package org.neo4j.server.security.auth;

import org.hamcrest.Matchers;
import org.hamcrest.core.IsEqual;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;
import org.neo4j.helpers.collection.MapUtil;
import org.neo4j.internal.kernel.api.security.AuthenticationResult;
import org.neo4j.kernel.api.exceptions.InvalidArgumentsException;
import org.neo4j.kernel.api.security.AuthManager;
import org.neo4j.kernel.api.security.PasswordPolicy;
import org.neo4j.kernel.api.security.exception.InvalidAuthTokenException;
import org.neo4j.kernel.configuration.Config;
import org.neo4j.kernel.impl.security.User;
import org.neo4j.logging.NullLogProvider;

/* loaded from: input_file:org/neo4j/server/security/auth/BasicAuthManagerTest.class */
public class BasicAuthManagerTest extends InitialUserTest {
    private BasicAuthManager manager;
    private AuthenticationStrategy authStrategy = (AuthenticationStrategy) Mockito.mock(AuthenticationStrategy.class);

    @Before
    public void setup() throws Throwable {
        this.config = Config.defaults();
        this.users = CommunitySecurityModule.getUserRepository(this.config, NullLogProvider.getInstance(), this.fsRule.get());
        this.manager = new BasicAuthManager(this.users, (PasswordPolicy) Mockito.mock(PasswordPolicy.class), this.authStrategy, CommunitySecurityModule.getInitialUserRepository(this.config, NullLogProvider.getInstance(), this.fsRule.get()));
        this.manager.init();
    }

    @After
    public void teardown() throws Throwable {
        this.manager.stop();
    }

    @Test
    public void shouldFindAndAuthenticateUserSuccessfully() throws Throwable {
        this.manager.start();
        User newUser = newUser("jake", "abc123", false);
        this.users.create(newUser);
        Mockito.when(this.authStrategy.authenticate(newUser, "abc123")).thenReturn(AuthenticationResult.SUCCESS);
        assertLoginGivesResult("jake", "abc123", AuthenticationResult.SUCCESS);
    }

    @Test
    public void shouldFindAndAuthenticateUserAndReturnAuthStrategyResult() throws Throwable {
        this.manager.start();
        User newUser = newUser("jake", "abc123", true);
        this.users.create(newUser);
        Mockito.when(this.authStrategy.authenticate(newUser, "abc123")).thenReturn(AuthenticationResult.TOO_MANY_ATTEMPTS);
        assertLoginGivesResult("jake", "abc123", AuthenticationResult.TOO_MANY_ATTEMPTS);
    }

    @Test
    public void shouldFindAndAuthenticateUserAndReturnPasswordChangeIfRequired() throws Throwable {
        this.manager.start();
        User newUser = newUser("jake", "abc123", true);
        this.users.create(newUser);
        Mockito.when(this.authStrategy.authenticate(newUser, "abc123")).thenReturn(AuthenticationResult.SUCCESS);
        assertLoginGivesResult("jake", "abc123", AuthenticationResult.PASSWORD_CHANGE_REQUIRED);
    }

    @Test
    public void shouldFailAuthenticationIfUserIsNotFound() throws Throwable {
        this.manager.start();
        this.users.create(newUser("jake", "abc123", true));
        assertLoginGivesResult("unknown", "abc123", AuthenticationResult.FAILURE);
    }

    @Test
    public void shouldCreateUser() throws Throwable {
        this.manager.start();
        this.manager.newUser("foo", "bar", true);
        User userByName = this.users.getUserByName("foo");
        Assert.assertNotNull(userByName);
        Assert.assertTrue(userByName.passwordChangeRequired());
        Assert.assertTrue(userByName.credentials().matchesPassword("bar"));
    }

    @Test
    public void shouldDeleteUser() throws Throwable {
        this.manager.start();
        this.manager.newUser("jake", "abc123", true);
        this.manager.deleteUser("jake");
        Assert.assertNull(this.users.getUserByName("jake"));
    }

    @Test
    public void shouldFailToDeleteUnknownUser() throws Throwable {
        this.manager.start();
        this.manager.newUser("jake", "abc123", true);
        try {
            this.manager.deleteUser("nonExistentUser");
            Assert.fail("User 'nonExistentUser' should no longer exist, expected exception.");
        } catch (InvalidArgumentsException e) {
            Assert.assertThat(e.getMessage(), Matchers.containsString("User 'nonExistentUser' does not exist."));
        } catch (Throwable th) {
            Assert.assertThat(th.getClass(), IsEqual.equalTo(InvalidArgumentsException.class));
        }
        Assert.assertNotNull(this.users.getUserByName("jake"));
    }

    @Test
    public void shouldSetPassword() throws Throwable {
        this.manager.start();
        this.manager.newUser("jake", "abc123", true);
        this.manager.setUserPassword("jake", "hello, world!", false);
        User user = this.manager.getUser("jake");
        Assert.assertTrue(user.credentials().matchesPassword("hello, world!"));
        Assert.assertThat(this.users.getUserByName("jake"), Matchers.equalTo(user));
    }

    @Test
    public void shouldReturnNullWhenSettingPasswordForUnknownUser() throws Throwable {
        this.manager.start();
        try {
            this.manager.setUserPassword("unknown", "hello, world!", false);
            Assert.fail("exception expected");
        } catch (InvalidArgumentsException e) {
        }
    }

    @Test
    public void shouldFailWhenAuthTokenIsInvalid() throws Throwable {
        this.manager.start();
        org.neo4j.test.assertion.Assert.assertException(() -> {
            this.manager.login(MapUtil.map(new Object[]{"scheme", "supercool", "principal", "neo4j"}));
        }, InvalidAuthTokenException.class, "Unsupported authentication token, scheme 'supercool' is not supported.");
        org.neo4j.test.assertion.Assert.assertException(() -> {
            this.manager.login(MapUtil.map(new Object[]{"scheme", "none"}));
        }, InvalidAuthTokenException.class, "Unsupported authentication token, scheme 'none' is only allowed when auth is disabled");
        org.neo4j.test.assertion.Assert.assertException(() -> {
            this.manager.login(MapUtil.map(new Object[]{"key", "value"}));
        }, InvalidAuthTokenException.class, "Unsupported authentication token, missing key `scheme`");
        org.neo4j.test.assertion.Assert.assertException(() -> {
            this.manager.login(MapUtil.map(new Object[]{"scheme", "basic", "principal", "neo4j"}));
        }, InvalidAuthTokenException.class, "Unsupported authentication token, missing key `credentials`");
        org.neo4j.test.assertion.Assert.assertException(() -> {
            this.manager.login(MapUtil.map(new Object[]{"scheme", "basic", "credentials", "very-secret"}));
        }, InvalidAuthTokenException.class, "Unsupported authentication token, missing key `principal`");
    }

    private void assertLoginGivesResult(String str, String str2, AuthenticationResult authenticationResult) throws InvalidAuthTokenException {
        Assert.assertThat(this.manager.login(SecurityTestUtils.authToken(str, str2)).subject().getAuthenticationResult(), Matchers.equalTo(authenticationResult));
    }

    @Override // org.neo4j.server.security.auth.InitialUserTest
    protected AuthManager authManager() {
        return this.manager;
    }
}
