package org.jahia.test.services.render;

import com.google.common.base.Predicates;
import com.google.common.collect.Iterables;
import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Properties;
import java.util.Set;
import javax.jcr.RepositoryException;
import org.apache.commons.httpclient.Cookie;
import org.apache.commons.lang.StringUtils;
import org.jahia.bin.Jahia;
import org.jahia.exceptions.JahiaException;
import org.jahia.params.valves.CookieAuthConfig;
import org.jahia.registries.ServicesRegistry;
import org.jahia.services.SpringContextSingleton;
import org.jahia.services.content.JCRNodeWrapper;
import org.jahia.services.content.JCRPublicationService;
import org.jahia.services.content.JCRSessionFactory;
import org.jahia.services.content.JCRSessionWrapper;
import org.jahia.services.sites.JahiaSite;
import org.jahia.services.usermanager.JahiaUserManagerService;
import org.jahia.test.JahiaTestCase;
import org.jahia.test.TestHelper;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import shaded.org.apache.http.HttpStatus;
import shaded.org.apache.http.cookie.SM;

/* loaded from: input_file:org/jahia/test/services/render/LoginPageHttpTest.class */
public class LoginPageHttpTest extends JahiaTestCase {
    private static Logger logger = LoggerFactory.getLogger(LoginPageHttpTest.class);
    private static final String PASSWORD = "password";
    private static final String SITE_NAME = "loginPageHttpTest";
    private static final String SITE_PATH = "/sites/loginPageHttpTest";
    private static final String USERNAME = "loginPageHttpTestUser";
    private static final String LOGIN_URL_FORMAT = "/cms/login?username=%s&password=%s&redirect=%s";
    private static final String ABOUT_US_TITLE = "<title>About Us</title>";
    private static final String LOGIN_FORM_NAME_LOCATOR = "name=\"loginForm\"";
    private static String aboutUsPageUrl;

    @BeforeClass
    public static void oneTimeSetUp() throws RepositoryException, IOException, JahiaException {
        JahiaSite createSite = TestHelper.createSite(SITE_NAME);
        Assert.assertNotNull(createSite);
        JCRPublicationService jCRPublicationService = ServicesRegistry.getInstance().getJCRPublicationService();
        JCRSessionWrapper currentUserSession = JCRSessionFactory.getInstance().getCurrentUserSession();
        Properties properties = new Properties();
        properties.setProperty("j:firstName", "John");
        properties.setProperty("j:lastName", "Doe");
        ServicesRegistry.getInstance().getJahiaUserManagerService().createUser(USERNAME, "password", properties, currentUserSession);
        currentUserSession.getNode("/sites/" + createSite.getSiteKey()).denyRoles("u:guest", Collections.singleton("reader"));
        currentUserSession.save();
        jCRPublicationService.publishByMainId(currentUserSession.getNode(SITE_PATH).getIdentifier(), "default", "live", (Set) null, true, (List) null);
        JCRSessionWrapper currentUserSession2 = JCRSessionFactory.getInstance().getCurrentUserSession((String) null, Locale.ENGLISH);
        JCRNodeWrapper addNode = currentUserSession2.getNode("/sites/loginPageHttpTest/home").addNode("about-us", "jnt:page");
        addNode.setProperty("j:templateName", "simple");
        addNode.setProperty("jcr:title", "About Us");
        currentUserSession2.save();
        jCRPublicationService.publishByMainId(currentUserSession2.getNode(SITE_PATH).getIdentifier(), "default", "live", (Set) null, true, (List) null);
        aboutUsPageUrl = "/cms/render/live/en/sites/loginPageHttpTest/home/about-us.html";
    }

    @AfterClass
    public static void oneTimeTearDown() throws RepositoryException {
        try {
            TestHelper.deleteSite(SITE_NAME);
        } catch (Exception e) {
            logger.warn("Exception during test oneTimeTearDown", e);
        }
        JahiaUserManagerService jahiaUserManagerService = ServicesRegistry.getInstance().getJahiaUserManagerService();
        JCRSessionWrapper currentUserSession = JCRSessionFactory.getInstance().getCurrentUserSession();
        jahiaUserManagerService.deleteUser(jahiaUserManagerService.lookupUser(USERNAME).getPath(), currentUserSession);
        currentUserSession.save();
    }

    protected Cookie getCookie(String str) {
        for (Cookie cookie : getHttpClient().getState().getCookies()) {
            if (str.equals(cookie.getName())) {
                return cookie;
            }
        }
        return null;
    }

    @After
    public void tearDown() throws IOException {
        logout();
    }

    @Test
    public void testInvalidPassword() {
        String asText = getAsText(String.format(LOGIN_URL_FORMAT, USERNAME, "password_invalid", Jahia.getContextPath() + aboutUsPageUrl));
        Assert.assertTrue("Should see a login page with invalid password error", asText.contains(LOGIN_FORM_NAME_LOCATOR) && asText.contains("Invalid username/password"));
    }

    @Test
    public void testNoGuestAccess() {
        Assert.assertTrue("Guest can access the home page, which should not be the case", getAsText(aboutUsPageUrl, HttpStatus.SC_UNAUTHORIZED).contains(LOGIN_FORM_NAME_LOCATOR));
    }

    @Test
    public void testNormalLogin() {
        Assert.assertTrue("After normal login the user should see the About Us page", getAsText(String.format(LOGIN_URL_FORMAT, USERNAME, "password", Jahia.getContextPath() + aboutUsPageUrl)).contains(ABOUT_US_TITLE));
    }

    @Test
    public void testRememberMe() {
        CookieAuthConfig cookieAuthConfig = (CookieAuthConfig) SpringContextSingleton.getBean("cookieAuthConfig");
        HashMap hashMap = new HashMap();
        getAsText("/cms/login?username=loginPageHttpTestUser&password=password&restMode=true&useCookie=on", null, HttpStatus.SC_OK, hashMap);
        String cookieName = cookieAuthConfig.getCookieName();
        List<String> list = hashMap.get(SM.SET_COOKIE);
        Iterator it = list != null ? Iterables.filter(list, Predicates.containsPattern(cookieName + "=")).iterator() : null;
        Assert.assertTrue("The response header should contain the corresponding remember me cookie " + cookieName, it != null && it.hasNext());
        String substringBetween = StringUtils.substringBetween((String) it.next(), cookieName + "=", ";");
        Cookie cookie = getCookie(cookieName);
        Assert.assertNotNull("Remember me cookie is not present in HTTP client state", cookie);
        Assert.assertEquals("Remember me cookie has wrong value in HTTP client state", substringBetween, cookie.getValue());
        Assert.assertTrue("After normal login the user should see the About Us page", getAsText(aboutUsPageUrl).contains(ABOUT_US_TITLE));
        getHttpClient().getState().clearCookies();
        Assert.assertTrue("Guest can access the home page, which should not be the case", getAsText(aboutUsPageUrl, HttpStatus.SC_UNAUTHORIZED).contains(LOGIN_FORM_NAME_LOCATOR));
        getHttpClient().getState().addCookie(cookie);
        Assert.assertTrue("With a remember me cookie the login should be done automatically and the user should see the About Us page", getAsText(aboutUsPageUrl).contains(ABOUT_US_TITLE));
    }

    @Test
    public void testRootLogin() {
        String asText = getAsText(String.format(LOGIN_URL_FORMAT, JahiaTestCase.getRootUserCredentials().getUserID(), new String(JahiaTestCase.getRootUserCredentials().getPassword()), Jahia.getContextPath() + "/cms/admin/default/en/settings.aboutJahia.html"));
        Assert.assertTrue("After login the root user should see the about page in the administration", asText.contains("<title>settings</title>") && asText.contains("template=\"aboutJahia\""));
    }

    @Test
    public void testXssOnRedirect() {
        Assert.assertFalse("<script> element should not be in the page output", getAsText("/cms/login?redirect=%2fsites%2fwhatever%22%3C%2Fscript%3E%3Cscript%3Ealert(%27xss%27)%3C%2Fscript%3E").contains("<script>alert('xss')</script>"));
    }
}
