package org.keycloak.testsuite.broker;

import java.util.List;
import java.util.Map;
import org.junit.Test;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.models.IdentityProviderSyncMode;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.oauth.BackchannelLogoutTest;
import org.keycloak.testsuite.util.UserBuilder;

/* loaded from: input_file:org/keycloak/testsuite/broker/KcOidcBrokerPromptNoneRedirectTest.class */
public class KcOidcBrokerPromptNoneRedirectTest extends AbstractInitializedBaseBrokerTest {

    /* loaded from: input_file:org/keycloak/testsuite/broker/KcOidcBrokerPromptNoneRedirectTest$KcOidcBrokerPromptNoneConfiguration.class */
    private class KcOidcBrokerPromptNoneConfiguration extends KcOidcBrokerConfiguration {
        private KcOidcBrokerPromptNoneConfiguration() {
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.keycloak.testsuite.broker.KcOidcBrokerConfiguration
        public void applyDefaultConfiguration(Map<String, String> map, IdentityProviderSyncMode identityProviderSyncMode) {
            super.applyDefaultConfiguration(map, identityProviderSyncMode);
            map.remove("prompt");
            map.put("acceptsPromptNoneForwardFromClient", "true");
        }
    }

    @Override // org.keycloak.testsuite.broker.AbstractBaseBrokerTest
    protected BrokerConfiguration getBrokerConfiguration() {
        return new KcOidcBrokerPromptNoneConfiguration();
    }

    @Test
    public void testSuccessfulRedirectToProviderWithPromptNone() throws Exception {
        updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
        authenticateDirectlyInIDP();
        this.driver.navigate().to(getAccountUrl(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName()));
        BrokerTestTools.waitForPage(this.driver, "sign in to", true);
        this.driver.navigate().to(this.driver.getCurrentUrl() + "&kc_idp_hint=" + this.bc.getIDPAlias() + "&prompt=none");
        waitForAccountManagementTitle();
        Assert.assertTrue(this.driver.getCurrentUrl().contains("/auth/realms/" + this.bc.consumerRealmName() + "/account"));
        this.accountUpdateProfilePage.assertCurrent();
        logoutFromRealm(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName(), this.bc.getIDPAlias());
        this.driver.navigate().to(getAccountUrl(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName()));
        BrokerTestTools.waitForPage(this.driver, "sign in to", true);
        this.driver.navigate().to(this.driver.getCurrentUrl() + "&prompt=none");
        Assert.assertTrue(this.driver.getCurrentUrl().contains(this.bc.consumerRealmName() + "/account/login-redirect?error=login_required"));
    }

    @Test
    public void testUnauthenticatedUserReturnsLoginRequired() throws Exception {
        this.driver.navigate().to(getAccountUrl(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName()));
        BrokerTestTools.waitForPage(this.driver, "sign in to", true);
        this.driver.navigate().to(this.driver.getCurrentUrl() + "&prompt=none&kc_idp_hint=" + this.bc.getIDPAlias());
        Assert.assertTrue(this.driver.getCurrentUrl().contains(this.bc.consumerRealmName() + "/account/login-redirect?error=login_required"));
    }

    @Test
    public void testUpdateProfileReturnsInteractionRequired() throws Exception {
        updateExecutions(AbstractBrokerTest::enableUpdateProfileOnFirstLogin);
        checkAuthWithPromptNoneReturnsInteractionRequired();
    }

    @Test
    public void testRequirePasswordUpdateReturnsInteractionRequired() throws Exception {
        updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
        updateExecutions(AbstractBrokerTest::enableRequirePassword);
        checkAuthWithPromptNoneReturnsInteractionRequired();
    }

    @Test
    public void testLinkExistingAccountReturnsInteractionRequired() throws Exception {
        updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
        ApiUtil.resetUserPassword(this.adminClient.realm(this.bc.consumerRealmName()).users().get(ApiUtil.createUserWithAdminClient(this.adminClient.realm(this.bc.consumerRealmName()), UserBuilder.create().username("consumer").email("user@localhost.com").enabled(true).build())), "password", false);
        checkAuthWithPromptNoneReturnsInteractionRequired();
    }

    @Test
    public void testPostBrokerLoginWithOTPReturnsInteractionRequired() throws Exception {
        updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
        this.testingClient.server(this.bc.consumerRealmName()).run(BrokerRunOnServerUtil.configurePostBrokerLoginWithOTP(this.bc.getIDPAlias()));
        checkAuthWithPromptNoneReturnsInteractionRequired();
    }

    @Test
    public void testRequireConsentReturnsInteractionRequired() throws Exception {
        RealmResource realm = this.adminClient.realm(this.bc.providerRealmName());
        List findByClientId = realm.clients().findByClientId(BackchannelLogoutTest.BROKER_CLIENT_ID);
        org.junit.Assert.assertEquals(1L, findByClientId.size());
        ClientRepresentation clientRepresentation = (ClientRepresentation) findByClientId.get(0);
        clientRepresentation.setConsentRequired(true);
        realm.clients().get(clientRepresentation.getId()).update(clientRepresentation);
        checkAuthWithPromptNoneReturnsInteractionRequired();
    }

    protected void checkAuthWithPromptNoneReturnsInteractionRequired() {
        authenticateDirectlyInIDP();
        this.driver.navigate().to(getAccountUrl(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName()));
        BrokerTestTools.waitForPage(this.driver, "sign in to", true);
        this.driver.navigate().to(this.driver.getCurrentUrl() + "&kc_idp_hint=" + this.bc.getIDPAlias() + "&prompt=none");
        Assert.assertTrue(this.driver.getCurrentUrl().contains(this.bc.consumerRealmName() + "/account/login-redirect?error=interaction_required"));
    }

    protected void authenticateDirectlyInIDP() {
        this.driver.navigate().to(getAccountUrl(BrokerTestTools.getProviderRoot(), this.bc.providerRealmName()));
        BrokerTestTools.waitForPage(this.driver, "sign in to", true);
        Assert.assertTrue("Driver should be on the provider realm page right now", this.driver.getCurrentUrl().contains("/auth/realms/" + this.bc.providerRealmName() + "/"));
        this.loginPage.login(this.bc.getUserLogin(), this.bc.getUserPassword());
        waitForAccountManagementTitle();
        Assert.assertTrue(this.driver.getCurrentUrl().contains("/auth/realms/" + this.bc.providerRealmName() + "/account"));
        this.accountUpdateProfilePage.assertCurrent();
    }
}
