package org.keycloak.authentication.requiredactions;

import jakarta.ws.rs.core.MultivaluedHashMap;
import jakarta.ws.rs.core.MultivaluedMap;
import jakarta.ws.rs.core.UriInfo;
import java.util.Objects;
import java.util.concurrent.TimeUnit;
import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.authentication.AuthenticationProcessor;
import org.keycloak.authentication.AuthenticatorUtil;
import org.keycloak.authentication.InitiatedActionSupport;
import org.keycloak.authentication.RequiredActionContext;
import org.keycloak.authentication.RequiredActionFactory;
import org.keycloak.authentication.RequiredActionProvider;
import org.keycloak.authentication.actiontoken.updateemail.UpdateEmailActionToken;
import org.keycloak.common.Profile;
import org.keycloak.common.util.Time;
import org.keycloak.email.EmailException;
import org.keycloak.email.EmailTemplateProvider;
import org.keycloak.events.EventBuilder;
import org.keycloak.events.EventType;
import org.keycloak.forms.login.LoginFormsPages;
import org.keycloak.forms.login.LoginFormsProvider;
import org.keycloak.forms.login.freemarker.Templates;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.provider.EnvironmentDependentProviderFactory;
import org.keycloak.services.Urls;
import org.keycloak.services.validation.Validation;
import org.keycloak.sessions.AuthenticationSessionModel;
import org.keycloak.userprofile.AttributeChangeListener;
import org.keycloak.userprofile.EventAuditingAttributeChangeListener;
import org.keycloak.userprofile.UserProfile;
import org.keycloak.userprofile.UserProfileContext;
import org.keycloak.userprofile.UserProfileProvider;
import org.keycloak.userprofile.ValidationException;

/* loaded from: input_file:org/keycloak/authentication/requiredactions/UpdateEmail.class */
public class UpdateEmail implements RequiredActionProvider, RequiredActionFactory, EnvironmentDependentProviderFactory {
    private static final Logger logger = Logger.getLogger(UpdateEmail.class);

    public InitiatedActionSupport initiatedActionSupport() {
        return InitiatedActionSupport.SUPPORTED;
    }

    public String getDisplayText() {
        return "Update Email";
    }

    public void evaluateTriggers(RequiredActionContext requiredActionContext) {
    }

    public void requiredActionChallenge(RequiredActionContext requiredActionContext) {
        requiredActionContext.challenge(requiredActionContext.form().createResponse(UserModel.RequiredAction.UPDATE_EMAIL));
    }

    public void processAction(RequiredActionContext requiredActionContext) {
        MultivaluedMap decodedFormParameters = requiredActionContext.getHttpRequest().getDecodedFormParameters();
        String str = (String) decodedFormParameters.getFirst("email");
        RealmModel realm = requiredActionContext.getRealm();
        UserModel user = requiredActionContext.getUser();
        try {
            UserProfile validateEmailUpdate = validateEmailUpdate(requiredActionContext.getSession(), user, str);
            boolean equals = "on".equals(decodedFormParameters.getFirst("logout-sessions"));
            if (realm.isVerifyEmail() && !Validation.isBlank(str) && (!Objects.equals(user.getEmail(), str) || !user.isEmailVerified())) {
                sendEmailUpdateConfirmation(requiredActionContext, equals);
                return;
            }
            if (equals) {
                AuthenticatorUtil.logoutOtherSessions(requiredActionContext);
            }
            updateEmailWithoutConfirmation(requiredActionContext, validateEmailUpdate);
        } catch (ValidationException e) {
            requiredActionContext.challenge(requiredActionContext.form().setErrors(Validation.getFormErrorsFromValidation(e.getErrors())).setFormData(decodedFormParameters).createResponse(UserModel.RequiredAction.UPDATE_EMAIL));
        }
    }

    private void sendEmailUpdateConfirmation(RequiredActionContext requiredActionContext, boolean z) {
        UserModel user = requiredActionContext.getUser();
        String email = user.getEmail();
        String str = (String) requiredActionContext.getHttpRequest().getDecodedFormParameters().getFirst("email");
        RealmModel realm = requiredActionContext.getRealm();
        int actionTokenGeneratedByUserLifespan = realm.getActionTokenGeneratedByUserLifespan(UpdateEmailActionToken.TOKEN_TYPE);
        UriInfo uriInfo = requiredActionContext.getUriInfo();
        KeycloakSession session = requiredActionContext.getSession();
        AuthenticationSessionModel authenticationSession = requiredActionContext.getAuthenticationSession();
        String uri = Urls.actionTokenBuilder(uriInfo.getBaseUri(), new UpdateEmailActionToken(user.getId(), Time.currentTime() + actionTokenGeneratedByUserLifespan, email, str, authenticationSession.getClient().getClientId(), Boolean.valueOf(z), authenticationSession.getRedirectUri()).serialize(session, realm, uriInfo), authenticationSession.getClient().getClientId(), authenticationSession.getTabId(), AuthenticationProcessor.getClientData(session, authenticationSession)).build(new Object[]{realm.getName()}).toString();
        requiredActionContext.getEvent().event(EventType.SEND_VERIFY_EMAIL).detail("email", str);
        try {
            session.getProvider(EmailTemplateProvider.class).setAuthenticationSession(authenticationSession).setRealm(realm).setUser(user).sendEmailUpdateConfirmation(uri, TimeUnit.SECONDS.toMinutes(actionTokenGeneratedByUserLifespan), str);
            requiredActionContext.getEvent().success();
            LoginFormsProvider form = requiredActionContext.form();
            requiredActionContext.challenge(form.setAttribute("messageHeader", form.getMessage("emailUpdateConfirmationSentTitle")).setInfo("emailUpdateConfirmationSent", new Object[]{str}).createForm(Templates.getTemplate(LoginFormsPages.INFO)));
        } catch (EmailException e) {
            logger.error("Failed to send email for email update", e);
            requiredActionContext.getEvent().error("email_send_failed");
        }
    }

    private void updateEmailWithoutConfirmation(RequiredActionContext requiredActionContext, UserProfile userProfile) {
        updateEmailNow(requiredActionContext.getEvent(), requiredActionContext.getUser(), userProfile);
        requiredActionContext.success();
    }

    public static UserProfile validateEmailUpdate(KeycloakSession keycloakSession, UserModel userModel, String str) {
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.putSingle("username", userModel.getUsername());
        multivaluedHashMap.putSingle("email", str);
        UserProfile create = keycloakSession.getProvider(UserProfileProvider.class).create(UserProfileContext.UPDATE_EMAIL, multivaluedHashMap, userModel);
        create.validate();
        return create;
    }

    public static void updateEmailNow(EventBuilder eventBuilder, UserModel userModel, UserProfile userProfile) {
        eventBuilder.event(EventType.UPDATE_EMAIL).detail("previous_email", userModel.getEmail()).detail("updated_email", userProfile.getAttributes().getFirst("email"));
        userProfile.update(false, new AttributeChangeListener[]{new EventAuditingAttributeChangeListener(userProfile, eventBuilder)});
    }

    /* renamed from: create, reason: merged with bridge method [inline-methods] */
    public RequiredActionProvider m132create(KeycloakSession keycloakSession) {
        return this;
    }

    public void init(Config.Scope scope) {
    }

    public void postInit(KeycloakSessionFactory keycloakSessionFactory) {
    }

    public void close() {
    }

    public String getId() {
        return UserModel.RequiredAction.UPDATE_EMAIL.name();
    }

    public boolean isSupported(Config.Scope scope) {
        return Profile.isFeatureEnabled(Profile.Feature.UPDATE_EMAIL);
    }
}
