package com.ibm.team.repository.client.tests.login;

import com.ibm.team.repository.client.ITeamRepository;
import com.ibm.team.repository.client.tests.AbstractAutoLoginClientTest;
import com.ibm.team.repository.client.tests.ClientModifiedProperty;
import com.ibm.team.repository.client.tests.tools.Helper;
import com.ibm.team.repository.common.IContributor;
import com.ibm.team.repository.common.IContributorHandle;
import com.ibm.team.repository.common.PermissionDeniedException;
import com.ibm.team.repository.common.TeamRepositoryException;
import com.ibm.team.repository.common.service.IContributorService;
import com.ibm.team.repository.common.service.IExternalUserRegistryService;
import com.ibm.team.repository.common.service.IPermissionService;
import com.ibm.team.repository.common.tests.Secure;
import com.ibm.team.repository.common.tests.TestRunMode;
import com.ibm.team.repository.common.tests.UserRegistryAccess;
import com.ibm.team.repository.common.tests.utils.TestMode;
import com.ibm.team.repository.transport.client.AuthenticationException;
import org.eclipse.core.runtime.IProgressMonitor;

@Secure
@UserRegistryAccess
/* loaded from: input_file:team_core_client_tests.jar:com/ibm/team/repository/client/tests/login/SecureLoginTest.class */
public class SecureLoginTest extends AbstractAutoLoginClientTest {
    public SecureLoginTest(String str) {
        super(str);
    }

    public void switchUsers(String str) throws TeamRepositoryException {
        switchUsers(str, str);
    }

    public void switchUsers(final String str, final String str2) throws TeamRepositoryException {
        IContributor loggedInContributor = this.repo.loggedInContributor();
        if (loggedInContributor == null || !loggedInContributor.getUserId().equals(str)) {
            this.repo.registerLoginHandler(new ITeamRepository.ILoginHandler() { // from class: com.ibm.team.repository.client.tests.login.SecureLoginTest.1
                public ITeamRepository.ILoginHandler.ILoginInfo challenge(ITeamRepository iTeamRepository) {
                    final String str3 = str;
                    final String str4 = str2;
                    return new ITeamRepository.ILoginHandler.ILoginInfo() { // from class: com.ibm.team.repository.client.tests.login.SecureLoginTest.1.1
                        public String getUserId() {
                            return str3;
                        }

                        public String getPassword() {
                            return str4;
                        }
                    };
                }
            });
            if (this.repo.loggedIn()) {
                this.repo.logout();
            }
            this.repo.login((IProgressMonitor) null);
            assertTrue(this.repo.loggedIn());
            assertTrue(this.repo.loggedInContributor().getUserId().equals(str));
        }
    }

    public void testSwitchUsers() throws Exception {
        switchUsers("TestJazzUser1");
        assertPermission("JazzUsers");
        try {
            assertPermission("JazzAdmins");
            fail("Should not have JazzAdmins");
        } catch (PermissionDeniedException unused) {
        }
        switchUsers("TestJazzAdmin1");
        assertPermission("JazzUsers");
        assertPermission("JazzAdmins");
    }

    @TestRunMode(mode = TestMode.JTS)
    public void testModifyAdminOrGuest() throws Exception {
        IExternalUserRegistryService iExternalUserRegistryService = (IExternalUserRegistryService) this.repo.getServiceInterface(IExternalUserRegistryService.class);
        switchUsers("ADMIN");
        try {
            iExternalUserRegistryService.removeFromGroup("ADMIN", "JazzAdmins");
            fail("should not be allowed to change admin user");
        } catch (TeamRepositoryException unused) {
        }
        try {
            iExternalUserRegistryService.addToGroup("ADMIN", "JazzGuests");
            fail("should not be allowed to change admin user");
        } catch (TeamRepositoryException unused2) {
        }
        try {
            iExternalUserRegistryService.updateExternalUser("ADMIN", "ADMIN", "ADMIN", new String[]{"JazzGuests"});
            fail("should not be allowed to change admin user");
        } catch (TeamRepositoryException unused3) {
        }
        try {
            iExternalUserRegistryService.removeExternalUser("ADMIN");
            fail("should not be allowed to change admin user");
        } catch (TeamRepositoryException unused4) {
        }
        switchUsers("GUEST");
        try {
            iExternalUserRegistryService.removeFromGroup("GUEST", "JazzGuests");
            fail("should not be allowed to change GUEST user");
        } catch (TeamRepositoryException unused5) {
        }
        try {
            iExternalUserRegistryService.addToGroup("GUEST", "JazzAdmins");
            fail("should not be allowed to change GUEST user");
        } catch (TeamRepositoryException unused6) {
        }
        try {
            iExternalUserRegistryService.updateExternalUser("GUEST", "GUEST", "GUEST", new String[]{"JazzGuests"});
            fail("should not be allowed to change GUEST user");
        } catch (TeamRepositoryException unused7) {
        }
        try {
            iExternalUserRegistryService.removeExternalUser("GUEST");
            fail("should not be allowed to change GUEST user");
        } catch (TeamRepositoryException unused8) {
        }
    }

    @TestRunMode(mode = TestMode.JTS)
    public void testChangePassword() throws Exception {
        IExternalUserRegistryService iExternalUserRegistryService = (IExternalUserRegistryService) this.repo.getServiceInterface(IExternalUserRegistryService.class);
        switchUsers("TestJazzUser1");
        try {
            iExternalUserRegistryService.changePassword("TestJazzAdmin1", "TestJazzUser2", "foobar");
            fail("Should not be allowed to change another user's password");
        } catch (PermissionDeniedException unused) {
        }
        try {
            iExternalUserRegistryService.changePassword("TestJazzUser1", "old", "foobar");
            fail("Should fail with incorrect password");
        } catch (PermissionDeniedException unused2) {
        }
        switchUsers("TestJazzAdmin1");
        try {
            iExternalUserRegistryService.changePassword("TestJazzUser1", "TestJazzUser1", "foobar");
            fail("Should not be allowed to change another user's password");
        } catch (PermissionDeniedException unused3) {
        }
        switchUsers("TestJazzUser1");
        iExternalUserRegistryService.changePassword("TestJazzUser1", "TestJazzUser1", "foobar");
        this.repo.logout();
        try {
            switchUsers("TestJazzUser1", "TestJazzUser1");
            fail("Should not be allowed to login with old password");
        } catch (AuthenticationException unused4) {
        }
        switchUsers("TestJazzUser1", "foobar");
        iExternalUserRegistryService.changePassword("TestJazzUser1", "foobar", "TestJazzUser1");
        this.repo.logout();
        switchUsers("TestJazzUser1");
    }

    private void assertPermission(String str) throws PermissionDeniedException {
        ((IPermissionService) this.repo.getServiceInterface(IPermissionService.class)).assertPermission(str);
    }

    public void testLoginbWrongPassword() throws TeamRepositoryException {
        try {
            Helper.login(true, false, "TestJazzUser1", "wrong-password");
            fail("The login should have failed with a bad password");
        } catch (TeamRepositoryException e) {
            throw e;
        } catch (AuthenticationException unused) {
        }
    }

    public void testLoginUnregisteredUser() throws TeamRepositoryException {
        try {
            Helper.login(true, false, "TestJazzNeverRegisteredUser", "TestJazzNeverRegisteredUser");
            fail("The login should have failed because the user is not in the database");
        } catch (AuthenticationException e) {
            if (e.getMessage().indexOf("CRJAZ0124E") >= 0) {
                throw e;
            }
        }
    }

    @ClientModifiedProperty(serviceImplementationName = "com.ibm.team.repository.service.internal.ServletConfigurationService", propertyName = "ws.allow.self.registration", propertyValue = "true")
    public void testSelfRegisteredUser() throws TeamRepositoryException {
        Helper.login(true, false, "TestJazzSelfRegisterUser", "TestJazzSelfRegisterUser");
        deleteContributor("TestJazzSelfRegisterUser");
    }

    private void deleteContributor(String str) throws TeamRepositoryException {
        IContributorService iContributorService = (IContributorService) this.repo.getServiceInterface(IContributorService.class);
        IContributorHandle fetchContributorByUserId = iContributorService.fetchContributorByUserId(str);
        if (fetchContributorByUserId != null) {
            iContributorService.deleteContributor(fetchContributorByUserId);
        }
    }
}
