package io.phasetwo.keycloak.magic.resources;

import io.phasetwo.keycloak.magic.MagicLink;
import io.phasetwo.keycloak.magic.representation.MagicLinkRequest;
import io.phasetwo.keycloak.magic.representation.MagicLinkResponse;
import jakarta.ws.rs.BadRequestException;
import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.ForbiddenException;
import jakarta.ws.rs.NotFoundException;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.Produces;
import java.util.OptionalInt;
import org.jboss.logging.Logger;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.UserModel;

/* loaded from: input_file:io/phasetwo/keycloak/magic/resources/MagicLinkResource.class */
public class MagicLinkResource extends AbstractAdminResource {
    private static final Logger log = Logger.getLogger(MagicLinkResource.class);

    public MagicLinkResource(KeycloakSession keycloakSession) {
        super(keycloakSession);
    }

    @POST
    @Produces({"application/json"})
    @Consumes({"application/json"})
    public MagicLinkResponse createMagicLink(MagicLinkRequest magicLinkRequest) {
        if (!this.permissions.users().canManage()) {
            throw new ForbiddenException("magic link requires manage-users");
        }
        ClientModel clientByClientId = this.session.clients().getClientByClientId(this.realm, magicLinkRequest.getClientId());
        if (clientByClientId == null) {
            throw new NotFoundException(String.format("Client with ID %s not found.", magicLinkRequest.getClientId()));
        }
        if (!MagicLink.validateRedirectUri(this.session, magicLinkRequest.getRedirectUri(), clientByClientId)) {
            throw new BadRequestException(String.format("redirectUri %s disallowed by client.", magicLinkRequest.getRedirectUri()));
        }
        String email = magicLinkRequest.getEmail();
        boolean isForceCreate = magicLinkRequest.isForceCreate();
        boolean isUpdateProfile = magicLinkRequest.isUpdateProfile();
        boolean isUpdatePassword = magicLinkRequest.isUpdatePassword();
        boolean isSendEmail = magicLinkRequest.isSendEmail();
        if (magicLinkRequest.getUsername() != null) {
            email = magicLinkRequest.getUsername();
            isForceCreate = false;
            isSendEmail = false;
        }
        UserModel orCreate = MagicLink.getOrCreate(this.session, this.realm, email, isForceCreate, isUpdateProfile, isUpdatePassword, MagicLink.registerEvent(this.event));
        if (orCreate == null) {
            throw new NotFoundException(String.format("User with email/username %s not found, and forceCreate is off.", email));
        }
        String linkFromActionToken = MagicLink.linkFromActionToken(this.session, this.realm, MagicLink.createActionToken(orCreate, magicLinkRequest.getClientId(), magicLinkRequest.getRedirectUri(), OptionalInt.of(magicLinkRequest.getExpirationSeconds()), magicLinkRequest.getScope(), magicLinkRequest.getNonce(), magicLinkRequest.getState(), magicLinkRequest.getRememberMe(), magicLinkRequest.getActionTokenPersistent()));
        boolean z = false;
        if (isSendEmail) {
            z = MagicLink.sendMagicLinkEmail(this.session, orCreate, linkFromActionToken);
            log.infof("sent email to %s? %b. Link? %s", magicLinkRequest.getEmail(), Boolean.valueOf(z), linkFromActionToken);
        }
        MagicLinkResponse magicLinkResponse = new MagicLinkResponse();
        magicLinkResponse.setUserId(orCreate.getId());
        magicLinkResponse.setLink(linkFromActionToken);
        magicLinkResponse.setSent(z);
        return magicLinkResponse;
    }
}
