package com.gentics.contentnode.tests.rest;

import com.gentics.contentnode.rest.model.User;
import com.gentics.contentnode.rest.model.request.LoginRequest;
import com.gentics.contentnode.rest.model.response.GenericResponse;
import com.gentics.contentnode.rest.model.response.LoginResponse;
import com.gentics.contentnode.rest.model.response.ResponseCode;
import com.gentics.contentnode.tests.rest.PageRenderResults;
import com.gentics.lib.base.factory.Session;
import com.gentics.lib.base.factory.SessionToken;
import com.gentics.testutils.database.SQLUtilException;
import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.api.client.WebResource;
import java.util.Iterator;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.NewCookie;
import org.apache.commons.httpclient.Cookie;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:com/gentics/contentnode/tests/rest/AuthenticationTest.class */
public class AuthenticationTest extends AbstractRestSandboxTest {
    protected String secretCookieName;

    @Override // com.gentics.contentnode.tests.rest.AbstractRestSandboxTest
    @Before
    public void setUp() throws Exception {
        super.setUp();
        this.secretCookieName = this.context.getNodeConfig().getDefaultPreferences().getProperty("contentnode.global.config.session_secret_cookie_name");
    }

    public void testSSOLoginWithDisabledMaintenanceMode() throws SQLUtilException {
        this.dbUtils.executeQueryManipulation("DELETE FROM nodesetup where name = 'maintenancemode';");
        WebResource path = this.client.resource(BASE_URI).path("rest/auth/login");
        LoginRequest loginRequest = new LoginRequest();
        loginRequest.setLogin("editor");
        loginRequest.setPassword("editor");
        String str = PageRenderResults.normalRenderTest.content;
        ClientResponse clientResponse = (ClientResponse) path.entity(loginRequest, "application/json").post(ClientResponse.class);
        Iterator it = clientResponse.getCookies().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            NewCookie newCookie = (NewCookie) it.next();
            if ("GCN_SESSION_SECRET".equalsIgnoreCase(newCookie.getName())) {
                str = newCookie.getValue();
                break;
            }
        }
        try {
            Integer.valueOf((String) this.client.resource(BASE_URI).path("rest/auth/ssologin").queryParam(AbstractRestSandboxTest.PARAM_SESSION_ID, ((LoginResponse) clientResponse.getEntity(LoginResponse.class)).getSid()).getRequestBuilder().cookie(new NewCookie("GCN_SESSION_SECRET", str)).accept(new MediaType[]{MediaType.TEXT_PLAIN_TYPE}).get(String.class));
        } catch (NumberFormatException e) {
            Assert.fail("The response of a successful sso request should be a number.");
        }
    }

    @Test
    public void testSSOLoginWithEnabledMaintenanceMode() throws SQLUtilException {
        this.dbUtils.executeQueryManipulation("DELETE FROM nodesetup where name = 'maintenancemode';");
        WebResource path = this.client.resource(BASE_URI).path("rest/auth/login");
        LoginRequest loginRequest = new LoginRequest();
        loginRequest.setLogin("editor");
        loginRequest.setPassword("editor");
        String str = PageRenderResults.normalRenderTest.content;
        ClientResponse clientResponse = (ClientResponse) path.entity(loginRequest, "application/json").post(ClientResponse.class);
        Iterator it = clientResponse.getCookies().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            NewCookie newCookie = (NewCookie) it.next();
            if ("GCN_SESSION_SECRET".equalsIgnoreCase(newCookie.getName())) {
                str = newCookie.getValue();
                break;
            }
        }
        String sid = ((LoginResponse) clientResponse.getEntity(LoginResponse.class)).getSid();
        this.dbUtils.executeQueryManipulation("INSERT INTO nodesetup values ('maintenancemode', 1, 'test')");
        this.dbUtils.executeQueryManipulation("update perm set perm = '00000000000000000000000000000000' where o_type = 1042 and o_id = 84 and usergroup_id = 16;");
        Assert.assertEquals("The response should be permission to indicate that the sso login was unsuccessful due to missing permissions.", ResponseCode.MAINTENANCEMODE.toString(), (String) this.client.resource(BASE_URI).path("rest/auth/ssologin").queryParam(AbstractRestSandboxTest.PARAM_SESSION_ID, sid).getRequestBuilder().cookie(new NewCookie("GCN_SESSION_SECRET", str)).accept(new MediaType[]{MediaType.TEXT_PLAIN_TYPE}).get(String.class));
    }

    @Test
    public void testLoginWithEnabledMaintenanceMode() throws SQLUtilException {
        this.dbUtils.executeQueryManipulation("DELETE FROM nodesetup where name = 'maintenancemode';");
        this.dbUtils.executeQueryManipulation("INSERT INTO nodesetup values ('maintenancemode', 1, 'test')");
        this.dbUtils.executeQueryManipulation("update perm set perm = '00000000000000000000000000000000' where o_type = 1042 and o_id = 84 and usergroup_id = 16;");
        WebResource path = this.client.resource(BASE_URI).path("rest/auth/login");
        LoginRequest loginRequest = new LoginRequest();
        loginRequest.setLogin("editor");
        loginRequest.setPassword("editor");
        Assert.assertEquals("Check the response code", ResponseCode.MAINTENANCEMODE, ((LoginResponse) path.entity(loginRequest, "application/json").post(LoginResponse.class)).getResponseInfo().getResponseCode());
    }

    @Test
    public void testNodeAdminLoginWithEnabledMaintenanceMode() throws SQLUtilException {
        this.dbUtils.executeQueryManipulation("DELETE FROM nodesetup where name = 'maintenancemode'");
        this.dbUtils.executeQueryManipulation("INSERT INTO nodesetup values ('maintenancemode', 1, 'test')");
        WebResource path = this.client.resource(BASE_URI).path("rest/auth/login");
        LoginRequest loginRequest = new LoginRequest();
        loginRequest.setLogin("node");
        loginRequest.setPassword("node");
        Assert.assertEquals("Check the response code", ResponseCode.OK, ((LoginResponse) path.entity(loginRequest, "application/json").post(LoginResponse.class)).getResponseInfo().getResponseCode());
    }

    @Test
    public void testLogin() throws Exception {
        WebResource path = this.client.resource(BASE_URI).path("rest/auth/login");
        LoginRequest loginRequest = new LoginRequest();
        loginRequest.setLogin("editor");
        loginRequest.setPassword("editor");
        LoginResponse loginResponse = (LoginResponse) path.entity(loginRequest, "application/json").post(LoginResponse.class);
        Assert.assertEquals("Check the response code", ResponseCode.OK, loginResponse.getResponseInfo().getResponseCode());
        User user = loginResponse.getUser();
        Assert.assertNotNull("Check that user was returned", user);
        Assert.assertEquals("Check username", 26, user.getId());
        String sid = loginResponse.getSid();
        String sessionSecretFromCookie = getSessionSecretFromCookie();
        Assert.assertNotNull("Check the returned sid", sid);
        Assert.assertNotNull("Check the session secret returned as cookie", sessionSecretFromCookie);
        Assert.assertTrue("Check whether the session is authenticated by the token", new SessionToken(sid, sessionSecretFromCookie).authenticates(new Session(Integer.parseInt(sid), this.context.getTransaction())));
    }

    @Test
    public void testFailedLogin() {
        WebResource path = this.client.resource(BASE_URI).path("rest/auth/login");
        LoginRequest loginRequest = new LoginRequest();
        loginRequest.setLogin("editor");
        loginRequest.setPassword("this is the wrong password");
        LoginResponse loginResponse = (LoginResponse) path.entity(loginRequest, "application/json").post(LoginResponse.class);
        Assert.assertEquals("Check the response code", ResponseCode.NOTFOUND, loginResponse.getResponseInfo().getResponseCode());
        Assert.assertNull("Check absence of sid", loginResponse.getSid());
        Assert.assertNull("Check absence of user", loginResponse.getUser());
        Assert.assertNull("Check absence of session secret cookie", getSessionSecretFromCookie());
    }

    @Test
    public void testLoginEmptyPassword() {
        WebResource path = this.client.resource(BASE_URI).path("rest/auth/login");
        LoginRequest loginRequest = new LoginRequest();
        loginRequest.setLogin("editor");
        LoginResponse loginResponse = (LoginResponse) path.entity(loginRequest, "application/json").post(LoginResponse.class);
        Assert.assertEquals("Check the response code", ResponseCode.NOTFOUND, loginResponse.getResponseInfo().getResponseCode());
        Assert.assertNull("Check absence of sid", loginResponse.getSid());
        Assert.assertNull("Check absence of user", loginResponse.getUser());
        Assert.assertNull("Check absence of session secret cookie", getSessionSecretFromCookie());
    }

    @Test
    public void testLogout() throws Exception {
        WebResource path = this.client.resource(BASE_URI).path("rest/auth/login");
        LoginRequest loginRequest = new LoginRequest();
        loginRequest.setLogin("editor");
        loginRequest.setPassword("editor");
        LoginResponse loginResponse = (LoginResponse) path.entity(loginRequest, "application/json").post(LoginResponse.class);
        Assert.assertEquals("Check the response code", ResponseCode.OK, loginResponse.getResponseInfo().getResponseCode());
        String sessionSecretFromCookie = getSessionSecretFromCookie();
        Assert.assertEquals("Check the response code", ResponseCode.OK, ((GenericResponse) this.client.resource(BASE_URI).path("rest/auth/logout").path(loginResponse.getSid()).post(GenericResponse.class)).getResponseInfo().getResponseCode());
        Assert.assertNull("Check absence of session secret cookie", getSessionSecretFromCookie());
        Assert.assertFalse("Check whether the session is authenticated by the token", new SessionToken(loginResponse.getSid(), sessionSecretFromCookie).authenticates(new Session(Integer.parseInt(loginResponse.getSid()), this.context.getTransaction())));
    }

    protected String getSessionSecretFromCookie() {
        for (Cookie cookie : this.client.getClientHandler().getHttpClient().getState().getCookies()) {
            if (this.secretCookieName.equals(cookie.getName())) {
                return cookie.getValue();
            }
        }
        return null;
    }
}
