package org.apache.kylin.rest.security;

import org.apache.kylin.common.exception.code.ErrorCodeServer;
import org.apache.kylin.common.util.NLocalFileMetadataTestCase;
import org.apache.kylin.metadata.user.ManagedUser;
import org.apache.kylin.rest.service.KylinUserService;
import org.apache.kylin.rest.service.UserAclService;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.MockitoAnnotations;
import org.mockito.Spy;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.Pbkdf2PasswordEncoder;
import org.springframework.test.util.ReflectionTestUtils;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

/* loaded from: input_file:org/apache/kylin/rest/security/LimitLoginAuthenticationProviderTest.class */
public class LimitLoginAuthenticationProviderTest extends NLocalFileMetadataTestCase {

    @InjectMocks
    private LimitLoginAuthenticationProvider limitLoginAuthenticationProvider;

    @Mock
    private ServletRequestAttributes attrs;

    @Mock
    private UserAclService userAclService;

    @InjectMocks
    private KylinUserService userService;

    @InjectMocks
    @Spy
    private KylinUserService kylinUserService;
    private ManagedUser userAdmin = new ManagedUser("ADMIN", "KYLIN", false, new String[]{"ROLE_ADMIN"});
    private ManagedUser userModeler = new ManagedUser("MODELER", "MODELER", false, new String[]{"ROLE_MODELER"});

    @Rule
    public ExpectedException thrown = ExpectedException.none();

    @After
    public void tearDown() {
        cleanupTestMetadata();
    }

    @Before
    public void setup() {
        createTestMetadata(new String[0]);
        MockitoAnnotations.initMocks(this);
        RequestContextHolder.setRequestAttributes(this.attrs);
        this.limitLoginAuthenticationProvider = (LimitLoginAuthenticationProvider) Mockito.spy(new LimitLoginAuthenticationProvider());
        this.limitLoginAuthenticationProvider.setPasswordEncoder(NoOpPasswordEncoder.getInstance());
        ReflectionTestUtils.setField(this.limitLoginAuthenticationProvider, "userService", this.userService);
        ReflectionTestUtils.setField(this.limitLoginAuthenticationProvider, "userDetailsService", this.userService);
        this.kylinUserService.updateUser(this.userAdmin);
        this.kylinUserService.updateUser(this.userModeler);
    }

    @Test
    public void testAuthenticate_UserNotFound_EmptyUserName() {
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken("", this.userAdmin.getPassword(), this.userAdmin.getAuthorities());
        this.thrown.expect(BadCredentialsException.class);
        this.thrown.expectMessage(ErrorCodeServer.USER_LOGIN_FAILED.getMsg(new Object[0]));
        this.limitLoginAuthenticationProvider.authenticate(usernamePasswordAuthenticationToken);
    }

    @Test
    public void testAuthenticate_UserNotFound_Exception() {
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken("lalala", this.userAdmin.getPassword(), this.userAdmin.getAuthorities());
        this.thrown.expect(BadCredentialsException.class);
        this.thrown.expectMessage(ErrorCodeServer.USER_LOGIN_FAILED.getMsg(new Object[0]));
        this.limitLoginAuthenticationProvider.authenticate(usernamePasswordAuthenticationToken);
    }

    @Test
    public void testAuthenticate_InSensitiveCase() {
        this.limitLoginAuthenticationProvider.authenticate(new UsernamePasswordAuthenticationToken("admin", "KYLIN", this.userAdmin.getAuthorities()));
    }

    @Test
    public void testAuthenticate_EmptyPassword() {
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken("ADMIN", "", this.userAdmin.getAuthorities());
        this.thrown.expect(BadCredentialsException.class);
        this.thrown.expectMessage(ErrorCodeServer.USER_LOGIN_FAILED.getMsg(new Object[0]));
        this.limitLoginAuthenticationProvider.authenticate(usernamePasswordAuthenticationToken);
    }

    @Test
    public void testAuthenticate_WrongPWD_Exception() {
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken("ADMIN", "fff", this.userAdmin.getAuthorities());
        this.thrown.expect(BadCredentialsException.class);
        this.thrown.expectMessage(ErrorCodeServer.USER_LOGIN_FAILED.getMsg(new Object[0]));
        this.limitLoginAuthenticationProvider.authenticate(usernamePasswordAuthenticationToken);
    }

    @Test
    public void testAuthenticate_Locked_Exception() {
        this.userAdmin.setLocked(true);
        this.userAdmin.setLockedTime(System.currentTimeMillis());
        this.userAdmin.setWrongTime(3);
        this.kylinUserService.updateUser(this.userAdmin);
        try {
            this.limitLoginAuthenticationProvider.authenticate(new UsernamePasswordAuthenticationToken("ADMIN", "KYLIN", this.userAdmin.getAuthorities()));
            Assert.fail();
        } catch (Exception e) {
            Assert.assertTrue(e instanceof LockedException);
            Assert.assertTrue(e.getMessage().matches("For security concern, account ADMIN has been locked. Please try again in \\d+ seconds. Login failure again will be locked for 1 minutes.."));
        }
    }

    @Test
    public void testAuthenticate_Disabled_Exception() {
        this.userAdmin.setDisabled(true);
        this.kylinUserService.updateUser(this.userAdmin);
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken("ADMIN", "KYLIN", this.userAdmin.getAuthorities());
        this.thrown.expect(DisabledException.class);
        this.limitLoginAuthenticationProvider.authenticate(usernamePasswordAuthenticationToken);
    }

    @Test
    public void testPbkdf2PasswordEncoder() {
        this.limitLoginAuthenticationProvider.setPasswordEncoder(new Pbkdf2PasswordEncoder());
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken("ADMIN", "KYLIN", this.userAdmin.getAuthorities());
        this.thrown.expect(BadCredentialsException.class);
        this.limitLoginAuthenticationProvider.authenticate(usernamePasswordAuthenticationToken);
        this.limitLoginAuthenticationProvider.setPasswordEncoder(new BCryptPasswordEncoder());
    }

    @Test
    public void testBuildBadCredentialsException() {
        Assert.assertThrows(BadCredentialsException.class, () -> {
            ReflectionTestUtils.invokeMethod(this.limitLoginAuthenticationProvider, "buildBadCredentialsException", new Object[]{"userName", new BadCredentialsException("test")});
        });
    }

    @Test
    public void testBuildLockedException() {
        Assert.assertThrows(LockedException.class, () -> {
            ReflectionTestUtils.invokeMethod(this.limitLoginAuthenticationProvider, "buildLockedException", new Object[]{"userName"});
        });
    }
}
