package org.apereo.cas.support.rest;

import java.util.List;
import java.util.Optional;
import javax.security.auth.login.FailedLoginException;
import javax.servlet.http.HttpServletRequest;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationException;
import org.apereo.cas.authentication.AuthenticationResult;
import org.apereo.cas.authentication.AuthenticationResultBuilder;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.DefaultAuthenticationResultBuilder;
import org.apereo.cas.authentication.MultifactorAuthenticationProvider;
import org.apereo.cas.authentication.MultifactorAuthenticationTriggerSelectionStrategy;
import org.apereo.cas.authentication.credential.UsernamePasswordCredential;
import org.apereo.cas.authentication.mfa.TestMultifactorAuthenticationProvider;
import org.apereo.cas.authentication.principal.DefaultPrincipalElectionStrategy;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.authentication.principal.WebApplicationServiceFactory;
import org.apereo.cas.rest.authentication.DefaultRestAuthenticationService;
import org.apereo.cas.rest.factory.DefaultUserAuthenticationResourceEntityResponseFactory;
import org.apereo.cas.rest.factory.UsernamePasswordRestHttpRequestCredentialFactory;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.rest.resources.UserAuthenticationResource;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.validation.AuthenticationContextValidationResult;
import org.apereo.cas.validation.RequestedAuthenticationContextValidator;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.junit.jupiter.MockitoExtension;
import org.springframework.context.support.GenericApplicationContext;
import org.springframework.http.MediaType;
import org.springframework.test.annotation.DirtiesContext;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import org.springframework.test.web.servlet.result.MockMvcResultMatchers;
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
import org.springframework.util.MultiValueMap;

@Tag("RestfulApi")
@ExtendWith({MockitoExtension.class})
@DirtiesContext
/* loaded from: input_file:org/apereo/cas/support/rest/UserAuthenticationResourceTests.class */
public class UserAuthenticationResourceTests {
    private static final String TICKETS_RESOURCE_URL = "/cas/v1/users";

    @Mock
    private AuthenticationSystemSupport authenticationSupport;

    @Mock
    private ServicesManager servicesManager;

    @Mock
    private MultifactorAuthenticationTriggerSelectionStrategy multifactorTriggerSelectionStrategy;

    @Mock
    private RequestedAuthenticationContextValidator requestedContextValidator;

    @InjectMocks
    private UserAuthenticationResource userAuthenticationResource;
    private MockMvc mockMvc;

    @BeforeEach
    public void initialize() {
        this.userAuthenticationResource = new UserAuthenticationResource(new DefaultRestAuthenticationService(this.authenticationSupport, new UsernamePasswordRestHttpRequestCredentialFactory() { // from class: org.apereo.cas.support.rest.UserAuthenticationResourceTests.1
            public List<Credential> fromAuthentication(HttpServletRequest httpServletRequest, MultiValueMap<String, String> multiValueMap, Authentication authentication, MultifactorAuthenticationProvider multifactorAuthenticationProvider) {
                return multifactorAuthenticationProvider.getId().contains("unknown") ? List.of() : List.of(new UsernamePasswordCredential("mfa-user", "mfa-user"));
            }
        }, new WebApplicationServiceFactory(), this.multifactorTriggerSelectionStrategy, this.servicesManager, this.requestedContextValidator), new DefaultUserAuthenticationResourceEntityResponseFactory(), new GenericApplicationContext());
        this.mockMvc = MockMvcBuilders.standaloneSetup(new Object[]{this.userAuthenticationResource}).defaultRequest(MockMvcRequestBuilders.get("/", new Object[0]).contextPath("/cas").contentType(MediaType.APPLICATION_FORM_URLENCODED)).build();
    }

    @Test
    public void verifyAuthWithMfaFails() throws Exception {
        Mockito.when(this.authenticationSupport.handleInitialAuthenticationTransaction((Service) Mockito.any(), (Credential[]) Mockito.any())).thenReturn(new DefaultAuthenticationResultBuilder().collect(CoreAuthenticationTestUtils.getAuthentication()));
        Mockito.when(this.requestedContextValidator.validateAuthenticationContext((HttpServletRequest) Mockito.any(), (RegisteredService) Mockito.any(), (Authentication) Mockito.any(), (Service) Mockito.any())).thenReturn(AuthenticationContextValidationResult.builder().success(false).build());
        Mockito.when(this.multifactorTriggerSelectionStrategy.resolve((HttpServletRequest) Mockito.any(), (RegisteredService) Mockito.any(), (Authentication) Mockito.any(), (Service) Mockito.any())).thenReturn(Optional.of(new TestMultifactorAuthenticationProvider("mfa-unknown")));
        this.mockMvc.perform(MockMvcRequestBuilders.post(TICKETS_RESOURCE_URL, new Object[0]).param("username", new String[]{"casuser"}).param("password", new String[]{"Mellon"})).andExpect(MockMvcResultMatchers.status().is4xxClientError());
    }

    @Test
    public void verifyAuthWithMfa() throws Exception {
        AuthenticationResultBuilder collect = new DefaultAuthenticationResultBuilder().collect(CoreAuthenticationTestUtils.getAuthentication());
        Mockito.when(this.authenticationSupport.finalizeAuthenticationTransaction((Service) Mockito.any(), Mockito.anyCollection())).thenReturn(collect.build(new DefaultPrincipalElectionStrategy()));
        Mockito.when(this.authenticationSupport.handleInitialAuthenticationTransaction((Service) Mockito.any(), (Credential[]) Mockito.any())).thenReturn(collect);
        Mockito.when(this.requestedContextValidator.validateAuthenticationContext((HttpServletRequest) Mockito.any(), (RegisteredService) Mockito.any(), (Authentication) Mockito.any(), (Service) Mockito.any())).thenReturn(AuthenticationContextValidationResult.builder().success(false).build());
        Mockito.when(this.multifactorTriggerSelectionStrategy.resolve((HttpServletRequest) Mockito.any(), (RegisteredService) Mockito.any(), (Authentication) Mockito.any(), (Service) Mockito.any())).thenReturn(Optional.of(new TestMultifactorAuthenticationProvider()));
        this.mockMvc.perform(MockMvcRequestBuilders.post(TICKETS_RESOURCE_URL, new Object[0]).param("username", new String[]{"casuser"}).param("password", new String[]{"Mellon"})).andExpect(MockMvcResultMatchers.status().isOk());
    }

    @Test
    public void verifyStatus() throws Exception {
        AuthenticationResultBuilder collect = new DefaultAuthenticationResultBuilder().collect(CoreAuthenticationTestUtils.getAuthentication());
        AuthenticationResult build = collect.build(new DefaultPrincipalElectionStrategy());
        Mockito.when(this.authenticationSupport.finalizeAuthenticationTransaction((Service) Mockito.any(), Mockito.anyCollection())).thenReturn(build);
        Mockito.when(this.authenticationSupport.handleInitialAuthenticationTransaction((Service) Mockito.any(), (Credential[]) Mockito.any())).thenReturn(collect);
        Mockito.when(this.authenticationSupport.finalizeAllAuthenticationTransactions((AuthenticationResultBuilder) Mockito.any(), (Service) Mockito.any())).thenReturn(build);
        Mockito.when(this.requestedContextValidator.validateAuthenticationContext((HttpServletRequest) Mockito.any(), (RegisteredService) Mockito.any(), (Authentication) Mockito.any(), (Service) Mockito.any())).thenReturn(AuthenticationContextValidationResult.builder().success(false).build());
        Mockito.when(this.multifactorTriggerSelectionStrategy.resolve((HttpServletRequest) Mockito.any(), (RegisteredService) Mockito.any(), (Authentication) Mockito.any(), (Service) Mockito.any())).thenReturn(Optional.empty());
        this.mockMvc.perform(MockMvcRequestBuilders.post(TICKETS_RESOURCE_URL, new Object[0]).param("username", new String[]{"casuser"}).param("password", new String[]{"Mellon"})).andExpect(MockMvcResultMatchers.status().isOk());
    }

    @Test
    public void verifyStatusAuthnFails() throws Exception {
        this.mockMvc.perform(MockMvcRequestBuilders.post(TICKETS_RESOURCE_URL, new Object[0]).param("username", new String[]{"casuser"}).param("password", new String[]{"Mellon"})).andExpect(MockMvcResultMatchers.status().isInternalServerError());
    }

    @Test
    public void verifyBadRequest() throws Exception {
        this.mockMvc.perform(MockMvcRequestBuilders.post(TICKETS_RESOURCE_URL, new Object[0]).param("unknown-param", new String[]{"casuser"})).andExpect(MockMvcResultMatchers.status().is4xxClientError());
    }

    @Test
    public void verifyStatusAuthnException() throws Exception {
        Mockito.when(this.authenticationSupport.handleInitialAuthenticationTransaction((Service) Mockito.any(), (Credential[]) Mockito.any())).thenThrow(new Throwable[]{new AuthenticationException(CollectionUtils.wrap("error", new FailedLoginException()))});
        this.mockMvc.perform(MockMvcRequestBuilders.post(TICKETS_RESOURCE_URL, new Object[0]).param("username", new String[]{"casuser"}).param("password", new String[]{"Mellon"})).andExpect(MockMvcResultMatchers.status().isUnauthorized());
    }
}
