package org.neo4j.server.security.enterprise.auth;

import java.util.Collections;
import org.hamcrest.Matchers;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;
import org.neo4j.kernel.api.security.AuthenticationResult;
import org.neo4j.kernel.api.security.exception.InvalidArgumentsException;
import org.neo4j.server.security.auth.AuthenticationStrategy;
import org.neo4j.server.security.auth.Credential;
import org.neo4j.server.security.auth.InMemoryUserRepository;
import org.neo4j.server.security.auth.PasswordPolicy;
import org.neo4j.server.security.auth.SecurityTestUtils;
import org.neo4j.server.security.auth.User;

/* loaded from: input_file:org/neo4j/server/security/enterprise/auth/MultiRealmAuthManagerTest.class */
public class MultiRealmAuthManagerTest {
    private InMemoryUserRepository users;
    private InMemoryRoleRepository roles;
    private AuthenticationStrategy authStrategy;
    private PasswordPolicy passwordPolicy;
    private InternalFlatFileRealm internalFlatFileRealm;
    private MultiRealmAuthManager manager;
    private EnterpriseUserManager userManager;

    @Before
    public void setUp() throws Throwable {
        this.users = new InMemoryUserRepository();
        this.roles = new InMemoryRoleRepository();
        this.authStrategy = (AuthenticationStrategy) Mockito.mock(AuthenticationStrategy.class);
        this.passwordPolicy = (PasswordPolicy) Mockito.mock(PasswordPolicy.class);
        this.internalFlatFileRealm = new InternalFlatFileRealm(this.users, this.roles, this.passwordPolicy, this.authStrategy);
        this.manager = new MultiRealmAuthManager(this.internalFlatFileRealm, Collections.singleton(this.internalFlatFileRealm));
        this.manager.init();
        this.userManager = this.manager.getUserManager();
    }

    @After
    public void tearDown() throws Throwable {
        this.manager.stop();
        this.manager.shutdown();
    }

    @Test
    public void shouldCreateDefaultUserIfNoneExist() throws Throwable {
        this.manager.start();
        User userByName = this.users.getUserByName("neo4j");
        Assert.assertNotNull(userByName);
        Assert.assertTrue(userByName.credentials().matchesPassword("neo4j"));
        Assert.assertTrue(userByName.passwordChangeRequired());
    }

    @Test
    public void shouldFindAndAuthenticateUserSuccessfully() throws Throwable {
        this.users.create(newUser("jake", "abc123", false));
        this.manager.start();
        setMockAuthenticationStrategyResult("jake", "abc123", AuthenticationResult.SUCCESS);
        Assert.assertThat(this.manager.login(SecurityTestUtils.authToken("jake", "abc123")).getAuthenticationResult(), Matchers.equalTo(AuthenticationResult.SUCCESS));
    }

    @Test
    public void shouldFindAndAuthenticateUserAndReturnAuthStrategyResult() throws Throwable {
        this.users.create(newUser("jake", "abc123", true));
        this.manager.start();
        setMockAuthenticationStrategyResult("jake", "abc123", AuthenticationResult.TOO_MANY_ATTEMPTS);
        Assert.assertThat(this.manager.login(SecurityTestUtils.authToken("jake", "abc123")).getAuthenticationResult(), Matchers.equalTo(AuthenticationResult.TOO_MANY_ATTEMPTS));
    }

    @Test
    public void shouldFindAndAuthenticateUserAndReturnPasswordChangeIfRequired() throws Throwable {
        this.users.create(newUser("jake", "abc123", true));
        this.manager.start();
        setMockAuthenticationStrategyResult("jake", "abc123", AuthenticationResult.SUCCESS);
        Assert.assertThat(this.manager.login(SecurityTestUtils.authToken("jake", "abc123")).getAuthenticationResult(), Matchers.equalTo(AuthenticationResult.PASSWORD_CHANGE_REQUIRED));
    }

    @Test
    public void shouldFailAuthenticationIfUserIsNotFound() throws Throwable {
        this.manager.start();
        Assert.assertThat(this.manager.login(SecurityTestUtils.authToken("unknown", "abc123")).getAuthenticationResult(), Matchers.equalTo(AuthenticationResult.FAILURE));
    }

    @Test
    public void shouldCreateUser() throws Throwable {
        this.manager.start();
        this.userManager.newUser("foo", "bar", true);
        User userByName = this.users.getUserByName("foo");
        Assert.assertNotNull(userByName);
        Assert.assertTrue(userByName.passwordChangeRequired());
        Assert.assertTrue(userByName.credentials().matchesPassword("bar"));
    }

    @Test
    public void shouldDeleteUser() throws Throwable {
        User newUser = newUser("jake", "abc123", true);
        User newUser2 = newUser("craig", "321cba", true);
        this.users.create(newUser);
        this.users.create(newUser2);
        this.manager.start();
        this.userManager.deleteUser("jake");
        Assert.assertNull(this.users.getUserByName("jake"));
        Assert.assertNotNull(this.users.getUserByName("craig"));
    }

    @Test
    public void shouldFailDeletingUnknownUser() throws Throwable {
        this.users.create(newUser("jake", "abc123", true));
        this.manager.start();
        try {
            this.userManager.deleteUser("unknown");
            Assert.fail("Should throw exception on deleting unknown user");
        } catch (InvalidArgumentsException e) {
            e.getMessage().equals("User 'unknown' does not exist");
        }
        Assert.assertNotNull(this.users.getUserByName("jake"));
    }

    @Test
    public void shouldSuspendExistingUser() throws Throwable {
        this.users.create(newUser("jake", "abc123", true));
        this.manager.start();
        this.userManager.suspendUser("jake");
        setMockAuthenticationStrategyResult("jake", "abc123", AuthenticationResult.SUCCESS);
        Assert.assertThat(this.manager.login(SecurityTestUtils.authToken("jake", "abc123")).getAuthenticationResult(), Matchers.equalTo(AuthenticationResult.FAILURE));
    }

    @Test
    public void shouldActivateExistingUser() throws Throwable {
        this.users.create(newUser("jake", "abc123", false));
        this.manager.start();
        this.userManager.suspendUser("jake");
        this.userManager.activateUser("jake", false);
        setMockAuthenticationStrategyResult("jake", "abc123", AuthenticationResult.SUCCESS);
        Assert.assertThat(this.manager.login(SecurityTestUtils.authToken("jake", "abc123")).getAuthenticationResult(), Matchers.equalTo(AuthenticationResult.SUCCESS));
    }

    @Test
    public void shouldSuspendSuspendedUser() throws Throwable {
        this.users.create(newUser("jake", "abc123", false));
        this.manager.start();
        this.userManager.suspendUser("jake");
        this.userManager.suspendUser("jake");
        setMockAuthenticationStrategyResult("jake", "abc123", AuthenticationResult.SUCCESS);
        Assert.assertThat(this.manager.login(SecurityTestUtils.authToken("jake", "abc123")).getAuthenticationResult(), Matchers.equalTo(AuthenticationResult.FAILURE));
    }

    @Test
    public void shouldActivateActiveUser() throws Throwable {
        User newUser = newUser("jake", "abc123", false);
        this.users.create(newUser);
        this.manager.start();
        Mockito.when(this.authStrategy.authenticate(newUser, "abc123")).thenReturn(AuthenticationResult.SUCCESS);
        this.userManager.activateUser("jake", false);
        setMockAuthenticationStrategyResult("jake", "abc123", AuthenticationResult.SUCCESS);
        Assert.assertThat(this.manager.login(SecurityTestUtils.authToken("jake", "abc123")).getAuthenticationResult(), Matchers.equalTo(AuthenticationResult.SUCCESS));
    }

    @Test
    public void shouldFailToSuspendNonExistingUser() throws Throwable {
        this.manager.start();
        try {
            this.userManager.suspendUser("jake");
            Assert.fail("Should throw exception on suspending unknown user");
        } catch (InvalidArgumentsException e) {
            Assert.assertThat(e.getMessage(), Matchers.containsString("User 'jake' does not exist"));
        }
    }

    @Test
    public void shouldFailToActivateNonExistingUser() throws Throwable {
        this.manager.start();
        try {
            this.userManager.activateUser("jake", false);
            Assert.fail("Should throw exception on activating unknown user");
        } catch (InvalidArgumentsException e) {
            Assert.assertThat(e.getMessage(), Matchers.containsString("User 'jake' does not exist"));
        }
    }

    @Test
    public void shouldSetPassword() throws Throwable {
        this.users.create(newUser("jake", "abc123", true));
        this.manager.start();
        this.userManager.setUserPassword("jake", "hello, world!", false);
        User user = this.userManager.getUser("jake");
        Assert.assertTrue(user.credentials().matchesPassword("hello, world!"));
        Assert.assertThat(this.users.getUserByName("jake"), Matchers.equalTo(user));
    }

    @Test
    public void shouldSetPasswordThroughAuthSubject() throws Throwable {
        this.users.create(newUser("neo", "abc123", true));
        this.manager.start();
        setMockAuthenticationStrategyResult("neo", "abc123", AuthenticationResult.SUCCESS);
        EnterpriseAuthSubject login = this.manager.login(SecurityTestUtils.authToken("neo", "abc123"));
        Assert.assertThat(login.getAuthenticationResult(), Matchers.equalTo(AuthenticationResult.PASSWORD_CHANGE_REQUIRED));
        login.setPassword("hello, world!", false);
        setMockAuthenticationStrategyResult("neo", "hello, world!", AuthenticationResult.SUCCESS);
        User user = this.userManager.getUser("neo");
        Assert.assertTrue(user.credentials().matchesPassword("hello, world!"));
        Assert.assertThat(this.users.getUserByName("neo"), Matchers.equalTo(user));
        login.logout();
        Assert.assertThat(this.manager.login(SecurityTestUtils.authToken("neo", "hello, world!")).getAuthenticationResult(), Matchers.equalTo(AuthenticationResult.SUCCESS));
    }

    @Test
    public void shouldNotRequestPasswordChangeWithInvalidCredentials() throws Throwable {
        this.users.create(newUser("neo", "abc123", true));
        this.manager.start();
        setMockAuthenticationStrategyResult("neo", "abc123", AuthenticationResult.SUCCESS);
        setMockAuthenticationStrategyResult("neo", "wrong", AuthenticationResult.FAILURE);
        Assert.assertThat(this.manager.login(SecurityTestUtils.authToken("neo", "wrong")).getAuthenticationResult(), Matchers.equalTo(AuthenticationResult.FAILURE));
    }

    @Test
    public void shouldReturnNullWhenSettingPasswordForUnknownUser() throws Throwable {
        this.manager.start();
        try {
            this.userManager.setUserPassword("unknown", "hello, world!", false);
            Assert.fail("exception expected");
        } catch (InvalidArgumentsException e) {
        }
    }

    private void createTestUsers() throws Throwable {
        this.userManager.newUser("morpheus", "abc123", false);
        this.userManager.newRole("admin", new String[]{"morpheus"});
        setMockAuthenticationStrategyResult("morpheus", "abc123", AuthenticationResult.SUCCESS);
        this.userManager.newUser("trinity", "abc123", false);
        this.userManager.newRole("architect", new String[]{"trinity"});
        setMockAuthenticationStrategyResult("trinity", "abc123", AuthenticationResult.SUCCESS);
        this.userManager.newUser("tank", "abc123", false);
        this.userManager.newRole("publisher", new String[]{"tank"});
        setMockAuthenticationStrategyResult("tank", "abc123", AuthenticationResult.SUCCESS);
        this.userManager.newUser("neo", "abc123", false);
        this.userManager.newRole("reader", new String[]{"neo"});
        setMockAuthenticationStrategyResult("neo", "abc123", AuthenticationResult.SUCCESS);
        this.userManager.newUser("smith", "abc123", false);
        this.userManager.newRole("agent", new String[]{"smith"});
        setMockAuthenticationStrategyResult("smith", "abc123", AuthenticationResult.SUCCESS);
    }

    @Test
    public void defaultUserShouldHaveCorrectPermissions() throws Throwable {
        this.manager.start();
        setMockAuthenticationStrategyResult("neo4j", "neo4j", AuthenticationResult.SUCCESS);
        EnterpriseAuthSubject login = this.manager.login(SecurityTestUtils.authToken("neo4j", "neo4j"));
        this.userManager.setUserPassword("neo4j", "1234", false);
        login.logout();
        setMockAuthenticationStrategyResult("neo4j", "1234", AuthenticationResult.SUCCESS);
        EnterpriseAuthSubject login2 = this.manager.login(SecurityTestUtils.authToken("neo4j", "1234"));
        Assert.assertTrue(login2.allowsReads());
        Assert.assertTrue(login2.allowsWrites());
        Assert.assertTrue(login2.allowsSchemaWrites());
    }

    @Test
    public void userWithAdminRoleShouldHaveCorrectPermissions() throws Throwable {
        createTestUsers();
        this.manager.start();
        EnterpriseAuthSubject login = this.manager.login(SecurityTestUtils.authToken("morpheus", "abc123"));
        Assert.assertTrue(login.allowsReads());
        Assert.assertTrue(login.allowsWrites());
        Assert.assertTrue(login.allowsSchemaWrites());
    }

    @Test
    public void userWithArchitectRoleShouldHaveCorrectPermissions() throws Throwable {
        createTestUsers();
        this.manager.start();
        EnterpriseAuthSubject login = this.manager.login(SecurityTestUtils.authToken("trinity", "abc123"));
        Assert.assertTrue(login.allowsReads());
        Assert.assertTrue(login.allowsWrites());
        Assert.assertTrue(login.allowsSchemaWrites());
    }

    @Test
    public void userWithPublisherRoleShouldHaveCorrectPermissions() throws Throwable {
        createTestUsers();
        this.manager.start();
        EnterpriseAuthSubject login = this.manager.login(SecurityTestUtils.authToken("tank", "abc123"));
        Assert.assertTrue("should allow reads", login.allowsReads());
        Assert.assertTrue("should allow writes", login.allowsWrites());
        Assert.assertFalse("should _not_ allow schema writes", login.allowsSchemaWrites());
    }

    @Test
    public void userWithReaderRoleShouldHaveCorrectPermissions() throws Throwable {
        createTestUsers();
        this.manager.start();
        EnterpriseAuthSubject login = this.manager.login(SecurityTestUtils.authToken("neo", "abc123"));
        Assert.assertTrue(login.allowsReads());
        Assert.assertFalse(login.allowsWrites());
        Assert.assertFalse(login.allowsSchemaWrites());
    }

    @Test
    public void userWithNonPredefinedRoleShouldHaveNoPermissions() throws Throwable {
        createTestUsers();
        this.manager.start();
        EnterpriseAuthSubject login = this.manager.login(SecurityTestUtils.authToken("smith", "abc123"));
        Assert.assertFalse(login.allowsReads());
        Assert.assertFalse(login.allowsWrites());
        Assert.assertFalse(login.allowsSchemaWrites());
    }

    @Test
    public void shouldHaveNoPermissionsAfterLogout() throws Throwable {
        createTestUsers();
        this.manager.start();
        EnterpriseAuthSubject login = this.manager.login(SecurityTestUtils.authToken("morpheus", "abc123"));
        Assert.assertTrue(login.allowsReads());
        Assert.assertTrue(login.allowsWrites());
        Assert.assertTrue(login.allowsSchemaWrites());
        login.logout();
        Assert.assertFalse(login.allowsReads());
        Assert.assertFalse(login.allowsWrites());
        Assert.assertFalse(login.allowsSchemaWrites());
    }

    private User newUser(String str, String str2, boolean z) {
        return new User.Builder(str, Credential.forPassword(str2)).withRequiredPasswordChange(z).build();
    }

    private void setMockAuthenticationStrategyResult(String str, String str2, AuthenticationResult authenticationResult) {
        Mockito.when(this.authStrategy.authenticate(this.users.getUserByName(str), str2)).thenReturn(authenticationResult);
    }
}
