package org.keycloak.testsuite.broker;

import org.jboss.arquillian.graphene.page.Page;
import org.junit.Before;
import org.junit.Test;
import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.models.UserModel;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.pages.PasswordPage;
import org.keycloak.testsuite.pages.SelectAuthenticatorPage;
import org.keycloak.testsuite.util.UserBuilder;

/* loaded from: input_file:org/keycloak/testsuite/broker/KcOidcFirstBrokerLoginNewAuthTest.class */
public class KcOidcFirstBrokerLoginNewAuthTest extends AbstractInitializedBaseBrokerTest {

    @Page
    PasswordPage passwordPage;

    @Page
    protected SelectAuthenticatorPage selectAuthenticatorPage;

    @Override // org.keycloak.testsuite.broker.AbstractBaseBrokerTest
    protected BrokerConfiguration getBrokerConfiguration() {
        return KcOidcBrokerConfiguration.INSTANCE;
    }

    @Before
    public void disableReviewProfileBeforeTest() {
        updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
    }

    @Test
    public void testReAuthenticateWithPasswordAndConditionalOTP_otpNotRequested() {
        configureBrokerFlowToReAuthenticationWithPasswordForm(this.bc.getIDPAlias(), "first broker login with password form");
        String createUser = createUser("consumer");
        loginWithBrokerAndConfirmLinkAccount();
        Assert.assertTrue(this.passwordPage.isCurrent("consumer"));
        this.passwordPage.login("bad-password");
        Assert.assertEquals("Invalid password.", this.passwordPage.getPasswordError());
        this.passwordPage.login("password");
        assertUserAuthenticatedInConsumer(createUser);
    }

    @Test
    public void testReAuthenticateWithPasswordAndConditionalOTP_otpRequested() {
        configureBrokerFlowToReAuthenticationWithPasswordForm(this.bc.getIDPAlias(), "first broker login with password form");
        String createUser = createUser("consumer");
        String addTOTPToUser = addTOTPToUser("consumer");
        loginWithBrokerAndConfirmLinkAccount();
        Assert.assertTrue(this.passwordPage.isCurrent("consumer"));
        this.passwordPage.login("password");
        this.loginTotpPage.assertCurrent();
        this.loginTotpPage.login(this.totp.generateTOTP(addTOTPToUser));
        assertUserAuthenticatedInConsumer(createUser);
    }

    @Test
    public void testReAuthenticateWithPasswordOrOTP_otpNotConfigured_passwordUsed() {
        configureBrokerFlowToReAuthenticationWithPasswordOrTotp(this.bc.getIDPAlias(), "first broker login with password or totp");
        String createUser = createUser("consumer");
        loginWithBrokerAndConfirmLinkAccount();
        Assert.assertTrue(this.passwordPage.isCurrent("consumer"));
        this.passwordPage.assertTryAnotherWayLinkAvailability(false);
        Assert.assertTrue(this.passwordPage.isCurrent("consumer"));
        this.passwordPage.login("password");
        assertUserAuthenticatedInConsumer(createUser);
    }

    @Test
    public void testReAuthenticateWithPasswordOrOTP_otpConfigured_passwordUsed() {
        configureBrokerFlowToReAuthenticationWithPasswordOrTotp(this.bc.getIDPAlias(), "first broker login with password or totp");
        String createUser = createUser("consumer");
        addTOTPToUser("consumer");
        loginWithBrokerAndConfirmLinkAccount();
        Assert.assertTrue(this.passwordPage.isCurrent("consumer"));
        this.passwordPage.assertTryAnotherWayLinkAvailability(true);
        this.passwordPage.clickTryAnotherWayLink();
        this.selectAuthenticatorPage.assertCurrent();
        Assert.assertNames(this.selectAuthenticatorPage.getAvailableLoginMethods(), "Password", "Authenticator Application");
        this.selectAuthenticatorPage.selectLoginMethod("Password");
        Assert.assertTrue(this.passwordPage.isCurrent("consumer"));
        this.passwordPage.login("password");
        assertUserAuthenticatedInConsumer(createUser);
    }

    @Test
    public void testReAuthenticateWithPasswordOrOTP_otpConfigured_otpUsed() {
        configureBrokerFlowToReAuthenticationWithPasswordOrTotp(this.bc.getIDPAlias(), "first broker login with password or totp");
        String createUser = createUser("consumer");
        String addTOTPToUser = addTOTPToUser("consumer");
        loginWithBrokerAndConfirmLinkAccount();
        Assert.assertTrue(this.passwordPage.isCurrent("consumer"));
        this.passwordPage.assertTryAnotherWayLinkAvailability(true);
        this.passwordPage.clickTryAnotherWayLink();
        this.selectAuthenticatorPage.assertCurrent();
        this.selectAuthenticatorPage.selectLoginMethod("Authenticator Application");
        this.loginTotpPage.assertCurrent();
        this.loginTotpPage.login(this.totp.generateTOTP(addTOTPToUser));
        assertUserAuthenticatedInConsumer(createUser);
    }

    private String addTOTPToUser(String str) {
        UserResource findUserByUsernameId = ApiUtil.findUserByUsernameId(this.adminClient.realm(this.bc.consumerRealmName()), str);
        findUserByUsernameId.update(UserBuilder.edit(findUserByUsernameId.toRepresentation()).requiredAction(UserModel.RequiredAction.CONFIGURE_TOTP.toString()).build());
        this.driver.navigate().to(getAccountUrl(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName()));
        this.loginPage.login(str, "password");
        this.totpPage.assertCurrent();
        String totpSecret = this.totpPage.getTotpSecret();
        this.totpPage.configure(this.totp.generateTOTP(totpSecret));
        findUserByUsernameId.logout();
        return totpSecret;
    }

    private void loginWithBrokerAndConfirmLinkAccount() {
        this.driver.navigate().to(getAccountUrl(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName()));
        logInWithBroker(this.bc);
        BrokerTestTools.waitForPage(this.driver, "account already exists", false);
        org.junit.Assert.assertTrue(this.idpConfirmLinkPage.isCurrent());
        org.junit.Assert.assertEquals("User with email user@localhost.com already exists. How do you want to continue?", this.idpConfirmLinkPage.getMessage());
        this.idpConfirmLinkPage.clickLinkAccount();
    }

    private void assertUserAuthenticatedInConsumer(String str) {
        waitForAccountManagementTitle();
        this.accountUpdateProfilePage.assertCurrent();
        assertNumFederatedIdentities(str, 1);
    }

    private void configureBrokerFlowToReAuthenticationWithPasswordForm(String str, String str2) {
        BrokerRunOnServerUtil.configureBrokerFlowToReAuthenticationWithPasswordForm(this.testingClient, this.bc.consumerRealmName(), str, str2);
    }

    private void configureBrokerFlowToReAuthenticationWithPasswordOrTotp(String str, String str2) {
        BrokerRunOnServerUtil.configureBrokerFlowToReAuthenticationWithPasswordOrTotp(this.testingClient, this.bc.consumerRealmName(), str, str2);
    }
}
