package com.atlassian.jira.webtests.ztests.bundledplugins2.rest;

import com.atlassian.jira.functest.framework.FunctTestConstants;
import com.atlassian.jira.functest.framework.suite.Category;
import com.atlassian.jira.functest.framework.suite.WebTest;
import com.atlassian.jira.functest.matcher.HeaderValue;
import com.atlassian.jira.plugin.labels.Constants;
import com.atlassian.jira.util.collect.MapBuilder;
import com.atlassian.jira.util.json.JSONException;
import com.atlassian.jira.util.json.JSONObject;
import com.meterware.httpunit.WebResponse;
import java.io.IOException;
import org.hamcrest.core.IsEqual;
import org.junit.Assert;
import org.xml.sax.SAXException;

@WebTest({Category.FUNC_TEST, Category.REST, Category.SECURITY})
/* loaded from: input_file:com/atlassian/jira/webtests/ztests/bundledplugins2/rest/TestLogin.class */
public class TestLogin extends RestFuncTest {
    public static final int CAPTCHA_MAX_TRIES = 10;
    public static final String X_AUTHENTICATION_DENIED_REASON = "X-Authentication-Denied-Reason";
    private JSONObject fredBadCredentials;
    private JSONObject fredGoodCredentials;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.atlassian.jira.webtests.ztests.bundledplugins2.rest.RestFuncTest, com.atlassian.jira.functest.framework.FuncTestCase
    public void setUpTest() {
        super.setUpTest();
        this.administration.restoreBlankInstance();
        try {
            this.fredBadCredentials = new JSONObject();
            this.fredBadCredentials.put("username", "fred");
            this.fredBadCredentials.put("password", "fredzzz");
            this.fredGoodCredentials = new JSONObject();
            this.fredGoodCredentials.put("username", "fred");
            this.fredGoodCredentials.put("password", "fred");
        } catch (JSONException e) {
            throw new RuntimeException(e);
        }
    }

    public void testCurrentUser() throws Exception {
        JSONObject json = getJSON("/rest/auth/latest/session", new String[0]);
        assertEquals("admin", json.getString("name"));
        assertTrue(json.has("loginInfo"));
    }

    public void testCurrentUserAnon() throws Exception {
        this.navigation.logout();
        assertEquals(401, GET("/rest/auth/latest/session").getResponseCode());
    }

    public void testLogin() throws Exception {
        this.navigation.logout();
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("username", "admin");
        jSONObject.put("password", "BAD-PASSWORD");
        WebResponse loginAs = loginAs(jSONObject);
        assertEquals(401, loginAs.getResponseCode());
        assertEquals("JIRA REST POST", loginAs.getHeaderField("WWW-Authenticate"));
        assertEquals("should return 401 if user doesn't exist", 401, loginAs(new JSONObject().put("username", "wtf").put("password", "kljasdfjkl;dfs")).getResponseCode());
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.put("username", "admin");
        jSONObject2.put("password", "admin");
        WebResponse loginAs2 = loginAs(jSONObject2);
        assertEquals(Constants.MAX_RECENT_LABELES, loginAs2.getResponseCode());
        JSONObject jSONObject3 = new JSONObject(loginAs2.getText());
        JSONObject jSONObject4 = jSONObject3.getJSONObject("session");
        assertEquals("JSESSIONID", jSONObject4.getString("name"));
        assertEquals(this.tester.getDialog().getWebClient().getCookieValue("JSESSIONID"), jSONObject4.getString("value"));
        JSONObject jSONObject5 = jSONObject3.getJSONObject("loginInfo");
        assertTrue(jSONObject5.has("previousLoginTime"));
        assertTrue(jSONObject5.has("lastFailedLoginTime"));
        assertEquals(3L, jSONObject5.getLong("loginCount"));
        assertEquals(1L, jSONObject5.getLong("failedLoginCount"));
    }

    public void testWhenTheLoginResourceGivesYouACookieYouShouldBeAbleToActuallyDoSomethingWithIt() throws Exception {
        String createIssue = this.navigation.issue().createIssue("homosapien", FunctTestConstants.ISSUE_TYPE_BUG, "this is a summary");
        this.navigation.logout();
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("username", "admin");
        jSONObject.put("password", "admin");
        String string = new JSONObject(loginAs(jSONObject).getText()).getJSONObject("session").getString("value");
        this.tester.getDialog().getWebClient().clearCookies();
        WebResponse GET = GET("/rest/api/latest/issue/" + createIssue, MapBuilder.newBuilder().add("Cookie", "JSESSIONID=" + string).toImmutableMap());
        Assert.assertThat(Integer.valueOf(GET.getResponseCode()), IsEqual.equalTo(Integer.valueOf(Constants.MAX_RECENT_LABELES)));
        assertTrue(new JSONObject(GET.getText()).has("key"));
    }

    public void testLoginsThatAreDeniedDueToCaptchaProtectionShouldReturn403() throws Exception {
        this.navigation.logout();
        WebResponse provokeCaptchaFailure = provokeCaptchaFailure(this.fredBadCredentials);
        Assert.assertThat(Integer.valueOf(provokeCaptchaFailure.getResponseCode()), IsEqual.equalTo(403));
        Assert.assertThat(provokeCaptchaFailure, HeaderValue.header(X_AUTHENTICATION_DENIED_REASON, IsEqual.equalTo(String.format("CAPTCHA_CHALLENGE; login-url=%s", getBaseUrlPlus("login.jsp")))));
    }

    public void testCaptchaFailureWithWrongPasswordIsIdenticalToCaptchaFailureWithRightPassword() throws Exception {
        this.navigation.logout();
        Assert.assertThat(loginAs(this.fredGoodCredentials).getHeaderField(X_AUTHENTICATION_DENIED_REASON), IsEqual.equalTo(provokeCaptchaFailure(this.fredBadCredentials).getHeaderField(X_AUTHENTICATION_DENIED_REASON)));
    }

    protected WebResponse loginAs(JSONObject jSONObject) throws IOException, SAXException {
        return POST("/rest/auth/latest/session", jSONObject);
    }

    protected WebResponse provokeCaptchaFailure(JSONObject jSONObject) throws IOException, SAXException {
        WebResponse loginAs;
        int i = 10;
        do {
            loginAs = loginAs(jSONObject);
            this.navigation.logout();
            if (loginAs.getResponseCode() != 401) {
                break;
            }
            i--;
        } while (i > 0);
        if (i == 0) {
            fail(String.format("Captcha did not kick in after %d failed logins", 10));
        }
        return loginAs;
    }

    public void testLogout() throws Exception {
        this.navigation.login("admin");
        assertEquals(204, DELETE("/rest/auth/latest/session").getResponseCode());
        assertEquals(401, DELETE("/rest/auth/latest/session").getResponseCode());
    }
}
