package io.phasetwo.keycloak.magic.auth.token;

import jakarta.ws.rs.core.Response;
import org.jboss.logging.Logger;
import org.keycloak.authentication.actiontoken.AbstractActionTokenHandler;
import org.keycloak.authentication.actiontoken.ActionTokenContext;
import org.keycloak.events.EventType;
import org.keycloak.models.ClientModel;
import org.keycloak.models.UserModel;
import org.keycloak.protocol.oidc.utils.RedirectUtils;
import org.keycloak.representations.JsonWebToken;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.util.ResolveRelative;
import org.keycloak.sessions.AuthenticationSessionModel;

/* loaded from: input_file:io/phasetwo/keycloak/magic/auth/token/MagicLinkActionTokenHandler.class */
public class MagicLinkActionTokenHandler extends AbstractActionTokenHandler<MagicLinkActionToken> {
    private static final Logger log = Logger.getLogger(MagicLinkActionTokenHandler.class);

    public MagicLinkActionTokenHandler() {
        super("ext-magic-link", MagicLinkActionToken.class, "invalidRequestMessage", EventType.EXECUTE_ACTION_TOKEN, "invalid_request");
    }

    public AuthenticationSessionModel startFreshAuthenticationSession(MagicLinkActionToken magicLinkActionToken, ActionTokenContext<MagicLinkActionToken> actionTokenContext) {
        return actionTokenContext.createAuthenticationSessionForClient(magicLinkActionToken.getIssuedFor());
    }

    public boolean canUseTokenRepeatedly(MagicLinkActionToken magicLinkActionToken, ActionTokenContext<MagicLinkActionToken> actionTokenContext) {
        return magicLinkActionToken.getActionTokenPersistent().booleanValue();
    }

    public Response handleToken(MagicLinkActionToken magicLinkActionToken, ActionTokenContext<MagicLinkActionToken> actionTokenContext) {
        log.infof("handleToken for iss:%s, user:%s", magicLinkActionToken.getIssuedFor(), magicLinkActionToken.getUserId());
        UserModel authenticatedUser = actionTokenContext.getAuthenticationSession().getAuthenticatedUser();
        AuthenticationSessionModel authenticationSession = actionTokenContext.getAuthenticationSession();
        ClientModel client = authenticationSession.getClient();
        String redirectUri = magicLinkActionToken.getRedirectUri() != null ? magicLinkActionToken.getRedirectUri() : ResolveRelative.resolveRelativeUri(actionTokenContext.getSession(), client.getRootUrl(), client.getBaseUrl());
        log.infof("Using redirect_uri %s", redirectUri);
        String verifyRedirectUri = RedirectUtils.verifyRedirectUri(actionTokenContext.getSession(), redirectUri, authenticationSession.getClient());
        if (verifyRedirectUri != null) {
            authenticationSession.setAuthNote("SET_REDIRECT_URI_AFTER_REQUIRED_ACTIONS", "true");
            authenticationSession.setRedirectUri(verifyRedirectUri);
            authenticationSession.setClientNote("redirect_uri", redirectUri);
            if (magicLinkActionToken.getState() != null) {
                authenticationSession.setClientNote("state", magicLinkActionToken.getState());
            }
            if (magicLinkActionToken.getNonce() != null) {
                authenticationSession.setClientNote("nonce", magicLinkActionToken.getNonce());
            }
        }
        if (magicLinkActionToken.getScope() != null) {
            authenticationSession.setClientNote("scope", magicLinkActionToken.getScope());
            AuthenticationManager.setClientScopesInSession(authenticationSession);
        }
        if (magicLinkActionToken.getRememberMe() == null || !magicLinkActionToken.getRememberMe().booleanValue()) {
            authenticationSession.removeAuthNote("remember_me");
        } else {
            authenticationSession.setAuthNote("remember_me", "true");
            actionTokenContext.getEvent().detail("remember_me", "true");
        }
        authenticatedUser.setEmailVerified(true);
        return AuthenticationManager.redirectToRequiredActions(actionTokenContext.getSession(), actionTokenContext.getRealm(), authenticationSession, actionTokenContext.getUriInfo(), AuthenticationManager.nextRequiredAction(actionTokenContext.getSession(), authenticationSession, actionTokenContext.getRequest(), actionTokenContext.getEvent()));
    }

    public /* bridge */ /* synthetic */ boolean canUseTokenRepeatedly(JsonWebToken jsonWebToken, ActionTokenContext actionTokenContext) {
        return canUseTokenRepeatedly((MagicLinkActionToken) jsonWebToken, (ActionTokenContext<MagicLinkActionToken>) actionTokenContext);
    }

    public /* bridge */ /* synthetic */ AuthenticationSessionModel startFreshAuthenticationSession(JsonWebToken jsonWebToken, ActionTokenContext actionTokenContext) {
        return startFreshAuthenticationSession((MagicLinkActionToken) jsonWebToken, (ActionTokenContext<MagicLinkActionToken>) actionTokenContext);
    }

    public /* bridge */ /* synthetic */ Response handleToken(JsonWebToken jsonWebToken, ActionTokenContext actionTokenContext) {
        return handleToken((MagicLinkActionToken) jsonWebToken, (ActionTokenContext<MagicLinkActionToken>) actionTokenContext);
    }
}
