package org.neo4j.server.rest.security;

import com.sun.jersey.core.util.Base64;
import java.io.IOException;
import org.codehaus.jackson.JsonNode;
import org.hamcrest.CoreMatchers;
import org.junit.After;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.neo4j.graphdb.factory.GraphDatabaseSettings;
import org.neo4j.kernel.impl.annotations.Documented;
import org.neo4j.server.CommunityNeoServer;
import org.neo4j.server.helpers.CommunityServerBuilder;
import org.neo4j.server.rest.RESTRequestGenerator;
import org.neo4j.server.rest.domain.JsonHelper;
import org.neo4j.server.rest.domain.JsonParseException;
import org.neo4j.string.UTF8;
import org.neo4j.test.TestData;
import org.neo4j.test.server.ExclusiveServerTestBase;
import org.neo4j.test.server.HTTP;

/* loaded from: input_file:org/neo4j/server/rest/security/UsersIT.class */
public class UsersIT extends ExclusiveServerTestBase {

    @Rule
    public TestData<RESTRequestGenerator> gen = TestData.producedThrough(RESTRequestGenerator.PRODUCER);
    private CommunityNeoServer server;

    @Test
    @Documented("User status\n\nGiven that you know the current password, you can ask the server for the user status.")
    public void user_status() throws JsonParseException, IOException {
        startServerWithConfiguredUser();
        JsonNode jsonNode = JsonHelper.jsonNode(((RESTRequestGenerator) this.gen.get()).expectedStatus(200).withHeader("Authorization", challengeResponse("neo4j", "secret")).get(userURL("neo4j")).entity());
        Assert.assertThat(jsonNode.get("username").asText(), CoreMatchers.equalTo("neo4j"));
        Assert.assertThat(Boolean.valueOf(jsonNode.get("password_change_required").asBoolean()), CoreMatchers.equalTo(false));
        Assert.assertThat(jsonNode.get("password_change").asText(), CoreMatchers.equalTo(passwordURL("neo4j")));
    }

    @Test
    @Documented("User status on first access\n\nOn first access, and using the default password, the user status will indicate that the users password requires changing.")
    public void user_status_first_access() throws JsonParseException, IOException {
        startServer(true);
        JsonNode jsonNode = JsonHelper.jsonNode(((RESTRequestGenerator) this.gen.get()).expectedStatus(200).withHeader("Authorization", challengeResponse("neo4j", "neo4j")).get(userURL("neo4j")).entity());
        Assert.assertThat(jsonNode.get("username").asText(), CoreMatchers.equalTo("neo4j"));
        Assert.assertThat(Boolean.valueOf(jsonNode.get("password_change_required").asBoolean()), CoreMatchers.equalTo(true));
        Assert.assertThat(jsonNode.get("password_change").asText(), CoreMatchers.equalTo(passwordURL("neo4j")));
    }

    @Test
    @Documented("Changing the user password\n\nGiven that you know the current password, you can ask the server to change a users password. You can choose any\npassword you like, as long as it is different from the current password.")
    public void change_password() throws IOException {
        startServer(true);
        ((RESTRequestGenerator) this.gen.get()).expectedStatus(200).withHeader("Authorization", challengeResponse("neo4j", "neo4j")).payload(quotedJson("{'password':'secret'}")).post(this.server.baseUri().resolve("/user/neo4j/password").toString());
        Assert.assertEquals(200L, HTTP.withHeaders("Authorization", challengeResponse("neo4j", "secret")).GET(dataURL()).status());
        Assert.assertEquals(401L, HTTP.withHeaders("Authorization", challengeResponse("neo4j", "neo4j")).POST(dataURL()).status());
    }

    @Test
    public void cantChangeToCurrentPassword() throws Exception {
        startServer(true);
        Assert.assertThat(Integer.valueOf(HTTP.withHeaders("Authorization", challengeResponse("neo4j", "neo4j")).POST(this.server.baseUri().resolve("/user/neo4j/password").toString(), HTTP.RawPayload.quotedJson("{'password':'neo4j'}")).status()), CoreMatchers.equalTo(422));
    }

    @After
    public void cleanup() {
        if (this.server != null) {
            this.server.stop();
        }
    }

    public void startServer(boolean z) throws IOException {
        this.server = CommunityServerBuilder.serverOnRandomPorts().withProperty(GraphDatabaseSettings.auth_enabled.name(), Boolean.toString(z)).build();
        this.server.start();
    }

    public void startServerWithConfiguredUser() throws IOException {
        startServer(true);
        Assert.assertEquals(200L, HTTP.withHeaders("Authorization", challengeResponse("neo4j", "neo4j")).POST(this.server.baseUri().resolve("/user/neo4j/password").toString(), HTTP.RawPayload.quotedJson("{'password':'secret'}")).status());
    }

    private String challengeResponse(String str, String str2) {
        return "Basic " + base64(str + ":" + str2);
    }

    private String dataURL() {
        return this.server.baseUri().resolve("db/data/").toString();
    }

    private String userURL(String str) {
        return this.server.baseUri().resolve("user/" + str).toString();
    }

    private String passwordURL(String str) {
        return this.server.baseUri().resolve("user/" + str + "/password").toString();
    }

    private String base64(String str) {
        return UTF8.decode(Base64.encode(str));
    }

    private String quotedJson(String str) {
        return str.replaceAll("'", "\"");
    }
}
