package com.gentics.mesh.core.user;

import com.gentics.mesh.assertj.MeshAssertions;
import com.gentics.mesh.core.rest.graphql.GraphQLResponse;
import com.gentics.mesh.core.rest.user.UserCreateRequest;
import com.gentics.mesh.core.rest.user.UserListResponse;
import com.gentics.mesh.parameter.ParameterProvider;
import com.gentics.mesh.rest.client.MeshRestClientMessageException;
import com.gentics.mesh.test.ClientHelper;
import com.gentics.mesh.test.MeshTestSetting;
import com.gentics.mesh.test.TestSize;
import com.gentics.mesh.test.context.AbstractMeshTest;
import io.netty.handler.codec.http.HttpResponseStatus;
import org.junit.Before;
import org.junit.Test;

@MeshTestSetting(testSize = TestSize.FULL, startServer = true)
/* loaded from: input_file:com/gentics/mesh/core/user/UsernameEnumerationTest.class */
public class UsernameEnumerationTest extends AbstractMeshTest {
    @Before
    public void setUp() throws Exception {
        client().logout().blockingGet();
    }

    @Test
    public void testNoUserAccess() {
        MeshAssertions.assertThat(((UserListResponse) client().findUsers(new ParameterProvider[0]).blockingGet()).getData()).isEmpty();
    }

    @Test
    public void testNoGraphQlUserAccess() {
        MeshAssertions.assertThat(((GraphQLResponse) client().graphqlQuery("dummy", "{\n  users {\n    elements {\n      username\n    }\n  }\n}", new ParameterProvider[0]).blockingGet()).getData().getJsonObject("users").getJsonArray("elements").size()).isEqualTo(0);
    }

    @Test
    public void testLogin() {
        tryLogin("nonExistingUser", "wrongPassword", HttpResponseStatus.UNAUTHORIZED, "Login failed.");
        tryLogin("admin", "wrongPassword", HttpResponseStatus.UNAUTHORIZED, "Login failed.");
    }

    @Test
    public void testCreateUser() {
        UserCreateRequest password = new UserCreateRequest().setUsername("nonExistingUser").setPassword("somePassword");
        ClientHelper.call(() -> {
            return client().createUser(password, new ParameterProvider[0]);
        }, HttpResponseStatus.FORBIDDEN);
        password.setUsername("admin");
        ClientHelper.call(() -> {
            return client().createUser(password, new ParameterProvider[0]);
        }, HttpResponseStatus.FORBIDDEN);
    }

    @Test
    public void testGraphQl() {
        GraphQLResponse graphQLResponse = (GraphQLResponse) client().graphqlQuery("dummy", "{user(name:\"nonExistingUser\") { username }}", new ParameterProvider[0]).blockingGet();
        MeshAssertions.assertThat(graphQLResponse.getErrors()).isNullOrEmpty();
        MeshAssertions.assertThat(graphQLResponse.getData().getJsonObject("user")).isNull();
        GraphQLResponse graphQLResponse2 = (GraphQLResponse) client().graphqlQuery("dummy", "{user(name:\"admin\") { username }}", new ParameterProvider[0]).blockingGet();
        MeshAssertions.assertThat(graphQLResponse2.getErrors()).isNullOrEmpty();
        MeshAssertions.assertThat(graphQLResponse2.getData().getJsonObject("user")).isNull();
    }

    private void tryLogin(String str, String str2, HttpResponseStatus httpResponseStatus, String str3) {
        client().setLogin(str, str2);
        try {
            client().login().blockingGet();
        } catch (RuntimeException e) {
            MeshRestClientMessageException cause = e.getCause();
            if (!(cause instanceof MeshRestClientMessageException)) {
                throw e;
            }
            MeshAssertions.assertThat(cause).hasStatusCode(httpResponseStatus.code()).hasMessage(str3);
        }
    }
}
