package org.keycloak.testsuite.forms;

import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.atomic.AtomicInteger;
import javax.mail.MessagingException;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.jboss.arquillian.drone.api.annotation.Drone;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.common.Profile;
import org.keycloak.events.EventType;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.protocol.oidc.utils.RedirectUtils;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
import org.keycloak.testsuite.federation.kerberos.AbstractKerberosTest;
import org.keycloak.testsuite.oauth.BackchannelLogoutTest;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.ErrorPage;
import org.keycloak.testsuite.pages.InfoPage;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.pages.LoginPasswordResetPage;
import org.keycloak.testsuite.pages.LoginPasswordUpdatePage;
import org.keycloak.testsuite.pages.VerifyEmailPage;
import org.keycloak.testsuite.updaters.ClientAttributeUpdater;
import org.keycloak.testsuite.updaters.ServerResourceUpdater;
import org.keycloak.testsuite.util.BrowserTabUtil;
import org.keycloak.testsuite.util.ClientBuilder;
import org.keycloak.testsuite.util.GreenMailRule;
import org.keycloak.testsuite.util.MailUtils;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.RealmBuilder;
import org.keycloak.testsuite.util.SecondBrowser;
import org.keycloak.testsuite.util.UserActionTokenBuilder;
import org.keycloak.testsuite.util.UserBuilder;
import org.keycloak.testsuite.util.WaitUtils;
import org.openqa.selenium.By;
import org.openqa.selenium.WebDriver;

@AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
/* loaded from: input_file:org/keycloak/testsuite/forms/ResetPasswordTest.class */
public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
    private String userId;
    private UserRepresentation defaultUser;

    @Drone
    @SecondBrowser
    protected WebDriver driver2;

    @Page
    protected AppPage appPage;

    @Page
    protected LoginPage loginPage;

    @Page
    protected ErrorPage errorPage;

    @Page
    protected InfoPage infoPage;

    @Page
    protected VerifyEmailPage verifyEmailPage;

    @Page
    protected LoginPasswordResetPage resetPasswordPage;

    @Page
    protected LoginPasswordUpdatePage updatePasswordPage;
    private int expectedMessagesCount;

    @Rule
    public GreenMailRule greenMail = new GreenMailRule();

    @Rule
    public AssertEvents events = new AssertEvents(this);

    @Override // org.keycloak.testsuite.AbstractTestRealmKeycloakTest
    public void configureTestRealm(RealmRepresentation realmRepresentation) {
        RealmBuilder.edit(realmRepresentation).client(ClientBuilder.create().clientId("client-user").serviceAccount());
    }

    @Before
    public void setup() {
        this.log.info("Adding login-test user");
        this.defaultUser = UserBuilder.create().username("login-test").email("login@test.com").enabled(true).build();
        this.userId = ApiUtil.createUserAndResetPasswordWithAdminClient(testRealm(), this.defaultUser, "password");
        this.defaultUser.setId(this.userId);
        this.expectedMessagesCount = 0;
        getCleanup().addUserId(this.userId);
    }

    @Test
    @DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
    public void resetPasswordLink() throws IOException, MessagingException {
        StringBuilder sb = new StringBuilder();
        OAuthClient oAuthClient = this.oauth;
        this.driver.navigate().to(sb.append(OAuthClient.AUTH_SERVER_ROOT).append("/realms/test/login-actions/reset-credentials").toString());
        this.resetPasswordPage.assertCurrent();
        this.resetPasswordPage.changePassword("login-test");
        this.loginPage.assertCurrent();
        Assert.assertEquals("You should receive an email shortly with further instructions.", this.loginPage.getSuccessMessage());
        AssertEvents.ExpectedEvent user = this.events.expectRequiredAction(EventType.SEND_RESET_PASSWORD).user(this.userId);
        StringBuilder sb2 = new StringBuilder();
        OAuthClient oAuthClient2 = this.oauth;
        user.detail("redirect_uri", sb2.append(OAuthClient.AUTH_SERVER_ROOT).append("/realms/test/account/").toString()).client(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).detail("username", "login-test").detail("email", "login@test.com").session((String) null).assertEvent();
        Assert.assertEquals(1L, this.greenMail.getReceivedMessages().length);
        this.driver.navigate().to(MailUtils.getPasswordResetEmailLink(this.greenMail.getReceivedMessages()[0]).trim());
        this.updatePasswordPage.assertCurrent();
        this.updatePasswordPage.changePassword("resetPassword", "resetPassword");
        AssertEvents.ExpectedEvent expectRequiredAction = this.events.expectRequiredAction(EventType.UPDATE_PASSWORD);
        StringBuilder sb3 = new StringBuilder();
        OAuthClient oAuthClient3 = this.oauth;
        expectRequiredAction.detail("redirect_uri", sb3.append(OAuthClient.AUTH_SERVER_ROOT).append("/realms/test/account/").toString()).client(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).user(this.userId).detail("username", "login-test").assertEvent();
        AssertEvents.ExpectedEvent detail = this.events.expectLogin().user(this.userId).detail("username", "login-test");
        StringBuilder sb4 = new StringBuilder();
        OAuthClient oAuthClient4 = this.oauth;
        String sessionId = detail.detail("redirect_uri", sb4.append(OAuthClient.AUTH_SERVER_ROOT).append("/realms/test/account/").toString()).client(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).assertEvent().getSessionId();
        this.oauth.openLogout();
        this.events.expectLogout(sessionId).user(this.userId).session(sessionId).assertEvent();
        this.loginPage.open();
        this.loginPage.login("login-test", "resetPassword");
        this.events.expectLogin().user(this.userId).detail("username", "login-test").assertEvent();
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
    }

    @Test
    public void resetPassword() throws IOException, MessagingException {
        resetPassword("login-test");
    }

    @Test
    public void resetPasswordTwice() throws IOException, MessagingException {
        String resetPassword = resetPassword("login-test");
        this.events.clear();
        assertSecondPasswordResetFails(resetPassword, this.oauth.getClientId());
    }

    @Test
    public void resetPasswordTwiceInNewBrowser() throws IOException, MessagingException {
        String resetPassword = resetPassword("login-test");
        this.events.clear();
        StringBuilder sb = new StringBuilder();
        OAuthClient oAuthClient = this.oauth;
        this.driver.navigate().to(sb.append(OAuthClient.AUTH_SERVER_ROOT).append("/realms/test/login-actions/reset-credentials").toString());
        this.driver.manage().deleteAllCookies();
        assertSecondPasswordResetFails(resetPassword, this.oauth.getClientId());
    }

    public void assertSecondPasswordResetFails(String str, String str2) {
        this.driver.navigate().to(str.trim());
        this.errorPage.assertCurrent();
        Assert.assertEquals("Action expired. Please continue with login now.", this.errorPage.getError());
        this.events.expect(EventType.RESET_PASSWORD).client(str2).session((String) null).user(this.userId).error("expired_code").assertEvent();
    }

    @Test
    public void resetPasswordWithSpacesInUsername() throws IOException, MessagingException {
        resetPassword(" login-test ");
    }

    @Test
    public void resetPasswordCancelChangeUser() throws IOException, MessagingException {
        initiateResetPasswordFromResetPasswordPage(AssertEvents.DEFAULT_USERNAME);
        this.events.expectRequiredAction(EventType.SEND_RESET_PASSWORD).detail("username", AssertEvents.DEFAULT_USERNAME).session((String) null).detail("email", AssertEvents.DEFAULT_USERNAME).assertEvent();
        this.loginPage.login("login@test.com", "password");
        EventRepresentation assertEvent = this.events.expectLogin().user(this.userId).detail("username", "login@test.com").assertEvent();
        OAuthClient.AccessTokenResponse doAccessTokenRequest = this.oauth.doAccessTokenRequest((String) this.oauth.getCurrentQuery().get("code"), "password");
        Assert.assertEquals(200L, doAccessTokenRequest.getStatusCode());
        Assert.assertEquals(this.userId, this.oauth.verifyToken(doAccessTokenRequest.getAccessToken()).getSubject());
        this.events.expectCodeToToken((String) assertEvent.getDetails().get("code_id"), assertEvent.getSessionId()).user(this.userId).assertEvent();
    }

    @Test
    public void resetPasswordByEmail() throws IOException, MessagingException {
        resetPassword("login@test.com");
    }

    private String resetPassword(String str) throws IOException, MessagingException {
        return resetPassword(str, "resetPassword");
    }

    private String resetPassword(String str, String str2) throws IOException, MessagingException {
        initiateResetPasswordFromResetPasswordPage(str);
        this.events.expectRequiredAction(EventType.SEND_RESET_PASSWORD).user(this.userId).detail("username", str.trim()).detail("email", "login@test.com").session((String) null).assertEvent();
        Assert.assertEquals(this.expectedMessagesCount, this.greenMail.getReceivedMessages().length);
        String passwordResetEmailLink = MailUtils.getPasswordResetEmailLink(this.greenMail.getReceivedMessages()[this.greenMail.getReceivedMessages().length - 1]);
        this.driver.navigate().to(passwordResetEmailLink.trim());
        this.updatePasswordPage.assertCurrent();
        Assert.assertEquals("You need to change your password.", this.updatePasswordPage.getFeedbackMessage());
        this.updatePasswordPage.changePassword(str2, str2);
        this.events.expectRequiredAction(EventType.UPDATE_PASSWORD).user(this.userId).detail("username", str.trim()).assertEvent();
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        String sessionId = this.events.expectLogin().user(this.userId).detail("username", str.trim()).assertEvent().getSessionId();
        this.oauth.openLogout();
        this.events.expectLogout(sessionId).user(this.userId).session(sessionId).assertEvent();
        this.loginPage.open();
        this.loginPage.login("login-test", str2);
        String sessionId2 = this.events.expectLogin().user(this.userId).detail("username", "login-test").assertEvent().getSessionId();
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        this.oauth.openLogout();
        this.events.expectLogout(sessionId2).user(this.userId).session(sessionId2).assertEvent();
        return passwordResetEmailLink;
    }

    private void resetPasswordInvalidPassword(String str, String str2, String str3) throws IOException, MessagingException {
        initiateResetPasswordFromResetPasswordPage(str);
        this.events.expectRequiredAction(EventType.SEND_RESET_PASSWORD).user(this.userId).session((String) null).detail("username", str).detail("email", "login@test.com").assertEvent();
        Assert.assertEquals(this.expectedMessagesCount, this.greenMail.getReceivedMessages().length);
        this.driver.navigate().to(MailUtils.getPasswordResetEmailLink(this.greenMail.getReceivedMessages()[this.greenMail.getReceivedMessages().length - 1]).trim());
        this.updatePasswordPage.assertCurrent();
        this.updatePasswordPage.changePassword(str2, str2);
        this.updatePasswordPage.assertCurrent();
        Assert.assertEquals(str3, this.updatePasswordPage.getError());
        this.events.expectRequiredAction(EventType.UPDATE_PASSWORD_ERROR).error("password_rejected").user(this.userId).detail("username", "login-test").assertEvent().getSessionId();
    }

    private void initiateResetPasswordFromResetPasswordPage(String str) {
        this.loginPage.open();
        this.loginPage.resetPassword();
        this.resetPasswordPage.assertCurrent();
        this.resetPasswordPage.changePassword(str);
        this.loginPage.assertCurrent();
        Assert.assertEquals("You should receive an email shortly with further instructions.", this.loginPage.getSuccessMessage());
        this.expectedMessagesCount++;
    }

    @Test
    public void resetPasswordWrongEmail() throws IOException, MessagingException, InterruptedException {
        initiateResetPasswordFromResetPasswordPage("invalid");
        Assert.assertEquals(0L, this.greenMail.getReceivedMessages().length);
        this.events.expectRequiredAction(EventType.RESET_PASSWORD).user((String) null).session((String) null).detail("username", "invalid").removeDetail("email").removeDetail("code_id").error("user_not_found").assertEvent();
    }

    @Test
    public void resetPasswordMissingUsername() throws IOException, MessagingException, InterruptedException {
        this.loginPage.open();
        this.loginPage.resetPassword();
        this.resetPasswordPage.assertCurrent();
        this.resetPasswordPage.changePassword("");
        this.resetPasswordPage.assertCurrent();
        Assert.assertEquals("Please specify username.", this.resetPasswordPage.getUsernameError());
        Assert.assertEquals(0L, this.greenMail.getReceivedMessages().length);
        this.events.expectRequiredAction(EventType.RESET_PASSWORD).user((String) null).session((String) null).clearDetails().error("username_missing").assertEvent();
    }

    @Test
    public void resetPasswordExpiredCode() throws IOException, MessagingException, InterruptedException {
        initiateResetPasswordFromResetPasswordPage("login-test");
        this.events.expectRequiredAction(EventType.SEND_RESET_PASSWORD).session((String) null).user(this.userId).detail("username", "login-test").detail("email", "login@test.com").assertEvent();
        Assert.assertEquals(1L, this.greenMail.getReceivedMessages().length);
        String passwordResetEmailLink = MailUtils.getPasswordResetEmailLink(this.greenMail.getReceivedMessages()[0]);
        try {
            setTimeOffset(1823);
            this.driver.navigate().to(passwordResetEmailLink.trim());
            this.loginPage.assertCurrent();
            Assert.assertEquals("Action expired. Please start again.", this.loginPage.getError());
            this.events.expectRequiredAction(EventType.EXECUTE_ACTION_TOKEN_ERROR).error("expired_code").client((String) null).user(this.userId).session((String) null).clearDetails().detail("action", "reset-credentials").assertEvent();
        } finally {
            setTimeOffset(0);
        }
    }

    @Test
    public void resetPasswordExpiredCodeShort() throws IOException, MessagingException, InterruptedException {
        AtomicInteger atomicInteger = new AtomicInteger();
        RealmRepresentation representation = testRealm().toRepresentation();
        atomicInteger.set(representation.getActionTokenGeneratedByUserLifespan().intValue());
        representation.setActionTokenGeneratedByUserLifespan(60);
        testRealm().update(representation);
        try {
            initiateResetPasswordFromResetPasswordPage("login-test");
            this.events.expectRequiredAction(EventType.SEND_RESET_PASSWORD).session((String) null).user(this.userId).detail("username", "login-test").detail("email", "login@test.com").assertEvent();
            Assert.assertEquals(1L, this.greenMail.getReceivedMessages().length);
            String passwordResetEmailLink = MailUtils.getPasswordResetEmailLink(this.greenMail.getReceivedMessages()[0]);
            setTimeOffset(70);
            this.driver.navigate().to(passwordResetEmailLink.trim());
            this.loginPage.assertCurrent();
            Assert.assertEquals("Action expired. Please start again.", this.loginPage.getError());
            this.events.expectRequiredAction(EventType.EXECUTE_ACTION_TOKEN_ERROR).error("expired_code").client((String) null).user(this.userId).session((String) null).clearDetails().detail("action", "reset-credentials").assertEvent();
            setTimeOffset(0);
            representation.setActionTokenGeneratedByUserLifespan(Integer.valueOf(atomicInteger.get()));
            testRealm().update(representation);
        } catch (Throwable th) {
            setTimeOffset(0);
            representation.setActionTokenGeneratedByUserLifespan(Integer.valueOf(atomicInteger.get()));
            testRealm().update(representation);
            throw th;
        }
    }

    @Test
    public void resetPasswordExpiredCodeShortPerActionLifespan() throws IOException, MessagingException, InterruptedException {
        RealmRepresentation representation = testRealm().toRepresentation();
        Map unmodifiableMap = Collections.unmodifiableMap(new HashMap(representation.getAttributes()));
        representation.setAttributes(UserActionTokenBuilder.create().resetCredentialsLifespan(60).build());
        testRealm().update(representation);
        try {
            initiateResetPasswordFromResetPasswordPage("login-test");
            this.events.expectRequiredAction(EventType.SEND_RESET_PASSWORD).session((String) null).user(this.userId).detail("username", "login-test").detail("email", "login@test.com").assertEvent();
            Assert.assertEquals(1L, this.greenMail.getReceivedMessages().length);
            String passwordResetEmailLink = MailUtils.getPasswordResetEmailLink(this.greenMail.getReceivedMessages()[0]);
            setTimeOffset(70);
            this.driver.navigate().to(passwordResetEmailLink.trim());
            this.loginPage.assertCurrent();
            Assert.assertEquals("Action expired. Please start again.", this.loginPage.getError());
            this.events.expectRequiredAction(EventType.EXECUTE_ACTION_TOKEN_ERROR).error("expired_code").client((String) null).user(this.userId).session((String) null).clearDetails().detail("action", "reset-credentials").assertEvent();
            setTimeOffset(0);
            representation.setAttributes(unmodifiableMap);
            testRealm().update(representation);
        } catch (Throwable th) {
            setTimeOffset(0);
            representation.setAttributes(unmodifiableMap);
            testRealm().update(representation);
            throw th;
        }
    }

    @Test
    public void resetPasswordExpiredCodeShortPerActionMultipleTimeouts() throws IOException, MessagingException, InterruptedException {
        RealmRepresentation representation = testRealm().toRepresentation();
        Map unmodifiableMap = Collections.unmodifiableMap(new HashMap(representation.getAttributes()));
        representation.setAttributes(UserActionTokenBuilder.create().resetCredentialsLifespan(60).verifyEmailLifespan(300).build());
        testRealm().update(representation);
        try {
            initiateResetPasswordFromResetPasswordPage("login-test");
            this.events.expectRequiredAction(EventType.SEND_RESET_PASSWORD).session((String) null).user(this.userId).detail("username", "login-test").detail("email", "login@test.com").assertEvent();
            Assert.assertEquals(1L, this.greenMail.getReceivedMessages().length);
            String passwordResetEmailLink = MailUtils.getPasswordResetEmailLink(this.greenMail.getReceivedMessages()[0]);
            setTimeOffset(70);
            this.driver.navigate().to(passwordResetEmailLink.trim());
            this.loginPage.assertCurrent();
            Assert.assertEquals("Action expired. Please start again.", this.loginPage.getError());
            this.events.expectRequiredAction(EventType.EXECUTE_ACTION_TOKEN_ERROR).error("expired_code").client((String) null).user(this.userId).session((String) null).clearDetails().detail("action", "reset-credentials").assertEvent();
            setTimeOffset(0);
            representation.setAttributes(unmodifiableMap);
            testRealm().update(representation);
        } catch (Throwable th) {
            setTimeOffset(0);
            representation.setAttributes(unmodifiableMap);
            testRealm().update(representation);
            throw th;
        }
    }

    @Test
    public void resetPasswordExpiredCodeAndAuthSession() throws IOException, MessagingException, InterruptedException {
        AtomicInteger atomicInteger = new AtomicInteger();
        RealmRepresentation representation = testRealm().toRepresentation();
        atomicInteger.set(representation.getActionTokenGeneratedByUserLifespan().intValue());
        representation.setActionTokenGeneratedByUserLifespan(60);
        testRealm().update(representation);
        try {
            initiateResetPasswordFromResetPasswordPage("login-test");
            this.events.expectRequiredAction(EventType.SEND_RESET_PASSWORD).session((String) null).user(this.userId).detail("username", "login-test").detail("email", "login@test.com").assertEvent();
            Assert.assertEquals(1L, this.greenMail.getReceivedMessages().length);
            String replace = MailUtils.getPasswordResetEmailLink(this.greenMail.getReceivedMessages()[0]).replace("&amp;", "&");
            setTimeOffset(70);
            this.log.debug("Going to reset password URI.");
            WebDriver.Navigation navigate = this.driver.navigate();
            StringBuilder sb = new StringBuilder();
            OAuthClient oAuthClient = this.oauth;
            navigate.to(sb.append(OAuthClient.AUTH_SERVER_ROOT).append("/realms/test/login-actions/reset-credentials").toString());
            this.log.debug("Removing cookies.");
            this.driver.manage().deleteAllCookies();
            this.driver.navigate().to(replace.trim());
            this.errorPage.assertCurrent();
            Assert.assertEquals("Action expired.", this.errorPage.getError());
            Assert.assertTrue(this.errorPage.getBackToApplicationLink().endsWith("/app/auth"));
            this.events.expectRequiredAction(EventType.EXECUTE_ACTION_TOKEN_ERROR).error("expired_code").client((String) null).user(this.userId).session((String) null).clearDetails().detail("action", "reset-credentials").assertEvent();
            setTimeOffset(0);
            representation.setActionTokenGeneratedByUserLifespan(Integer.valueOf(atomicInteger.get()));
            testRealm().update(representation);
        } catch (Throwable th) {
            setTimeOffset(0);
            representation.setActionTokenGeneratedByUserLifespan(Integer.valueOf(atomicInteger.get()));
            testRealm().update(representation);
            throw th;
        }
    }

    @Test
    public void resetPasswordExpiredCodeAndAuthSessionPerActionLifespan() throws IOException, MessagingException, InterruptedException {
        RealmRepresentation representation = testRealm().toRepresentation();
        Map unmodifiableMap = Collections.unmodifiableMap(new HashMap(representation.getAttributes()));
        representation.setAttributes(UserActionTokenBuilder.create().resetCredentialsLifespan(60).build());
        testRealm().update(representation);
        try {
            initiateResetPasswordFromResetPasswordPage("login-test");
            this.events.expectRequiredAction(EventType.SEND_RESET_PASSWORD).session((String) null).user(this.userId).detail("username", "login-test").detail("email", "login@test.com").assertEvent();
            Assert.assertEquals(1L, this.greenMail.getReceivedMessages().length);
            String replace = MailUtils.getPasswordResetEmailLink(this.greenMail.getReceivedMessages()[0]).replace("&amp;", "&");
            setTimeOffset(70);
            this.log.debug("Going to reset password URI.");
            WebDriver.Navigation navigate = this.driver.navigate();
            StringBuilder sb = new StringBuilder();
            OAuthClient oAuthClient = this.oauth;
            navigate.to(sb.append(OAuthClient.AUTH_SERVER_ROOT).append("/realms/test/login-actions/reset-credentials").toString());
            this.log.debug("Removing cookies.");
            this.driver.manage().deleteAllCookies();
            this.driver.navigate().to(replace.trim());
            this.errorPage.assertCurrent();
            Assert.assertEquals("Action expired.", this.errorPage.getError());
            Assert.assertTrue(this.errorPage.getBackToApplicationLink().endsWith("/app/auth"));
            this.events.expectRequiredAction(EventType.EXECUTE_ACTION_TOKEN_ERROR).error("expired_code").client((String) null).user(this.userId).session((String) null).clearDetails().detail("action", "reset-credentials").assertEvent();
            setTimeOffset(0);
            representation.setAttributes(unmodifiableMap);
            testRealm().update(representation);
        } catch (Throwable th) {
            setTimeOffset(0);
            representation.setAttributes(unmodifiableMap);
            testRealm().update(representation);
            throw th;
        }
    }

    @Test
    public void resetPasswordExpiredCodeAndAuthSessionPerActionMultipleTimeouts() throws IOException, MessagingException, InterruptedException {
        RealmRepresentation representation = testRealm().toRepresentation();
        Map unmodifiableMap = Collections.unmodifiableMap(new HashMap(representation.getAttributes()));
        representation.setAttributes(UserActionTokenBuilder.create().resetCredentialsLifespan(60).verifyEmailLifespan(300).build());
        testRealm().update(representation);
        try {
            initiateResetPasswordFromResetPasswordPage("login-test");
            this.events.expectRequiredAction(EventType.SEND_RESET_PASSWORD).session((String) null).user(this.userId).detail("username", "login-test").detail("email", "login@test.com").assertEvent();
            Assert.assertEquals(1L, this.greenMail.getReceivedMessages().length);
            String replace = MailUtils.getPasswordResetEmailLink(this.greenMail.getReceivedMessages()[0]).replace("&amp;", "&");
            setTimeOffset(70);
            this.log.debug("Going to reset password URI.");
            WebDriver.Navigation navigate = this.driver.navigate();
            StringBuilder sb = new StringBuilder();
            OAuthClient oAuthClient = this.oauth;
            navigate.to(sb.append(OAuthClient.AUTH_SERVER_ROOT).append("/realms/test/login-actions/reset-credentials").toString());
            this.log.debug("Removing cookies.");
            this.driver.manage().deleteAllCookies();
            this.driver.navigate().to(replace.trim());
            this.errorPage.assertCurrent();
            Assert.assertEquals("Action expired.", this.errorPage.getError());
            Assert.assertTrue(this.errorPage.getBackToApplicationLink().endsWith("/app/auth"));
            this.events.expectRequiredAction(EventType.EXECUTE_ACTION_TOKEN_ERROR).error("expired_code").client((String) null).user(this.userId).session((String) null).clearDetails().detail("action", "reset-credentials").assertEvent();
            setTimeOffset(0);
            representation.setAttributes(unmodifiableMap);
            testRealm().update(representation);
        } catch (Throwable th) {
            setTimeOffset(0);
            representation.setAttributes(unmodifiableMap);
            testRealm().update(representation);
            throw th;
        }
    }

    @Test
    public void resetPasswordExpiredCodeForgotPasswordFlow() throws IOException, MessagingException, InterruptedException {
        AtomicInteger atomicInteger = new AtomicInteger();
        RealmRepresentation representation = testRealm().toRepresentation();
        atomicInteger.set(representation.getActionTokenGeneratedByUserLifespan().intValue());
        representation.setActionTokenGeneratedByUserLifespan(60);
        testRealm().update(representation);
        try {
            this.driver.navigate().to(this.oauth.getLoginFormUrl().replace("/auth?", "/forgot-credentials?"));
            this.resetPasswordPage.assertCurrent();
            this.resetPasswordPage.changePassword("login-test");
            this.loginPage.assertCurrent();
            Assert.assertEquals("You should receive an email shortly with further instructions.", this.loginPage.getSuccessMessage());
            this.expectedMessagesCount++;
            this.events.expectRequiredAction(EventType.SEND_RESET_PASSWORD).session((String) null).user(this.userId).detail("username", "login-test").detail("email", "login@test.com").assertEvent();
            Assert.assertEquals(1L, this.greenMail.getReceivedMessages().length);
            String passwordResetEmailLink = MailUtils.getPasswordResetEmailLink(this.greenMail.getReceivedMessages()[0]);
            setTimeOffset(70);
            this.driver.navigate().to(passwordResetEmailLink.trim());
            this.resetPasswordPage.assertCurrent();
            Assert.assertEquals("Action expired. Please start again.", this.loginPage.getError());
            this.events.expectRequiredAction(EventType.EXECUTE_ACTION_TOKEN_ERROR).error("expired_code").client((String) null).user(this.userId).session((String) null).clearDetails().detail("action", "reset-credentials").assertEvent();
            setTimeOffset(0);
            representation.setActionTokenGeneratedByUserLifespan(Integer.valueOf(atomicInteger.get()));
            testRealm().update(representation);
        } catch (Throwable th) {
            setTimeOffset(0);
            representation.setActionTokenGeneratedByUserLifespan(Integer.valueOf(atomicInteger.get()));
            testRealm().update(representation);
            throw th;
        }
    }

    @Test
    public void resetPasswordExpiredCodeForgotPasswordFlowPerActionLifespan() throws IOException, MessagingException, InterruptedException {
        RealmRepresentation representation = testRealm().toRepresentation();
        Map unmodifiableMap = Collections.unmodifiableMap(new HashMap(representation.getAttributes()));
        representation.setAttributes(UserActionTokenBuilder.create().resetCredentialsLifespan(60).build());
        testRealm().update(representation);
        try {
            this.driver.navigate().to(this.oauth.getLoginFormUrl().replace("/auth?", "/forgot-credentials?"));
            this.resetPasswordPage.assertCurrent();
            this.resetPasswordPage.changePassword("login-test");
            this.loginPage.assertCurrent();
            Assert.assertEquals("You should receive an email shortly with further instructions.", this.loginPage.getSuccessMessage());
            this.expectedMessagesCount++;
            this.events.expectRequiredAction(EventType.SEND_RESET_PASSWORD).session((String) null).user(this.userId).detail("username", "login-test").detail("email", "login@test.com").assertEvent();
            Assert.assertEquals(1L, this.greenMail.getReceivedMessages().length);
            String passwordResetEmailLink = MailUtils.getPasswordResetEmailLink(this.greenMail.getReceivedMessages()[0]);
            setTimeOffset(70);
            this.driver.navigate().to(passwordResetEmailLink.trim());
            this.resetPasswordPage.assertCurrent();
            Assert.assertEquals("Action expired. Please start again.", this.loginPage.getError());
            this.events.expectRequiredAction(EventType.EXECUTE_ACTION_TOKEN_ERROR).error("expired_code").client((String) null).user(this.userId).session((String) null).clearDetails().detail("action", "reset-credentials").assertEvent();
            setTimeOffset(0);
            representation.setAttributes(unmodifiableMap);
            testRealm().update(representation);
        } catch (Throwable th) {
            setTimeOffset(0);
            representation.setAttributes(unmodifiableMap);
            testRealm().update(representation);
            throw th;
        }
    }

    @Test
    public void resetPasswordExpiredCodeForgotPasswordFlowPerActionMultipleTimeouts() throws IOException, MessagingException, InterruptedException {
        RealmRepresentation representation = testRealm().toRepresentation();
        Map unmodifiableMap = Collections.unmodifiableMap(new HashMap(representation.getAttributes()));
        representation.setAttributes(UserActionTokenBuilder.create().resetCredentialsLifespan(60).verifyEmailLifespan(300).build());
        testRealm().update(representation);
        try {
            this.driver.navigate().to(this.oauth.getLoginFormUrl().replace("/auth?", "/forgot-credentials?"));
            this.resetPasswordPage.assertCurrent();
            this.resetPasswordPage.changePassword("login-test");
            this.loginPage.assertCurrent();
            Assert.assertEquals("You should receive an email shortly with further instructions.", this.loginPage.getSuccessMessage());
            this.expectedMessagesCount++;
            this.events.expectRequiredAction(EventType.SEND_RESET_PASSWORD).session((String) null).user(this.userId).detail("username", "login-test").detail("email", "login@test.com").assertEvent();
            Assert.assertEquals(1L, this.greenMail.getReceivedMessages().length);
            String passwordResetEmailLink = MailUtils.getPasswordResetEmailLink(this.greenMail.getReceivedMessages()[0]);
            setTimeOffset(70);
            this.driver.navigate().to(passwordResetEmailLink.trim());
            this.resetPasswordPage.assertCurrent();
            Assert.assertEquals("Action expired. Please start again.", this.loginPage.getError());
            this.events.expectRequiredAction(EventType.EXECUTE_ACTION_TOKEN_ERROR).error("expired_code").client((String) null).user(this.userId).session((String) null).clearDetails().detail("action", "reset-credentials").assertEvent();
            setTimeOffset(0);
            representation.setAttributes(unmodifiableMap);
            testRealm().update(representation);
        } catch (Throwable th) {
            setTimeOffset(0);
            representation.setAttributes(unmodifiableMap);
            testRealm().update(representation);
            throw th;
        }
    }

    @Test
    public void resetPasswordDisabledUser() throws IOException, MessagingException, InterruptedException {
        UserRepresentation findUser = findUser("login-test");
        try {
            findUser.setEnabled(false);
            updateUser(findUser);
            initiateResetPasswordFromResetPasswordPage("login-test");
            Assert.assertEquals(0L, this.greenMail.getReceivedMessages().length);
            this.events.expectRequiredAction(EventType.RESET_PASSWORD).session((String) null).user(this.userId).detail("username", "login-test").removeDetail("code_id").error("user_disabled").assertEvent();
        } finally {
            findUser.setEnabled(Boolean.valueOf(true));
            updateUser(findUser);
        }
    }

    @Test
    public void resetPasswordNoEmail() throws IOException, MessagingException, InterruptedException {
        UserRepresentation findUser = findUser("login-test");
        String email = findUser.getEmail();
        try {
            findUser.setEmail("");
            updateUser(findUser);
            initiateResetPasswordFromResetPasswordPage("login-test");
            Assert.assertEquals(0L, this.greenMail.getReceivedMessages().length);
            this.events.expectRequiredAction(EventType.RESET_PASSWORD_ERROR).session((String) null).user(this.userId).detail("username", "login-test").removeDetail("code_id").error("invalid_email").assertEvent();
        } finally {
            findUser.setEmail(email);
            updateUser(findUser);
        }
    }

    @Test
    public void resetPasswordWrongSmtp() throws IOException, MessagingException, InterruptedException {
        HashMap hashMap = new HashMap();
        hashMap.putAll(testRealm().toRepresentation().getSmtpServer());
        new String[1][0] = (String) hashMap.get("host");
        hashMap.put("host", "invalid_host");
        RealmRepresentation representation = testRealm().toRepresentation();
        Map smtpServer = representation.getSmtpServer();
        try {
            representation.setSmtpServer(hashMap);
            testRealm().update(representation);
            this.loginPage.open();
            this.loginPage.resetPassword();
            this.resetPasswordPage.assertCurrent();
            this.resetPasswordPage.changePassword("login-test");
            this.errorPage.assertCurrent();
            Assert.assertEquals("Failed to send email, please try again later.", this.errorPage.getError());
            Assert.assertEquals(0L, this.greenMail.getReceivedMessages().length);
            this.events.expectRequiredAction(EventType.SEND_RESET_PASSWORD_ERROR).user(this.userId).session((String) null).detail("username", "login-test").removeDetail("code_id").error("email_send_failed").assertEvent();
            representation.setSmtpServer(smtpServer);
            testRealm().update(representation);
        } catch (Throwable th) {
            representation.setSmtpServer(smtpServer);
            testRealm().update(representation);
            throw th;
        }
    }

    private void setPasswordPolicy(String str) {
        RealmRepresentation representation = testRealm().toRepresentation();
        representation.setPasswordPolicy(str);
        testRealm().update(representation);
    }

    @Test
    public void resetPasswordWithLengthPasswordPolicy() throws IOException, MessagingException {
        setPasswordPolicy("length");
        initiateResetPasswordFromResetPasswordPage("login-test");
        Assert.assertEquals(1L, this.greenMail.getReceivedMessages().length);
        String passwordResetEmailLink = MailUtils.getPasswordResetEmailLink(this.greenMail.getReceivedMessages()[0]);
        this.events.expectRequiredAction(EventType.SEND_RESET_PASSWORD).session((String) null).user(this.userId).detail("username", "login-test").detail("email", "login@test.com").assertEvent();
        this.driver.navigate().to(passwordResetEmailLink.trim());
        this.updatePasswordPage.assertCurrent();
        this.updatePasswordPage.changePassword("invalid", "invalid");
        Assert.assertEquals("Invalid password: minimum length 8.", this.resetPasswordPage.getErrorMessage());
        this.events.expectRequiredAction(EventType.UPDATE_PASSWORD_ERROR).error("password_rejected").user(this.userId).detail("username", "login-test").assertEvent().getSessionId();
        this.updatePasswordPage.changePassword("resetPasswordWithPasswordPolicy", "resetPasswordWithPasswordPolicy");
        this.events.expectRequiredAction(EventType.UPDATE_PASSWORD).user(this.userId).detail("username", "login-test").assertEvent().getSessionId();
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        String sessionId = this.events.expectLogin().user(this.userId).detail("username", "login-test").assertEvent().getSessionId();
        this.oauth.openLogout();
        this.events.expectLogout(sessionId).user(this.userId).session(sessionId).assertEvent();
        this.loginPage.open();
        this.loginPage.login("login-test", "resetPasswordWithPasswordPolicy");
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        this.events.expectLogin().user(this.userId).detail("username", "login-test").assertEvent();
    }

    @Test
    public void resetPasswordWithPasswordHistoryPolicy() throws IOException, MessagingException {
        setPasswordPolicy("passwordHistory");
        try {
            setTimeOffset(2000000);
            resetPassword("login-test", "password1");
            resetPasswordInvalidPassword("login-test", "password1", "Invalid password: must not be equal to any of last 3 passwords.");
            setTimeOffset(4000000);
            resetPassword("login-test", "password2");
            resetPasswordInvalidPassword("login-test", "password1", "Invalid password: must not be equal to any of last 3 passwords.");
            resetPasswordInvalidPassword("login-test", "password2", "Invalid password: must not be equal to any of last 3 passwords.");
            setTimeOffset(6000000);
            resetPassword("login-test", "password3");
            resetPasswordInvalidPassword("login-test", "password1", "Invalid password: must not be equal to any of last 3 passwords.");
            resetPasswordInvalidPassword("login-test", "password2", "Invalid password: must not be equal to any of last 3 passwords.");
            resetPasswordInvalidPassword("login-test", "password3", "Invalid password: must not be equal to any of last 3 passwords.");
            setTimeOffset(8000000);
            resetPassword("login-test", "password");
        } finally {
            setTimeOffset(0);
        }
    }

    @Test
    public void resetPasswordLinkOpenedInNewBrowser() throws IOException, MessagingException {
        resetPasswordLinkOpenedInNewBrowser(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME);
    }

    private void resetPasswordLinkOpenedInNewBrowser(String str) throws IOException, MessagingException {
        StringBuilder sb = new StringBuilder();
        OAuthClient oAuthClient = this.oauth;
        String sb2 = sb.append(OAuthClient.AUTH_SERVER_ROOT).append("/realms/test/login-actions/reset-credentials").toString();
        this.driver.navigate().to(sb2);
        this.resetPasswordPage.assertCurrent();
        this.resetPasswordPage.changePassword("login-test");
        this.log.info("Should be at login page again.");
        this.loginPage.assertCurrent();
        Assert.assertEquals("You should receive an email shortly with further instructions.", this.loginPage.getSuccessMessage());
        AssertEvents.ExpectedEvent user = this.events.expectRequiredAction(EventType.SEND_RESET_PASSWORD).user(this.userId);
        StringBuilder sb3 = new StringBuilder();
        OAuthClient oAuthClient2 = this.oauth;
        user.detail("redirect_uri", sb3.append(OAuthClient.AUTH_SERVER_ROOT).append("/realms/test/account/").toString()).client(str).detail("username", "login-test").detail("email", "login@test.com").session((String) null).assertEvent();
        Assert.assertEquals(1L, this.greenMail.getReceivedMessages().length);
        String passwordResetEmailLink = MailUtils.getPasswordResetEmailLink(this.greenMail.getReceivedMessages()[0]);
        this.log.debug("Going to reset password URI.");
        this.driver.navigate().to(sb2);
        this.log.debug("Removing cookies.");
        this.driver.manage().deleteAllCookies();
        this.log.debug("Going to URI from e-mail.");
        this.driver.navigate().to(passwordResetEmailLink.trim());
        this.updatePasswordPage.assertCurrent();
        this.updatePasswordPage.changePassword("resetPassword", "resetPassword");
        this.infoPage.assertCurrent();
        Assert.assertEquals("Your account has been updated.", this.infoPage.getInfo());
    }

    @Test
    public void resetPasswordLinkOpenedInNewBrowserAndAccountClientRenamed() throws IOException, MessagingException {
        ServerResourceUpdater update = ClientAttributeUpdater.forClient(this.adminClient, "test", BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).setClientId("account-changed").update();
        Throwable th = null;
        try {
            resetPasswordLinkOpenedInNewBrowser("_system");
            if (update != null) {
                if (0 == 0) {
                    update.close();
                    return;
                }
                try {
                    update.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (update != null) {
                if (0 != 0) {
                    try {
                        update.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    update.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void resetPasswordLinkNewBrowserSessionPreserveClient() throws IOException, MessagingException {
        this.loginPage.open();
        this.loginPage.resetPassword();
        this.resetPasswordPage.assertCurrent();
        this.resetPasswordPage.changePassword("login-test");
        this.loginPage.assertCurrent();
        Assert.assertEquals("You should receive an email shortly with further instructions.", this.loginPage.getSuccessMessage());
        Assert.assertEquals(1L, this.greenMail.getReceivedMessages().length);
        this.driver2.navigate().to(MailUtils.getPasswordResetEmailLink(this.greenMail.getReceivedMessages()[0]).trim());
        changePasswordOnUpdatePage(this.driver2);
        MatcherAssert.assertThat(this.driver2.getCurrentUrl(), Matchers.containsString("client_id=test-app"));
        MatcherAssert.assertThat(this.driver2.getPageSource(), Matchers.containsString("Your account has been updated."));
    }

    @Test
    public void resetPasswordWithSpnegoEnabled() throws IOException, MessagingException {
        AuthenticationExecutionModel.Requirement updateKerberosAuthExecutionRequirement = AbstractKerberosTest.updateKerberosAuthExecutionRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE, testRealm());
        try {
            resetPassword("login-test");
        } finally {
            AbstractKerberosTest.updateKerberosAuthExecutionRequirement(updateKerberosAuthExecutionRequirement, testRealm());
        }
    }

    @Test
    public void failResetPasswordServiceAccount() {
        UserRepresentation userRepresentation = (UserRepresentation) testRealm().users().search("service-account-client-user").get(0);
        userRepresentation.toString();
        UserResource userResource = testRealm().users().get(userRepresentation.getId());
        UserRepresentation representation = userResource.toRepresentation();
        representation.setEmail("client-user@test.com");
        userResource.update(representation);
        StringBuilder sb = new StringBuilder();
        OAuthClient oAuthClient = this.oauth;
        this.driver.navigate().to(sb.append(OAuthClient.AUTH_SERVER_ROOT).append("/realms/test/login-actions/reset-credentials").toString());
        this.resetPasswordPage.assertCurrent();
        this.resetPasswordPage.changePassword("service-account-client-user");
        this.loginPage.assertCurrent();
        Assert.assertEquals("Invalid username or password.", this.errorPage.getError());
    }

    @Test
    @DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
    public void resetPasswordLinkNewTabAndProperRedirectAccount() throws IOException {
        String str = OAuthClient.AUTH_SERVER_ROOT + "/realms/test/account/applications";
        String str2 = getAccountRedirectUrl() + "?path=applications";
        String str3 = getProjectName() + " Account Management";
        BrowserTabUtil instanceAndSetEnv = BrowserTabUtil.getInstanceAndSetEnv(this.driver);
        Throwable th = null;
        try {
            try {
                MatcherAssert.assertThat(Integer.valueOf(instanceAndSetEnv.getCountOfTabs()), Matchers.is(1));
                this.driver.navigate().to(str);
                resetPasswordTwiceInNewTab(this.defaultUser, BackchannelLogoutTest.ACCOUNT_CLIENT_NAME, false, str2, str);
                MatcherAssert.assertThat(this.driver.getTitle(), Matchers.equalTo(str3));
                this.oauth.openLogout();
                this.driver.navigate().to(str);
                resetPasswordTwiceInNewTab(this.defaultUser, BackchannelLogoutTest.ACCOUNT_CLIENT_NAME, true, str2, str);
                MatcherAssert.assertThat(this.driver.getTitle(), Matchers.equalTo(str3));
                if (instanceAndSetEnv != null) {
                    if (0 == 0) {
                        instanceAndSetEnv.close();
                        return;
                    }
                    try {
                        instanceAndSetEnv.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (instanceAndSetEnv != null) {
                if (th != null) {
                    try {
                        instanceAndSetEnv.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    instanceAndSetEnv.close();
                }
            }
            throw th4;
        }
    }

    @Test
    public void resetPasswordLinkNewTabAndProperRedirectClient() throws IOException {
        String str = getAuthServerRoot() + "realms/master/app/auth";
        BrowserTabUtil instanceAndSetEnv = BrowserTabUtil.getInstanceAndSetEnv(this.driver);
        Throwable th = null;
        try {
            ClientAttributeUpdater update = ClientAttributeUpdater.forClient(getAdminClient(), "test", AssertEvents.DEFAULT_CLIENT_ID).filterRedirectUris(str2 -> {
                return str2.contains(str);
            }).update();
            Throwable th2 = null;
            try {
                try {
                    MatcherAssert.assertThat(Integer.valueOf(instanceAndSetEnv.getCountOfTabs()), Matchers.is(1));
                    this.loginPage.open();
                    resetPasswordTwiceInNewTab(this.defaultUser, AssertEvents.DEFAULT_CLIENT_ID, false, str);
                    MatcherAssert.assertThat(this.driver.getCurrentUrl(), Matchers.containsString(str));
                    this.oauth.openLogout();
                    this.loginPage.open();
                    resetPasswordTwiceInNewTab(this.defaultUser, AssertEvents.DEFAULT_CLIENT_ID, true, str);
                    MatcherAssert.assertThat(this.driver.getCurrentUrl(), Matchers.containsString(str));
                    if (update != null) {
                        if (0 != 0) {
                            try {
                                update.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            update.close();
                        }
                    }
                    if (instanceAndSetEnv != null) {
                        if (0 == 0) {
                            instanceAndSetEnv.close();
                            return;
                        }
                        try {
                            instanceAndSetEnv.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    }
                } catch (Throwable th5) {
                    th2 = th5;
                    throw th5;
                }
            } catch (Throwable th6) {
                if (update != null) {
                    if (th2 != null) {
                        try {
                            update.close();
                        } catch (Throwable th7) {
                            th2.addSuppressed(th7);
                        }
                    } else {
                        update.close();
                    }
                }
                throw th6;
            }
        } catch (Throwable th8) {
            if (instanceAndSetEnv != null) {
                if (0 != 0) {
                    try {
                        instanceAndSetEnv.close();
                    } catch (Throwable th9) {
                        th.addSuppressed(th9);
                    }
                } else {
                    instanceAndSetEnv.close();
                }
            }
            throw th8;
        }
    }

    @Test
    public void changeEmailAddressAfterSendingEmail() throws IOException {
        initiateResetPasswordFromResetPasswordPage(this.defaultUser.getUsername());
        Assert.assertEquals(1L, this.greenMail.getReceivedMessages().length);
        String passwordResetEmailLink = MailUtils.getPasswordResetEmailLink(this.greenMail.getReceivedMessages()[0]);
        UserResource userResource = testRealm().users().get(this.defaultUser.getId());
        UserRepresentation representation = userResource.toRepresentation();
        representation.setEmail("vmuzikar@redhat.com");
        userResource.update(representation);
        this.driver.navigate().to(passwordResetEmailLink.trim());
        this.errorPage.assertCurrent();
        Assert.assertEquals("Invalid email address.", this.errorPage.getError());
    }

    private void changePasswordOnUpdatePage(WebDriver webDriver) {
        MatcherAssert.assertThat(webDriver.getPageSource(), Matchers.containsString("You need to change your password."));
        webDriver.findElement(By.id("password-new")).sendKeys(new CharSequence[]{"resetPassword"});
        webDriver.findElement(By.id("password-confirm")).sendKeys(new CharSequence[]{"resetPassword"});
        webDriver.findElement(By.cssSelector("input[type=\"submit\"]")).click();
    }

    private void resetPasswordTwiceInNewTab(UserRepresentation userRepresentation, String str, boolean z, String str2) throws IOException {
        resetPasswordTwiceInNewTab(userRepresentation, str, z, str2, str2);
    }

    private void resetPasswordTwiceInNewTab(UserRepresentation userRepresentation, String str, boolean z, String str2, String str3) throws IOException {
        this.events.clear();
        updateForgottenPassword(userRepresentation, str, str2, str3);
        if (z) {
            String sessionId = this.events.expectLogin().user(userRepresentation.getId()).detail("username", userRepresentation.getUsername()).detail("redirect_uri", str2).client(str).assertEvent().getSessionId();
            this.oauth.openLogout();
            this.events.expectLogout(sessionId).user(userRepresentation.getId()).session(sessionId).assertEvent();
        }
        BrowserTabUtil instanceAndSetEnv = BrowserTabUtil.getInstanceAndSetEnv(this.driver);
        MatcherAssert.assertThat(Integer.valueOf(instanceAndSetEnv.getCountOfTabs()), Matchers.equalTo(2));
        instanceAndSetEnv.closeTab(1);
        MatcherAssert.assertThat(Integer.valueOf(instanceAndSetEnv.getCountOfTabs()), Matchers.equalTo(1));
        if (!z) {
            doForgotPassword(userRepresentation.getUsername());
            return;
        }
        ClientRepresentation clientRepresentation = (ClientRepresentation) testRealm().clients().findByClientId(str).stream().findFirst().orElse(null);
        MatcherAssert.assertThat(clientRepresentation, Matchers.notNullValue());
        updateForgottenPassword(userRepresentation, str, getValidRedirectUriWithRootUrl(clientRepresentation.getRootUrl(), clientRepresentation.getRedirectUris()));
    }

    private void updateForgottenPassword(UserRepresentation userRepresentation, String str, String str2) throws IOException {
        updateForgottenPassword(userRepresentation, str, str2, str2);
    }

    private void updateForgottenPassword(UserRepresentation userRepresentation, String str, String str2, String str3) throws IOException {
        int length = this.greenMail.getReceivedMessages().length;
        doForgotPassword(userRepresentation.getUsername());
        Assert.assertEquals("You should receive an email shortly with further instructions.", this.loginPage.getSuccessMessage());
        this.events.expectRequiredAction(EventType.SEND_RESET_PASSWORD).user(userRepresentation.getId()).client(str).detail("redirect_uri", str2).detail("username", userRepresentation.getUsername()).detail("email", userRepresentation.getEmail()).session((String) null).assertEvent();
        Assert.assertEquals(length + 1, this.greenMail.getReceivedMessages().length);
        BrowserTabUtil.getInstanceAndSetEnv(this.driver).newTab(MailUtils.getPasswordResetEmailLink(this.greenMail.getReceivedMessages()[length]).trim());
        changePasswordOnUpdatePage(this.driver);
        this.events.expectRequiredAction(EventType.UPDATE_PASSWORD).detail("redirect_uri", str2).client(str).user(userRepresentation.getId()).detail("username", userRepresentation.getUsername()).assertEvent();
        MatcherAssert.assertThat(this.driver.getCurrentUrl(), Matchers.containsString(str3));
    }

    private void doForgotPassword(String str) {
        this.loginPage.assertCurrent();
        this.loginPage.resetPassword();
        this.resetPasswordPage.assertCurrent();
        this.resetPasswordPage.changePassword(str);
        WaitUtils.waitForPageToLoad();
    }

    private String getValidRedirectUriWithRootUrl(String str, Collection<String> collection) {
        boolean isValidUrl = isValidUrl(str);
        return (String) collection.stream().map(str2 -> {
            return (isValidUrl && str2.startsWith("/")) ? str + str2 : str2;
        }).map(str3 -> {
            return str3.startsWith("/") ? OAuthClient.AUTH_SERVER_ROOT + str3 : str3;
        }).map(RedirectUtils::validateRedirectUriWildcard).findFirst().orElse(null);
    }

    private boolean isValidUrl(String str) {
        try {
            new URL(str);
            return true;
        } catch (MalformedURLException e) {
            return false;
        }
    }
}
