package io.phasetwo.keycloak.magic.auth;

import io.phasetwo.keycloak.magic.MagicLink;
import io.phasetwo.keycloak.magic.auth.util.Authenticators;
import jakarta.ws.rs.core.MultivaluedMap;
import jakarta.ws.rs.core.Response;
import java.util.OptionalInt;
import org.jboss.logging.Logger;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.AuthenticationFlowError;
import org.keycloak.authentication.authenticators.browser.UsernamePasswordForm;
import org.keycloak.events.EventType;
import org.keycloak.forms.login.LoginFormsProvider;
import org.keycloak.models.UserModel;

/* loaded from: input_file:io/phasetwo/keycloak/magic/auth/MagicLinkAuthenticator.class */
public class MagicLinkAuthenticator extends UsernamePasswordForm {
    private static final Logger log = Logger.getLogger(MagicLinkAuthenticator.class);
    static final String UPDATE_PROFILE_ACTION_CONFIG_PROPERTY = "ext-magic-update-profile-action";
    static final String UPDATE_PASSWORD_ACTION_CONFIG_PROPERTY = "ext-magic-update-password-action";
    static final String ACTION_TOKEN_PERSISTENT_CONFIG_PROPERTY = "ext-magic-allow-token-reuse";

    public void authenticate(AuthenticationFlowContext authenticationFlowContext) {
        log.debug("MagicLinkAuthenticator.authenticate");
        String attemptedUsername = MagicLink.getAttemptedUsername(authenticationFlowContext);
        if (attemptedUsername == null) {
            super.authenticate(authenticationFlowContext);
        } else {
            log.debugf("Found attempted username %s from previous authenticator, skipping login form", attemptedUsername);
            action(authenticationFlowContext);
        }
    }

    public void action(AuthenticationFlowContext authenticationFlowContext) {
        log.debug("MagicLinkAuthenticator.action");
        String trimToNull = MagicLink.trimToNull((String) authenticationFlowContext.getHttpRequest().getDecodedFormParameters().getFirst("username"));
        if (trimToNull == null) {
            trimToNull = MagicLink.getAttemptedUsername(authenticationFlowContext);
        }
        log.debugf("email in action is %s", trimToNull);
        if (trimToNull == null) {
            authenticationFlowContext.getEvent().error("user_not_found");
            authenticationFlowContext.failureChallenge(AuthenticationFlowError.INVALID_USER, challenge(authenticationFlowContext, getDefaultChallengeMessage(authenticationFlowContext), "username"));
            return;
        }
        String clientId = authenticationFlowContext.getSession().getContext().getClient().getClientId();
        UserModel orCreate = MagicLink.getOrCreate(authenticationFlowContext.getSession(), authenticationFlowContext.getRealm(), trimToNull, isForceCreate(authenticationFlowContext, false), isUpdateProfile(authenticationFlowContext, false), isUpdatePassword(authenticationFlowContext, false), MagicLink.registerEvent(authenticationFlowContext.newEvent()));
        if (orCreate == null || MagicLink.trimToNull(orCreate.getEmail()) == null || !MagicLink.isValidEmail(orCreate.getEmail())) {
            authenticationFlowContext.getEvent().event(EventType.LOGIN_ERROR).error("invalid_email");
            authenticationFlowContext.failureChallenge(AuthenticationFlowError.INVALID_USER, challenge(authenticationFlowContext, getDefaultChallengeMessage(authenticationFlowContext), "username"));
            return;
        }
        log.debugf("user is %s %s", orCreate.getEmail(), Boolean.valueOf(orCreate.isEnabled()));
        if (enabledUser(authenticationFlowContext, orCreate)) {
            String linkFromActionToken = MagicLink.linkFromActionToken(authenticationFlowContext.getSession(), authenticationFlowContext.getRealm(), MagicLink.createActionToken(orCreate, clientId, OptionalInt.empty(), Boolean.valueOf(rememberMe(authenticationFlowContext)), authenticationFlowContext.getAuthenticationSession(), Boolean.valueOf(isActionTokenPersistent(authenticationFlowContext, true))));
            log.debugf("sent email to %s? %b. Link? %s", orCreate.getEmail(), Boolean.valueOf(MagicLink.sendMagicLinkEmail(authenticationFlowContext.getSession(), orCreate, linkFromActionToken)), linkFromActionToken);
            authenticationFlowContext.getAuthenticationSession().setAuthNote("ATTEMPTED_USERNAME", trimToNull);
            authenticationFlowContext.challenge(authenticationFlowContext.form().createForm("view-email.ftl"));
        }
    }

    private boolean rememberMe(AuthenticationFlowContext authenticationFlowContext) {
        String str = (String) authenticationFlowContext.getHttpRequest().getDecodedFormParameters().getFirst("rememberMe");
        return authenticationFlowContext.getRealm().isRememberMe() && str != null && str.equalsIgnoreCase("on");
    }

    private boolean isForceCreate(AuthenticationFlowContext authenticationFlowContext, boolean z) {
        return Authenticators.is(authenticationFlowContext, MagicLink.CREATE_NONEXISTENT_USER_CONFIG_PROPERTY, z);
    }

    private boolean isUpdateProfile(AuthenticationFlowContext authenticationFlowContext, boolean z) {
        return Authenticators.is(authenticationFlowContext, UPDATE_PROFILE_ACTION_CONFIG_PROPERTY, z);
    }

    private boolean isUpdatePassword(AuthenticationFlowContext authenticationFlowContext, boolean z) {
        return Authenticators.is(authenticationFlowContext, UPDATE_PASSWORD_ACTION_CONFIG_PROPERTY, z);
    }

    private boolean isActionTokenPersistent(AuthenticationFlowContext authenticationFlowContext, boolean z) {
        return Authenticators.is(authenticationFlowContext, ACTION_TOKEN_PERSISTENT_CONFIG_PROPERTY, z);
    }

    protected boolean validateForm(AuthenticationFlowContext authenticationFlowContext, MultivaluedMap<String, String> multivaluedMap) {
        log.debug("validateForm");
        return validateUser(authenticationFlowContext, multivaluedMap);
    }

    protected Response challenge(AuthenticationFlowContext authenticationFlowContext, MultivaluedMap<String, String> multivaluedMap) {
        log.debug("challenge");
        LoginFormsProvider form = authenticationFlowContext.form();
        if (!multivaluedMap.isEmpty()) {
            form.setFormData(multivaluedMap);
        }
        return form.createLoginUsername();
    }

    protected Response createLoginForm(LoginFormsProvider loginFormsProvider) {
        log.debug("createLoginForm");
        return loginFormsProvider.createLoginUsername();
    }

    protected String getDefaultChallengeMessage(AuthenticationFlowContext authenticationFlowContext) {
        log.debug("getDefaultChallengeMessage");
        return authenticationFlowContext.getRealm().isLoginWithEmailAllowed() ? "invalidUsernameOrEmailMessage" : "invalidUsernameMessage";
    }
}
