package org.keycloak.testsuite.federation.storage;

import java.io.IOException;
import java.net.URISyntaxException;
import java.util.Collections;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Before;
import org.junit.Test;
import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.TimeBasedOTP;
import org.keycloak.representations.idm.ComponentRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.LoginConfigTotpPage;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.pages.LoginTotpPage;
import org.keycloak.testsuite.util.UserBuilder;

/* loaded from: input_file:org/keycloak/testsuite/federation/storage/UserStorageOTPTest.class */
public class UserStorageOTPTest extends AbstractTestRealmKeycloakTest {

    @Page
    protected LoginPage loginPage;

    @Page
    protected LoginTotpPage loginTotpPage;

    @Page
    protected LoginConfigTotpPage loginConfigTotpPage;

    @Page
    protected AppPage appPage;
    protected TimeBasedOTP totp = new TimeBasedOTP();

    @Override // org.keycloak.testsuite.AbstractTestRealmKeycloakTest
    public void configureTestRealm(RealmRepresentation realmRepresentation) {
    }

    @Before
    public void addProvidersBeforeTest() throws URISyntaxException, IOException {
        ComponentRepresentation componentRepresentation = new ComponentRepresentation();
        componentRepresentation.setName("dummy");
        componentRepresentation.setId("dummy");
        componentRepresentation.setProviderId("dummy");
        componentRepresentation.setProviderType(UserStorageProvider.class.getName());
        componentRepresentation.setConfig(new MultivaluedHashMap());
        componentRepresentation.getConfig().putSingle("priority", Integer.toString(0));
        componentRepresentation.getConfig().putSingle("importEnabled", Boolean.toString(false));
        UserStorageTest.addComponent(testRealm(), getCleanup(), componentRepresentation);
        getCleanup().addUserId(ApiUtil.createUserWithAdminClient(testRealm(), UserBuilder.create().username("test-user").email("test-user@something.org").build()));
    }

    @Test
    public void testCredentialsThroughRESTAPI() {
        UserResource findUserByUsernameId = ApiUtil.findUserByUsernameId(testRealm(), "test-user");
        Assert.assertEquals("dummy", findUserByUsernameId.toRepresentation().getFederationLink());
        Assert.assertNames(findUserByUsernameId.getConfiguredUserStorageCredentialTypes(), "password", "otp");
    }

    @Test
    public void testAuthentication() {
        this.loginPage.open();
        this.loginPage.login("test-user", "secret");
        this.loginTotpPage.assertCurrent();
        this.loginTotpPage.login("654321");
        this.loginTotpPage.assertCurrent();
        Assert.assertEquals("Invalid authenticator code.", this.loginTotpPage.getInputError());
        this.loginTotpPage.login("123456");
        this.appPage.assertCurrent();
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        Assert.assertNotNull(this.oauth.getCurrentQuery().get("code"));
    }

    @Test
    public void testUpdateOTP() {
        UserResource findUserByUsernameId = ApiUtil.findUserByUsernameId(testRealm(), "test-user");
        UserRepresentation representation = findUserByUsernameId.toRepresentation();
        representation.setRequiredActions(Collections.singletonList(UserModel.RequiredAction.CONFIGURE_TOTP.toString()));
        findUserByUsernameId.update(representation);
        this.loginPage.open();
        this.loginPage.login("test-user", "secret");
        this.loginTotpPage.assertCurrent();
        this.loginTotpPage.login("123456");
        this.loginConfigTotpPage.assertCurrent();
        this.loginConfigTotpPage.configure("123456");
        Assert.assertEquals("Invalid authenticator code.", this.loginConfigTotpPage.getInputCodeError());
        String totpSecret = this.loginConfigTotpPage.getTotpSecret();
        this.log.infof("Totp Secret: %s", totpSecret);
        this.loginConfigTotpPage.configure(this.totp.generateTOTP(totpSecret));
        this.appPage.assertCurrent();
        this.appPage.logout();
        this.loginPage.open();
        this.loginPage.login("test-user", "secret");
        this.loginTotpPage.assertCurrent();
        this.loginTotpPage.login("123456");
        this.appPage.assertCurrent();
        this.appPage.logout();
        this.loginPage.open();
        this.loginPage.login("test-user", "secret");
        this.loginTotpPage.assertCurrent();
        this.loginTotpPage.login(this.totp.generateTOTP(totpSecret));
        this.appPage.assertCurrent();
        this.appPage.logout();
    }

    @Test
    public void testNormalUser() {
        getCleanup().addUserId(ApiUtil.createUserWithAdminClient(testRealm(), UserBuilder.create().username("test-user2").email("test-user2@something.org").build()));
        UserResource findUserByUsernameId = ApiUtil.findUserByUsernameId(testRealm(), "test-user2");
        Assert.assertEquals("dummy", findUserByUsernameId.toRepresentation().getFederationLink());
        Assert.assertTrue(findUserByUsernameId.getConfiguredUserStorageCredentialTypes().isEmpty());
        ApiUtil.resetUserPassword(findUserByUsernameId, "pass", false);
        this.loginPage.open();
        this.loginPage.login("test-user2", "pass");
        this.appPage.assertCurrent();
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        Assert.assertNotNull(this.oauth.getCurrentQuery().get("code"));
    }
}
