttpSessionStub;

/* loaded from: input_file:edu/cornell/mannlib/vitro/webapp/controller/authenticate/ProgramLoginTest.class */
public class ProgramLoginTest extends AbstractTestClass {
    private static final Log log = LogFactory.getLog(ProgramLoginTest.class);
    private static final String NEW_USER_URI = "new_user_uri";
    private static final String NEW_USER_NAME = "new_user";
    private static final String NEW_USER_PASSWORD = "new_user_pw";
    private static final UserAccount NEW_USER = createUserAccount(NEW_USER_URI, NEW_USER_NAME, NEW_USER_PASSWORD, 0);
    private static final String OLD_USER_URI = "old_user_uri";
    private static final String OLD_USER_NAME = "old_user";
    private static final String OLD_USER_PASSWORD = "old_user_pw";
    private static final UserAccount OLD_USER = createUserAccount(OLD_USER_URI, OLD_USER_NAME, OLD_USER_PASSWORD, 10);
    private AuthenticatorStub.Factory authenticatorFactory;
    private AuthenticatorStub authenticator;
    private ServletContextStub servletContext;
    private ServletConfigStub servletConfig;
    private HttpSessionStub session;
    private HttpServletRequestStub request;
    private HttpServletResponseStub response;
    private ProgramLogin servlet;

    @Before
    public void setLogging() {
    }

    @Before
    public void setup() throws Exception {
        this.authenticatorFactory = new AuthenticatorStub.Factory();
        this.authenticator = this.authenticatorFactory.m15getInstance((HttpServletRequest) this.request);
        this.authenticator.addUser(NEW_USER);
        this.authenticator.addUser(OLD_USER);
        this.servletContext = new ServletContextStub();
        this.servletContext.setAttribute(AuthenticatorStub.FACTORY_ATTRIBUTE_NAME, this.authenticatorFactory);
        this.servletConfig = new ServletConfigStub();
        this.servletConfig.setServletContext(this.servletContext);
        this.servlet = new ProgramLogin();
        this.servlet.init(this.servletConfig);
        this.session = new HttpSessionStub();
        this.session.setServletContext(this.servletContext);
        this.request = new HttpServletRequestStub();
        this.request.setSession(this.session);
        this.request.setRequestUrl(new URL("http://this.that/vivo/programLogin"));
        this.request.setMethod("GET");
        this.response = new HttpServletResponseStub();
    }

    private static UserAccount createUserAccount(String str, String str2, String str3, int i) {
        UserAccount userAccount = new UserAccount();
        userAccount.setEmailAddress(str2);
        userAccount.setUri(str);
        userAccount.setPermissionSetUris(Collections.singleton(PolicyTest.ADMIN));
        userAccount.setArgon2Password(AuthenticatorStub.applyArgon2iEncodingStub(str3));
        userAccount.setMd5Password("");
        userAccount.setLoginCount(i);
        userAccount.setPasswordChangeRequired(Boolean.valueOf(i == 0));
        return userAccount;
    }

    @After
    public void cleanup() {
        if (this.servlet != null) {
            this.servlet.destroy();
        }
    }

    @Test
    public void noUsername() {
        executeRequest(null, null, null);
        assert403();
    }

    @Test
    public void noPassword() {
        executeRequest(OLD_USER_NAME, null, null);
        assert403();
    }

    @Test
    public void unrecognizedUser() {
        executeRequest("bogusUsername", "bogusPassword", null);
        assert403();
    }

    @Test
    public void wrongPassword() {
        executeRequest(OLD_USER_NAME, "bogusPassword", null);
        assert403();
    }

    @Test
    public void success() {
        executeRequest(OLD_USER_NAME, OLD_USER_PASSWORD, null);
        assertSuccess();
    }

    @Test
    public void newPasswordNotNeeded() {
        executeRequest(OLD_USER_NAME, OLD_USER_PASSWORD, "unneededPW");
        assert403();
    }

    @Test
    public void newPasswordMissing() {
        executeRequest(NEW_USER_NAME, NEW_USER_PASSWORD, null);
        assert403();
    }

    @Test
    public void newPasswordTooLong() {
        executeRequest(NEW_USER_NAME, NEW_USER_PASSWORD, RandomStringUtils.randomAlphanumeric(65));
        assert403();
    }

    @Test
    public void newPasswordEqualsOldPassword() {
        executeRequest(NEW_USER_NAME, NEW_USER_PASSWORD, NEW_USER_PASSWORD);
        assert403();
    }

    @Test
    public void successWithNewPassword() {
        executeRequest(NEW_USER_NAME, NEW_USER_PASSWORD, "newerBetter");
        assertSuccess();
    }

    private void executeRequest(String str, String str2, String str3) {
        if (str != null) {
            this.request.addParameter("email", str);
        }
        if (str2 != null) {
            this.request.addParameter("password", str2);
        }
        if (str3 != null) {
            this.request.addParameter("newPassword", str3);
        }
        try {
            this.servlet.doGet(this.request, this.response);
        } catch (ServletException | IOException e) {
            log.error(e, e);
            Assert.fail(e.toString());
        }
    }

    private void assert403() {
        Assert.assertEquals("status", 403L, this.response.getStatus());
        log.debug("Message was '" + this.response.getErrorMessage() + "'");
        Assert.assertEquals("logged in", false, Boolean.valueOf(LoginStatusBean.getBean(this.session).isLoggedIn()));
    }

    private void assertSuccess() {
        Assert.assertEquals("status", 200L, this.response.getStatus());
        Assert.assertEquals("logged in", true, Boolean.valueOf(LoginStatusBean.getBean(this.session).isLoggedIn()));
    }
}
