package org.keycloak.testsuite.forms;

import java.util.Map;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.core.Response;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.events.EventType;
import org.keycloak.models.BrowserSecurityHeaders;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.TestRealmKeycloakTest;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.ErrorPage;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.pages.LoginPasswordUpdatePage;
import org.keycloak.testsuite.util.RealmBuilder;
import org.keycloak.testsuite.util.UserBuilder;

/* loaded from: input_file:org/keycloak/testsuite/forms/LoginTest.class */
public class LoginTest extends TestRealmKeycloakTest {

    @Rule
    public AssertEvents events = new AssertEvents(this);

    @Page
    protected AppPage appPage;

    @Page
    protected LoginPage loginPage;

    @Page
    protected ErrorPage errorPage;

    @Page
    protected LoginPasswordUpdatePage updatePasswordPage;
    private static String userId;
    private static String user2Id;

    @Override // org.keycloak.testsuite.TestRealmKeycloakTest
    public void configureTestRealm(RealmRepresentation realmRepresentation) {
        UserRepresentation build = UserBuilder.create().id("login-test").username("login-test").email("login@test.com").enabled(true).password("password").build();
        userId = build.getId();
        UserRepresentation build2 = UserBuilder.create().id("login-test2").username("login-test2").email("login2@test.com").enabled(true).password("password").build();
        user2Id = build2.getId();
        RealmBuilder.edit(realmRepresentation).user(build).user(build2);
    }

    @Test
    public void testBrowserSecurityHeaders() {
        Response response = ClientBuilder.newClient().target(this.oauth.getLoginFormUrl()).request().get();
        Assert.assertEquals(200L, response.getStatus());
        for (Map.Entry entry : BrowserSecurityHeaders.defaultHeaders.entrySet()) {
            String headerString = response.getHeaderString((String) BrowserSecurityHeaders.headerAttributeMap.get(entry.getKey()));
            Assert.assertNotNull(headerString);
            Assert.assertEquals(headerString, entry.getValue());
        }
        response.close();
    }

    @Test
    public void loginChangeUserAfterInvalidPassword() {
        this.loginPage.open();
        this.loginPage.login("login-test2", "invalid");
        this.loginPage.assertCurrent();
        Assert.assertEquals("login-test2", this.loginPage.getUsername());
        Assert.assertEquals("", this.loginPage.getPassword());
        Assert.assertEquals("Invalid username or password.", this.loginPage.getError());
        this.events.expectLogin().user(user2Id).session((String) null).error("invalid_user_credentials").detail("username", "login-test2").removeDetail("consent").assertEvent();
        this.loginPage.login("login-test", "password");
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        Assert.assertNotNull(this.oauth.getCurrentQuery().get("code"));
        this.events.expectLogin().user(userId).detail("username", "login-test").assertEvent();
    }

    @Test
    public void loginInvalidPassword() {
        this.loginPage.open();
        this.loginPage.login("login-test", "invalid");
        this.loginPage.assertCurrent();
        Assert.assertEquals("login-test", this.loginPage.getUsername());
        Assert.assertEquals("", this.loginPage.getPassword());
        Assert.assertEquals("Invalid username or password.", this.loginPage.getError());
        this.events.expectLogin().user(userId).session((String) null).error("invalid_user_credentials").detail("username", "login-test").removeDetail("consent").assertEvent();
    }

    @Test
    public void loginMissingPassword() {
        this.loginPage.open();
        this.loginPage.missingPassword("login-test");
        this.loginPage.assertCurrent();
        Assert.assertEquals("login-test", this.loginPage.getUsername());
        Assert.assertEquals("", this.loginPage.getPassword());
        Assert.assertEquals("Invalid username or password.", this.loginPage.getError());
        this.events.expectLogin().user(userId).session((String) null).error("invalid_user_credentials").detail("username", "login-test").removeDetail("consent").assertEvent();
    }

    private void setUserEnabled(String str, boolean z) {
        UserRepresentation representation = this.adminClient.realm("test").users().get(str).toRepresentation();
        representation.setEnabled(Boolean.valueOf(z));
        this.adminClient.realm("test").users().get(str).update(representation);
    }

    @Test
    public void loginInvalidPasswordDisabledUser() {
        setUserEnabled("login-test", false);
        try {
            this.loginPage.open();
            this.loginPage.login("login-test", "invalid");
            this.loginPage.assertCurrent();
            Assert.assertEquals("login-test", this.loginPage.getUsername());
            Assert.assertEquals("", this.loginPage.getPassword());
            Assert.assertEquals("Invalid username or password.", this.loginPage.getError());
            this.events.expectLogin().user(userId).session((String) null).error("invalid_user_credentials").detail("username", "login-test").removeDetail("consent").assertEvent();
        } finally {
            setUserEnabled("login-test", true);
        }
    }

    @Test
    public void loginDisabledUser() {
        setUserEnabled("login-test", false);
        try {
            this.loginPage.open();
            this.loginPage.login("login-test", "password");
            this.loginPage.assertCurrent();
            Assert.assertEquals("login-test", this.loginPage.getUsername());
            Assert.assertEquals("", this.loginPage.getPassword());
            Assert.assertEquals("Account is disabled, contact admin.", this.loginPage.getError());
            this.events.expectLogin().user(userId).session((String) null).error("user_disabled").detail("username", "login-test").removeDetail("consent").assertEvent();
        } finally {
            setUserEnabled("login-test", true);
        }
    }

    @Test
    public void loginInvalidUsername() {
        this.loginPage.open();
        this.loginPage.login("invalid", "password");
        this.loginPage.assertCurrent();
        Assert.assertEquals("invalid", this.loginPage.getUsername());
        Assert.assertEquals("", this.loginPage.getPassword());
        Assert.assertEquals("Invalid username or password.", this.loginPage.getError());
        this.events.expectLogin().user((String) null).session((String) null).error("user_not_found").detail("username", "invalid").removeDetail("consent").assertEvent();
        this.loginPage.login("login-test", "password");
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        Assert.assertNotNull(this.oauth.getCurrentQuery().get("code"));
        this.events.expectLogin().user(userId).detail("username", "login-test").assertEvent();
    }

    @Test
    public void loginMissingUsername() {
        this.loginPage.open();
        this.loginPage.missingUsername();
        this.loginPage.assertCurrent();
        Assert.assertEquals("Invalid username or password.", this.loginPage.getError());
        this.events.expectLogin().user((String) null).session((String) null).error("user_not_found").removeDetail("consent").assertEvent();
    }

    @Test
    public void loginUserWithEmailAsUsername() {
        this.adminClient.realm(userId).users().create(UserBuilder.create().enabled(true).id("foo").email("foo").username("login@test.com").password("password").build());
        this.loginPage.open();
        this.loginPage.login("login@test.com", "password");
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        Assert.assertNotNull(this.oauth.getCurrentQuery().get("code"));
        this.events.expectLogin().user(userId).detail("username", "login@test.com").assertEvent();
    }

    @Test
    public void loginSuccess() {
        this.loginPage.open();
        this.loginPage.login("login-test", "password");
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        Assert.assertNotNull(this.oauth.getCurrentQuery().get("code"));
        this.events.expectLogin().user(userId).detail("username", "login-test").assertEvent();
    }

    @Test
    public void loginWithWhitespaceSuccess() {
        this.loginPage.open();
        this.loginPage.login(" login-test \t ", "password");
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        Assert.assertNotNull(this.oauth.getCurrentQuery().get("code"));
        this.events.expectLogin().user(userId).detail("username", "login-test").assertEvent();
    }

    @Test
    public void loginWithEmailWhitespaceSuccess() {
        this.loginPage.open();
        this.loginPage.login("    login@test.com    ", "password");
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        Assert.assertNotNull(this.oauth.getCurrentQuery().get("code"));
        this.events.expectLogin().user(userId).assertEvent();
    }

    private void setPasswordPolicy(String str) {
        RealmRepresentation representation = this.adminClient.realm("test").toRepresentation();
        representation.setPasswordPolicy(str);
        this.adminClient.realm("test").update(representation);
    }

    @Test
    public void loginWithForcePasswordChangePolicy() {
        setPasswordPolicy("forceExpiredPasswordChange(1)");
        try {
            setTimeOffset(86405);
            this.loginPage.open();
            this.loginPage.login("login-test", "password");
            this.updatePasswordPage.assertCurrent();
            this.updatePasswordPage.changePassword("updatedPassword", "updatedPassword");
            setTimeOffset(0);
            this.events.expectRequiredAction(EventType.UPDATE_PASSWORD).user(userId).detail("username", "login-test").assertEvent();
            Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
            this.events.expectLogin().user(userId).detail("username", "login-test").assertEvent();
        } finally {
            setPasswordPolicy(null);
            UserResource userResource = this.adminClient.realm("test").users().get("login-test");
            userResource.update(UserBuilder.edit(userResource.toRepresentation()).password("password").build());
        }
    }

    @Test
    public void loginWithoutForcePasswordChangePolicy() {
        setPasswordPolicy("forceExpiredPasswordChange(1)");
        try {
            setTimeOffset(86205);
            this.loginPage.open();
            this.loginPage.login("login-test", "password");
            Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
            Assert.assertNotNull(this.oauth.getCurrentQuery().get("code"));
            setTimeOffset(0);
            this.events.expectLogin().user(userId).detail("username", "login-test").assertEvent();
        } finally {
            setPasswordPolicy(null);
        }
    }

    @Test
    public void loginNoTimeoutWithLongWait() {
        this.loginPage.open();
        setTimeOffset(1700);
        this.loginPage.login("login-test", "password");
        setTimeOffset(0);
        this.events.expectLogin().user(userId).detail("username", "login-test").assertEvent().getSessionId();
    }

    @Test
    public void loginTimeout() {
        this.loginPage.open();
        setTimeOffset(1850);
        this.loginPage.login("login-test", "password");
        setTimeOffset(0);
        this.events.expectLogin().clearDetails().detail("code_id", AssertEvents.isCodeId()).user((String) null).session((String) null).error("expired_code").assertEvent().getSessionId();
    }

    @Test
    public void loginLoginHint() {
        this.driver.navigate().to(this.oauth.getLoginFormUrl() + "&login_hint=login-test");
        Assert.assertEquals("login-test", this.loginPage.getUsername());
        this.loginPage.login("password");
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        Assert.assertNotNull(this.oauth.getCurrentQuery().get("code"));
        this.events.expectLogin().user(userId).detail("username", "login-test").assertEvent();
    }

    @Test
    public void loginWithEmailSuccess() {
        this.loginPage.open();
        this.loginPage.login("login@test.com", "password");
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        Assert.assertNotNull(this.oauth.getCurrentQuery().get("code"));
        this.events.expectLogin().user(userId).assertEvent();
    }

    private void setRememberMe(boolean z) {
        RealmRepresentation representation = this.adminClient.realm("test").toRepresentation();
        representation.setRememberMe(Boolean.valueOf(z));
        this.adminClient.realm("test").update(representation);
    }

    @Test
    public void loginWithRememberMe() {
        setRememberMe(true);
        try {
            this.loginPage.open();
            Assert.assertFalse(this.loginPage.isRememberMeChecked());
            this.loginPage.setRememberMe(true);
            Assert.assertTrue(this.loginPage.isRememberMeChecked());
            this.loginPage.login("login-test", "password");
            Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
            Assert.assertNotNull(this.oauth.getCurrentQuery().get("code"));
            this.testingClient.testing().removeUserSession("test", this.events.expectLogin().user(userId).detail("username", "login-test").detail("remember_me", "true").assertEvent().getSessionId());
            this.loginPage.open();
            Assert.assertTrue(this.loginPage.isRememberMeChecked());
            Assert.assertEquals("login-test", this.loginPage.getUsername());
            this.loginPage.setRememberMe(false);
        } finally {
            setRememberMe(false);
        }
    }

    @Test
    public void loginExpiredCode() {
        this.loginPage.open();
        setTimeOffset(5000);
        this.testingClient.testing().removeExpired("test");
        this.loginPage.login("login@test.com", "password");
        this.loginPage.assertCurrent();
        setTimeOffset(0);
        this.events.expectLogin().user((String) null).session((String) null).error("expired_code").clearDetails().detail("restart_after_timeout", "true").client((String) null).assertEvent();
    }
}
