package info.magnolia.cms.security;

import info.magnolia.context.MgnlContext;
import info.magnolia.context.WebContext;
import javax.servlet.FilterChain;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:info/magnolia/cms/security/CsrfSecurityFilterTest.class */
public class CsrfSecurityFilterTest {
    private HttpServletRequest request;
    private HttpServletResponse response;
    private FilterChain chain;

    @Before
    public void setUp() {
        WebContext webContext = (WebContext) Mockito.mock(WebContext.class);
        MgnlContext.setInstance(webContext);
        Mockito.when(webContext.getUser()).thenReturn((User) Mockito.mock(User.class));
        this.request = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        this.response = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        this.chain = (FilterChain) Mockito.mock(FilterChain.class);
    }

    @Test
    public void testIsAllowedForCorrectReferrer() throws Exception {
        Mockito.when(this.request.getHeader("referer")).thenReturn("http://actualwebsite.com/.magnolia/");
        Mockito.when(this.request.getRequestURL()).thenReturn(new StringBuffer("http://actualwebsite.com/.magnolia/"));
        new CsrfSecurityFilter().doFilter(this.request, this.response, this.chain);
        ((FilterChain) Mockito.verify(this.chain)).doFilter(this.request, this.response);
    }

    @Test
    public void testIsAllowedWithNoReferrer() throws Exception {
        Mockito.when(this.request.getHeader("referer")).thenReturn("");
        Mockito.when(this.request.getRequestURL()).thenReturn(new StringBuffer("http://actualwebsite.com/.magnolia/"));
        new CsrfSecurityFilter().doFilter(this.request, this.response, this.chain);
        Mockito.verifyNoMoreInteractions(new Object[]{this.chain});
        ((HttpServletResponse) Mockito.verify(this.response)).setStatus(400);
    }

    @Test
    public void testIsAllowedForIncorrectReferrer() throws Exception {
        Mockito.when(this.request.getHeader("referer")).thenReturn("http://strangereferrer.com");
        Mockito.when(this.request.getRequestURL()).thenReturn(new StringBuffer("http://actualwebsite.com/.magnolia/"));
        new CsrfSecurityFilter().doFilter(this.request, this.response, this.chain);
        Mockito.verifyNoMoreInteractions(new Object[]{this.chain});
        ((HttpServletResponse) Mockito.verify(this.response)).setStatus(400);
    }
}
