package org.graylog2.migrations;

import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.mongodb.DuplicateKeyException;
import java.util.Collections;
import java.util.Set;
import org.assertj.core.api.Assertions;
import org.graylog.testing.TestUserService;
import org.graylog.testing.mongodb.MongoDBFixtures;
import org.graylog.testing.mongodb.MongoDBInstance;
import org.graylog2.database.NotFoundException;
import org.graylog2.plugin.cluster.ClusterConfigService;
import org.graylog2.plugin.database.ValidationException;
import org.graylog2.plugin.database.users.User;
import org.graylog2.rest.resources.users.UsersResourceTest;
import org.graylog2.security.PasswordAlgorithmFactory;
import org.graylog2.security.hashing.BCryptPasswordAlgorithm;
import org.graylog2.shared.security.Permissions;
import org.graylog2.shared.users.Role;
import org.graylog2.shared.users.UserService;
import org.graylog2.users.RoleService;
import org.graylog2.users.UserImpl;
import org.graylog2.users.UserServiceImpl;
import org.joda.time.DateTimeZone;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.mockito.ArgumentCaptor;
import org.mockito.ArgumentMatchers;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.junit.MockitoJUnit;
import org.mockito.junit.MockitoRule;

/* loaded from: input_file:org/graylog2/migrations/MigrationHelpersTest.class */
public class MigrationHelpersTest {

    @Rule
    public final MockitoRule mockitoRule = MockitoJUnit.rule();

    @Rule
    public final MongoDBInstance mongodb = MongoDBInstance.createForClass();

    @Mock
    public UserService userService;

    @Mock
    public RoleService roleService;
    private MigrationHelpers migrationHelpers;

    @Before
    public void setUp() throws Exception {
        this.migrationHelpers = new MigrationHelpers(this.roleService, this.userService);
    }

    @Test
    public void ensureBuiltinRole() throws Exception {
        Role role = (Role) Mockito.mock(Role.class);
        Mockito.when(role.getId()).thenReturn("new-id");
        Mockito.when(this.roleService.load("test-role")).thenThrow(NotFoundException.class);
        Mockito.when(this.roleService.save((Role) ArgumentMatchers.any(Role.class))).thenReturn(role);
        Assertions.assertThat(this.migrationHelpers.ensureBuiltinRole("test-role", "description", ImmutableSet.of("a", "b"))).isEqualTo("new-id");
        ArgumentCaptor forClass = ArgumentCaptor.forClass(Role.class);
        ((RoleService) Mockito.verify(this.roleService, Mockito.times(1))).save((Role) forClass.capture());
        Assertions.assertThat((Role) forClass.getValue()).satisfies(role2 -> {
            Assertions.assertThat(role2.getName()).describedAs("role name", new Object[0]).isEqualTo("test-role");
            Assertions.assertThat(role2.getDescription()).describedAs("role description", new Object[0]).isEqualTo("description");
            Assertions.assertThat(role2.isReadOnly()).describedAs("role is read-only", new Object[0]).isTrue();
            Assertions.assertThat(role2.getPermissions()).describedAs("role permissions", new Object[0]).containsOnly(new String[]{"a", "b"});
        });
    }

    @Test
    public void ensureBuiltinRoleWithoutReadOnly() throws Exception {
        Role role = (Role) Mockito.mock(Role.class);
        Mockito.when(role.getId()).thenReturn("new-id");
        Mockito.when(Boolean.valueOf(role.isReadOnly())).thenReturn(false);
        Mockito.when(this.roleService.load("test-role")).thenReturn(role);
        Mockito.when(this.roleService.save((Role) ArgumentMatchers.any(Role.class))).thenReturn(role);
        Assertions.assertThat(this.migrationHelpers.ensureBuiltinRole("test-role", "description", ImmutableSet.of("a", "b"))).isEqualTo("new-id");
        ArgumentCaptor forClass = ArgumentCaptor.forClass(Role.class);
        ((RoleService) Mockito.verify(this.roleService, Mockito.times(1))).save((Role) forClass.capture());
        Assertions.assertThat((Role) forClass.getValue()).satisfies(role2 -> {
            Assertions.assertThat(role2.getName()).describedAs("role name", new Object[0]).isEqualTo("test-role");
            Assertions.assertThat(role2.getDescription()).describedAs("role description", new Object[0]).isEqualTo("description");
            Assertions.assertThat(role2.isReadOnly()).describedAs("role is read-only", new Object[0]).isTrue();
            Assertions.assertThat(role2.getPermissions()).describedAs("role permissions", new Object[0]).containsOnly(new String[]{"a", "b"});
        });
    }

    @Test
    public void ensureBuiltinRoleWithInvalidPermissions() throws Exception {
        Role role = (Role) Mockito.mock(Role.class);
        Mockito.when(role.getId()).thenReturn("new-id");
        Mockito.when(Boolean.valueOf(role.isReadOnly())).thenReturn(true);
        Mockito.when(role.getPermissions()).thenReturn(ImmutableSet.of("a"));
        Mockito.when(this.roleService.load("test-role")).thenReturn(role);
        Mockito.when(this.roleService.save((Role) ArgumentMatchers.any(Role.class))).thenReturn(role);
        Assertions.assertThat(this.migrationHelpers.ensureBuiltinRole("test-role", "description", ImmutableSet.of("a", "b"))).isEqualTo("new-id");
        ArgumentCaptor forClass = ArgumentCaptor.forClass(Role.class);
        ((RoleService) Mockito.verify(this.roleService, Mockito.times(1))).save((Role) forClass.capture());
        Assertions.assertThat((Role) forClass.getValue()).satisfies(role2 -> {
            Assertions.assertThat(role2.getName()).describedAs("role name", new Object[0]).isEqualTo("test-role");
            Assertions.assertThat(role2.getDescription()).describedAs("role description", new Object[0]).isEqualTo("description");
            Assertions.assertThat(role2.isReadOnly()).describedAs("role is read-only", new Object[0]).isTrue();
            Assertions.assertThat(role2.getPermissions()).describedAs("role permissions", new Object[0]).containsOnly(new String[]{"a", "b"});
        });
    }

    @Test
    public void ensureBuiltinRoleExists() throws Exception {
        Role role = (Role) Mockito.mock(Role.class);
        Mockito.when(role.getId()).thenReturn("new-id");
        Mockito.when(Boolean.valueOf(role.isReadOnly())).thenReturn(true);
        Mockito.when(role.getPermissions()).thenReturn(ImmutableSet.of("a", "b"));
        Mockito.when(this.roleService.load("test-role")).thenReturn(role);
        Assertions.assertThat(this.migrationHelpers.ensureBuiltinRole("test-role", "description", ImmutableSet.of("a", "b"))).isEqualTo("new-id");
        ((RoleService) Mockito.verify(this.roleService, Mockito.never())).save((Role) ArgumentMatchers.any());
    }

    @Test
    public void ensureBuiltinRoleWithSaveError() throws Exception {
        Mockito.when(this.roleService.load("test-role")).thenThrow(NotFoundException.class);
        Mockito.when(this.roleService.save((Role) ArgumentMatchers.any(Role.class))).thenThrow(DuplicateKeyException.class);
        Assertions.assertThat(this.migrationHelpers.ensureBuiltinRole("test-role", "description", ImmutableSet.of("a", "b"))).isNull();
    }

    @Test
    public void ensureUser() throws Exception {
        Permissions permissions = new Permissions(ImmutableSet.of());
        Mockito.when(this.userService.load("test-user")).thenReturn((Object) null);
        Mockito.when(this.userService.create()).thenReturn(newUser(permissions));
        Mockito.when(this.userService.save((User) ArgumentMatchers.any(User.class))).thenReturn("new-id");
        Assertions.assertThat(this.migrationHelpers.ensureUser("test-user", "pass", "Test", "User", "test@example.com", ImmutableSet.of("54e3deadbeefdeadbeef0001", "54e3deadbeefdeadbeef0002"))).isEqualTo("new-id");
        ArgumentCaptor forClass = ArgumentCaptor.forClass(User.class);
        ((UserService) Mockito.verify(this.userService, Mockito.times(1))).save((User) forClass.capture());
        Assertions.assertThat((User) forClass.getValue()).satisfies(user -> {
            Assertions.assertThat(user.getName()).describedAs("user name", new Object[0]).isEqualTo("test-user");
            Assertions.assertThat(user.getFullName()).describedAs("user full-name", new Object[0]).isEqualTo("Test User");
            Assertions.assertThat(user.getHashedPassword()).describedAs("user hashed password", new Object[0]).isNotBlank();
            Assertions.assertThat(user.getEmail()).describedAs("user email", new Object[0]).isEqualTo("test@example.com");
            Assertions.assertThat(user.isReadOnly()).describedAs("user is read-only", new Object[0]).isFalse();
            Assertions.assertThat(user.getPermissions()).describedAs("user permissions", new Object[0]).containsOnlyElementsOf(permissions.userSelfEditPermissions("test-user"));
            Assertions.assertThat(user.getRoleIds()).describedAs("user roles", new Object[0]).containsOnly(new String[]{"54e3deadbeefdeadbeef0001", "54e3deadbeefdeadbeef0002"});
            Assertions.assertThat(user.getTimeZone()).describedAs("user timezone", new Object[0]).isEqualTo(DateTimeZone.UTC);
        });
    }

    @Test
    public void ensureUserWithoutExpectedRoles() throws Exception {
        Permissions permissions = new Permissions(ImmutableSet.of());
        User newUser = newUser(permissions);
        newUser.setName("test-user");
        newUser.setFirstLastFullNames("Test", "User");
        newUser.setPassword(UsersResourceTest.PASSWORD);
        newUser.setEmail("test@example.com");
        newUser.setTimeZone(DateTimeZone.UTC);
        newUser.setRoleIds(ImmutableSet.of());
        Mockito.when(this.userService.load("test-user")).thenReturn(newUser);
        Mockito.when(this.userService.save((User) ArgumentMatchers.any(User.class))).thenReturn("new-id");
        Assertions.assertThat(this.migrationHelpers.ensureUser("test-user", "pass", "Test", "User", "test@example.com", ImmutableSet.of("54e3deadbeefdeadbeef0001", "54e3deadbeefdeadbeef0002"))).isEqualTo("new-id");
        ArgumentCaptor forClass = ArgumentCaptor.forClass(User.class);
        ((UserService) Mockito.verify(this.userService, Mockito.times(1))).save((User) forClass.capture());
        Assertions.assertThat((User) forClass.getValue()).satisfies(user -> {
            Assertions.assertThat(user.getName()).describedAs("user name", new Object[0]).isEqualTo("test-user");
            Assertions.assertThat(user.getFullName()).describedAs("user full-name", new Object[0]).isEqualTo("Test User");
            Assertions.assertThat(user.getHashedPassword()).describedAs("user hashed password", new Object[0]).isNotBlank();
            Assertions.assertThat(user.getEmail()).describedAs("user email", new Object[0]).isEqualTo("test@example.com");
            Assertions.assertThat(user.isReadOnly()).describedAs("user is read-only", new Object[0]).isFalse();
            Assertions.assertThat(user.getPermissions()).describedAs("user permissions", new Object[0]).containsOnlyElementsOf(permissions.userSelfEditPermissions("test-user"));
            Assertions.assertThat(user.getRoleIds()).describedAs("user roles", new Object[0]).containsOnly(new String[]{"54e3deadbeefdeadbeef0001", "54e3deadbeefdeadbeef0002"});
            Assertions.assertThat(user.getTimeZone()).describedAs("user timezone", new Object[0]).isEqualTo(DateTimeZone.UTC);
        });
    }

    @Test
    public void ensureUserWithSaveError() throws Exception {
        Permissions permissions = new Permissions(ImmutableSet.of());
        Mockito.when(this.userService.load("test-user")).thenReturn((Object) null);
        Mockito.when(this.userService.create()).thenReturn(newUser(permissions));
        Mockito.when(this.userService.save((User) ArgumentMatchers.any(User.class))).thenThrow(ValidationException.class);
        Assertions.assertThat(this.migrationHelpers.ensureUser("test-user", "pass", "Test", "User", "test@example.com", ImmutableSet.of("54e3deadbeefdeadbeef0001", "54e3deadbeefdeadbeef0002"))).isNull();
    }

    @Test
    @MongoDBFixtures({"duplicated-users.json"})
    public void ensureUserWithDuplicates() throws ValidationException {
        TestUserService testUserService = new TestUserService(this.mongodb.mongoConnection());
        this.migrationHelpers = new MigrationHelpers(this.roleService, testUserService);
        Assertions.assertThat(testUserService.loadAll()).hasSize(2);
        Assertions.assertThatThrownBy(() -> {
            testUserService.load("test-user");
        }).isInstanceOf(UserServiceImpl.DuplicateUserException.class);
        Assertions.assertThat(this.migrationHelpers.ensureUser("test-user", "pass", "Test", "User", "test@example.com", Set.of())).isEqualTo("5b8e4ef17ad37b64ee87eb57");
        Assertions.assertThat(testUserService.load("test-user")).isNotNull();
        Assertions.assertThat(testUserService.loadAll()).hasSize(2);
    }

    private User newUser(Permissions permissions) {
        return new UserImpl(new PasswordAlgorithmFactory(Collections.emptyMap(), new BCryptPasswordAlgorithm(10)), permissions, (ClusterConfigService) Mockito.mock(ClusterConfigService.class), ImmutableMap.of());
    }
}
