package org.keycloak.services.resources.admin;

import java.net.URI;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriInfo;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.BadRequestException;
import org.jboss.resteasy.spi.NotFoundException;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.authentication.RequiredActionProvider;
import org.keycloak.common.ClientConnection;
import org.keycloak.common.constants.ServiceAccountConstants;
import org.keycloak.common.util.Time;
import org.keycloak.email.EmailException;
import org.keycloak.email.EmailTemplateProvider;
import org.keycloak.events.Details;
import org.keycloak.events.EventBuilder;
import org.keycloak.events.EventType;
import org.keycloak.events.admin.OperationType;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.Constants;
import org.keycloak.models.FederatedIdentityModel;
import org.keycloak.models.GroupModel;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.ModelException;
import org.keycloak.models.ModelReadOnlyException;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserConsentModel;
import org.keycloak.models.UserLoginFailureModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.protocol.oidc.utils.RedirectUtils;
import org.keycloak.provider.ProviderFactory;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.FederatedIdentityRepresentation;
import org.keycloak.representations.idm.GroupRepresentation;
import org.keycloak.representations.idm.UserConsentRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.idm.UserSessionRepresentation;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.ErrorResponseException;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.Urls;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.BruteForceProtector;
import org.keycloak.services.managers.ClientSessionCode;
import org.keycloak.services.managers.UserManager;
import org.keycloak.services.managers.UserSessionManager;
import org.keycloak.services.resources.AccountService;
import org.keycloak.services.resources.admin.RealmAuth;
import org.keycloak.services.validation.Validation;

/* loaded from: input_file:wildfly-10.1.0.Final/modules/system/add-ons/keycloak/org/keycloak/keycloak-services/main/keycloak-services-2.1.0.Final.jar:org/keycloak/services/resources/admin/UsersResource.class */
public class UsersResource {
    protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
    protected RealmModel realm;
    private RealmAuth auth;
    private AdminEventBuilder adminEvent;

    @Context
    protected ClientConnection clientConnection;

    @Context
    protected UriInfo uriInfo;

    @Context
    protected KeycloakSession session;

    @Context
    protected HttpHeaders headers;

    public UsersResource(RealmModel realmModel, RealmAuth realmAuth, AdminEventBuilder adminEventBuilder) {
        this.auth = realmAuth;
        this.realm = realmModel;
        this.adminEvent = adminEventBuilder;
        realmAuth.init(RealmAuth.Resource.USER);
    }

    @Path("{id}")
    @PUT
    @Consumes({"application/json"})
    public Response updateUser(@PathParam("id") String str, UserRepresentation userRepresentation) {
        Set emptySet;
        UserLoginFailureModel userLoginFailure;
        this.auth.requireManage();
        try {
            UserModel userById = this.session.users().getUserById(str, this.realm);
            if (userById == null) {
                throw new NotFoundException("User not found");
            }
            if (userRepresentation.getAttributes() != null) {
                emptySet = new HashSet(userById.getAttributes().keySet());
                emptySet.removeAll(userRepresentation.getAttributes().keySet());
            } else {
                emptySet = Collections.emptySet();
            }
            if (userRepresentation.isEnabled() != null && userRepresentation.isEnabled().booleanValue() && (userLoginFailure = this.session.sessions().getUserLoginFailure(this.realm, str)) != null) {
                userLoginFailure.clearFailures();
            }
            updateUserFromRep(userById, userRepresentation, emptySet, this.realm, this.session, true);
            this.adminEvent.operation(OperationType.UPDATE).resourcePath(this.uriInfo).representation(userRepresentation).success();
            if (this.session.getTransactionManager().isActive()) {
                this.session.getTransactionManager().commit();
            }
            return Response.noContent().build();
        } catch (ModelDuplicateException e) {
            return ErrorResponse.exists("User exists with same username or email");
        } catch (ModelReadOnlyException e2) {
            return ErrorResponse.exists("User is read only!");
        } catch (ModelException e3) {
            return ErrorResponse.exists("Could not update user!");
        }
    }

    @POST
    @Consumes({"application/json"})
    public Response createUser(@Context UriInfo uriInfo, UserRepresentation userRepresentation) {
        this.auth.requireManage();
        if (this.session.users().getUserByUsername(userRepresentation.getUsername(), this.realm) != null) {
            return ErrorResponse.exists("User exists with same username");
        }
        if (userRepresentation.getEmail() != null && this.session.users().getUserByEmail(userRepresentation.getEmail(), this.realm) != null) {
            return ErrorResponse.exists("User exists with same email");
        }
        try {
            UserModel addUser = this.session.users().addUser(this.realm, userRepresentation.getUsername());
            updateUserFromRep(addUser, userRepresentation, Collections.emptySet(), this.realm, this.session, false);
            this.adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, addUser.getId()).representation(userRepresentation).success();
            if (this.session.getTransactionManager().isActive()) {
                this.session.getTransactionManager().commit();
            }
            return Response.created(uriInfo.getAbsolutePathBuilder().path(addUser.getId()).build(new Object[0])).build();
        } catch (ModelDuplicateException e) {
            if (this.session.getTransactionManager().isActive()) {
                this.session.getTransactionManager().setRollbackOnly();
            }
            return ErrorResponse.exists("User exists with same username or email");
        } catch (ModelException e2) {
            if (this.session.getTransactionManager().isActive()) {
                this.session.getTransactionManager().setRollbackOnly();
            }
            return ErrorResponse.exists("Could not create user");
        }
    }

    public static void updateUserFromRep(UserModel userModel, UserRepresentation userRepresentation, Set<String> set, RealmModel realmModel, KeycloakSession keycloakSession, boolean z) {
        if (userRepresentation.getUsername() != null && realmModel.isEditUsernameAllowed()) {
            userModel.setUsername(userRepresentation.getUsername());
        }
        if (userRepresentation.getEmail() != null) {
            userModel.setEmail(userRepresentation.getEmail());
        }
        if (userRepresentation.getFirstName() != null) {
            userModel.setFirstName(userRepresentation.getFirstName());
        }
        if (userRepresentation.getLastName() != null) {
            userModel.setLastName(userRepresentation.getLastName());
        }
        if (userRepresentation.isEnabled() != null) {
            userModel.setEnabled(userRepresentation.isEnabled().booleanValue());
        }
        if (userRepresentation.isTotp() != null) {
            userModel.setOtpEnabled(userRepresentation.isTotp().booleanValue());
        }
        if (userRepresentation.isEmailVerified() != null) {
            userModel.setEmailVerified(userRepresentation.isEmailVerified().booleanValue());
        }
        List<String> requiredActions = userRepresentation.getRequiredActions();
        if (requiredActions != null) {
            HashSet<String> hashSet = new HashSet();
            Iterator<ProviderFactory> it = keycloakSession.getKeycloakSessionFactory().getProviderFactories(RequiredActionProvider.class).iterator();
            while (it.hasNext()) {
                hashSet.add(it.next().getId());
            }
            for (String str : hashSet) {
                if (requiredActions.contains(str)) {
                    userModel.addRequiredAction(str);
                } else if (z) {
                    userModel.removeRequiredAction(str);
                }
            }
        }
        if (userRepresentation.getAttributesAsListValues() != null) {
            for (Map.Entry<String, List<String>> entry : userRepresentation.getAttributesAsListValues().entrySet()) {
                userModel.setAttribute(entry.getKey(), entry.getValue());
            }
            Iterator<String> it2 = set.iterator();
            while (it2.hasNext()) {
                userModel.removeAttribute(it2.next());
            }
        }
    }

    @GET
    @Path("{id}")
    @NoCache
    @Produces({"application/json"})
    public UserRepresentation getUser(@PathParam("id") String str) {
        this.auth.requireView();
        UserModel userById = this.session.users().getUserById(str, this.realm);
        if (userById == null) {
            throw new NotFoundException("User not found");
        }
        UserRepresentation representation = ModelToRepresentation.toRepresentation(userById);
        if (this.realm.isIdentityFederationEnabled()) {
            representation.setFederatedIdentities(getFederatedIdentities(userById));
        }
        if (((BruteForceProtector) this.session.getProvider(BruteForceProtector.class)).isTemporarilyDisabled(this.session, this.realm, userById)) {
            representation.setEnabled(false);
        }
        return representation;
    }

    @Path("{id}/impersonation")
    @NoCache
    @POST
    @Produces({"application/json"})
    public Map<String, Object> impersonate(@PathParam("id") String str) {
        this.auth.init(RealmAuth.Resource.IMPERSONATION);
        this.auth.requireManage();
        UserModel userById = this.session.users().getUserById(str, this.realm);
        if (userById == null) {
            throw new NotFoundException("User not found");
        }
        RealmModel realm = this.auth.getAuth().getRealm();
        boolean z = false;
        if (realm.getId().equals(this.realm.getId())) {
            z = true;
            UserSessionModel userSession = this.session.sessions().getUserSession(realm, this.auth.getAuth().getToken().getSessionState());
            AuthenticationManager.expireIdentityCookie(this.realm, this.uriInfo, this.clientConnection);
            AuthenticationManager.expireRememberMeCookie(this.realm, this.uriInfo, this.clientConnection);
            AuthenticationManager.backchannelLogout(this.session, realm, userSession, this.uriInfo, this.clientConnection, this.headers, true);
        }
        EventBuilder eventBuilder = new EventBuilder(this.realm, this.session, this.clientConnection);
        UserSessionModel createUserSession = this.session.sessions().createUserSession(this.realm, userById, userById.getUsername(), this.clientConnection.getRemoteAddr(), "impersonate", false, null, null);
        AuthenticationManager.createLoginCookie(this.session, this.realm, createUserSession.getUser(), createUserSession, this.uriInfo, this.clientConnection);
        URI build = AccountService.accountServiceApplicationPage(this.uriInfo).build(this.realm.getName());
        HashMap hashMap = new HashMap();
        hashMap.put("sameRealm", Boolean.valueOf(z));
        hashMap.put("redirect", build.toString());
        eventBuilder.event(EventType.IMPERSONATE).session(createUserSession).user(userById).detail(Details.IMPERSONATOR_REALM, realm.getName()).detail(Details.IMPERSONATOR, this.auth.getAuth().getUser().getUsername()).success();
        return hashMap;
    }

    @GET
    @Path("{id}/sessions")
    @NoCache
    @Produces({"application/json"})
    public List<UserSessionRepresentation> getSessions(@PathParam("id") String str) {
        this.auth.requireView();
        UserModel userById = this.session.users().getUserById(str, this.realm);
        if (userById == null) {
            throw new NotFoundException("User not found");
        }
        List<UserSessionModel> userSessions = this.session.sessions().getUserSessions(this.realm, userById);
        ArrayList arrayList = new ArrayList();
        Iterator<UserSessionModel> it = userSessions.iterator();
        while (it.hasNext()) {
            arrayList.add(ModelToRepresentation.toRepresentation(it.next()));
        }
        return arrayList;
    }

    @GET
    @Path("{id}/offline-sessions/{clientId}")
    @NoCache
    @Produces({"application/json"})
    public List<UserSessionRepresentation> getSessions(@PathParam("id") String str, @PathParam("clientId") String str2) {
        this.auth.requireView();
        UserModel userById = this.session.users().getUserById(str, this.realm);
        if (userById == null) {
            throw new NotFoundException("User not found");
        }
        ClientModel clientById = this.realm.getClientById(str2);
        if (clientById == null) {
            throw new NotFoundException("Client not found");
        }
        List<UserSessionModel> findOfflineSessions = new UserSessionManager(this.session).findOfflineSessions(this.realm, clientById, userById);
        ArrayList arrayList = new ArrayList();
        for (UserSessionModel userSessionModel : findOfflineSessions) {
            UserSessionRepresentation representation = ModelToRepresentation.toRepresentation(userSessionModel);
            Iterator<ClientSessionModel> it = userSessionModel.getClientSessions().iterator();
            while (true) {
                if (it.hasNext()) {
                    ClientSessionModel next = it.next();
                    if (str2.equals(next.getClient().getId())) {
                        representation.setLastAccess(Time.toMillis(next.getTimestamp()));
                        break;
                    }
                }
            }
            arrayList.add(representation);
        }
        return arrayList;
    }

    @GET
    @Path("{id}/federated-identity")
    @NoCache
    @Produces({"application/json"})
    public List<FederatedIdentityRepresentation> getFederatedIdentity(@PathParam("id") String str) {
        this.auth.requireView();
        UserModel userById = this.session.users().getUserById(str, this.realm);
        if (userById == null) {
            throw new NotFoundException("User not found");
        }
        return getFederatedIdentities(userById);
    }

    private List<FederatedIdentityRepresentation> getFederatedIdentities(UserModel userModel) {
        Set<FederatedIdentityModel> federatedIdentities = this.session.users().getFederatedIdentities(userModel, this.realm);
        ArrayList arrayList = new ArrayList();
        for (FederatedIdentityModel federatedIdentityModel : federatedIdentities) {
            Iterator<IdentityProviderModel> it = this.realm.getIdentityProviders().iterator();
            while (it.hasNext()) {
                if (it.next().getAlias().equals(federatedIdentityModel.getIdentityProvider())) {
                    arrayList.add(ModelToRepresentation.toRepresentation(federatedIdentityModel));
                }
            }
        }
        return arrayList;
    }

    @POST
    @Path("{id}/federated-identity/{provider}")
    @NoCache
    public Response addFederatedIdentity(@PathParam("id") String str, @PathParam("provider") String str2, FederatedIdentityRepresentation federatedIdentityRepresentation) {
        this.auth.requireManage();
        UserModel userById = this.session.users().getUserById(str, this.realm);
        if (userById == null) {
            throw new NotFoundException("User not found");
        }
        if (this.session.users().getFederatedIdentity(userById, str2, this.realm) != null) {
            return ErrorResponse.exists("User is already linked with provider");
        }
        this.session.users().addFederatedIdentity(this.realm, userById, new FederatedIdentityModel(str2, federatedIdentityRepresentation.getUserId(), federatedIdentityRepresentation.getUserName()));
        this.adminEvent.operation(OperationType.CREATE).resourcePath(this.uriInfo).representation(federatedIdentityRepresentation).success();
        return Response.noContent().build();
    }

    @Path("{id}/federated-identity/{provider}")
    @NoCache
    @DELETE
    public void removeFederatedIdentity(@PathParam("id") String str, @PathParam("provider") String str2) {
        this.auth.requireManage();
        UserModel userById = this.session.users().getUserById(str, this.realm);
        if (userById == null) {
            throw new NotFoundException("User not found");
        }
        if (!this.session.users().removeFederatedIdentity(this.realm, userById, str2)) {
            throw new NotFoundException("Link not found");
        }
        this.adminEvent.operation(OperationType.DELETE).resourcePath(this.uriInfo).success();
    }

    @GET
    @Path("{id}/consents")
    @NoCache
    @Produces({"application/json"})
    public List<Map<String, Object>> getConsents(@PathParam("id") String str) {
        this.auth.requireView();
        UserModel userById = this.session.users().getUserById(str, this.realm);
        if (userById == null) {
            throw new NotFoundException("User not found");
        }
        LinkedList linkedList = new LinkedList();
        Set<ClientModel> findClientsWithOfflineToken = new UserSessionManager(this.session).findClientsWithOfflineToken(this.realm, userById);
        for (ClientModel clientModel : this.realm.getClients()) {
            UserConsentModel consentByClient = this.session.users().getConsentByClient(this.realm, userById, clientModel.getId());
            boolean contains = findClientsWithOfflineToken.contains(clientModel);
            if (consentByClient != null || contains) {
                UserConsentRepresentation representation = consentByClient == null ? null : ModelToRepresentation.toRepresentation(consentByClient);
                HashMap hashMap = new HashMap();
                hashMap.put(ServiceAccountConstants.CLIENT_ID, clientModel.getClientId());
                hashMap.put("grantedProtocolMappers", representation == null ? Collections.emptyMap() : representation.getGrantedProtocolMappers());
                hashMap.put("grantedRealmRoles", representation == null ? Collections.emptyList() : representation.getGrantedRealmRoles());
                hashMap.put("grantedClientRoles", representation == null ? Collections.emptyMap() : representation.getGrantedClientRoles());
                LinkedList linkedList2 = new LinkedList();
                if (contains) {
                    HashMap hashMap2 = new HashMap();
                    hashMap2.put("client", clientModel.getId());
                    hashMap2.put("key", "Offline Token");
                    linkedList2.add(hashMap2);
                }
                hashMap.put("additionalGrants", linkedList2);
                linkedList.add(hashMap);
            }
        }
        return linkedList;
    }

    @Path("{id}/consents/{client}")
    @NoCache
    @DELETE
    public void revokeConsent(@PathParam("id") String str, @PathParam("client") String str2) {
        this.auth.requireManage();
        UserModel userById = this.session.users().getUserById(str, this.realm);
        if (userById == null) {
            throw new NotFoundException("User not found");
        }
        ClientModel clientByClientId = this.realm.getClientByClientId(str2);
        boolean revokeConsentForClient = this.session.users().revokeConsentForClient(this.realm, userById, clientByClientId.getId());
        boolean revokeOfflineToken = new UserSessionManager(this.session).revokeOfflineToken(userById, clientByClientId);
        if (revokeConsentForClient) {
            AuthenticationManager.backchannelUserFromClient(this.session, this.realm, userById, clientByClientId, this.uriInfo, this.headers);
        }
        if (!revokeConsentForClient && !revokeOfflineToken) {
            throw new NotFoundException("Consent nor offline token not found");
        }
        this.adminEvent.operation(OperationType.ACTION).resourcePath(this.uriInfo).success();
    }

    @POST
    @Path("{id}/logout")
    public void logout(@PathParam("id") String str) {
        this.auth.requireManage();
        UserModel userById = this.session.users().getUserById(str, this.realm);
        if (userById == null) {
            throw new NotFoundException("User not found");
        }
        Iterator<UserSessionModel> it = this.session.sessions().getUserSessions(this.realm, userById).iterator();
        while (it.hasNext()) {
            AuthenticationManager.backchannelLogout(this.session, this.realm, it.next(), this.uriInfo, this.clientConnection, this.headers, true);
        }
        this.adminEvent.operation(OperationType.ACTION).resourcePath(this.uriInfo).success();
    }

    @Path("{id}")
    @NoCache
    @DELETE
    public Response deleteUser(@PathParam("id") String str) {
        this.auth.requireManage();
        UserModel userById = this.session.users().getUserById(str, this.realm);
        if (userById == null) {
            throw new NotFoundException("User not found");
        }
        if (!new UserManager(this.session).removeUser(this.realm, userById)) {
            return ErrorResponse.error("User couldn't be deleted", Response.Status.BAD_REQUEST);
        }
        this.adminEvent.operation(OperationType.DELETE).resourcePath(this.uriInfo).success();
        return Response.noContent().build();
    }

    @GET
    @Produces({"application/json"})
    @NoCache
    public List<UserRepresentation> getUsers(@QueryParam("search") String str, @QueryParam("lastName") String str2, @QueryParam("firstName") String str3, @QueryParam("email") String str4, @QueryParam("username") String str5, @QueryParam("first") Integer num, @QueryParam("max") Integer num2) {
        List<UserModel> searchForUserByAttributes;
        this.auth.requireView();
        Integer valueOf = Integer.valueOf(num != null ? num.intValue() : -1);
        Integer valueOf2 = Integer.valueOf(num2 != null ? num2.intValue() : -1);
        ArrayList arrayList = new ArrayList();
        if (str != null) {
            searchForUserByAttributes = this.session.users().searchForUser(str.trim(), this.realm, valueOf.intValue(), valueOf2.intValue());
        } else if (str2 == null && str3 == null && str4 == null && str5 == null) {
            searchForUserByAttributes = this.session.users().getUsers(this.realm, valueOf.intValue(), valueOf2.intValue(), false);
        } else {
            HashMap hashMap = new HashMap();
            if (str2 != null) {
                hashMap.put("lastName", str2);
            }
            if (str3 != null) {
                hashMap.put("firstName", str3);
            }
            if (str4 != null) {
                hashMap.put("email", str4);
            }
            if (str5 != null) {
                hashMap.put("username", str5);
            }
            searchForUserByAttributes = this.session.users().searchForUserByAttributes(hashMap, this.realm, valueOf.intValue(), valueOf2.intValue());
        }
        Iterator<UserModel> it = searchForUserByAttributes.iterator();
        while (it.hasNext()) {
            arrayList.add(ModelToRepresentation.toRepresentation(it.next()));
        }
        return arrayList;
    }

    @GET
    @Path("count")
    @NoCache
    @Produces({"application/json"})
    public Integer getUsersCount() {
        this.auth.requireView();
        return Integer.valueOf(this.session.users().getUsersCount(this.realm));
    }

    @Path("{id}/role-mappings")
    public RoleMapperResource getRoleMappings(@PathParam("id") String str) {
        this.auth.init(RealmAuth.Resource.USER);
        RoleMapperResource roleMapperResource = new RoleMapperResource(this.realm, this.auth, this.session.users().getUserById(str, this.realm), this.adminEvent);
        ResteasyProviderFactory.getInstance().injectProperties(roleMapperResource);
        return roleMapperResource;
    }

    @Path("{id}/reset-password")
    @PUT
    @Consumes({"application/json"})
    public void resetPassword(@PathParam("id") String str, CredentialRepresentation credentialRepresentation) {
        this.auth.requireManage();
        UserModel userById = this.session.users().getUserById(str, this.realm);
        if (userById == null) {
            throw new NotFoundException("User not found");
        }
        if (credentialRepresentation == null || credentialRepresentation.getValue() == null || !"password".equals(credentialRepresentation.getType())) {
            throw new BadRequestException("No password provided");
        }
        if (Validation.isBlank(credentialRepresentation.getValue())) {
            throw new BadRequestException("Empty password not allowed");
        }
        try {
            this.session.users().updateCredential(this.realm, userById, RepresentationToModel.convertCredential(credentialRepresentation));
            if (credentialRepresentation.isTemporary() != null && credentialRepresentation.isTemporary().booleanValue()) {
                userById.addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
            }
            this.adminEvent.operation(OperationType.ACTION).resourcePath(this.uriInfo).success();
        } catch (IllegalStateException e) {
            throw new BadRequestException("Resetting to N old passwords is not allowed.");
        } catch (ModelReadOnlyException e2) {
            throw new BadRequestException("Can't reset password as account is read only");
        } catch (ModelException e3) {
            throw new ErrorResponseException(e3.getMessage(), MessageFormat.format(AdminRoot.getMessages(this.session, this.realm, this.auth.getAuth().getToken().getLocale()).getProperty(e3.getMessage(), e3.getMessage()), e3.getParameters()), Response.Status.BAD_REQUEST);
        }
    }

    @Path("{id}/remove-totp")
    @PUT
    @Consumes({"application/json"})
    public void removeTotp(@PathParam("id") String str) {
        this.auth.requireManage();
        UserModel userById = this.session.users().getUserById(str, this.realm);
        if (userById == null) {
            throw new NotFoundException("User not found");
        }
        userById.setOtpEnabled(false);
        this.adminEvent.operation(OperationType.ACTION).resourcePath(this.uriInfo).success();
    }

    @Path("{id}/reset-password-email")
    @Consumes({"application/json"})
    @Deprecated
    @PUT
    public Response resetPasswordEmail(@PathParam("id") String str, @QueryParam("redirect_uri") String str2, @QueryParam("client_id") String str3) {
        LinkedList linkedList = new LinkedList();
        linkedList.add(UserModel.RequiredAction.UPDATE_PASSWORD.name());
        return executeActionsEmail(str, str2, str3, linkedList);
    }

    @Path("{id}/execute-actions-email")
    @PUT
    @Consumes({"application/json"})
    public Response executeActionsEmail(@PathParam("id") String str, @QueryParam("redirect_uri") String str2, @QueryParam("client_id") String str3, List<String> list) {
        this.auth.requireManage();
        UserModel userById = this.session.users().getUserById(str, this.realm);
        if (userById == null) {
            return ErrorResponse.error("User not found", Response.Status.NOT_FOUND);
        }
        if (userById.getEmail() == null) {
            return ErrorResponse.error("User email missing", Response.Status.BAD_REQUEST);
        }
        ClientSessionModel createClientSession = createClientSession(userById, str2, str3);
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            createClientSession.addRequiredAction(it.next());
        }
        ClientSessionCode clientSessionCode = new ClientSessionCode(this.realm, createClientSession);
        clientSessionCode.setAction(ClientSessionModel.Action.EXECUTE_ACTIONS.name());
        try {
            UriBuilder executeActionsBuilder = Urls.executeActionsBuilder(this.uriInfo.getBaseUri());
            executeActionsBuilder.queryParam("key", clientSessionCode.getCode());
            ((EmailTemplateProvider) this.session.getProvider(EmailTemplateProvider.class)).setRealm(this.realm).setUser(userById).sendExecuteActions(executeActionsBuilder.build(this.realm.getName()).toString(), TimeUnit.SECONDS.toMinutes(this.realm.getAccessCodeLifespanUserAction()));
            this.adminEvent.operation(OperationType.ACTION).resourcePath(this.uriInfo).success();
            return Response.ok().build();
        } catch (EmailException e) {
            logger.failedToSendActionsEmail(e);
            return ErrorResponse.error("Failed to send execute actions email", Response.Status.INTERNAL_SERVER_ERROR);
        }
    }

    @Path("{id}/send-verify-email")
    @PUT
    @Consumes({"application/json"})
    public Response sendVerifyEmail(@PathParam("id") String str, @QueryParam("redirect_uri") String str2, @QueryParam("client_id") String str3) {
        LinkedList linkedList = new LinkedList();
        linkedList.add(UserModel.RequiredAction.VERIFY_EMAIL.name());
        return executeActionsEmail(str, str2, str3, linkedList);
    }

    private ClientSessionModel createClientSession(UserModel userModel, String str, String str2) {
        String uri;
        if (!userModel.isEnabled()) {
            throw new WebApplicationException(ErrorResponse.error("User is disabled", Response.Status.BAD_REQUEST));
        }
        if (str != null && str2 == null) {
            throw new WebApplicationException(ErrorResponse.error("Client id missing", Response.Status.BAD_REQUEST));
        }
        if (str2 == null) {
            str2 = Constants.ACCOUNT_MANAGEMENT_CLIENT_ID;
        }
        ClientModel clientByClientId = this.realm.getClientByClientId(str2);
        if (clientByClientId == null || !clientByClientId.isEnabled()) {
            throw new WebApplicationException(ErrorResponse.error(str2 + " not enabled", Response.Status.BAD_REQUEST));
        }
        if (str != null) {
            uri = RedirectUtils.verifyRedirectUri(this.uriInfo, str, this.realm, clientByClientId);
            if (uri == null) {
                throw new WebApplicationException(ErrorResponse.error("Invalid redirect uri.", Response.Status.BAD_REQUEST));
            }
        } else {
            uri = Urls.accountBase(this.uriInfo.getBaseUri()).path("/").build(this.realm.getName()).toString();
        }
        UserSessionModel createUserSession = this.session.sessions().createUserSession(this.realm, userModel, userModel.getUsername(), this.clientConnection.getRemoteAddr(), "form", false, null, null);
        ClientSessionModel createClientSession = this.session.sessions().createClientSession(this.realm, clientByClientId);
        createClientSession.setAuthMethod("openid-connect");
        createClientSession.setRedirectUri(uri);
        createClientSession.setUserSession(createUserSession);
        return createClientSession;
    }

    @GET
    @Path("{id}/groups")
    @NoCache
    @Produces({"application/json"})
    public List<GroupRepresentation> groupMembership(@PathParam("id") String str) {
        this.auth.requireView();
        UserModel userById = this.session.users().getUserById(str, this.realm);
        if (userById == null) {
            throw new NotFoundException("User not found");
        }
        LinkedList linkedList = new LinkedList();
        Iterator<GroupModel> it = userById.getGroups().iterator();
        while (it.hasNext()) {
            linkedList.add(ModelToRepresentation.toRepresentation(it.next(), false));
        }
        return linkedList;
    }

    @Path("{id}/groups/{groupId}")
    @NoCache
    @DELETE
    public void removeMembership(@PathParam("id") String str, @PathParam("groupId") String str2) {
        this.auth.requireManage();
        UserModel userById = this.session.users().getUserById(str, this.realm);
        if (userById == null) {
            throw new NotFoundException("User not found");
        }
        GroupModel groupById = this.session.realms().getGroupById(str2, this.realm);
        if (groupById == null) {
            throw new NotFoundException("Group not found");
        }
        try {
            if (userById.isMemberOf(groupById)) {
                userById.leaveGroup(groupById);
                this.adminEvent.operation(OperationType.DELETE).representation(ModelToRepresentation.toRepresentation(groupById, true)).resourcePath(this.uriInfo).success();
            }
        } catch (ModelException e) {
            throw new ErrorResponseException(e.getMessage(), MessageFormat.format(AdminRoot.getMessages(this.session, this.realm, this.auth.getAuth().getToken().getLocale()).getProperty(e.getMessage(), e.getMessage()), e.getParameters()), Response.Status.BAD_REQUEST);
        }
    }

    @Path("{id}/groups/{groupId}")
    @NoCache
    @PUT
    public void joinGroup(@PathParam("id") String str, @PathParam("groupId") String str2) {
        this.auth.requireManage();
        UserModel userById = this.session.users().getUserById(str, this.realm);
        if (userById == null) {
            throw new NotFoundException("User not found");
        }
        GroupModel groupById = this.session.realms().getGroupById(str2, this.realm);
        if (groupById == null) {
            throw new NotFoundException("Group not found");
        }
        if (userById.isMemberOf(groupById)) {
            return;
        }
        userById.joinGroup(groupById);
        this.adminEvent.operation(OperationType.CREATE).representation(ModelToRepresentation.toRepresentation(groupById, true)).resourcePath(this.uriInfo).success();
    }
}
