package org.keycloak.testsuite.forms;

import java.io.IOException;
import java.util.HashMap;
import java.util.concurrent.atomic.AtomicInteger;
import javax.mail.MessagingException;
import javax.mail.Multipart;
import javax.mail.internet.MimeMessage;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.events.EventType;
import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.TestRealmKeycloakTest;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.ErrorPage;
import org.keycloak.testsuite.pages.InfoPage;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.pages.LoginPasswordResetPage;
import org.keycloak.testsuite.pages.LoginPasswordUpdatePage;
import org.keycloak.testsuite.pages.VerifyEmailPage;
import org.keycloak.testsuite.util.GreenMailRule;
import org.keycloak.testsuite.util.MailUtils;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.UserBuilder;

/* loaded from: input_file:org/keycloak/testsuite/forms/ResetPasswordTest.class */
public class ResetPasswordTest extends TestRealmKeycloakTest {
    static int lifespan = 0;
    private static String userId;

    @Page
    protected AppPage appPage;

    @Page
    protected LoginPage loginPage;

    @Page
    protected ErrorPage errorPage;

    @Page
    protected InfoPage infoPage;

    @Page
    protected VerifyEmailPage verifyEmailPage;

    @Page
    protected LoginPasswordResetPage resetPasswordPage;

    @Page
    protected LoginPasswordUpdatePage updatePasswordPage;

    @Rule
    public GreenMailRule greenMail = new GreenMailRule();

    @Rule
    public AssertEvents events = new AssertEvents(this);

    @Override // org.keycloak.testsuite.TestRealmKeycloakTest
    public void configureTestRealm(RealmRepresentation realmRepresentation) {
        realmRepresentation.getUsers().add(UserBuilder.create().username("login-test").email("login@test.com").enabled(true).password("password").build());
    }

    @Before
    public void setAccessCodeLifespanUserAction() {
        lifespan = testRealm().toRepresentation().getAccessCodeLifespanUserAction().intValue();
    }

    @Before
    public void setUserId() {
        userId = findUser("login-test").getId();
    }

    @Test
    public void resetPasswordLink() throws IOException, MessagingException {
        StringBuilder sb = new StringBuilder();
        OAuthClient oAuthClient = this.oauth;
        this.driver.navigate().to(sb.append(OAuthClient.AUTH_SERVER_ROOT).append("/realms/test/login-actions/reset-credentials").toString());
        this.resetPasswordPage.assertCurrent();
        this.resetPasswordPage.changePassword("login-test");
        this.loginPage.assertCurrent();
        Assert.assertEquals("You should receive an email shortly with further instructions.", this.loginPage.getSuccessMessage());
        AssertEvents.ExpectedEvent user = this.events.expectRequiredAction(EventType.SEND_RESET_PASSWORD).user(userId);
        StringBuilder sb2 = new StringBuilder();
        OAuthClient oAuthClient2 = this.oauth;
        user.detail("redirect_uri", sb2.append(OAuthClient.AUTH_SERVER_ROOT).append("/realms/test/account/").toString()).client("account").detail("username", "login-test").detail("email", "login@test.com").session((String) null).assertEvent();
        Assert.assertEquals(1L, this.greenMail.getReceivedMessages().length);
        this.driver.navigate().to(getPasswordResetEmailLink(this.greenMail.getReceivedMessages()[0]).trim());
        this.updatePasswordPage.assertCurrent();
        this.updatePasswordPage.changePassword("resetPassword", "resetPassword");
        AssertEvents.ExpectedEvent expectRequiredAction = this.events.expectRequiredAction(EventType.UPDATE_PASSWORD);
        StringBuilder sb3 = new StringBuilder();
        OAuthClient oAuthClient3 = this.oauth;
        String sessionId = expectRequiredAction.detail("redirect_uri", sb3.append(OAuthClient.AUTH_SERVER_ROOT).append("/realms/test/account/").toString()).client("account").user(userId).detail("username", "login-test").assertEvent().getSessionId();
        AssertEvents.ExpectedEvent detail = this.events.expectLogin().user(userId).detail("username", "login-test");
        StringBuilder sb4 = new StringBuilder();
        OAuthClient oAuthClient4 = this.oauth;
        detail.detail("redirect_uri", sb4.append(OAuthClient.AUTH_SERVER_ROOT).append("/realms/test/account/").toString()).client("account").session(sessionId).assertEvent();
        this.oauth.openLogout();
        this.events.expectLogout(sessionId).user(userId).session(sessionId).assertEvent();
        this.loginPage.open();
        this.loginPage.login("login-test", "resetPassword");
        this.events.expectLogin().user(userId).detail("username", "login-test").assertEvent();
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
    }

    @Test
    public void resetPassword() throws IOException, MessagingException {
        resetPassword("login-test");
    }

    @Test
    public void resetPasswordCancelChangeUser() throws IOException, MessagingException {
        this.loginPage.open();
        this.loginPage.resetPassword();
        this.resetPasswordPage.assertCurrent();
        this.resetPasswordPage.changePassword(AssertEvents.DEFAULT_USERNAME);
        this.loginPage.assertCurrent();
        Assert.assertEquals("You should receive an email shortly with further instructions.", this.loginPage.getSuccessMessage());
        this.events.expectRequiredAction(EventType.SEND_RESET_PASSWORD).detail("username", AssertEvents.DEFAULT_USERNAME).session((String) null).detail("email", AssertEvents.DEFAULT_USERNAME).assertEvent();
        this.loginPage.login("login@test.com", "password");
        EventRepresentation assertEvent = this.events.expectLogin().user(userId).detail("username", "login@test.com").assertEvent();
        OAuthClient.AccessTokenResponse doAccessTokenRequest = this.oauth.doAccessTokenRequest((String) this.oauth.getCurrentQuery().get("code"), "password");
        Assert.assertEquals(200L, doAccessTokenRequest.getStatusCode());
        Assert.assertEquals(userId, this.oauth.verifyToken(doAccessTokenRequest.getAccessToken()).getSubject());
        this.events.expectCodeToToken((String) assertEvent.getDetails().get("code_id"), assertEvent.getSessionId()).user(userId).assertEvent();
    }

    @Test
    public void resetPasswordByEmail() throws IOException, MessagingException {
        resetPassword("login@test.com");
    }

    private void resetPassword(String str) throws IOException, MessagingException {
        this.loginPage.open();
        this.loginPage.resetPassword();
        this.resetPasswordPage.assertCurrent();
        this.resetPasswordPage.changePassword(str);
        this.loginPage.assertCurrent();
        Assert.assertEquals("You should receive an email shortly with further instructions.", this.loginPage.getSuccessMessage());
        this.events.expectRequiredAction(EventType.SEND_RESET_PASSWORD).user(userId).detail("username", str).detail("email", "login@test.com").session((String) null).assertEvent();
        Assert.assertEquals(1L, this.greenMail.getReceivedMessages().length);
        this.driver.navigate().to(getPasswordResetEmailLink(this.greenMail.getReceivedMessages()[0]).trim());
        this.updatePasswordPage.assertCurrent();
        this.updatePasswordPage.changePassword("resetPassword", "resetPassword");
        String sessionId = this.events.expectRequiredAction(EventType.UPDATE_PASSWORD).user(userId).detail("username", str).assertEvent().getSessionId();
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        this.events.expectLogin().user(userId).detail("username", str).session(sessionId).assertEvent();
        this.oauth.openLogout();
        this.events.expectLogout(sessionId).user(userId).session(sessionId).assertEvent();
        this.loginPage.open();
        this.loginPage.login("login-test", "resetPassword");
        this.events.expectLogin().user(userId).detail("username", "login-test").assertEvent();
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
    }

    private void resetPassword(String str, String str2) throws IOException, MessagingException {
        this.loginPage.open();
        this.loginPage.resetPassword();
        this.resetPasswordPage.assertCurrent();
        this.resetPasswordPage.changePassword(str);
        this.loginPage.assertCurrent();
        Assert.assertEquals("You should receive an email shortly with further instructions.", this.loginPage.getSuccessMessage());
        this.events.expectRequiredAction(EventType.SEND_RESET_PASSWORD).user(userId).session((String) null).detail("username", str).detail("email", "login@test.com").assertEvent();
        this.driver.navigate().to(getPasswordResetEmailLink(this.greenMail.getReceivedMessages()[this.greenMail.getReceivedMessages().length - 1]).trim());
        this.updatePasswordPage.assertCurrent();
        this.updatePasswordPage.changePassword(str2, str2);
        String sessionId = this.events.expectRequiredAction(EventType.UPDATE_PASSWORD).user(userId).detail("username", str).assertEvent().getSessionId();
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        this.events.expectLogin().user(userId).detail("username", str).assertEvent();
        this.oauth.openLogout();
        this.events.expectLogout(sessionId).user(userId).session(sessionId).assertEvent();
    }

    private void resetPasswordInvalidPassword(String str, String str2, String str3) throws IOException, MessagingException {
        this.loginPage.open();
        this.loginPage.resetPassword();
        this.resetPasswordPage.assertCurrent();
        this.resetPasswordPage.changePassword(str);
        this.loginPage.assertCurrent();
        Assert.assertEquals("You should receive an email shortly with further instructions.", this.loginPage.getSuccessMessage());
        this.events.expectRequiredAction(EventType.SEND_RESET_PASSWORD).user(userId).session((String) null).detail("username", str).detail("email", "login@test.com").assertEvent();
        this.driver.navigate().to(getPasswordResetEmailLink(this.greenMail.getReceivedMessages()[this.greenMail.getReceivedMessages().length - 1]).trim());
        this.updatePasswordPage.assertCurrent();
        this.updatePasswordPage.changePassword(str2, str2);
        Assert.assertTrue(this.updatePasswordPage.isCurrent());
        Assert.assertEquals(str3, this.updatePasswordPage.getError());
        this.events.expectRequiredAction(EventType.UPDATE_PASSWORD_ERROR).error("password_rejected").user(userId).detail("username", "login-test").assertEvent().getSessionId();
    }

    @Test
    public void resetPasswordWrongEmail() throws IOException, MessagingException, InterruptedException {
        this.loginPage.open();
        this.loginPage.resetPassword();
        this.resetPasswordPage.assertCurrent();
        this.resetPasswordPage.changePassword("invalid");
        this.loginPage.assertCurrent();
        Assert.assertEquals("You should receive an email shortly with further instructions.", this.loginPage.getSuccessMessage());
        Assert.assertEquals(0L, this.greenMail.getReceivedMessages().length);
        this.events.expectRequiredAction(EventType.RESET_PASSWORD).user((String) null).session((String) null).detail("username", "invalid").removeDetail("email").removeDetail("code_id").error("user_not_found").assertEvent();
    }

    @Test
    public void resetPasswordMissingUsername() throws IOException, MessagingException, InterruptedException {
        this.loginPage.open();
        this.loginPage.resetPassword();
        this.resetPasswordPage.assertCurrent();
        this.resetPasswordPage.changePassword("");
        this.resetPasswordPage.assertCurrent();
        Assert.assertEquals("Please specify username.", this.resetPasswordPage.getErrorMessage());
        Assert.assertEquals(0L, this.greenMail.getReceivedMessages().length);
        this.events.expectRequiredAction(EventType.RESET_PASSWORD).user((String) null).session((String) null).clearDetails().error("username_missing").assertEvent();
    }

    @Test
    public void resetPasswordExpiredCode() throws IOException, MessagingException, InterruptedException {
        try {
            this.loginPage.open();
            this.loginPage.resetPassword();
            this.resetPasswordPage.assertCurrent();
            this.resetPasswordPage.changePassword("login-test");
            this.loginPage.assertCurrent();
            Assert.assertEquals("You should receive an email shortly with further instructions.", this.loginPage.getSuccessMessage());
            this.events.expectRequiredAction(EventType.SEND_RESET_PASSWORD).session((String) null).user(userId).detail("username", "login-test").detail("email", "login@test.com").assertEvent();
            Assert.assertEquals(1L, this.greenMail.getReceivedMessages().length);
            String passwordResetEmailLink = getPasswordResetEmailLink(this.greenMail.getReceivedMessages()[0]);
            setTimeOffset(1823);
            this.driver.navigate().to(passwordResetEmailLink.trim());
            this.loginPage.assertCurrent();
            Assert.assertEquals("You took too long to login. Login process starting from beginning.", this.loginPage.getError());
            this.events.expectRequiredAction(EventType.RESET_PASSWORD).error("expired_code").client(AssertEvents.DEFAULT_CLIENT_ID).user((String) null).session((String) null).clearDetails().assertEvent();
        } finally {
            setTimeOffset(0);
        }
    }

    @Test
    public void resetPasswordExpiredCodeShort() throws IOException, MessagingException, InterruptedException {
        AtomicInteger atomicInteger = new AtomicInteger();
        RealmRepresentation representation = testRealm().toRepresentation();
        atomicInteger.set(representation.getAccessCodeLifespan().intValue());
        representation.setAccessCodeLifespanUserAction(60);
        testRealm().update(representation);
        try {
            this.loginPage.open();
            this.loginPage.resetPassword();
            this.resetPasswordPage.assertCurrent();
            this.resetPasswordPage.changePassword("login-test");
            this.loginPage.assertCurrent();
            Assert.assertEquals("You should receive an email shortly with further instructions.", this.loginPage.getSuccessMessage());
            this.events.expectRequiredAction(EventType.SEND_RESET_PASSWORD).session((String) null).user(userId).detail("username", "login-test").detail("email", "login@test.com").assertEvent();
            Assert.assertEquals(1L, this.greenMail.getReceivedMessages().length);
            String passwordResetEmailLink = getPasswordResetEmailLink(this.greenMail.getReceivedMessages()[0]);
            setTimeOffset(70);
            this.driver.navigate().to(passwordResetEmailLink.trim());
            this.loginPage.assertCurrent();
            Assert.assertEquals("You took too long to login. Login process starting from beginning.", this.loginPage.getError());
            this.events.expectRequiredAction(EventType.RESET_PASSWORD).error("expired_code").client(AssertEvents.DEFAULT_CLIENT_ID).user((String) null).session((String) null).clearDetails().assertEvent();
            setTimeOffset(0);
        } catch (Throwable th) {
            setTimeOffset(0);
            throw th;
        }
    }

    @Test
    public void resetPasswordDisabledUser() throws IOException, MessagingException, InterruptedException {
        UserRepresentation findUser = findUser("login-test");
        findUser.setEnabled(false);
        updateUser(findUser);
        this.loginPage.open();
        this.loginPage.resetPassword();
        this.resetPasswordPage.assertCurrent();
        this.resetPasswordPage.changePassword("login-test");
        this.loginPage.assertCurrent();
        Assert.assertEquals("You should receive an email shortly with further instructions.", this.loginPage.getSuccessMessage());
        Assert.assertEquals(0L, this.greenMail.getReceivedMessages().length);
        this.events.expectRequiredAction(EventType.RESET_PASSWORD).session((String) null).user(userId).detail("username", "login-test").removeDetail("code_id").error("user_disabled").assertEvent();
    }

    @Test
    public void resetPasswordNoEmail() throws IOException, MessagingException, InterruptedException {
        UserRepresentation findUser = findUser("login-test");
        new String[1][0] = findUser.getEmail();
        findUser.setEmail("");
        updateUser(findUser);
        this.loginPage.open();
        this.loginPage.resetPassword();
        this.resetPasswordPage.assertCurrent();
        this.resetPasswordPage.changePassword("login-test");
        this.loginPage.assertCurrent();
        Assert.assertEquals("You should receive an email shortly with further instructions.", this.loginPage.getSuccessMessage());
        Assert.assertEquals(0L, this.greenMail.getReceivedMessages().length);
        this.events.expectRequiredAction(EventType.RESET_PASSWORD_ERROR).session((String) null).user(userId).detail("username", "login-test").removeDetail("code_id").error("invalid_email").assertEvent();
    }

    @Test
    public void resetPasswordWrongSmtp() throws IOException, MessagingException, InterruptedException {
        HashMap hashMap = new HashMap();
        hashMap.putAll(testRealm().toRepresentation().getSmtpServer());
        new String[1][0] = (String) hashMap.get("host");
        hashMap.put("host", "invalid_host");
        RealmRepresentation representation = testRealm().toRepresentation();
        representation.setSmtpServer(hashMap);
        testRealm().update(representation);
        this.loginPage.open();
        this.loginPage.resetPassword();
        this.resetPasswordPage.assertCurrent();
        this.resetPasswordPage.changePassword("login-test");
        this.errorPage.assertCurrent();
        Assert.assertEquals("Failed to send email, please try again later.", this.errorPage.getError());
        Assert.assertEquals(0L, this.greenMail.getReceivedMessages().length);
        this.events.expectRequiredAction(EventType.SEND_RESET_PASSWORD_ERROR).user(userId).session((String) null).detail("username", "login-test").removeDetail("code_id").error("email_send_failed").assertEvent();
    }

    private void setPasswordPolicy(String str) {
        RealmRepresentation representation = testRealm().toRepresentation();
        representation.setPasswordPolicy(str);
        testRealm().update(representation);
    }

    @Test
    public void resetPasswordWithLengthPasswordPolicy() throws IOException, MessagingException {
        setPasswordPolicy("length");
        this.loginPage.open();
        this.loginPage.resetPassword();
        this.resetPasswordPage.assertCurrent();
        this.resetPasswordPage.changePassword("login-test");
        this.loginPage.assertCurrent();
        Assert.assertEquals("You should receive an email shortly with further instructions.", this.loginPage.getSuccessMessage());
        Assert.assertEquals(1L, this.greenMail.getReceivedMessages().length);
        String passwordResetEmailLink = getPasswordResetEmailLink(this.greenMail.getReceivedMessages()[0]);
        this.events.expectRequiredAction(EventType.SEND_RESET_PASSWORD).session((String) null).user(userId).detail("username", "login-test").detail("email", "login@test.com").assertEvent();
        this.driver.navigate().to(passwordResetEmailLink.trim());
        this.updatePasswordPage.assertCurrent();
        this.updatePasswordPage.changePassword("invalid", "invalid");
        Assert.assertEquals("Invalid password: minimum length 8.", this.resetPasswordPage.getErrorMessage());
        this.events.expectRequiredAction(EventType.UPDATE_PASSWORD_ERROR).error("password_rejected").user(userId).detail("username", "login-test").assertEvent().getSessionId();
        this.updatePasswordPage.changePassword("resetPasswordWithPasswordPolicy", "resetPasswordWithPasswordPolicy");
        String sessionId = this.events.expectRequiredAction(EventType.UPDATE_PASSWORD).user(userId).detail("username", "login-test").assertEvent().getSessionId();
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        this.events.expectLogin().user(userId).detail("username", "login-test").session(sessionId).assertEvent();
        this.oauth.openLogout();
        this.events.expectLogout(sessionId).user(userId).session(sessionId).assertEvent();
        this.loginPage.open();
        this.loginPage.login("login-test", "resetPasswordWithPasswordPolicy");
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        this.events.expectLogin().user(userId).detail("username", "login-test").assertEvent();
    }

    @Test
    public void resetPasswordWithPasswordHisoryPolicy() throws IOException, MessagingException {
        setPasswordPolicy("passwordHistory");
        try {
            setTimeOffset(2000000);
            resetPassword("login-test", "password1");
            resetPasswordInvalidPassword("login-test", "password1", "Invalid password: must not be equal to any of last 3 passwords.");
            setTimeOffset(4000000);
            resetPassword("login-test", "password2");
            resetPasswordInvalidPassword("login-test", "password1", "Invalid password: must not be equal to any of last 3 passwords.");
            resetPasswordInvalidPassword("login-test", "password2", "Invalid password: must not be equal to any of last 3 passwords.");
            setTimeOffset(8000000);
            resetPassword("login-test", "password3");
            resetPasswordInvalidPassword("login-test", "password1", "Invalid password: must not be equal to any of last 3 passwords.");
            resetPasswordInvalidPassword("login-test", "password2", "Invalid password: must not be equal to any of last 3 passwords.");
            resetPasswordInvalidPassword("login-test", "password3", "Invalid password: must not be equal to any of last 3 passwords.");
            resetPassword("login-test", "password");
        } finally {
            setTimeOffset(0);
        }
    }

    public static String getPasswordResetEmailLink(MimeMessage mimeMessage) throws IOException, MessagingException {
        Multipart multipart = (Multipart) mimeMessage.getContent();
        Assert.assertEquals("text/plain; charset=UTF-8", multipart.getBodyPart(0).getContentType());
        String link = MailUtils.getLink((String) multipart.getBodyPart(0).getContent());
        Assert.assertEquals("text/html; charset=UTF-8", multipart.getBodyPart(1).getContentType());
        String link2 = MailUtils.getLink((String) multipart.getBodyPart(1).getContent());
        Assert.assertEquals(link2, link);
        return link2;
    }
}
