package org.primeframework.mvc;

import com.google.inject.Inject;
import org.example.domain.User;
import org.primeframework.mvc.security.MockUserLoginSecurityContext;
import org.primeframework.mvc.security.UserLoginSecurityContext;
import org.testng.annotations.Test;

/* loaded from: input_file:org/primeframework/mvc/CSRFTest.class */
public class CSRFTest extends PrimeBaseTest {

    @Inject
    public UserLoginSecurityContext securityContext;

    @Test
    public void post_CSRFOriginFailure() {
        MockUserLoginSecurityContext.roles.add("admin");
        configuration.csrfEnabled = true;
        simulator.test("/secure").withSingleHeader("Origin", "https://malicious.com").withSingleHeader("Referer", (String) null).setup(mockHttpServletRequest -> {
            this.securityContext.login(new User());
        }).post().assertStatusCode(403);
        simulator.test("/secure").withSingleHeader("Origin", "null").withSingleHeader("Referer", (String) null).setup(mockHttpServletRequest2 -> {
            this.securityContext.login(new User());
        }).post().assertStatusCode(403);
    }

    @Test
    public void post_CSRFRefererFailure() {
        MockUserLoginSecurityContext.roles.add("admin");
        configuration.csrfEnabled = true;
        simulator.test("/secure").withSingleHeader("Origin", (String) null).withSingleHeader("Referer", "https://malicious.com").setup(mockHttpServletRequest -> {
            this.securityContext.login(new User());
        }).post().assertStatusCode(403);
    }

    @Test
    public void post_CSRFTokenFailure() {
        MockUserLoginSecurityContext.roles.add("admin");
        configuration.csrfEnabled = true;
        simulator.test("/secure").setup(mockHttpServletRequest -> {
            this.securityContext.login(new User());
        }).withCSRFToken("bad-token").post().assertStatusCode(403);
    }

    @Test
    public void post_CSRFTokenSuccess() {
        MockUserLoginSecurityContext.roles.add("admin");
        configuration.csrfEnabled = true;
        simulator.test("/secure").setup(mockHttpServletRequest -> {
            this.securityContext.login(new User());
        }).post().assertStatusCode(200).assertBody("Secure!");
    }
}
