package org.alfresco.rest.misc;

import io.restassured.RestAssured;
import org.alfresco.rest.RestTest;
import org.alfresco.rest.core.RestRequest;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.testng.annotations.Test;

/* loaded from: input_file:org/alfresco/rest/misc/CORSTest.class */
public class CORSTest extends RestTest {
    @Test(groups = {"rest-api", "sanity", "core"})
    public void assertCORSisEnabledAndWorking() {
        RestAssured.basePath = "alfresco/api/-default-/public/authentication/versions/1";
        this.restClient.configureRequestSpec().setBasePath(RestAssured.basePath);
        RestRequest simpleRequest = RestRequest.simpleRequest(HttpMethod.OPTIONS, "tickets", new String[0]);
        this.restClient.configureRequestSpec().addHeader("Origin", "http://localhost:4200");
        this.restClient.process(simpleRequest);
        this.restClient.assertStatusCodeIs(HttpStatus.UNAUTHORIZED);
        this.restClient.configureRequestSpec().addHeader("Access-Control-Request-Method", "PATCH");
        this.restClient.configureRequestSpec().addHeader("Origin", "http://localhost:4200");
        this.restClient.process(simpleRequest);
        this.restClient.assertStatusCodeIs(HttpStatus.FORBIDDEN);
        this.restClient.configureRequestSpec().addHeader("Access-Control-Request-Method", "invalid");
        this.restClient.configureRequestSpec().addHeader("Origin", "http://localhost:4200");
        this.restClient.process(simpleRequest);
        this.restClient.assertStatusCodeIs(HttpStatus.FORBIDDEN);
        this.restClient.configureRequestSpec().addHeader("Access-Control-Request-Method", "POST");
        this.restClient.configureRequestSpec().addHeader("Origin", "http://localhost:4201");
        this.restClient.process(simpleRequest);
        this.restClient.assertStatusCodeIs(HttpStatus.FORBIDDEN);
        this.restClient.configureRequestSpec().addHeader("Origin", "http://example.com");
        this.restClient.process(simpleRequest);
        this.restClient.assertStatusCodeIs(HttpStatus.FORBIDDEN);
        this.restClient.configureRequestSpec().addHeader("Access-Control-Request-Method", "POST");
        this.restClient.configureRequestSpec().addHeader("Origin", "http://localhost:4200");
        this.restClient.process(simpleRequest);
        this.restClient.assertStatusCodeIs(HttpStatus.OK);
        this.restClient.assertHeaderValueContains("Access-Control-Allow-Origin", "http://localhost:4200");
        this.restClient.assertHeaderValueContains("Access-Control-Allow-Credentials", "true");
        this.restClient.assertHeaderValueContains("Access-Control-Max-Age", "10");
        this.restClient.assertHeaderValueContains("Access-Control-Allow-Methods", "POST");
    }

    @Test(groups = {"rest-api", "sanity", "core"})
    public void assertCORSisEnabledAndWorkingForDiscovery() {
        RestAssured.basePath = "alfresco/api";
        this.restClient.configureRequestSpec().setBasePath(RestAssured.basePath);
        RestRequest simpleRequest = RestRequest.simpleRequest(HttpMethod.GET, "discovery", new String[0]);
        this.restClient.configureRequestSpec().addHeader("Access-Control-Request-Method", "GET");
        this.restClient.configureRequestSpec().addHeader("Origin", "http://localhost:4200");
        this.restClient.authenticateUser(this.dataUser.createRandomTestUser()).process(simpleRequest);
        this.restClient.assertStatusCodeIs(HttpStatus.OK);
        this.restClient.assertHeaderValueContains("Access-Control-Allow-Origin", "http://localhost:4200");
        this.restClient.assertHeaderValueContains("Access-Control-Allow-Credentials", "true");
        this.restClient.assertHeaderValueContains("Access-Control-Expose-Headers", "Access-Control-Allow-Origin,Access-Control-Allow-Credentials");
    }
}
