package org.keycloak.authentication.authenticators.resetcred;

import java.util.List;
import org.keycloak.Config;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.AuthenticationFlowError;
import org.keycloak.authentication.Authenticator;
import org.keycloak.authentication.AuthenticatorFactory;
import org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator;
import org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator;
import org.keycloak.events.Errors;
import org.keycloak.events.EventBuilder;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.messages.Messages;

/* loaded from: input_file:wildfly-10.1.0.Final/modules/system/add-ons/keycloak/org/keycloak/keycloak-services/main/keycloak-services-2.1.0.Final.jar:org/keycloak/authentication/authenticators/resetcred/ResetCredentialChooseUser.class */
public class ResetCredentialChooseUser implements Authenticator, AuthenticatorFactory {
    public static final String PROVIDER_ID = "reset-credentials-choose-user";
    protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
    public static final AuthenticationExecutionModel.Requirement[] REQUIREMENT_CHOICES = {AuthenticationExecutionModel.Requirement.REQUIRED};

    @Override // org.keycloak.authentication.Authenticator
    public void authenticate(AuthenticationFlowContext authenticationFlowContext) {
        if (authenticationFlowContext.getClientSession().getNote(AbstractIdpAuthenticator.EXISTING_USER_INFO) == null) {
            authenticationFlowContext.challenge(authenticationFlowContext.form().createPasswordReset());
            return;
        }
        UserModel existingUser = AbstractIdpAuthenticator.getExistingUser(authenticationFlowContext.getSession(), authenticationFlowContext.getRealm(), authenticationFlowContext.getClientSession());
        logger.debugf("Forget-password triggered when reauthenticating user after first broker login. Skipping reset-credential-choose-user screen and using user '%s' ", existingUser.getUsername());
        authenticationFlowContext.setUser(existingUser);
        authenticationFlowContext.success();
    }

    @Override // org.keycloak.authentication.Authenticator
    public void action(AuthenticationFlowContext authenticationFlowContext) {
        EventBuilder event = authenticationFlowContext.getEvent();
        String first = authenticationFlowContext.getHttpRequest().getDecodedFormParameters().getFirst("username");
        if (first == null || first.isEmpty()) {
            event.error(Errors.USERNAME_MISSING);
            authenticationFlowContext.failureChallenge(AuthenticationFlowError.INVALID_USER, authenticationFlowContext.form().setError(Messages.MISSING_USERNAME, new Object[0]).createPasswordReset());
            return;
        }
        UserModel userByUsername = authenticationFlowContext.getSession().users().getUserByUsername(first, authenticationFlowContext.getRealm());
        if (userByUsername == null && first.contains("@")) {
            userByUsername = authenticationFlowContext.getSession().users().getUserByEmail(first, authenticationFlowContext.getRealm());
        }
        authenticationFlowContext.getClientSession().setNote(AbstractUsernameFormAuthenticator.ATTEMPTED_USERNAME, first);
        if (userByUsername == null) {
            event.m17608clone().detail("username", first).error(Errors.USER_NOT_FOUND);
        } else if (userByUsername.isEnabled()) {
            authenticationFlowContext.setUser(userByUsername);
        } else {
            event.m17608clone().detail("username", first).user(userByUsername).error(Errors.USER_DISABLED);
        }
        authenticationFlowContext.success();
    }

    @Override // org.keycloak.authentication.Authenticator
    public boolean requiresUser() {
        return false;
    }

    @Override // org.keycloak.authentication.Authenticator
    public boolean configuredFor(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
        return true;
    }

    @Override // org.keycloak.authentication.Authenticator
    public void setRequiredActions(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
    }

    @Override // org.keycloak.authentication.ConfigurableAuthenticatorFactory
    public String getDisplayType() {
        return "Choose User";
    }

    @Override // org.keycloak.authentication.ConfigurableAuthenticatorFactory
    public String getReferenceCategory() {
        return null;
    }

    @Override // org.keycloak.authentication.ConfigurableAuthenticatorFactory
    public boolean isConfigurable() {
        return false;
    }

    @Override // org.keycloak.authentication.ConfigurableAuthenticatorFactory
    public AuthenticationExecutionModel.Requirement[] getRequirementChoices() {
        return REQUIREMENT_CHOICES;
    }

    @Override // org.keycloak.authentication.ConfigurableAuthenticatorFactory
    public boolean isUserSetupAllowed() {
        return false;
    }

    @Override // org.keycloak.provider.ConfiguredProvider
    public String getHelpText() {
        return "Choose a user to reset credentials for";
    }

    @Override // org.keycloak.provider.ConfiguredProvider
    public List<ProviderConfigProperty> getConfigProperties() {
        return null;
    }

    @Override // org.keycloak.provider.Provider
    public void close() {
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.keycloak.provider.ProviderFactory
    /* renamed from: create */
    public Authenticator create2(KeycloakSession keycloakSession) {
        return this;
    }

    @Override // org.keycloak.provider.ProviderFactory
    public void init(Config.Scope scope) {
    }

    @Override // org.keycloak.provider.ProviderFactory
    public void postInit(KeycloakSessionFactory keycloakSessionFactory) {
    }

    @Override // org.keycloak.provider.ProviderFactory
    public String getId() {
        return PROVIDER_ID;
    }
}
