package org.keycloak.testsuite.forms;

import java.io.IOException;
import java.util.Collections;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.common.Profile;
import org.keycloak.common.util.Retry;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
import org.keycloak.testsuite.auth.page.account.AccountManagement;
import org.keycloak.testsuite.oauth.BackchannelLogoutTest;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.ErrorPage;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.updaters.ClientAttributeUpdater;
import org.keycloak.testsuite.updaters.RealmAttributeUpdater;
import org.keycloak.testsuite.updaters.ServerResourceUpdater;
import org.keycloak.testsuite.util.ClientManager;
import org.keycloak.testsuite.util.InfinispanTestTimeServiceRule;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.ServerURLs;
import org.keycloak.testsuite.util.URLAssert;
import org.keycloak.testsuite.util.WaitUtils;
import org.openqa.selenium.WebDriver;

/* loaded from: input_file:org/keycloak/testsuite/forms/LogoutTest.class */
public class LogoutTest extends AbstractTestRealmKeycloakTest {

    @Rule
    public AssertEvents events = new AssertEvents(this);

    @Rule
    public InfinispanTestTimeServiceRule ispnTestTimeService = new InfinispanTestTimeServiceRule(this);

    @Page
    protected AppPage appPage;

    @Page
    protected LoginPage loginPage;

    @Page
    protected AccountManagement accountManagementPage;

    @Page
    private ErrorPage errorPage;

    @Override // org.keycloak.testsuite.AbstractTestRealmKeycloakTest
    public void configureTestRealm(RealmRepresentation realmRepresentation) {
    }

    @Before
    public void clientConfiguration() {
        ClientManager.realm(this.adminClient.realm("test")).clientId(AssertEvents.DEFAULT_CLIENT_ID).directAccessGrant(true);
    }

    @Test
    public void logoutRedirect() {
        this.loginPage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertTrue(this.appPage.isCurrent());
        String sessionId = this.events.expectLogin().assertEvent().getSessionId();
        StringBuilder sb = new StringBuilder();
        OAuthClient oAuthClient = this.oauth;
        String sb2 = sb.append(OAuthClient.APP_AUTH_ROOT).append("?logout").toString();
        String build = this.oauth.getLogoutUrl().redirectUri(sb2).build();
        this.driver.navigate().to(build);
        this.events.expectLogout(sessionId).detail("redirect_uri", sb2).assertEvent();
        URLAssert.assertCurrentUrlEquals(sb2);
        this.loginPage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertTrue(this.appPage.isCurrent());
        String sessionId2 = this.events.expectLogin().assertEvent().getSessionId();
        Assert.assertNotEquals(sessionId, sessionId2);
        this.driver.navigate().to(build);
        this.events.expectLogout(sessionId2).detail("redirect_uri", sb2).assertEvent();
    }

    @Test
    public void logoutRedirectWithStarRedirectUriForDirectGrantClient() {
        ClientResource findClientByClientId = ApiUtil.findClientByClientId(testRealm(), "direct-grant");
        ClientRepresentation representation = findClientByClientId.toRepresentation();
        ClientRepresentation representation2 = findClientByClientId.toRepresentation();
        representation2.setStandardFlowEnabled(false);
        representation2.setImplicitFlowEnabled(false);
        representation2.setRedirectUris(Collections.singletonList("*"));
        findClientByClientId.update(representation2);
        try {
            this.loginPage.open();
            this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
            Assert.assertTrue(this.appPage.isCurrent());
            this.events.expectLogin().assertEvent();
            String str = ServerURLs.getAuthServerContextRoot() + "/bar";
            this.driver.navigate().to(this.oauth.getLogoutUrl().redirectUri(str).build());
            this.events.expectLogoutError("invalid_redirect_uri").assertEvent();
            URLAssert.assertCurrentUrlDoesntStartWith(str);
            this.errorPage.assertCurrent();
            org.keycloak.testsuite.Assert.assertEquals("Invalid redirect uri", this.errorPage.getError());
            findClientByClientId.update(representation);
        } catch (Throwable th) {
            findClientByClientId.update(representation);
            throw th;
        }
    }

    @Test
    public void logoutSession() {
        this.loginPage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertTrue(this.appPage.isCurrent());
        String sessionId = this.events.expectLogin().assertEvent().getSessionId();
        String build = this.oauth.getLogoutUrl().sessionState(sessionId).build();
        this.driver.navigate().to(build);
        this.events.expectLogout(sessionId).removeDetail("redirect_uri").assertEvent();
        URLAssert.assertCurrentUrlEquals(build);
        this.loginPage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertTrue(this.appPage.isCurrent());
        Assert.assertNotEquals(sessionId, this.events.expectLogin().assertEvent().getSessionId());
    }

    @Test
    public void logoutWithExpiredSession() throws Exception {
        ServerResourceUpdater update = new RealmAttributeUpdater(this.adminClient.realm("test")).updateWith(realmRepresentation -> {
            realmRepresentation.setSsoSessionMaxLifespan(2);
        }).update();
        Throwable th = null;
        try {
            this.oauth.doLogin(AssertEvents.DEFAULT_USERNAME, "password");
            String str = (String) this.oauth.getCurrentQuery().get("code");
            this.oauth.clientSessionState("client-session");
            String idToken = this.oauth.doAccessTokenRequest(str, "password").getIdToken();
            setTimeOffset(9999);
            OAuthClient.LogoutUrlBuilder logoutUrl = this.oauth.getLogoutUrl();
            OAuthClient oAuthClient = this.oauth;
            this.driver.navigate().to(logoutUrl.redirectUri(OAuthClient.APP_AUTH_ROOT).idTokenHint(idToken).build());
            this.appPage.assertCurrent();
            this.driver.navigate().to(this.oauth.getLoginFormUrl());
            WaitUtils.waitForPageToLoad();
            this.loginPage.assertCurrent();
            if (update != null) {
                if (0 == 0) {
                    update.close();
                    return;
                }
                try {
                    update.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (update != null) {
                if (0 != 0) {
                    try {
                        update.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    update.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void logoutMultipleSessions() throws IOException {
        this.loginPage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertTrue(this.appPage.isCurrent());
        String sessionId = this.events.expectLogin().assertEvent().getSessionId();
        this.oauth.openLoginForm();
        this.events.expectLogin().session(sessionId).removeDetail("username").assertEvent();
        WebDriver.Navigation navigate = this.driver.navigate();
        OAuthClient.LogoutUrlBuilder logoutUrl = this.oauth.getLogoutUrl();
        OAuthClient oAuthClient = this.oauth;
        navigate.to(logoutUrl.redirectUri(OAuthClient.APP_AUTH_ROOT).build());
        AssertEvents.ExpectedEvent expectLogout = this.events.expectLogout(sessionId);
        OAuthClient oAuthClient2 = this.oauth;
        expectLogout.detail("redirect_uri", OAuthClient.APP_AUTH_ROOT).assertEvent();
        this.oauth.openLoginForm();
        this.loginPage.assertCurrent();
        this.oauth.doLogin(AssertEvents.DEFAULT_USERNAME, "password");
        String sessionId2 = this.events.expectLogin().assertEvent().getSessionId();
        Assert.assertNotEquals(sessionId, sessionId2);
        this.oauth.openLoginForm();
        this.events.expectLogin().session(sessionId2).removeDetail("username").assertEvent();
        WebDriver.Navigation navigate2 = this.driver.navigate();
        OAuthClient.LogoutUrlBuilder logoutUrl2 = this.oauth.getLogoutUrl();
        OAuthClient oAuthClient3 = this.oauth;
        navigate2.to(logoutUrl2.redirectUri(OAuthClient.APP_AUTH_ROOT).build());
        AssertEvents.ExpectedEvent expectLogout2 = this.events.expectLogout(sessionId2);
        OAuthClient oAuthClient4 = this.oauth;
        expectLogout2.detail("redirect_uri", OAuthClient.APP_AUTH_ROOT).assertEvent();
    }

    @Test
    @DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
    public void logoutWithRememberMe() {
        setRememberMe(true);
        try {
            this.loginPage.open();
            Assert.assertFalse(this.loginPage.isRememberMeChecked());
            this.loginPage.setRememberMe(true);
            Assert.assertTrue(this.loginPage.isRememberMeChecked());
            this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
            this.testingClient.testing().removeUserSession("test", this.events.expectLogin().assertEvent().getSessionId());
            this.loginPage.open();
            Assert.assertTrue(this.loginPage.isRememberMeChecked());
            Assert.assertEquals(AssertEvents.DEFAULT_USERNAME, this.loginPage.getUsername());
            this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
            this.appPage.openAccount();
            this.accountManagementPage.signOut();
            Assert.assertTrue(this.loginPage.isCurrent());
            Assert.assertFalse(this.loginPage.isRememberMeChecked());
            Assert.assertNotEquals(AssertEvents.DEFAULT_USERNAME, this.loginPage.getUsername());
        } finally {
            setRememberMe(false);
        }
    }

    private void setRememberMe(boolean z) {
        RealmRepresentation representation = this.adminClient.realm("test").toRepresentation();
        representation.setRememberMe(Boolean.valueOf(z));
        this.adminClient.realm("test").update(representation);
    }

    @Test
    public void logoutSessionWhenLoggedOutByAdmin() {
        this.loginPage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertTrue(this.appPage.isCurrent());
        String sessionId = this.events.expectLogin().assertEvent().getSessionId();
        this.adminClient.realm("test").logoutAll();
        String build = this.oauth.getLogoutUrl().sessionState(sessionId).build();
        this.driver.navigate().to(build);
        URLAssert.assertCurrentUrlEquals(build);
        this.loginPage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertTrue(this.appPage.isCurrent());
        String sessionId2 = this.events.expectLogin().assertEvent().getSessionId();
        Assert.assertNotEquals(sessionId, sessionId2);
        this.driver.navigate().to(build);
        this.events.expectLogout(sessionId2).removeDetail("redirect_uri").assertEvent();
    }

    @Test
    public void logoutUserByAdmin() {
        this.loginPage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertTrue(this.appPage.isCurrent());
        this.events.expectLogin().assertEvent().getSessionId();
        UserRepresentation findUserByUsername = ApiUtil.findUserByUsername(this.adminClient.realm("test"), AssertEvents.DEFAULT_USERNAME);
        org.keycloak.testsuite.Assert.assertEquals(0, findUserByUsername.getNotBefore());
        this.adminClient.realm("test").users().get(findUserByUsername.getId()).logout();
        Retry.execute(() -> {
            org.keycloak.testsuite.Assert.assertTrue(this.adminClient.realm("test").users().get(findUserByUsername.getId()).toRepresentation().getNotBefore().intValue() > 0);
            this.loginPage.open();
            this.loginPage.assertCurrent();
        }, 10, 200L);
    }

    @Test
    public void testLogoutWhenAccountClientRenamed() throws IOException {
        ServerResourceUpdater update = ClientAttributeUpdater.forClient(this.adminClient, "test", BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).setClientId("account-changed").update();
        Throwable th = null;
        try {
            logoutRedirect();
            if (update != null) {
                if (0 == 0) {
                    update.close();
                    return;
                }
                try {
                    update.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (update != null) {
                if (0 != 0) {
                    try {
                        update.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    update.close();
                }
            }
            throw th3;
        }
    }
}
