package org.apereo.cas.web.report;

import java.util.Map;
import java.util.Set;
import org.apereo.cas.services.CasRegisteredService;
import org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.web.report.AbstractCasEndpointTests;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.http.MediaType;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import org.springframework.test.web.servlet.result.MockMvcResultMatchers;

@Tag("ActuatorEndpoint")
@SpringBootTest(classes = {AbstractCasEndpointTests.SharedTestConfiguration.class}, properties = {"cas.authn.attribute-repository.stub.attributes.uid=cas", "cas.authn.attribute-repository.stub.attributes.givenName=apereo-cas", "cas.authn.attribute-repository.stub.attributes.phone=123456789", "server.port=8181", "cas.monitor.endpoints.endpoint.defaults.access=ANONYMOUS", "management.endpoint.serviceAccess.enabled=true", "management.endpoints.web.exposure.include=*"}, webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT)
@AutoConfigureMockMvc
/* loaded from: input_file:org/apereo/cas/web/report/RegisteredServiceAccessEndpointTests.class */
public class RegisteredServiceAccessEndpointTests extends AbstractCasEndpointTests {

    @Autowired
    @Qualifier("mockMvc")
    private MockMvc mockMvc;

    @Test
    void verifyForbiddenOperation() throws Throwable {
        this.mockMvc.perform(MockMvcRequestBuilders.post("/actuator/serviceAccess", new Object[0]).param("service", new String[]{"https://unknown.example.edu"}).param("username", new String[]{"casuser"}).contentType(MediaType.APPLICATION_FORM_URLENCODED).accept(new MediaType[]{MediaType.APPLICATION_JSON})).andExpect(MockMvcResultMatchers.status().isForbidden());
    }

    @Test
    void verifyAccessAllowedOperation() throws Exception {
        CasRegisteredService registeredService = RegisteredServiceTestUtils.getRegisteredService("https://canvas.example.edu");
        registeredService.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy().setRequiredAttributes(Map.of("phone", Set.of("123456789"))));
        this.servicesManager.save(registeredService);
        this.mockMvc.perform(MockMvcRequestBuilders.post("/actuator/serviceAccess", new Object[0]).param("service", new String[]{"https://canvas.example.edu"}).param("username", new String[]{"casuser"}).contentType(MediaType.APPLICATION_FORM_URLENCODED).accept(new MediaType[]{MediaType.APPLICATION_JSON})).andExpect(MockMvcResultMatchers.status().isOk());
    }

    @Test
    void verifyAccessWithPassword() throws Exception {
        CasRegisteredService registeredService = RegisteredServiceTestUtils.getRegisteredService("https://psw.example.edu");
        registeredService.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy().setRequiredAttributes(Map.of("givenName", Set.of("apereo.+"))));
        this.servicesManager.save(registeredService);
        this.mockMvc.perform(MockMvcRequestBuilders.post("/actuator/serviceAccess", new Object[0]).param("service", new String[]{"https://psw.example.edu"}).param("username", new String[]{"casuser"}).param("password", new String[]{"casuser"}).contentType(MediaType.APPLICATION_FORM_URLENCODED).accept(new MediaType[]{MediaType.APPLICATION_JSON})).andExpect(MockMvcResultMatchers.status().isOk());
    }

    @Test
    void verifyAccessWithInvalidPassword() throws Exception {
        CasRegisteredService registeredService = RegisteredServiceTestUtils.getRegisteredService("https://valid.example.edu");
        registeredService.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy().setRequiredAttributes(Map.of("givenName", Set.of("apereo.+"))));
        this.servicesManager.save(registeredService);
        this.mockMvc.perform(MockMvcRequestBuilders.post("/actuator/serviceAccess", new Object[0]).param("service", new String[]{"https://valid.example.edu"}).param("username", new String[]{"casuser"}).param("password", new String[]{"bad-password"}).contentType(MediaType.APPLICATION_FORM_URLENCODED).accept(new MediaType[]{MediaType.APPLICATION_JSON})).andExpect(MockMvcResultMatchers.status().isUnauthorized());
    }
}
