package io.phasetwo.keycloak.magic.auth.token;

import io.phasetwo.keycloak.magic.auth.model.MagicLinkContinuationBean;
import io.phasetwo.keycloak.magic.auth.util.MagicLinkConstants;
import jakarta.ws.rs.core.Cookie;
import jakarta.ws.rs.core.Response;
import org.jboss.logging.Logger;
import org.keycloak.authentication.actiontoken.AbstractActionTokenHandler;
import org.keycloak.authentication.actiontoken.ActionTokenContext;
import org.keycloak.events.EventType;
import org.keycloak.forms.login.LoginFormsProvider;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.UserModel;
import org.keycloak.representations.JsonWebToken;
import org.keycloak.sessions.AuthenticationSessionModel;
import org.keycloak.sessions.RootAuthenticationSessionModel;

/* loaded from: input_file:io/phasetwo/keycloak/magic/auth/token/MagicLinkContinuationLinkActionTokenHandler.class */
public class MagicLinkContinuationLinkActionTokenHandler extends AbstractActionTokenHandler<MagicLinkContinuationActionToken> {
    private static final Logger log = Logger.getLogger(MagicLinkContinuationLinkActionTokenHandler.class);

    public MagicLinkContinuationLinkActionTokenHandler() {
        super("magic-link-continuation", MagicLinkContinuationActionToken.class, "invalidRequestMessage", EventType.EXECUTE_ACTION_TOKEN, "invalid_request");
    }

    public Response handleToken(MagicLinkContinuationActionToken magicLinkContinuationActionToken, ActionTokenContext<MagicLinkContinuationActionToken> actionTokenContext) {
        AuthenticationSessionModel authenticationSession;
        log.infof("HandleToken for iss:%s, user:%s", magicLinkContinuationActionToken.getIssuedFor(), magicLinkContinuationActionToken.getUserId());
        UserModel authenticatedUser = actionTokenContext.getAuthenticationSession().getAuthenticatedUser();
        ClientModel client = actionTokenContext.getAuthenticationSession().getClient();
        authenticatedUser.setEmailVerified(true);
        KeycloakSession session = actionTokenContext.getSession();
        RootAuthenticationSessionModel rootAuthenticationSession = session.authenticationSessions().getRootAuthenticationSession(actionTokenContext.getRealm(), magicLinkContinuationActionToken.getSessionId());
        LoginFormsProvider provider = session.getProvider(LoginFormsProvider.class);
        if (rootAuthenticationSession == null || (authenticationSession = rootAuthenticationSession.getAuthenticationSession(client, magicLinkContinuationActionToken.getTabId())) == null) {
            actionTokenContext.getEvent().error("Expired magic link continuation session!");
            return provider.createForm("email-confirmation-error.ftl");
        }
        authenticationSession.setAuthNote(MagicLinkConstants.SESSION_CONFIRMED, "true");
        Cookie cookie = (Cookie) session.getContext().getRequestHeaders().getCookies().get(MagicLinkConstants.AUTH_SESSION_ID);
        MagicLinkContinuationBean magicLinkContinuationBean = new MagicLinkContinuationBean(cookie != null && cookie.getValue().equals(magicLinkContinuationActionToken.getSessionId()), magicLinkContinuationActionToken.getRedirectUri());
        actionTokenContext.getEvent().success();
        return provider.setAttribute("magicLinkContinuation", magicLinkContinuationBean).createForm("email-confirmation.ftl");
    }

    public AuthenticationSessionModel startFreshAuthenticationSession(MagicLinkContinuationActionToken magicLinkContinuationActionToken, ActionTokenContext<MagicLinkContinuationActionToken> actionTokenContext) {
        log.infof("startFreshAuthenticationSession %s", magicLinkContinuationActionToken.getIssuedFor());
        ClientModel clientByClientId = actionTokenContext.getSession().clients().getClientByClientId(actionTokenContext.getRealm(), magicLinkContinuationActionToken.getIssuedFor());
        RootAuthenticationSessionModel rootAuthenticationSession = actionTokenContext.getSession().authenticationSessions().getRootAuthenticationSession(actionTokenContext.getRealm(), magicLinkContinuationActionToken.getSessionId());
        if (rootAuthenticationSession != null) {
            return rootAuthenticationSession.createAuthenticationSession(clientByClientId);
        }
        AuthenticationSessionModel createAuthenticationSessionForClient = actionTokenContext.createAuthenticationSessionForClient(magicLinkContinuationActionToken.getIssuedFor());
        createAuthenticationSessionForClient.setAuthNote("INVALIDATE_ACTION_TOKEN", "true");
        return createAuthenticationSessionForClient;
    }

    public /* bridge */ /* synthetic */ AuthenticationSessionModel startFreshAuthenticationSession(JsonWebToken jsonWebToken, ActionTokenContext actionTokenContext) {
        return startFreshAuthenticationSession((MagicLinkContinuationActionToken) jsonWebToken, (ActionTokenContext<MagicLinkContinuationActionToken>) actionTokenContext);
    }

    public /* bridge */ /* synthetic */ Response handleToken(JsonWebToken jsonWebToken, ActionTokenContext actionTokenContext) {
        return handleToken((MagicLinkContinuationActionToken) jsonWebToken, (ActionTokenContext<MagicLinkContinuationActionToken>) actionTokenContext);
    }
}
