package org.apereo.cas.web.flow.delegation;

import java.util.List;
import java.util.UUID;
import org.apereo.cas.api.PasswordlessUserAccount;
import org.apereo.cas.authentication.principal.AbstractWebApplicationService;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.MockRequestContext;
import org.apereo.cas.web.flow.BasePasswordlessAuthenticationActionTests;
import org.apereo.cas.web.flow.BaseWebflowConfigurerTests;
import org.apereo.cas.web.flow.DelegatedClientIdentityProviderAuthorizer;
import org.apereo.cas.web.flow.PasswordlessWebflowUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Import;

@Tag("WebflowAuthenticationActions")
@Import({BaseWebflowConfigurerTests.SharedTestConfiguration.class})
/* loaded from: input_file:org/apereo/cas/web/flow/delegation/PasswordlessDelegatedClientIdentityProviderAuthorizerTests.class */
class PasswordlessDelegatedClientIdentityProviderAuthorizerTests extends BasePasswordlessAuthenticationActionTests {

    @Autowired
    @Qualifier("passwordlessDelegatedClientIdentityProviderAuthorizer")
    private DelegatedClientIdentityProviderAuthorizer authorizer;

    @Autowired
    @Qualifier("servicesManager")
    private ServicesManager servicesManager;

    PasswordlessDelegatedClientIdentityProviderAuthorizerTests() {
    }

    @Test
    void verifyNoneDefined() throws Throwable {
        MockRequestContext create = MockRequestContext.create(this.applicationContext);
        PasswordlessWebflowUtils.putPasswordlessAuthenticationAccount(create, PasswordlessUserAccount.builder().username("casuser").allowedDelegatedClients(List.of()).build());
        Assertions.assertTrue(isAuthorized(create));
    }

    @Test
    void verifyDefined() throws Throwable {
        MockRequestContext create = MockRequestContext.create(this.applicationContext);
        PasswordlessWebflowUtils.putPasswordlessAuthenticationAccount(create, PasswordlessUserAccount.builder().username("casuser").allowedDelegatedClients(List.of("CasClient")).build());
        Assertions.assertTrue(isAuthorized(create));
    }

    @Test
    void verifyUnknown() throws Throwable {
        MockRequestContext create = MockRequestContext.create(this.applicationContext);
        PasswordlessWebflowUtils.putPasswordlessAuthenticationAccount(create, PasswordlessUserAccount.builder().username("casuser").allowedDelegatedClients(List.of("AnotherClient")).build());
        Assertions.assertFalse(isAuthorized(create));
    }

    @Test
    void verifyNoAccount() throws Throwable {
        Assertions.assertFalse(isAuthorized(MockRequestContext.create(this.applicationContext)));
    }

    private boolean isAuthorized(MockRequestContext mockRequestContext) throws Throwable {
        AbstractWebApplicationService service = RegisteredServiceTestUtils.getService(UUID.randomUUID().toString());
        this.servicesManager.save(RegisteredServiceTestUtils.getRegisteredService(service.getId()));
        return this.authorizer.isDelegatedClientAuthorizedFor("CasClient", service, mockRequestContext);
    }
}
