package org.keycloak.testsuite.forms;

import java.util.Arrays;
import java.util.HashMap;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import org.apache.commons.lang3.RandomStringUtils;
import org.hamcrest.Matchers;
import org.jboss.arquillian.drone.api.annotation.Drone;
import org.jboss.arquillian.graphene.page.Page;
import org.jboss.resteasy.client.jaxrs.ResteasyClient;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.common.Profile;
import org.keycloak.common.util.Retry;
import org.keycloak.events.EventType;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.jose.jws.JWSInputException;
import org.keycloak.models.BrowserSecurityHeaders;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.account.AccountFormServiceTest;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
import org.keycloak.testsuite.auth.page.login.PageWithLoginUrl;
import org.keycloak.testsuite.console.page.AdminConsole;
import org.keycloak.testsuite.oauth.OAuthGrantTest;
import org.keycloak.testsuite.pages.AccountUpdateProfilePage;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.ErrorPage;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.pages.LoginPasswordUpdatePage;
import org.keycloak.testsuite.updaters.RealmAttributeUpdater;
import org.keycloak.testsuite.updaters.ServerResourceUpdater;
import org.keycloak.testsuite.util.AdminClientUtil;
import org.keycloak.testsuite.util.ContainerAssume;
import org.keycloak.testsuite.util.DroneUtils;
import org.keycloak.testsuite.util.JavascriptBrowser;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.RealmBuilder;
import org.keycloak.testsuite.util.ServerURLs;
import org.keycloak.testsuite.util.TokenSignatureUtil;
import org.keycloak.testsuite.util.URLAssert;
import org.keycloak.testsuite.util.UserBuilder;
import org.keycloak.testsuite.util.WaitUtils;
import org.openqa.selenium.WebDriver;

/* loaded from: input_file:org/keycloak/testsuite/forms/LoginTest.class */
public class LoginTest extends AbstractTestRealmKeycloakTest {

    @Rule
    public AssertEvents events = new AssertEvents(this);

    @Page
    protected AppPage appPage;

    @JavascriptBrowser
    @Page
    protected AdminConsole jsAdminConsole;

    @Drone
    @JavascriptBrowser
    protected WebDriver jsDriver;

    @Page
    protected LoginPage loginPage;

    @JavascriptBrowser
    @Page
    protected LoginPage jsLoginPage;

    @Page
    protected ErrorPage errorPage;

    @Page
    protected AccountUpdateProfilePage profilePage;

    @Page
    protected LoginPasswordUpdatePage updatePasswordPage;
    private static String userId;
    private static String user2Id;

    @Override // org.keycloak.testsuite.AbstractTestRealmKeycloakTest
    public void configureTestRealm(RealmRepresentation realmRepresentation) {
        UserRepresentation build = UserBuilder.create().id(UUID.randomUUID().toString()).username("login-test").email("login@test.com").enabled(true).password("password").build();
        userId = build.getId();
        UserRepresentation build2 = UserBuilder.create().id(UUID.randomUUID().toString()).username("login-test2").email("login2@test.com").enabled(true).password("password").build();
        user2Id = build2.getId();
        UserRepresentation build3 = UserBuilder.create().username("admin").password("admin").enabled(true).build();
        HashMap hashMap = new HashMap();
        hashMap.put("realm-management", Arrays.asList("realm-admin"));
        build3.setClientRoles(hashMap);
        RealmBuilder.edit(realmRepresentation).user(build).user(build2).user(build3);
    }

    @Test
    public void testBrowserSecurityHeaders() {
        ResteasyClient createResteasyClient = AdminClientUtil.createResteasyClient();
        Response response = createResteasyClient.target(this.oauth.getLoginFormUrl()).request().get();
        Assert.assertThat(Integer.valueOf(response.getStatus()), Matchers.is(Matchers.equalTo(200)));
        for (BrowserSecurityHeaders browserSecurityHeaders : BrowserSecurityHeaders.values()) {
            String headerString = response.getHeaderString(browserSecurityHeaders.getHeaderName());
            String defaultValue = browserSecurityHeaders.getDefaultValue();
            if (defaultValue.isEmpty()) {
                Assert.assertNull(headerString);
            } else {
                Assert.assertNotNull(headerString);
                Assert.assertThat(headerString, Matchers.is(Matchers.equalTo(defaultValue)));
            }
        }
        response.close();
        createResteasyClient.close();
    }

    @Test
    public void testContentSecurityPolicyReportOnlyBrowserSecurityHeader() {
        RealmRepresentation representation = this.adminClient.realm("test").toRepresentation();
        String str = (String) representation.getBrowserSecurityHeaders().get("contentSecurityPolicyReportOnly");
        representation.getBrowserSecurityHeaders().put("contentSecurityPolicyReportOnly", "default-src 'none'");
        this.adminClient.realm("test").update(representation);
        try {
            ResteasyClient createResteasyClient = AdminClientUtil.createResteasyClient();
            Response response = createResteasyClient.target(this.oauth.getLoginFormUrl()).request().get();
            Assert.assertThat(response.getHeaderString("Content-Security-Policy-Report-Only"), Matchers.is(Matchers.equalTo("default-src 'none'")));
            response.close();
            createResteasyClient.close();
            representation.getBrowserSecurityHeaders().put("contentSecurityPolicyReportOnly", str);
            this.adminClient.realm("test").update(representation);
        } catch (Throwable th) {
            representation.getBrowserSecurityHeaders().put("contentSecurityPolicyReportOnly", str);
            this.adminClient.realm("test").update(representation);
            throw th;
        }
    }

    @Test
    public void testPOSTAuthenticationRequest() {
        ResteasyClient createResteasyClient = AdminClientUtil.createResteasyClient();
        Response post = createResteasyClient.target(OIDCLoginProtocolService.authUrl(UriBuilder.fromUri(OAuthClient.AUTH_SERVER_ROOT)).build(new Object[]{this.oauth.getRealm()})).request().post(this.oauth.getLoginEntityForPOST());
        Assert.assertThat(Integer.valueOf(post.getStatus()), Matchers.is(Matchers.equalTo(200)));
        Assert.assertThat(post, org.keycloak.testsuite.util.Matchers.body(Matchers.containsString("Sign in")));
        post.close();
        createResteasyClient.close();
    }

    @Test
    @AuthServerContainerExclude(value = {AuthServerContainerExclude.AuthServer.QUARKUS, AuthServerContainerExclude.AuthServer.REMOTE}, details = "Unstable for Quarkus, review later. Remote testsuite: max-detail-length is set to zero in standalone.xml, proposed fix - KEYCLOAK-17659")
    public void loginWithLongRedirectUri() throws Exception {
        ServerResourceUpdater update = new RealmAttributeUpdater(this.adminClient.realm("test")).updateWith(realmRepresentation -> {
            realmRepresentation.setEventsEnabled(true);
        }).update();
        Throwable th = null;
        try {
            String str = this.oauth.getRedirectUri() + "?longQueryParameterValue=" + RandomStringUtils.random(2500, true, true);
            DroneUtils.getCurrentDriver().navigate().to(UriBuilder.fromUri(this.oauth.getLoginFormUrl()).replaceQueryParam("redirect_uri", new Object[]{str}).build(new Object[0]).toString());
            this.loginPage.assertCurrent();
            this.loginPage.login("login-test", "password");
            this.events.expectLogin().user(userId).detail("redirect_uri", str).assertEvent();
            if (update != null) {
                if (0 == 0) {
                    update.close();
                    return;
                }
                try {
                    update.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (update != null) {
                if (0 != 0) {
                    try {
                        update.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    update.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void loginChangeUserAfterInvalidPassword() {
        this.loginPage.open();
        this.loginPage.login("login-test2", "invalid");
        this.loginPage.assertCurrent();
        Assert.assertEquals("login-test2", this.loginPage.getUsername());
        Assert.assertEquals("", this.loginPage.getPassword());
        Assert.assertEquals("Invalid username or password.", this.loginPage.getInputError());
        this.events.expectLogin().user(user2Id).session((String) null).error("invalid_user_credentials").detail("username", "login-test2").removeDetail("consent").assertEvent();
        this.loginPage.login("login-test", "password");
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        Assert.assertNotNull(this.oauth.getCurrentQuery().get("code"));
        this.events.expectLogin().user(userId).detail("username", "login-test").assertEvent();
    }

    @Test
    public void loginInvalidPassword() {
        this.loginPage.open();
        this.loginPage.login("login-test", "invalid");
        this.loginPage.assertCurrent();
        Assert.assertEquals("login-test", this.loginPage.getUsername());
        Assert.assertEquals("", this.loginPage.getPassword());
        Assert.assertEquals("Invalid username or password.", this.loginPage.getInputError());
        this.events.expectLogin().user(userId).session((String) null).error("invalid_user_credentials").detail("username", "login-test").removeDetail("consent").assertEvent();
    }

    @Test
    public void loginMissingPassword() {
        this.loginPage.open();
        this.loginPage.missingPassword("login-test");
        this.loginPage.assertCurrent();
        Assert.assertEquals("login-test", this.loginPage.getUsername());
        Assert.assertEquals("", this.loginPage.getPassword());
        Assert.assertEquals("Invalid username or password.", this.loginPage.getInputError());
        this.events.expectLogin().user(userId).session((String) null).error("invalid_user_credentials").detail("username", "login-test").removeDetail("consent").assertEvent();
    }

    private void setUserEnabled(String str, boolean z) {
        UserRepresentation representation = this.adminClient.realm("test").users().get(str).toRepresentation();
        representation.setEnabled(Boolean.valueOf(z));
        this.adminClient.realm("test").users().get(str).update(representation);
    }

    @Test
    public void loginInvalidPasswordDisabledUser() {
        setUserEnabled(userId, false);
        try {
            this.loginPage.open();
            this.loginPage.login("login-test", "invalid");
            this.loginPage.assertCurrent();
            Assert.assertEquals("login-test", this.loginPage.getUsername());
            Assert.assertEquals("", this.loginPage.getPassword());
            Assert.assertEquals("Invalid username or password.", this.loginPage.getInputError());
            this.events.expectLogin().user(userId).session((String) null).error("invalid_user_credentials").detail("username", "login-test").removeDetail("consent").assertEvent();
        } finally {
            setUserEnabled(userId, true);
        }
    }

    @Test
    public void loginDisabledUser() {
        setUserEnabled(userId, false);
        try {
            this.loginPage.open();
            this.loginPage.login("login-test", "password");
            this.loginPage.assertCurrent();
            Assert.assertEquals("login-test", this.loginPage.getUsername());
            Assert.assertEquals("", this.loginPage.getPassword());
            Assert.assertEquals("Account is disabled, contact your administrator.", this.loginPage.getError());
            this.events.expectLogin().user(userId).session((String) null).error("user_disabled").detail("username", "login-test").removeDetail("consent").assertEvent();
        } finally {
            setUserEnabled(userId, true);
        }
    }

    @Test
    @DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
    public void loginDifferentUserAfterDisabledUserThrownOut() {
        String id = ((UserRepresentation) this.adminClient.realm("test").users().search(AssertEvents.DEFAULT_USERNAME).get(0)).getId();
        try {
            this.loginPage.open();
            this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
            this.appPage.assertCurrent();
            this.appPage.openAccount();
            this.profilePage.assertCurrent();
            setUserEnabled(id, false);
            this.profilePage.updateUsername("notPermitted");
            WaitUtils.waitForPageToLoad();
            this.loginPage.assertCurrent();
            this.loginPage.login("keycloak-user@localhost", "password");
            this.profilePage.assertCurrent();
        } finally {
            setUserEnabled(id, true);
        }
    }

    @Test
    public void loginInvalidUsername() {
        this.loginPage.open();
        this.loginPage.login("invalid", "password");
        this.loginPage.assertCurrent();
        Assert.assertEquals("invalid", this.loginPage.getUsername());
        Assert.assertEquals("", this.loginPage.getPassword());
        Assert.assertEquals("Invalid username or password.", this.loginPage.getInputError());
        this.events.expectLogin().user((String) null).session((String) null).error("user_not_found").detail("username", "invalid").removeDetail("consent").assertEvent();
        this.loginPage.login("login-test", "password");
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        Assert.assertNotNull(this.oauth.getCurrentQuery().get("code"));
        this.events.expectLogin().user(userId).detail("username", "login-test").assertEvent();
    }

    @Test
    public void loginMissingUsername() {
        this.loginPage.open();
        this.loginPage.missingUsername();
        this.loginPage.assertCurrent();
        Assert.assertEquals("Invalid username or password.", this.loginPage.getInputError());
        this.events.expectLogin().user((String) null).session((String) null).error("user_not_found").removeDetail("consent").assertEvent();
    }

    @Test
    public void loginUserWithEmailAsUsername() {
        this.loginPage.open();
        this.loginPage.login("login@test.com", "password");
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        Assert.assertNotNull(this.oauth.getCurrentQuery().get("code"));
        this.events.expectLogin().user(userId).detail("username", "login@test.com").assertEvent();
    }

    @Test
    public void loginSuccess() {
        this.loginPage.open();
        this.loginPage.login("login-test", "password");
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        Assert.assertNotNull(this.oauth.getCurrentQuery().get("code"));
        this.events.expectLogin().user(userId).detail("username", "login-test").assertEvent();
    }

    @Test
    public void loginSuccessRealmSigningAlgorithms() throws JWSInputException {
        ContainerAssume.assumeAuthServerSSL();
        this.loginPage.open();
        this.loginPage.login("login-test", "password");
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        Assert.assertNotNull(this.oauth.getCurrentQuery().get("code"));
        this.events.expectLogin().user(userId).detail("username", "login-test").assertEvent();
        this.driver.navigate().to(ServerURLs.getAuthServerContextRoot() + "/auth/realms/test/");
        Assert.assertEquals("HS256", new JWSInput(this.driver.manage().getCookieNamed("KEYCLOAK_IDENTITY").getValue()).getHeader().getAlgorithm().name());
        try {
            TokenSignatureUtil.changeRealmTokenSignatureProvider(this.adminClient, "ES256");
            this.oauth.openLoginForm();
            Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
            this.driver.navigate().to(ServerURLs.getAuthServerContextRoot() + "/auth/realms/test/");
            Assert.assertEquals("HS256", new JWSInput(this.driver.manage().getCookieNamed("KEYCLOAK_IDENTITY").getValue()).getHeader().getAlgorithm().name());
            this.oauth.openLoginForm();
            Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        } finally {
            TokenSignatureUtil.changeRealmTokenSignatureProvider(this.adminClient, "RS256");
        }
    }

    @Test
    public void loginWithWhitespaceSuccess() {
        this.loginPage.open();
        this.loginPage.login(" login-test \t ", "password");
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        Assert.assertNotNull(this.oauth.getCurrentQuery().get("code"));
        this.events.expectLogin().user(userId).detail("username", "login-test").assertEvent();
    }

    @Test
    public void loginWithEmailWhitespaceSuccess() {
        this.loginPage.open();
        this.loginPage.login("    login@test.com    ", "password");
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        Assert.assertNotNull(this.oauth.getCurrentQuery().get("code"));
        this.events.expectLogin().user(userId).assertEvent();
    }

    private void setPasswordPolicy(String str) {
        RealmRepresentation representation = this.adminClient.realm("test").toRepresentation();
        representation.setPasswordPolicy(str);
        this.adminClient.realm("test").update(representation);
    }

    @Test
    public void loginWithForcePasswordChangePolicy() {
        setPasswordPolicy("forceExpiredPasswordChange(1)");
        try {
            setTimeOffset(86405);
            this.loginPage.open();
            this.loginPage.login("login-test", "password");
            this.updatePasswordPage.assertCurrent();
            this.updatePasswordPage.changePassword("updatedPassword", "updatedPassword");
            setTimeOffset(0);
            this.events.expectRequiredAction(EventType.UPDATE_PASSWORD).user(userId).detail("username", "login-test").assertEvent();
            String currentUrl = this.driver.getCurrentUrl();
            this.driver.getPageSource();
            Assert.assertEquals("bad expectation, on page: " + currentUrl, AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
            this.events.expectLogin().user(userId).detail("username", "login-test").assertEvent();
        } finally {
            setPasswordPolicy(null);
            ApiUtil.resetUserPassword(this.adminClient.realm("test").users().get(userId), "password", false);
        }
    }

    @Test
    public void loginWithoutForcePasswordChangePolicy() {
        setPasswordPolicy("forceExpiredPasswordChange(1)");
        try {
            setTimeOffset(86205);
            this.loginPage.open();
            this.loginPage.login("login-test", "password");
            Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
            Assert.assertNotNull(this.oauth.getCurrentQuery().get("code"));
            setTimeOffset(0);
            this.events.expectLogin().user(userId).detail("username", "login-test").assertEvent();
        } finally {
            setPasswordPolicy(null);
        }
    }

    @Test
    public void loginNoTimeoutWithLongWait() {
        this.loginPage.open();
        setTimeOffset(1700);
        this.loginPage.login("login-test", "password");
        setTimeOffset(0);
        this.events.expectLogin().user(userId).detail("username", "login-test").assertEvent().getSessionId();
    }

    @Test
    public void loginLoginHint() {
        this.driver.navigate().to(this.oauth.getLoginFormUrl() + "&login_hint=login-test");
        Assert.assertEquals("login-test", this.loginPage.getUsername());
        this.loginPage.login("password");
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        Assert.assertNotNull(this.oauth.getCurrentQuery().get("code"));
        this.events.expectLogin().user(userId).detail("username", "login-test").assertEvent();
    }

    @Test
    public void loginWithEmailSuccess() {
        this.loginPage.open();
        this.loginPage.login("login@test.com", "password");
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        Assert.assertNotNull(this.oauth.getCurrentQuery().get("code"));
        this.events.expectLogin().user(userId).assertEvent();
    }

    private void setRememberMe(boolean z) {
        setRememberMe(z, null, null);
    }

    private void setRememberMe(boolean z, Integer num, Integer num2) {
        RealmRepresentation representation = this.adminClient.realm("test").toRepresentation();
        representation.setRememberMe(Boolean.valueOf(z));
        representation.setSsoSessionIdleTimeoutRememberMe(num);
        representation.setSsoSessionMaxLifespanRememberMe(num2);
        this.adminClient.realm("test").update(representation);
    }

    @Test
    public void loginWithRememberMe() {
        setRememberMe(true);
        try {
            this.loginPage.open();
            Assert.assertFalse(this.loginPage.isRememberMeChecked());
            this.loginPage.setRememberMe(true);
            Assert.assertTrue(this.loginPage.isRememberMeChecked());
            this.loginPage.login("login-test", "password");
            Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
            Assert.assertNotNull(this.oauth.getCurrentQuery().get("code"));
            this.testingClient.testing().removeUserSession("test", this.events.expectLogin().user(userId).detail("username", "login-test").detail("remember_me", "true").assertEvent().getSessionId());
            this.loginPage.open();
            Assert.assertTrue(this.loginPage.isRememberMeChecked());
            Assert.assertEquals("login-test", this.loginPage.getUsername());
            this.loginPage.setRememberMe(false);
        } finally {
            setRememberMe(false);
        }
    }

    @Test
    public void loginAgainWithoutRememberMe() {
        setRememberMe(true);
        try {
            this.loginPage.open();
            Assert.assertFalse(this.loginPage.isRememberMeChecked());
            this.loginPage.setRememberMe(true);
            Assert.assertTrue(this.loginPage.isRememberMeChecked());
            this.loginPage.login("login-test", "password");
            Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
            Assert.assertNotNull(this.oauth.getCurrentQuery().get("code"));
            this.testingClient.testing().removeUserSession("test", this.events.expectLogin().user(userId).detail("username", "login-test").detail("remember_me", "true").assertEvent().getSessionId());
            this.loginPage.open();
            Assert.assertTrue(this.loginPage.isRememberMeChecked());
            Assert.assertEquals("login-test", this.loginPage.getUsername());
            this.loginPage.setRememberMe(false);
            this.loginPage.login("login-test", "password");
            this.testingClient.testing().removeUserSession("test", this.events.expectLogin().user(userId).detail("username", "login-test").assertEvent().getSessionId());
            this.loginPage.open();
            Assert.assertFalse(this.loginPage.isRememberMeChecked());
            Assert.assertNotEquals("login-test", this.loginPage.getUsername());
        } finally {
            setRememberMe(false);
        }
    }

    @Test
    public void loginWithEmailUserAndRememberMe() {
        setRememberMe(true);
        try {
            this.loginPage.open();
            this.loginPage.setRememberMe(true);
            Assert.assertTrue(this.loginPage.isRememberMeChecked());
            this.loginPage.login("login@test.com", "password");
            Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
            Assert.assertNotNull(this.oauth.getCurrentQuery().get("code"));
            this.testingClient.testing().removeUserSession("test", this.events.expectLogin().user(userId).detail("username", "login@test.com").detail("remember_me", "true").assertEvent().getSessionId());
            this.loginPage.open();
            Assert.assertTrue(this.loginPage.isRememberMeChecked());
            Assert.assertEquals("login@test.com", this.loginPage.getUsername());
            this.loginPage.setRememberMe(false);
        } finally {
            setRememberMe(false);
        }
    }

    @Test
    public void loginExpiredCode() {
        this.loginPage.open();
        setTimeOffset(5000);
        this.loginPage.login("login@test.com", "password");
        this.loginPage.assertCurrent();
        Assert.assertEquals("Your login attempt timed out. Login will start from the beginning.", this.loginPage.getError());
        setTimeOffset(0);
        this.events.expectLogin().user((String) null).session((String) null).error("expired_code").clearDetails().assertEvent();
    }

    @Test
    public void loginExpiredCodeWithExplicitRemoveExpired() {
        getTestingClient().testing().setTestingInfinispanTimeService();
        try {
            this.loginPage.open();
            setTimeOffset(5000);
            this.testingClient.testing().removeExpired("test");
            this.loginPage.login("login@test.com", "password");
            this.loginPage.assertCurrent();
            Assert.assertEquals("Your login attempt timed out. Login will start from the beginning.", this.loginPage.getError());
            this.events.expectLogin().user((String) null).session((String) null).error("expired_code").clearDetails().detail("restart_after_timeout", "true").client((String) null).assertEvent();
        } finally {
            getTestingClient().testing().revertTestingInfinispanTimeService();
        }
    }

    @Test
    public void loginAfterExpiredTimeout() throws Exception {
        ServerResourceUpdater update = new RealmAttributeUpdater(this.adminClient.realm("test")).updateWith(realmRepresentation -> {
            realmRepresentation.setSsoSessionMaxLifespan(5);
        }).update();
        Throwable th = null;
        try {
            DroneUtils.addWebDriver(this.jsDriver);
            this.jsAdminConsole.setAdminRealm(testRealm().toRepresentation().getRealm());
            this.jsAdminConsole.navigateTo();
            URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.jsAdminConsole);
            this.jsLoginPage.login("admin", "admin");
            TimeUnit.SECONDS.sleep(5L);
            Retry.execute(() -> {
                this.jsLoginPage.assertCurrent();
            }, 20, 500L);
            this.jsLoginPage.login("admin", "admin");
            Assert.assertFalse(this.jsLoginPage.isCurrent());
            if (update != null) {
                if (0 == 0) {
                    update.close();
                    return;
                }
                try {
                    update.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (update != null) {
                if (0 != 0) {
                    try {
                        update.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    update.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void loginExpiredCodeAndExpiredCookies() {
        this.loginPage.open();
        this.driver.manage().deleteAllCookies();
        this.loginPage.login("login@test.com", "password");
        this.errorPage.assertCurrent();
        Assert.assertNotNull(this.errorPage.getBackToApplicationLink(), ApiUtil.findClientByClientId(this.adminClient.realm("test"), OAuthGrantTest.THIRD_PARTY_APP).toRepresentation().getBaseUrl());
    }

    @Test
    public void openLoginFormWithDifferentApplication() throws Exception {
        this.oauth.clientId(AccountFormServiceTest.ROOT_URL_CLIENT);
        this.oauth.redirectUri(OAuthClient.SERVER_ROOT + "/foo/bar/");
        this.oauth.openLoginForm();
        this.oauth.clientId(AssertEvents.DEFAULT_CLIENT_ID);
        this.oauth.redirectUri(OAuthClient.APP_ROOT + "/auth");
        this.oauth.openLoginForm();
        Assert.assertTrue(this.loginPage.isCurrent());
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        this.appPage.assertCurrent();
        this.events.expectLogin().detail("username", AssertEvents.DEFAULT_USERNAME).assertEvent();
    }

    @Test
    public void openLoginFormAfterExpiredCode() throws Exception {
        this.oauth.openLoginForm();
        setTimeOffset(5000);
        this.oauth.openLoginForm();
        this.loginPage.assertCurrent();
        Assert.assertNull("Not expected to have error on loginForm.", this.loginPage.getError());
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        this.appPage.assertCurrent();
        this.events.expectLogin().detail("username", AssertEvents.DEFAULT_USERNAME).assertEvent();
    }

    @Test
    @DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
    public void loginRememberMeExpiredIdle() throws Exception {
        ServerResourceUpdater update = new RealmAttributeUpdater(this.adminClient.realm("test")).setSsoSessionIdleTimeoutRememberMe(1).setRememberMe(true).update();
        Throwable th = null;
        try {
            this.oauth.clientId(AssertEvents.DEFAULT_CLIENT_ID);
            this.oauth.redirectUri(OAuthClient.APP_ROOT + "/auth");
            this.oauth.openLoginForm();
            Assert.assertTrue(this.loginPage.isCurrent());
            this.loginPage.setRememberMe(true);
            this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
            this.events.expectLogin().detail("username", AssertEvents.DEFAULT_USERNAME).assertEvent();
            this.appPage.assertCurrent();
            setTimeOffset(122);
            this.appPage.openAccount();
            this.loginPage.assertCurrent();
            if (update != null) {
                if (0 == 0) {
                    update.close();
                    return;
                }
                try {
                    update.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (update != null) {
                if (0 != 0) {
                    try {
                        update.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    update.close();
                }
            }
            throw th3;
        }
    }

    @Test
    @DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
    public void loginRememberMeExpiredMaxLifespan() throws Exception {
        ServerResourceUpdater update = new RealmAttributeUpdater(this.adminClient.realm("test")).setSsoSessionMaxLifespanRememberMe(1).setRememberMe(true).update();
        Throwable th = null;
        try {
            this.oauth.clientId(AssertEvents.DEFAULT_CLIENT_ID);
            this.oauth.redirectUri(OAuthClient.APP_ROOT + "/auth");
            this.oauth.openLoginForm();
            Assert.assertTrue(this.loginPage.isCurrent());
            this.loginPage.setRememberMe(true);
            this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
            this.events.expectLogin().detail("username", AssertEvents.DEFAULT_USERNAME).assertEvent();
            this.appPage.assertCurrent();
            setTimeOffset(2);
            this.appPage.openAccount();
            this.loginPage.assertCurrent();
            if (update != null) {
                if (0 == 0) {
                    update.close();
                    return;
                }
                try {
                    update.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (update != null) {
                if (0 != 0) {
                    try {
                        update.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    update.close();
                }
            }
            throw th3;
        }
    }
}
