package org.keycloak.testsuite.admin;

import org.jboss.arquillian.graphene.page.Page;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.common.Profile;
import org.keycloak.events.EventType;
import org.keycloak.events.admin.OperationType;
import org.keycloak.models.utils.TimeBasedOTP;
import org.keycloak.representations.idm.AdminEventRepresentation;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
import org.keycloak.testsuite.oauth.BackchannelLogoutTest;
import org.keycloak.testsuite.pages.AccountTotpPage;
import org.keycloak.testsuite.pages.AccountUpdateProfilePage;
import org.keycloak.testsuite.pages.LoginPage;

@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
/* loaded from: input_file:org/keycloak/testsuite/admin/UserTotpTest.class */
public class UserTotpTest extends AbstractTestRealmKeycloakTest {

    @Page
    protected AccountTotpPage totpPage;

    @Page
    protected AccountUpdateProfilePage profilePage;

    @Page
    protected LoginPage loginPage;

    @Rule
    public AssertEvents events = new AssertEvents(this);
    private TimeBasedOTP totp = new TimeBasedOTP();

    @Override // org.keycloak.testsuite.AbstractTestRealmKeycloakTest
    public void configureTestRealm(RealmRepresentation realmRepresentation) {
    }

    @Test
    public void setupTotp() {
        this.totpPage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        this.events.expectLogin().client(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).detail("redirect_uri", getAccountRedirectUrl() + "?path=totp").assertEvent();
        Assert.assertTrue(this.totpPage.isCurrent());
        Assert.assertFalse(this.driver.getPageSource().contains("Remove Google"));
        this.totpPage.configure(this.totp.generateTOTP(this.totpPage.getTotpSecret()));
        Assert.assertEquals("Mobile authenticator configured.", this.profilePage.getSuccess());
        this.events.expectAccount(EventType.UPDATE_TOTP).assertEvent();
        Assert.assertTrue(this.driver.getPageSource().contains("pficon-delete"));
        String id = ((UserRepresentation) this.adminClient.realms().realm("test").users().search(AssertEvents.DEFAULT_USERNAME, (String) null, (String) null, (String) null, 0, 1).get(0)).getId();
        this.testingClient.testing().clearAdminEventQueue();
        CredentialRepresentation credentialRepresentation = (CredentialRepresentation) this.adminClient.realms().realm("test").users().get(id).credentials().stream().filter(credentialRepresentation2 -> {
            return "otp".equals(credentialRepresentation2.getType());
        }).findFirst().get();
        this.adminClient.realms().realm("test").users().get(id).removeCredential(credentialRepresentation.getId());
        this.totpPage.open();
        Assert.assertFalse(this.driver.getPageSource().contains("pficon-delete"));
        AdminEventRepresentation pollAdminEvent = this.testingClient.testing().pollAdminEvent();
        Assert.assertNotNull(pollAdminEvent);
        Assert.assertEquals(OperationType.ACTION.name(), pollAdminEvent.getOperationType());
        Assert.assertEquals("users/" + id + "/credentials/" + credentialRepresentation.getId(), pollAdminEvent.getResourcePath());
    }
}
