package org.keycloak.testsuite.broker;

import java.util.Collections;
import java.util.HashMap;
import java.util.Set;
import org.junit.Assert;
import org.junit.Test;
import org.keycloak.common.util.ObjectUtil;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.AuthenticatorConfigModel;
import org.keycloak.models.FederatedIdentityModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.pages.IdpConfirmLinkPage;
import org.keycloak.testsuite.pages.IdpLinkEmailPage;
import org.keycloak.testsuite.pages.LoginPasswordUpdatePage;
import org.keycloak.testsuite.pages.LoginUpdateProfileEditUsernameAllowedPage;
import org.keycloak.testsuite.rule.KeycloakRule;
import org.keycloak.testsuite.rule.WebResource;
import org.openqa.selenium.By;
import org.openqa.selenium.NoSuchElementException;
import org.openqa.selenium.WebElement;

/* loaded from: input_file:org/keycloak/testsuite/broker/AbstractFirstBrokerLoginTest.class */
public abstract class AbstractFirstBrokerLoginTest extends AbstractIdentityProviderTest {
    protected static final String APP_REALM_ID = "realm-with-broker";

    @WebResource
    protected LoginUpdateProfileEditUsernameAllowedPage updateProfileWithUsernamePage;

    @WebResource
    protected IdpConfirmLinkPage idpConfirmLinkPage;

    @WebResource
    protected IdpLinkEmailPage idpLinkEmailPage;

    @WebResource
    protected LoginPasswordUpdatePage passwordUpdatePage;

    @Test
    public void testErrorPageWhenDuplicationNotAllowed_updateProfileOff() {
        brokerServerRule.update(new KeycloakRule.KeycloakSetup() { // from class: org.keycloak.testsuite.broker.AbstractFirstBrokerLoginTest.1
            @Override // org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup
            public void config(RealmManager realmManager, RealmModel realmModel, RealmModel realmModel2) {
                AbstractFirstBrokerLoginTest.setExecutionRequirement(realmModel2, "first broker login", "idp-create-user-if-unique", AuthenticationExecutionModel.Requirement.REQUIRED);
                AbstractIdentityProviderTest.setUpdateProfileFirstLogin(realmModel2, "off");
            }
        }, APP_REALM_ID);
        loginIDP("pedroigor");
        WebElement findElement = this.driver.findElement(By.className("instruction"));
        Assert.assertNotNull(findElement);
        Assert.assertEquals("User with email psilva@redhat.com already exists. Please login to account management to link the account.", findElement.getText());
        brokerServerRule.update(new KeycloakRule.KeycloakSetup() { // from class: org.keycloak.testsuite.broker.AbstractFirstBrokerLoginTest.2
            @Override // org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup
            public void config(RealmManager realmManager, RealmModel realmModel, RealmModel realmModel2) {
                AbstractFirstBrokerLoginTest.setExecutionRequirement(realmModel2, "first broker login", "idp-create-user-if-unique", AuthenticationExecutionModel.Requirement.ALTERNATIVE);
            }
        }, APP_REALM_ID);
    }

    @Test
    public void testErrorPageWhenDuplicationNotAllowed_updateProfileOn() {
        brokerServerRule.update(new KeycloakRule.KeycloakSetup() { // from class: org.keycloak.testsuite.broker.AbstractFirstBrokerLoginTest.3
            @Override // org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup
            public void config(RealmManager realmManager, RealmModel realmModel, RealmModel realmModel2) {
                AbstractFirstBrokerLoginTest.setExecutionRequirement(realmModel2, "first broker login", "idp-create-user-if-unique", AuthenticationExecutionModel.Requirement.REQUIRED);
                AbstractIdentityProviderTest.setUpdateProfileFirstLogin(realmModel2, "on");
            }
        }, APP_REALM_ID);
        loginIDP("test-user");
        this.updateProfileWithUsernamePage.assertCurrent();
        this.updateProfileWithUsernamePage.update("Test", "User", "test-user@redhat.com", "pedroigor");
        WebElement findElement = this.driver.findElement(By.className("instruction"));
        Assert.assertNotNull(findElement);
        Assert.assertEquals("User with username pedroigor already exists. Please login to account management to link the account.", findElement.getText());
        brokerServerRule.update(new KeycloakRule.KeycloakSetup() { // from class: org.keycloak.testsuite.broker.AbstractFirstBrokerLoginTest.4
            @Override // org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup
            public void config(RealmManager realmManager, RealmModel realmModel, RealmModel realmModel2) {
                AbstractFirstBrokerLoginTest.setExecutionRequirement(realmModel2, "first broker login", "idp-create-user-if-unique", AuthenticationExecutionModel.Requirement.ALTERNATIVE);
            }
        }, APP_REALM_ID);
    }

    @Test
    public void testRegistrationWithPasswordUpdateRequired() {
        brokerServerRule.update(new KeycloakRule.KeycloakSetup() { // from class: org.keycloak.testsuite.broker.AbstractFirstBrokerLoginTest.5
            @Override // org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup
            public void config(RealmManager realmManager, RealmModel realmModel, RealmModel realmModel2) {
                AuthenticatorConfigModel authenticatorConfigByAlias = realmModel2.getAuthenticatorConfigByAlias("create unique user config");
                authenticatorConfigByAlias.getConfig().put("require.password.update.after.registration", "true");
                realmModel2.updateAuthenticatorConfig(authenticatorConfigByAlias);
                AbstractIdentityProviderTest.setUpdateProfileFirstLogin(realmModel2, "missing");
            }
        }, APP_REALM_ID);
        loginIDP("pedroigor");
        this.updateProfileWithUsernamePage.assertCurrent();
        this.updateProfileWithUsernamePage.update("Test", "User", "some-user@redhat.com", "some-user");
        this.passwordUpdatePage.assertCurrent();
        this.passwordUpdatePage.changePassword("password1", "password1");
        assertFederatedUser("some-user", "some-user@redhat.com", "pedroigor");
        brokerServerRule.update(new KeycloakRule.KeycloakSetup() { // from class: org.keycloak.testsuite.broker.AbstractFirstBrokerLoginTest.6
            @Override // org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup
            public void config(RealmManager realmManager, RealmModel realmModel, RealmModel realmModel2) {
                AuthenticatorConfigModel authenticatorConfigByAlias = realmModel2.getAuthenticatorConfigByAlias("create unique user config");
                authenticatorConfigByAlias.getConfig().put("require.password.update.after.registration", "false");
                realmModel2.updateAuthenticatorConfig(authenticatorConfigByAlias);
            }
        }, APP_REALM_ID);
    }

    @Test
    public void testRegistrationWithEmailAsUsername() {
        brokerServerRule.update(new KeycloakRule.KeycloakSetup() { // from class: org.keycloak.testsuite.broker.AbstractFirstBrokerLoginTest.7
            @Override // org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup
            public void config(RealmManager realmManager, RealmModel realmModel, RealmModel realmModel2) {
                AbstractIdentityProviderTest.setUpdateProfileFirstLogin(realmModel2, "on");
                realmModel2.setRegistrationEmailAsUsername(true);
            }
        }, APP_REALM_ID);
        loginIDP("pedroigor");
        this.updateProfileWithUsernamePage.assertCurrent();
        try {
            this.updateProfileWithUsernamePage.update("Test", "User", "some-user@redhat.com", "some-user");
            Assert.fail("It is not expected to see username field");
        } catch (NoSuchElementException e) {
        }
        this.updateProfileWithUsernamePage.update("Test", "User", "some-user@redhat.com");
        assertFederatedUser("some-user@redhat.com", "some-user@redhat.com", "pedroigor");
        brokerServerRule.update(new KeycloakRule.KeycloakSetup() { // from class: org.keycloak.testsuite.broker.AbstractFirstBrokerLoginTest.8
            @Override // org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup
            public void config(RealmManager realmManager, RealmModel realmModel, RealmModel realmModel2) {
                AbstractIdentityProviderTest.setUpdateProfileFirstLogin(realmModel2, "missing");
                realmModel2.setRegistrationEmailAsUsername(false);
            }
        }, APP_REALM_ID);
    }

    @Test
    public void testFixDuplicationsByReviewProfile() {
        setUpdateProfileFirstLogin("off");
        loginIDP("pedroigor");
        this.idpConfirmLinkPage.assertCurrent();
        Assert.assertEquals("User with email psilva@redhat.com already exists. How do you want to continue?", this.idpConfirmLinkPage.getMessage());
        this.idpConfirmLinkPage.clickReviewProfile();
        this.updateProfileWithUsernamePage.assertCurrent();
        this.updateProfileWithUsernamePage.update("Test", "User", "testing-user@redhat.com", "pedroigor");
        this.idpConfirmLinkPage.assertCurrent();
        Assert.assertEquals("User with username pedroigor already exists. How do you want to continue?", this.idpConfirmLinkPage.getMessage());
        this.idpConfirmLinkPage.clickReviewProfile();
        this.updateProfileWithUsernamePage.assertCurrent();
        this.updateProfileWithUsernamePage.update("Test", "User", "testing-user@redhat.com", "testing-user");
        assertFederatedUser("testing-user", "testing-user@redhat.com", "pedroigor");
    }

    @Test
    public void testLinkAccountByEmailVerification() throws Exception {
        setUpdateProfileFirstLogin("off");
        loginIDP("pedroigor");
        this.idpConfirmLinkPage.assertCurrent();
        Assert.assertEquals("User with email psilva@redhat.com already exists. How do you want to continue?", this.idpConfirmLinkPage.getMessage());
        this.idpConfirmLinkPage.clickLinkAccount();
        this.idpLinkEmailPage.assertCurrent();
        Assert.assertEquals("An email with instructions to link " + ObjectUtil.capitalize(getProviderId()) + " account pedroigor with your " + APP_REALM_ID + " account has been sent to you.", this.idpLinkEmailPage.getMessage());
        Assert.assertEquals(1L, this.greenMail.getReceivedMessages().length);
        this.driver.navigate().to(getVerificationEmailLink(this.greenMail.getReceivedMessages()[0]).trim());
        assertFederatedUser("pedroigor", "psilva@redhat.com", "pedroigor");
    }

    @Test
    public void testLinkAccountByReauthenticationWithPassword() throws Exception {
        final HashMap hashMap = new HashMap();
        brokerServerRule.update(new KeycloakRule.KeycloakSetup() { // from class: org.keycloak.testsuite.broker.AbstractFirstBrokerLoginTest.9
            @Override // org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup
            public void config(RealmManager realmManager, RealmModel realmModel, RealmModel realmModel2) {
                AbstractIdentityProviderTest.setUpdateProfileFirstLogin(realmModel2, "off");
                hashMap.putAll(realmModel2.getSmtpConfig());
                realmModel2.setSmtpConfig(Collections.emptyMap());
            }
        }, APP_REALM_ID);
        loginIDP("pedroigor");
        this.idpConfirmLinkPage.assertCurrent();
        Assert.assertEquals("User with email psilva@redhat.com already exists. How do you want to continue?", this.idpConfirmLinkPage.getMessage());
        this.idpConfirmLinkPage.clickLinkAccount();
        Assert.assertEquals("Log in to realm-with-broker", this.driver.getTitle());
        Assert.assertEquals("pedroigor", this.loginPage.getUsername());
        Assert.assertFalse(this.loginPage.isUsernameInputEnabled());
        Assert.assertEquals("Authenticate as pedroigor to link your account with " + getProviderId(), this.loginPage.getInfoMessage());
        try {
            this.loginPage.findSocialButton(getProviderId());
            Assert.fail("Not expected to see social button with " + getProviderId());
        } catch (NoSuchElementException e) {
        }
        try {
            this.loginPage.clickRegister();
            Assert.fail("Not expected to see register link");
        } catch (NoSuchElementException e2) {
        }
        this.loginPage.login("password1");
        Assert.assertEquals("Invalid username or password.", this.loginPage.getError());
        this.loginPage.login("password");
        assertFederatedUser("pedroigor", "psilva@redhat.com", "pedroigor");
        brokerServerRule.update(new KeycloakRule.KeycloakSetup() { // from class: org.keycloak.testsuite.broker.AbstractFirstBrokerLoginTest.10
            @Override // org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup
            public void config(RealmManager realmManager, RealmModel realmModel, RealmModel realmModel2) {
                realmModel2.setSmtpConfig(hashMap);
            }
        }, APP_REALM_ID);
    }

    @Test
    public void testLinkAccountByReauthentication_forgetPassword() throws Exception {
        brokerServerRule.update(new KeycloakRule.KeycloakSetup() { // from class: org.keycloak.testsuite.broker.AbstractFirstBrokerLoginTest.11
            @Override // org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup
            public void config(RealmManager realmManager, RealmModel realmModel, RealmModel realmModel2) {
                AbstractFirstBrokerLoginTest.setExecutionRequirement(realmModel2, "Handle Existing Account", "idp-email-verification", AuthenticationExecutionModel.Requirement.DISABLED);
                AbstractIdentityProviderTest.setUpdateProfileFirstLogin(realmModel2, "off");
            }
        }, APP_REALM_ID);
        loginIDP("pedroigor");
        this.idpConfirmLinkPage.assertCurrent();
        Assert.assertEquals("User with email psilva@redhat.com already exists. How do you want to continue?", this.idpConfirmLinkPage.getMessage());
        this.idpConfirmLinkPage.clickLinkAccount();
        Assert.assertEquals("Log in to realm-with-broker", this.driver.getTitle());
        this.loginPage.resetPassword();
        Assert.assertEquals("Log in to realm-with-broker", this.driver.getTitle());
        Assert.assertEquals("You should receive an email shortly with further instructions.", this.loginPage.getSuccessMessage());
        Assert.assertEquals(1L, this.greenMail.getReceivedMessages().length);
        this.driver.navigate().to(getVerificationEmailLink(this.greenMail.getReceivedMessages()[0]).trim());
        this.passwordUpdatePage.assertCurrent();
        this.passwordUpdatePage.changePassword("password", "password");
        assertFederatedUser("pedroigor", "psilva@redhat.com", "pedroigor");
        brokerServerRule.update(new KeycloakRule.KeycloakSetup() { // from class: org.keycloak.testsuite.broker.AbstractFirstBrokerLoginTest.12
            @Override // org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup
            public void config(RealmManager realmManager, RealmModel realmModel, RealmModel realmModel2) {
                AbstractFirstBrokerLoginTest.setExecutionRequirement(realmModel2, "Handle Existing Account", "idp-email-verification", AuthenticationExecutionModel.Requirement.ALTERNATIVE);
            }
        }, APP_REALM_ID);
    }

    protected void assertFederatedUser(String str, String str2, String str3) {
        Assert.assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/test-app"));
        UserModel federatedUser = getFederatedUser();
        Assert.assertNotNull(federatedUser);
        Assert.assertEquals(str, federatedUser.getUsername());
        Assert.assertEquals(str2, federatedUser.getEmail());
        Set federatedIdentities = this.session.users().getFederatedIdentities(federatedUser, getRealm());
        Assert.assertEquals(1L, federatedIdentities.size());
        FederatedIdentityModel federatedIdentityModel = (FederatedIdentityModel) federatedIdentities.iterator().next();
        Assert.assertEquals(getProviderId(), federatedIdentityModel.getIdentityProvider());
        Assert.assertEquals(str3, federatedIdentityModel.getUserName());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void setExecutionRequirement(RealmModel realmModel, String str, String str2, AuthenticationExecutionModel.Requirement requirement) {
        for (AuthenticationExecutionModel authenticationExecutionModel : realmModel.getAuthenticationExecutions(realmModel.getFlowByAlias(str).getId())) {
            if (authenticationExecutionModel.getAuthenticator().equals(str2)) {
                authenticationExecutionModel.setRequirement(requirement);
                realmModel.updateAuthenticatorExecution(authenticationExecutionModel);
                return;
            }
        }
        throw new IllegalStateException("Execution not found for flow " + str + " and authenticator " + str2);
    }
}
