package io.gravitee.am.gateway.handler.common.vertx.web.handler;

import io.gravitee.am.common.factor.FactorType;
import io.gravitee.am.common.jwt.JWT;
import io.gravitee.am.gateway.certificate.CertificateProvider;
import io.gravitee.am.gateway.handler.common.certificate.CertificateManager;
import io.gravitee.am.gateway.handler.common.factor.FactorManager;
import io.gravitee.am.gateway.handler.common.jwt.JWTService;
import io.gravitee.am.gateway.handler.common.jwt.SubjectManager;
import io.gravitee.am.gateway.handler.common.ruleengine.SpELRuleEngine;
import io.gravitee.am.gateway.handler.common.vertx.RxWebTestBase;
import io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User;
import io.gravitee.am.gateway.handler.common.vertx.web.handler.impl.CookieSessionHandler;
import io.gravitee.am.gateway.handler.common.vertx.web.handler.impl.internal.AuthenticationFlowChainHandler;
import io.gravitee.am.gateway.handler.common.vertx.web.handler.impl.internal.mfa.MFAChallengeStep;
import io.gravitee.am.gateway.handler.common.vertx.web.handler.impl.internal.mfa.MFAEnrollStep;
import io.gravitee.am.gateway.handler.common.vertx.web.handler.impl.internal.mfa.MFARecoveryCodeStep;
import io.gravitee.am.model.ApplicationFactorSettings;
import io.gravitee.am.model.ChallengeSettings;
import io.gravitee.am.model.EnrollSettings;
import io.gravitee.am.model.Factor;
import io.gravitee.am.model.FactorSettings;
import io.gravitee.am.model.MFASettings;
import io.gravitee.am.model.MfaChallengeType;
import io.gravitee.am.model.MfaEnrollType;
import io.gravitee.am.model.RememberDeviceSettings;
import io.gravitee.am.model.StepUpAuthenticationSettings;
import io.gravitee.am.model.factor.EnrolledFactor;
import io.gravitee.am.model.factor.EnrolledFactorSecurity;
import io.gravitee.am.model.factor.FactorStatus;
import io.gravitee.am.model.oidc.Client;
import io.gravitee.am.service.impl.user.UserEnhancer;
import io.gravitee.risk.assessment.api.assessment.Assessment;
import io.gravitee.risk.assessment.api.assessment.AssessmentMessageResult;
import io.gravitee.risk.assessment.api.assessment.AssessmentResult;
import io.gravitee.risk.assessment.api.assessment.settings.AssessmentSettings;
import io.gravitee.risk.assessment.api.assessment.settings.RiskAssessmentSettings;
import io.reactivex.rxjava3.core.Single;
import io.vertx.core.http.HttpMethod;
import io.vertx.core.json.JsonObject;
import java.util.ArrayList;
import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.ArgumentMatchers;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.junit.MockitoJUnitRunner;

@RunWith(MockitoJUnitRunner.class)
/* loaded from: input_file:io/gravitee/am/gateway/handler/common/vertx/web/handler/AuthenticationFlowHandlerTest.class */
public class AuthenticationFlowHandlerTest extends RxWebTestBase {
    private static final String DEFAULT_FACTOR_ID = "default-factor";
    private static final String FACTOR_RECOVERY_CODE_ID = "factor-recovery-code";
    private static final String FACTOR_ID = "factor-id";
    private final SpELRuleEngine ruleEngine = new SpELRuleEngine();

    @Mock
    private JWTService jwtService;

    @Mock
    private CertificateManager certificateManager;

    @Mock
    private UserEnhancer userEnhancer;

    @Mock
    private FactorManager factorManager;

    @Mock
    private SubjectManager subjectManager;

    @Override // io.gravitee.am.gateway.handler.common.vertx.RxWebTestBase, io.gravitee.am.gateway.handler.common.vertx.RxVertxTestBase
    public void setUp() throws Exception {
        super.setUp();
        LinkedList linkedList = new LinkedList();
        linkedList.add(new MFAEnrollStep(RedirectHandler.create("/mfa/enroll"), this.ruleEngine, this.factorManager));
        linkedList.add(new MFAChallengeStep(RedirectHandler.create("/mfa/challenge"), this.ruleEngine, this.factorManager));
        linkedList.add(new MFARecoveryCodeStep(RedirectHandler.create("/mfa/recovery_code"), this.ruleEngine, this.factorManager));
        AuthenticationFlowChainHandler authenticationFlowChainHandler = new AuthenticationFlowChainHandler(linkedList);
        Mockito.when(this.jwtService.encode((JWT) ArgumentMatchers.any(JWT.class), (CertificateProvider) ArgumentMatchers.eq((Object) null))).thenReturn(Single.just("token"));
        Factor factor = new Factor();
        factor.setFactorType(FactorType.SMS);
        Factor factor2 = new Factor();
        factor2.setFactorType(FactorType.RECOVERY_CODE);
        Mockito.when(this.factorManager.getFactor(ArgumentMatchers.anyString())).thenReturn(factor);
        Mockito.when(this.factorManager.getFactor(FACTOR_RECOVERY_CODE_ID)).thenReturn(factor2);
        this.router.route("/login").order(Integer.MIN_VALUE).handler(new CookieSessionHandler(this.jwtService, this.certificateManager, this.subjectManager, this.userEnhancer, "am-cookie", 108000L));
        this.router.route("/login").handler(authenticationFlowChainHandler).handler(routingContext -> {
            routingContext.response().setStatusCode(200).end();
        }).failureHandler(new ErrorHandler());
    }

    @Test
    public void shouldRedirectToMFAEnrollmentPage_nominalCase() throws Exception {
        this.router.route().order(-1).handler(routingContext -> {
            Client client = new Client();
            client.setMfaSettings(createMFASettings(createEnrollSettings(true, false, MfaEnrollType.REQUIRED, 0L, ""), createChallengeSettings(false, MfaChallengeType.REQUIRED, "")));
            setFactors(client);
            routingContext.put("client", client);
            routingContext.getDelegate().setUser(new User(new io.gravitee.am.model.User()));
            routingContext.next();
        });
        testRequest(HttpMethod.GET, "/login", null, httpClientResponse -> {
            String str = httpClientResponse.headers().get("location");
            assertNotNull(str);
            assertTrue(str.endsWith("/mfa/enroll"));
        }, 302, "Found", null);
    }

    @Test
    public void shouldRedirectToMFAEnrollmentPage_adaptiveMFA() throws Exception {
        this.router.route().order(-1).handler(routingContext -> {
            MFASettings createMFASettings = createMFASettings(createEnrollSettings(true, false, MfaEnrollType.REQUIRED, 0L, ""), createChallengeSettings(true, MfaChallengeType.CONDITIONAL, "{context.attributes['geoip']['country_iso_code'] == 'FR'"));
            Client client = new Client();
            client.setMfaSettings(createMFASettings);
            setFactors(client);
            routingContext.put("client", client);
            routingContext.put("geoip", new JsonObject().put("country_iso_code", "US").getMap());
            routingContext.getDelegate().setUser(new User(new io.gravitee.am.model.User()));
            routingContext.next();
        });
        testRequest(HttpMethod.GET, "/login", null, httpClientResponse -> {
            String str = httpClientResponse.headers().get("location");
            assertNotNull(str);
            assertTrue(str.endsWith("/mfa/enroll"));
        }, 302, "Found", null);
    }

    @Test
    public void shouldRedirectToMFAEnrollmentPage_adaptiveMFA_no_enroll() throws Exception {
        this.router.route().order(-1).handler(routingContext -> {
            MFASettings createMFASettings = createMFASettings(createEnrollSettings(true, false, MfaEnrollType.REQUIRED, 0L, ""), createChallengeSettings(true, MfaChallengeType.CONDITIONAL, "{context.attributes['geoip']['country_iso_code'] == 'FR'"));
            Client client = new Client();
            setFactors(client);
            routingContext.put("client", client);
            client.setMfaSettings(createMFASettings);
            routingContext.put("geoip", new JsonObject().put("country_iso_code", "FR").getMap());
            routingContext.getDelegate().setUser(new User(new io.gravitee.am.model.User()));
            routingContext.next();
        });
        testRequest(HttpMethod.GET, "/login", null, httpClientResponse -> {
            String str = httpClientResponse.headers().get("location");
            assertNotNull(str);
            assertTrue(str.endsWith("/mfa/enroll"));
        }, 302, "Found", null);
    }

    @Test
    public void shouldNoRedirectToMFAChallengePage_adaptiveMFA_no_active_enroll_and_endUser_not_enrolled() throws Exception {
        this.router.route().order(-1).handler(routingContext -> {
            MFASettings createMFASettings = createMFASettings(createEnrollSettings(true, false, MfaEnrollType.REQUIRED, 0L, ""), createChallengeSettings(true, MfaChallengeType.CONDITIONAL, "{context.attributes['geoip']['country_iso_code'] == 'FR'"));
            Client client = new Client();
            setFactors(client);
            routingContext.put("client", client);
            client.setMfaSettings(createMFASettings);
            routingContext.put("geoip", new JsonObject().put("country_iso_code", "FR").getMap());
            EnrolledFactor enrolledFactor = new EnrolledFactor();
            enrolledFactor.setFactorId("factor-id");
            enrolledFactor.setStatus(FactorStatus.PENDING_ACTIVATION);
            io.gravitee.am.model.User user = new io.gravitee.am.model.User();
            user.setFactors(List.of(enrolledFactor));
            routingContext.getDelegate().setUser(new User(user));
            routingContext.next();
        });
        testRequest(HttpMethod.GET, "/login", null, httpClientResponse -> {
            String str = httpClientResponse.headers().get("location");
            assertNotNull(str);
            assertTrue(str.endsWith("/mfa/enroll"));
        }, 302, "Found", null);
    }

    @Test
    public void shouldRedirectToMFAChallengePage_adaptiveMFA_no_active_enroll_and_endUser_is_enrolling() throws Exception {
        this.router.route().order(-1).handler(routingContext -> {
            MFASettings createMFASettings = createMFASettings(createEnrollSettings(true, false, MfaEnrollType.REQUIRED, 0L, ""), createChallengeSettings(true, MfaChallengeType.CONDITIONAL, "{context.attributes['geoip']['country_iso_code'] == 'FR'"));
            Client client = new Client();
            setFactors(client);
            routingContext.put("client", client);
            client.setMfaSettings(createMFASettings);
            routingContext.put("geoip", new JsonObject().put("country_iso_code", "FR").getMap());
            EnrolledFactor enrolledFactor = new EnrolledFactor();
            enrolledFactor.setFactorId("factor-id");
            enrolledFactor.setStatus(FactorStatus.PENDING_ACTIVATION);
            io.gravitee.am.model.User user = new io.gravitee.am.model.User();
            user.setFactors(List.of(enrolledFactor));
            routingContext.getDelegate().setUser(new User(user));
            routingContext.session().put("enrolledFactorId", "factor-id");
            routingContext.next();
        });
        testRequest(HttpMethod.GET, "/login", null, httpClientResponse -> {
            String str = httpClientResponse.headers().get("location");
            assertNotNull(str);
            assertTrue(str.endsWith("/mfa/challenge"));
        }, 302, "Found", null);
    }

    @Test
    public void shouldRedirectToMFAEnrollmentPage_device_unknown() throws Exception {
        this.router.route().order(-1).handler(routingContext -> {
            Client client = new Client();
            setFactors(client);
            routingContext.put("client", client);
            MFASettings createMFASettings = createMFASettings(createEnrollSettings(false, false, MfaEnrollType.REQUIRED, 0L, ""), createChallengeSettings(true, MfaChallengeType.REQUIRED, ""));
            RememberDeviceSettings rememberDeviceSettings = new RememberDeviceSettings();
            rememberDeviceSettings.setActive(true);
            createMFASettings.setRememberDevice(rememberDeviceSettings);
            routingContext.session().put("deviceAlreadyExists", false);
            client.setMfaSettings(createMFASettings);
            routingContext.getDelegate().setUser(new User(new io.gravitee.am.model.User()));
            routingContext.next();
        });
        testRequest(HttpMethod.GET, "/login", null, httpClientResponse -> {
            String str = httpClientResponse.headers().get("location");
            assertNotNull(str);
            assertTrue(str.endsWith("/mfa/enroll"));
        }, 302, "Found", null);
    }

    @Test
    public void shouldSkipEnrollmentPage_silent_auth() throws Exception {
        this.router.route().order(-1).handler(routingContext -> {
            Client client = new Client();
            client.setFactors(Collections.singleton("factor-1"));
            routingContext.put("client", client);
            client.setMfaSettings(new MFASettings());
            routingContext.getDelegate().setUser(new User(new io.gravitee.am.model.User()));
            routingContext.put("silentAuth", true);
            routingContext.next();
        });
        testRequest(HttpMethod.GET, "/login", 200, "OK");
    }

    @Test
    public void shouldRedirectToMFAChallengePage_nominalCase_no_enrolled_factor() throws Exception {
        this.router.route().order(-1).handler(routingContext -> {
            MFASettings createMFASettings = createMFASettings(createEnrollSettings(false, false, MfaEnrollType.REQUIRED, 0L, ""), createChallengeSettings(true, MfaChallengeType.REQUIRED, ""));
            Client client = new Client();
            setFactors(client);
            client.setMfaSettings(createMFASettings);
            routingContext.put("client", client);
            routingContext.session().put("enrolledFactorId", "factor-id");
            routingContext.getDelegate().setUser(new User(new io.gravitee.am.model.User()));
            routingContext.next();
        });
        testRequest(HttpMethod.GET, "/login", null, httpClientResponse -> {
            String str = httpClientResponse.headers().get("location");
            assertNotNull(str);
            assertTrue(str.endsWith("/mfa/challenge"));
        }, 302, "Found", null);
    }

    @Test
    public void shouldRedirectToMFAChallengePage_nominalCase() throws Exception {
        this.router.route().order(-1).handler(routingContext -> {
            MFASettings createMFASettings = createMFASettings(createEnrollSettings(true, false, MfaEnrollType.REQUIRED, 0L, ""), createChallengeSettings(true, MfaChallengeType.REQUIRED, ""));
            Client client = new Client();
            setFactors(client);
            client.setMfaSettings(createMFASettings);
            routingContext.put("client", client);
            EnrolledFactor enrolledFactor = new EnrolledFactor();
            enrolledFactor.setFactorId("factor-id");
            enrolledFactor.setStatus(FactorStatus.ACTIVATED);
            io.gravitee.am.model.User user = new io.gravitee.am.model.User();
            user.setFactors(Collections.singletonList(enrolledFactor));
            routingContext.getDelegate().setUser(new User(user));
            routingContext.next();
        });
        testRequest(HttpMethod.GET, "/login", null, httpClientResponse -> {
            String str = httpClientResponse.headers().get("location");
            assertNotNull(str);
            assertTrue(str.endsWith("/mfa/challenge"));
        }, 302, "Found", null);
    }

    @Test
    public void shouldContinue_user_strongly_auth() throws Exception {
        this.router.route().order(-1).handler(routingContext -> {
            Client client = new Client();
            setFactors(client);
            routingContext.put("client", client);
            EnrolledFactor enrolledFactor = new EnrolledFactor();
            enrolledFactor.setFactorId("factor-id");
            enrolledFactor.setStatus(FactorStatus.ACTIVATED);
            io.gravitee.am.model.User user = new io.gravitee.am.model.User();
            user.setFactors(Collections.singletonList(enrolledFactor));
            routingContext.getDelegate().setUser(new User(user));
            routingContext.session().put("strongAuthCompleted", true);
            routingContext.next();
        });
        testRequest(HttpMethod.GET, "/login", 200, "OK");
    }

    @Test
    public void shouldContinue_user_device_known() throws Exception {
        this.router.route().order(-1).handler(routingContext -> {
            Client client = new Client();
            setFactors(client);
            routingContext.put("client", client);
            MFASettings mFASettings = new MFASettings();
            RememberDeviceSettings rememberDeviceSettings = new RememberDeviceSettings();
            rememberDeviceSettings.setActive(true);
            mFASettings.setRememberDevice(rememberDeviceSettings);
            routingContext.session().put("deviceAlreadyExists", true);
            client.setMfaSettings(mFASettings);
            EnrolledFactor enrolledFactor = new EnrolledFactor();
            enrolledFactor.setFactorId("factor-id");
            enrolledFactor.setStatus(FactorStatus.ACTIVATED);
            io.gravitee.am.model.User user = new io.gravitee.am.model.User();
            user.setFactors(Collections.singletonList(enrolledFactor));
            routingContext.getDelegate().setUser(new User(user));
            routingContext.session().put("strongAuthCompleted", true);
            routingContext.next();
        });
        testRequest(HttpMethod.GET, "/login", 200, "OK");
    }

    @Test
    public void shouldNoRedirectToMFAChallengePage_device_remembered_but_no_matching_active_factor_and_endUser_not_enrolled() throws Exception {
        this.router.route().order(-1).handler(routingContext -> {
            MFASettings createMFASettings = createMFASettings(createEnrollSettings(true, false, MfaEnrollType.REQUIRED, 0L, ""), createChallengeSettings(true, MfaChallengeType.REQUIRED, ""));
            Client client = new Client();
            setFactors(client);
            routingContext.put("client", client);
            RememberDeviceSettings rememberDeviceSettings = new RememberDeviceSettings();
            rememberDeviceSettings.setActive(true);
            createMFASettings.setRememberDevice(rememberDeviceSettings);
            routingContext.session().put("deviceAlreadyExists", true);
            client.setMfaSettings(createMFASettings);
            EnrolledFactor enrolledFactor = new EnrolledFactor();
            enrolledFactor.setFactorId("factor-id");
            enrolledFactor.setStatus(FactorStatus.PENDING_ACTIVATION);
            io.gravitee.am.model.User user = new io.gravitee.am.model.User();
            user.setFactors(Collections.singletonList(enrolledFactor));
            routingContext.getDelegate().setUser(new User(user));
            routingContext.session().put("strongAuthCompleted", true);
            routingContext.next();
        });
        testRequest(HttpMethod.GET, "/login", null, httpClientResponse -> {
            String str = httpClientResponse.headers().get("location");
            assertNotNull(str);
            assertTrue(str.endsWith("/mfa/enroll"));
        }, 302, "Found", null);
    }

    @Test
    public void shouldRedirectToMFAChallengePage_device_remembered_but_no_matching_active_factor_and_endUser_is_enrolling() throws Exception {
        this.router.route().order(-1).handler(routingContext -> {
            MFASettings createMFASettings = createMFASettings(createEnrollSettings(true, false, MfaEnrollType.REQUIRED, 0L, ""), createChallengeSettings(true, MfaChallengeType.REQUIRED, ""));
            Client client = new Client();
            setFactors(client);
            routingContext.put("client", client);
            RememberDeviceSettings rememberDeviceSettings = new RememberDeviceSettings();
            rememberDeviceSettings.setActive(true);
            createMFASettings.setRememberDevice(rememberDeviceSettings);
            routingContext.session().put("deviceAlreadyExists", true);
            client.setMfaSettings(createMFASettings);
            EnrolledFactor enrolledFactor = new EnrolledFactor();
            enrolledFactor.setFactorId("factor-id");
            enrolledFactor.setStatus(FactorStatus.PENDING_ACTIVATION);
            io.gravitee.am.model.User user = new io.gravitee.am.model.User();
            user.setFactors(Collections.singletonList(enrolledFactor));
            routingContext.getDelegate().setUser(new User(user));
            routingContext.session().put("strongAuthCompleted", true);
            routingContext.session().put("enrolledFactorId", "factor-id");
            routingContext.next();
        });
        testRequest(HttpMethod.GET, "/login", null, httpClientResponse -> {
            String str = httpClientResponse.headers().get("location");
            assertNotNull(str);
            assertTrue(str.endsWith("/mfa/challenge"));
        }, 302, "Found", null);
    }

    @Test
    public void shouldNoRedirectToMFAChallengePage_device_remembered_but_active_factor_is_recovery_code_and_endUser_not_enrolled() throws Exception {
        this.router.route().order(-1).handler(routingContext -> {
            MFASettings createMFASettings = createMFASettings(createEnrollSettings(true, false, MfaEnrollType.REQUIRED, 0L, ""), createChallengeSettings(true, MfaChallengeType.REQUIRED, ""));
            Client client = new Client();
            setFactorsWithRecoveryCode(client);
            routingContext.put("client", client);
            RememberDeviceSettings rememberDeviceSettings = new RememberDeviceSettings();
            rememberDeviceSettings.setActive(true);
            createMFASettings.setRememberDevice(rememberDeviceSettings);
            routingContext.session().put("deviceAlreadyExists", true);
            client.setMfaSettings(createMFASettings);
            EnrolledFactor enrolledFactor = new EnrolledFactor();
            enrolledFactor.setFactorId(FACTOR_RECOVERY_CODE_ID);
            enrolledFactor.setStatus(FactorStatus.ACTIVATED);
            EnrolledFactor enrolledFactor2 = new EnrolledFactor();
            enrolledFactor2.setFactorId("factor-id");
            enrolledFactor2.setStatus(FactorStatus.PENDING_ACTIVATION);
            io.gravitee.am.model.User user = new io.gravitee.am.model.User();
            user.setFactors(List.of(enrolledFactor, enrolledFactor2));
            routingContext.getDelegate().setUser(new User(user));
            routingContext.session().put("strongAuthCompleted", false);
            routingContext.next();
        });
        testRequest(HttpMethod.GET, "/login", null, httpClientResponse -> {
            String str = httpClientResponse.headers().get("location");
            assertNotNull(str);
            assertTrue(str.endsWith("/mfa/enroll"));
        }, 302, "Found", null);
    }

    @Test
    public void shouldRedirectToMFAChallengePage_device_remembered_but_active_factor_is_recovery_code_and_endUser_is_enrolling() throws Exception {
        this.router.route().order(-1).handler(routingContext -> {
            MFASettings createMFASettings = createMFASettings(createEnrollSettings(true, false, MfaEnrollType.REQUIRED, 0L, ""), createChallengeSettings(true, MfaChallengeType.REQUIRED, ""));
            Client client = new Client();
            setFactorsWithRecoveryCode(client);
            routingContext.put("client", client);
            RememberDeviceSettings rememberDeviceSettings = new RememberDeviceSettings();
            rememberDeviceSettings.setActive(true);
            createMFASettings.setRememberDevice(rememberDeviceSettings);
            routingContext.session().put("deviceAlreadyExists", true);
            client.setMfaSettings(createMFASettings);
            EnrolledFactor enrolledFactor = new EnrolledFactor();
            enrolledFactor.setFactorId(FACTOR_RECOVERY_CODE_ID);
            enrolledFactor.setStatus(FactorStatus.ACTIVATED);
            EnrolledFactor enrolledFactor2 = new EnrolledFactor();
            enrolledFactor2.setFactorId("factor-id");
            enrolledFactor2.setStatus(FactorStatus.PENDING_ACTIVATION);
            io.gravitee.am.model.User user = new io.gravitee.am.model.User();
            user.setFactors(List.of(enrolledFactor, enrolledFactor2));
            routingContext.getDelegate().setUser(new User(user));
            routingContext.session().put("strongAuthCompleted", false);
            routingContext.session().put("enrolledFactorId", "factor-id");
            routingContext.next();
        });
        testRequest(HttpMethod.GET, "/login", null, httpClientResponse -> {
            String str = httpClientResponse.headers().get("location");
            assertNotNull(str);
            assertTrue(str.endsWith("/mfa/challenge"));
        }, 302, "Found", null);
    }

    @Test
    public void shouldRedirectToChallenge_user_device_known_and_step_up_active_strongly_auth() throws Exception {
        this.router.route().order(-1).handler(routingContext -> {
            MFASettings createMFASettings = createMFASettings(createEnrollSettings(true, false, MfaEnrollType.REQUIRED, 0L, ""), createChallengeSettings(true, MfaChallengeType.REQUIRED, ""));
            Client client = new Client();
            setFactors(client);
            routingContext.put("client", client);
            StepUpAuthenticationSettings stepUpAuthenticationSettings = new StepUpAuthenticationSettings();
            stepUpAuthenticationSettings.setActive(true);
            stepUpAuthenticationSettings.setStepUpAuthenticationRule("{true}");
            createMFASettings.setStepUpAuthentication(stepUpAuthenticationSettings);
            RememberDeviceSettings rememberDeviceSettings = new RememberDeviceSettings();
            rememberDeviceSettings.setActive(true);
            createMFASettings.setRememberDevice(rememberDeviceSettings);
            routingContext.session().put("deviceAlreadyExists", true);
            client.setMfaSettings(createMFASettings);
            EnrolledFactor enrolledFactor = new EnrolledFactor();
            enrolledFactor.setFactorId("factor-id");
            enrolledFactor.setStatus(FactorStatus.ACTIVATED);
            io.gravitee.am.model.User user = new io.gravitee.am.model.User();
            user.setFactors(Collections.singletonList(enrolledFactor));
            routingContext.getDelegate().setUser(new User(user));
            routingContext.session().put("strongAuthCompleted", true);
            routingContext.next();
        });
        testRequest(HttpMethod.GET, "/login?scope=write", null, httpClientResponse -> {
            String str = httpClientResponse.headers().get("location");
            assertNotNull(str);
            assertTrue(str.endsWith("/mfa/challenge?scope=write"));
        }, 302, "Found", null);
    }

    @Test
    public void shouldRedirectToChallenge_user_device_known_and_step_up_active_not_strongly_auth() throws Exception {
        this.router.route().order(-1).handler(routingContext -> {
            MFASettings createMFASettings = createMFASettings(createEnrollSettings(true, false, MfaEnrollType.REQUIRED, 0L, ""), createChallengeSettings(true, MfaChallengeType.REQUIRED, ""));
            Client client = new Client();
            setFactors(client);
            routingContext.put("client", client);
            StepUpAuthenticationSettings stepUpAuthenticationSettings = new StepUpAuthenticationSettings();
            stepUpAuthenticationSettings.setActive(true);
            stepUpAuthenticationSettings.setStepUpAuthenticationRule("{true}");
            createMFASettings.setStepUpAuthentication(stepUpAuthenticationSettings);
            RememberDeviceSettings rememberDeviceSettings = new RememberDeviceSettings();
            rememberDeviceSettings.setActive(true);
            createMFASettings.setRememberDevice(rememberDeviceSettings);
            routingContext.session().put("deviceAlreadyExists", true);
            client.setMfaSettings(createMFASettings);
            EnrolledFactor enrolledFactor = new EnrolledFactor();
            enrolledFactor.setFactorId("factor-id");
            enrolledFactor.setStatus(FactorStatus.ACTIVATED);
            io.gravitee.am.model.User user = new io.gravitee.am.model.User();
            user.setFactors(Collections.singletonList(enrolledFactor));
            routingContext.getDelegate().setUser(new User(user));
            routingContext.session().put("strongAuthCompleted", false);
            routingContext.session().put("mfaChallengeCompleted", false);
            routingContext.next();
        });
        testRequest(HttpMethod.GET, "/login", null, httpClientResponse -> {
            String str = httpClientResponse.headers().get("location");
            assertNotNull(str);
            assertTrue(str.endsWith("/mfa/challenge"));
        }, 302, "Found", null);
    }

    @Test
    public void shouldContinue_user_device_known_and_step_up_active_but_not_match() throws Exception {
        this.router.route().order(-1).handler(routingContext -> {
            MFASettings createMFASettings = createMFASettings(createEnrollSettings(true, false, MfaEnrollType.REQUIRED, 0L, ""), createChallengeSettings(true, MfaChallengeType.REQUIRED, ""));
            Client client = new Client();
            setFactors(client);
            routingContext.put("client", client);
            StepUpAuthenticationSettings stepUpAuthenticationSettings = new StepUpAuthenticationSettings();
            stepUpAuthenticationSettings.setActive(true);
            stepUpAuthenticationSettings.setStepUpAuthenticationRule("{false}");
            createMFASettings.setStepUpAuthentication(stepUpAuthenticationSettings);
            RememberDeviceSettings rememberDeviceSettings = new RememberDeviceSettings();
            rememberDeviceSettings.setActive(true);
            createMFASettings.setRememberDevice(rememberDeviceSettings);
            routingContext.session().put("deviceAlreadyExists", true);
            client.setMfaSettings(createMFASettings);
            EnrolledFactor enrolledFactor = new EnrolledFactor();
            enrolledFactor.setFactorId("factor-id");
            enrolledFactor.setStatus(FactorStatus.ACTIVATED);
            io.gravitee.am.model.User user = new io.gravitee.am.model.User();
            user.setFactors(Collections.singletonList(enrolledFactor));
            routingContext.getDelegate().setUser(new User(user));
            routingContext.session().put("strongAuthCompleted", false);
            routingContext.session().put("mfaChallengeCompleted", false);
            routingContext.next();
        });
        testRequest(HttpMethod.GET, "/login", 200, "OK");
    }

    @Test
    public void shouldContinue_user_device_known_and_step_up_active_strongly_auth() throws Exception {
        this.router.route().order(-1).handler(routingContext -> {
            MFASettings createMFASettings = createMFASettings(createEnrollSettings(true, false, MfaEnrollType.REQUIRED, 0L, ""), createChallengeSettings(true, MfaChallengeType.REQUIRED, ""));
            Client client = new Client();
            setFactors(client);
            routingContext.put("client", client);
            StepUpAuthenticationSettings stepUpAuthenticationSettings = new StepUpAuthenticationSettings();
            stepUpAuthenticationSettings.setActive(true);
            stepUpAuthenticationSettings.setStepUpAuthenticationRule("{true}");
            createMFASettings.setStepUpAuthentication(stepUpAuthenticationSettings);
            RememberDeviceSettings rememberDeviceSettings = new RememberDeviceSettings();
            rememberDeviceSettings.setActive(true);
            createMFASettings.setRememberDevice(rememberDeviceSettings);
            routingContext.session().put("deviceAlreadyExists", true);
            client.setMfaSettings(createMFASettings);
            EnrolledFactor enrolledFactor = new EnrolledFactor();
            enrolledFactor.setFactorId("factor-id");
            enrolledFactor.setStatus(FactorStatus.ACTIVATED);
            io.gravitee.am.model.User user = new io.gravitee.am.model.User();
            user.setFactors(Collections.singletonList(enrolledFactor));
            routingContext.getDelegate().setUser(new User(user));
            routingContext.session().put("strongAuthCompleted", true);
            routingContext.session().put("mfaChallengeCompleted", true);
            routingContext.next();
        });
        testRequest(HttpMethod.GET, "/login", 200, "OK");
    }

    @Test
    public void shouldContinue_user_coming_from_mfa_challenge() throws Exception {
        this.router.route().order(-1).handler(routingContext -> {
            Client client = new Client();
            setFactors(client);
            routingContext.put("client", client);
            EnrolledFactor enrolledFactor = new EnrolledFactor();
            enrolledFactor.setFactorId("factor-id");
            enrolledFactor.setStatus(FactorStatus.ACTIVATED);
            io.gravitee.am.model.User user = new io.gravitee.am.model.User();
            user.setFactors(Collections.singletonList(enrolledFactor));
            routingContext.getDelegate().setUser(new User(user));
            routingContext.session().put("mfaChallengeCompleted", true);
            routingContext.next();
        });
        testRequest(HttpMethod.GET, "/login", 200, "OK");
    }

    @Test
    public void shouldRedirectToMFAChallengePage_stepUp_authentication() throws Exception {
        this.router.route().order(-1).handler(routingContext -> {
            MFASettings createMFASettings = createMFASettings(createEnrollSettings(true, false, MfaEnrollType.REQUIRED, 0L, ""), createChallengeSettings(true, MfaChallengeType.REQUIRED, ""));
            Client client = new Client();
            setFactors(client);
            routingContext.put("client", client);
            StepUpAuthenticationSettings stepUpAuthenticationSettings = new StepUpAuthenticationSettings();
            stepUpAuthenticationSettings.setActive(true);
            stepUpAuthenticationSettings.setStepUpAuthenticationRule("{#request.params['scope'][0] == 'write'}");
            createMFASettings.setStepUpAuthentication(stepUpAuthenticationSettings);
            client.setMfaSettings(createMFASettings);
            EnrolledFactor enrolledFactor = new EnrolledFactor();
            enrolledFactor.setFactorId("factor-id");
            enrolledFactor.setStatus(FactorStatus.ACTIVATED);
            io.gravitee.am.model.User user = new io.gravitee.am.model.User();
            user.setFactors(Collections.singletonList(enrolledFactor));
            routingContext.getDelegate().setUser(new User(user));
            routingContext.session().put("strongAuthCompleted", true);
            routingContext.next();
        });
        testRequest(HttpMethod.GET, "/login?scope=write", null, httpClientResponse -> {
            String str = httpClientResponse.headers().get("location");
            assertNotNull(str);
            assertTrue(str.endsWith("/mfa/challenge?scope=write"));
        }, 302, "Found", null);
    }

    @Test
    public void shouldRedirectToMFAChallengePage_adaptiveMFA() throws Exception {
        this.router.route().order(-1).handler(routingContext -> {
            MFASettings createMFASettings = createMFASettings(createEnrollSettings(true, false, MfaEnrollType.REQUIRED, 0L, ""), createChallengeSettings(true, MfaChallengeType.CONDITIONAL, "{#context.attributes['geoip']['country_iso_code'] == 'FR'}"));
            Client client = new Client();
            setFactors(client);
            routingContext.put("client", client);
            routingContext.put("geoip", new JsonObject().put("country_iso_code", "US").getMap());
            client.setMfaSettings(createMFASettings);
            EnrolledFactor enrolledFactor = new EnrolledFactor();
            enrolledFactor.setFactorId("factor-id");
            enrolledFactor.setStatus(FactorStatus.ACTIVATED);
            io.gravitee.am.model.User user = new io.gravitee.am.model.User();
            user.setFactors(Collections.singletonList(enrolledFactor));
            routingContext.getDelegate().setUser(new User(user));
            routingContext.session().put("strongAuthCompleted", false);
            routingContext.next();
        });
        testRequest(HttpMethod.GET, "/login", null, httpClientResponse -> {
            String str = httpClientResponse.headers().get("location");
            assertNotNull(str);
            assertTrue(str.endsWith("/mfa/challenge"));
        }, 302, "Found", null);
    }

    @Test
    public void shouldRedirectToMFAChallengePage_adaptiveMFA_with_step_up_true_strong_auth_true() throws Exception {
        this.router.route().order(-1).handler(routingContext -> {
            MFASettings createMFASettings = createMFASettings(createEnrollSettings(true, false, MfaEnrollType.REQUIRED, 0L, ""), createChallengeSettings(true, MfaChallengeType.RISK_BASED, "{#context.attributes['geoip']['country_iso_code'] == 'FR'}"));
            Client client = new Client();
            setFactors(client);
            routingContext.put("client", client);
            RememberDeviceSettings rememberDeviceSettings = new RememberDeviceSettings();
            rememberDeviceSettings.setActive(true);
            createMFASettings.setRememberDevice(rememberDeviceSettings);
            routingContext.session().put("deviceAlreadyExists", true);
            StepUpAuthenticationSettings stepUpAuthenticationSettings = new StepUpAuthenticationSettings();
            stepUpAuthenticationSettings.setActive(true);
            stepUpAuthenticationSettings.setStepUpAuthenticationRule("{#request.params['scope'][0].contains('write')}");
            createMFASettings.setStepUpAuthentication(stepUpAuthenticationSettings);
            routingContext.put("geoip", new JsonObject().put("country_iso_code", "FR").getMap());
            client.setMfaSettings(createMFASettings);
            EnrolledFactor enrolledFactor = new EnrolledFactor();
            enrolledFactor.setFactorId("factor-id");
            enrolledFactor.setStatus(FactorStatus.ACTIVATED);
            io.gravitee.am.model.User user = new io.gravitee.am.model.User();
            user.setFactors(Collections.singletonList(enrolledFactor));
            routingContext.getDelegate().setUser(new User(user));
            routingContext.session().put("strongAuthCompleted", true);
            routingContext.next();
        });
        testRequest(HttpMethod.GET, "/login?scope=read", 200, "OK");
    }

    @Test
    public void shouldContinue_adaptiveMFA_with_step_up_false_strong_auth_true_device_known() throws Exception {
        this.router.route().order(-1).handler(routingContext -> {
            MFASettings createMFASettings = createMFASettings(createEnrollSettings(true, false, MfaEnrollType.REQUIRED, 0L, ""), createChallengeSettings(true, MfaChallengeType.RISK_BASED, "{#context.attributes['geoip']['country_iso_code'] == 'FR'}"));
            Client client = new Client();
            setFactors(client);
            routingContext.put("client", client);
            RememberDeviceSettings rememberDeviceSettings = new RememberDeviceSettings();
            rememberDeviceSettings.setActive(true);
            createMFASettings.setRememberDevice(rememberDeviceSettings);
            routingContext.session().put("deviceAlreadyExists", true);
            StepUpAuthenticationSettings stepUpAuthenticationSettings = new StepUpAuthenticationSettings();
            stepUpAuthenticationSettings.setActive(true);
            stepUpAuthenticationSettings.setStepUpAuthenticationRule("{#request.params['scope'][0].contains('write')}");
            createMFASettings.setStepUpAuthentication(stepUpAuthenticationSettings);
            routingContext.put("geoip", new JsonObject().put("country_iso_code", "FR").getMap());
            client.setMfaSettings(createMFASettings);
            EnrolledFactor enrolledFactor = new EnrolledFactor();
            enrolledFactor.setFactorId("factor-id");
            enrolledFactor.setStatus(FactorStatus.ACTIVATED);
            io.gravitee.am.model.User user = new io.gravitee.am.model.User();
            user.setFactors(Collections.singletonList(enrolledFactor));
            routingContext.getDelegate().setUser(new User(user));
            routingContext.session().put("strongAuthCompleted", true);
            routingContext.session().put("mfaChallengeCompleted", true);
            routingContext.next();
        });
        testRequest(HttpMethod.GET, "/login?scope=read", 200, "OK");
    }

    @Test
    public void shouldRedirectToMFAChallengePage_rememberDevice() throws Exception {
        this.router.route().order(-1).handler(routingContext -> {
            MFASettings createMFASettings = createMFASettings(createEnrollSettings(true, false, MfaEnrollType.REQUIRED, 0L, ""), createChallengeSettings(true, MfaChallengeType.REQUIRED, ""));
            Client client = new Client();
            setFactors(client);
            routingContext.put("client", client);
            RememberDeviceSettings rememberDeviceSettings = new RememberDeviceSettings();
            rememberDeviceSettings.setActive(true);
            createMFASettings.setRememberDevice(rememberDeviceSettings);
            routingContext.session().put("deviceAlreadyExists", false);
            client.setMfaSettings(createMFASettings);
            EnrolledFactor enrolledFactor = new EnrolledFactor();
            enrolledFactor.setFactorId("factor-id");
            enrolledFactor.setStatus(FactorStatus.ACTIVATED);
            io.gravitee.am.model.User user = new io.gravitee.am.model.User();
            user.setFactors(Collections.singletonList(enrolledFactor));
            routingContext.getDelegate().setUser(new User(user));
            routingContext.next();
        });
        testRequest(HttpMethod.GET, "/login", null, httpClientResponse -> {
            String str = httpClientResponse.headers().get("location");
            assertNotNull(str);
            assertTrue(str.endsWith("/mfa/challenge"));
        }, 302, "Found", null);
    }

    @Test
    public void shouldSkipMFAChallengePage_silent_auth() throws Exception {
        this.router.route().order(-1).handler(routingContext -> {
            Client client = new Client();
            client.setFactors(Collections.singleton("factor-1"));
            routingContext.put("client", client);
            client.setMfaSettings(new MFASettings());
            EnrolledFactor enrolledFactor = new EnrolledFactor();
            enrolledFactor.setFactorId("factor-1");
            enrolledFactor.setStatus(FactorStatus.ACTIVATED);
            io.gravitee.am.model.User user = new io.gravitee.am.model.User();
            user.setFactors(Collections.singletonList(enrolledFactor));
            routingContext.getDelegate().setUser(new User(user));
            routingContext.put("silentAuth", true);
            routingContext.next();
        });
        testRequest(HttpMethod.GET, "/login", 200, "OK");
    }

    @Test
    public void shouldContinue_rememberDevice_with_device_assessment_enabled() throws Exception {
        this.router.route().order(-1).handler(routingContext -> {
            Client client = new Client();
            setFactors(client);
            routingContext.put("client", client);
            client.setRiskAssessment(new RiskAssessmentSettings().setEnabled(true).setDeviceAssessment(new AssessmentSettings().setEnabled(true)));
            MFASettings mFASettings = new MFASettings();
            RememberDeviceSettings rememberDeviceSettings = new RememberDeviceSettings();
            rememberDeviceSettings.setActive(true);
            mFASettings.setRememberDevice(rememberDeviceSettings);
            routingContext.session().put("risk_assessment", new AssessmentMessageResult().setDevices(new AssessmentResult().setAssessment(Assessment.SAFE).setResult(Double.valueOf(0.0d))));
            routingContext.session().put("deviceAlreadyExists", false);
            client.setMfaSettings(mFASettings);
            EnrolledFactor enrolledFactor = new EnrolledFactor();
            enrolledFactor.setFactorId("factor-id");
            enrolledFactor.setStatus(FactorStatus.ACTIVATED);
            io.gravitee.am.model.User user = new io.gravitee.am.model.User();
            user.setFactors(Collections.singletonList(enrolledFactor));
            routingContext.getDelegate().setUser(new User(user));
            routingContext.next();
        });
        testRequest(HttpMethod.GET, "/login", 200, "OK");
    }

    @Test
    public void shouldRedirectToMFAChallengePage_rememberDevice_with_risk_assessment_but_no_device() throws Exception {
        this.router.route().order(-1).handler(routingContext -> {
            MFASettings createMFASettings = createMFASettings(createEnrollSettings(true, false, MfaEnrollType.REQUIRED, 0L, ""), createChallengeSettings(true, MfaChallengeType.REQUIRED, ""));
            Client client = new Client();
            setFactors(client);
            routingContext.put("client", client);
            client.setRiskAssessment(new RiskAssessmentSettings());
            RememberDeviceSettings rememberDeviceSettings = new RememberDeviceSettings();
            rememberDeviceSettings.setActive(true);
            createMFASettings.setRememberDevice(rememberDeviceSettings);
            routingContext.session().put("deviceAlreadyExists", false);
            client.setMfaSettings(createMFASettings);
            EnrolledFactor enrolledFactor = new EnrolledFactor();
            enrolledFactor.setFactorId("factor-id");
            enrolledFactor.setStatus(FactorStatus.ACTIVATED);
            io.gravitee.am.model.User user = new io.gravitee.am.model.User();
            user.setFactors(Collections.singletonList(enrolledFactor));
            routingContext.getDelegate().setUser(new User(user));
            routingContext.next();
        });
        testRequest(HttpMethod.GET, "/login", null, httpClientResponse -> {
            String str = httpClientResponse.headers().get("location");
            assertNotNull(str);
            assertTrue(str.endsWith("/mfa/challenge"));
        }, 302, "Found", null);
    }

    @Test
    public void shouldRedirectToMFAChallengePage_stepUp_authentication_2() throws Exception {
        this.router.route().order(-1).handler(routingContext -> {
            MFASettings createMFASettings = createMFASettings(createEnrollSettings(true, false, MfaEnrollType.REQUIRED, 0L, ""), createChallengeSettings(true, MfaChallengeType.REQUIRED, ""));
            Client client = new Client();
            setFactors(client);
            routingContext.put("client", client);
            StepUpAuthenticationSettings stepUpAuthenticationSettings = new StepUpAuthenticationSettings();
            stepUpAuthenticationSettings.setActive(true);
            stepUpAuthenticationSettings.setStepUpAuthenticationRule("{#request.params['scope'][0].contains('write')}");
            createMFASettings.setStepUpAuthentication(stepUpAuthenticationSettings);
            client.setMfaSettings(createMFASettings);
            EnrolledFactor enrolledFactor = new EnrolledFactor();
            enrolledFactor.setFactorId("factor-id");
            enrolledFactor.setStatus(FactorStatus.ACTIVATED);
            io.gravitee.am.model.User user = new io.gravitee.am.model.User();
            user.setFactors(Collections.singletonList(enrolledFactor));
            routingContext.getDelegate().setUser(new User(user));
            routingContext.session().put("strongAuthCompleted", true);
            routingContext.next();
        });
        testRequest(HttpMethod.GET, "/login?scope=read%20write", null, httpClientResponse -> {
            String str = httpClientResponse.headers().get("location");
            assertNotNull(str);
            assertTrue(str.endsWith("/mfa/challenge?scope=read+write"));
        }, 302, "Found", null);
    }

    @Test
    public void shouldRedirectToMFAChallengePage_adaptiveMFA_2() throws Exception {
        this.router.route().order(-1).handler(routingContext -> {
            MFASettings createMFASettings = createMFASettings(createEnrollSettings(true, false, MfaEnrollType.REQUIRED, 0L, ""), createChallengeSettings(true, MfaChallengeType.RISK_BASED, "{#context.attributes['geoip']['country_iso_code'] == 'FR'}"));
            Client client = new Client();
            setFactors(client);
            routingContext.put("client", client);
            routingContext.put("geoip", new JsonObject().put("country_iso_code", "US").getMap());
            client.setMfaSettings(createMFASettings);
            EnrolledFactor enrolledFactor = new EnrolledFactor();
            enrolledFactor.setFactorId("factor-id");
            enrolledFactor.setStatus(FactorStatus.ACTIVATED);
            io.gravitee.am.model.User user = new io.gravitee.am.model.User();
            user.setFactors(Collections.singletonList(enrolledFactor));
            routingContext.getDelegate().setUser(new User(user));
            routingContext.session().put("strongAuthCompleted", false);
            routingContext.next();
        });
        testRequest(HttpMethod.GET, "/login?scope=read%20write", null, httpClientResponse -> {
            String str = httpClientResponse.headers().get("location");
            assertNotNull(str);
            assertTrue(str.endsWith("/mfa/challenge?scope=read+write"));
        }, 302, "Found", null);
    }

    @Test
    public void shouldRedirectToMFAChallengePage_adaptiveMFA_2_user_auth() throws Exception {
        this.router.route().order(-1).handler(routingContext -> {
            MFASettings createMFASettings = createMFASettings(createEnrollSettings(true, false, MfaEnrollType.REQUIRED, 0L, ""), createChallengeSettings(true, MfaChallengeType.CONDITIONAL, "{#context.attributes['geoip']['country_iso_code'] == 'FR'}"));
            Client client = new Client();
            setFactors(client);
            routingContext.put("client", client);
            routingContext.put("geoip", new JsonObject().put("country_iso_code", "US").getMap());
            client.setMfaSettings(createMFASettings);
            EnrolledFactor enrolledFactor = new EnrolledFactor();
            enrolledFactor.setFactorId("factor-id");
            enrolledFactor.setStatus(FactorStatus.ACTIVATED);
            io.gravitee.am.model.User user = new io.gravitee.am.model.User();
            user.setFactors(Collections.singletonList(enrolledFactor));
            routingContext.getDelegate().setUser(new User(user));
            routingContext.session().put("userLoginCompleted", true);
            routingContext.next();
        });
        testRequest(HttpMethod.GET, "/login", null, httpClientResponse -> {
            String str = httpClientResponse.headers().get("location");
            assertNotNull(str);
            assertTrue(str.endsWith("/mfa/challenge"));
        }, 302, "Found", null);
    }

    @Test
    public void shouldRedirectToMFAChallengePage_adaptiveMFA_3_factor_is_pending() throws Exception {
        this.router.route().order(-1).handler(routingContext -> {
            MFASettings createMFASettings = createMFASettings(createEnrollSettings(true, false, MfaEnrollType.REQUIRED, 0L, ""), createChallengeSettings(true, MfaChallengeType.CONDITIONAL, "{#context.attributes['geoip']['country_iso_code'] == 'FR'}"));
            Client client = new Client();
            setFactors(client);
            routingContext.put("client", client);
            routingContext.put("geoip", new JsonObject().put("country_iso_code", "FR").getMap());
            client.setMfaSettings(createMFASettings);
            routingContext.session().put("enrolledFactorId", "factor-id");
            EnrolledFactor enrolledFactor = new EnrolledFactor();
            enrolledFactor.setFactorId("factor-id");
            enrolledFactor.setStatus(FactorStatus.PENDING_ACTIVATION);
            io.gravitee.am.model.User user = new io.gravitee.am.model.User();
            user.setFactors(Collections.singletonList(enrolledFactor));
            routingContext.getDelegate().setUser(new User(user));
            routingContext.session().put("userLoginCompleted", true);
            routingContext.next();
        });
        testRequest(HttpMethod.GET, "/login?scope=read%20write", null, httpClientResponse -> {
            String str = httpClientResponse.headers().get("location");
            assertNotNull(str);
            assertTrue(str.endsWith("/mfa/challenge?scope=read+write"));
        }, 302, "Found", null);
    }

    @Test
    public void shouldNotRedirectToMFAChallengePage_adaptiveMFA_3_user_stronglyAuth() throws Exception {
        this.router.route().order(-1).handler(routingContext -> {
            Client client = new Client();
            setFactors(client);
            routingContext.put("client", client);
            MFASettings mFASettings = new MFASettings();
            routingContext.put("geoip", new JsonObject().put("country_iso_code", "FR").getMap());
            client.setMfaSettings(mFASettings);
            routingContext.session().put("enrolledFactorId", "factor-id");
            EnrolledFactor enrolledFactor = new EnrolledFactor();
            enrolledFactor.setFactorId("factor-id");
            enrolledFactor.setStatus(FactorStatus.ACTIVATED);
            io.gravitee.am.model.User user = new io.gravitee.am.model.User();
            user.setFactors(Collections.singletonList(enrolledFactor));
            routingContext.getDelegate().setUser(new User(user));
            routingContext.session().put("userLoginCompleted", true);
            routingContext.session().put("strongAuthCompleted", true);
            routingContext.next();
        });
        testRequest(HttpMethod.GET, "/login?scope=read%20write", 200, "OK");
    }

    @Test
    public void shouldRedirectToMFAChallengePage_adaptiveMFA_3_alternate_factor_id() throws Exception {
        this.router.route().order(-1).handler(routingContext -> {
            MFASettings createMFASettings = createMFASettings(createEnrollSettings(true, false, MfaEnrollType.REQUIRED, 0L, ""), createChallengeSettings(true, MfaChallengeType.CONDITIONAL, "{#context.attributes['geoip']['country_iso_code'] == 'FR'}"));
            Client client = new Client();
            setFactors(client);
            routingContext.put("client", client);
            routingContext.put("geoip", new JsonObject().put("country_iso_code", "FR").getMap());
            client.setMfaSettings(createMFASettings);
            routingContext.session().put("enrolledFactorId", "factor-id");
            routingContext.session().put("alternativeFactorId", "factor-2");
            EnrolledFactor enrolledFactor = new EnrolledFactor();
            enrolledFactor.setFactorId("factor-id");
            enrolledFactor.setStatus(FactorStatus.ACTIVATED);
            EnrolledFactor enrolledFactor2 = new EnrolledFactor();
            enrolledFactor2.setFactorId("factor-2");
            enrolledFactor2.setStatus(FactorStatus.ACTIVATED);
            io.gravitee.am.model.User user = new io.gravitee.am.model.User();
            user.setFactors(List.of(enrolledFactor, enrolledFactor2));
            routingContext.getDelegate().setUser(new User(user));
            routingContext.session().put("userLoginCompleted", true);
            routingContext.next();
        });
        testRequest(HttpMethod.GET, "/login", null, httpClientResponse -> {
            String str = httpClientResponse.headers().get("location");
            assertNotNull(str);
            assertTrue(str.endsWith("/mfa/challenge"));
        }, 302, "Found", null);
    }

    @Test
    public void shouldContinue_stepUp_authentication_condition_not_met() throws Exception {
        this.router.route().order(-1).handler(routingContext -> {
            Client client = new Client();
            setFactors(client);
            routingContext.put("client", client);
            MFASettings mFASettings = new MFASettings();
            StepUpAuthenticationSettings stepUpAuthenticationSettings = new StepUpAuthenticationSettings();
            stepUpAuthenticationSettings.setActive(true);
            stepUpAuthenticationSettings.setStepUpAuthenticationRule("{#request.params['scope'][0] == 'write'}");
            mFASettings.setStepUpAuthentication(stepUpAuthenticationSettings);
            client.setMfaSettings(mFASettings);
            EnrolledFactor enrolledFactor = new EnrolledFactor();
            enrolledFactor.setFactorId("factor-id");
            enrolledFactor.setStatus(FactorStatus.ACTIVATED);
            io.gravitee.am.model.User user = new io.gravitee.am.model.User();
            user.setFactors(Collections.singletonList(enrolledFactor));
            routingContext.getDelegate().setUser(new User(user));
            routingContext.session().put("strongAuthCompleted", true);
            routingContext.next();
        });
        testRequest(HttpMethod.GET, "/login?scope=read", 200, "OK");
    }

    @Test
    public void shouldContinue_adaptiveMFA_condition_not_met() throws Exception {
        this.router.route().order(-1).handler(routingContext -> {
            Client client = new Client();
            setFactors(client);
            routingContext.put("client", client);
            MFASettings mFASettings = new MFASettings();
            routingContext.put("geoip", new JsonObject().put("country_iso_code", "FR").getMap());
            client.setMfaSettings(mFASettings);
            EnrolledFactor enrolledFactor = new EnrolledFactor();
            enrolledFactor.setFactorId("factor-id");
            enrolledFactor.setStatus(FactorStatus.ACTIVATED);
            io.gravitee.am.model.User user = new io.gravitee.am.model.User();
            user.setFactors(Collections.singletonList(enrolledFactor));
            routingContext.getDelegate().setUser(new User(user));
            routingContext.session().put("strongAuthCompleted", true);
            routingContext.next();
        });
        testRequest(HttpMethod.GET, "/login", 200, "OK");
    }

    @Test
    public void shouldNotContinueUser_RecoveryCodeisAlreadyActive() throws Exception {
        this.router.route().order(-1).handler(routingContext -> {
            Client client = new Client();
            routingContext.put("client", client);
            Factor factor = new Factor();
            factor.setFactorType(FactorType.RECOVERY_CODE);
            factor.setId("factor-2");
            Mockito.when(this.factorManager.getFactor("factor-2")).thenReturn(factor);
            FactorSettings factorSettings = new FactorSettings();
            ApplicationFactorSettings applicationFactorSettings = new ApplicationFactorSettings();
            applicationFactorSettings.setId("factor-id");
            applicationFactorSettings.setSelectionRule("");
            ApplicationFactorSettings applicationFactorSettings2 = new ApplicationFactorSettings();
            applicationFactorSettings2.setId("factor-2");
            applicationFactorSettings2.setSelectionRule("");
            factorSettings.setApplicationFactors(List.of(applicationFactorSettings, applicationFactorSettings2));
            client.setFactorSettings(factorSettings);
            EnrolledFactor enrolledFactor = new EnrolledFactor();
            enrolledFactor.setFactorId("factor-id");
            enrolledFactor.setStatus(FactorStatus.ACTIVATED);
            EnrolledFactor enrolledFactor2 = new EnrolledFactor();
            enrolledFactor2.setFactorId("factor-2");
            io.gravitee.am.model.User user = new io.gravitee.am.model.User();
            user.setFactors(List.of(enrolledFactor, enrolledFactor2));
            routingContext.getDelegate().setUser(new User(user));
            routingContext.session().put("strongAuthCompleted", true);
            routingContext.next();
        });
        testRequest(HttpMethod.GET, "/login", null, httpClientResponse -> {
            String str = httpClientResponse.headers().get("location");
            assertNotNull(str);
            assertTrue(str.endsWith("/mfa/recovery_code"));
        }, 302, "Found", null);
    }

    @Test
    public void shouldContinueUser_RecoveryCode_active() throws Exception {
        this.router.route().order(-1).handler(routingContext -> {
            Client client = new Client();
            routingContext.put("client", client);
            FactorSettings factorSettings = new FactorSettings();
            ApplicationFactorSettings applicationFactorSettings = new ApplicationFactorSettings();
            applicationFactorSettings.setId("factor-id");
            applicationFactorSettings.setSelectionRule("");
            ApplicationFactorSettings applicationFactorSettings2 = new ApplicationFactorSettings();
            applicationFactorSettings2.setId("factor-2");
            applicationFactorSettings2.setSelectionRule("");
            factorSettings.setApplicationFactors(List.of(applicationFactorSettings, applicationFactorSettings2));
            client.setFactorSettings(factorSettings);
            EnrolledFactor enrolledFactor = new EnrolledFactor();
            enrolledFactor.setFactorId("factor-id");
            enrolledFactor.setStatus(FactorStatus.ACTIVATED);
            EnrolledFactor enrolledFactor2 = new EnrolledFactor();
            enrolledFactor2.setFactorId("factor-2");
            enrolledFactor2.setStatus(FactorStatus.ACTIVATED);
            enrolledFactor2.setSecurity(new EnrolledFactorSecurity("RECOVERY_CODE", (String) null));
            io.gravitee.am.model.User user = new io.gravitee.am.model.User();
            user.setFactors(List.of(enrolledFactor, enrolledFactor2));
            routingContext.getDelegate().setUser(new User(user));
            routingContext.session().put("strongAuthCompleted", true);
            routingContext.next();
        });
        testRequest(HttpMethod.GET, "/login", 200, "OK");
    }

    private void setFactors(Client client) {
        client.setFactors(Collections.singleton("factor-id"));
        FactorSettings factorSettings = new FactorSettings();
        factorSettings.setDefaultFactorId(DEFAULT_FACTOR_ID);
        ApplicationFactorSettings applicationFactorSettings = new ApplicationFactorSettings();
        applicationFactorSettings.setId(DEFAULT_FACTOR_ID);
        applicationFactorSettings.setSelectionRule("");
        ApplicationFactorSettings applicationFactorSettings2 = new ApplicationFactorSettings();
        applicationFactorSettings2.setId("factor-id");
        applicationFactorSettings2.setSelectionRule("");
        ArrayList arrayList = new ArrayList();
        arrayList.add(applicationFactorSettings);
        arrayList.add(applicationFactorSettings2);
        factorSettings.setApplicationFactors(arrayList);
        client.setFactorSettings(factorSettings);
    }

    private void setFactorsWithRecoveryCode(Client client) {
        FactorSettings factorSettings = new FactorSettings();
        factorSettings.setDefaultFactorId(DEFAULT_FACTOR_ID);
        ApplicationFactorSettings applicationFactorSettings = new ApplicationFactorSettings();
        applicationFactorSettings.setId(DEFAULT_FACTOR_ID);
        applicationFactorSettings.setSelectionRule("factor1-selection-rule");
        ApplicationFactorSettings applicationFactorSettings2 = new ApplicationFactorSettings();
        applicationFactorSettings2.setId("factor-id");
        applicationFactorSettings2.setSelectionRule("");
        ApplicationFactorSettings applicationFactorSettings3 = new ApplicationFactorSettings();
        applicationFactorSettings3.setId(FACTOR_RECOVERY_CODE_ID);
        applicationFactorSettings3.setSelectionRule("");
        ArrayList arrayList = new ArrayList();
        arrayList.add(applicationFactorSettings);
        arrayList.add(applicationFactorSettings2);
        arrayList.add(applicationFactorSettings3);
        factorSettings.setApplicationFactors(arrayList);
        client.setFactorSettings(factorSettings);
    }

    private MFASettings createMFASettings(EnrollSettings enrollSettings, ChallengeSettings challengeSettings) {
        MFASettings mFASettings = new MFASettings();
        mFASettings.setEnroll(enrollSettings);
        mFASettings.setChallenge(challengeSettings);
        return mFASettings;
    }

    private ChallengeSettings createChallengeSettings(boolean z, MfaChallengeType mfaChallengeType, String str) {
        ChallengeSettings challengeSettings = new ChallengeSettings();
        challengeSettings.setActive(z);
        challengeSettings.setType(mfaChallengeType);
        challengeSettings.setChallengeRule(str);
        return challengeSettings;
    }

    private EnrollSettings createEnrollSettings(boolean z, boolean z2, MfaEnrollType mfaEnrollType, long j, String str) {
        EnrollSettings enrollSettings = new EnrollSettings();
        enrollSettings.setActive(z);
        enrollSettings.setForceEnrollment(Boolean.valueOf(z2));
        enrollSettings.setType(mfaEnrollType);
        enrollSettings.setSkipTimeSeconds(Long.valueOf(j));
        enrollSettings.setEnrollmentRule(str);
        return enrollSettings;
    }
}
