package org.alfresco.repo.security.authentication;

import java.lang.reflect.Field;
import java.util.EmptyStackException;
import java.util.HashMap;
import java.util.Properties;
import javax.mail.internet.MimeMessage;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.client.config.ClientAppNotFoundException;
import org.alfresco.repo.security.authentication.ResetPasswordServiceImpl;
import org.alfresco.repo.security.authentication.activiti.SendResetPasswordConfirmationEmailDelegate;
import org.alfresco.repo.security.authentication.activiti.SendResetPasswordEmailDelegate;
import org.alfresco.repo.transaction.RetryingTransactionHelper;
import org.alfresco.service.cmr.security.MutableAuthenticationService;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.cmr.workflow.WorkflowInstance;
import org.alfresco.service.cmr.workflow.WorkflowService;
import org.alfresco.util.GUID;
import org.alfresco.util.Pair;
import org.alfresco.util.TestHelper;
import org.alfresco.util.email.EmailUtil;
import org.alfresco.util.test.junitrules.AlfrescoTenant;
import org.alfresco.util.test.junitrules.ApplicationContextInit;
import org.alfresco.util.test.junitrules.RunAsFullyAuthenticatedRule;
import org.apache.commons.lang.StringUtils;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.springframework.extensions.surf.util.I18NUtil;

/* loaded from: input_file:org/alfresco/repo/security/authentication/ResetPasswordServiceImplTest.class */
public class ResetPasswordServiceImplTest {

    @ClassRule
    public static final ApplicationContextInit APP_CONTEXT_INIT = new ApplicationContextInit();

    @Rule
    public final RunAsFullyAuthenticatedRule runAsRule = new RunAsFullyAuthenticatedRule(AuthenticationUtil.getSystemUserName());
    private static final String DEFAULT_SENDER = "noreply@test-alfresco.test";
    private static ResetPasswordServiceImpl resetPasswordService;
    private static MutableAuthenticationService authenticationService;
    private static RetryingTransactionHelper transactionHelper;
    private static PersonService personService;
    private static Properties globalProperties;
    private static WorkflowService workflowService;
    private static TestPerson testPerson;
    private static EmailUtil emailUtil;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/alfresco/repo/security/authentication/ResetPasswordServiceImplTest$TestPerson.class */
    public static class TestPerson {
        private String userName;
        private String firstName;
        private String lastName;
        private String password;
        private String email;

        private TestPerson() {
        }

        /* JADX INFO: Access modifiers changed from: private */
        public TestPerson setUserName(String str) {
            this.userName = str;
            return this;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public TestPerson setFirstName(String str) {
            this.firstName = str;
            return this;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public TestPerson setLastName(String str) {
            this.lastName = str;
            return this;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public TestPerson setPassword(String str) {
            this.password = str;
            return this;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public TestPerson setEmail(String str) {
            this.email = str;
            return this;
        }

        /* synthetic */ TestPerson(TestPerson testPerson) {
            this();
        }
    }

    @BeforeClass
    public static void initStaticData() throws Exception {
        resetPasswordService = (ResetPasswordServiceImpl) APP_CONTEXT_INIT.getApplicationContext().getBean("resetPasswordService", ResetPasswordServiceImpl.class);
        resetPasswordService.setSendEmailAsynchronously(false);
        resetPasswordService.setDefaultEmailSender(DEFAULT_SENDER);
        authenticationService = (MutableAuthenticationService) APP_CONTEXT_INIT.getApplicationContext().getBean("authenticationService", MutableAuthenticationService.class);
        transactionHelper = (RetryingTransactionHelper) APP_CONTEXT_INIT.getApplicationContext().getBean("retryingTransactionHelper", RetryingTransactionHelper.class);
        personService = (PersonService) APP_CONTEXT_INIT.getApplicationContext().getBean("personService", PersonService.class);
        globalProperties = (Properties) APP_CONTEXT_INIT.getApplicationContext().getBean("global-properties", Properties.class);
        workflowService = (WorkflowService) APP_CONTEXT_INIT.getApplicationContext().getBean("WorkflowService", WorkflowService.class);
        emailUtil = new EmailUtil(APP_CONTEXT_INIT.getApplicationContext());
        emailUtil.reset();
        String str = "jane.doe" + System.currentTimeMillis();
        testPerson = new TestPerson(null).setUserName(str).setFirstName("Jane").setLastName("doe").setPassword(AlfrescoTenant.ADMIN_PASSWORD).setEmail(String.valueOf(str) + "@example.com");
        transactionHelper.doInTransaction(() -> {
            createUser(testPerson);
            return null;
        });
    }

    @AfterClass
    public static void cleanUp() {
        resetPasswordService.setSendEmailAsynchronously(Boolean.valueOf(globalProperties.getProperty("system.reset-password.sendEmailAsynchronously")).booleanValue());
        resetPasswordService.setDefaultEmailSender((String) globalProperties.get("system.email.sender.default"));
        AuthenticationUtil.setRunAsUserSystem();
        transactionHelper.doInTransaction(() -> {
            personService.deletePerson(testPerson.userName);
            return null;
        });
        try {
            AuthenticationUtil.popAuthentication();
        } catch (EmptyStackException unused) {
        }
    }

    @After
    public void tearDown() throws Exception {
        emailUtil.reset();
    }

    @Test
    public void testResetPassword() throws Exception {
        authenticateUser(testPerson.userName, testPerson.password);
        AuthenticationUtil.clearCurrentSecurityContext();
        AuthenticationUtil.setRunAsUserSystem();
        resetPasswordService.requestReset(testPerson.userName, "share");
        Assert.assertEquals("A reset password email should have been sent.", 1L, emailUtil.getSentCount());
        MimeMessage lastEmail = emailUtil.getLastEmail();
        Assert.assertNotNull("There should be an email.", lastEmail);
        Assert.assertEquals("Should've been only one email recipient.", 1L, lastEmail.getAllRecipients().length);
        Assert.assertEquals(testPerson.email, lastEmail.getAllRecipients()[0].toString());
        Assert.assertEquals(DEFAULT_SENDER, lastEmail.getFrom()[0].toString());
        Assert.assertNotNull("There should be a subject.", lastEmail.getSubject());
        String declaredField = getDeclaredField(SendResetPasswordEmailDelegate.class, "EMAIL_SUBJECT_KEY");
        Assert.assertNotNull(declaredField);
        Assert.assertEquals(lastEmail.getSubject(), I18NUtil.getMessage(declaredField));
        String str = (String) emailUtil.getLastEmailTemplateModelValue("reset_password_url");
        Assert.assertNotNull("Wrong email is sent.", str);
        Pair<String, String> workflowIdAndKeyFromUrl = getWorkflowIdAndKeyFromUrl(str);
        Assert.assertNotNull("Workflow Id can't be null.", workflowIdAndKeyFromUrl.getFirst());
        Assert.assertNotNull("Workflow Key can't be null.", workflowIdAndKeyFromUrl.getSecond());
        emailUtil.reset();
        ResetPasswordServiceImpl.ResetPasswordDetails workflowKey = new ResetPasswordServiceImpl.ResetPasswordDetails().setUserId(testPerson.userName).setPassword("newPassword").setWorkflowId((String) workflowIdAndKeyFromUrl.getFirst()).setWorkflowKey((String) workflowIdAndKeyFromUrl.getSecond());
        resetPasswordService.initiateResetPassword(workflowKey);
        Assert.assertEquals("A reset password confirmation email should have been sent.", 1L, emailUtil.getSentCount());
        MimeMessage lastEmail2 = emailUtil.getLastEmail();
        Assert.assertNotNull("There should be an email.", lastEmail2);
        Assert.assertEquals("Should've been only one email recipient.", 1L, lastEmail2.getAllRecipients().length);
        Assert.assertEquals(testPerson.email, lastEmail2.getAllRecipients()[0].toString());
        Assert.assertEquals(DEFAULT_SENDER, lastEmail2.getFrom()[0].toString());
        Assert.assertNotNull("There should be a subject.", lastEmail2.getSubject());
        String declaredField2 = getDeclaredField(SendResetPasswordConfirmationEmailDelegate.class, "EMAIL_SUBJECT_KEY");
        Assert.assertNotNull(declaredField2);
        Assert.assertEquals(lastEmail2.getSubject(), I18NUtil.getMessage(declaredField2));
        TestHelper.assertThrows(() -> {
            authenticateUser(testPerson.userName, testPerson.password);
        }, AuthenticationException.class, "As the user changed her password, the authentication should have failed.");
        authenticateUser(testPerson.userName, "newPassword");
        AuthenticationUtil.clearCurrentSecurityContext();
        AuthenticationUtil.setRunAsUserSystem();
        emailUtil.reset();
        TestHelper.assertThrows(() -> {
            resetPasswordService.initiateResetPassword(workflowKey);
        }, ResetPasswordServiceImpl.InvalidResetPasswordWorkflowException.class, "The workflow instance is not active (it has already been used).");
        Assert.assertEquals("No email should have been sent.", 0L, emailUtil.getSentCount());
    }

    @Test
    public void testRequestResetPasswordInvalid() throws Exception {
        TestHelper.assertThrows(() -> {
            resetPasswordService.requestReset(testPerson.userName, (String) null);
        }, IllegalArgumentException.class, "Client name is mandatory.");
        TestHelper.assertThrows(() -> {
            resetPasswordService.requestReset(testPerson.userName, "TestClient" + System.currentTimeMillis());
        }, ClientAppNotFoundException.class, "Client is not found.");
        Assert.assertEquals("No email should have been sent.", 0L, emailUtil.getSentCount());
        TestHelper.assertThrows(() -> {
            resetPasswordService.requestReset((String) null, "share");
        }, IllegalArgumentException.class, "userId is mandatory.");
        Assert.assertEquals("No email should have been sent.", 0L, emailUtil.getSentCount());
        TestHelper.assertThrows(() -> {
            resetPasswordService.requestReset("NoUser" + System.currentTimeMillis(), "share");
        }, ResetPasswordServiceImpl.ResetPasswordWorkflowInvalidUserException.class, "user does not exist.");
        Assert.assertEquals("No email should have been sent.", 0L, emailUtil.getSentCount());
        enableUser(testPerson.userName, false);
        TestHelper.assertThrows(() -> {
            resetPasswordService.requestReset(testPerson.userName, "share");
        }, ResetPasswordServiceImpl.ResetPasswordWorkflowInvalidUserException.class, "user is disabled.");
        Assert.assertEquals("No email should have been sent.", 0L, emailUtil.getSentCount());
        enableUser(testPerson.userName, true);
    }

    @Test
    public void testResetPasswordInvalid() throws Exception {
        resetPasswordService.requestReset(testPerson.userName, "share");
        Assert.assertEquals("A reset password email should have been sent.", 1L, emailUtil.getSentCount());
        Assert.assertNotNull(emailUtil.getLastEmail());
        Assert.assertEquals("Should've been only one email recipient.", 1L, r0.getAllRecipients().length);
        String str = (String) emailUtil.getLastEmailTemplateModelValue("reset_password_url");
        Assert.assertNotNull("Wrong email is sent.", str);
        Pair<String, String> workflowIdAndKeyFromUrl = getWorkflowIdAndKeyFromUrl(str);
        Assert.assertNotNull("Workflow Id can't be null.", workflowIdAndKeyFromUrl.getFirst());
        Assert.assertNotNull("Workflow Key can't be null.", workflowIdAndKeyFromUrl.getSecond());
        emailUtil.reset();
        TestHelper.assertThrows(() -> {
            resetPasswordService.initiateResetPassword((ResetPasswordServiceImpl.ResetPasswordDetails) null);
        }, IllegalArgumentException.class, "null parameter.");
        ResetPasswordServiceImpl.ResetPasswordDetails workflowKey = new ResetPasswordServiceImpl.ResetPasswordDetails().setUserId((String) null).setPassword("newPassword").setWorkflowId((String) workflowIdAndKeyFromUrl.getFirst()).setWorkflowKey((String) workflowIdAndKeyFromUrl.getSecond());
        TestHelper.assertThrows(() -> {
            resetPasswordService.initiateResetPassword(workflowKey);
        }, IllegalArgumentException.class, "User id is mandatory.");
        workflowKey.setUserId(testPerson.userName).setPassword((String) null);
        TestHelper.assertThrows(() -> {
            resetPasswordService.initiateResetPassword(workflowKey);
        }, IllegalArgumentException.class, "Password is mandatory.");
        workflowKey.setPassword("");
        TestHelper.assertThrows(() -> {
            resetPasswordService.initiateResetPassword(workflowKey);
        }, IllegalArgumentException.class, "Invalid password value.");
        workflowKey.setPassword("newPassword").setWorkflowId((String) null);
        TestHelper.assertThrows(() -> {
            resetPasswordService.initiateResetPassword(workflowKey);
        }, IllegalArgumentException.class, "Workflow id is mandatory.");
        workflowKey.setWorkflowId((String) workflowIdAndKeyFromUrl.getFirst()).setWorkflowKey((String) null);
        TestHelper.assertThrows(() -> {
            resetPasswordService.initiateResetPassword(workflowKey);
        }, IllegalArgumentException.class, "Workflow key is mandatory.");
        workflowKey.setWorkflowId("activiti$" + System.currentTimeMillis()).setWorkflowKey((String) workflowIdAndKeyFromUrl.getSecond());
        TestHelper.assertThrows(() -> {
            resetPasswordService.initiateResetPassword(workflowKey);
        }, ResetPasswordServiceImpl.ResetPasswordWorkflowNotFoundException.class, "The workflow instance with the invalid id should not have been found.");
        workflowKey.setWorkflowId((String) workflowIdAndKeyFromUrl.getFirst()).setWorkflowKey(GUID.generate());
        TestHelper.assertThrows(() -> {
            resetPasswordService.initiateResetPassword(workflowKey);
        }, ResetPasswordServiceImpl.InvalidResetPasswordWorkflowException.class, "The recovered key does not match the given workflow key.");
        workflowKey.setUserId("marco.polo").setWorkflowId((String) workflowIdAndKeyFromUrl.getFirst()).setWorkflowKey((String) workflowIdAndKeyFromUrl.getSecond());
        TestHelper.assertThrows(() -> {
            resetPasswordService.initiateResetPassword(workflowKey);
        }, ResetPasswordServiceImpl.InvalidResetPasswordWorkflowException.class, "The given user id does not match the person's user id who requested the password reset.");
        Assert.assertEquals("No email should have been sent.", 0L, emailUtil.getSentCount());
    }

    @Test
    public void testResetPasswordEndTimer() throws Exception {
        String property = globalProperties.getProperty("system.reset-password.endTimer");
        try {
            resetPasswordService.setTimerEnd("PT1S");
            resetPasswordService.requestReset(testPerson.userName, "share");
            Assert.assertEquals("A reset password email should have been sent.", 1L, emailUtil.getSentCount());
            String str = (String) emailUtil.getLastEmailTemplateModelValue("reset_password_url");
            Assert.assertNotNull("Wrong email is sent.", str);
            Pair<String, String> workflowIdAndKeyFromUrl = getWorkflowIdAndKeyFromUrl(str);
            Assert.assertNotNull("Workflow Id can't be null.", workflowIdAndKeyFromUrl.getFirst());
            Assert.assertNotNull("Workflow Key can't be null.", workflowIdAndKeyFromUrl.getSecond());
            emailUtil.reset();
            ResetPasswordServiceImpl.ResetPasswordDetails workflowKey = new ResetPasswordServiceImpl.ResetPasswordDetails().setUserId(testPerson.userName).setPassword("newPassword").setWorkflowId((String) workflowIdAndKeyFromUrl.getFirst()).setWorkflowKey((String) workflowIdAndKeyFromUrl.getSecond());
            Assert.assertFalse("The workflow should have been inactive.", ((Boolean) TestHelper.waitBeforeRetry(() -> {
                return Boolean.valueOf(isActive((String) workflowIdAndKeyFromUrl.getFirst()));
            }, false, 10, 1000L)).booleanValue());
            TestHelper.assertThrows(() -> {
                resetPasswordService.initiateResetPassword(workflowKey);
            }, ResetPasswordServiceImpl.InvalidResetPasswordWorkflowException.class, "The workflow instance is not active (expired).");
            Assert.assertEquals("No email should have been sent.", 0L, emailUtil.getSentCount());
        } finally {
            resetPasswordService.setTimerEnd(property);
        }
    }

    private boolean isActive(String str) {
        WorkflowInstance workflowById = workflowService.getWorkflowById(str);
        Assert.assertNotNull(workflowById);
        return workflowById.isActive();
    }

    public static Pair<String, String> getWorkflowIdAndKeyFromUrl(String str) {
        Assert.assertNotNull(str);
        return new Pair<>(StringUtils.trimToNull(StringUtils.substringAfter(str, "id=")), StringUtils.substringBetween(str, "key=", "&id="));
    }

    private static void createUser(TestPerson testPerson2) {
        if (authenticationService.authenticationExists(testPerson2.userName)) {
            return;
        }
        authenticationService.createAuthentication(testPerson2.userName, testPerson2.password.toCharArray());
        HashMap hashMap = new HashMap(4);
        hashMap.put(ContentModel.PROP_USERNAME, testPerson2.userName);
        hashMap.put(ContentModel.PROP_FIRSTNAME, testPerson2.firstName);
        hashMap.put(ContentModel.PROP_LASTNAME, testPerson2.lastName);
        hashMap.put(ContentModel.PROP_EMAIL, testPerson2.email);
        personService.createPerson(hashMap);
    }

    private void enableUser(String str, boolean z) {
        transactionHelper.doInTransaction(() -> {
            authenticationService.setAuthenticationEnabled(str, z);
            return null;
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void authenticateUser(String str, String str2) {
        authenticationService.authenticate(str, str2.toCharArray());
    }

    private static String getDeclaredField(Class<?> cls, String str) throws NoSuchFieldException, IllegalAccessException {
        Field declaredField = cls.getDeclaredField(str);
        declaredField.setAccessible(true);
        return (String) declaredField.get(null);
    }
}
