package com.atlassian.jira.webtests.ztests.security;

import com.atlassian.jira.functest.framework.Administration;
import com.atlassian.jira.functest.framework.BaseJiraFuncTest;
import com.atlassian.jira.functest.framework.HtmlPage;
import com.atlassian.jira.functest.framework.LoginAs;
import com.atlassian.jira.functest.framework.suite.Category;
import com.atlassian.jira.functest.framework.suite.WebTest;
import com.atlassian.jira.webtests.EmailBaseFuncTestCase;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import javax.inject.Inject;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

@LoginAs(user = "admin")
@WebTest({Category.FUNC_TEST, Category.SECURITY})
/* loaded from: input_file:com/atlassian/jira/webtests/ztests/security/TestRedirectAfterLogin.class */
public class TestRedirectAfterLogin extends BaseJiraFuncTest {
    private String context;

    @Inject
    private HtmlPage page;

    @Inject
    private Administration administration;

    @Before
    public void setUpTest() {
        this.administration.restoreBlankInstance();
        String xsrfToken = this.page.getXsrfToken();
        this.navigation.logout();
        String str = "/secure/Logout!default.jspa?atl_token=" + xsrfToken;
        Assert.assertTrue(getCurrentUrl().endsWith(str));
        this.context = getCurrentUrl().substring(0, getCurrentUrl().length() - str.length());
    }

    @Test
    public void testRedirectWithRelativeUrl() throws Exception {
        this.tester.gotoPage("login.jsp?os_destination=%2Fsecure%2Fadmin%2Fuser%2FUserBrowser.jspa");
        this.tester.setFormElement("os_username", "admin");
        this.tester.setFormElement("os_password", "admin");
        this.tester.setWorkingForm("login-form");
        this.tester.submit();
        Assert.assertEquals(this.context + "/secure/admin/user/UserBrowser.jspa", getCurrentUrl());
        this.tester.assertTextPresent("Filter users");
    }

    @Test
    public void testRedirectWithAbsoluteUrlSameContext() throws Exception {
        this.tester.gotoPage("login.jsp?os_destination=" + URLEncoder.encode(this.context + "/secure/admin/user/UserBrowser.jspa", System.getProperty("file.encoding")));
        this.tester.setFormElement("os_username", "admin");
        this.tester.setFormElement("os_password", "admin");
        this.tester.setWorkingForm("login-form");
        this.tester.submit();
        Assert.assertEquals(this.context + "/secure/admin/user/UserBrowser.jspa", getCurrentUrl());
        this.tester.assertTextPresent("Filter users");
    }

    @Test
    public void testRedirectWithAbsoluteUrlDifferentContext() throws Exception {
        this.tester.gotoPage("login.jsp?os_destination=" + URLEncoder.encode("http://www.atlassian.com", System.getProperty("file.encoding")));
        this.tester.setFormElement("os_username", "admin");
        this.tester.setFormElement("os_password", "admin");
        this.tester.setWorkingForm("login-form");
        this.tester.submit();
        Assert.assertEquals(this.context + "/", getCurrentUrl());
        this.tester.assertTextPresent("jWebTest JIRA installation");
    }

    @Test
    public void testRedirectWithHeaderInjectionCRLF() throws Exception {
        _testRedirectWithHeaderInjection(EmailBaseFuncTestCase.newline);
    }

    @Test
    public void testRedirectWithHeaderInjectionCR() throws Exception {
        _testRedirectWithHeaderInjection("\r");
    }

    @Test
    public void testRedirectWithHeaderInjectionLF() throws Exception {
        _testRedirectWithHeaderInjection("\n");
    }

    private void _testRedirectWithHeaderInjection(String str) throws UnsupportedEncodingException {
        this.tester.gotoPage("login.jsp?os_destination=%2Fsecure%2Fadmin%2Fuser%2FUserBrowser.jspa" + URLEncoder.encode(str + "http://www.atlassian.com", System.getProperty("file.encoding")));
        this.tester.setFormElement("os_username", "admin");
        this.tester.setFormElement("os_password", "admin");
        this.tester.setWorkingForm("login-form");
        this.tester.submit();
        Assert.assertEquals(this.context + "/", getCurrentUrl());
        this.tester.assertTextPresent("jWebTest JIRA installation");
    }

    private String getCurrentUrl() {
        return this.tester.getDialog().getWebClient().getCurrentPage().getURL().toString();
    }
}
