package org.apereo.cas.pm.web.flow.actions;

import java.util.Collection;
import org.apereo.cas.authentication.mfa.TestMultifactorAuthenticationProvider;
import org.apereo.cas.config.CasPersonDirectoryTestConfiguration;
import org.apereo.cas.pm.PasswordManagementQuery;
import org.apereo.cas.pm.PasswordManagementService;
import org.apereo.cas.pm.web.flow.actions.BasePasswordManagementActionTests;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.test.CasTestExtension;
import org.apereo.cas.ticket.Ticket;
import org.apereo.cas.ticket.expiration.HardTimeoutExpirationPolicy;
import org.apereo.cas.ticket.expiration.MultiTimeUseOrTimeoutExpirationPolicy;
import org.apereo.cas.util.MockRequestContext;
import org.apereo.cas.util.junit.EnabledIfListeningOnPort;
import org.apereo.cas.web.support.WebUtils;
import org.apereo.inspektr.common.web.ClientInfo;
import org.apereo.inspektr.common.web.ClientInfoHolder;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.MethodOrderer;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Order;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestMethodOrder;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.Mockito;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.context.TestConfiguration;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Import;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.test.context.TestPropertySource;

@Tag("Mail")
@EnabledIfListeningOnPort(port = {25000})
@ExtendWith({CasTestExtension.class})
/* loaded from: input_file:org/apereo/cas/pm/web/flow/actions/SendPasswordResetInstructionsActionTests.class */
class SendPasswordResetInstructionsActionTests {

    @Nested
    /* loaded from: input_file:org/apereo/cas/pm/web/flow/actions/SendPasswordResetInstructionsActionTests$DefaultTests.class */
    class DefaultTests extends BasePasswordManagementActionTests {
        DefaultTests(SendPasswordResetInstructionsActionTests sendPasswordResetInstructionsActionTests) {
        }

        @BeforeEach
        public void setup() {
            MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
            mockHttpServletRequest.setRemoteAddr("223.456.789.000");
            mockHttpServletRequest.setLocalAddr("123.456.789.000");
            mockHttpServletRequest.addHeader("user-agent", "test");
            ClientInfoHolder.setClientInfo(ClientInfo.from(mockHttpServletRequest));
            this.ticketRegistry.deleteAll();
        }

        @Test
        void verifyAction() throws Throwable {
            MockRequestContext create = MockRequestContext.create(this.applicationContext);
            create.setParameter("username", "casuser");
            WebUtils.putServiceIntoFlowScope(create, RegisteredServiceTestUtils.getService());
            Assertions.assertEquals("success", this.sendPasswordResetInstructionsAction.execute(create).getId());
            Collection tickets = this.ticketRegistry.getTickets();
            Assertions.assertEquals(1, tickets.size());
            Assertions.assertInstanceOf(HardTimeoutExpirationPolicy.class, ((Ticket) tickets.iterator().next()).getExpirationPolicy());
        }

        @Test
        void verifyNoPhoneOrEmail() throws Throwable {
            MockRequestContext create = MockRequestContext.create(this.applicationContext);
            create.setParameter("username", "none");
            WebUtils.putServiceIntoFlowScope(create, RegisteredServiceTestUtils.getService());
            Assertions.assertEquals("error", this.sendPasswordResetInstructionsAction.execute(create).getId());
        }

        @Test
        void verifyNoUsername() throws Throwable {
            MockRequestContext create = MockRequestContext.create(this.applicationContext);
            WebUtils.putServiceIntoFlowScope(create, RegisteredServiceTestUtils.getService());
            Assertions.assertEquals("error", this.sendPasswordResetInstructionsAction.execute(create).getId());
        }
    }

    @Nested
    @TestPropertySource(properties = {"cas.authn.pm.reset.mail.html=true", "cas.authn.pm.reset.mail.text=classpath:/password-reset.html"})
    /* loaded from: input_file:org/apereo/cas/pm/web/flow/actions/SendPasswordResetInstructionsActionTests$HtmlEmailTests.class */
    class HtmlEmailTests extends BasePasswordManagementActionTests {
        HtmlEmailTests(SendPasswordResetInstructionsActionTests sendPasswordResetInstructionsActionTests) {
        }

        @Test
        void verifyHtmlEmail() throws Throwable {
            MockRequestContext create = MockRequestContext.create(this.applicationContext);
            create.setParameter("username", "casuser");
            WebUtils.putServiceIntoFlowScope(create, RegisteredServiceTestUtils.getService());
            Assertions.assertEquals("success", this.sendPasswordResetInstructionsAction.execute(create).getId());
            Collection tickets = this.ticketRegistry.getTickets();
            Assertions.assertEquals(1, tickets.size());
            Assertions.assertInstanceOf(HardTimeoutExpirationPolicy.class, ((Ticket) tickets.iterator().next()).getExpirationPolicy());
        }
    }

    @TestMethodOrder(MethodOrderer.OrderAnnotation.class)
    @SpringBootTest(classes = {BasePasswordManagementActionTests.SharedTestConfiguration.class, CasPersonDirectoryTestConfiguration.class}, properties = {"spring.mail.host=localhost", "spring.mail.port=25000", "cas.authn.pm.core.enabled=true", "cas.authn.pm.groovy.location=classpath:PasswordManagementService.groovy", "cas.authn.pm.forgot-username.mail.from=cas@example.org", "cas.authn.pm.reset.mail.from=cas@example.org", "cas.authn.pm.reset.security-questions-enabled=true", "cas.authn.pm.reset.number-of-uses=1"})
    @Nested
    /* loaded from: input_file:org/apereo/cas/pm/web/flow/actions/SendPasswordResetInstructionsActionTests$NoMultifactorRegisteredDevicesTests.class */
    class NoMultifactorRegisteredDevicesTests extends BasePasswordManagementActionTests {
        NoMultifactorRegisteredDevicesTests(SendPasswordResetInstructionsActionTests sendPasswordResetInstructionsActionTests) {
        }

        @Test
        @Order(1)
        void verifyActionRequiresMfa() throws Throwable {
            MockRequestContext create = MockRequestContext.create(this.applicationContext);
            TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(this.applicationContext);
            create.setParameter("username", "user-without-devices");
            WebUtils.putServiceIntoFlowScope(create, RegisteredServiceTestUtils.getService());
            Assertions.assertEquals("deny", this.sendPasswordResetInstructionsAction.execute(create).getId());
        }

        @Test
        @Order(0)
        void verifyActionMultiUse() throws Throwable {
            MockRequestContext create = MockRequestContext.create(this.applicationContext);
            create.setParameter("username", "casuser");
            WebUtils.putServiceIntoFlowScope(create, RegisteredServiceTestUtils.getService());
            Assertions.assertEquals("success", this.sendPasswordResetInstructionsAction.execute(create).getId());
            Collection tickets = this.ticketRegistry.getTickets();
            Assertions.assertEquals(1, tickets.size());
            Assertions.assertInstanceOf(MultiTimeUseOrTimeoutExpirationPolicy.class, ((Ticket) tickets.iterator().next()).getExpirationPolicy());
        }
    }

    @TestConfiguration(value = "PasswordManagementTestConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/pm/web/flow/actions/SendPasswordResetInstructionsActionTests$PasswordManagementTestConfiguration.class */
    static class PasswordManagementTestConfiguration {
        PasswordManagementTestConfiguration() {
        }

        @Autowired
        @Bean
        public PasswordManagementService passwordChangeService() throws Throwable {
            PasswordManagementService passwordManagementService = (PasswordManagementService) Mockito.mock(PasswordManagementService.class);
            Mockito.when(passwordManagementService.createToken((PasswordManagementQuery) Mockito.any())).thenReturn((Object) null);
            Mockito.when(passwordManagementService.findUsername((PasswordManagementQuery) Mockito.any())).thenReturn("casuser");
            Mockito.when(passwordManagementService.findEmail((PasswordManagementQuery) Mockito.any())).thenReturn("casuser@example.org");
            return passwordManagementService;
        }
    }

    @Nested
    @Import({PasswordManagementTestConfiguration.class})
    /* loaded from: input_file:org/apereo/cas/pm/web/flow/actions/SendPasswordResetInstructionsActionTests$WithoutTokens.class */
    class WithoutTokens extends BasePasswordManagementActionTests {
        WithoutTokens(SendPasswordResetInstructionsActionTests sendPasswordResetInstructionsActionTests) {
        }

        @Test
        void verifyNoLinkAction() throws Throwable {
            MockRequestContext create = MockRequestContext.create(this.applicationContext);
            create.setParameter("username", "unknown");
            WebUtils.putServiceIntoFlowScope(create, RegisteredServiceTestUtils.getService());
            Assertions.assertEquals("error", this.sendPasswordResetInstructionsAction.execute(create).getId());
        }
    }

    SendPasswordResetInstructionsActionTests() {
    }
}
