package com.atlassian.jira.webtests.ztests.security.xsrf;

import com.atlassian.jira.functest.framework.BaseJiraFuncTest;
import com.atlassian.jira.functest.framework.Form;
import com.atlassian.jira.functest.framework.HtmlPage;
import com.atlassian.jira.functest.framework.LoginAs;
import com.atlassian.jira.functest.framework.Navigation;
import com.atlassian.jira.functest.framework.RestoreBlankInstance;
import com.atlassian.jira.functest.framework.security.xsrf.XsrfCheck;
import com.atlassian.jira.functest.framework.security.xsrf.XsrfTestSuite;
import com.atlassian.jira.functest.framework.suite.Category;
import com.atlassian.jira.functest.framework.suite.WebTest;
import com.meterware.httpunit.WebResponse;
import java.net.URL;
import java.util.regex.Pattern;
import javax.inject.Inject;
import net.sourceforge.jwebunit.WebTester;
import org.junit.Test;
import org.xml.sax.SAXException;

@LoginAs(user = "admin")
@RestoreBlankInstance
@WebTest({Category.FUNC_TEST, Category.SECURITY})
/* loaded from: input_file:com/atlassian/jira/webtests/ztests/security/xsrf/TestXsrfLogOut.class */
public class TestXsrfLogOut extends BaseJiraFuncTest {
    private static final String LOG_OUT_LINK_ID = "log_out";

    @Inject
    private Form form;

    @Inject
    private HtmlPage page;

    /* loaded from: input_file:com/atlassian/jira/webtests/ztests/security/xsrf/TestXsrfLogOut$UrlSubmission.class */
    private final class UrlSubmission implements XsrfCheck.Submission {
        private final URL originalUrl;
        private WebTester tester;
        private URL urlToSubmit;

        private UrlSubmission(URL url) {
            if (!Pattern.matches(".*?atl_token=.*?", url.getQuery())) {
                throw new IllegalArgumentException("The URL must contain a XSRF Token parameter");
            }
            this.originalUrl = url;
            this.urlToSubmit = url;
        }

        @Override // com.atlassian.jira.functest.framework.security.xsrf.XsrfCheck.Submission
        public void init(WebTester webTester, Navigation navigation, Form form) {
            this.tester = webTester;
            resetReferer();
        }

        @Override // com.atlassian.jira.functest.framework.security.xsrf.XsrfCheck.Submission
        public void removeToken() throws Exception {
            this.urlToSubmit = new URL(XsrfCheck.invalidTokenInUrl(this.originalUrl.toString()));
        }

        @Override // com.atlassian.jira.functest.framework.security.xsrf.XsrfCheck.Submission
        public void submitRequest() throws Exception {
            this.tester.gotoPage(this.urlToSubmit.toString());
            resetUrlToSubmit();
        }

        @Override // com.atlassian.jira.functest.framework.security.xsrf.XsrfCheck.Submission
        public WebResponse submitRequest(String str) throws Exception {
            setReferer(str);
            submitRequest();
            resetReferer();
            return this.tester.getDialog().getResponse();
        }

        private void setReferer(String str) {
            this.tester.getTestContext().getWebClient().setHeaderField("Referer", str);
        }

        private void resetReferer() {
            setReferer(this.tester.getTestContext().getBaseUrl());
        }

        private void resetUrlToSubmit() {
            this.urlToSubmit = this.originalUrl;
        }
    }

    @Test
    public void testXsrfLogoutFromSeraph() throws Exception {
        new XsrfTestSuite(new XsrfCheck("Log Out XSRF Protection Test - Seraph", new XsrfCheck.Setup() { // from class: com.atlassian.jira.webtests.ztests.security.xsrf.TestXsrfLogOut.1
            @Override // com.atlassian.jira.functest.framework.security.xsrf.XsrfCheck.Setup
            public void setup() {
                TestXsrfLogOut.this.navigation.gotoDashboard();
            }
        }, new XsrfCheck.LinkWithIdSubmission(LOG_OUT_LINK_ID) { // from class: com.atlassian.jira.webtests.ztests.security.xsrf.TestXsrfLogOut.2
            @Override // com.atlassian.jira.functest.framework.security.xsrf.XsrfCheck.LinkWithIdSubmission, com.atlassian.jira.functest.framework.security.xsrf.XsrfCheck.AbstractLinkSubmission
            public String getLink() throws Exception {
                return super.getLink().replaceFirst(TestXsrfLogOut.this.getEnvironmentData().getContext(), "");
            }
        })).run(this.tester, this.navigation, this.form, "Confirm logout");
    }

    @Test
    public void testXsrfLogoutFromSeraphWithAnExpiredSession() throws Exception {
        this.navigation.gotoDashboard();
        this.tester.getDialog().getWebClient().clearCookies();
        this.tester.clickLink(LOG_OUT_LINK_ID);
        this.tester.getDialog().getResponse();
        this.tester.assertTextPresent("You have already been logged out of Jira");
    }

    @Test
    public void testXsrfLogoutFromSeraphWithAnExpiredSessionAndWrongReferer() throws SAXException {
        this.navigation.gotoDashboard();
        this.tester.getDialog().getWebClient().clearCookies();
        String replace = this.tester.getDialog().getResponse().getLinkWithID(LOG_OUT_LINK_ID).getURLString().replaceFirst(getEnvironmentData().getContext(), "").replace("atl_token=", "atl_token=invalid");
        this.tester.getTestContext().getWebClient().setHeaderField("Referer", "http://invalid.com");
        this.tester.gotoPage(replace);
        this.tester.getDialog().getResponse();
        this.tester.assertTextPresent("Forbidden (403)");
    }

    @Test
    public void testXsrfLogOutFromSeraphConfirmsLogOutWhenRememberMeIsOn() throws Exception {
        this.navigation.logout();
        this.navigation.login("admin", "admin", true);
        new XsrfTestSuite(new XsrfCheck("Log Out XSRF Protection Test - Seraph", new XsrfCheck.Setup() { // from class: com.atlassian.jira.webtests.ztests.security.xsrf.TestXsrfLogOut.3
            @Override // com.atlassian.jira.functest.framework.security.xsrf.XsrfCheck.Setup
            public void setup() {
                TestXsrfLogOut.this.navigation.gotoDashboard();
            }
        }, new XsrfCheck.LinkWithIdSubmission(LOG_OUT_LINK_ID) { // from class: com.atlassian.jira.webtests.ztests.security.xsrf.TestXsrfLogOut.4
            @Override // com.atlassian.jira.functest.framework.security.xsrf.XsrfCheck.LinkWithIdSubmission, com.atlassian.jira.functest.framework.security.xsrf.XsrfCheck.AbstractLinkSubmission
            public String getLink() throws Exception {
                return super.getLink().replaceFirst(TestXsrfLogOut.this.getEnvironmentData().getContext(), "");
            }
        })).run(this.tester, this.navigation, this.form, "Confirm logout");
    }

    @Test
    public void testXsrfLogoutFromActionViaDefaultCommand() throws Exception {
        new XsrfTestSuite(new XsrfCheck("Log Out XSRF Protection Test - Default Action", new XsrfCheck.Setup.None(), new UrlSubmission(new URL(getEnvironmentData().getBaseUrl() + "/Logout!default.jspa?atl_token=" + this.page.getXsrfToken())))).run(this.tester, this.navigation, this.form, "Confirm logout");
    }

    @Test
    public void testXsrfLogoutFromActionViaDefaultCommandWithAnExpiredSession() throws Exception {
        this.navigation.gotoDashboard();
        this.tester.getDialog().getWebClient().clearCookies();
        this.tester.getTestContext().getWebClient().setHeaderField("Referer", this.tester.getTestContext().getBaseUrl());
        this.tester.gotoPage("/Logout!default.jspa?atl_token=" + this.page.getXsrfToken());
        this.tester.getDialog().getResponse();
        this.tester.assertTextPresent("You have already been logged out of Jira");
    }

    @Test
    public void testXsrfLogoutFromActionViaDefaultCommandWithAnExpiredSessionAndWrongReferer() {
        this.navigation.gotoDashboard();
        this.tester.getDialog().getWebClient().clearCookies();
        this.tester.getTestContext().getWebClient().setHeaderField("Referer", "http://example.com");
        this.tester.gotoPage("/Logout!default.jspa?atl_token=" + this.page.getXsrfToken());
        this.tester.getDialog().getResponse();
        this.tester.assertTextPresent(XsrfCheck.CODE_403_DEFAULT_ERROR);
    }

    @Test
    public void testXsrfLogoutFromActionViaDefaultCommandWhenRememberMeIsOn() throws Exception {
        this.navigation.logout();
        this.navigation.login("admin", "admin", true);
        new XsrfTestSuite(new XsrfCheck("Log Out XSRF Protection Test - Default Action", new XsrfCheck.Setup.None(), new UrlSubmission(new URL(getEnvironmentData().getBaseUrl() + "/Logout!default.jspa?atl_token=" + this.page.getXsrfToken())))).run(this.tester, this.navigation, this.form, "Confirm logout");
    }

    @Test
    public void testXsrfLogoutFromActionViaExecuteCommand() throws Exception {
        new XsrfTestSuite(new XsrfCheck("Log Out XSRF Protection Test - Action", new XsrfCheck.Setup.None(), new UrlSubmission(new URL(getEnvironmentData().getBaseUrl() + "/Logout.jspa?atl_token=" + this.page.getXsrfToken())))).run(this.tester, this.navigation, this.form, "Confirm logout");
    }

    @Test
    public void testXsrfLogoutFromActionViaExecuteCommandWithAnExpiredSession() throws Exception {
        this.navigation.gotoDashboard();
        this.tester.getDialog().getWebClient().clearCookies();
        this.tester.getTestContext().getWebClient().setHeaderField("Referer", this.tester.getTestContext().getBaseUrl());
        this.tester.gotoPage("/Logout.jspa?atl_token=" + this.page.getXsrfToken());
        this.tester.getDialog().getResponse();
        this.tester.assertTextPresent("You have already been logged out of Jira");
    }

    @Test
    public void testXsrfLogoutFromActionViaExecuteCommandWithAnExpiredSessionAndWrongReferer() {
        this.navigation.gotoDashboard();
        this.tester.getDialog().getWebClient().clearCookies();
        this.tester.getTestContext().getWebClient().setHeaderField("Referer", "http://example.com");
        this.tester.gotoPage("/Logout.jspa?atl_token=" + this.page.getXsrfToken());
        this.tester.getDialog().getResponse();
        this.tester.assertTextPresent(XsrfCheck.CODE_403_DEFAULT_ERROR);
    }

    @Test
    public void testXsrfLogoutFromActionViaExecuteCommandWhenRememberMeIsOn() throws Exception {
        this.navigation.logout();
        this.navigation.login("admin", "admin", true);
        new XsrfTestSuite(new XsrfCheck("Log Out XSRF Protection Test - Action", new XsrfCheck.Setup.None(), new UrlSubmission(new URL(getEnvironmentData().getBaseUrl() + "/Logout.jspa?atl_token=" + this.page.getXsrfToken())))).run(this.tester, this.navigation, this.form, "Confirm logout");
    }
}
