package org.pac4j.core.authorization.authorizer;

import java.util.List;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.pac4j.core.context.HttpConstants;
import org.pac4j.core.context.MockWebContext;
import org.pac4j.core.util.TestsConstants;

/* loaded from: input_file:org/pac4j/core/authorization/authorizer/CsrfAuthorizerTests.class */
public final class CsrfAuthorizerTests implements TestsConstants {
    private CsrfAuthorizer authorizer;

    @Before
    public void setUp() {
        this.authorizer = new CsrfAuthorizer();
        this.authorizer.setCheckAllRequests(true);
    }

    @Test
    public void testParameterOk() {
        Assert.assertTrue(this.authorizer.isAuthorized(MockWebContext.create().addRequestParameter("pac4jCsrfToken", TestsConstants.VALUE).addSessionAttribute("pac4jCsrfToken", TestsConstants.VALUE), (List) null));
    }

    @Test
    public void testParameterOkNewName() {
        MockWebContext addSessionAttribute = MockWebContext.create().addRequestParameter(TestsConstants.NAME, TestsConstants.VALUE).addSessionAttribute("pac4jCsrfToken", TestsConstants.VALUE);
        this.authorizer.setParameterName(TestsConstants.NAME);
        Assert.assertTrue(this.authorizer.isAuthorized(addSessionAttribute, (List) null));
    }

    @Test
    public void testHeaderOk() {
        Assert.assertTrue(this.authorizer.isAuthorized(MockWebContext.create().addRequestHeader("pac4jCsrfToken", TestsConstants.VALUE).addSessionAttribute("pac4jCsrfToken", TestsConstants.VALUE), (List) null));
    }

    @Test
    public void testHeaderOkNewName() {
        MockWebContext addSessionAttribute = MockWebContext.create().addRequestHeader(TestsConstants.NAME, TestsConstants.VALUE).addSessionAttribute("pac4jCsrfToken", TestsConstants.VALUE);
        this.authorizer.setHeaderName(TestsConstants.NAME);
        Assert.assertTrue(this.authorizer.isAuthorized(addSessionAttribute, (List) null));
    }

    @Test
    public void testNoToken() {
        Assert.assertFalse(this.authorizer.isAuthorized(MockWebContext.create().addSessionAttribute("pac4jCsrfToken", TestsConstants.VALUE), (List) null));
    }

    @Test
    public void testNoTokenCheckAll() {
        MockWebContext addSessionAttribute = MockWebContext.create().addSessionAttribute("pac4jCsrfToken", TestsConstants.VALUE);
        this.authorizer.setCheckAllRequests(false);
        Assert.assertTrue(this.authorizer.isAuthorized(addSessionAttribute, (List) null));
    }

    @Test
    public void testNoTokenRequest() {
        internalTestNoTokenRequest(HttpConstants.HTTP_METHOD.POST);
        internalTestNoTokenRequest(HttpConstants.HTTP_METHOD.PUT);
        internalTestNoTokenRequest(HttpConstants.HTTP_METHOD.PATCH);
        internalTestNoTokenRequest(HttpConstants.HTTP_METHOD.DELETE);
    }

    private void internalTestNoTokenRequest(HttpConstants.HTTP_METHOD http_method) {
        MockWebContext addSessionAttribute = MockWebContext.create().addSessionAttribute("pac4jCsrfToken", TestsConstants.VALUE);
        addSessionAttribute.setRequestMethod(http_method.name());
        Assert.assertFalse(this.authorizer.isAuthorized(addSessionAttribute, (List) null));
    }

    @Test
    public void testHeaderOkButNoTokenInSession() {
        Assert.assertFalse(this.authorizer.isAuthorized(MockWebContext.create().addRequestHeader("pac4jCsrfToken", TestsConstants.VALUE), (List) null));
    }
}
