package org.keycloak.testsuite.account;

import java.lang.invoke.SerializedLambda;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import org.hamcrest.Matchers;
import org.jboss.arquillian.drone.api.annotation.Drone;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.common.Profile;
import org.keycloak.events.EventType;
import org.keycloak.models.AdminRoles;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.TimeBasedOTP;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.AuthServerTestEnricher;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
import org.keycloak.testsuite.drone.Different;
import org.keycloak.testsuite.oauth.BackchannelLogoutTest;
import org.keycloak.testsuite.oauth.OAuthGrantTest;
import org.keycloak.testsuite.pages.AccountApplicationsPage;
import org.keycloak.testsuite.pages.AccountFederatedIdentityPage;
import org.keycloak.testsuite.pages.AccountLogPage;
import org.keycloak.testsuite.pages.AccountPasswordPage;
import org.keycloak.testsuite.pages.AccountSessionsPage;
import org.keycloak.testsuite.pages.AccountTotpPage;
import org.keycloak.testsuite.pages.AccountUpdateProfilePage;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.ErrorPage;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.pages.RegisterPage;
import org.keycloak.testsuite.updaters.ClientAttributeUpdater;
import org.keycloak.testsuite.updaters.RoleScopeUpdater;
import org.keycloak.testsuite.util.DroneUtils;
import org.keycloak.testsuite.util.IdentityProviderBuilder;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.RealmBuilder;
import org.keycloak.testsuite.util.ServerURLs;
import org.keycloak.testsuite.util.UIUtils;
import org.keycloak.testsuite.util.URLUtils;
import org.keycloak.testsuite.util.UserBuilder;
import org.openqa.selenium.By;
import org.openqa.selenium.NoSuchElementException;
import org.openqa.selenium.WebDriver;

@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
/* loaded from: input_file:org/keycloak/testsuite/account/AccountFormServiceTest.class */
public class AccountFormServiceTest extends AbstractTestRealmKeycloakTest {
    public static final String ROOT_URL_CLIENT = "root-url-client";
    public static final String REALM_NAME = "test";

    @Drone
    @Different
    WebDriver driver2;

    @Page
    protected AppPage appPage;

    @Page
    protected LoginPage loginPage;

    @Page
    protected RegisterPage registerPage;

    @Page
    protected AccountPasswordPage changePasswordPage;

    @Page
    protected AccountUpdateProfilePage profilePage;

    @Page
    protected AccountTotpPage totpPage;

    @Page
    protected AccountLogPage logPage;

    @Page
    protected AccountSessionsPage sessionsPage;

    @Page
    protected AccountApplicationsPage applicationsPage;

    @Page
    protected AccountFederatedIdentityPage federatedIdentityPage;

    @Page
    protected ErrorPage errorPage;
    private String userId;

    @Rule
    public AssertEvents events = new AssertEvents(this);
    private TimeBasedOTP totp = new TimeBasedOTP();

    @Override // org.keycloak.testsuite.AbstractTestRealmKeycloakTest
    public void configureTestRealm(RealmRepresentation realmRepresentation) {
        UserRepresentation build = UserBuilder.create().enabled(true).username("test-user-no-access@localhost").email("test-user-no-access@localhost").password("password").build();
        UserRepresentation build2 = UserBuilder.create().enabled(true).username("realm-admin").password("password").role("realm-management", AdminRoles.REALM_ADMIN).role(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME, "manage-account").build();
        realmRepresentation.addIdentityProvider(IdentityProviderBuilder.create().providerId("github").alias("github").build());
        realmRepresentation.addIdentityProvider(IdentityProviderBuilder.create().providerId("saml").alias("mysaml").build());
        realmRepresentation.addIdentityProvider(IdentityProviderBuilder.create().providerId("oidc").alias("myoidc").displayName("MyOIDC").build());
        realmRepresentation.addIdentityProvider(IdentityProviderBuilder.create().providerId("oidc").alias("myhiddenoidc").displayName("MyHiddenOIDC").hideOnLoginPage().build());
        RealmBuilder.edit(realmRepresentation).user(build).user(build2);
        if (ServerURLs.AUTH_SERVER_SSL_REQUIRED) {
            findTestApp(realmRepresentation).setBaseUrl(String.format("%s/auth/realms/master/app/auth", ServerURLs.getAuthServerContextRoot()));
        }
    }

    @Before
    public void before() {
        UserRepresentation findUser = findUser(AssertEvents.DEFAULT_USERNAME);
        findUser.setEmail(AssertEvents.DEFAULT_USERNAME);
        updateUser(findUser);
        this.userId = findUser.getId();
        setPasswordPolicy("");
        ApiUtil.resetUserPassword(testRealm().users().get(this.userId), "password", false);
    }

    @Test
    public void returnToAppFromQueryParam() {
        this.driver.navigate().to(this.profilePage.getPath() + "?referrer=test-app");
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertTrue(this.profilePage.isCurrent());
        this.profilePage.backToApplication();
        Assert.assertTrue(this.appPage.isCurrent());
        this.driver.navigate().to(String.format("%s?referrer=test-app&referrer_uri=%s/auth/realms/master/app/auth?test", this.profilePage.getPath(), ServerURLs.getAuthServerContextRoot()));
        Assert.assertTrue(this.profilePage.isCurrent());
        this.profilePage.backToApplication();
        Assert.assertTrue(this.appPage.isCurrent());
        StringBuilder sb = new StringBuilder();
        OAuthClient oAuthClient = this.oauth;
        Assert.assertEquals(sb.append(OAuthClient.APP_AUTH_ROOT).append("?test").toString(), this.driver.getCurrentUrl());
        this.driver.navigate().to(this.profilePage.getPath() + "?referrer=test-app");
        Assert.assertTrue(this.profilePage.isCurrent());
        this.driver.findElement(By.linkText("Authenticator")).click();
        Assert.assertTrue(this.totpPage.isCurrent());
        this.driver.findElement(By.linkText("Account")).click();
        Assert.assertTrue(this.profilePage.isCurrent());
        this.profilePage.backToApplication();
        Assert.assertTrue(this.appPage.isCurrent());
        this.events.clear();
    }

    @Test
    public void referrerEscaped() {
        this.profilePage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        this.driver.navigate().to(this.profilePage.getPath() + "?referrer=test-app&referrer_uri=http%3A%2F%2Flocalhost%3A8180%2Fauth%2Frealms%2Fmaster%2Fapp%2Fauth%2Ftest%2Ffkrenu%3Fq%3D%2522%253E%253Cscript%253Ealert%25281%2529%253C%252fscript%253E");
        this.profilePage.assertCurrent();
        Assert.assertFalse(this.driver.getPageSource().contains("<script>alert"));
    }

    @Test
    public void changePassword() {
        this.changePasswordPage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        EventRepresentation assertEvent = this.events.expectLogin().client(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).detail("redirect_uri", getAccountRedirectUrl() + "?path=password").assertEvent();
        String sessionId = assertEvent.getSessionId();
        assertEvent.getUserId();
        this.changePasswordPage.changePassword("", "new-password", "new-password");
        Assert.assertEquals("Please specify password.", this.profilePage.getError());
        this.events.expectAccount(EventType.UPDATE_PASSWORD_ERROR).error("password_missing").assertEvent();
        this.changePasswordPage.changePassword("password", "new-password", "new-password2");
        Assert.assertEquals("Password confirmation doesn't match.", this.profilePage.getError());
        this.events.expectAccount(EventType.UPDATE_PASSWORD_ERROR).error("password_confirm_error").assertEvent();
        this.changePasswordPage.changePassword("password", "new-password", "new-password");
        Assert.assertEquals("Your password has been updated.", this.profilePage.getSuccess());
        this.events.expectAccount(EventType.UPDATE_PASSWORD).assertEvent();
        this.changePasswordPage.logout();
        this.events.expectLogout(sessionId).detail("redirect_uri", this.changePasswordPage.getPath()).assertEvent();
        this.loginPage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertEquals("Invalid username or password.", this.loginPage.getInputError());
        this.events.expectLogin().session((String) null).error("invalid_user_credentials").removeDetail("consent").assertEvent();
        this.loginPage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "new-password");
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        this.events.expectLogin().assertEvent();
    }

    private void setPasswordPolicy(String str) {
        RealmRepresentation representation = testRealm().toRepresentation();
        representation.setPasswordPolicy(str);
        testRealm().update(representation);
    }

    @Test
    public void changePasswordWithBlankCurrentPassword() {
        this.changePasswordPage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        this.events.expectLogin().client(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).detail("redirect_uri", getAccountRedirectUrl() + "?path=password").assertEvent();
        this.changePasswordPage.changePassword("", "new", "new");
        Assert.assertEquals("Please specify password.", this.profilePage.getError());
        this.events.expectAccount(EventType.UPDATE_PASSWORD_ERROR).error("password_missing").assertEvent();
        this.changePasswordPage.changePassword("password", "new", "new");
        Assert.assertEquals("Your password has been updated.", this.profilePage.getSuccess());
        this.events.expectAccount(EventType.UPDATE_PASSWORD).assertEvent();
    }

    @Test
    public void changePasswordWithLengthPasswordPolicy() {
        setPasswordPolicy("length(8)");
        this.changePasswordPage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        this.events.expectLogin().client(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).detail("redirect_uri", getAccountRedirectUrl() + "?path=password").assertEvent();
        this.changePasswordPage.changePassword("password", "1234", "1234");
        Assert.assertEquals("Invalid password: minimum length 8.", this.profilePage.getError());
        this.events.expectAccount(EventType.UPDATE_PASSWORD_ERROR).error("password_rejected").assertEvent();
        this.changePasswordPage.changePassword("password", "12345678", "12345678");
        Assert.assertEquals("Your password has been updated.", this.profilePage.getSuccess());
        this.events.expectAccount(EventType.UPDATE_PASSWORD).assertEvent();
    }

    @Test
    public void changePasswordWithDigitsPolicy() {
        setPasswordPolicy("digits(2)");
        this.changePasswordPage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        this.events.expectLogin().client(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).detail("redirect_uri", getAccountRedirectUrl() + "?path=password").assertEvent();
        this.changePasswordPage.changePassword("password", "invalidPassword1", "invalidPassword1");
        Assert.assertEquals("Invalid password: must contain at least 2 numerical digits.", this.profilePage.getError());
        this.events.expectAccount(EventType.UPDATE_PASSWORD_ERROR).error("password_rejected").assertEvent();
        this.changePasswordPage.changePassword("password", "validPassword12", "validPassword12");
        Assert.assertEquals("Your password has been updated.", this.profilePage.getSuccess());
        this.events.expectAccount(EventType.UPDATE_PASSWORD).assertEvent();
    }

    @Test
    public void changePasswordWithLowerCasePolicy() {
        setPasswordPolicy("lowerCase(2)");
        this.changePasswordPage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        this.events.expectLogin().client(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).detail("redirect_uri", getAccountRedirectUrl() + "?path=password").assertEvent();
        this.changePasswordPage.changePassword("password", "iNVALIDPASSWORD", "iNVALIDPASSWORD");
        Assert.assertEquals("Invalid password: must contain at least 2 lower case characters.", this.profilePage.getError());
        this.events.expectAccount(EventType.UPDATE_PASSWORD_ERROR).error("password_rejected").assertEvent();
        this.changePasswordPage.changePassword("password", "vaLIDPASSWORD", "vaLIDPASSWORD");
        Assert.assertEquals("Your password has been updated.", this.profilePage.getSuccess());
        this.events.expectAccount(EventType.UPDATE_PASSWORD).assertEvent();
    }

    @Test
    public void changePasswordWithUpperCasePolicy() {
        setPasswordPolicy("upperCase(2)");
        this.changePasswordPage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        this.events.expectLogin().client(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).detail("redirect_uri", getAccountRedirectUrl() + "?path=password").assertEvent();
        this.changePasswordPage.changePassword("password", "Invalidpassword", "Invalidpassword");
        Assert.assertEquals("Invalid password: must contain at least 2 upper case characters.", this.profilePage.getError());
        this.events.expectAccount(EventType.UPDATE_PASSWORD_ERROR).error("password_rejected").assertEvent();
        this.changePasswordPage.changePassword("password", "VAlidpassword", "VAlidpassword");
        Assert.assertEquals("Your password has been updated.", this.profilePage.getSuccess());
        this.events.expectAccount(EventType.UPDATE_PASSWORD).assertEvent();
    }

    @Test
    public void changePasswordWithSpecialCharsPolicy() {
        setPasswordPolicy("specialChars(2)");
        this.changePasswordPage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        this.events.expectLogin().client(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).detail("redirect_uri", getAccountRedirectUrl() + "?path=password").assertEvent();
        this.changePasswordPage.changePassword("password", "invalidPassword*", "invalidPassword*");
        Assert.assertEquals("Invalid password: must contain at least 2 special characters.", this.profilePage.getError());
        this.events.expectAccount(EventType.UPDATE_PASSWORD_ERROR).error("password_rejected").assertEvent();
        this.changePasswordPage.changePassword("password", "validPassword*#", "validPassword*#");
        Assert.assertEquals("Your password has been updated.", this.profilePage.getSuccess());
        this.events.expectAccount(EventType.UPDATE_PASSWORD).assertEvent();
    }

    @Test
    public void changePasswordWithNotUsernamePolicy() {
        setPasswordPolicy("notUsername(1)");
        this.changePasswordPage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        this.events.expectLogin().client(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).detail("redirect_uri", getAccountRedirectUrl() + "?path=password").assertEvent();
        this.changePasswordPage.changePassword("password", AssertEvents.DEFAULT_USERNAME, AssertEvents.DEFAULT_USERNAME);
        Assert.assertEquals("Invalid password: must not be equal to the username.", this.profilePage.getError());
        this.events.expectAccount(EventType.UPDATE_PASSWORD_ERROR).error("password_rejected").assertEvent();
        this.changePasswordPage.changePassword("password", "newPassword", "newPassword");
        Assert.assertEquals("Your password has been updated.", this.profilePage.getSuccess());
        this.events.expectAccount(EventType.UPDATE_PASSWORD).assertEvent();
    }

    @Test
    public void changePasswordWithNotEmailPolicy() {
        setPasswordPolicy("notEmail(1)");
        this.changePasswordPage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        this.events.expectLogin().client(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).detail("redirect_uri", getAccountRedirectUrl() + "?path=password").assertEvent();
        this.changePasswordPage.changePassword("password", AssertEvents.DEFAULT_USERNAME, AssertEvents.DEFAULT_USERNAME);
        Assert.assertEquals("Invalid password: must not be equal to the email.", this.profilePage.getError());
        this.events.expectAccount(EventType.UPDATE_PASSWORD_ERROR).error("password_rejected").assertEvent();
        this.changePasswordPage.changePassword("password", "newPassword", "newPassword");
        Assert.assertEquals("Your password has been updated.", this.profilePage.getSuccess());
        this.events.expectAccount(EventType.UPDATE_PASSWORD).assertEvent();
    }

    @Test
    public void changePasswordWithRegexPatternsPolicy() {
        setPasswordPolicy("regexPattern(^[A-Z]+#[a-z]{8}$)");
        this.changePasswordPage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        this.events.expectLogin().client(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).detail("redirect_uri", getAccountRedirectUrl() + "?path=password").assertEvent();
        this.changePasswordPage.changePassword("password", "invalidPassword", "invalidPassword");
        Assert.assertEquals("Invalid password: fails to match regex pattern(s).", this.profilePage.getError());
        this.events.expectAccount(EventType.UPDATE_PASSWORD_ERROR).error("password_rejected").assertEvent();
        this.changePasswordPage.changePassword("password", "VALID#password", "VALID#password");
        Assert.assertEquals("Your password has been updated.", this.profilePage.getSuccess());
        this.events.expectAccount(EventType.UPDATE_PASSWORD).assertEvent();
    }

    private void assertChangePasswordSucceeds(String str, String str2) {
        this.changePasswordPage.changePassword(str, str2, str2);
        Assert.assertEquals("Your password has been updated.", this.profilePage.getSuccess());
        this.events.expectAccount(EventType.UPDATE_PASSWORD).user(this.userId).assertEvent();
    }

    private void assertChangePasswordFails(String str, String str2) {
        this.changePasswordPage.changePassword(str, str2, str2);
        Assert.assertThat(this.profilePage.getError(), Matchers.containsString("Invalid password: must not be equal to any of last"));
        this.events.expectAccount(EventType.UPDATE_PASSWORD_ERROR).user(this.userId).error("password_rejected").assertEvent();
    }

    private void assertNumberOfStoredCredentials(int i) {
        Assume.assumeTrue("Works only on auth-server-undertow", AuthServerTestEnricher.AUTH_SERVER_CONTAINER.equals("auth-server-undertow"));
        String str = this.userId;
        this.testingClient.server("test").run(keycloakSession -> {
            RealmModel realm = keycloakSession.getContext().getRealm();
            UserModel userById = keycloakSession.users().getUserById(realm, str);
            Assert.assertThat(userById, Matchers.notNullValue());
            Assert.assertThat((List) keycloakSession.userCredentialManager().getStoredCredentialsStream(realm, userById).collect(Collectors.toList()), Matchers.hasSize(i));
        });
    }

    @Test
    public void changePasswordWithPasswordHistoryPolicyThreePasswords() {
        this.userId = createUser("test", "user-changePasswordWithPasswordHistoryPolicyThreePasswords", "password", new String[0]);
        setPasswordPolicy("passwordHistory(3)");
        this.changePasswordPage.open();
        this.loginPage.login("user-changePasswordWithPasswordHistoryPolicyThreePasswords", "password");
        this.events.expectLogin().user(this.userId).client(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).detail("redirect_uri", getAccountRedirectUrl() + "?path=password").assertEvent();
        assertChangePasswordFails("password", "password");
        assertNumberOfStoredCredentials(1);
        assertChangePasswordSucceeds("password", "password3");
        assertNumberOfStoredCredentials(2);
        assertChangePasswordFails("password3", "password");
        assertNumberOfStoredCredentials(2);
        assertChangePasswordFails("password3", "password3");
        assertNumberOfStoredCredentials(2);
        assertChangePasswordSucceeds("password3", "password4");
        assertNumberOfStoredCredentials(3);
        assertChangePasswordFails("password4", "password");
        assertNumberOfStoredCredentials(3);
        assertChangePasswordFails("password4", "password3");
        assertNumberOfStoredCredentials(3);
        assertChangePasswordFails("password4", "password4");
        assertNumberOfStoredCredentials(3);
        assertChangePasswordSucceeds("password4", "password5");
        assertNumberOfStoredCredentials(3);
        assertChangePasswordSucceeds("password5", "password");
        assertNumberOfStoredCredentials(3);
    }

    @Test
    public void changePasswordWithPasswordHistoryPolicyTwoPasswords() {
        this.userId = createUser("test", "user-changePasswordWithPasswordHistoryPolicyTwoPasswords", "password", new String[0]);
        setPasswordPolicy("passwordHistory(2)");
        this.changePasswordPage.open();
        this.loginPage.login("user-changePasswordWithPasswordHistoryPolicyTwoPasswords", "password");
        this.events.expectLogin().user(this.userId).client(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).detail("redirect_uri", getAccountRedirectUrl() + "?path=password").assertEvent();
        assertChangePasswordFails("password", "password");
        assertNumberOfStoredCredentials(1);
        assertChangePasswordSucceeds("password", "password1");
        assertNumberOfStoredCredentials(2);
        assertChangePasswordFails("password1", "password");
        assertNumberOfStoredCredentials(2);
        assertChangePasswordFails("password1", "password1");
        assertNumberOfStoredCredentials(2);
        assertChangePasswordSucceeds("password1", "password2");
        assertNumberOfStoredCredentials(2);
        assertChangePasswordFails("password2", "password1");
        assertNumberOfStoredCredentials(2);
        assertChangePasswordFails("password2", "password2");
        assertNumberOfStoredCredentials(2);
        assertChangePasswordSucceeds("password2", "password");
        assertNumberOfStoredCredentials(2);
    }

    @Test
    public void changePasswordWithPasswordHistoryPolicyOnePwds() {
        this.userId = createUser("test", "user-changePasswordWithPasswordHistoryPolicyOnePwds", "password", new String[0]);
        setPasswordPolicy("passwordHistory(1)");
        this.changePasswordPage.open();
        this.loginPage.login("user-changePasswordWithPasswordHistoryPolicyOnePwds", "password");
        this.events.expectLogin().user(this.userId).client(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).detail("redirect_uri", getAccountRedirectUrl() + "?path=password").assertEvent();
        assertChangePasswordFails("password", "password");
        assertNumberOfStoredCredentials(1);
        assertChangePasswordSucceeds("password", "password6");
        assertNumberOfStoredCredentials(1);
        assertChangePasswordFails("password6", "password6");
        assertNumberOfStoredCredentials(1);
        assertChangePasswordSucceeds("password6", "password");
        assertNumberOfStoredCredentials(1);
    }

    @Test
    public void changePasswordWithPasswordHistoryPolicyZeroPwdsInHistory() {
        this.userId = createUser("test", "user-changePasswordWithPasswordHistoryPolicyZeroPwdsInHistory", "password", new String[0]);
        setPasswordPolicy("passwordHistory(0)");
        this.changePasswordPage.open();
        this.loginPage.login("user-changePasswordWithPasswordHistoryPolicyZeroPwdsInHistory", "password");
        this.events.expectLogin().user(this.userId).client(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).detail("redirect_uri", getAccountRedirectUrl() + "?path=password").assertEvent();
        assertChangePasswordFails("password", "password");
        assertNumberOfStoredCredentials(1);
        assertChangePasswordSucceeds("password", "password1");
        assertNumberOfStoredCredentials(1);
        assertChangePasswordFails("password1", "password1");
        assertNumberOfStoredCredentials(1);
        assertChangePasswordSucceeds("password1", "password");
        assertNumberOfStoredCredentials(1);
    }

    @Test
    public void changePasswordToOldOneAfterPasswordHistoryPolicyExpirationChange() {
        this.userId = createUser("test", "user-changePasswordToOldOneAfterPasswordHistoryPolicyExpirationChange", "password", new String[0]);
        setPasswordPolicy("passwordHistory(3)");
        this.changePasswordPage.open();
        this.loginPage.login("user-changePasswordToOldOneAfterPasswordHistoryPolicyExpirationChange", "password");
        this.events.expectLogin().user(this.userId).client(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).detail("redirect_uri", getAccountRedirectUrl() + "?path=password").assertEvent();
        assertNumberOfStoredCredentials(1);
        assertChangePasswordSucceeds("password", "password1");
        assertNumberOfStoredCredentials(2);
        assertChangePasswordSucceeds("password1", "password2");
        assertNumberOfStoredCredentials(3);
        setPasswordPolicy("passwordHistory(2)");
        assertChangePasswordSucceeds("password2", "password");
    }

    @Test
    public void changePasswordWithPasswordHistoryPolicyExpiration() {
        this.userId = createUser("test", "user-changePasswordWithPasswordHistoryPolicyExpiration", "password", new String[0]);
        setPasswordPolicy("passwordHistory(3)");
        this.changePasswordPage.open();
        this.loginPage.login("user-changePasswordWithPasswordHistoryPolicyExpiration", "password");
        this.events.expectLogin().user(this.userId).client(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).detail("redirect_uri", getAccountRedirectUrl() + "?path=password").assertEvent();
        assertNumberOfStoredCredentials(1);
        assertChangePasswordSucceeds("password", "password2");
        assertNumberOfStoredCredentials(2);
        assertChangePasswordSucceeds("password2", "password4");
        assertNumberOfStoredCredentials(3);
        setPasswordPolicy("passwordHistory(2)");
        assertChangePasswordSucceeds("password4", "password5");
        assertNumberOfStoredCredentials(2);
        setPasswordPolicy("passwordHistory(1)");
        assertChangePasswordSucceeds("password5", "password6");
        assertNumberOfStoredCredentials(1);
        setPasswordPolicy("passwordHistory(2)");
        assertChangePasswordSucceeds("password6", "password7");
        assertNumberOfStoredCredentials(2);
        setPasswordPolicy("passwordHistory(0)");
        assertChangePasswordSucceeds("password7", "password8");
        assertNumberOfStoredCredentials(1);
    }

    @Test
    public void changeProfile() throws Exception {
        setEditUsernameAllowed(false);
        setRegistrationEmailAsUsername(false);
        this.profilePage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        this.events.expectLogin().client(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).detail("redirect_uri", getAccountRedirectUrl()).assertEvent();
        Assert.assertEquals(AssertEvents.DEFAULT_USERNAME, this.profilePage.getUsername());
        Assert.assertEquals("Tom", this.profilePage.getFirstName());
        Assert.assertEquals("Brady", this.profilePage.getLastName());
        Assert.assertEquals(AssertEvents.DEFAULT_USERNAME, this.profilePage.getEmail());
        this.profilePage.updateProfile("", "New last", "new@email.com");
        Assert.assertEquals("Please specify first name.", this.profilePage.getError());
        Assert.assertEquals(AssertEvents.DEFAULT_USERNAME, this.profilePage.getUsername());
        Assert.assertEquals("", this.profilePage.getFirstName());
        Assert.assertEquals("New last", this.profilePage.getLastName());
        Assert.assertEquals("new@email.com", this.profilePage.getEmail());
        this.events.assertEmpty();
        this.profilePage.updateProfile("New first", "", "new@email.com");
        Assert.assertEquals("Please specify last name.", this.profilePage.getError());
        Assert.assertEquals("New first", this.profilePage.getFirstName());
        Assert.assertEquals("", this.profilePage.getLastName());
        Assert.assertEquals("new@email.com", this.profilePage.getEmail());
        this.events.assertEmpty();
        this.profilePage.updateProfile("New first", "New last", "");
        Assert.assertEquals("Please specify email.", this.profilePage.getError());
        Assert.assertEquals("New first", this.profilePage.getFirstName());
        Assert.assertEquals("New last", this.profilePage.getLastName());
        Assert.assertEquals("", this.profilePage.getEmail());
        this.events.assertEmpty();
        this.profilePage.clickCancel();
        Assert.assertEquals(AssertEvents.DEFAULT_USERNAME, this.profilePage.getUsername());
        Assert.assertEquals("Tom", this.profilePage.getFirstName());
        Assert.assertEquals("Brady", this.profilePage.getLastName());
        Assert.assertEquals(AssertEvents.DEFAULT_USERNAME, this.profilePage.getEmail());
        this.events.assertEmpty();
        this.profilePage.updateProfile("New first", "New last", "new@email.com");
        Assert.assertEquals("Your account has been updated.", this.profilePage.getSuccess());
        Assert.assertEquals(AssertEvents.DEFAULT_USERNAME, this.profilePage.getUsername());
        Assert.assertEquals("New first", this.profilePage.getFirstName());
        Assert.assertEquals("New last", this.profilePage.getLastName());
        Assert.assertEquals("new@email.com", this.profilePage.getEmail());
        this.events.expectAccount(EventType.UPDATE_PROFILE).detail("previous_first_name", "Tom").detail("updated_first_name", "New first").detail("previous_last_name", "Brady").detail("updated_last_name", "New last").detail("previous_email", AssertEvents.DEFAULT_USERNAME).detail("updated_email", "new@email.com").assertEvent();
        this.profilePage.updateProfile("Tom", "Brady", AssertEvents.DEFAULT_USERNAME);
        this.events.clear();
        setEditUsernameAllowed(true);
    }

    @Test
    public void changeProfileWithoutRemoveCustomAttributes() throws Exception {
        setEditUsernameAllowed(false);
        setRegistrationEmailAsUsername(false);
        UserResource userResource = testRealm().users().get(this.userId);
        UserRepresentation representation = userResource.toRepresentation();
        representation.setAttributes(new HashMap());
        representation.getAttributes().put("custom", Arrays.asList("custom-value"));
        userResource.update(representation);
        this.profilePage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        this.events.expectLogin().client(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).detail("redirect_uri", getAccountRedirectUrl()).assertEvent();
        Assert.assertEquals(AssertEvents.DEFAULT_USERNAME, this.profilePage.getUsername());
        Assert.assertEquals("Tom", this.profilePage.getFirstName());
        Assert.assertEquals("Brady", this.profilePage.getLastName());
        Assert.assertEquals(AssertEvents.DEFAULT_USERNAME, this.profilePage.getEmail());
        this.profilePage.updateProfile("New first", "New last", "new@email.com");
        Assert.assertEquals("Your account has been updated.", this.profilePage.getSuccess());
        Assert.assertEquals(AssertEvents.DEFAULT_USERNAME, this.profilePage.getUsername());
        Assert.assertEquals("New first", this.profilePage.getFirstName());
        Assert.assertEquals("New last", this.profilePage.getLastName());
        Assert.assertEquals("new@email.com", this.profilePage.getEmail());
        this.events.expectAccount(EventType.UPDATE_PROFILE).detail("previous_email", AssertEvents.DEFAULT_USERNAME).detail("updated_email", "new@email.com").assertEvent();
        UserRepresentation representation2 = userResource.toRepresentation();
        Assert.assertNotNull(representation2.getAttributes());
        Assert.assertTrue(representation2.getAttributes().containsKey("custom"));
        this.profilePage.updateProfile("Tom", "Brady", AssertEvents.DEFAULT_USERNAME);
        this.events.clear();
        setEditUsernameAllowed(true);
    }

    @Test
    public void changeProfileEmailChangeSetsEmailVerified() throws Exception {
        setEditUsernameAllowed(false);
        setRegistrationEmailAsUsername(false);
        UserResource userResource = testRealm().users().get(this.userId);
        UserRepresentation representation = userResource.toRepresentation();
        representation.setEmailVerified(true);
        userResource.update(representation);
        this.profilePage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        this.events.expectLogin().client(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).detail("redirect_uri", getAccountRedirectUrl()).assertEvent();
        this.profilePage.updateProfile(this.profilePage.getFirstName(), "New last", this.profilePage.getEmail());
        Assert.assertTrue(userResource.toRepresentation().isEmailVerified().booleanValue());
        this.events.expectAccount(EventType.UPDATE_PROFILE).detail("updated_last_name", "New last").detail("previous_last_name", "Brady").assertEvent();
        this.profilePage.updateProfile(this.profilePage.getFirstName(), this.profilePage.getLastName(), "new@email.com");
        Assert.assertEquals("new@email.com", this.profilePage.getEmail());
        Assert.assertFalse(userResource.toRepresentation().isEmailVerified().booleanValue());
        this.events.expectAccount(EventType.UPDATE_PROFILE).detail("previous_email", AssertEvents.DEFAULT_USERNAME).detail("updated_email", "new@email.com").assertEvent();
        this.profilePage.updateProfile("Tom", "Brady", AssertEvents.DEFAULT_USERNAME);
        this.events.clear();
        setEditUsernameAllowed(true);
    }

    @Test
    public void changeProfileEmailAsUsernameEnabled() throws Exception {
        setRegistrationEmailAsUsername(true);
        this.profilePage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertFalse(this.driver.findElements(By.id("username")).size() > 0);
        setRegistrationEmailAsUsername(false);
    }

    @Test
    public void changeProfileEmailAsUsernameAndEditUsernameEnabled() throws Exception {
        setEditUsernameAllowed(true);
        setRegistrationEmailAsUsername(true);
        this.profilePage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertFalse(this.driver.findElements(By.id("username")).size() > 0);
        this.profilePage.updateProfile("New First", "New Last", "new-email@email");
        Assert.assertEquals("Your account has been updated.", this.profilePage.getSuccess());
        Assert.assertEquals("New First", this.profilePage.getFirstName());
        Assert.assertEquals("New Last", this.profilePage.getLastName());
        Assert.assertEquals("new-email@email", this.profilePage.getEmail());
        List search = this.adminClient.realm("test").users().search((String) null, (String) null, (String) null, "new-email@email", (Integer) null, (Integer) null);
        Assert.assertEquals(1L, search.size());
        UserRepresentation userRepresentation = (UserRepresentation) search.get(0);
        Assert.assertEquals("new-email@email", userRepresentation.getUsername());
        userRepresentation.setUsername(AssertEvents.DEFAULT_USERNAME);
        userRepresentation.setFirstName("Tom");
        userRepresentation.setLastName("Brady");
        userRepresentation.setEmail(AssertEvents.DEFAULT_USERNAME);
        this.adminClient.realm("test").users().get(userRepresentation.getId()).update(userRepresentation);
        setRegistrationEmailAsUsername(false);
        setEditUsernameAllowed(false);
    }

    private void setEditUsernameAllowed(boolean z) {
        RealmRepresentation representation = testRealm().toRepresentation();
        representation.setEditUsernameAllowed(Boolean.valueOf(z));
        testRealm().update(representation);
    }

    private void setRegistrationEmailAsUsername(boolean z) {
        RealmRepresentation representation = testRealm().toRepresentation();
        representation.setRegistrationEmailAsUsername(Boolean.valueOf(z));
        testRealm().update(representation);
    }

    private void setDuplicateEmailsAllowed(boolean z) {
        RealmRepresentation representation = testRealm().toRepresentation();
        representation.setDuplicateEmailsAllowed(Boolean.valueOf(z));
        testRealm().update(representation);
    }

    @Test
    public void changeUsername() {
        setEditUsernameAllowed(true);
        this.profilePage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        this.events.expectLogin().client(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).detail("redirect_uri", getAccountRedirectUrl()).assertEvent();
        Assert.assertEquals(AssertEvents.DEFAULT_USERNAME, this.profilePage.getUsername());
        Assert.assertEquals("Tom", this.profilePage.getFirstName());
        Assert.assertEquals("Brady", this.profilePage.getLastName());
        Assert.assertEquals(AssertEvents.DEFAULT_USERNAME, this.profilePage.getEmail());
        this.profilePage.updateProfile("", "New first", "New last", "new@email.com");
        Assert.assertEquals("Please specify username.", this.profilePage.getError());
        Assert.assertEquals("", this.profilePage.getUsername());
        Assert.assertEquals("New first", this.profilePage.getFirstName());
        Assert.assertEquals("New last", this.profilePage.getLastName());
        Assert.assertEquals("new@email.com", this.profilePage.getEmail());
        this.events.assertEmpty();
        this.profilePage.updateProfile("test-user-no-access@localhost", "New first", "New last", "new@email.com");
        Assert.assertEquals("Username already exists.", this.profilePage.getError());
        Assert.assertEquals("test-user-no-access@localhost", this.profilePage.getUsername());
        Assert.assertEquals("New first", this.profilePage.getFirstName());
        Assert.assertEquals("New last", this.profilePage.getLastName());
        Assert.assertEquals("new@email.com", this.profilePage.getEmail());
        this.events.assertEmpty();
        this.profilePage.updateProfile("test-user-new@localhost", "New first", "New last", "new@email.com");
        Assert.assertEquals("Your account has been updated.", this.profilePage.getSuccess());
        Assert.assertEquals("test-user-new@localhost", this.profilePage.getUsername());
        Assert.assertEquals("New first", this.profilePage.getFirstName());
        Assert.assertEquals("New last", this.profilePage.getLastName());
        Assert.assertEquals("new@email.com", this.profilePage.getEmail());
        this.profilePage.updateProfile(AssertEvents.DEFAULT_USERNAME, "Tom", "Brady", AssertEvents.DEFAULT_USERNAME);
    }

    private void addUser(String str, String str2) {
        ApiUtil.createUserAndResetPasswordWithAdminClient(testRealm(), UserBuilder.create().username(str).enabled(true).email(str2).firstName("first").lastName("last").build(), "password");
    }

    @Test
    public void changeUsernameLoginWithOldUsername() {
        addUser("change-username", "change-username@localhost");
        setEditUsernameAllowed(true);
        this.profilePage.open();
        this.loginPage.login("change-username", "password");
        this.profilePage.updateUsername("change-username-updated");
        Assert.assertEquals("Your account has been updated.", this.profilePage.getSuccess());
        this.profilePage.logout();
        this.profilePage.open();
        Assert.assertTrue(this.loginPage.isCurrent());
        this.loginPage.login("change-username", "password");
        Assert.assertTrue(this.loginPage.isCurrent());
        Assert.assertEquals("Invalid username or password.", this.loginPage.getInputError());
        this.loginPage.login("change-username-updated", "password");
    }

    @Test
    public void changeEmailLoginWithOldEmail() {
        addUser("change-email", "change-username@localhost");
        setEditUsernameAllowed(true);
        this.profilePage.open();
        this.loginPage.login("change-username@localhost", "password");
        this.profilePage.updateEmail("change-username-updated@localhost");
        Assert.assertEquals("Your account has been updated.", this.profilePage.getSuccess());
        this.profilePage.logout();
        this.profilePage.open();
        Assert.assertTrue(this.loginPage.isCurrent());
        this.loginPage.login("change-username@localhost", "password");
        Assert.assertTrue(this.loginPage.isCurrent());
        Assert.assertEquals("Invalid username or password.", this.loginPage.getInputError());
        this.loginPage.login("change-username-updated@localhost", "password");
    }

    @Test
    public void changeEmailToExistingForbidden() {
        this.profilePage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        this.events.expectLogin().client(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).detail("redirect_uri", getAccountRedirectUrl()).assertEvent();
        Assert.assertEquals(AssertEvents.DEFAULT_USERNAME, this.profilePage.getUsername());
        Assert.assertEquals(AssertEvents.DEFAULT_USERNAME, this.profilePage.getEmail());
        this.profilePage.updateProfile("New first", "New last", "test-user-no-access@localhost");
        this.profilePage.assertCurrent();
        Assert.assertEquals("Email already exists.", this.profilePage.getError());
        Assert.assertEquals("New first", this.profilePage.getFirstName());
        Assert.assertEquals("New last", this.profilePage.getLastName());
        Assert.assertEquals("test-user-no-access@localhost", this.profilePage.getEmail());
        this.events.assertEmpty();
        this.profilePage.updateProfile("New first", "New last", AssertEvents.DEFAULT_USERNAME);
        Assert.assertEquals("Your account has been updated.", this.profilePage.getSuccess());
        Assert.assertEquals("New first", this.profilePage.getFirstName());
        Assert.assertEquals("New last", this.profilePage.getLastName());
        Assert.assertEquals(AssertEvents.DEFAULT_USERNAME, this.profilePage.getEmail());
        this.events.expectAccount(EventType.UPDATE_PROFILE).assertEvent();
        this.profilePage.updateProfile("Tom", "Brady", AssertEvents.DEFAULT_USERNAME);
        this.events.expectAccount(EventType.UPDATE_PROFILE).assertEvent();
    }

    @Test
    public void changeEmailToExistingAllowed() {
        setDuplicateEmailsAllowed(true);
        this.profilePage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        this.events.expectLogin().client(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).detail("redirect_uri", getAccountRedirectUrl()).assertEvent();
        Assert.assertEquals(AssertEvents.DEFAULT_USERNAME, this.profilePage.getUsername());
        Assert.assertEquals(AssertEvents.DEFAULT_USERNAME, this.profilePage.getEmail());
        this.profilePage.updateProfile("New first", "New last", "test-user-no-access@localhost");
        Assert.assertEquals("Your account has been updated.", this.profilePage.getSuccess());
    }

    public void totpPageSetup() {
        String pageSource = this.driver.getPageSource();
        Assert.assertTrue(pageSource.contains("Install one of the following applications on your mobile"));
        Assert.assertTrue(pageSource.contains("FreeOTP"));
        Assert.assertTrue(pageSource.contains("Google Authenticator"));
        Assert.assertTrue(pageSource.contains("Open the application and scan the barcode"));
        Assert.assertFalse(pageSource.contains("Open the application and enter the key"));
        Assert.assertTrue(pageSource.contains("Unable to scan?"));
        Assert.assertFalse(pageSource.contains("Scan barcode?"));
    }

    public void totpPageSetupManual() {
        String pageSource = this.driver.getPageSource();
        Assert.assertTrue(pageSource.contains("Install one of the following applications on your mobile"));
        Assert.assertTrue(pageSource.contains("FreeOTP"));
        Assert.assertTrue(pageSource.contains("Google Authenticator"));
        Assert.assertFalse(pageSource.contains("Open the application and scan the barcode"));
        Assert.assertTrue(pageSource.contains("Open the application and enter the key"));
        Assert.assertFalse(pageSource.contains("Unable to scan?"));
        Assert.assertTrue(pageSource.contains("Scan barcode?"));
    }

    @Test
    public void setupTotp() {
        this.totpPage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        this.events.expectLogin().client(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).detail("redirect_uri", getAccountRedirectUrl() + "?path=totp").assertEvent();
        Assert.assertTrue(this.totpPage.isCurrent());
        Assert.assertFalse(this.driver.getPageSource().contains("Remove Google"));
        totpPageSetup();
        this.totpPage.clickManual();
        Assert.assertTrue(UIUtils.getTextFromElement(this.driver.findElement(By.id("kc-totp-secret-key"))).matches("[\\w]{4}( [\\w]{4}){7}"));
        Assert.assertEquals("Type: Time-based", this.driver.findElement(By.id("kc-totp-type")).getText());
        Assert.assertEquals("Algorithm: SHA1", this.driver.findElement(By.id("kc-totp-algorithm")).getText());
        Assert.assertEquals("Digits: 6", this.driver.findElement(By.id("kc-totp-digits")).getText());
        Assert.assertEquals("Interval: 30", this.driver.findElement(By.id("kc-totp-period")).getText());
        this.totpPage.configure(this.totp.generateTOTP(this.totpPage.getTotpSecret() + "123"));
        Assert.assertEquals("Invalid authenticator code.", this.profilePage.getError());
        this.totpPage.configure(this.totp.generateTOTP(this.totpPage.getTotpSecret()));
        Assert.assertEquals("Mobile authenticator configured.", this.profilePage.getSuccess());
        this.events.expectAccount(EventType.UPDATE_TOTP).assertEvent();
        Assert.assertTrue(this.driver.getPageSource().contains("pficon-delete"));
        this.totpPage.removeTotp();
        this.events.expectAccount(EventType.REMOVE_TOTP).assertEvent();
        totpPageSetupManual();
        this.accountPage.logOut();
        Assert.assertFalse(this.errorPage.isCurrent());
    }

    @Test
    public void removeTotpAsDifferentUser() {
        UserResource findUserByUsernameId = ApiUtil.findUserByUsernameId(testRealm(), "user-with-one-configured-otp");
        CredentialRepresentation credentialRepresentation = (CredentialRepresentation) findUserByUsernameId.credentials().stream().filter(credentialRepresentation2 -> {
            return "otp".equals(credentialRepresentation2.getType());
        }).findFirst().get();
        this.totpPage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertTrue(this.totpPage.isCurrent());
        totpPageSetup();
        this.totpPage.configure(this.totp.generateTOTP(this.totpPage.getTotpSecret()));
        Assert.assertEquals("Mobile authenticator configured.", this.profilePage.getSuccess());
        URLUtils.sendPOSTRequestWithWebDriver(this.driver.getCurrentUrl(), "stateChecker=" + this.driver.findElement(By.id("stateChecker")).getAttribute("value") + "&submitAction=Delete&credentialId=" + credentialRepresentation.getId());
        Assert.assertTrue(findUserByUsernameId.credentials().stream().anyMatch(credentialRepresentation3 -> {
            return credentialRepresentation3.getType().equals("otp");
        }));
        this.totpPage.removeTotp();
        this.totpPage.logout();
    }

    @Test
    public void changeProfileNoAccess() throws Exception {
        this.profilePage.open();
        this.loginPage.login("test-user-no-access@localhost", "password");
        this.events.expectLogin().client(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).user(findUser("test-user-no-access@localhost").getId()).detail("username", "test-user-no-access@localhost").detail("redirect_uri", getAccountRedirectUrl()).assertEvent();
        Assert.assertTrue("Expected errorPage but was " + this.driver.getTitle() + " (" + this.driver.getCurrentUrl() + "). Page source: " + this.driver.getPageSource(), this.errorPage.isCurrent());
        Assert.assertEquals("No access", this.errorPage.getError());
    }

    private void setEventsEnabled(boolean z) {
        RealmRepresentation representation = testRealm().toRepresentation();
        representation.setEventsEnabled(z);
        testRealm().update(representation);
    }

    @Test
    public void viewLogNotEnabled() {
        this.logPage.open();
        Assert.assertTrue(this.errorPage.isCurrent());
        Assert.assertEquals("Page not found", this.errorPage.getError());
    }

    @Test
    public void viewLog() {
        setEventsEnabled(true);
        LinkedList<EventRepresentation> linkedList = new LinkedList();
        this.loginPage.open();
        this.loginPage.clickRegister();
        this.registerPage.register("view", "log", "view-log@localhost", "view-log", "password", "password");
        linkedList.add(this.events.poll());
        linkedList.add(this.events.poll());
        this.profilePage.open();
        this.profilePage.updateProfile("view", "log2", "view-log@localhost");
        linkedList.add(this.events.poll());
        this.logPage.open();
        Assert.assertTrue(this.logPage.isCurrent());
        Assert.assertEquals(linkedList.size(), this.logPage.getEvents().size());
        for (EventRepresentation eventRepresentation : linkedList) {
            boolean z = false;
            Iterator it = this.logPage.getEvents().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                List list = (List) it.next();
                if (eventRepresentation.getType().toString().replace('_', ' ').toLowerCase().equals(list.get(1)) && eventRepresentation.getIpAddress().equals(list.get(2)) && eventRepresentation.getClientId().equals(list.get(3))) {
                    z = true;
                    break;
                }
            }
            if (!z) {
                Assert.fail("Event not found " + eventRepresentation.getType());
            }
        }
        setEventsEnabled(false);
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void sessions() {
        this.loginPage.open();
        this.loginPage.clickRegister();
        this.registerPage.register("view", "sessions", "view-sessions@localhost", "view-sessions", "password", "password");
        EventRepresentation assertEvent = this.events.expectRegister("view-sessions", "view-sessions@localhost").assertEvent();
        String userId = assertEvent.getUserId();
        this.events.expectLogin().user(userId).detail("username", "view-sessions").assertEvent();
        this.sessionsPage.open();
        Assert.assertTrue(this.sessionsPage.isCurrent());
        List sessions = this.sessionsPage.getSessions();
        Assert.assertThat(sessions, Matchers.hasSize(1));
        Assert.assertThat(((List) sessions.get(0)).get(0), Matchers.anyOf(Matchers.equalTo(AssertEvents.DEFAULT_IP_ADDRESS), Matchers.equalTo(AssertEvents.DEFAULT_IP_ADDRESS_V6)));
        try {
            OAuthClient oAuthClient = new OAuthClient();
            oAuthClient.init(this.driver2);
            oAuthClient.doLogin("view-sessions", "password");
            EventRepresentation assertEvent2 = this.events.expectLogin().user(userId).detail("username", "view-sessions").assertEvent();
            this.sessionsPage.open();
            Assert.assertEquals(2L, this.sessionsPage.getSessions().size());
            this.sessionsPage.logoutAll();
            this.events.expectLogout(assertEvent.getSessionId());
            this.events.expectLogout(assertEvent2.getSessionId());
            this.driver2.close();
        } catch (Throwable th) {
            this.driver2.close();
            throw th;
        }
    }

    @Test
    public void testConsoleListedInApplications() {
        this.applicationsPage.open();
        this.loginPage.login("realm-admin", "password");
        Assert.assertTrue(this.applicationsPage.isCurrent());
        Assert.assertThat(this.applicationsPage.getApplications().keySet(), Matchers.hasItems(new String[]{"Admin CLI", "Security Admin Console"}));
        this.events.clear();
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void applicationsVisibilityNoScopesNoConsent() throws Exception {
        ClientAttributeUpdater update = ClientAttributeUpdater.forClient(this.adminClient, "test", ROOT_URL_CLIENT).setConsentRequired(false).setFullScopeAllowed(false).setDefaultClientScopes(Collections.EMPTY_LIST).setOptionalClientScopes(Collections.EMPTY_LIST).update();
        Throwable th = null;
        try {
            RoleScopeUpdater update2 = update.realmRoleScope().update();
            Throwable th2 = null;
            try {
                try {
                    this.applicationsPage.open();
                    this.loginPage.login("john-doh@localhost", "password");
                    this.applicationsPage.assertCurrent();
                    Assert.assertThat(this.applicationsPage.getApplications().keySet(), Matchers.containsInAnyOrder(new String[]{"Account", "Account Console", AssertEvents.DEFAULT_CLIENT_ID, "test-app-scope", OAuthGrantTest.THIRD_PARTY_APP, "test-app-authz", "My Named Test App", "Test App Named - ${client_account}", "direct-grant", "custom-audience"}));
                    update2.add(testRealm().roles().get("user").toRepresentation()).update();
                    this.driver.navigate().refresh();
                    Assert.assertThat(this.applicationsPage.getApplications().keySet(), Matchers.containsInAnyOrder(new String[]{ROOT_URL_CLIENT, "Account", "Account Console", AssertEvents.DEFAULT_CLIENT_ID, "test-app-scope", OAuthGrantTest.THIRD_PARTY_APP, "test-app-authz", "My Named Test App", "Test App Named - ${client_account}", "direct-grant", "custom-audience"}));
                    if (update2 != null) {
                        if (0 != 0) {
                            try {
                                update2.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            update2.close();
                        }
                    }
                    if (update != null) {
                        if (0 == 0) {
                            update.close();
                            return;
                        }
                        try {
                            update.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    }
                } catch (Throwable th5) {
                    th2 = th5;
                    throw th5;
                }
            } catch (Throwable th6) {
                if (update2 != null) {
                    if (th2 != null) {
                        try {
                            update2.close();
                        } catch (Throwable th7) {
                            th2.addSuppressed(th7);
                        }
                    } else {
                        update2.close();
                    }
                }
                throw th6;
            }
        } catch (Throwable th8) {
            if (update != null) {
                if (0 != 0) {
                    try {
                        update.close();
                    } catch (Throwable th9) {
                        th.addSuppressed(th9);
                    }
                } else {
                    update.close();
                }
            }
            throw th8;
        }
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void applicationsVisibilityNoScopesAndConsent() throws Exception {
        ClientAttributeUpdater update = ClientAttributeUpdater.forClient(this.adminClient, "test", ROOT_URL_CLIENT).setConsentRequired(true).setFullScopeAllowed(false).setDefaultClientScopes(Collections.EMPTY_LIST).setOptionalClientScopes(Collections.EMPTY_LIST).update();
        Throwable th = null;
        try {
            this.applicationsPage.open();
            this.loginPage.login("john-doh@localhost", "password");
            this.applicationsPage.assertCurrent();
            Assert.assertThat(this.applicationsPage.getApplications().keySet(), Matchers.containsInAnyOrder(new String[]{ROOT_URL_CLIENT, "Account", "Account Console", AssertEvents.DEFAULT_CLIENT_ID, "test-app-scope", OAuthGrantTest.THIRD_PARTY_APP, "test-app-authz", "My Named Test App", "Test App Named - ${client_account}", "direct-grant", "custom-audience"}));
            if (update != null) {
                if (0 == 0) {
                    update.close();
                    return;
                }
                try {
                    update.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (update != null) {
                if (0 != 0) {
                    try {
                        update.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    update.close();
                }
            }
            throw th3;
        }
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void applications() {
        this.applicationsPage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        this.events.expectLogin().client(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).detail("redirect_uri", getAccountRedirectUrl() + "?path=applications").assertEvent();
        this.applicationsPage.assertCurrent();
        Map applications = this.applicationsPage.getApplications();
        Assert.assertThat(applications.keySet(), Matchers.containsInAnyOrder(new String[]{ROOT_URL_CLIENT, "Account", "Account Console", AssertEvents.DEFAULT_CLIENT_ID, "test-app-scope", OAuthGrantTest.THIRD_PARTY_APP, "test-app-authz", "My Named Test App", "Test App Named - ${client_account}", "direct-grant", "custom-audience"}));
        AccountApplicationsPage.AppEntry appEntry = (AccountApplicationsPage.AppEntry) applications.get("Account");
        Assert.assertThat(appEntry.getRolesAvailable(), Matchers.containsInAnyOrder(new String[]{"Manage account links in Account", "Manage account in Account", "View profile in Account", "Offline access"}));
        Assert.assertThat(appEntry.getClientScopesGranted(), Matchers.containsInAnyOrder(new String[]{"Full Access"}));
        StringBuilder sb = new StringBuilder();
        OAuthClient oAuthClient = this.oauth;
        Assert.assertEquals(sb.append(OAuthClient.AUTH_SERVER_ROOT).append("/realms/test/account/").toString(), appEntry.getHref());
        AccountApplicationsPage.AppEntry appEntry2 = (AccountApplicationsPage.AppEntry) applications.get(AssertEvents.DEFAULT_CLIENT_ID);
        Assert.assertEquals(6L, appEntry2.getRolesAvailable().size());
        Assert.assertTrue(appEntry2.getRolesAvailable().contains("Offline access"));
        Assert.assertTrue(appEntry2.getClientScopesGranted().contains("Full Access"));
        OAuthClient oAuthClient2 = this.oauth;
        Assert.assertEquals(OAuthClient.APP_AUTH_ROOT, appEntry2.getHref());
        AccountApplicationsPage.AppEntry appEntry3 = (AccountApplicationsPage.AppEntry) applications.get(OAuthGrantTest.THIRD_PARTY_APP);
        Assert.assertEquals(3L, appEntry3.getRolesAvailable().size());
        Assert.assertTrue(appEntry3.getRolesAvailable().contains("Have User privileges"));
        Assert.assertTrue(appEntry3.getRolesAvailable().contains("Have Customer User privileges in test-app"));
        Assert.assertEquals(0L, appEntry3.getClientScopesGranted().size());
        Assert.assertEquals("http://localhost:8180/auth/realms/master/app/auth", appEntry3.getHref());
        Assert.assertEquals("http://localhost:8180/varnamedapp/base", ((AccountApplicationsPage.AppEntry) applications.get("Test App Named - ${client_account}")).getHref());
        Assert.assertEquals("http://localhost:8180/foo/bar/baz", ((AccountApplicationsPage.AppEntry) applications.get(ROOT_URL_CLIENT)).getHref());
        AccountApplicationsPage.AppEntry appEntry4 = (AccountApplicationsPage.AppEntry) applications.get("test-app-authz");
        StringBuilder sb2 = new StringBuilder();
        OAuthClient oAuthClient3 = this.oauth;
        Assert.assertEquals(sb2.append(OAuthClient.SERVER_ROOT).append("/test-app-authz").toString(), appEntry4.getHref());
        Assert.assertEquals("http://localhost:8180/namedapp/base", ((AccountApplicationsPage.AppEntry) applications.get("My Named Test App")).getHref());
        Assert.assertNull(((AccountApplicationsPage.AppEntry) applications.get("test-app-scope")).getHref());
    }

    @Test
    public void loginToSpecificPage() {
        this.changePasswordPage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertTrue(this.changePasswordPage.isCurrent());
        this.events.clear();
    }

    @Test
    public void loginToSpecificPageWithReferrer() {
        this.driver.navigate().to(this.changePasswordPage.getPath() + "?referrer=account");
        System.out.println(this.driver.getCurrentUrl());
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        System.out.println(this.driver.getCurrentUrl());
        Assert.assertTrue(this.changePasswordPage.isCurrent());
        this.events.clear();
    }

    @Test
    public void testIdentityProviderCapitalization() {
        this.loginPage.open();
        Assert.assertEquals("GitHub", this.loginPage.findSocialButton("github").getText());
        Assert.assertEquals("mysaml", this.loginPage.findSocialButton("mysaml").getText());
        Assert.assertEquals("MyOIDC", this.loginPage.findSocialButton("myoidc").getText());
    }

    @Test
    public void testIdentityProviderHiddenOnLoginPageIsVisbleInAccount() {
        this.federatedIdentityPage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertNotNull(this.federatedIdentityPage.findAddProvider("myhiddenoidc"));
    }

    @Test
    public void testInvalidReferrer() {
        this.driver.navigate().to(this.profilePage.getPath() + "?referrer=test-app");
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertTrue(this.profilePage.isCurrent());
        this.profilePage.backToApplication();
        Assert.assertTrue(this.appPage.isCurrent());
        this.driver.navigate().to(this.profilePage.getPath() + "?referrer=test-invalid&referrer_uri=http://localhost:8180/auth/realms/master/app/auth?test");
        Assert.assertTrue(this.profilePage.isCurrent());
        this.events.clear();
    }

    @Test
    public void testReferrerLinkContents() {
        RealmResource testRealm = testRealm();
        List findByClientId = testRealm.clients().findByClientId("named-test-app");
        if (findByClientId.isEmpty()) {
            Assert.fail("Unable to find named-test-app");
        }
        ClientRepresentation clientRepresentation = (ClientRepresentation) findByClientId.get(0);
        this.driver.navigate().to(this.profilePage.getPath() + "?referrer=" + clientRepresentation.getClientId());
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertTrue(this.profilePage.isCurrent());
        Assert.assertEquals("Back to " + clientRepresentation.getName(), this.profilePage.getBackToApplicationLinkText());
        Assert.assertEquals(clientRepresentation.getBaseUrl(), this.profilePage.getBackToApplicationLinkHref());
        List findByClientId2 = testRealm.clients().findByClientId("var-named-test-app");
        if (findByClientId2.isEmpty()) {
            Assert.fail("Unable to find var-named-test-app");
        }
        ClientRepresentation clientRepresentation2 = (ClientRepresentation) findByClientId2.get(0);
        this.driver.navigate().to(this.profilePage.getPath() + "?referrer=" + clientRepresentation2.getClientId());
        Assert.assertTrue(this.profilePage.isCurrent());
        Assert.assertEquals("Back to Test App Named - Account", this.profilePage.getBackToApplicationLinkText());
        Assert.assertEquals(clientRepresentation2.getBaseUrl(), this.profilePage.getBackToApplicationLinkHref());
        List findByClientId3 = testRealm.clients().findByClientId(AssertEvents.DEFAULT_CLIENT_ID);
        if (findByClientId3.isEmpty()) {
            Assert.fail("Unable to find test-app");
        }
        ClientRepresentation clientRepresentation3 = (ClientRepresentation) findByClientId3.get(0);
        this.driver.navigate().to(this.profilePage.getPath() + "?referrer=" + clientRepresentation3.getClientId());
        Assert.assertTrue(this.profilePage.isCurrent());
        Assert.assertEquals("Back to " + clientRepresentation3.getClientId(), this.profilePage.getBackToApplicationLinkText());
        Assert.assertEquals(clientRepresentation3.getBaseUrl(), this.profilePage.getBackToApplicationLinkHref());
        this.driver.navigate().to(this.profilePage.getPath() + "?referrer=test-invalid");
        Assert.assertTrue(this.profilePage.isCurrent());
        Assert.assertNull(this.profilePage.getBackToApplicationLinkText());
        this.events.clear();
    }

    @Test
    public void testNoPublicKeyCredentialRelatedElementsPresentOnEditAccountScreen() {
        this.profilePage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertTrue(this.profilePage.isCurrent());
        int i = 0;
        Iterator it = Arrays.asList("user.attributes.public_key_credential_id", "user.attributes.public_key_credential_label", "user.attributes.public_key_credential_aaguid").iterator();
        while (it.hasNext()) {
            try {
                DroneUtils.getCurrentDriver().findElement(By.id((String) it.next()));
            } catch (NoSuchElementException e) {
                i++;
            }
        }
        Assert.assertEquals(3L, i);
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case 1462718530:
                if (implMethodName.equals("lambda$assertNumberOfStoredCredentials$84f5ea11$1")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/account/AccountFormServiceTest") && serializedLambda.getImplMethodSignature().equals("(Ljava/lang/String;ILorg/keycloak/models/KeycloakSession;)V")) {
                    String str = (String) serializedLambda.getCapturedArg(0);
                    int intValue = ((Integer) serializedLambda.getCapturedArg(1)).intValue();
                    return keycloakSession -> {
                        RealmModel realm = keycloakSession.getContext().getRealm();
                        UserModel userById = keycloakSession.users().getUserById(realm, str);
                        Assert.assertThat(userById, Matchers.notNullValue());
                        Assert.assertThat((List) keycloakSession.userCredentialManager().getStoredCredentialsStream(realm, userById).collect(Collectors.toList()), Matchers.hasSize(intValue));
                    };
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
