package org.keycloak.testsuite.forms;

import java.lang.invoke.SerializedLambda;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.hamcrest.Matchers;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.common.Profile;
import org.keycloak.models.UserManager;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.TimeBasedOTP;
import org.keycloak.representations.idm.AuthenticationFlowRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RequiredActionProviderRepresentation;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
import org.keycloak.testsuite.oauth.RefreshTokenTest;
import org.keycloak.testsuite.pages.AccountTotpPage;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.ErrorPage;
import org.keycloak.testsuite.pages.LoginConfigTotpPage;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.pages.LoginPasswordResetPage;
import org.keycloak.testsuite.pages.LoginPasswordUpdatePage;
import org.keycloak.testsuite.pages.LoginTotpPage;
import org.keycloak.testsuite.pages.LoginUsernameOnlyPage;
import org.keycloak.testsuite.pages.PasswordPage;
import org.keycloak.testsuite.pages.RegisterPage;
import org.keycloak.testsuite.util.FlowUtil;
import org.keycloak.testsuite.util.GreenMailRule;
import org.keycloak.testsuite.util.MailUtils;
import org.keycloak.testsuite.util.URLUtils;
import org.keycloak.testsuite.util.UserBuilder;
import org.openqa.selenium.By;

@AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
/* loaded from: input_file:org/keycloak/testsuite/forms/ResetCredentialsAlternativeFlowsTest.class */
public class ResetCredentialsAlternativeFlowsTest extends AbstractTestRealmKeycloakTest {
    private String userId;

    @Page
    protected LoginPage loginPage;

    @Page
    protected LoginUsernameOnlyPage loginUsernameOnlyPage;

    @Page
    protected PasswordPage passwordPage;

    @Page
    protected RegisterPage registerPage;

    @Page
    protected LoginPasswordResetPage resetPasswordPage;

    @Page
    protected LoginPasswordUpdatePage updatePasswordPage;

    @Page
    protected AccountTotpPage accountTotpPage;

    @Page
    protected LoginConfigTotpPage totpPage;

    @Page
    protected LoginTotpPage loginTotpPage;

    @Page
    protected ErrorPage errorPage;

    @Page
    protected AppPage appPage;

    @Rule
    public GreenMailRule greenMail = new GreenMailRule();
    protected TimeBasedOTP totp = new TimeBasedOTP();

    @Override // org.keycloak.testsuite.AbstractTestRealmKeycloakTest
    public void configureTestRealm(RealmRepresentation realmRepresentation) {
    }

    @Before
    public void setup() {
        this.log.info("Adding login-test user");
        this.userId = ApiUtil.createUserAndResetPasswordWithAdminClient(testRealm(), UserBuilder.create().username("login-test").email("login@test.com").enabled(true).build(), "password");
        getCleanup().addUserId(this.userId);
    }

    @Test
    public void testNotExistingUserProvidedInResetCredentialsFlow() {
        try {
            MultiFactorAuthenticationTest.configureBrowserFlowWithAlternativeCredentials(this.testingClient);
            provideUsernameAndClickResetPassword("login-test");
            this.resetPasswordPage.changePassword("non-existent");
            this.loginUsernameOnlyPage.assertCurrent();
            Assert.assertEquals("You should receive an email shortly with further instructions.", this.loginUsernameOnlyPage.getSuccessMessage());
            Assert.assertEquals(0L, this.greenMail.getReceivedMessages().length);
        } finally {
            revertFlows();
        }
    }

    @Test
    public void testDifferentUserProvidedInResetCredentialsFlow() {
        try {
            MultiFactorAuthenticationTest.configureBrowserFlowWithAlternativeCredentials(this.testingClient);
            provideUsernameAndClickResetPassword("login-test");
            this.resetPasswordPage.changePassword(AssertEvents.DEFAULT_USERNAME);
            this.errorPage.assertCurrent();
            Assert.assertEquals(0L, this.greenMail.getReceivedMessages().length);
        } finally {
            revertFlows();
        }
    }

    @Test
    public void testSameUserProvidedInResetCredentialsFlow() {
        try {
            MultiFactorAuthenticationTest.configureBrowserFlowWithAlternativeCredentials(this.testingClient);
            provideUsernameAndClickResetPassword("login-test");
            this.resetPasswordPage.changePassword("login-test");
            this.loginUsernameOnlyPage.assertCurrent();
            Assert.assertEquals("You should receive an email shortly with further instructions.", this.loginUsernameOnlyPage.getSuccessMessage());
            Assert.assertEquals(1L, this.greenMail.getReceivedMessages().length);
        } finally {
            revertFlows();
        }
    }

    @Test
    public void testResetCredentialsFlowWithUsernameProvidedFromBrowserFlow() throws Exception {
        try {
            MultiFactorAuthenticationTest.configureBrowserFlowWithAlternativeCredentials(this.testingClient);
            configureResetCredentialsRemoveExecutionsAndBindTheFlow("resetcred - alternative", Arrays.asList("reset-credentials-choose-user"));
            this.loginUsernameOnlyPage.open();
            this.loginUsernameOnlyPage.login("login-test");
            Assert.assertTrue(this.passwordPage.isCurrent());
            this.passwordPage.clickResetPassword();
            this.loginUsernameOnlyPage.assertCurrent();
            Assert.assertEquals("You should receive an email shortly with further instructions.", this.loginUsernameOnlyPage.getSuccessMessage());
            Assert.assertEquals(1L, this.greenMail.getReceivedMessages().length);
            this.driver.navigate().to(MailUtils.getPasswordResetEmailLink(this.greenMail.getReceivedMessages()[0]).trim());
            this.updatePasswordPage.assertCurrent();
            this.updatePasswordPage.changePassword("resetPassword", "resetPassword");
            Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
            Assert.assertNotNull(this.oauth.getCurrentQuery().get("code"));
            revertFlows();
        } catch (Throwable th) {
            revertFlows();
            throw th;
        }
    }

    private void provideUsernameAndClickResetPassword(String str) {
        this.loginUsernameOnlyPage.open();
        this.loginUsernameOnlyPage.login(str);
        Assert.assertTrue(this.passwordPage.isCurrent());
        this.passwordPage.clickResetPassword();
        this.resetPasswordPage.assertCurrent();
        Assert.assertTrue(URLUtils.currentUrlMatches("/login-actions/reset-credentials"));
    }

    private void revertFlows() {
        List flows = testRealm().flows().getFlows();
        RealmRepresentation representation = testRealm().toRepresentation();
        representation.setBrowserFlow("browser");
        representation.setResetCredentialsFlow("reset credentials");
        testRealm().update(representation);
        Iterator it = Arrays.asList("browser - alternative", "resetcred - alternative", "resetcred - KEYCLOAK-11753 - test").iterator();
        while (it.hasNext()) {
            AuthenticationFlowRepresentation findFlowByAlias = AbstractAuthenticationTest.findFlowByAlias((String) it.next(), flows);
            if (findFlowByAlias != null) {
                testRealm().flows().deleteFlow(findFlowByAlias.getId());
            }
        }
    }

    private void configureResetCredentialsRemoveExecutionsAndBindTheFlow(String str, List<String> list) {
        this.testingClient.server("test").run(keycloakSession -> {
            if (keycloakSession.getContext().getRealm().getFlowByAlias(str) == null) {
                FlowUtil.inCurrentRealm(keycloakSession).copyResetCredentialsFlow(str);
            }
        });
        for (String str2 : list) {
            int asInt = realmsResouce().realm("test").flows().getExecutions(str).stream().filter(authenticationExecutionInfoRepresentation -> {
                return authenticationExecutionInfoRepresentation.getProviderId().equals(str2);
            }).mapToInt(authenticationExecutionInfoRepresentation2 -> {
                return authenticationExecutionInfoRepresentation2.getIndex();
            }).findFirst().getAsInt();
            this.testingClient.server("test").run(keycloakSession2 -> {
                FlowUtil.inCurrentRealm(keycloakSession2).selectFlow(str).removeExecution(asInt);
            });
        }
        this.testingClient.server("test").run(keycloakSession3 -> {
            FlowUtil.inCurrentRealm(keycloakSession3).selectFlow(str).defineAsResetCredentialsFlow();
        });
    }

    @Test
    @DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
    public void resetCredentialsVerifyCustomOtpLabelSetProperly() {
        try {
            configureResetCredentialsRemoveExecutionsAndBindTheFlow("resetcred - KEYCLOAK-11753 - test", Arrays.asList("reset-credential-email", "reset-password"));
            this.loginPage.open();
            this.loginPage.login("login@test.com", "password");
            this.accountTotpPage.open();
            Assert.assertTrue(this.accountTotpPage.isCurrent());
            this.accountTotpPage.configure(this.totp.generateTOTP(this.accountTotpPage.getTotpSecret()), "my-original-otp-label");
            this.oauth.openLogout();
            this.loginPage.open();
            this.loginPage.resetPassword();
            Assert.assertTrue(this.resetPasswordPage.isCurrent());
            this.resetPasswordPage.changePassword("login@test.com");
            Assert.assertTrue(this.totpPage.isCurrent());
            this.totpPage.configure(this.totp.generateTOTP(this.totpPage.getTotpSecret()), "my-reset-otp-label");
            this.accountTotpPage.open();
            Assert.assertTrue(this.accountTotpPage.isCurrent());
            Assert.assertTrue(this.driver.getPageSource().contains("my-reset-otp-label"));
            revertFlows();
        } catch (Throwable th) {
            revertFlows();
            throw th;
        }
    }

    @Test
    @DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
    public void deviceNameOptionalForFirstOTPCredentialButRequiredForEachNextOne() {
        RequiredActionProviderRepresentation requiredAction = testRealm().flows().getRequiredAction("CONFIGURE_TOTP");
        requiredAction.setDefaultAction(true);
        testRealm().flows().updateRequiredAction("CONFIGURE_TOTP", requiredAction);
        try {
            configureResetCredentialsRemoveExecutionsAndBindTheFlow("resetcred - KEYCLOAK-12168 - firstOTP - account - test", Arrays.asList("reset-credential-email", "reset-password"));
            this.loginPage.open();
            this.loginPage.login("login@test.com", "password");
            this.accountTotpPage.open();
            Assert.assertTrue(this.accountTotpPage.isCurrent());
            String pageSource = this.driver.getPageSource();
            Assert.assertTrue(Pattern.compile("(?s)<label for=\"totp\"((?!</span>).)+((?=<span class=\"required\">\\*).)*").matcher(pageSource).find());
            Assert.assertFalse(Pattern.compile("(?s)((?<=<label for=\"userLabel\").)+.*<span class=\"required\">\\s+\\*").matcher(pageSource).find());
            this.accountTotpPage.configure(this.totp.generateTOTP(this.accountTotpPage.getTotpSecret()), "");
            this.driver.getPageSource();
            Assert.assertThat(this.driver.findElements(By.className("provider")).stream().map((v0) -> {
                return v0.getText();
            }).collect(Collectors.toList()), Matchers.hasItem(""));
            this.accountTotpPage.removeTotp();
            this.oauth.openLogout();
            this.loginPage.open();
            this.loginPage.clickRegister();
            this.registerPage.assertCurrent();
            this.registerPage.register("Bruce", "Wilson", "bwilson@keycloak.org", "bwilson", "password", "password");
            Assert.assertTrue(this.totpPage.isCurrent());
            String pageSource2 = this.driver.getPageSource();
            Assert.assertTrue(Pattern.compile("(?s)<label for=\"totp\"((?!</span>).)+((?=<span class=\"required\">\\*).)*").matcher(pageSource2).find());
            Assert.assertFalse(Pattern.compile("(?s)((?<=<label for=\"userLabel\").)+.*<span class=\"required\">\\s+\\*").matcher(pageSource2).find());
            this.totpPage.configure(this.totp.generateTOTP(this.accountTotpPage.getTotpSecret()), "");
            Assert.assertNull(this.totpPage.getAlertError());
            Assert.assertNull(this.totpPage.getInputCodeError());
            Assert.assertNull(this.totpPage.getInputLabelError());
            this.appPage.assertCurrent();
            Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
            Assert.assertNotNull(this.oauth.getCurrentQuery().get("code"));
            this.accountTotpPage.open();
            Assert.assertTrue(this.accountTotpPage.isCurrent());
            Assert.assertThat(this.driver.findElements(By.className("provider")).stream().map((v0) -> {
                return v0.getText();
            }).collect(Collectors.toList()), Matchers.hasItem(""));
            this.oauth.openLogout();
            this.loginPage.open();
            this.loginPage.resetPassword();
            Assert.assertTrue(this.resetPasswordPage.isCurrent());
            this.resetPasswordPage.changePassword("bwilson@keycloak.org");
            String pageSource3 = this.driver.getPageSource();
            Assert.assertTrue(Pattern.compile("(?s)<label for=\"totp\"((?!</span>).)+((?=<span class=\"required\">\\*).)*").matcher(pageSource3).find());
            Assert.assertTrue(Pattern.compile("(?s)<label for=\"userLabel\"((?!</span>).)+((?=<span class=\"required\">\\*).)*").matcher(pageSource3).find());
            this.totpPage.configure(this.totp.generateTOTP(this.accountTotpPage.getTotpSecret()), "");
            Assert.assertTrue(this.totpPage.getInputLabelError().equals("Please specify device name."));
            this.totpPage.configure(this.totp.generateTOTP(this.accountTotpPage.getTotpSecret()), "My 2nd OTP device");
            Assert.assertNull(this.totpPage.getAlertError());
            Assert.assertNull(this.totpPage.getInputCodeError());
            Assert.assertNull(this.totpPage.getInputLabelError());
            this.appPage.assertCurrent();
            Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
            Assert.assertNotNull(this.oauth.getCurrentQuery().get("code"));
            this.accountTotpPage.open();
            Assert.assertTrue(this.accountTotpPage.isCurrent());
            Assert.assertTrue(this.driver.getPageSource().contains("My 2nd OTP device"));
            this.accountTotpPage.removeTotp();
            this.accountTotpPage.removeTotp();
            this.oauth.openLogout();
            revertFlows();
            requiredAction.setDefaultAction(false);
            testRealm().flows().updateRequiredAction("CONFIGURE_TOTP", requiredAction);
            this.testingClient.server("test").run(keycloakSession -> {
                UserManager userManager = new UserManager(keycloakSession);
                UserModel userByUsername = keycloakSession.users().getUserByUsername(keycloakSession.getContext().getRealm(), "bwilson");
                if (userByUsername != null) {
                    userManager.removeUser(keycloakSession.getContext().getRealm(), userByUsername);
                }
            });
        } catch (Throwable th) {
            revertFlows();
            requiredAction.setDefaultAction(false);
            testRealm().flows().updateRequiredAction("CONFIGURE_TOTP", requiredAction);
            this.testingClient.server("test").run(keycloakSession2 -> {
                UserManager userManager = new UserManager(keycloakSession2);
                UserModel userByUsername = keycloakSession2.users().getUserByUsername(keycloakSession2.getContext().getRealm(), "bwilson");
                if (userByUsername != null) {
                    userManager.removeUser(keycloakSession2.getContext().getRealm(), userByUsername);
                }
            });
            throw th;
        }
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case -1292573372:
                if (implMethodName.equals("lambda$configureResetCredentialsRemoveExecutionsAndBindTheFlow$5bf0fc21$1")) {
                    z = false;
                    break;
                }
                break;
            case -1292573371:
                if (implMethodName.equals("lambda$configureResetCredentialsRemoveExecutionsAndBindTheFlow$5bf0fc21$2")) {
                    z = 2;
                    break;
                }
                break;
            case -1078508185:
                if (implMethodName.equals("lambda$deviceNameOptionalForFirstOTPCredentialButRequiredForEachNextOne$26a8868a$1")) {
                    z = true;
                    break;
                }
                break;
            case -15558966:
                if (implMethodName.equals("lambda$configureResetCredentialsRemoveExecutionsAndBindTheFlow$6349eafa$1")) {
                    z = 3;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/forms/ResetCredentialsAlternativeFlowsTest") && serializedLambda.getImplMethodSignature().equals("(Ljava/lang/String;Lorg/keycloak/models/KeycloakSession;)V")) {
                    String str = (String) serializedLambda.getCapturedArg(0);
                    return keycloakSession -> {
                        if (keycloakSession.getContext().getRealm().getFlowByAlias(str) == null) {
                            FlowUtil.inCurrentRealm(keycloakSession).copyResetCredentialsFlow(str);
                        }
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/forms/ResetCredentialsAlternativeFlowsTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return keycloakSession2 -> {
                        UserManager userManager = new UserManager(keycloakSession2);
                        UserModel userByUsername = keycloakSession2.users().getUserByUsername(keycloakSession2.getContext().getRealm(), "bwilson");
                        if (userByUsername != null) {
                            userManager.removeUser(keycloakSession2.getContext().getRealm(), userByUsername);
                        }
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/forms/ResetCredentialsAlternativeFlowsTest") && serializedLambda.getImplMethodSignature().equals("(Ljava/lang/String;Lorg/keycloak/models/KeycloakSession;)V")) {
                    String str2 = (String) serializedLambda.getCapturedArg(0);
                    return keycloakSession3 -> {
                        FlowUtil.inCurrentRealm(keycloakSession3).selectFlow(str2).defineAsResetCredentialsFlow();
                    };
                }
                break;
            case RefreshTokenTest.ALLOWED_CLOCK_SKEW /* 3 */:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/forms/ResetCredentialsAlternativeFlowsTest") && serializedLambda.getImplMethodSignature().equals("(Ljava/lang/String;ILorg/keycloak/models/KeycloakSession;)V")) {
                    String str3 = (String) serializedLambda.getCapturedArg(0);
                    int intValue = ((Integer) serializedLambda.getCapturedArg(1)).intValue();
                    return keycloakSession22 -> {
                        FlowUtil.inCurrentRealm(keycloakSession22).selectFlow(str3).removeExecution(intValue);
                    };
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
