package org.apereo.cas.gauth.web.flow;

import com.warrenstrange.googleauth.IGoogleAuthenticator;
import java.util.List;
import java.util.UUID;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.gauth.BaseGoogleAuthenticatorTests;
import org.apereo.cas.gauth.credential.GoogleAuthenticatorAccount;
import org.apereo.cas.otp.repository.credentials.OneTimeTokenCredentialRepository;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.context.TestConfiguration;
import org.springframework.context.annotation.Bean;
import org.springframework.http.HttpStatus;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.mock.web.MockServletContext;
import org.springframework.webflow.context.ExternalContextHolder;
import org.springframework.webflow.context.servlet.ServletExternalContext;
import org.springframework.webflow.execution.Action;
import org.springframework.webflow.execution.RequestContextHolder;
import org.springframework.webflow.test.MockRequestContext;

@Tag("WebflowMfaActions")
@SpringBootTest(classes = {GoogleAuthenticatorSaveRegistrationActionTestConfiguration.class, BaseGoogleAuthenticatorTests.SharedTestConfiguration.class})
/* loaded from: input_file:org/apereo/cas/gauth/web/flow/GoogleAuthenticatorSaveRegistrationActionTests.class */
public class GoogleAuthenticatorSaveRegistrationActionTests {

    @Autowired
    @Qualifier("googleSaveAccountRegistrationAction")
    private Action googleSaveAccountRegistrationAction;

    @Autowired
    @Qualifier("googleAuthenticatorAccountRegistry")
    private OneTimeTokenCredentialRepository googleAuthenticatorAccountRegistry;

    @TestConfiguration(value = "GoogleAuthenticatorSaveRegistrationActionTests", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/gauth/web/flow/GoogleAuthenticatorSaveRegistrationActionTests$GoogleAuthenticatorSaveRegistrationActionTestConfiguration.class */
    public static class GoogleAuthenticatorSaveRegistrationActionTestConfiguration {
        @Bean
        public IGoogleAuthenticator googleAuthenticatorInstance() {
            IGoogleAuthenticator iGoogleAuthenticator = (IGoogleAuthenticator) Mockito.mock(IGoogleAuthenticator.class);
            Mockito.when(Boolean.valueOf(iGoogleAuthenticator.authorize(Mockito.anyString(), ArgumentMatchers.eq(123456)))).thenReturn(Boolean.TRUE);
            Mockito.when(Boolean.valueOf(iGoogleAuthenticator.authorize(Mockito.anyString(), ArgumentMatchers.eq(987654)))).thenReturn(Boolean.FALSE);
            Mockito.when(Boolean.valueOf(iGoogleAuthenticator.authorize(Mockito.anyString(), ArgumentMatchers.eq(112233)))).thenThrow(new Throwable[]{new IllegalArgumentException()});
            return iGoogleAuthenticator;
        }
    }

    @BeforeEach
    public void beforeEach() {
        this.googleAuthenticatorAccountRegistry.deleteAll();
    }

    @Test
    public void verifyMultipleRegDisabled(@Autowired CasConfigurationProperties casConfigurationProperties) throws Exception {
        MockRequestContext mockRequestContext = new MockRequestContext();
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), new MockHttpServletRequest(), new MockHttpServletResponse()));
        RequestContextHolder.setRequestContext(mockRequestContext);
        ExternalContextHolder.setExternalContext(mockRequestContext.getExternalContext());
        GoogleAuthenticatorAccount build = GoogleAuthenticatorAccount.builder().username("casuser").name(UUID.randomUUID().toString()).secretKey("secret").validationCode(123456).scratchCodes(List.of()).build();
        this.googleAuthenticatorAccountRegistry.save(build);
        mockRequestContext.getFlowScope().put("key", build);
        casConfigurationProperties.getAuthn().getMfa().getGauth().getCore().setMultipleDeviceRegistrationEnabled(false);
        Assertions.assertEquals("error", this.googleSaveAccountRegistrationAction.execute(mockRequestContext).getId());
    }

    @Test
    public void verifyAccountValidationFails() throws Exception {
        GoogleAuthenticatorAccount build = GoogleAuthenticatorAccount.builder().username("casuser").name(UUID.randomUUID().toString()).secretKey("secret").validationCode(123456).scratchCodes(List.of()).build();
        MockRequestContext mockRequestContext = new MockRequestContext();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addParameter("token", "918273");
        mockHttpServletRequest.addParameter("accountName", build.getName());
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), mockHttpServletRequest, new MockHttpServletResponse()));
        RequestContextHolder.setRequestContext(mockRequestContext);
        ExternalContextHolder.setExternalContext(mockRequestContext.getExternalContext());
        mockRequestContext.getFlowScope().put("key", build);
        Assertions.assertEquals("error", this.googleSaveAccountRegistrationAction.execute(mockRequestContext).getId());
    }

    @Test
    public void verifyAccountValidationOnly() throws Exception {
        GoogleAuthenticatorAccount build = GoogleAuthenticatorAccount.builder().username("casuser").name(UUID.randomUUID().toString()).secretKey("secret").validationCode(123456).scratchCodes(List.of()).build();
        MockRequestContext mockRequestContext = new MockRequestContext();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setParameter("token", "123456");
        mockHttpServletRequest.addParameter("accountName", build.getName());
        mockHttpServletRequest.addParameter("validate", "true");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), mockHttpServletRequest, mockHttpServletResponse));
        RequestContextHolder.setRequestContext(mockRequestContext);
        ExternalContextHolder.setExternalContext(mockRequestContext.getExternalContext());
        mockRequestContext.getFlowScope().put("key", build);
        mockHttpServletRequest.setParameter("token", "987654");
        Assertions.assertEquals("error", this.googleSaveAccountRegistrationAction.execute(mockRequestContext).getId());
        Assertions.assertEquals(HttpStatus.UNAUTHORIZED.value(), mockHttpServletResponse.getStatus());
        mockHttpServletRequest.setParameter("token", "112233");
        Assertions.assertEquals("error", this.googleSaveAccountRegistrationAction.execute(mockRequestContext).getId());
        Assertions.assertEquals(HttpStatus.UNAUTHORIZED.value(), mockHttpServletResponse.getStatus());
        mockHttpServletRequest.setParameter("token", "123456");
        Assertions.assertEquals("success", this.googleSaveAccountRegistrationAction.execute(mockRequestContext).getId());
    }
}
