package io.phasetwo.keycloak.magic.auth;

import io.phasetwo.keycloak.magic.MagicLink;
import io.phasetwo.keycloak.magic.auth.util.Authenticators;
import io.phasetwo.keycloak.magic.auth.util.MagicLinkConstants;
import jakarta.ws.rs.core.MultivaluedMap;
import jakarta.ws.rs.core.Response;
import java.time.ZonedDateTime;
import java.util.Map;
import org.jboss.logging.Logger;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.AuthenticationFlowError;
import org.keycloak.authentication.authenticators.browser.UsernamePasswordForm;
import org.keycloak.events.EventType;
import org.keycloak.forms.login.LoginFormsProvider;
import org.keycloak.models.AuthenticatorConfigModel;
import org.keycloak.models.UserModel;
import org.keycloak.services.managers.AuthenticationSessionManager;
import org.keycloak.utils.StringUtil;

/* loaded from: input_file:io/phasetwo/keycloak/magic/auth/MagicLinkContinuationAuthenticator.class */
public class MagicLinkContinuationAuthenticator extends UsernamePasswordForm {
    private static final Logger log = Logger.getLogger(MagicLinkContinuationAuthenticator.class);

    public void authenticate(AuthenticationFlowContext authenticationFlowContext) {
        log.debug("MagicLinkContinuationAuthenticator.authenticate");
        if (sessionExpired(authenticationFlowContext)) {
            new AuthenticationSessionManager(authenticationFlowContext.getSession()).removeTabIdInAuthenticationSession(authenticationFlowContext.getRealm(), authenticationFlowContext.getAuthenticationSession());
            authenticationFlowContext.getEvent().error("session_expired");
            authenticationFlowContext.failureChallenge(AuthenticationFlowError.GENERIC_AUTHENTICATION_ERROR, challenge(authenticationFlowContext, "expiredActionTokenNoSessionMessage", "username"));
            return;
        }
        String attemptedUsername = MagicLink.getAttemptedUsername(authenticationFlowContext);
        if (StringUtil.isNotBlank(authenticationFlowContext.getAuthenticationSession().getAuthNote(MagicLinkConstants.SESSION_CONFIRMED))) {
            UserModel userByEmail = MagicLink.isValidEmail(attemptedUsername) ? authenticationFlowContext.getSession().users().getUserByEmail(authenticationFlowContext.getRealm(), attemptedUsername) : authenticationFlowContext.getSession().users().getUserByUsername(authenticationFlowContext.getRealm(), attemptedUsername);
            authenticationFlowContext.setUser(userByEmail);
            authenticationFlowContext.getAuthenticationSession().setAuthenticatedUser(userByEmail);
            authenticationFlowContext.success();
            return;
        }
        if (attemptedUsername == null) {
            super.authenticate(authenticationFlowContext);
        } else if (!StringUtil.isBlank(authenticationFlowContext.getAuthenticationSession().getAuthNote(MagicLinkConstants.SESSION_INITIATED))) {
            authenticationFlowContext.challenge(authenticationFlowContext.form().createForm("view-email-continuation.ftl"));
        } else {
            log.debugf("Found attempted username %s from previous authenticator, skipping login form", attemptedUsername);
            action(authenticationFlowContext);
        }
    }

    private boolean sessionExpired(AuthenticationFlowContext authenticationFlowContext) {
        String authNote = authenticationFlowContext.getAuthenticationSession().getAuthNote(MagicLinkConstants.SESSION_EXPIRATION);
        if (StringUtil.isNotBlank(authNote)) {
            return ZonedDateTime.parse(authNote).isBefore(ZonedDateTime.now());
        }
        return false;
    }

    public void action(AuthenticationFlowContext authenticationFlowContext) {
        log.debug("MagicLinkAuthenticator.action");
        String trimToNull = MagicLink.trimToNull((String) authenticationFlowContext.getHttpRequest().getDecodedFormParameters().getFirst("username"));
        if (trimToNull == null) {
            trimToNull = MagicLink.getAttemptedUsername(authenticationFlowContext);
        }
        log.debugf("email in action is %s", trimToNull);
        if (trimToNull == null) {
            authenticationFlowContext.getEvent().error("user_not_found");
            authenticationFlowContext.failureChallenge(AuthenticationFlowError.INVALID_USER, challenge(authenticationFlowContext, getDefaultChallengeMessage(authenticationFlowContext), "username"));
            return;
        }
        String clientId = authenticationFlowContext.getSession().getContext().getClient().getClientId();
        UserModel orCreate = MagicLink.getOrCreate(authenticationFlowContext.getSession(), authenticationFlowContext.getRealm(), trimToNull, isForceCreate(authenticationFlowContext, false), false, false, MagicLink.registerEvent(authenticationFlowContext.newEvent()));
        if (orCreate == null || MagicLink.trimToNull(orCreate.getEmail()) == null || !MagicLink.isValidEmail(orCreate.getEmail())) {
            authenticationFlowContext.getEvent().event(EventType.LOGIN_ERROR).error("invalid_email");
            authenticationFlowContext.failureChallenge(AuthenticationFlowError.INVALID_USER, challenge(authenticationFlowContext, getDefaultChallengeMessage(authenticationFlowContext), "username"));
            return;
        }
        log.debugf("user is %s %s", orCreate.getEmail(), Boolean.valueOf(orCreate.isEnabled()));
        if (enabledUser(authenticationFlowContext, orCreate)) {
            int timeout = getTimeout(authenticationFlowContext, 10);
            String linkFromActionToken = MagicLink.linkFromActionToken(authenticationFlowContext.getSession(), authenticationFlowContext.getRealm(), MagicLink.createExpandedActionToken(orCreate, clientId, 60 * timeout, authenticationFlowContext.getAuthenticationSession()));
            log.debugf("sent email to %s? %b. Link? %s", orCreate.getEmail(), Boolean.valueOf(MagicLink.sendMagicLinkContinuationEmail(authenticationFlowContext.getSession(), orCreate, linkFromActionToken)), linkFromActionToken);
            authenticationFlowContext.getAuthenticationSession().setAuthNote("ATTEMPTED_USERNAME", trimToNull);
            authenticationFlowContext.getAuthenticationSession().setAuthNote(MagicLinkConstants.SESSION_INITIATED, "true");
            authenticationFlowContext.getAuthenticationSession().setAuthNote(MagicLinkConstants.SESSION_EXPIRATION, ZonedDateTime.now().plusMinutes(timeout).plusSeconds(2L).toString());
            authenticationFlowContext.challenge(authenticationFlowContext.form().createForm("view-email-continuation.ftl"));
        }
    }

    private boolean isForceCreate(AuthenticationFlowContext authenticationFlowContext, boolean z) {
        return Authenticators.is(authenticationFlowContext, MagicLink.CREATE_NONEXISTENT_USER_CONFIG_PROPERTY, z);
    }

    protected boolean validateForm(AuthenticationFlowContext authenticationFlowContext, MultivaluedMap<String, String> multivaluedMap) {
        log.debug("validateForm");
        return validateUser(authenticationFlowContext, multivaluedMap);
    }

    protected Response challenge(AuthenticationFlowContext authenticationFlowContext, MultivaluedMap<String, String> multivaluedMap) {
        log.debug("challenge");
        LoginFormsProvider form = authenticationFlowContext.form();
        if (!multivaluedMap.isEmpty()) {
            form.setFormData(multivaluedMap);
        }
        return form.createLoginUsername();
    }

    protected Response createLoginForm(LoginFormsProvider loginFormsProvider) {
        log.debug("createLoginForm");
        return loginFormsProvider.createLoginUsername();
    }

    protected String getDefaultChallengeMessage(AuthenticationFlowContext authenticationFlowContext) {
        log.debug("getDefaultChallengeMessage");
        return authenticationFlowContext.getRealm().isLoginWithEmailAllowed() ? "invalidUsernameOrEmailMessage" : "invalidUsernameMessage";
    }

    private int getTimeout(AuthenticationFlowContext authenticationFlowContext, int i) {
        Map config;
        AuthenticatorConfigModel authenticatorConfig = authenticationFlowContext.getAuthenticatorConfig();
        if (authenticatorConfig != null && (config = authenticatorConfig.getConfig()) != null) {
            try {
                return Integer.parseInt((String) config.get(MagicLinkConstants.TIMEOUT));
            } catch (NumberFormatException e) {
                return i;
            }
        }
        return i;
    }
}
