package io.phasetwo.keycloak.magic.auth;

import com.google.common.collect.ImmutableList;
import io.phasetwo.keycloak.magic.MagicLink;
import jakarta.ws.rs.core.MultivaluedMap;
import java.util.concurrent.ThreadLocalRandom;
import org.jboss.logging.Logger;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.Authenticator;
import org.keycloak.forms.login.LoginFormsProvider;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.FormMessage;

/* loaded from: input_file:io/phasetwo/keycloak/magic/auth/EmailOtpAuthenticator.class */
public class EmailOtpAuthenticator implements Authenticator {
    private static final Logger log = Logger.getLogger(EmailOtpAuthenticator.class);
    public static final String USER_AUTH_NOTE_OTP_CODE = "user-auth-note-otp-code";
    public static final String FORM_PARAM_OTP_CODE = "otp";

    public void authenticate(AuthenticationFlowContext authenticationFlowContext) {
        challenge(authenticationFlowContext, null);
    }

    private void challenge(AuthenticationFlowContext authenticationFlowContext, FormMessage formMessage) {
        sendOtp(authenticationFlowContext);
        LoginFormsProvider execution = authenticationFlowContext.form().setExecution(authenticationFlowContext.getExecution().getId());
        if (formMessage != null) {
            execution.setErrors(ImmutableList.of(formMessage));
        }
        authenticationFlowContext.challenge(execution.createForm("otp-form.ftl"));
    }

    private void sendOtp(AuthenticationFlowContext authenticationFlowContext) {
        if (authenticationFlowContext.getAuthenticationSession().getAuthNote(USER_AUTH_NOTE_OTP_CODE) != null) {
            log.debugf("Skipping sending OTP email to %s because auth note isn't empty", authenticationFlowContext.getUser().getEmail());
            return;
        }
        String format = String.format("%06d", Integer.valueOf(ThreadLocalRandom.current().nextInt(999999)));
        if (MagicLink.sendOtpEmail(authenticationFlowContext.getSession(), authenticationFlowContext.getUser(), format)) {
            log.debugf("Sent OTP code %s to email %s", format, authenticationFlowContext.getUser().getEmail());
            authenticationFlowContext.getAuthenticationSession().setAuthNote(USER_AUTH_NOTE_OTP_CODE, format);
        }
    }

    public void action(AuthenticationFlowContext authenticationFlowContext) {
        log.debug("EmailOtpAuthenticator.action");
        MultivaluedMap decodedFormParameters = authenticationFlowContext.getHttpRequest().getDecodedFormParameters();
        if (decodedFormParameters.containsKey("resend")) {
            authenticationFlowContext.getAuthenticationSession().removeAuthNote(USER_AUTH_NOTE_OTP_CODE);
            challenge(authenticationFlowContext, null);
            return;
        }
        String str = (String) decodedFormParameters.getFirst(FORM_PARAM_OTP_CODE);
        log.debugf("Got %s for OTP code in form", str);
        if (str != null) {
            try {
                if (str.equals(authenticationFlowContext.getAuthenticationSession().getAuthNote(USER_AUTH_NOTE_OTP_CODE))) {
                    authenticationFlowContext.getAuthenticationSession().removeAuthNote(USER_AUTH_NOTE_OTP_CODE);
                    authenticationFlowContext.getAuthenticationSession().getAuthenticatedUser().setEmailVerified(true);
                    authenticationFlowContext.success();
                    return;
                }
            } catch (Exception e) {
                log.warn("Error comparing OTP code to form", e);
            }
        }
        authenticationFlowContext.getEvent().error("invalid_user_credentials");
        challenge(authenticationFlowContext, new FormMessage("invalidAccessCodeMessage", new Object[0]));
    }

    public boolean requiresUser() {
        return true;
    }

    public boolean configuredFor(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
        return true;
    }

    public void setRequiredActions(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
    }

    public void close() {
    }
}
