package org.keycloak.testsuite.admin;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
import javax.mail.internet.MimeMessage;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.ClientErrorException;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import org.hamcrest.Matchers;
import org.jboss.arquillian.drone.api.annotation.Drone;
import org.jboss.arquillian.graphene.page.Page;
import org.jboss.arquillian.test.api.ArquillianResource;
import org.junit.After;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.TokenVerifier;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.IdentityProviderResource;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.admin.client.resource.RoleMappingResource;
import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.admin.client.resource.UsersResource;
import org.keycloak.common.Profile;
import org.keycloak.common.VerificationException;
import org.keycloak.common.util.Base64;
import org.keycloak.common.util.ObjectUtil;
import org.keycloak.credential.CredentialModel;
import org.keycloak.events.admin.OperationType;
import org.keycloak.events.admin.ResourceType;
import org.keycloak.models.UserModel;
import org.keycloak.models.credential.PasswordCredentialModel;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.idm.ClientMappingsRepresentation;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.ComponentRepresentation;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.ErrorRepresentation;
import org.keycloak.representations.idm.FederatedIdentityRepresentation;
import org.keycloak.representations.idm.GroupRepresentation;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.representations.idm.MappingsRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RequiredActionProviderRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.services.resources.RealmsResource;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
import org.keycloak.testsuite.page.LoginPasswordUpdatePage;
import org.keycloak.testsuite.pages.ErrorPage;
import org.keycloak.testsuite.pages.InfoPage;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.pages.PageUtils;
import org.keycloak.testsuite.pages.ProceedPage;
import org.keycloak.testsuite.runonserver.RunHelpers;
import org.keycloak.testsuite.updaters.Creator;
import org.keycloak.testsuite.util.AdminClientUtil;
import org.keycloak.testsuite.util.AdminEventPaths;
import org.keycloak.testsuite.util.ClientBuilder;
import org.keycloak.testsuite.util.GreenMailRule;
import org.keycloak.testsuite.util.GroupBuilder;
import org.keycloak.testsuite.util.MailUtils;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.RealmBuilder;
import org.keycloak.testsuite.util.RoleBuilder;
import org.keycloak.testsuite.util.UserBuilder;
import org.keycloak.util.JsonSerialization;
import org.openqa.selenium.By;
import org.openqa.selenium.WebDriver;

/* loaded from: input_file:org/keycloak/testsuite/admin/UserTest.class */
public class UserTest extends AbstractAdminTest {

    @Rule
    public GreenMailRule greenMail = new GreenMailRule();

    @Drone
    protected WebDriver driver;

    @Page
    protected LoginPasswordUpdatePage passwordUpdatePage;

    @ArquillianResource
    protected OAuthClient oAuthClient;

    @Page
    protected InfoPage infoPage;

    @Page
    protected ProceedPage proceedPage;

    @Page
    protected ErrorPage errorPage;

    @Page
    protected LoginPage loginPage;

    @After
    public void after() {
        this.realm.identityProviders().findAll().stream().forEach(identityProviderRepresentation -> {
            this.realm.identityProviders().get(identityProviderRepresentation.getAlias()).remove();
        });
        this.realm.groups().groups().stream().forEach(groupRepresentation -> {
            this.realm.groups().group(groupRepresentation.getId()).remove();
        });
    }

    public String createUser() {
        return createUser("user1", "user1@localhost");
    }

    public String createUser(String str, String str2) {
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setUsername(str);
        userRepresentation.setEmail(str2);
        userRepresentation.setRequiredActions(Collections.emptyList());
        userRepresentation.setEnabled(true);
        return createUser(userRepresentation);
    }

    private String createUser(UserRepresentation userRepresentation) {
        return createUser(userRepresentation, true);
    }

    private String createUser(UserRepresentation userRepresentation, boolean z) {
        Response create = this.realm.users().create(userRepresentation);
        String createdId = ApiUtil.getCreatedId(create);
        create.close();
        if (z) {
            this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.userResourcePath(createdId), userRepresentation, ResourceType.USER);
        }
        getCleanup().addUserId(createdId);
        return createdId;
    }

    private void updateUser(UserResource userResource, UserRepresentation userRepresentation) {
        userResource.update(userRepresentation);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.UPDATE, AdminEventPaths.userResourcePath(userRepresentation.getId()), userRepresentation, ResourceType.USER);
    }

    @Test
    public void verifyCreateUser() {
        createUser();
    }

    @Test
    public void createUserWithTemporaryPasswordWithAdditionalPasswordUpdateShouldRemoveUpdatePasswordRequiredAction() {
        String createUser = createUser();
        CredentialRepresentation credentialRepresentation = new CredentialRepresentation();
        credentialRepresentation.setType("password");
        credentialRepresentation.setValue("temp");
        credentialRepresentation.setTemporary(Boolean.TRUE);
        this.realm.users().get(createUser).resetPassword(credentialRepresentation);
        CredentialRepresentation credentialRepresentation2 = new CredentialRepresentation();
        credentialRepresentation2.setType("password");
        credentialRepresentation2.setValue("perm");
        credentialRepresentation2.setTemporary((Boolean) null);
        this.realm.users().get(createUser).resetPassword(credentialRepresentation2);
        Assert.assertFalse(this.realm.users().get(createUser).toRepresentation().getRequiredActions().contains(UserModel.RequiredAction.UPDATE_PASSWORD.name()));
    }

    @Test
    public void createDuplicatedUser1() {
        createUser();
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setUsername("user1");
        Response create = this.realm.users().create(userRepresentation);
        Assert.assertEquals(409L, create.getStatus());
        this.assertAdminEvents.assertEmpty();
        Assert.assertEquals("User exists with same username", ((ErrorRepresentation) create.readEntity(ErrorRepresentation.class)).getErrorMessage());
        create.close();
    }

    @Test
    public void createDuplicatedUser2() {
        createUser();
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setUsername("user2");
        userRepresentation.setEmail("user1@localhost");
        Response create = this.realm.users().create(userRepresentation);
        Assert.assertEquals(409L, create.getStatus());
        this.assertAdminEvents.assertEmpty();
        Assert.assertEquals("User exists with same email", ((ErrorRepresentation) create.readEntity(ErrorRepresentation.class)).getErrorMessage());
        create.close();
    }

    @Test
    public void createDuplicateEmailWithExistingDuplicates() {
        RealmRepresentation representation = this.realm.toRepresentation();
        representation.setDuplicateEmailsAllowed(true);
        this.realm.update(representation);
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setEmail("user1@localhost");
        userRepresentation.setUsername("user1");
        createUser(userRepresentation, false);
        userRepresentation.setUsername("user2");
        createUser(userRepresentation, false);
        representation.setDuplicateEmailsAllowed(false);
        this.realm.update(representation);
        userRepresentation.setUsername("user3");
        Response create = this.realm.users().create(userRepresentation);
        Assert.assertEquals(409L, create.getStatus());
        Assert.assertEquals("User exists with same email", ((ErrorRepresentation) create.readEntity(ErrorRepresentation.class)).getErrorMessage());
        create.close();
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void createUserWithHashedCredentials() {
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setUsername("user_creds");
        userRepresentation.setEmail("email@localhost");
        CredentialRepresentation representation = ModelToRepresentation.toRepresentation(PasswordCredentialModel.createFromValues("my-algorithm", "theSalt".getBytes(), 22, "ABC"));
        representation.setCreatedDate(1001L);
        representation.setUserLabel("deviceX");
        representation.setType("password");
        userRepresentation.setCredentials(Arrays.asList(representation));
        createUser(userRepresentation);
        CredentialModel fetchCredentials = fetchCredentials("user_creds");
        PasswordCredentialModel createFromCredentialModel = PasswordCredentialModel.createFromCredentialModel(fetchCredentials);
        Assert.assertNotNull("Expecting credential", fetchCredentials);
        Assert.assertEquals("my-algorithm", createFromCredentialModel.getPasswordCredentialData().getAlgorithm());
        Assert.assertEquals(1001L, fetchCredentials.getCreatedDate());
        Assert.assertEquals("deviceX", fetchCredentials.getUserLabel());
        Assert.assertEquals(22L, createFromCredentialModel.getPasswordCredentialData().getHashIterations());
        Assert.assertEquals("ABC", createFromCredentialModel.getPasswordSecretData().getValue());
        Assert.assertEquals("theSalt", new String(createFromCredentialModel.getPasswordSecretData().getSalt()));
        Assert.assertEquals("password", fetchCredentials.getType());
    }

    @Test
    public void createUserWithDeprecatedCredentialsFormat() throws IOException {
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setUsername("user_creds");
        userRepresentation.setEmail("email@localhost");
        PasswordCredentialModel createFromValues = PasswordCredentialModel.createFromValues("my-algorithm", "theSalt".getBytes(), 22, "ABC");
        CredentialRepresentation credentialRepresentation = (CredentialRepresentation) JsonSerialization.readValue("{\n      \"type\" : \"password\",\n      \"hashedSaltedValue\" : \"" + createFromValues.getPasswordSecretData().getValue() + "\",\n      \"salt\" : \"" + Base64.encodeBytes(createFromValues.getPasswordSecretData().getSalt()) + "\",\n      \"hashIterations\" : " + createFromValues.getPasswordCredentialData().getHashIterations() + ",\n      \"algorithm\" : \"" + createFromValues.getPasswordCredentialData().getAlgorithm() + "\"\n    }", CredentialRepresentation.class);
        Assert.assertNotNull(credentialRepresentation.getHashedSaltedValue());
        Assert.assertNull(credentialRepresentation.getCredentialData());
        credentialRepresentation.setCreatedDate(1001L);
        credentialRepresentation.setUserLabel("deviceX");
        credentialRepresentation.setType("password");
        userRepresentation.setCredentials(Arrays.asList(credentialRepresentation));
        createUser(userRepresentation, false);
        CredentialModel fetchCredentials = fetchCredentials("user_creds");
        PasswordCredentialModel createFromCredentialModel = PasswordCredentialModel.createFromCredentialModel(fetchCredentials);
        Assert.assertNotNull("Expecting credential", fetchCredentials);
        Assert.assertEquals("my-algorithm", createFromCredentialModel.getPasswordCredentialData().getAlgorithm());
        Assert.assertEquals(1001L, fetchCredentials.getCreatedDate());
        Assert.assertEquals("deviceX", fetchCredentials.getUserLabel());
        Assert.assertEquals(22L, createFromCredentialModel.getPasswordCredentialData().getHashIterations());
        Assert.assertEquals("ABC", createFromCredentialModel.getPasswordSecretData().getValue());
        Assert.assertEquals("theSalt", new String(createFromCredentialModel.getPasswordSecretData().getSalt()));
        Assert.assertEquals("password", fetchCredentials.getType());
    }

    @Test
    @DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
    public void updateUserWithHashedCredentials() {
        String createUser = createUser("user_hashed_creds", "user_hashed_creds@localhost");
        PasswordCredentialModel createFromValues = PasswordCredentialModel.createFromValues("pbkdf2-sha256", new byte[]{-69, 85, 87, 99, 26, -107, 125, 99, -77, 30, -111, 118, 108, 100, -117, -56}, 27500, "uskEPZWMr83pl2mzNB95SFXfIabe2UH9ClENVx/rrQqOjFEjL2aAOGpWsFNNF3qoll7Qht2mY5KxIDm3Rnve2w==");
        createFromValues.setCreatedDate(1001L);
        CredentialRepresentation representation = ModelToRepresentation.toRepresentation(createFromValues);
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setCredentials(Collections.singletonList(representation));
        this.realm.users().get(createUser).update(userRepresentation);
        this.driver.navigate().to(RealmsResource.accountUrl(UriBuilder.fromUri(getAuthServerRoot())).build(new Object[]{"admin-client-test"}).toString());
        Assert.assertEquals("Sign in to your account", PageUtils.getPageTitle(this.driver));
        this.loginPage.login("user_hashed_creds", "admin");
        Assert.assertTrue(this.driver.getTitle().contains("Account Management"));
    }

    @Test
    public void createUserWithTempolaryCredentials() {
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setUsername("user_temppw");
        userRepresentation.setEmail("email.temppw@localhost");
        CredentialRepresentation credentialRepresentation = new CredentialRepresentation();
        credentialRepresentation.setValue("password");
        credentialRepresentation.setType("password");
        credentialRepresentation.setTemporary(true);
        userRepresentation.setCredentials(Arrays.asList(credentialRepresentation));
        UserRepresentation representation = this.realm.users().get(createUser(userRepresentation)).toRepresentation();
        Assert.assertEquals(1L, representation.getRequiredActions().size());
        Assert.assertEquals(UserModel.RequiredAction.UPDATE_PASSWORD.toString(), representation.getRequiredActions().get(0));
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void createUserWithRawCredentials() {
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setUsername("user_rawpw");
        userRepresentation.setEmail("email.raw@localhost");
        CredentialRepresentation credentialRepresentation = new CredentialRepresentation();
        credentialRepresentation.setValue("ABCD");
        credentialRepresentation.setType("password");
        userRepresentation.setCredentials(Arrays.asList(credentialRepresentation));
        createUser(userRepresentation);
        CredentialModel fetchCredentials = fetchCredentials("user_rawpw");
        Assert.assertNotNull("Expecting credential", fetchCredentials);
        PasswordCredentialModel createFromCredentialModel = PasswordCredentialModel.createFromCredentialModel(fetchCredentials);
        Assert.assertEquals("pbkdf2-sha256", createFromCredentialModel.getPasswordCredentialData().getAlgorithm());
        Assert.assertEquals(27500L, createFromCredentialModel.getPasswordCredentialData().getHashIterations());
        Assert.assertNotEquals("ABCD", createFromCredentialModel.getPasswordSecretData().getValue());
        Assert.assertEquals("password", fetchCredentials.getType());
    }

    private CredentialModel fetchCredentials(String str) {
        return (CredentialModel) getTestingClient().server("admin-client-test").fetch(RunHelpers.fetchCredentials(str));
    }

    @Test
    public void createDuplicatedUser3() {
        createUser();
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setUsername("User1");
        Response create = this.realm.users().create(userRepresentation);
        Assert.assertEquals(409L, create.getStatus());
        create.close();
    }

    @Test
    public void createDuplicatedUser4() {
        createUser();
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setUsername("USER1");
        Response create = this.realm.users().create(userRepresentation);
        Assert.assertEquals(409L, create.getStatus());
        create.close();
    }

    @Test
    public void createDuplicatedUser5() {
        createUser();
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setUsername("user2");
        userRepresentation.setEmail("User1@localhost");
        Response create = this.realm.users().create(userRepresentation);
        Assert.assertEquals(409L, create.getStatus());
        create.close();
    }

    @Test
    public void createDuplicatedUser6() {
        createUser();
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setUsername("user2");
        userRepresentation.setEmail("user1@LOCALHOST");
        Response create = this.realm.users().create(userRepresentation);
        Assert.assertEquals(409L, create.getStatus());
        create.close();
    }

    @Test
    public void createDuplicatedUser7() {
        createUser("user1", "USer1@Localhost");
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setUsername("user2");
        userRepresentation.setEmail("user1@localhost");
        Response create = this.realm.users().create(userRepresentation);
        Assert.assertEquals(409L, create.getStatus());
        create.close();
        this.assertAdminEvents.assertEmpty();
    }

    @Test
    public void createTwoUsersWithEmptyStringEmails() {
        createUser("user1", "");
        createUser("user2", "");
    }

    @Test
    public void createUserWithFederationLink() {
        ComponentRepresentation componentRepresentation = new ComponentRepresentation();
        componentRepresentation.setId("dummy");
        componentRepresentation.setName("dummy");
        componentRepresentation.setProviderId("dummy");
        componentRepresentation.setProviderType(UserStorageProvider.class.getName());
        this.adminClient.realms().realm("admin-client-test").components().add(componentRepresentation);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.componentPath("dummy"), componentRepresentation, ResourceType.COMPONENT);
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setUsername("user1");
        userRepresentation.setEmail("user1@localhost");
        userRepresentation.setFederationLink("dummy");
        UserRepresentation representation = this.realm.users().get(createUser(userRepresentation)).toRepresentation();
        Assert.assertNotNull(representation);
        Assert.assertEquals(userRepresentation.getFederationLink(), representation.getFederationLink());
    }

    @Test
    public void createUserWithoutUsername() {
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setEmail("user1@localhost");
        Response create = this.realm.users().create(userRepresentation);
        Assert.assertEquals(400L, create.getStatus());
        Assert.assertEquals("User name is missing", ((ErrorRepresentation) create.readEntity(ErrorRepresentation.class)).getErrorMessage());
        create.close();
    }

    @Test
    public void createUserWithEmailAsUsername() {
        switchRegistrationEmailAsUsername(true);
        Assert.assertEquals("user1@localhost", this.realm.users().get(createUser()).toRepresentation().getUsername());
        switchRegistrationEmailAsUsername(false);
    }

    @Test
    public void createUserWithEmptyUsername() {
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setUsername("");
        userRepresentation.setEmail("user2@localhost");
        Response create = this.realm.users().create(userRepresentation);
        Assert.assertEquals(400L, create.getStatus());
        Assert.assertEquals("User name is missing", ((ErrorRepresentation) create.readEntity(ErrorRepresentation.class)).getErrorMessage());
        create.close();
    }

    @Test
    public void createUserWithInvalidPolicyPassword() {
        RealmRepresentation representation = this.realm.toRepresentation();
        String passwordPolicy = representation.getPasswordPolicy();
        representation.setPasswordPolicy("length(8)");
        this.realm.update(representation);
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setUsername("user4");
        userRepresentation.setEmail("user4@localhost");
        CredentialRepresentation credentialRepresentation = new CredentialRepresentation();
        credentialRepresentation.setValue("ABCD");
        credentialRepresentation.setType("password");
        userRepresentation.setCredentials(Arrays.asList(credentialRepresentation));
        Response create = this.realm.users().create(userRepresentation);
        Assert.assertEquals(400L, create.getStatus());
        Assert.assertEquals("Password policy not met", ((ErrorRepresentation) create.readEntity(ErrorRepresentation.class)).getErrorMessage());
        representation.setPasswordPolicy(passwordPolicy);
        this.realm.update(representation);
        create.close();
    }

    private List<String> createUsers() {
        ArrayList arrayList = new ArrayList();
        for (int i = 1; i < 10; i++) {
            UserRepresentation userRepresentation = new UserRepresentation();
            userRepresentation.setUsername("username" + i);
            userRepresentation.setEmail("user" + i + "@localhost");
            userRepresentation.setFirstName("First" + i);
            userRepresentation.setLastName("Last" + i);
            arrayList.add(createUser(userRepresentation));
        }
        return arrayList;
    }

    @Test
    public void searchByEmail() {
        createUsers();
        Assert.assertEquals(1L, this.realm.users().search((String) null, (String) null, (String) null, "user1@localhost", (Integer) null, (Integer) null).size());
        Assert.assertEquals(9L, this.realm.users().search((String) null, (String) null, (String) null, "@localhost", (Integer) null, (Integer) null).size());
    }

    @Test
    public void searchByUsername() {
        createUsers();
        Assert.assertEquals(1L, this.realm.users().search("username1", (String) null, (String) null, (String) null, (Integer) null, (Integer) null).size());
        Assert.assertEquals(9L, this.realm.users().search("user", (String) null, (String) null, (String) null, (Integer) null, (Integer) null).size());
    }

    @Test
    public void searchByUsernameExactMatch() {
        createUsers();
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setUsername("username11");
        createUser(userRepresentation);
        Assert.assertEquals(1L, this.realm.users().search("username1", true).size());
        Assert.assertEquals(0L, this.realm.users().search("user", true).size());
    }

    @Test
    public void searchByFirstNameNullForLastName() {
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setUsername("user1");
        userRepresentation.setFirstName("Erik");
        userRepresentation.setRequiredActions(Collections.emptyList());
        userRepresentation.setEnabled(true);
        createUser(userRepresentation);
        Assert.assertEquals(1L, this.realm.users().search("Erik", 0, 50).size());
    }

    @Test
    public void searchByLastNameNullForFirstName() {
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setUsername("user1");
        userRepresentation.setLastName("de Wit");
        userRepresentation.setRequiredActions(Collections.emptyList());
        userRepresentation.setEnabled(true);
        createUser(userRepresentation);
        Assert.assertEquals(1L, this.realm.users().search("wit", (Integer) null, (Integer) null).size());
    }

    @Test
    public void searchByEnabled() {
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setUsername("enabled-disabled-user1");
        userRepresentation.setRequiredActions(Collections.emptyList());
        userRepresentation.setEnabled(true);
        createUser(userRepresentation);
        UserRepresentation userRepresentation2 = new UserRepresentation();
        userRepresentation2.setUsername("enabled-disabled-user2");
        userRepresentation2.setRequiredActions(Collections.emptyList());
        userRepresentation2.setEnabled(false);
        createUser(userRepresentation2);
        Assert.assertEquals(1L, this.realm.users().search((String) null, (String) null, (String) null, (String) null, (Integer) null, (Integer) null, true, false).size());
        List search = this.realm.users().search("enabled-disabled-user", (String) null, (String) null, (String) null, (Integer) null, (Integer) null, true, true);
        Assert.assertEquals(1L, search.size());
        Assert.assertEquals(userRepresentation.getUsername(), ((UserRepresentation) search.get(0)).getUsername());
        List search2 = this.realm.users().search("enabled-disabled-user", (String) null, (String) null, (String) null, (Integer) null, (Integer) null, false, false);
        Assert.assertEquals(1L, search2.size());
        Assert.assertEquals(userRepresentation2.getUsername(), ((UserRepresentation) search2.get(0)).getUsername());
        Assert.assertEquals(2L, this.realm.users().search("enabled-disabled-user", (String) null, (String) null, (String) null, 0, 100, (Boolean) null, true).size());
    }

    @Test
    public void searchWithFilters() {
        createUser();
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setUsername("user2");
        userRepresentation.setFirstName("First");
        userRepresentation.setLastName("Last");
        userRepresentation.setEmail("user2@localhost");
        userRepresentation.setRequiredActions(Collections.emptyList());
        userRepresentation.setEnabled(false);
        createUser(userRepresentation);
        List search = this.realm.users().search((String) null, "First", (String) null, (String) null, (Integer) null, (Integer) null, false, true);
        Assert.assertEquals(1L, search.size());
        Assert.assertEquals(userRepresentation.getUsername(), ((UserRepresentation) search.get(0)).getUsername());
        Assert.assertEquals(0L, this.realm.users().search((String) null, (String) null, "Last", (String) null, (Integer) null, (Integer) null, true, false).size());
        List search2 = this.realm.users().search((String) null, (String) null, (String) null, "user2@localhost", 0, 50, false, true);
        Assert.assertEquals(1L, search2.size());
        Assert.assertEquals(userRepresentation.getUsername(), ((UserRepresentation) search2.get(0)).getUsername());
        Assert.assertEquals(0L, this.realm.users().search((String) null, (String) null, (String) null, (String) null, 10, 20, (Boolean) null, false).size());
    }

    @Test
    public void searchByIdp() {
        createUser();
        addSampleIdentityProvider("identity-provider-alias1", 0);
        addSampleIdentityProvider("identity-provider-alias2", 1);
        String createUser = createUser("idp1user1", "idp1user1@localhost");
        FederatedIdentityRepresentation federatedIdentityRepresentation = new FederatedIdentityRepresentation();
        federatedIdentityRepresentation.setUserId("idp1user1Id");
        federatedIdentityRepresentation.setUserName("idp1user1");
        addFederatedIdentity(createUser, "identity-provider-alias1", federatedIdentityRepresentation);
        String createUser2 = createUser("idp1user2", "idp1user2@localhost");
        FederatedIdentityRepresentation federatedIdentityRepresentation2 = new FederatedIdentityRepresentation();
        federatedIdentityRepresentation2.setUserId("commonIdpUserId");
        federatedIdentityRepresentation2.setUserName("idp1user2");
        addFederatedIdentity(createUser2, "identity-provider-alias1", federatedIdentityRepresentation2);
        String createUser3 = createUser("idp2user", "idp2user@localhost");
        FederatedIdentityRepresentation federatedIdentityRepresentation3 = new FederatedIdentityRepresentation();
        federatedIdentityRepresentation3.setUserId("commonIdpUserId");
        federatedIdentityRepresentation3.setUserName("idp2user");
        addFederatedIdentity(createUser3, "identity-provider-alias2", federatedIdentityRepresentation3);
        Assert.assertEquals(4L, this.realm.users().search((String) null, (String) null, (String) null, (String) null, (Boolean) null, (String) null, (String) null, (Integer) null, (Integer) null, (Boolean) null, (Boolean) null).size());
        List search = this.realm.users().search((String) null, (String) null, (String) null, (String) null, (Boolean) null, "identity-provider-alias1", (String) null, (Integer) null, (Integer) null, (Boolean) null, (Boolean) null);
        Assert.assertEquals(2L, search.size());
        Assert.assertEquals("idp1user1", ((UserRepresentation) search.get(0)).getUsername());
        Assert.assertEquals("idp1user2", ((UserRepresentation) search.get(1)).getUsername());
        List search2 = this.realm.users().search((String) null, (String) null, (String) null, (String) null, (Boolean) null, (String) null, "commonIdpUserId", (Integer) null, (Integer) null, (Boolean) null, (Boolean) null);
        Assert.assertEquals(2L, search2.size());
        Assert.assertEquals("idp1user2", ((UserRepresentation) search2.get(0)).getUsername());
        Assert.assertEquals("idp2user", ((UserRepresentation) search2.get(1)).getUsername());
        List search3 = this.realm.users().search((String) null, (String) null, (String) null, (String) null, (Boolean) null, "identity-provider-alias1", "idp1user1Id", (Integer) null, (Integer) null, (Boolean) null, (Boolean) null);
        Assert.assertEquals(1L, search3.size());
        Assert.assertEquals("idp1user1", ((UserRepresentation) search3.get(0)).getUsername());
    }

    private void addFederatedIdentity(String str, String str2, FederatedIdentityRepresentation federatedIdentityRepresentation) {
        Response addFederatedIdentity = this.realm.users().get(str).addFederatedIdentity(str2, federatedIdentityRepresentation);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.userFederatedIdentityLink(str, str2), federatedIdentityRepresentation, ResourceType.USER);
        Assert.assertEquals(204L, addFederatedIdentity.getStatus());
    }

    @Test
    public void searchByIdpAndEnabled() {
        addSampleIdentityProvider("identity-provider-alias", 0);
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setUsername("disabled_username");
        userRepresentation.setEmail("disabled@localhost");
        userRepresentation.setEnabled(false);
        String createUser = createUser(userRepresentation);
        FederatedIdentityRepresentation federatedIdentityRepresentation = new FederatedIdentityRepresentation();
        federatedIdentityRepresentation.setUserId("disabledUserId");
        federatedIdentityRepresentation.setUserName("disabled_username");
        addFederatedIdentity(createUser, "identity-provider-alias", federatedIdentityRepresentation);
        UserRepresentation userRepresentation2 = new UserRepresentation();
        userRepresentation2.setUsername("enabled_username");
        userRepresentation2.setEmail("enabled@localhost");
        userRepresentation2.setEnabled(true);
        String createUser2 = createUser(userRepresentation2);
        FederatedIdentityRepresentation federatedIdentityRepresentation2 = new FederatedIdentityRepresentation();
        federatedIdentityRepresentation2.setUserId("enabledUserId");
        federatedIdentityRepresentation2.setUserName("enabled_username");
        addFederatedIdentity(createUser2, "identity-provider-alias", federatedIdentityRepresentation2);
        List search = this.realm.users().search((String) null, (String) null, (String) null, (String) null, (Boolean) null, "identity-provider-alias", (String) null, (Integer) null, (Integer) null, true, (Boolean) null);
        Assert.assertEquals(1L, search.size());
        Assert.assertEquals("enabled_username", ((UserRepresentation) search.get(0)).getUsername());
        List search2 = this.realm.users().search((String) null, (String) null, (String) null, (String) null, (Boolean) null, "identity-provider-alias", (String) null, (Integer) null, (Integer) null, false, (Boolean) null);
        Assert.assertEquals(1L, search2.size());
        Assert.assertEquals("disabled_username", ((UserRepresentation) search2.get(0)).getUsername());
        List search3 = this.realm.users().search((String) null, (String) null, (String) null, (String) null, (Boolean) null, "identity-provider-alias", (String) null, (Integer) null, (Integer) null, (Boolean) null, (Boolean) null);
        Assert.assertEquals(2L, search3.size());
        Assert.assertEquals("disabled_username", ((UserRepresentation) search3.get(0)).getUsername());
        Assert.assertEquals("enabled_username", ((UserRepresentation) search3.get(1)).getUsername());
    }

    @Test
    public void searchById() {
        String str = createUsers().get(0);
        List search = this.realm.users().search("id:" + str, (Integer) null, (Integer) null);
        Assert.assertEquals(1L, search.size());
        Assert.assertEquals(str, ((UserRepresentation) search.get(0)).getId());
        List search2 = this.realm.users().search("id:   " + str + "     ", (Integer) null, (Integer) null);
        Assert.assertEquals(1L, search2.size());
        Assert.assertEquals(str, ((UserRepresentation) search2.get(0)).getId());
    }

    @Test
    public void search() {
        createUsers();
        Assert.assertEquals(1L, this.realm.users().search("username1", (Integer) null, (Integer) null).size());
        Assert.assertEquals(1L, this.realm.users().search("first1", (Integer) null, (Integer) null).size());
        Assert.assertEquals(9L, this.realm.users().search("last", (Integer) null, (Integer) null).size());
    }

    @Test
    public void count() {
        createUsers();
        Assert.assertEquals(9L, this.realm.users().count().intValue());
    }

    @Test
    public void countUsersNotServiceAccount() {
        createUsers();
        Assert.assertEquals(9L, this.realm.users().count().intValue());
        ClientRepresentation clientRepresentation = new ClientRepresentation();
        clientRepresentation.setClientId("test-client");
        clientRepresentation.setPublicClient(false);
        clientRepresentation.setSecret("secret");
        clientRepresentation.setServiceAccountsEnabled(true);
        clientRepresentation.setEnabled(true);
        clientRepresentation.setRedirectUris(Arrays.asList("http://url"));
        getAdminClient().realm("admin-client-test").clients().create(clientRepresentation);
        Assert.assertEquals(9L, this.realm.users().count().intValue());
    }

    @Test
    public void delete() {
        String createUser = createUser();
        Response delete = this.realm.users().delete(createUser);
        Assert.assertEquals(204L, delete.getStatus());
        delete.close();
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.DELETE, AdminEventPaths.userResourcePath(createUser), ResourceType.USER);
    }

    @Test
    public void deleteNonExistent() {
        Response delete = this.realm.users().delete("does-not-exist");
        Assert.assertEquals(404L, delete.getStatus());
        delete.close();
        this.assertAdminEvents.assertEmpty();
    }

    @Test
    public void searchPaginated() {
        createUsers();
        List search = this.realm.users().search("username", 0, 1);
        Assert.assertEquals(1L, search.size());
        Assert.assertEquals("username1", ((UserRepresentation) search.get(0)).getUsername());
        List search2 = this.realm.users().search("username", 5, 2);
        Assert.assertEquals(2L, search2.size());
        Assert.assertEquals("username6", ((UserRepresentation) search2.get(0)).getUsername());
        Assert.assertEquals("username7", ((UserRepresentation) search2.get(1)).getUsername());
        List search3 = this.realm.users().search("username", 7, 20);
        Assert.assertEquals(2L, search3.size());
        Assert.assertEquals("username8", ((UserRepresentation) search3.get(0)).getUsername());
        Assert.assertEquals("username9", ((UserRepresentation) search3.get(1)).getUsername());
        Assert.assertEquals(9L, this.realm.users().search("username", 0, 20).size());
    }

    @Test
    public void getFederatedIdentities() {
        addSampleIdentityProvider();
        String createUser = createUser();
        Assert.assertEquals(0L, this.realm.users().get(createUser).getFederatedIdentity().size());
        FederatedIdentityRepresentation federatedIdentityRepresentation = new FederatedIdentityRepresentation();
        federatedIdentityRepresentation.setUserId("social-user-id");
        federatedIdentityRepresentation.setUserName("social-username");
        addFederatedIdentity(createUser, "social-provider-id", federatedIdentityRepresentation);
        UserResource userResource = this.realm.users().get(createUser);
        List federatedIdentity = userResource.getFederatedIdentity();
        Assert.assertEquals(1L, federatedIdentity.size());
        FederatedIdentityRepresentation federatedIdentityRepresentation2 = (FederatedIdentityRepresentation) federatedIdentity.get(0);
        Assert.assertEquals("social-provider-id", federatedIdentityRepresentation2.getIdentityProvider());
        Assert.assertEquals("social-user-id", federatedIdentityRepresentation2.getUserId());
        Assert.assertEquals("social-username", federatedIdentityRepresentation2.getUserName());
        userResource.removeFederatedIdentity("social-provider-id");
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.DELETE, AdminEventPaths.userFederatedIdentityLink(createUser, "social-provider-id"), ResourceType.USER);
        Assert.assertEquals(0L, userResource.getFederatedIdentity().size());
        removeSampleIdentityProvider();
    }

    private void addSampleIdentityProvider() {
        addSampleIdentityProvider("social-provider-id", 0);
    }

    private void addSampleIdentityProvider(String str, int i) {
        Assert.assertEquals(i, this.realm.identityProviders().findAll().size());
        IdentityProviderRepresentation identityProviderRepresentation = new IdentityProviderRepresentation();
        identityProviderRepresentation.setAlias(str);
        identityProviderRepresentation.setProviderId("oidc");
        this.realm.identityProviders().create(identityProviderRepresentation);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.identityProviderPath(identityProviderRepresentation.getAlias()), identityProviderRepresentation, ResourceType.IDENTITY_PROVIDER);
    }

    private void removeSampleIdentityProvider() {
        IdentityProviderResource identityProviderResource = this.realm.identityProviders().get("social-provider-id");
        Assert.assertNotNull(identityProviderResource);
        identityProviderResource.remove();
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.DELETE, AdminEventPaths.identityProviderPath("social-provider-id"), ResourceType.IDENTITY_PROVIDER);
    }

    @Test
    public void addRequiredAction() {
        UserResource userResource = this.realm.users().get(createUser());
        Assert.assertTrue(userResource.toRepresentation().getRequiredActions().isEmpty());
        UserRepresentation representation = userResource.toRepresentation();
        representation.getRequiredActions().add("UPDATE_PASSWORD");
        updateUser(userResource, representation);
        Assert.assertEquals(1L, userResource.toRepresentation().getRequiredActions().size());
        Assert.assertEquals("UPDATE_PASSWORD", userResource.toRepresentation().getRequiredActions().get(0));
    }

    @Test
    public void removeRequiredAction() {
        String createUser = createUser();
        UserResource userResource = this.realm.users().get(createUser);
        Assert.assertTrue(userResource.toRepresentation().getRequiredActions().isEmpty());
        UserRepresentation representation = userResource.toRepresentation();
        representation.getRequiredActions().add("UPDATE_PASSWORD");
        updateUser(userResource, representation);
        UserResource userResource2 = this.realm.users().get(createUser);
        UserRepresentation representation2 = userResource2.toRepresentation();
        representation2.getRequiredActions().clear();
        updateUser(userResource2, representation2);
        Assert.assertTrue(userResource2.toRepresentation().getRequiredActions().isEmpty());
    }

    @Test
    public void attributes() {
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setUsername("user1");
        userRepresentation.singleAttribute("attr1", "value1user1");
        userRepresentation.singleAttribute("attr2", "value2user1");
        String createUser = createUser(userRepresentation);
        UserRepresentation userRepresentation2 = new UserRepresentation();
        userRepresentation2.setUsername("user2");
        userRepresentation2.singleAttribute("attr1", "value1user2");
        ArrayList arrayList = new ArrayList();
        arrayList.add("value2user2");
        arrayList.add("value2user2_2");
        userRepresentation2.getAttributes().put("attr2", arrayList);
        String createUser2 = createUser(userRepresentation2);
        UserRepresentation representation = this.realm.users().get(createUser).toRepresentation();
        Assert.assertEquals(2L, representation.getAttributes().size());
        assertAttributeValue("value1user1", (List) representation.getAttributes().get("attr1"));
        assertAttributeValue("value2user1", (List) representation.getAttributes().get("attr2"));
        UserRepresentation representation2 = this.realm.users().get(createUser2).toRepresentation();
        Assert.assertEquals(2L, representation2.getAttributes().size());
        assertAttributeValue("value1user2", (List) representation2.getAttributes().get("attr1"));
        List list = (List) representation2.getAttributes().get("attr2");
        Assert.assertEquals(2L, list.size());
        Assert.assertTrue(list.contains("value2user2") && list.contains("value2user2_2"));
        representation.singleAttribute("attr1", "value3user1");
        representation.singleAttribute("attr3", "value4user1");
        updateUser(this.realm.users().get(createUser), representation);
        UserRepresentation representation3 = this.realm.users().get(createUser).toRepresentation();
        Assert.assertEquals(3L, representation3.getAttributes().size());
        assertAttributeValue("value3user1", (List) representation3.getAttributes().get("attr1"));
        assertAttributeValue("value2user1", (List) representation3.getAttributes().get("attr2"));
        assertAttributeValue("value4user1", (List) representation3.getAttributes().get("attr3"));
        representation3.getAttributes().remove("attr1");
        updateUser(this.realm.users().get(createUser), representation3);
        UserRepresentation representation4 = this.realm.users().get(createUser).toRepresentation();
        Assert.assertEquals(2L, representation4.getAttributes().size());
        assertAttributeValue("value2user1", (List) representation4.getAttributes().get("attr2"));
        assertAttributeValue("value4user1", (List) representation4.getAttributes().get("attr3"));
        representation4.setAttributes((Map) null);
        updateUser(this.realm.users().get(createUser), representation4);
        UserRepresentation representation5 = this.realm.users().get(createUser).toRepresentation();
        Assert.assertNotNull(representation5.getAttributes());
        Assert.assertEquals(2L, representation5.getAttributes().size());
        representation5.setAttributes(Collections.emptyMap());
        updateUser(this.realm.users().get(createUser), representation5);
        Assert.assertNull(this.realm.users().get(createUser).toRepresentation().getAttributes());
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE, AuthServerContainerExclude.AuthServer.QUARKUS})
    public void updateUserWithReadOnlyAttributes() {
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setUsername("user1");
        userRepresentation.singleAttribute("usercertificate", "foo1");
        String createUser = createUser(userRepresentation);
        UserRepresentation representation = this.realm.users().get(createUser).toRepresentation();
        try {
            representation.singleAttribute("usercertificate", "foo");
            representation.singleAttribute("saml.persistent.name.id.for.foo", "bar");
            representation.singleAttribute("LDAP_ID", "baz");
            updateUser(this.realm.users().get(createUser), representation);
            Assert.fail("Not supposed to successfully update user");
        } catch (BadRequestException e) {
        }
        try {
            representation.getAttributes().remove("LDAP_ID");
            representation.singleAttribute("LDap_Id", "baz");
            updateUser(this.realm.users().get(createUser), representation);
            Assert.fail("Not supposed to successfully update user");
        } catch (BadRequestException e2) {
        }
        try {
            representation.getAttributes().remove("LDap_Id");
            representation.singleAttribute("deniedSomeAdmin", "baz");
            updateUser(this.realm.users().get(createUser), representation);
            Assert.fail("Not supposed to successfully update user");
        } catch (BadRequestException e3) {
        }
        representation.getAttributes().remove("deniedSomeAdmin");
        updateUser(this.realm.users().get(createUser), representation);
        UserRepresentation representation2 = this.realm.users().get(createUser).toRepresentation();
        Assert.assertEquals("foo", ((List) representation2.getAttributes().get("usercertificate")).get(0));
        Assert.assertEquals("bar", ((List) representation2.getAttributes().get("saml.persistent.name.id.for.foo")).get(0));
        Assert.assertFalse(representation2.getAttributes().containsKey("LDAP_ID"));
    }

    @Test
    public void testImportUserWithNullAttribute() {
        Creator create = Creator.create(this.adminClient, (RealmRepresentation) loadJson(getClass().getResourceAsStream("/import/testrealm-user-null-attr.json"), RealmRepresentation.class));
        Throwable th = null;
        try {
            try {
                List list = ((RealmResource) create.resource()).users().list();
                Assert.assertThat(list, Matchers.hasSize(1));
                Assert.assertThat(Integer.valueOf(((UserRepresentation) list.get(0)).getAttributes().size()), Matchers.equalTo(2));
                if (create != null) {
                    if (0 == 0) {
                        create.close();
                        return;
                    }
                    try {
                        create.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (create != null) {
                if (th != null) {
                    try {
                        create.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    create.close();
                }
            }
            throw th4;
        }
    }

    private void assertAttributeValue(String str, List<String> list) {
        Assert.assertEquals(1L, list.size());
        Assert.assertEquals(str, list.get(0));
    }

    @Test
    public void sendResetPasswordEmail() {
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setUsername("user1");
        UserResource userResource = this.realm.users().get(createUser(userRepresentation));
        LinkedList linkedList = new LinkedList();
        try {
            userResource.executeActionsEmail(linkedList);
            Assert.fail("Expected failure");
        } catch (ClientErrorException e) {
            Assert.assertEquals(400L, e.getResponse().getStatus());
            Assert.assertEquals("User email missing", ((ErrorRepresentation) e.getResponse().readEntity(ErrorRepresentation.class)).getErrorMessage());
        }
        try {
            userRepresentation = userResource.toRepresentation();
            userRepresentation.setEmail("user1@localhost");
            userRepresentation.setEnabled(false);
            updateUser(userResource, userRepresentation);
            userResource.executeActionsEmail(linkedList);
            Assert.fail("Expected failure");
        } catch (ClientErrorException e2) {
            Assert.assertEquals(400L, e2.getResponse().getStatus());
            Assert.assertEquals("User is disabled", ((ErrorRepresentation) e2.getResponse().readEntity(ErrorRepresentation.class)).getErrorMessage());
        }
        try {
            userRepresentation.setEnabled(true);
            updateUser(userResource, userRepresentation);
            userResource.executeActionsEmail("invalidClientId", "invalidUri", linkedList);
            Assert.fail("Expected failure");
        } catch (ClientErrorException e3) {
            Assert.assertEquals(400L, e3.getResponse().getStatus());
            Assert.assertEquals("Client doesn't exist", ((ErrorRepresentation) e3.getResponse().readEntity(ErrorRepresentation.class)).getErrorMessage());
        }
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void sendResetPasswordEmailSuccess() throws IOException {
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setEnabled(true);
        userRepresentation.setUsername("user1");
        userRepresentation.setEmail("user1@test.com");
        String createUser = createUser(userRepresentation);
        UserResource userResource = this.realm.users().get(createUser);
        LinkedList linkedList = new LinkedList();
        linkedList.add(UserModel.RequiredAction.UPDATE_PASSWORD.name());
        userResource.executeActionsEmail(linkedList);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.ACTION, AdminEventPaths.userResourcePath(createUser) + "/execute-actions-email", ResourceType.USER);
        Assert.assertEquals(1L, this.greenMail.getReceivedMessages().length);
        MailUtils.EmailBody body = MailUtils.getBody(this.greenMail.getReceivedMessages()[0]);
        Assert.assertTrue(body.getText().contains("Update Password"));
        Assert.assertTrue(body.getText().contains("your Admin-client-test account"));
        Assert.assertTrue(body.getText().contains("This link will expire within 12 hours"));
        Assert.assertTrue(body.getHtml().contains("Update Password"));
        Assert.assertTrue(body.getHtml().contains("your Admin-client-test account"));
        Assert.assertTrue(body.getHtml().contains("This link will expire within 12 hours"));
        String passwordResetEmailLink = MailUtils.getPasswordResetEmailLink(body);
        this.driver.navigate().to(passwordResetEmailLink);
        this.proceedPage.assertCurrent();
        Assert.assertThat(this.proceedPage.getInfo(), Matchers.containsString("Update Password"));
        this.proceedPage.clickProceedLink();
        this.passwordUpdatePage.assertCurrent();
        this.passwordUpdatePage.changePassword("new-pass", "new-pass");
        Assert.assertEquals("Your account has been updated.", PageUtils.getPageTitle(this.driver));
        this.driver.navigate().to(passwordResetEmailLink);
        Assert.assertEquals("We are sorry...", PageUtils.getPageTitle(this.driver));
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void sendResetPasswordEmailWithCustomLifespan() throws IOException {
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setEnabled(true);
        userRepresentation.setUsername("user1");
        userRepresentation.setEmail("user1@test.com");
        String createUser = createUser(userRepresentation);
        UserResource userResource = this.realm.users().get(createUser);
        LinkedList linkedList = new LinkedList();
        linkedList.add(UserModel.RequiredAction.UPDATE_PASSWORD.name());
        int seconds = (int) TimeUnit.HOURS.toSeconds(5L);
        userResource.executeActionsEmail(linkedList, Integer.valueOf(seconds));
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.ACTION, AdminEventPaths.userResourcePath(createUser) + "/execute-actions-email", ResourceType.USER);
        Assert.assertEquals(1L, this.greenMail.getReceivedMessages().length);
        MailUtils.EmailBody body = MailUtils.getBody(this.greenMail.getReceivedMessages()[0]);
        Assert.assertTrue(body.getText().contains("Update Password"));
        Assert.assertTrue(body.getText().contains("your Admin-client-test account"));
        Assert.assertTrue(body.getText().contains("This link will expire within 5 hours"));
        Assert.assertTrue(body.getHtml().contains("Update Password"));
        Assert.assertTrue(body.getHtml().contains("your Admin-client-test account"));
        Assert.assertTrue(body.getHtml().contains("This link will expire within 5 hours"));
        String passwordResetEmailLink = MailUtils.getPasswordResetEmailLink(body);
        try {
            AccessToken token = TokenVerifier.create(passwordResetEmailLink.substring(passwordResetEmailLink.indexOf("key=") + "key=".length()), AccessToken.class).getToken();
            Assert.assertEquals(seconds, token.getExpiration() - token.getIssuedAt());
            this.driver.navigate().to(passwordResetEmailLink);
            this.proceedPage.assertCurrent();
            Assert.assertThat(this.proceedPage.getInfo(), Matchers.containsString("Update Password"));
            this.proceedPage.clickProceedLink();
            this.passwordUpdatePage.assertCurrent();
            this.passwordUpdatePage.changePassword("new-pass", "new-pass");
            Assert.assertEquals("Your account has been updated.", PageUtils.getPageTitle(this.driver));
            this.driver.navigate().to(passwordResetEmailLink);
            Assert.assertEquals("We are sorry...", PageUtils.getPageTitle(this.driver));
        } catch (VerificationException e) {
            throw new IOException((Throwable) e);
        }
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void sendResetPasswordEmailSuccessTwoLinks() throws IOException {
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setEnabled(true);
        userRepresentation.setUsername("user1");
        userRepresentation.setEmail("user1@test.com");
        String createUser = createUser(userRepresentation);
        UserResource userResource = this.realm.users().get(createUser);
        LinkedList linkedList = new LinkedList();
        linkedList.add(UserModel.RequiredAction.UPDATE_PASSWORD.name());
        userResource.executeActionsEmail(linkedList);
        userResource.executeActionsEmail(linkedList);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.ACTION, AdminEventPaths.userResourcePath(createUser) + "/execute-actions-email", ResourceType.USER);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.ACTION, AdminEventPaths.userResourcePath(createUser) + "/execute-actions-email", ResourceType.USER);
        Assert.assertEquals(2L, this.greenMail.getReceivedMessages().length);
        int i = 1;
        for (MimeMessage mimeMessage : this.greenMail.getReceivedMessages()) {
            this.driver.navigate().to(MailUtils.getPasswordResetEmailLink(mimeMessage));
            this.proceedPage.assertCurrent();
            Assert.assertThat(this.proceedPage.getInfo(), Matchers.containsString("Update Password"));
            this.proceedPage.clickProceedLink();
            this.passwordUpdatePage.assertCurrent();
            this.passwordUpdatePage.changePassword("new-pass" + i, "new-pass" + i);
            i++;
            Assert.assertEquals("Your account has been updated.", PageUtils.getPageTitle(this.driver));
        }
        for (MimeMessage mimeMessage2 : this.greenMail.getReceivedMessages()) {
            this.driver.navigate().to(MailUtils.getPasswordResetEmailLink(mimeMessage2));
            this.errorPage.assertCurrent();
        }
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void sendResetPasswordEmailSuccessTwoLinksReverse() throws IOException {
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setEnabled(true);
        userRepresentation.setUsername("user1");
        userRepresentation.setEmail("user1@test.com");
        String createUser = createUser(userRepresentation);
        UserResource userResource = this.realm.users().get(createUser);
        LinkedList linkedList = new LinkedList();
        linkedList.add(UserModel.RequiredAction.UPDATE_PASSWORD.name());
        userResource.executeActionsEmail(linkedList);
        userResource.executeActionsEmail(linkedList);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.ACTION, AdminEventPaths.userResourcePath(createUser) + "/execute-actions-email", ResourceType.USER);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.ACTION, AdminEventPaths.userResourcePath(createUser) + "/execute-actions-email", ResourceType.USER);
        Assert.assertEquals(2L, this.greenMail.getReceivedMessages().length);
        int i = 1;
        for (int length = this.greenMail.getReceivedMessages().length - 1; length >= 0; length--) {
            this.driver.navigate().to(MailUtils.getPasswordResetEmailLink(this.greenMail.getReceivedMessages()[length]));
            this.proceedPage.assertCurrent();
            Assert.assertThat(this.proceedPage.getInfo(), Matchers.containsString("Update Password"));
            this.proceedPage.clickProceedLink();
            this.passwordUpdatePage.assertCurrent();
            this.passwordUpdatePage.changePassword("new-pass" + i, "new-pass" + i);
            i++;
            Assert.assertEquals("Your account has been updated.", PageUtils.getPageTitle(this.driver));
        }
        for (MimeMessage mimeMessage : this.greenMail.getReceivedMessages()) {
            this.driver.navigate().to(MailUtils.getPasswordResetEmailLink(mimeMessage));
            this.errorPage.assertCurrent();
        }
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void sendResetPasswordEmailSuccessLinkOpenDoesNotExpireWhenOpenedOnly() throws IOException {
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setEnabled(true);
        userRepresentation.setUsername("user1");
        userRepresentation.setEmail("user1@test.com");
        String createUser = createUser(userRepresentation);
        UserResource userResource = this.realm.users().get(createUser);
        LinkedList linkedList = new LinkedList();
        linkedList.add(UserModel.RequiredAction.UPDATE_PASSWORD.name());
        userResource.executeActionsEmail(linkedList);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.ACTION, AdminEventPaths.userResourcePath(createUser) + "/execute-actions-email", ResourceType.USER);
        Assert.assertEquals(1L, this.greenMail.getReceivedMessages().length);
        String passwordResetEmailLink = MailUtils.getPasswordResetEmailLink(this.greenMail.getReceivedMessages()[0]);
        this.driver.navigate().to(passwordResetEmailLink);
        this.proceedPage.assertCurrent();
        Assert.assertThat(this.proceedPage.getInfo(), Matchers.containsString("Update Password"));
        this.proceedPage.clickProceedLink();
        this.passwordUpdatePage.assertCurrent();
        this.driver.manage().deleteAllCookies();
        this.driver.navigate().to("about:blank");
        this.driver.navigate().to(passwordResetEmailLink);
        this.proceedPage.assertCurrent();
        Assert.assertThat(this.proceedPage.getInfo(), Matchers.containsString("Update Password"));
        this.proceedPage.clickProceedLink();
        this.passwordUpdatePage.assertCurrent();
        this.passwordUpdatePage.changePassword("new-pass", "new-pass");
        Assert.assertEquals("Your account has been updated.", PageUtils.getPageTitle(this.driver));
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void sendResetPasswordEmailSuccessTokenShortLifespan() throws IOException {
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setEnabled(true);
        userRepresentation.setUsername("user1");
        userRepresentation.setEmail("user1@test.com");
        String createUser = createUser(userRepresentation);
        AtomicInteger atomicInteger = new AtomicInteger();
        RealmRepresentation representation = this.realm.toRepresentation();
        atomicInteger.set(representation.getActionTokenGeneratedByAdminLifespan().intValue());
        representation.setActionTokenGeneratedByAdminLifespan(60);
        this.realm.update(representation);
        try {
            UserResource userResource = this.realm.users().get(createUser);
            LinkedList linkedList = new LinkedList();
            linkedList.add(UserModel.RequiredAction.UPDATE_PASSWORD.name());
            userResource.executeActionsEmail(linkedList);
            Assert.assertEquals(1L, this.greenMail.getReceivedMessages().length);
            String passwordResetEmailLink = MailUtils.getPasswordResetEmailLink(this.greenMail.getReceivedMessages()[0]);
            setTimeOffset(70);
            this.driver.navigate().to(passwordResetEmailLink);
            this.errorPage.assertCurrent();
            Assert.assertEquals("Action expired.", this.errorPage.getError());
            setTimeOffset(0);
            representation.setActionTokenGeneratedByAdminLifespan(Integer.valueOf(atomicInteger.get()));
            this.realm.update(representation);
        } catch (Throwable th) {
            setTimeOffset(0);
            representation.setActionTokenGeneratedByAdminLifespan(Integer.valueOf(atomicInteger.get()));
            this.realm.update(representation);
            throw th;
        }
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void sendResetPasswordEmailSuccessWithRecycledAuthSession() throws IOException {
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setEnabled(true);
        userRepresentation.setUsername("user1");
        userRepresentation.setEmail("user1@test.com");
        String createUser = createUser(userRepresentation);
        UserResource userResource = this.realm.users().get(createUser);
        LinkedList linkedList = new LinkedList();
        linkedList.add(UserModel.RequiredAction.UPDATE_PASSWORD.name());
        ClientRepresentation clientRepresentation = new ClientRepresentation();
        clientRepresentation.setClientId("myclient2");
        clientRepresentation.setRedirectUris(new LinkedList());
        clientRepresentation.getRedirectUris().add("http://myclient.com/*");
        clientRepresentation.setName("myclient2");
        clientRepresentation.setEnabled(true);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(ApiUtil.getCreatedId(this.realm.clients().create(clientRepresentation))), clientRepresentation, ResourceType.CLIENT);
        userResource.executeActionsEmail("myclient2", "http://myclient.com/home.html", linkedList);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.ACTION, AdminEventPaths.userResourcePath(createUser) + "/execute-actions-email", ResourceType.USER);
        Assert.assertEquals(1L, this.greenMail.getReceivedMessages().length);
        this.driver.navigate().to(MailUtils.getPasswordResetEmailLink(this.greenMail.getReceivedMessages()[0]));
        userResource.executeActionsEmail(linkedList);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.ACTION, AdminEventPaths.userResourcePath(createUser) + "/execute-actions-email", ResourceType.USER);
        Assert.assertEquals(2L, this.greenMail.getReceivedMessages().length);
        String passwordResetEmailLink = MailUtils.getPasswordResetEmailLink(this.greenMail.getReceivedMessages()[this.greenMail.getReceivedMessages().length - 1]);
        this.driver.navigate().to(passwordResetEmailLink);
        this.proceedPage.assertCurrent();
        Assert.assertThat(this.proceedPage.getInfo(), Matchers.containsString("Update Password"));
        this.proceedPage.clickProceedLink();
        this.passwordUpdatePage.assertCurrent();
        this.passwordUpdatePage.changePassword("new-pass", "new-pass");
        Assert.assertEquals("Your account has been updated.", PageUtils.getPageTitle(this.driver));
        this.driver.navigate().to(passwordResetEmailLink);
        Assert.assertEquals("We are sorry...", PageUtils.getPageTitle(this.driver));
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void sendResetPasswordEmailWithRedirect() throws IOException {
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setEnabled(true);
        userRepresentation.setUsername("user1");
        userRepresentation.setEmail("user1@test.com");
        String createUser = createUser(userRepresentation);
        UserResource userResource = this.realm.users().get(createUser);
        ClientRepresentation clientRepresentation = new ClientRepresentation();
        clientRepresentation.setClientId("myclient");
        clientRepresentation.setRedirectUris(new LinkedList());
        clientRepresentation.getRedirectUris().add("http://myclient.com/*");
        clientRepresentation.setName("myclient");
        clientRepresentation.setEnabled(true);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(ApiUtil.getCreatedId(this.realm.clients().create(clientRepresentation))), clientRepresentation, ResourceType.CLIENT);
        LinkedList linkedList = new LinkedList();
        linkedList.add(UserModel.RequiredAction.UPDATE_PASSWORD.name());
        try {
            userResource.executeActionsEmail("myclient", "http://unregistered-uri.com/", linkedList);
            Assert.fail("Expected failure");
        } catch (ClientErrorException e) {
            Assert.assertEquals(400L, e.getResponse().getStatus());
            Assert.assertEquals("Invalid redirect uri.", ((ErrorRepresentation) e.getResponse().readEntity(ErrorRepresentation.class)).getErrorMessage());
        }
        userResource.executeActionsEmail("myclient", "http://myclient.com/home.html", linkedList);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.ACTION, AdminEventPaths.userResourcePath(createUser) + "/execute-actions-email", ResourceType.USER);
        Assert.assertEquals(1L, this.greenMail.getReceivedMessages().length);
        String passwordResetEmailLink = MailUtils.getPasswordResetEmailLink(this.greenMail.getReceivedMessages()[0]);
        this.driver.navigate().to(passwordResetEmailLink);
        this.proceedPage.assertCurrent();
        Assert.assertThat(this.proceedPage.getInfo(), Matchers.containsString("Update Password"));
        this.proceedPage.clickProceedLink();
        this.passwordUpdatePage.assertCurrent();
        this.passwordUpdatePage.changePassword("new-pass", "new-pass");
        Assert.assertEquals("Your account has been updated.", this.driver.findElement(By.id("kc-page-title")).getText());
        Assert.assertTrue(this.driver.getPageSource().contains("http://myclient.com/home.html"));
        this.driver.navigate().to(passwordResetEmailLink);
        Assert.assertEquals("We are sorry...", PageUtils.getPageTitle(this.driver));
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void sendResetPasswordEmailWithRedirectAndCustomLifespan() throws IOException {
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setEnabled(true);
        userRepresentation.setUsername("user1");
        userRepresentation.setEmail("user1@test.com");
        String createUser = createUser(userRepresentation);
        UserResource userResource = this.realm.users().get(createUser);
        ClientRepresentation clientRepresentation = new ClientRepresentation();
        clientRepresentation.setClientId("myclient");
        clientRepresentation.setRedirectUris(new LinkedList());
        clientRepresentation.getRedirectUris().add("http://myclient.com/*");
        clientRepresentation.setName("myclient");
        clientRepresentation.setEnabled(true);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(ApiUtil.getCreatedId(this.realm.clients().create(clientRepresentation))), clientRepresentation, ResourceType.CLIENT);
        LinkedList linkedList = new LinkedList();
        linkedList.add(UserModel.RequiredAction.UPDATE_PASSWORD.name());
        int seconds = (int) TimeUnit.DAYS.toSeconds(128L);
        try {
            userResource.executeActionsEmail("myclient", "http://unregistered-uri.com/", Integer.valueOf(seconds), linkedList);
            Assert.fail("Expected failure");
        } catch (ClientErrorException e) {
            Assert.assertEquals(400L, e.getResponse().getStatus());
            Assert.assertEquals("Invalid redirect uri.", ((ErrorRepresentation) e.getResponse().readEntity(ErrorRepresentation.class)).getErrorMessage());
        }
        userResource.executeActionsEmail("myclient", "http://myclient.com/home.html", Integer.valueOf(seconds), linkedList);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.ACTION, AdminEventPaths.userResourcePath(createUser) + "/execute-actions-email", ResourceType.USER);
        Assert.assertEquals(1L, this.greenMail.getReceivedMessages().length);
        MimeMessage mimeMessage = this.greenMail.getReceivedMessages()[0];
        MailUtils.EmailBody body = MailUtils.getBody(mimeMessage);
        Assert.assertTrue(body.getText().contains("This link will expire within 128 days"));
        Assert.assertTrue(body.getHtml().contains("This link will expire within 128 days"));
        String passwordResetEmailLink = MailUtils.getPasswordResetEmailLink(mimeMessage);
        try {
            AccessToken token = TokenVerifier.create(passwordResetEmailLink.substring(passwordResetEmailLink.indexOf("key=") + "key=".length()), AccessToken.class).getToken();
            Assert.assertEquals(seconds, token.getExpiration() - token.getIssuedAt());
            this.driver.navigate().to(passwordResetEmailLink);
            this.proceedPage.assertCurrent();
            Assert.assertThat(this.proceedPage.getInfo(), Matchers.containsString("Update Password"));
            this.proceedPage.clickProceedLink();
            this.passwordUpdatePage.assertCurrent();
            this.passwordUpdatePage.changePassword("new-pass", "new-pass");
            Assert.assertEquals("Your account has been updated.", this.driver.findElement(By.id("kc-page-title")).getText());
            Assert.assertTrue(this.driver.getPageSource().contains("http://myclient.com/home.html"));
            this.driver.navigate().to(passwordResetEmailLink);
            Assert.assertEquals("We are sorry...", PageUtils.getPageTitle(this.driver));
        } catch (VerificationException e2) {
            throw new IOException((Throwable) e2);
        }
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void sendVerifyEmail() throws IOException {
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setUsername("user1");
        String createUser = createUser(userRepresentation);
        UserResource userResource = this.realm.users().get(createUser);
        try {
            userResource.sendVerifyEmail();
            Assert.fail("Expected failure");
        } catch (ClientErrorException e) {
            Assert.assertEquals(400L, e.getResponse().getStatus());
            Assert.assertEquals("User email missing", ((ErrorRepresentation) e.getResponse().readEntity(ErrorRepresentation.class)).getErrorMessage());
        }
        try {
            userRepresentation = userResource.toRepresentation();
            userRepresentation.setEmail("user1@localhost");
            userRepresentation.setEnabled(false);
            updateUser(userResource, userRepresentation);
            userResource.sendVerifyEmail();
            Assert.fail("Expected failure");
        } catch (ClientErrorException e2) {
            Assert.assertEquals(400L, e2.getResponse().getStatus());
            Assert.assertEquals("User is disabled", ((ErrorRepresentation) e2.getResponse().readEntity(ErrorRepresentation.class)).getErrorMessage());
        }
        try {
            userRepresentation.setEnabled(true);
            updateUser(userResource, userRepresentation);
            userResource.sendVerifyEmail("invalidClientId");
            Assert.fail("Expected failure");
        } catch (ClientErrorException e3) {
            Assert.assertEquals(400L, e3.getResponse().getStatus());
            Assert.assertEquals("Client doesn't exist", ((ErrorRepresentation) e3.getResponse().readEntity(ErrorRepresentation.class)).getErrorMessage());
        }
        userResource.sendVerifyEmail();
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.ACTION, AdminEventPaths.userResourcePath(createUser) + "/send-verify-email", ResourceType.USER);
        Assert.assertEquals(1L, this.greenMail.getReceivedMessages().length);
        String passwordResetEmailLink = MailUtils.getPasswordResetEmailLink(this.greenMail.getReceivedMessages()[0]);
        this.driver.navigate().to(passwordResetEmailLink);
        this.proceedPage.assertCurrent();
        Assert.assertThat(this.proceedPage.getInfo(), Matchers.containsString("Verify Email"));
        this.proceedPage.clickProceedLink();
        Assert.assertEquals("Your account has been updated.", this.infoPage.getInfo());
        this.driver.navigate().to("about:blank");
        this.driver.navigate().to(passwordResetEmailLink);
        this.proceedPage.assertCurrent();
        Assert.assertThat(this.proceedPage.getInfo(), Matchers.containsString("Verify Email"));
        this.proceedPage.clickProceedLink();
        Assert.assertEquals("Your account has been updated.", this.infoPage.getInfo());
    }

    @Test
    public void updateUserWithNewUsername() {
        switchEditUsernameAllowedOn(true);
        String createUser = createUser();
        UserResource userResource = this.realm.users().get(createUser);
        UserRepresentation representation = userResource.toRepresentation();
        representation.setUsername("user11");
        updateUser(userResource, representation);
        Assert.assertEquals("user11", this.realm.users().get(createUser).toRepresentation().getUsername());
        switchEditUsernameAllowedOn(false);
    }

    @Test
    public void updateUserWithoutUsername() {
        switchEditUsernameAllowedOn(true);
        String createUser = createUser();
        UserResource userResource = this.realm.users().get(createUser);
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setFirstName("Firstname");
        userResource.update(userRepresentation);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.UPDATE, AdminEventPaths.userResourcePath(createUser), userRepresentation, ResourceType.USER);
        UserRepresentation userRepresentation2 = new UserRepresentation();
        userRepresentation2.setLastName("Lastname");
        userResource.update(userRepresentation2);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.UPDATE, AdminEventPaths.userResourcePath(createUser), userRepresentation2, ResourceType.USER);
        UserRepresentation representation = this.realm.users().get(createUser).toRepresentation();
        Assert.assertEquals("user1", representation.getUsername());
        Assert.assertEquals("user1@localhost", representation.getEmail());
        Assert.assertEquals("Firstname", representation.getFirstName());
        Assert.assertEquals("Lastname", representation.getLastName());
        switchEditUsernameAllowedOn(false);
    }

    @Test
    public void updateUserWithEmailAsUsername() {
        switchRegistrationEmailAsUsername(true);
        String createUser = createUser();
        UserResource userResource = this.realm.users().get(createUser);
        UserRepresentation representation = userResource.toRepresentation();
        Assert.assertEquals("user1@localhost", representation.getUsername());
        representation.setEmail("user11@localhost");
        updateUser(userResource, representation);
        Assert.assertEquals("user11@localhost", this.realm.users().get(createUser).toRepresentation().getUsername());
        switchRegistrationEmailAsUsername(false);
    }

    @Test
    public void updateUserWithNewUsernameNotPossible() {
        String createUser = createUser();
        UserResource userResource = this.realm.users().get(createUser);
        UserRepresentation representation = userResource.toRepresentation();
        representation.setUsername("user11");
        updateUser(userResource, representation);
        Assert.assertEquals("user1", this.realm.users().get(createUser).toRepresentation().getUsername());
    }

    @Test
    public void updateUserWithNewUsernameAccessingViaOldUsername() {
        switchEditUsernameAllowedOn(true);
        createUser();
        try {
            UserResource userResource = this.realm.users().get("user1");
            UserRepresentation representation = userResource.toRepresentation();
            representation.setUsername("user1");
            updateUser(userResource, representation);
            this.realm.users().get("user11").toRepresentation();
            Assert.fail("Expected failure");
        } catch (ClientErrorException e) {
            Assert.assertEquals(404L, e.getResponse().getStatus());
        } finally {
            switchEditUsernameAllowedOn(false);
        }
    }

    @Test
    public void updateUserWithExistingUsername() {
        switchEditUsernameAllowedOn(true);
        enableBruteForce(true);
        createUser();
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setUsername("user2");
        try {
            try {
                UserResource userResource = this.realm.users().get(createUser(userRepresentation));
                UserRepresentation representation = userResource.toRepresentation();
                representation.setUsername("user1");
                userResource.update(representation);
                Assert.fail("Expected failure");
                enableBruteForce(false);
                switchEditUsernameAllowedOn(false);
            } catch (ClientErrorException e) {
                Assert.assertEquals(409L, e.getResponse().getStatus());
                this.assertAdminEvents.assertEmpty();
                enableBruteForce(false);
                switchEditUsernameAllowedOn(false);
            }
        } catch (Throwable th) {
            enableBruteForce(false);
            switchEditUsernameAllowedOn(false);
            throw th;
        }
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void updateUserWithRawCredentials() {
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setUsername("user_rawpw");
        userRepresentation.setEmail("email.raw@localhost");
        CredentialRepresentation credentialRepresentation = new CredentialRepresentation();
        credentialRepresentation.setValue("ABCD");
        credentialRepresentation.setType("password");
        userRepresentation.setCredentials(Arrays.asList(credentialRepresentation));
        String createUser = createUser(userRepresentation);
        PasswordCredentialModel createFromCredentialModel = PasswordCredentialModel.createFromCredentialModel(fetchCredentials("user_rawpw"));
        Assert.assertNotNull("Expecting credential", createFromCredentialModel);
        Assert.assertEquals("pbkdf2-sha256", createFromCredentialModel.getPasswordCredentialData().getAlgorithm());
        Assert.assertEquals(27500L, createFromCredentialModel.getPasswordCredentialData().getHashIterations());
        Assert.assertNotEquals("ABCD", createFromCredentialModel.getPasswordSecretData().getValue());
        Assert.assertEquals("password", createFromCredentialModel.getType());
        UserResource userResource = this.realm.users().get(createUser);
        UserRepresentation representation = userResource.toRepresentation();
        CredentialRepresentation credentialRepresentation2 = new CredentialRepresentation();
        credentialRepresentation2.setValue("EFGH");
        credentialRepresentation2.setType("password");
        representation.setCredentials(Arrays.asList(credentialRepresentation2));
        updateUser(userResource, representation);
        PasswordCredentialModel createFromCredentialModel2 = PasswordCredentialModel.createFromCredentialModel(fetchCredentials("user_rawpw"));
        Assert.assertNotNull("Expecting credential", createFromCredentialModel2);
        Assert.assertEquals("pbkdf2-sha256", createFromCredentialModel2.getPasswordCredentialData().getAlgorithm());
        Assert.assertEquals(27500L, createFromCredentialModel2.getPasswordCredentialData().getHashIterations());
        Assert.assertNotEquals("EFGH", createFromCredentialModel2.getPasswordSecretData().getValue());
        Assert.assertEquals("password", createFromCredentialModel2.getType());
    }

    @Test
    @DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
    public void resetUserPassword() {
        String createUser = createUser("user1", "user1@localhost");
        CredentialRepresentation credentialRepresentation = new CredentialRepresentation();
        credentialRepresentation.setType("password");
        credentialRepresentation.setValue("password");
        credentialRepresentation.setTemporary(false);
        this.realm.users().get(createUser).resetPassword(credentialRepresentation);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.ACTION, AdminEventPaths.userResetPasswordPath(createUser), ResourceType.USER);
        this.driver.navigate().to(RealmsResource.accountUrl(UriBuilder.fromUri(getAuthServerRoot())).build(new Object[]{"admin-client-test"}).toString());
        Assert.assertEquals("Sign in to your account", PageUtils.getPageTitle(this.driver));
        this.loginPage.login("user1", "password");
        Assert.assertTrue(this.driver.getTitle().contains("Account Management"));
    }

    @Test
    public void resetUserInvalidPassword() {
        String createUser = createUser("user1", "user1@localhost");
        try {
            CredentialRepresentation credentialRepresentation = new CredentialRepresentation();
            credentialRepresentation.setType("password");
            credentialRepresentation.setValue(" ");
            credentialRepresentation.setTemporary(false);
            this.realm.users().get(createUser).resetPassword(credentialRepresentation);
            Assert.fail("Expected failure");
        } catch (ClientErrorException e) {
            Assert.assertEquals(400L, e.getResponse().getStatus());
            e.getResponse().close();
            this.assertAdminEvents.assertEmpty();
        }
    }

    @Test
    public void testDefaultRequiredActionAdded() {
        RequiredActionProviderRepresentation requiredAction = this.realm.flows().getRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD.toString());
        requiredAction.setDefaultAction(true);
        this.realm.flows().updateRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD.toString(), requiredAction);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.UPDATE, AdminEventPaths.authRequiredActionPath(UserModel.RequiredAction.UPDATE_PASSWORD.toString()), requiredAction, ResourceType.REQUIRED_ACTION);
        UserRepresentation representation = this.realm.users().get(createUser("user1", "user1@localhost")).toRepresentation();
        Assert.assertEquals(1L, representation.getRequiredActions().size());
        Assert.assertEquals(UserModel.RequiredAction.UPDATE_PASSWORD.toString(), representation.getRequiredActions().get(0));
        RequiredActionProviderRepresentation requiredAction2 = this.realm.flows().getRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD.toString());
        requiredAction2.setDefaultAction(false);
        this.realm.flows().updateRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD.toString(), requiredAction2);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.UPDATE, AdminEventPaths.authRequiredActionPath(UserModel.RequiredAction.UPDATE_PASSWORD.toString()), requiredAction2, ResourceType.REQUIRED_ACTION);
    }

    private RoleRepresentation getRoleByName(String str, List<RoleRepresentation> list) {
        for (RoleRepresentation roleRepresentation : list) {
            if (roleRepresentation.getName().equalsIgnoreCase(str)) {
                return roleRepresentation;
            }
        }
        return null;
    }

    @Test
    public void roleMappings() {
        RealmResource realm = this.adminClient.realms().realm("test");
        realm.update(RealmBuilder.edit(realm.toRepresentation()).testEventListener().build());
        RoleRepresentation build = RoleBuilder.create().name("realm-composite").singleAttribute("attribute1", "value1").build();
        realm.roles().create(RoleBuilder.create().name("realm-role").build());
        realm.roles().create(build);
        realm.roles().create(RoleBuilder.create().name("realm-child").build());
        realm.roles().get("realm-composite").addComposites(Collections.singletonList(realm.roles().get("realm-child").toRepresentation()));
        Response create = realm.clients().create(ClientBuilder.create().clientId("myclient").build());
        String createdId = ApiUtil.getCreatedId(create);
        create.close();
        RoleRepresentation build2 = RoleBuilder.create().name("client-composite").singleAttribute("attribute1", "value1").build();
        realm.clients().get(createdId).roles().create(RoleBuilder.create().name("client-role").build());
        realm.clients().get(createdId).roles().create(RoleBuilder.create().name("client-role2").build());
        realm.clients().get(createdId).roles().create(build2);
        realm.clients().get(createdId).roles().create(RoleBuilder.create().name("client-child").build());
        realm.clients().get(createdId).roles().get("client-composite").addComposites(Collections.singletonList(realm.clients().get(createdId).roles().get("client-child").toRepresentation()));
        Response create2 = realm.users().create(UserBuilder.create().username("myuser").build());
        String createdId2 = ApiUtil.getCreatedId(create2);
        create2.close();
        this.assertAdminEvents.clear();
        RoleMappingResource roles = realm.users().get(createdId2).roles();
        org.keycloak.testsuite.Assert.assertNames(roles.realmLevel().listAll(), "default-roles-test");
        org.keycloak.testsuite.Assert.assertNames(roles.realmLevel().listEffective(), "user", "offline_access", "uma_authorization", "default-roles-test");
        LinkedList linkedList = new LinkedList();
        linkedList.add(realm.roles().get("realm-role").toRepresentation());
        linkedList.add(realm.roles().get("realm-composite").toRepresentation());
        roles.realmLevel().add(linkedList);
        this.assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userRealmRoleMappingsPath(createdId2), linkedList, ResourceType.REALM_ROLE_MAPPING);
        List singletonList = Collections.singletonList(realm.clients().get(createdId).roles().get("client-role").toRepresentation());
        roles.clientLevel(createdId).add(singletonList);
        this.assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userClientRoleMappingsPath(createdId2, createdId), singletonList, ResourceType.CLIENT_ROLE_MAPPING);
        roles.clientLevel(createdId).add(Collections.singletonList(realm.clients().get(createdId).roles().get("client-composite").toRepresentation()));
        this.assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userClientRoleMappingsPath(createdId2, createdId), ResourceType.CLIENT_ROLE_MAPPING);
        org.keycloak.testsuite.Assert.assertNames(roles.realmLevel().listAll(), "realm-role", "realm-composite", "default-roles-test");
        org.keycloak.testsuite.Assert.assertNames(roles.realmLevel().listAvailable(), "admin", "customer-user-premium", "realm-composite-role", "sample-realm-role", "attribute-role");
        org.keycloak.testsuite.Assert.assertNames(roles.realmLevel().listEffective(), "realm-role", "realm-composite", "realm-child", "user", "offline_access", "uma_authorization", "default-roles-test");
        RoleRepresentation roleByName = getRoleByName("realm-composite", roles.realmLevel().listEffective(false));
        Assert.assertNotNull(roleByName);
        Assert.assertTrue(roleByName.getAttributes().containsKey("attribute1"));
        org.keycloak.testsuite.Assert.assertNames(roles.clientLevel(createdId).listAll(), "client-role", "client-composite");
        org.keycloak.testsuite.Assert.assertNames(roles.clientLevel(createdId).listAvailable(), "client-role2");
        org.keycloak.testsuite.Assert.assertNames(roles.clientLevel(createdId).listEffective(), "client-role", "client-composite", "client-child");
        RoleRepresentation roleByName2 = getRoleByName("client-composite", roles.clientLevel(createdId).listEffective(false));
        Assert.assertNotNull(roleByName2);
        Assert.assertTrue(roleByName2.getAttributes().containsKey("attribute1"));
        MappingsRepresentation all = roles.getAll();
        org.keycloak.testsuite.Assert.assertNames(all.getRealmMappings(), "realm-role", "realm-composite", "default-roles-test");
        Assert.assertEquals(1L, all.getClientMappings().size());
        org.keycloak.testsuite.Assert.assertNames(((ClientMappingsRepresentation) all.getClientMappings().get("myclient")).getMappings(), "client-role", "client-composite");
        RoleRepresentation representation = realm.roles().get("realm-role").toRepresentation();
        roles.realmLevel().remove(Collections.singletonList(representation));
        this.assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.userRealmRoleMappingsPath(createdId2), Collections.singletonList(representation), ResourceType.REALM_ROLE_MAPPING);
        org.keycloak.testsuite.Assert.assertNames(roles.realmLevel().listAll(), "realm-composite", "default-roles-test");
        RoleRepresentation representation2 = realm.clients().get(createdId).roles().get("client-role").toRepresentation();
        roles.clientLevel(createdId).remove(Collections.singletonList(representation2));
        this.assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.userClientRoleMappingsPath(createdId2, createdId), Collections.singletonList(representation2), ResourceType.CLIENT_ROLE_MAPPING);
        org.keycloak.testsuite.Assert.assertNames(roles.clientLevel(createdId).listAll(), "client-composite");
    }

    @Test
    public void defaultMaxResults() {
        UsersResource users = this.adminClient.realms().realm("test").users();
        for (int i = 0; i < 110; i++) {
            users.create(UserBuilder.create().username("test-" + i).addAttribute("aName", "aValue").build()).close();
        }
        List<UserRepresentation> search = users.search("test", (Integer) null, (Integer) null);
        Assert.assertEquals(100L, search.size());
        for (UserRepresentation userRepresentation : search) {
            Assert.assertThat(userRepresentation.getAttributes(), Matchers.notNullValue());
            Assert.assertThat(userRepresentation.getAttributes().keySet(), Matchers.hasSize(1));
            Assert.assertThat(userRepresentation.getAttributes(), Matchers.hasEntry(Matchers.is("aName"), Matchers.contains(new String[]{"aValue"})));
        }
        Assert.assertEquals(105L, users.search("test", 0, 105).size());
        Assert.assertEquals(111L, users.search("test", 0, 1000).size());
    }

    @Test
    public void defaultMaxResultsBrief() {
        UsersResource users = this.adminClient.realms().realm("test").users();
        for (int i = 0; i < 110; i++) {
            users.create(UserBuilder.create().username("test-" + i).addAttribute("aName", "aValue").build()).close();
        }
        List search = users.search("test", (Integer) null, (Integer) null, true);
        Assert.assertEquals(100L, search.size());
        Iterator it = search.iterator();
        while (it.hasNext()) {
            Assert.assertThat(((UserRepresentation) it.next()).getAttributes(), Matchers.nullValue());
        }
    }

    @Test
    public void testAccessUserFromOtherRealm() {
        RealmRepresentation realmRepresentation = new RealmRepresentation();
        realmRepresentation.setRealm("first-realm");
        this.adminClient.realms().create(realmRepresentation);
        this.realm = this.adminClient.realm(realmRepresentation.getRealm());
        this.realmId = this.realm.toRepresentation().getId();
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setUsername("first");
        userRepresentation.setEmail("first@first-realm.org");
        userRepresentation.setId(createUser(userRepresentation, false));
        RealmRepresentation realmRepresentation2 = new RealmRepresentation();
        realmRepresentation2.setRealm("second-realm");
        this.adminClient.realms().create(realmRepresentation2);
        this.adminClient.realm(realmRepresentation.getRealm()).users().get(userRepresentation.getId()).update(userRepresentation);
        try {
            this.adminClient.realm(realmRepresentation2.getRealm()).users().get(userRepresentation.getId()).toRepresentation();
            Assert.fail("Should not have access to firstUser from another realm");
        } catch (NotFoundException e) {
        }
    }

    private void switchEditUsernameAllowedOn(boolean z) {
        RealmRepresentation representation = this.realm.toRepresentation();
        representation.setEditUsernameAllowed(Boolean.valueOf(z));
        this.realm.update(representation);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.UPDATE, Matchers.nullValue(String.class), representation, ResourceType.REALM);
    }

    private void switchRegistrationEmailAsUsername(boolean z) {
        RealmRepresentation representation = this.realm.toRepresentation();
        representation.setRegistrationEmailAsUsername(Boolean.valueOf(z));
        this.realm.update(representation);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.UPDATE, Matchers.nullValue(String.class), representation, ResourceType.REALM);
    }

    private void enableBruteForce(boolean z) {
        RealmRepresentation representation = this.realm.toRepresentation();
        representation.setBruteForceProtected(Boolean.valueOf(z));
        this.realm.update(representation);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.UPDATE, Matchers.nullValue(String.class), representation, ResourceType.REALM);
    }

    @Test
    @DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
    public void loginShouldFailAfterPasswordDeleted() {
        String createUser = createUser("admin-client-test", "credential-tester", "s3cr37", new String[0]);
        getCleanup("admin-client-test").addUserId(createUser);
        String uri = RealmsResource.accountUrl(UriBuilder.fromUri(getAuthServerRoot())).build(new Object[]{"admin-client-test"}).toString();
        this.driver.navigate().to(uri);
        Assert.assertEquals("Test user should be on the login page.", "Sign in to your account", PageUtils.getPageTitle(this.driver));
        this.loginPage.login("credential-tester", "s3cr37");
        Assert.assertTrue("Test user should be successfully logged in.", this.driver.getTitle().contains("Account Management"));
        this.accountPage.logOut();
        Optional findFirst = this.realm.users().get(createUser).credentials().stream().filter(credentialRepresentation -> {
            return "password".equals(credentialRepresentation.getType());
        }).findFirst();
        Assert.assertTrue("Test user should have a password credential set.", findFirst.isPresent());
        this.realm.users().get(createUser).removeCredential(((CredentialRepresentation) findFirst.get()).getId());
        this.driver.navigate().to(uri);
        Assert.assertEquals("Test user should be on the login page.", "Sign in to your account", PageUtils.getPageTitle(this.driver));
        this.loginPage.login("credential-tester", "s3cr37");
        Assert.assertTrue("Test user should fail to log in after password was deleted.", this.driver.getCurrentUrl().contains(String.format("/realms/%s/login-actions/authenticate", "admin-client-test")));
    }

    @Test
    public void testGetAndMoveCredentials() {
        importTestRealms();
        UserResource findUserByUsernameId = ApiUtil.findUserByUsernameId(testRealm(), "user-with-two-configured-otp");
        List credentials = findUserByUsernameId.credentials();
        List<String> asList = Arrays.asList(((CredentialRepresentation) credentials.get(0)).getId(), ((CredentialRepresentation) credentials.get(1)).getId(), ((CredentialRepresentation) credentials.get(2)).getId());
        assertSameIds(asList, findUserByUsernameId.credentials());
        findUserByUsernameId.moveCredentialAfter(asList.get(0), asList.get(1));
        assertSameIds(Arrays.asList(asList.get(1), asList.get(0), asList.get(2)), findUserByUsernameId.credentials());
        findUserByUsernameId.moveCredentialToFirst(asList.get(2));
        assertSameIds(Arrays.asList(asList.get(2), asList.get(1), asList.get(0)), findUserByUsernameId.credentials());
        findUserByUsernameId.moveCredentialToFirst(asList.get(1));
        findUserByUsernameId.moveCredentialToFirst(asList.get(0));
        assertSameIds(asList, findUserByUsernameId.credentials());
    }

    private void assertSameIds(List<String> list, List<CredentialRepresentation> list2) {
        Assert.assertEquals(list.size(), list2.size());
        for (int i = 0; i < list.size(); i++) {
            Assert.assertEquals(list.get(i), list2.get(i).getId());
        }
    }

    @Test
    public void testUpdateCredentials() {
        importTestRealms();
        UserResource findUserByUsernameId = ApiUtil.findUserByUsernameId(testRealm(), "user-with-one-configured-otp");
        CredentialRepresentation credentialRepresentation = (CredentialRepresentation) findUserByUsernameId.credentials().get(0);
        Assert.assertNull(credentialRepresentation.getUserLabel());
        findUserByUsernameId.setCredentialUserLabel(credentialRepresentation.getId(), "the label");
        Assert.assertEquals("the label", ((CredentialRepresentation) findUserByUsernameId.credentials().get(0)).getUserLabel());
    }

    @Test
    public void testDeleteCredentials() {
        UserResource findUserByUsernameId = ApiUtil.findUserByUsernameId(testRealm(), "john-doh@localhost");
        List credentials = findUserByUsernameId.credentials();
        Assert.assertEquals(1L, credentials.size());
        CredentialRepresentation credentialRepresentation = (CredentialRepresentation) credentials.get(0);
        Assert.assertEquals("password", credentialRepresentation.getType());
        findUserByUsernameId.removeCredential(credentialRepresentation.getId());
        Assert.assertEquals(0L, findUserByUsernameId.credentials().size());
        credentialRepresentation.setValue("password");
        findUserByUsernameId.resetPassword(credentialRepresentation);
        Assert.assertEquals(1L, findUserByUsernameId.credentials().size());
    }

    @Test
    public void testCRUDCredentialsOfDifferentUser() {
        UserResource findUserByUsernameId = ApiUtil.findUserByUsernameId(testRealm(), "user-with-one-configured-otp");
        CredentialRepresentation credentialRepresentation = (CredentialRepresentation) findUserByUsernameId.credentials().stream().filter(credentialRepresentation2 -> {
            return "otp".equals(credentialRepresentation2.getType());
        }).findFirst().get();
        UserResource findUserByUsernameId2 = ApiUtil.findUserByUsernameId(testRealm(), AssertEvents.DEFAULT_USERNAME);
        try {
            findUserByUsernameId2.setCredentialUserLabel(credentialRepresentation.getId(), "new-label");
            Assert.fail("Not expected to successfully update user label");
        } catch (NotFoundException e) {
        }
        try {
            findUserByUsernameId2.moveCredentialToFirst(credentialRepresentation.getId());
            Assert.fail("Not expected to successfully move credential");
        } catch (NotFoundException e2) {
        }
        try {
            findUserByUsernameId2.removeCredential(credentialRepresentation.getId());
            Assert.fail("Not expected to successfully remove credential");
        } catch (NotFoundException e3) {
        }
        CredentialRepresentation credentialRepresentation3 = (CredentialRepresentation) findUserByUsernameId.credentials().stream().filter(credentialRepresentation4 -> {
            return "otp".equals(credentialRepresentation4.getType());
        }).findFirst().get();
        Assert.assertTrue(ObjectUtil.isEqualOrBothNull(credentialRepresentation.getUserLabel(), credentialRepresentation3.getUserLabel()));
        Assert.assertTrue(ObjectUtil.isEqualOrBothNull(credentialRepresentation.getPriority(), credentialRepresentation3.getPriority()));
    }

    @Test
    public void testGetGroupsForUserFullRepresentation() {
        RealmResource realm = this.adminClient.realms().realm("test");
        HashMap hashMap = new HashMap();
        hashMap.put("attribute1", Arrays.asList("attribute1", "attribute2"));
        Creator create = Creator.create(realm, UserBuilder.edit(createUserRepresentation("averagejoe", "joe@average.com", "average", "joe", true)).addPassword("password").build());
        Throwable th = null;
        try {
            Creator create2 = Creator.create(realm, GroupBuilder.create().name("groupWithAttribute").attributes(hashMap).build());
            Throwable th2 = null;
            try {
                try {
                    String id = create2.id();
                    UserResource userResource = (UserResource) create.resource();
                    userResource.joinGroup(id);
                    List groups = userResource.groups(0, 100, false);
                    Assert.assertFalse(groups.isEmpty());
                    Assert.assertTrue(((GroupRepresentation) groups.get(0)).getAttributes().containsKey("attribute1"));
                    if (create2 != null) {
                        if (0 != 0) {
                            try {
                                create2.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            create2.close();
                        }
                    }
                    if (create != null) {
                        if (0 == 0) {
                            create.close();
                            return;
                        }
                        try {
                            create.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    }
                } catch (Throwable th5) {
                    th2 = th5;
                    throw th5;
                }
            } catch (Throwable th6) {
                if (create2 != null) {
                    if (th2 != null) {
                        try {
                            create2.close();
                        } catch (Throwable th7) {
                            th2.addSuppressed(th7);
                        }
                    } else {
                        create2.close();
                    }
                }
                throw th6;
            }
        } catch (Throwable th8) {
            if (create != null) {
                if (0 != 0) {
                    try {
                        create.close();
                    } catch (Throwable th9) {
                        th.addSuppressed(th9);
                    }
                } else {
                    create.close();
                }
            }
            throw th8;
        }
    }

    @Test
    public void groupMembershipPaginated() {
        String createUser = createUser(UserBuilder.create().username("user-a").build());
        for (int i = 1; i <= 10; i++) {
            GroupRepresentation groupRepresentation = new GroupRepresentation();
            groupRepresentation.setName("group-" + i);
            String id = createGroup(this.realm, groupRepresentation).getId();
            this.realm.users().get(createUser).joinGroup(id);
            this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.userGroupPath(createUser, id), groupRepresentation, ResourceType.GROUP_MEMBERSHIP);
        }
        List groups = this.realm.users().get(createUser).groups(5, 6);
        Assert.assertEquals(groups.size(), 5L);
        org.keycloak.testsuite.Assert.assertNames(groups, "group-5", "group-6", "group-7", "group-8", "group-9");
    }

    @Test
    public void groupMembershipSearch() {
        String createUser = createUser(UserBuilder.create().username("user-b").build());
        for (int i = 1; i <= 10; i++) {
            GroupRepresentation groupRepresentation = new GroupRepresentation();
            groupRepresentation.setName("group-" + i);
            String id = createGroup(this.realm, groupRepresentation).getId();
            this.realm.users().get(createUser).joinGroup(id);
            this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.userGroupPath(createUser, id), groupRepresentation, ResourceType.GROUP_MEMBERSHIP);
        }
        List groups = this.realm.users().get(createUser).groups("-3", 0, 10);
        Assert.assertThat(this.realm.users().get(createUser).groupsCount("-3").get("count"), Matchers.is(1L));
        Assert.assertEquals(1L, groups.size());
        org.keycloak.testsuite.Assert.assertNames(groups, "group-3");
        List groups2 = this.realm.users().get(createUser).groups("1", 0, 10);
        Assert.assertThat(this.realm.users().get(createUser).groupsCount("1").get("count"), Matchers.is(2L));
        Assert.assertEquals(2L, groups2.size());
        org.keycloak.testsuite.Assert.assertNames(groups2, "group-1", "group-10");
        Assert.assertEquals(0L, this.realm.users().get(createUser).groups("1", 2, 10).size());
        List groups3 = this.realm.users().get(createUser).groups("gr", 2, 10);
        Assert.assertThat(this.realm.users().get(createUser).groupsCount("gr").get("count"), Matchers.is(10L));
        Assert.assertEquals(8L, groups3.size());
        Assert.assertEquals(8L, this.realm.users().get(createUser).groups("Gr", 2, 10).size());
    }

    @Test
    public void createFederatedIdentities() {
        addSampleIdentityProvider();
        List federatedIdentity = this.realm.users().get(createUser(UserBuilder.create().username("federated-identities").federatedLink("social-provider-id", "federated-user-id").build(), false)).getFederatedIdentity();
        Assert.assertEquals(1L, federatedIdentity.size());
        Assert.assertEquals("federated-user-id", ((FederatedIdentityRepresentation) federatedIdentity.get(0)).getUserId());
        Assert.assertEquals("federated-identities", ((FederatedIdentityRepresentation) federatedIdentity.get(0)).getUserName());
        Assert.assertEquals("social-provider-id", ((FederatedIdentityRepresentation) federatedIdentity.get(0)).getIdentityProvider());
    }

    @Test
    public void createUserWithGroups() {
        createGroup(this.realm, GroupBuilder.create().name("test-group").build());
        List groups = this.realm.users().get(createUser(UserBuilder.create().username("user-with-groups").addGroups("test-group").build())).groups();
        Assert.assertEquals(1L, groups.size());
        Assert.assertEquals("test-group", ((GroupRepresentation) groups.get(0)).getName());
    }

    private GroupRepresentation createGroup(RealmResource realmResource, GroupRepresentation groupRepresentation) {
        Response add = realmResource.groups().add(groupRepresentation);
        String createdId = ApiUtil.getCreatedId(add);
        getCleanup().addGroupId(createdId);
        add.close();
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.groupPath(createdId), groupRepresentation, ResourceType.GROUP);
        groupRepresentation.setId(createdId);
        return groupRepresentation;
    }

    @Test
    public void failCreateUserUsingRegularUser() throws Exception {
        Keycloak createAdminClient = AdminClientUtil.createAdminClient(this.suiteContext.isAdapterCompatTesting(), "test", testRealm().users().get(ApiUtil.getCreatedId(testRealm().users().create(UserBuilder.create().username("regular-user").password("password").build()))).toRepresentation().getUsername(), "password", "admin-cli", (String) null);
        Throwable th = null;
        try {
            try {
                UserRepresentation build = UserBuilder.create().username("do-not-create-me").build();
                Assert.assertEquals(Response.Status.FORBIDDEN.getStatusCode(), createAdminClient.realm("test").users().create(build).getStatus());
                build.setGroups(Collections.emptyList());
                Assert.assertEquals(Response.Status.FORBIDDEN.getStatusCode(), createAdminClient.realm("test").users().create(build).getStatus());
                if (createAdminClient != null) {
                    if (0 == 0) {
                        createAdminClient.close();
                        return;
                    }
                    try {
                        createAdminClient.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (createAdminClient != null) {
                if (th != null) {
                    try {
                        createAdminClient.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    createAdminClient.close();
                }
            }
            throw th4;
        }
    }

    @Test
    public void testCreateUserDoNotGrantRole() {
        testRealm().roles().create(RoleBuilder.create().name("realm-role").build());
        String str = "realm-role";
        Assert.assertFalse(testRealm().users().get(ApiUtil.getCreatedId(testRealm().users().create(UserBuilder.create().username("alice").password("password").addRoles("realm-role").build()))).roles().getAll().getRealmMappings().stream().map((v0) -> {
            return v0.getName();
        }).anyMatch((v1) -> {
            return r1.equals(v1);
        }));
    }
}
