package io.gravitee.am.gateway.handler.common.auth;

import io.gravitee.am.common.exception.authentication.AccountDisabledException;
import io.gravitee.am.common.exception.authentication.AccountEnforcePasswordException;
import io.gravitee.am.common.exception.authentication.AccountLockedException;
import io.gravitee.am.common.jwt.JWT;
import io.gravitee.am.common.policy.ExtensionPoint;
import io.gravitee.am.gateway.handler.common.auth.idp.IdentityProviderManager;
import io.gravitee.am.gateway.handler.common.auth.user.UserAuthenticationService;
import io.gravitee.am.gateway.handler.common.auth.user.impl.UserAuthenticationServiceImpl;
import io.gravitee.am.gateway.handler.common.jwt.SubjectManager;
import io.gravitee.am.gateway.handler.common.policy.RulesEngine;
import io.gravitee.am.gateway.handler.common.user.UserService;
import io.gravitee.am.identityprovider.api.Authentication;
import io.gravitee.am.identityprovider.api.AuthenticationProvider;
import io.gravitee.am.identityprovider.api.DefaultUser;
import io.gravitee.am.identityprovider.api.User;
import io.gravitee.am.model.Domain;
import io.gravitee.am.model.UserIdentity;
import io.gravitee.am.model.idp.ApplicationIdentityProvider;
import io.gravitee.am.model.login.LoginSettings;
import io.gravitee.am.model.oidc.Client;
import io.gravitee.am.repository.management.api.CommonUserRepository;
import io.gravitee.am.service.exception.UserNotFoundException;
import io.gravitee.gateway.api.ExecutionContext;
import io.gravitee.gateway.api.Request;
import io.reactivex.rxjava3.core.Maybe;
import io.reactivex.rxjava3.core.Single;
import io.reactivex.rxjava3.observers.TestObserver;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.TreeSet;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.ArgumentMatchers;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.junit.MockitoJUnitRunner;

@RunWith(MockitoJUnitRunner.class)
/* loaded from: input_file:io/gravitee/am/gateway/handler/common/auth/UserAuthenticationServiceTest.class */
public class UserAuthenticationServiceTest {

    @InjectMocks
    private UserAuthenticationService userAuthenticationService = new UserAuthenticationServiceImpl();

    @Mock
    private UserService userService;

    @Mock
    private SubjectManager subjectManager;

    @Mock
    private Domain domain;

    @Mock
    private IdentityProviderManager identityProviderManager;

    @Mock
    private RulesEngine rulesEngine;

    @Test
    public void shouldConnect_unknownUser() {
        User user = (User) Mockito.mock(User.class);
        Mockito.when(user.getUsername()).thenReturn("foo");
        Mockito.when(user.getId()).thenReturn("id");
        HashMap hashMap = new HashMap();
        hashMap.put("source", "SRC");
        hashMap.put("op_id_token", "somevalue");
        Mockito.when(user.getAdditionalInformation()).thenReturn(hashMap);
        io.gravitee.am.model.User user2 = (io.gravitee.am.model.User) Mockito.mock(io.gravitee.am.model.User.class);
        Mockito.when(user2.isEnabled()).thenReturn(true);
        ExecutionContext executionContext = (ExecutionContext) Mockito.mock(ExecutionContext.class);
        Mockito.when(this.domain.getId()).thenReturn("Domain");
        Mockito.when(this.userService.findByDomainAndExternalIdAndSource("Domain", "id", "SRC")).thenReturn(Maybe.empty());
        Mockito.when(this.userService.findByDomainAndUsernameAndSource("Domain", "foo", "SRC")).thenReturn(Maybe.empty());
        Mockito.when(this.userService.create((io.gravitee.am.model.User) ArgumentMatchers.any())).thenReturn(Single.just(user2));
        Mockito.when(this.userService.enhance(user2)).thenReturn(Single.just(user2));
        Mockito.when(this.rulesEngine.fire((ExtensionPoint) ArgumentMatchers.any(), (Request) ArgumentMatchers.any(), (Client) ArgumentMatchers.any(), (io.gravitee.am.model.User) ArgumentMatchers.any())).thenReturn(Single.just(executionContext));
        TestObserver test = this.userAuthenticationService.connect(user).test();
        test.awaitDone(10L, TimeUnit.SECONDS);
        test.assertComplete();
        test.assertNoErrors();
        ((UserService) Mockito.verify(this.userService, Mockito.times(1))).create((io.gravitee.am.model.User) Mockito.argThat(user3 -> {
            return user3.getAdditionalInformation().containsKey("op_id_token");
        }));
        ((UserService) Mockito.verify(this.userService, Mockito.never())).update((io.gravitee.am.model.User) ArgumentMatchers.any());
    }

    @Test
    public void shouldConnect_knownUser() {
        User user = (User) Mockito.mock(User.class);
        Mockito.when(user.getId()).thenReturn("id");
        HashMap hashMap = new HashMap();
        hashMap.put("source", "SRC");
        Mockito.when(user.getAdditionalInformation()).thenReturn(hashMap);
        io.gravitee.am.model.User user2 = (io.gravitee.am.model.User) Mockito.mock(io.gravitee.am.model.User.class);
        Mockito.when(user2.isEnabled()).thenReturn(true);
        Mockito.when(this.domain.getId()).thenReturn("Domain");
        io.gravitee.am.model.User user3 = new io.gravitee.am.model.User();
        user3.setAccountNonLocked(true);
        ExecutionContext executionContext = (ExecutionContext) Mockito.mock(ExecutionContext.class);
        Mockito.when(this.userService.findByDomainAndExternalIdAndSource("Domain", "id", "SRC")).thenReturn(Maybe.just(user3));
        Mockito.when(this.userService.update((io.gravitee.am.model.User) ArgumentMatchers.any(), (CommonUserRepository.UpdateActions) ArgumentMatchers.any())).thenReturn(Single.just(user2));
        Mockito.when(this.userService.enhance(user2)).thenReturn(Single.just(user2));
        Mockito.when(this.rulesEngine.fire((ExtensionPoint) ArgumentMatchers.any(), (Request) ArgumentMatchers.any(), (Client) ArgumentMatchers.any(), (io.gravitee.am.model.User) ArgumentMatchers.any())).thenReturn(Single.just(executionContext));
        TestObserver test = this.userAuthenticationService.connect(user).test();
        test.awaitDone(10L, TimeUnit.SECONDS);
        test.assertComplete();
        test.assertNoErrors();
        ((UserService) Mockito.verify(this.userService, Mockito.never())).create((io.gravitee.am.model.User) ArgumentMatchers.any());
        ((UserService) Mockito.verify(this.userService, Mockito.times(1))).update((io.gravitee.am.model.User) Mockito.argThat(user4 -> {
            return user4.isAccountNonLocked().booleanValue();
        }), (CommonUserRepository.UpdateActions) ArgumentMatchers.any());
    }

    @Test
    public void shouldConnect_knownUser_NotLockedAnymore() {
        User user = (User) Mockito.mock(User.class);
        Mockito.when(user.getId()).thenReturn("id");
        HashMap hashMap = new HashMap();
        hashMap.put("source", "SRC");
        Mockito.when(user.getAdditionalInformation()).thenReturn(hashMap);
        io.gravitee.am.model.User user2 = (io.gravitee.am.model.User) Mockito.mock(io.gravitee.am.model.User.class);
        Mockito.when(user2.isEnabled()).thenReturn(true);
        Mockito.when(this.domain.getId()).thenReturn("Domain");
        io.gravitee.am.model.User user3 = new io.gravitee.am.model.User();
        user3.setAccountNonLocked(false);
        user3.setAccountLockedUntil(new Date(Instant.now().minusSeconds(60L).toEpochMilli()));
        ExecutionContext executionContext = (ExecutionContext) Mockito.mock(ExecutionContext.class);
        Mockito.when(this.userService.findByDomainAndExternalIdAndSource("Domain", "id", "SRC")).thenReturn(Maybe.just(user3));
        Mockito.when(this.userService.update((io.gravitee.am.model.User) ArgumentMatchers.any(), (CommonUserRepository.UpdateActions) ArgumentMatchers.any())).thenReturn(Single.just(user2));
        Mockito.when(this.userService.enhance(user2)).thenReturn(Single.just(user2));
        Mockito.when(this.rulesEngine.fire((ExtensionPoint) ArgumentMatchers.any(), (Request) ArgumentMatchers.any(), (Client) ArgumentMatchers.any(), (io.gravitee.am.model.User) ArgumentMatchers.any())).thenReturn(Single.just(executionContext));
        TestObserver test = this.userAuthenticationService.connect(user).test();
        test.awaitDone(10L, TimeUnit.SECONDS);
        test.assertComplete();
        test.assertNoErrors();
        ((UserService) Mockito.verify(this.userService, Mockito.never())).create((io.gravitee.am.model.User) ArgumentMatchers.any());
        ((UserService) Mockito.verify(this.userService, Mockito.times(1))).update((io.gravitee.am.model.User) Mockito.argThat(user4 -> {
            return user4.isAccountNonLocked().booleanValue();
        }), (CommonUserRepository.UpdateActions) ArgumentMatchers.any());
    }

    @Test
    public void shouldNotConnect_accountLocked() {
        User user = (User) Mockito.mock(User.class);
        Mockito.when(user.getId()).thenReturn("id");
        HashMap hashMap = new HashMap();
        hashMap.put("source", "SRC");
        Mockito.when(user.getAdditionalInformation()).thenReturn(hashMap);
        Mockito.when(this.domain.getId()).thenReturn("Domain");
        io.gravitee.am.model.User user2 = (io.gravitee.am.model.User) Mockito.mock(io.gravitee.am.model.User.class);
        Mockito.when(user2.isAccountNonLocked()).thenReturn(false);
        ExecutionContext executionContext = (ExecutionContext) Mockito.mock(ExecutionContext.class);
        Mockito.when(this.userService.findByDomainAndExternalIdAndSource("Domain", "id", "SRC")).thenReturn(Maybe.just(user2));
        Mockito.when(this.rulesEngine.fire((ExtensionPoint) ArgumentMatchers.any(), (Request) ArgumentMatchers.any(), (Client) ArgumentMatchers.any(), (io.gravitee.am.model.User) ArgumentMatchers.any())).thenReturn(Single.just(executionContext));
        TestObserver test = this.userAuthenticationService.connect(user).test();
        test.awaitDone(10L, TimeUnit.SECONDS);
        test.assertNotComplete();
        test.assertError(AccountLockedException.class);
    }

    @Test
    public void shouldNotConnect_accountDisabled() {
        User user = (User) Mockito.mock(User.class);
        Mockito.when(user.getId()).thenReturn("id");
        HashMap hashMap = new HashMap();
        hashMap.put("source", "SRC");
        Mockito.when(user.getAdditionalInformation()).thenReturn(hashMap);
        io.gravitee.am.model.User user2 = (io.gravitee.am.model.User) Mockito.mock(io.gravitee.am.model.User.class);
        Mockito.when(user2.isEnabled()).thenReturn(false);
        Mockito.when(this.domain.getId()).thenReturn("Domain");
        io.gravitee.am.model.User user3 = (io.gravitee.am.model.User) Mockito.mock(io.gravitee.am.model.User.class);
        Mockito.when(user3.isAccountNonLocked()).thenReturn(true);
        ExecutionContext executionContext = (ExecutionContext) Mockito.mock(ExecutionContext.class);
        Mockito.when(this.userService.findByDomainAndExternalIdAndSource("Domain", "id", "SRC")).thenReturn(Maybe.just(user3));
        Mockito.when(this.userService.update((io.gravitee.am.model.User) ArgumentMatchers.any(), (CommonUserRepository.UpdateActions) ArgumentMatchers.any())).thenReturn(Single.just(user2));
        Mockito.when(this.rulesEngine.fire((ExtensionPoint) ArgumentMatchers.any(), (Request) ArgumentMatchers.any(), (Client) ArgumentMatchers.any(), (io.gravitee.am.model.User) ArgumentMatchers.any())).thenReturn(Single.just(executionContext));
        TestObserver test = this.userAuthenticationService.connect(user).test();
        test.awaitDone(10L, TimeUnit.SECONDS);
        test.assertNotComplete();
        test.assertError(AccountDisabledException.class);
    }

    @Test
    public void shouldConnect_unknownUser_withRoles() {
        User user = (User) Mockito.mock(User.class);
        Mockito.when(user.getUsername()).thenReturn("foo");
        Mockito.when(user.getId()).thenReturn("id");
        Mockito.when(user.getRoles()).thenReturn(Arrays.asList("idp-role", "idp2-role"));
        HashMap hashMap = new HashMap();
        hashMap.put("source", "SRC");
        Mockito.when(user.getAdditionalInformation()).thenReturn(hashMap);
        io.gravitee.am.model.User user2 = (io.gravitee.am.model.User) Mockito.mock(io.gravitee.am.model.User.class);
        Mockito.when(user2.isEnabled()).thenReturn(true);
        Mockito.when(user2.getRoles()).thenReturn(Arrays.asList("idp-role", "idp2-role"));
        ExecutionContext executionContext = (ExecutionContext) Mockito.mock(ExecutionContext.class);
        Mockito.when(this.domain.getId()).thenReturn("Domain");
        Mockito.when(this.userService.findByDomainAndExternalIdAndSource("Domain", "id", "SRC")).thenReturn(Maybe.empty());
        Mockito.when(this.userService.findByDomainAndUsernameAndSource("Domain", "foo", "SRC")).thenReturn(Maybe.empty());
        Mockito.when(this.userService.create((io.gravitee.am.model.User) ArgumentMatchers.any())).thenReturn(Single.just(user2));
        Mockito.when(this.userService.enhance(user2)).thenReturn(Single.just(user2));
        Mockito.when(this.rulesEngine.fire((ExtensionPoint) ArgumentMatchers.any(), (Request) ArgumentMatchers.any(), (Client) ArgumentMatchers.any(), (io.gravitee.am.model.User) ArgumentMatchers.any())).thenReturn(Single.just(executionContext));
        TestObserver test = this.userAuthenticationService.connect(user).test();
        test.awaitDone(10L, TimeUnit.SECONDS);
        test.assertComplete();
        test.assertNoErrors();
        test.assertValue(user3 -> {
            return user3.getRoles().size() == 2;
        });
    }

    @Test
    public void shouldConnect_user_withDynaicRoles_update() {
        User user = (User) Mockito.mock(User.class);
        Mockito.when(user.getUsername()).thenReturn("foo");
        Mockito.when(user.getId()).thenReturn("id");
        Mockito.when(user.getRoles()).thenReturn(Arrays.asList("idp-role", "idp2-role"));
        HashMap hashMap = new HashMap();
        hashMap.put("source", "SRC");
        Mockito.when(user.getAdditionalInformation()).thenReturn(hashMap);
        Mockito.when(this.domain.getId()).thenReturn("Domain");
        io.gravitee.am.model.User user2 = (io.gravitee.am.model.User) Mockito.spy(new io.gravitee.am.model.User());
        Mockito.when(user2.isAccountNonLocked()).thenReturn(true);
        ExecutionContext executionContext = (ExecutionContext) Mockito.mock(ExecutionContext.class);
        Mockito.when(this.userService.findByDomainAndExternalIdAndSource("Domain", "id", "SRC")).thenReturn(Maybe.just(user2));
        Mockito.when(this.userService.update((io.gravitee.am.model.User) ArgumentMatchers.any(), (CommonUserRepository.UpdateActions) ArgumentMatchers.any())).thenAnswer(invocationOnMock -> {
            return Single.just(invocationOnMock.getArguments()[0]);
        });
        Mockito.when(this.userService.enhance((io.gravitee.am.model.User) ArgumentMatchers.any())).thenAnswer(invocationOnMock2 -> {
            return Single.just(invocationOnMock2.getArguments()[0]);
        });
        Mockito.when(this.rulesEngine.fire((ExtensionPoint) ArgumentMatchers.any(), (Request) ArgumentMatchers.any(), (Client) ArgumentMatchers.any(), (io.gravitee.am.model.User) ArgumentMatchers.any())).thenReturn(Single.just(executionContext));
        TestObserver test = this.userAuthenticationService.connect(user).test();
        test.awaitDone(10L, TimeUnit.SECONDS);
        test.assertComplete();
        test.assertNoErrors();
        test.assertValue(user3 -> {
            return user3.getDynamicRoles().size() == 2;
        });
        ((UserService) Mockito.verify(this.userService)).update((io.gravitee.am.model.User) ArgumentMatchers.any(), (CommonUserRepository.UpdateActions) Mockito.argThat(updateActions -> {
            return (!updateActions.updateDynamicRole() || updateActions.updateAddresses() || updateActions.updateRole() || updateActions.updateEntitlements() || updateActions.updateAttributes()) ? false : true;
        }));
    }

    @Test
    public void shouldConnect_user_withDynamicRoles_unchanged() {
        User user = (User) Mockito.mock(User.class);
        Mockito.when(user.getUsername()).thenReturn("foo");
        Mockito.when(user.getId()).thenReturn("id");
        Mockito.when(user.getRoles()).thenReturn(Arrays.asList("idp-role", "idp2-role"));
        HashMap hashMap = new HashMap();
        hashMap.put("source", "SRC");
        Mockito.when(user.getAdditionalInformation()).thenReturn(hashMap);
        Mockito.when(this.domain.getId()).thenReturn("Domain");
        io.gravitee.am.model.User user2 = (io.gravitee.am.model.User) Mockito.spy(new io.gravitee.am.model.User());
        user2.setAccountNonLocked(true);
        user2.setDynamicRoles(Arrays.asList("idp-role", "idp2-role"));
        ExecutionContext executionContext = (ExecutionContext) Mockito.mock(ExecutionContext.class);
        Mockito.when(this.userService.findByDomainAndExternalIdAndSource("Domain", "id", "SRC")).thenReturn(Maybe.just(user2));
        Mockito.when(this.userService.update((io.gravitee.am.model.User) ArgumentMatchers.any(), (CommonUserRepository.UpdateActions) ArgumentMatchers.any())).thenAnswer(invocationOnMock -> {
            return Single.just(invocationOnMock.getArguments()[0]);
        });
        Mockito.when(this.userService.enhance((io.gravitee.am.model.User) ArgumentMatchers.any())).thenAnswer(invocationOnMock2 -> {
            return Single.just(invocationOnMock2.getArguments()[0]);
        });
        Mockito.when(this.rulesEngine.fire((ExtensionPoint) ArgumentMatchers.any(), (Request) ArgumentMatchers.any(), (Client) ArgumentMatchers.any(), (io.gravitee.am.model.User) ArgumentMatchers.any())).thenReturn(Single.just(executionContext));
        TestObserver test = this.userAuthenticationService.connect(user).test();
        test.awaitDone(10L, TimeUnit.SECONDS);
        test.assertComplete();
        test.assertNoErrors();
        test.assertValue(user3 -> {
            return user3.getDynamicRoles().size() == 2;
        });
        ((UserService) Mockito.verify(this.userService)).update((io.gravitee.am.model.User) ArgumentMatchers.any(), (CommonUserRepository.UpdateActions) Mockito.argThat(updateActions -> {
            return (updateActions.updateDynamicRole() || updateActions.updateAddresses() || updateActions.updateRole() || updateActions.updateEntitlements() || updateActions.updateAttributes()) ? false : true;
        }));
    }

    @Test
    public void shouldConnect_knownUser_withRoles_fromGroup() {
        User user = (User) Mockito.mock(User.class);
        Mockito.when(user.getUsername()).thenReturn("foo");
        Mockito.when(user.getId()).thenReturn("id");
        HashMap hashMap = new HashMap();
        hashMap.put("source", "SRC");
        Mockito.when(user.getAdditionalInformation()).thenReturn(hashMap);
        io.gravitee.am.model.User user2 = (io.gravitee.am.model.User) Mockito.mock(io.gravitee.am.model.User.class);
        Mockito.when(user2.isEnabled()).thenReturn(true);
        Mockito.when(user2.getRoles()).thenReturn(Arrays.asList("group-role", "group2-role"));
        Mockito.when(this.domain.getId()).thenReturn("Domain");
        io.gravitee.am.model.User user3 = (io.gravitee.am.model.User) Mockito.mock(io.gravitee.am.model.User.class);
        Mockito.when(user3.isAccountNonLocked()).thenReturn(true);
        ExecutionContext executionContext = (ExecutionContext) Mockito.mock(ExecutionContext.class);
        Mockito.when(this.userService.findByDomainAndExternalIdAndSource("Domain", "id", "SRC")).thenReturn(Maybe.just(user3));
        Mockito.when(this.userService.update((io.gravitee.am.model.User) ArgumentMatchers.any(), (CommonUserRepository.UpdateActions) ArgumentMatchers.any())).thenReturn(Single.just(user2));
        Mockito.when(this.userService.enhance(user2)).thenReturn(Single.just(user2));
        Mockito.when(this.rulesEngine.fire((ExtensionPoint) ArgumentMatchers.any(), (Request) ArgumentMatchers.any(), (Client) ArgumentMatchers.any(), (io.gravitee.am.model.User) ArgumentMatchers.any())).thenReturn(Single.just(executionContext));
        TestObserver test = this.userAuthenticationService.connect(user).test();
        test.awaitDone(10L, TimeUnit.SECONDS);
        test.assertComplete();
        test.assertNoErrors();
        test.assertValue(user4 -> {
            return user4.getRoles().size() == 2;
        });
        ((UserService) Mockito.verify(this.userService)).update((io.gravitee.am.model.User) ArgumentMatchers.any(), (CommonUserRepository.UpdateActions) Mockito.argThat(updateActions -> {
            return (updateActions.updateDynamicRole() || updateActions.updateAddresses() || updateActions.updateRole() || updateActions.updateEntitlements() || updateActions.updateAttributes()) ? false : true;
        }));
    }

    @Test
    public void shouldConnect_knownUser_with_OpIdToken() {
        User user = (User) Mockito.mock(User.class);
        Mockito.when(user.getUsername()).thenReturn("foo");
        Mockito.when(user.getId()).thenReturn("id");
        HashMap hashMap = new HashMap();
        hashMap.put("source", "SRC");
        hashMap.put("op_id_token", "token2");
        Mockito.when(user.getAdditionalInformation()).thenReturn(hashMap);
        io.gravitee.am.model.User user2 = (io.gravitee.am.model.User) Mockito.mock(io.gravitee.am.model.User.class);
        Mockito.when(user2.isEnabled()).thenReturn(true);
        Mockito.when(this.domain.getId()).thenReturn("Domain");
        io.gravitee.am.model.User user3 = new io.gravitee.am.model.User();
        HashMap hashMap2 = new HashMap();
        hashMap2.put("source", "SRC");
        hashMap2.put("op_id_token", "token1");
        user3.setAdditionalInformation(hashMap2);
        user3.setAccountNonLocked(true);
        ExecutionContext executionContext = (ExecutionContext) Mockito.mock(ExecutionContext.class);
        Mockito.when(this.userService.findByDomainAndExternalIdAndSource("Domain", "id", "SRC")).thenReturn(Maybe.just(user3));
        Mockito.when(this.userService.update((io.gravitee.am.model.User) ArgumentMatchers.any(), (CommonUserRepository.UpdateActions) ArgumentMatchers.any())).thenReturn(Single.just(user2));
        Mockito.when(this.userService.enhance(user2)).thenReturn(Single.just(user2));
        Mockito.when(this.rulesEngine.fire((ExtensionPoint) ArgumentMatchers.any(), (Request) ArgumentMatchers.any(), (Client) ArgumentMatchers.any(), (io.gravitee.am.model.User) ArgumentMatchers.any())).thenReturn(Single.just(executionContext));
        TestObserver test = this.userAuthenticationService.connect(user).test();
        test.awaitDone(10L, TimeUnit.SECONDS);
        test.assertComplete();
        test.assertNoErrors();
        ((UserService) Mockito.verify(this.userService)).update((io.gravitee.am.model.User) Mockito.argThat(user4 -> {
            return "token2".equals(user4.getAdditionalInformation().get("op_id_token"));
        }), (CommonUserRepository.UpdateActions) ArgumentMatchers.any());
    }

    @Test
    public void shouldConnect_knownUser_with_OpIdToken_removed() {
        User user = (User) Mockito.mock(User.class);
        Mockito.when(user.getUsername()).thenReturn("foo");
        Mockito.when(user.getId()).thenReturn("id");
        HashMap hashMap = new HashMap();
        hashMap.put("source", "SRC");
        Mockito.when(user.getAdditionalInformation()).thenReturn(hashMap);
        io.gravitee.am.model.User user2 = (io.gravitee.am.model.User) Mockito.mock(io.gravitee.am.model.User.class);
        Mockito.when(user2.isEnabled()).thenReturn(true);
        Mockito.when(this.domain.getId()).thenReturn("Domain");
        io.gravitee.am.model.User user3 = new io.gravitee.am.model.User();
        HashMap hashMap2 = new HashMap();
        hashMap2.put("source", "SRC");
        hashMap2.put("op_id_token", "token1");
        user3.setAdditionalInformation(hashMap2);
        user3.setAccountNonLocked(true);
        ExecutionContext executionContext = (ExecutionContext) Mockito.mock(ExecutionContext.class);
        Mockito.when(this.userService.findByDomainAndExternalIdAndSource("Domain", "id", "SRC")).thenReturn(Maybe.just(user3));
        Mockito.when(this.userService.update((io.gravitee.am.model.User) ArgumentMatchers.any(), (CommonUserRepository.UpdateActions) ArgumentMatchers.any())).thenReturn(Single.just(user2));
        Mockito.when(this.userService.enhance(user2)).thenReturn(Single.just(user2));
        Mockito.when(this.rulesEngine.fire((ExtensionPoint) ArgumentMatchers.any(), (Request) ArgumentMatchers.any(), (Client) ArgumentMatchers.any(), (io.gravitee.am.model.User) ArgumentMatchers.any())).thenReturn(Single.just(executionContext));
        TestObserver test = this.userAuthenticationService.connect(user).test();
        test.awaitDone(10L, TimeUnit.SECONDS);
        test.assertComplete();
        test.assertNoErrors();
        ((UserService) Mockito.verify(this.userService)).update((io.gravitee.am.model.User) Mockito.argThat(user4 -> {
            return !user4.getAdditionalInformation().containsKey("op_id_token");
        }), (CommonUserRepository.UpdateActions) ArgumentMatchers.any());
    }

    @Test
    public void shouldConnect_accountLinking() {
        String str = "SRC";
        String str2 = "id";
        User user = (User) Mockito.mock(User.class);
        Mockito.when(user.getId()).thenReturn("id");
        HashMap hashMap = new HashMap();
        hashMap.put("source", "SRC");
        Mockito.when(user.getAdditionalInformation()).thenReturn(hashMap);
        io.gravitee.am.model.User user2 = (io.gravitee.am.model.User) Mockito.mock(io.gravitee.am.model.User.class);
        Mockito.when(user2.isEnabled()).thenReturn(true);
        Mockito.when(this.domain.getId()).thenReturn("Domain");
        io.gravitee.am.model.User user3 = new io.gravitee.am.model.User();
        user3.setId("linkedAccountId");
        user3.setAccountNonLocked(true);
        ExecutionContext executionContext = (ExecutionContext) Mockito.mock(ExecutionContext.class);
        Mockito.when(executionContext.getAttribute("linkedAccountId")).thenReturn("linkedAccountId");
        Mockito.when(this.userService.findById("linkedAccountId")).thenReturn(Maybe.just(user3));
        Mockito.when(this.userService.update((io.gravitee.am.model.User) ArgumentMatchers.any(), (CommonUserRepository.UpdateActions) ArgumentMatchers.any())).thenReturn(Single.just(user2));
        Mockito.when(this.userService.enhance(user2)).thenReturn(Single.just(user2));
        Mockito.when(this.rulesEngine.fire((ExtensionPoint) ArgumentMatchers.any(), (Request) ArgumentMatchers.any(), (Client) ArgumentMatchers.any(), (io.gravitee.am.model.User) ArgumentMatchers.any())).thenReturn(Single.just(executionContext));
        TestObserver test = this.userAuthenticationService.connect(user).test();
        test.awaitDone(10L, TimeUnit.SECONDS);
        test.assertComplete();
        test.assertNoErrors();
        ((UserService) Mockito.verify(this.userService, Mockito.never())).create((io.gravitee.am.model.User) ArgumentMatchers.any());
        ((UserService) Mockito.verify(this.userService, Mockito.times(1))).update((io.gravitee.am.model.User) Mockito.argThat(user4 -> {
            return user4.getIdentities() != null && str2.equals(((UserIdentity) user4.getIdentities().get(0)).getUserId()) && str.equals(((UserIdentity) user4.getIdentities().get(0)).getProviderId());
        }), (CommonUserRepository.UpdateActions) Mockito.argThat((v0) -> {
            return v0.updateIdentities();
        }));
    }

    @Test
    public void shouldConnect_accountLinking_multipleIdentities() {
        User user = (User) Mockito.mock(User.class);
        Mockito.when(user.getId()).thenReturn("id2");
        HashMap hashMap = new HashMap();
        hashMap.put("source", "SRC2");
        Mockito.when(user.getAdditionalInformation()).thenReturn(hashMap);
        io.gravitee.am.model.User user2 = (io.gravitee.am.model.User) Mockito.mock(io.gravitee.am.model.User.class);
        Mockito.when(user2.isEnabled()).thenReturn(true);
        Mockito.when(this.domain.getId()).thenReturn("Domain");
        UserIdentity userIdentity = new UserIdentity();
        userIdentity.setUserId("id1");
        userIdentity.setProviderId("SRC1");
        io.gravitee.am.model.User user3 = new io.gravitee.am.model.User();
        user3.setId("linkedAccountId");
        user3.setAccountNonLocked(true);
        user3.setIdentities(List.of(userIdentity));
        ExecutionContext executionContext = (ExecutionContext) Mockito.mock(ExecutionContext.class);
        Mockito.when(executionContext.getAttribute("linkedAccountId")).thenReturn("linkedAccountId");
        Mockito.when(this.userService.findById("linkedAccountId")).thenReturn(Maybe.just(user3));
        Mockito.when(this.userService.update((io.gravitee.am.model.User) ArgumentMatchers.any(), (CommonUserRepository.UpdateActions) ArgumentMatchers.any())).thenReturn(Single.just(user2));
        Mockito.when(this.userService.enhance(user2)).thenReturn(Single.just(user2));
        Mockito.when(this.rulesEngine.fire((ExtensionPoint) ArgumentMatchers.any(), (Request) ArgumentMatchers.any(), (Client) ArgumentMatchers.any(), (io.gravitee.am.model.User) ArgumentMatchers.any())).thenReturn(Single.just(executionContext));
        TestObserver test = this.userAuthenticationService.connect(user).test();
        test.awaitDone(10L, TimeUnit.SECONDS);
        test.assertComplete();
        test.assertNoErrors();
        ((UserService) Mockito.verify(this.userService, Mockito.never())).create((io.gravitee.am.model.User) ArgumentMatchers.any());
        ((UserService) Mockito.verify(this.userService, Mockito.times(1))).update((io.gravitee.am.model.User) Mockito.argThat(user4 -> {
            return user4.getIdentities() != null && user4.getIdentities().size() == 2;
        }), (CommonUserRepository.UpdateActions) ArgumentMatchers.any());
    }

    @Test
    public void shouldConnect_accountLinking_existingIdentity() {
        User user = (User) Mockito.mock(User.class);
        Mockito.when(user.getId()).thenReturn("id1");
        HashMap hashMap = new HashMap();
        hashMap.put("source", "SRC1");
        hashMap.put("newKey", "newValue");
        Mockito.when(user.getAdditionalInformation()).thenReturn(hashMap);
        io.gravitee.am.model.User user2 = (io.gravitee.am.model.User) Mockito.mock(io.gravitee.am.model.User.class);
        Mockito.when(user2.isEnabled()).thenReturn(true);
        Mockito.when(this.domain.getId()).thenReturn("Domain");
        UserIdentity userIdentity = new UserIdentity();
        userIdentity.setUserId("id1");
        userIdentity.setProviderId("SRC1");
        io.gravitee.am.model.User user3 = new io.gravitee.am.model.User();
        user3.setId("linkedAccountId");
        user3.setAccountNonLocked(true);
        user3.setIdentities(List.of(userIdentity));
        ExecutionContext executionContext = (ExecutionContext) Mockito.mock(ExecutionContext.class);
        Mockito.when(executionContext.getAttribute("linkedAccountId")).thenReturn("linkedAccountId");
        Mockito.when(this.userService.findById("linkedAccountId")).thenReturn(Maybe.just(user3));
        Mockito.when(this.userService.update((io.gravitee.am.model.User) ArgumentMatchers.any(), (CommonUserRepository.UpdateActions) ArgumentMatchers.any())).thenReturn(Single.just(user2));
        Mockito.when(this.userService.enhance(user2)).thenReturn(Single.just(user2));
        Mockito.when(this.rulesEngine.fire((ExtensionPoint) ArgumentMatchers.any(), (Request) ArgumentMatchers.any(), (Client) ArgumentMatchers.any(), (io.gravitee.am.model.User) ArgumentMatchers.any())).thenReturn(Single.just(executionContext));
        TestObserver test = this.userAuthenticationService.connect(user).test();
        test.awaitDone(10L, TimeUnit.SECONDS);
        test.assertComplete();
        test.assertNoErrors();
        ((UserService) Mockito.verify(this.userService, Mockito.never())).create((io.gravitee.am.model.User) ArgumentMatchers.any());
        ((UserService) Mockito.verify(this.userService, Mockito.times(1))).update((io.gravitee.am.model.User) Mockito.argThat(user4 -> {
            return user4.getIdentities() != null && user4.getIdentities().size() == 1 && "newValue".equals(((UserIdentity) user4.getIdentities().get(0)).getAdditionalInformation().get("newKey"));
        }), (CommonUserRepository.UpdateActions) ArgumentMatchers.any());
    }

    @Test
    public void shouldNotLoadPreAuthenticatedUser_subjectRequest_userDoesNotExist() {
        Request request = (Request) Mockito.mock(Request.class);
        Mockito.when(this.userService.findById((String) ArgumentMatchers.any())).thenReturn(Maybe.empty());
        TestObserver test = this.userAuthenticationService.loadPreAuthenticatedUser("some_id", request).test();
        test.awaitDone(10L, TimeUnit.SECONDS);
        test.assertNotComplete();
        test.assertFailure(UserNotFoundException.class, new io.gravitee.am.model.User[0]);
    }

    @Test
    public void shouldNotLoadPreAuthenticatedUserBySub_subjectRequest_userDoesNotExist() {
        Request request = (Request) Mockito.mock(Request.class);
        Mockito.when(this.subjectManager.findUserBySub((JWT) ArgumentMatchers.any())).thenReturn(Maybe.empty());
        TestObserver test = this.userAuthenticationService.loadPreAuthenticatedUserBySub(new JWT(), request).test();
        test.awaitDone(10L, TimeUnit.SECONDS);
        test.assertNotComplete();
        test.assertFailure(UserNotFoundException.class, new io.gravitee.am.model.User[0]);
    }

    @Test
    public void shouldNotLoadPreAuthenticatedUser_subjectRequest() {
        io.gravitee.am.model.User user = new io.gravitee.am.model.User();
        user.setId(UUID.randomUUID().toString());
        user.setUsername("username");
        user.setAccountNonLocked(false);
        Request request = (Request) Mockito.mock(Request.class);
        Mockito.when(this.userService.findById(user.getId())).thenReturn(Maybe.just(user));
        TestObserver test = this.userAuthenticationService.loadPreAuthenticatedUser(user.getId(), request).test();
        test.awaitDone(10L, TimeUnit.SECONDS);
        test.assertNotComplete();
        test.assertFailure(AccountLockedException.class, new io.gravitee.am.model.User[0]);
    }

    @Test
    public void shouldNotLoadPreAuthenticatedUserBySub_subjectRequest() {
        io.gravitee.am.model.User user = new io.gravitee.am.model.User();
        user.setId(UUID.randomUUID().toString());
        user.setUsername("username");
        user.setAccountNonLocked(false);
        JWT jwt = new JWT();
        jwt.setSub(user.getId());
        Request request = (Request) Mockito.mock(Request.class);
        Mockito.when(this.subjectManager.findUserBySub(jwt)).thenReturn(Maybe.just(user));
        TestObserver test = this.userAuthenticationService.loadPreAuthenticatedUserBySub(jwt, request).test();
        test.awaitDone(10L, TimeUnit.SECONDS);
        test.assertNotComplete();
        test.assertFailure(AccountLockedException.class, new io.gravitee.am.model.User[0]);
    }

    @Test
    public void shouldLoadPreAuthenticatedUser_subjectRequest_enhance_defer() {
        io.gravitee.am.model.User user = new io.gravitee.am.model.User();
        user.setId(UUID.randomUUID().toString());
        user.setUsername("username");
        user.setAccountNonLocked(true);
        Request request = (Request) Mockito.mock(Request.class);
        Mockito.when(this.userService.findById(user.getId())).thenReturn(Maybe.just(user));
        Mockito.when(this.identityProviderManager.get((String) ArgumentMatchers.any())).thenReturn(Maybe.just(new AuthenticationProvider() { // from class: io.gravitee.am.gateway.handler.common.auth.UserAuthenticationServiceTest.1
            public Maybe<User> loadUserByUsername(Authentication authentication) {
                return Maybe.empty();
            }

            public Maybe<User> loadUserByUsername(String str) {
                return Maybe.empty();
            }
        }));
        Mockito.when(this.userService.enhance(user)).thenReturn(Single.just(user));
        TestObserver test = this.userAuthenticationService.loadPreAuthenticatedUser(user.getId(), request).test();
        test.awaitDone(10L, TimeUnit.SECONDS);
        test.assertComplete();
        test.assertValue(user2 -> {
            return user2.equals(user);
        });
    }

    @Test
    public void shouldLoadPreAuthenticatedUserBySub_subjectRequest_enhance_defer() {
        io.gravitee.am.model.User user = new io.gravitee.am.model.User();
        user.setId(UUID.randomUUID().toString());
        user.setUsername("username");
        user.setAccountNonLocked(true);
        Request request = (Request) Mockito.mock(Request.class);
        JWT jwt = new JWT();
        jwt.setSub(user.getId());
        Mockito.when(this.subjectManager.findUserBySub(jwt)).thenReturn(Maybe.just(user));
        Mockito.when(this.identityProviderManager.get((String) ArgumentMatchers.any())).thenReturn(Maybe.just(new AuthenticationProvider() { // from class: io.gravitee.am.gateway.handler.common.auth.UserAuthenticationServiceTest.2
            public Maybe<User> loadUserByUsername(Authentication authentication) {
                return Maybe.empty();
            }

            public Maybe<User> loadUserByUsername(String str) {
                return Maybe.empty();
            }
        }));
        Mockito.when(this.userService.enhance(user)).thenReturn(Single.just(user));
        TestObserver test = this.userAuthenticationService.loadPreAuthenticatedUserBySub(jwt, request).test();
        test.awaitDone(10L, TimeUnit.SECONDS);
        test.assertComplete();
        test.assertValue(user2 -> {
            return user2.equals(user);
        });
    }

    @Test
    public void shouldLoadPreAuthenticatedUser_subjectRequest_enhance_defer_with_AuthenticationProvider() {
        final io.gravitee.am.model.User user = new io.gravitee.am.model.User();
        user.setId(UUID.randomUUID().toString());
        user.setUsername("username");
        user.setAccountNonLocked(true);
        Request request = (Request) Mockito.mock(Request.class);
        Mockito.when(this.userService.findById(user.getId())).thenReturn(Maybe.just(user));
        Mockito.when(this.identityProviderManager.get((String) ArgumentMatchers.any())).thenReturn(Maybe.just(new AuthenticationProvider() { // from class: io.gravitee.am.gateway.handler.common.auth.UserAuthenticationServiceTest.3
            public Maybe<User> loadUserByUsername(Authentication authentication) {
                DefaultUser defaultUser = new DefaultUser();
                defaultUser.setUsername(user.getUsername());
                return Maybe.just(defaultUser);
            }

            public Maybe<User> loadUserByUsername(String str) {
                DefaultUser defaultUser = new DefaultUser();
                defaultUser.setUsername(user.getUsername());
                return Maybe.just(defaultUser);
            }
        }));
        Mockito.when(this.userService.enhance(user)).thenReturn(Single.just(user));
        Mockito.when(this.userService.update((io.gravitee.am.model.User) Mockito.eq(user), (CommonUserRepository.UpdateActions) ArgumentMatchers.any())).thenReturn(Single.just(user));
        TestObserver test = this.userAuthenticationService.loadPreAuthenticatedUser(user.getId(), request).test();
        test.awaitDone(10L, TimeUnit.SECONDS);
        test.assertComplete();
        test.assertValue(user2 -> {
            return user2.equals(user);
        });
    }

    @Test
    public void shouldLoadPreAuthenticatedUserBySub_subjectRequest_enhance_defer_with_AuthenticationProvider() {
        final io.gravitee.am.model.User user = new io.gravitee.am.model.User();
        user.setId(UUID.randomUUID().toString());
        user.setUsername("username");
        user.setAccountNonLocked(true);
        JWT jwt = new JWT();
        jwt.setSub(user.getId());
        Request request = (Request) Mockito.mock(Request.class);
        Mockito.when(this.subjectManager.findUserBySub(jwt)).thenReturn(Maybe.just(user));
        Mockito.when(this.identityProviderManager.get((String) ArgumentMatchers.any())).thenReturn(Maybe.just(new AuthenticationProvider() { // from class: io.gravitee.am.gateway.handler.common.auth.UserAuthenticationServiceTest.4
            public Maybe<User> loadUserByUsername(Authentication authentication) {
                DefaultUser defaultUser = new DefaultUser();
                defaultUser.setUsername(user.getUsername());
                return Maybe.just(defaultUser);
            }

            public Maybe<User> loadUserByUsername(String str) {
                DefaultUser defaultUser = new DefaultUser();
                defaultUser.setUsername(user.getUsername());
                return Maybe.just(defaultUser);
            }
        }));
        Mockito.when(this.userService.enhance(user)).thenReturn(Single.just(user));
        Mockito.when(this.userService.update((io.gravitee.am.model.User) Mockito.eq(user), (CommonUserRepository.UpdateActions) ArgumentMatchers.any())).thenReturn(Single.just(user));
        TestObserver test = this.userAuthenticationService.loadPreAuthenticatedUserBySub(jwt, request).test();
        test.awaitDone(10L, TimeUnit.SECONDS);
        test.assertComplete();
        test.assertValue(user2 -> {
            return user2.equals(user);
        });
    }

    @Test
    public void shouldConnectWithPasswordless_nominalCase() {
        Client initClient = initClient();
        io.gravitee.am.model.User initUser = initUser(initClient);
        Mockito.when(this.userService.findById("userId")).thenReturn(Maybe.just(initUser));
        Mockito.when(this.userService.update((io.gravitee.am.model.User) ArgumentMatchers.any())).thenReturn(Single.just(initUser));
        Mockito.when(this.userService.enhance((io.gravitee.am.model.User) ArgumentMatchers.any())).thenReturn(Single.just(initUser));
        TestObserver test = this.userAuthenticationService.connectWithPasswordless("userId", initClient).test();
        test.awaitDone(10L, TimeUnit.SECONDS);
        test.assertComplete();
        test.assertNoErrors();
    }

    @Test
    public void shouldConnectWithPasswordless_policyDisabled_1() {
        LoginSettings loginSettings = new LoginSettings();
        loginSettings.setInherited(false);
        loginSettings.setPasswordlessEnabled(false);
        Client initClient = initClient();
        initClient.setLoginSettings(loginSettings);
        initClient.setLoginSettings(loginSettings);
        io.gravitee.am.model.User initUser = initUser(initClient);
        initUser.setLastLoginWithCredentials(new Date(Instant.now().minus(90L, (TemporalUnit) ChronoUnit.DAYS).toEpochMilli()));
        Mockito.when(this.userService.findById("userId")).thenReturn(Maybe.just(initUser));
        Mockito.when(this.userService.update((io.gravitee.am.model.User) ArgumentMatchers.any())).thenReturn(Single.just(initUser));
        Mockito.when(this.userService.enhance((io.gravitee.am.model.User) ArgumentMatchers.any())).thenReturn(Single.just(initUser));
        TestObserver test = this.userAuthenticationService.connectWithPasswordless("userId", initClient).test();
        test.awaitDone(10L, TimeUnit.SECONDS);
        test.assertComplete();
        test.assertNoErrors();
    }

    @Test
    public void shouldConnectWithPasswordless_policyDisabled_2() {
        LoginSettings loginSettings = new LoginSettings();
        loginSettings.setInherited(false);
        loginSettings.setPasswordlessEnabled(true);
        loginSettings.setPasswordlessEnforcePasswordEnabled(false);
        Client initClient = initClient();
        initClient.setLoginSettings(loginSettings);
        io.gravitee.am.model.User initUser = initUser(initClient);
        initUser.setLastLoginWithCredentials(new Date(Instant.now().minus(90L, (TemporalUnit) ChronoUnit.DAYS).toEpochMilli()));
        Mockito.when(this.userService.findById("userId")).thenReturn(Maybe.just(initUser));
        Mockito.when(this.userService.update((io.gravitee.am.model.User) ArgumentMatchers.any())).thenReturn(Single.just(initUser));
        Mockito.when(this.userService.enhance((io.gravitee.am.model.User) ArgumentMatchers.any())).thenReturn(Single.just(initUser));
        TestObserver test = this.userAuthenticationService.connectWithPasswordless("userId", initClient).test();
        test.awaitDone(10L, TimeUnit.SECONDS);
        test.assertComplete();
        test.assertNoErrors();
    }

    @Test
    public void shouldConnectWithPasswordless_policyDisabled_3() {
        LoginSettings loginSettings = new LoginSettings();
        loginSettings.setInherited(false);
        loginSettings.setPasswordlessEnabled(true);
        loginSettings.setPasswordlessEnforcePasswordEnabled(true);
        Client initClient = initClient();
        initClient.setLoginSettings(loginSettings);
        io.gravitee.am.model.User initUser = initUser(initClient);
        initUser.setLastLoginWithCredentials(new Date(Instant.now().minus(90L, (TemporalUnit) ChronoUnit.DAYS).toEpochMilli()));
        Mockito.when(this.userService.findById("userId")).thenReturn(Maybe.just(initUser));
        Mockito.when(this.userService.update((io.gravitee.am.model.User) ArgumentMatchers.any())).thenReturn(Single.just(initUser));
        Mockito.when(this.userService.enhance((io.gravitee.am.model.User) ArgumentMatchers.any())).thenReturn(Single.just(initUser));
        TestObserver test = this.userAuthenticationService.connectWithPasswordless("userId", initClient).test();
        test.awaitDone(10L, TimeUnit.SECONDS);
        test.assertComplete();
        test.assertNoErrors();
    }

    @Test
    public void shouldConnectWithPasswordless_policyDisabled_4() {
        LoginSettings loginSettings = new LoginSettings();
        loginSettings.setInherited(false);
        loginSettings.setPasswordlessEnabled(false);
        loginSettings.setPasswordlessEnforcePasswordEnabled(true);
        loginSettings.setPasswordlessEnforcePasswordMaxAge(30);
        Client initClient = initClient();
        initClient.setLoginSettings(loginSettings);
        io.gravitee.am.model.User initUser = initUser(initClient);
        initUser.setLastLoginWithCredentials(new Date(Instant.now().minus(90L, (TemporalUnit) ChronoUnit.SECONDS).toEpochMilli()));
        Mockito.when(this.userService.findById("userId")).thenReturn(Maybe.just(initUser));
        Mockito.when(this.userService.update((io.gravitee.am.model.User) ArgumentMatchers.any())).thenReturn(Single.just(initUser));
        Mockito.when(this.userService.enhance((io.gravitee.am.model.User) ArgumentMatchers.any())).thenReturn(Single.just(initUser));
        TestObserver test = this.userAuthenticationService.connectWithPasswordless("userId", initClient).test();
        test.awaitDone(10L, TimeUnit.SECONDS);
        test.assertComplete();
        test.assertNoErrors();
    }

    @Test
    public void shouldConnectWithPasswordless_policyNotEvaluated() {
        LoginSettings loginSettings = new LoginSettings();
        loginSettings.setInherited(false);
        loginSettings.setPasswordlessEnabled(true);
        loginSettings.setPasswordlessEnforcePasswordEnabled(true);
        loginSettings.setPasswordlessEnforcePasswordMaxAge(30);
        Client initClient = initClient();
        initClient.setLoginSettings(loginSettings);
        io.gravitee.am.model.User initUser = initUser(initClient);
        initUser.setLastLoginWithCredentials(new Date(Instant.now().minus(15L, (TemporalUnit) ChronoUnit.SECONDS).toEpochMilli()));
        Mockito.when(this.userService.findById("userId")).thenReturn(Maybe.just(initUser));
        Mockito.when(this.userService.update((io.gravitee.am.model.User) ArgumentMatchers.any())).thenReturn(Single.just(initUser));
        Mockito.when(this.userService.enhance((io.gravitee.am.model.User) ArgumentMatchers.any())).thenReturn(Single.just(initUser));
        TestObserver test = this.userAuthenticationService.connectWithPasswordless("userId", initClient).test();
        test.awaitDone(10L, TimeUnit.SECONDS);
        test.assertComplete();
        test.assertNoErrors();
    }

    @Test
    public void shouldNotConnectWithPasswordless_userIndefinitelyLocked() {
        Client initClient = initClient();
        io.gravitee.am.model.User initUser = initUser(initClient);
        initUser.setAccountNonLocked(false);
        Mockito.when(this.userService.findById("userId")).thenReturn(Maybe.just(initUser));
        TestObserver test = this.userAuthenticationService.connectWithPasswordless("userId", initClient).test();
        test.awaitDone(10L, TimeUnit.SECONDS);
        test.assertNotComplete();
        test.assertError(AccountLockedException.class);
    }

    @Test
    public void shouldNotConnectWithPasswordless_userDisabled() {
        Client initClient = initClient();
        io.gravitee.am.model.User initUser = initUser(initClient);
        initUser.setEnabled(false);
        Mockito.when(this.userService.findById("userId")).thenReturn(Maybe.just(initUser));
        TestObserver test = this.userAuthenticationService.connectWithPasswordless("userId", initClient).test();
        test.awaitDone(10L, TimeUnit.SECONDS);
        test.assertNotComplete();
        test.assertError(AccountDisabledException.class);
    }

    @Test
    public void shouldNotConnectWithPasswordless_policyEvaluated() {
        LoginSettings loginSettings = new LoginSettings();
        loginSettings.setInherited(false);
        loginSettings.setPasswordlessEnabled(true);
        loginSettings.setPasswordlessEnforcePasswordEnabled(true);
        loginSettings.setPasswordlessEnforcePasswordMaxAge(30);
        Client initClient = initClient();
        initClient.setLoginSettings(loginSettings);
        io.gravitee.am.model.User initUser = initUser(initClient);
        initUser.setLastLoginWithCredentials(new Date(Instant.now().minus(45L, (TemporalUnit) ChronoUnit.SECONDS).toEpochMilli()));
        Mockito.when(this.userService.findById("userId")).thenReturn(Maybe.just(initUser));
        TestObserver test = this.userAuthenticationService.connectWithPasswordless("userId", initClient).test();
        test.awaitDone(10L, TimeUnit.SECONDS);
        test.assertNotComplete();
        test.assertError(AccountEnforcePasswordException.class);
    }

    private Client initClient() {
        Client client = new Client();
        TreeSet treeSet = new TreeSet();
        ApplicationIdentityProvider applicationIdentityProvider = new ApplicationIdentityProvider();
        applicationIdentityProvider.setIdentity(UUID.randomUUID().toString());
        treeSet.add(applicationIdentityProvider);
        client.setIdentityProviders(treeSet);
        return client;
    }

    private io.gravitee.am.model.User initUser(Client client) {
        io.gravitee.am.model.User user = new io.gravitee.am.model.User();
        user.setSource(((ApplicationIdentityProvider) client.getIdentityProviders().first()).getIdentity());
        return user;
    }
}
