package org.keycloak.services.resources.admin;

import java.net.URI;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriInfo;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.BadRequestException;
import org.jboss.resteasy.spi.NotFoundException;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.authentication.RequiredActionProvider;
import org.keycloak.authentication.actiontoken.execactions.ExecuteActionsActionToken;
import org.keycloak.authentication.authenticators.resetcred.ResetPassword;
import org.keycloak.common.ClientConnection;
import org.keycloak.common.Profile;
import org.keycloak.common.util.Time;
import org.keycloak.email.EmailException;
import org.keycloak.email.EmailTemplateProvider;
import org.keycloak.events.EventBuilder;
import org.keycloak.events.EventType;
import org.keycloak.events.admin.OperationType;
import org.keycloak.events.admin.ResourceType;
import org.keycloak.models.ClientModel;
import org.keycloak.models.FederatedIdentityModel;
import org.keycloak.models.GroupModel;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.ImpersonationSessionNote;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.ModelException;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserConsentModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserLoginFailureModel;
import org.keycloak.models.UserManager;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.protocol.oidc.OIDCLoginProtocolFactory;
import org.keycloak.protocol.oidc.utils.RedirectUtils;
import org.keycloak.provider.ProviderFactory;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.FederatedIdentityRepresentation;
import org.keycloak.representations.idm.GroupRepresentation;
import org.keycloak.representations.idm.UserConsentRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.idm.UserSessionRepresentation;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.ErrorResponseException;
import org.keycloak.services.ForbiddenException;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.BruteForceProtector;
import org.keycloak.services.managers.UserSessionManager;
import org.keycloak.services.resources.LoginActionsService;
import org.keycloak.services.resources.account.AccountFormService;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import org.keycloak.services.validation.Validation;
import org.keycloak.social.stackoverflow.StackoverflowIdentityProvider;
import org.keycloak.storage.ReadOnlyException;
import org.keycloak.utils.MediaType;
import org.keycloak.utils.ProfileHelper;

/* loaded from: input_file:org/keycloak/services/resources/admin/UserResource.class */
public class UserResource {
    private static final Logger logger = Logger.getLogger(UserResource.class);
    protected RealmModel realm;
    private AdminPermissionEvaluator auth;
    private AdminEventBuilder adminEvent;
    private UserModel user;

    @Context
    protected ClientConnection clientConnection;

    @Context
    protected KeycloakSession session;

    @Context
    protected HttpHeaders headers;

    public UserResource(RealmModel realmModel, UserModel userModel, AdminPermissionEvaluator adminPermissionEvaluator, AdminEventBuilder adminEventBuilder) {
        this.auth = adminPermissionEvaluator;
        this.realm = realmModel;
        this.user = userModel;
        this.adminEvent = adminEventBuilder.resource(ResourceType.USER);
    }

    @PUT
    @Consumes({MediaType.APPLICATION_JSON})
    public Response updateUser(UserRepresentation userRepresentation) {
        Set emptySet;
        UserLoginFailureModel userLoginFailure;
        this.auth.users().requireManage(this.user);
        try {
            if (userRepresentation.getAttributes() != null) {
                emptySet = new HashSet(this.user.getAttributes().keySet());
                emptySet.removeAll(userRepresentation.getAttributes().keySet());
            } else {
                emptySet = Collections.emptySet();
            }
            if (userRepresentation.isEnabled() != null && userRepresentation.isEnabled().booleanValue() && (userLoginFailure = this.session.sessions().getUserLoginFailure(this.realm, this.user.getId())) != null) {
                userLoginFailure.clearFailures();
            }
            updateUserFromRep(this.user, userRepresentation, emptySet, this.realm, this.session, true);
            RepresentationToModel.createCredentials(userRepresentation, this.session, this.realm, this.user, true);
            this.adminEvent.operation(OperationType.UPDATE).resourcePath((UriInfo) this.session.getContext().getUri()).representation(userRepresentation).success();
            if (this.session.getTransactionManager().isActive()) {
                this.session.getTransactionManager().commit();
            }
            return Response.noContent().build();
        } catch (ModelDuplicateException e) {
            return ErrorResponse.exists("User exists with same username or email");
        } catch (Exception e2) {
            logger.warn("Could not update user!", e2);
            return ErrorResponse.exists("Could not update user!");
        } catch (ReadOnlyException e3) {
            return ErrorResponse.exists("User is read only!");
        } catch (ForbiddenException e4) {
            throw e4;
        } catch (ModelException e5) {
            logger.warn("Could not update user!", e5);
            return ErrorResponse.exists("Could not update user!");
        }
    }

    public static void updateUserFromRep(UserModel userModel, UserRepresentation userRepresentation, Set<String> set, RealmModel realmModel, KeycloakSession keycloakSession, boolean z) {
        if (userRepresentation.getUsername() != null && realmModel.isEditUsernameAllowed()) {
            userModel.setUsername(userRepresentation.getUsername());
        }
        if (userRepresentation.getEmail() != null) {
            userModel.setEmail(userRepresentation.getEmail());
        }
        if (userRepresentation.getEmail() == StackoverflowIdentityProvider.DEFAULT_SCOPE) {
            userModel.setEmail((String) null);
        }
        if (userRepresentation.getFirstName() != null) {
            userModel.setFirstName(userRepresentation.getFirstName());
        }
        if (userRepresentation.getLastName() != null) {
            userModel.setLastName(userRepresentation.getLastName());
        }
        if (userRepresentation.isEnabled() != null) {
            userModel.setEnabled(userRepresentation.isEnabled().booleanValue());
        }
        if (userRepresentation.isEmailVerified() != null) {
            userModel.setEmailVerified(userRepresentation.isEmailVerified().booleanValue());
        }
        if (userRepresentation.getFederationLink() != null) {
            userModel.setFederationLink(userRepresentation.getFederationLink());
        }
        List requiredActions = userRepresentation.getRequiredActions();
        if (requiredActions != null) {
            HashSet<String> hashSet = new HashSet();
            Iterator it = keycloakSession.getKeycloakSessionFactory().getProviderFactories(RequiredActionProvider.class).iterator();
            while (it.hasNext()) {
                hashSet.add(((ProviderFactory) it.next()).getId());
            }
            for (String str : hashSet) {
                if (requiredActions.contains(str)) {
                    userModel.addRequiredAction(str);
                } else if (z) {
                    userModel.removeRequiredAction(str);
                }
            }
        }
        if (userRepresentation.getAttributes() != null) {
            for (Map.Entry entry : userRepresentation.getAttributes().entrySet()) {
                userModel.setAttribute((String) entry.getKey(), (List) entry.getValue());
            }
            Iterator<String> it2 = set.iterator();
            while (it2.hasNext()) {
                userModel.removeAttribute(it2.next());
            }
        }
    }

    @GET
    @Produces({MediaType.APPLICATION_JSON})
    @NoCache
    public UserRepresentation getUser() {
        this.auth.users().requireView(this.user);
        UserRepresentation representation = ModelToRepresentation.toRepresentation(this.session, this.realm, this.user);
        if (this.realm.isIdentityFederationEnabled()) {
            representation.setFederatedIdentities(getFederatedIdentities(this.user));
        }
        if (this.session.getProvider(BruteForceProtector.class).isTemporarilyDisabled(this.session, this.realm, this.user)) {
            representation.setEnabled(false);
        }
        representation.setAccess(this.auth.users().getAccess(this.user));
        return representation;
    }

    @Path("impersonation")
    @NoCache
    @POST
    @Produces({MediaType.APPLICATION_JSON})
    public Map<String, Object> impersonate() {
        ProfileHelper.requireFeature(Profile.Feature.IMPERSONATION);
        this.auth.users().requireImpersonate(this.user);
        RealmModel realm = this.auth.adminAuth().getRealm();
        boolean z = false;
        if (realm.getId().equals(this.realm.getId())) {
            z = true;
            UserSessionModel userSession = this.session.sessions().getUserSession(realm, this.auth.adminAuth().getToken().getSessionState());
            AuthenticationManager.expireIdentityCookie(this.realm, this.session.getContext().getUri(), this.clientConnection);
            AuthenticationManager.expireRememberMeCookie(this.realm, this.session.getContext().getUri(), this.clientConnection);
            AuthenticationManager.backchannelLogout(this.session, realm, userSession, this.session.getContext().getUri(), this.clientConnection, this.headers, true);
        }
        EventBuilder eventBuilder = new EventBuilder(this.realm, this.session, this.clientConnection);
        UserSessionModel createUserSession = this.session.sessions().createUserSession(this.realm, this.user, this.user.getUsername(), this.clientConnection.getRemoteAddr(), "impersonate", false, (String) null, (String) null);
        UserModel user = this.auth.adminAuth().getUser();
        String id = user.getId();
        String username = user.getUsername();
        createUserSession.setNote(ImpersonationSessionNote.IMPERSONATOR_ID.toString(), id);
        createUserSession.setNote(ImpersonationSessionNote.IMPERSONATOR_USERNAME.toString(), username);
        AuthenticationManager.createLoginCookie(this.session, this.realm, createUserSession.getUser(), createUserSession, this.session.getContext().getUri(), this.clientConnection);
        URI build = AccountFormService.accountServiceApplicationPage(this.session.getContext().getUri()).build(new Object[]{this.realm.getName()});
        HashMap hashMap = new HashMap();
        hashMap.put("sameRealm", Boolean.valueOf(z));
        hashMap.put("redirect", build.toString());
        eventBuilder.event(EventType.IMPERSONATE).session(createUserSession).user(this.user).detail("impersonator_realm", realm.getName()).detail("impersonator", username).success();
        return hashMap;
    }

    @GET
    @Path("sessions")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public List<UserSessionRepresentation> getSessions() {
        this.auth.users().requireView(this.user);
        List userSessions = this.session.sessions().getUserSessions(this.realm, this.user);
        ArrayList arrayList = new ArrayList();
        Iterator it = userSessions.iterator();
        while (it.hasNext()) {
            arrayList.add(ModelToRepresentation.toRepresentation((UserSessionModel) it.next()));
        }
        return arrayList;
    }

    @GET
    @Path("offline-sessions/{clientId}")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public List<UserSessionRepresentation> getOfflineSessions(@PathParam("clientId") String str) {
        this.auth.users().requireView(this.user);
        if (this.realm.getClientById(str) == null) {
            throw new NotFoundException("Client not found");
        }
        List<UserSessionModel> findOfflineSessions = new UserSessionManager(this.session).findOfflineSessions(this.realm, this.user);
        ArrayList arrayList = new ArrayList();
        for (UserSessionModel userSessionModel : findOfflineSessions) {
            UserSessionRepresentation representation = ModelToRepresentation.toRepresentation(userSessionModel);
            if (userSessionModel.getAuthenticatedClientSessionByClient(str) != null) {
                representation.setLastAccess(r0.getTimestamp());
                arrayList.add(representation);
            }
        }
        return arrayList;
    }

    @GET
    @Path("federated-identity")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public List<FederatedIdentityRepresentation> getFederatedIdentity() {
        this.auth.users().requireView(this.user);
        return getFederatedIdentities(this.user);
    }

    private List<FederatedIdentityRepresentation> getFederatedIdentities(UserModel userModel) {
        Set<FederatedIdentityModel> federatedIdentities = this.session.users().getFederatedIdentities(userModel, this.realm);
        ArrayList arrayList = new ArrayList();
        for (FederatedIdentityModel federatedIdentityModel : federatedIdentities) {
            Iterator it = this.realm.getIdentityProviders().iterator();
            while (it.hasNext()) {
                if (((IdentityProviderModel) it.next()).getAlias().equals(federatedIdentityModel.getIdentityProvider())) {
                    arrayList.add(ModelToRepresentation.toRepresentation(federatedIdentityModel));
                }
            }
        }
        return arrayList;
    }

    @POST
    @Path("federated-identity/{provider}")
    @NoCache
    public Response addFederatedIdentity(@PathParam("provider") String str, FederatedIdentityRepresentation federatedIdentityRepresentation) {
        this.auth.users().requireManage(this.user);
        if (this.session.users().getFederatedIdentity(this.user, str, this.realm) != null) {
            return ErrorResponse.exists("User is already linked with provider");
        }
        this.session.users().addFederatedIdentity(this.realm, this.user, new FederatedIdentityModel(str, federatedIdentityRepresentation.getUserId(), federatedIdentityRepresentation.getUserName()));
        this.adminEvent.operation(OperationType.CREATE).resourcePath((UriInfo) this.session.getContext().getUri()).representation(federatedIdentityRepresentation).success();
        return Response.noContent().build();
    }

    @Path("federated-identity/{provider}")
    @NoCache
    @DELETE
    public void removeFederatedIdentity(@PathParam("provider") String str) {
        this.auth.users().requireManage(this.user);
        if (!this.session.users().removeFederatedIdentity(this.realm, this.user, str)) {
            throw new NotFoundException("Link not found");
        }
        this.adminEvent.operation(OperationType.DELETE).resourcePath((UriInfo) this.session.getContext().getUri()).success();
    }

    @GET
    @Path("consents")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public List<Map<String, Object>> getConsents() {
        this.auth.users().requireView(this.user);
        LinkedList linkedList = new LinkedList();
        Set<ClientModel> findClientsWithOfflineToken = new UserSessionManager(this.session).findClientsWithOfflineToken(this.realm, this.user);
        for (ClientModel clientModel : this.realm.getClients()) {
            UserConsentModel consentByClient = this.session.users().getConsentByClient(this.realm, this.user.getId(), clientModel.getId());
            boolean contains = findClientsWithOfflineToken.contains(clientModel);
            if (consentByClient != null || contains) {
                UserConsentRepresentation representation = consentByClient == null ? null : ModelToRepresentation.toRepresentation(consentByClient);
                HashMap hashMap = new HashMap();
                hashMap.put("clientId", clientModel.getClientId());
                hashMap.put("grantedClientScopes", representation == null ? Collections.emptyList() : representation.getGrantedClientScopes());
                hashMap.put("createdDate", representation == null ? null : representation.getCreatedDate());
                hashMap.put("lastUpdatedDate", representation == null ? null : representation.getLastUpdatedDate());
                LinkedList linkedList2 = new LinkedList();
                if (contains) {
                    HashMap hashMap2 = new HashMap();
                    hashMap2.put("client", clientModel.getId());
                    hashMap2.put("key", "Offline Token");
                    linkedList2.add(hashMap2);
                }
                hashMap.put("additionalGrants", linkedList2);
                linkedList.add(hashMap);
            }
        }
        return linkedList;
    }

    @Path("consents/{client}")
    @NoCache
    @DELETE
    public void revokeConsent(@PathParam("client") String str) {
        this.auth.users().requireManage(this.user);
        ClientModel clientByClientId = this.realm.getClientByClientId(str);
        if (clientByClientId == null) {
            throw new NotFoundException("Client not found");
        }
        boolean revokeConsentForClient = this.session.users().revokeConsentForClient(this.realm, this.user.getId(), clientByClientId.getId());
        boolean revokeOfflineToken = new UserSessionManager(this.session).revokeOfflineToken(this.user, clientByClientId);
        if (revokeConsentForClient) {
            AuthenticationManager.backchannelLogoutUserFromClient(this.session, this.realm, this.user, clientByClientId, this.session.getContext().getUri(), this.headers);
        }
        if (!revokeConsentForClient && !revokeOfflineToken) {
            throw new NotFoundException("Consent nor offline token not found");
        }
        this.adminEvent.operation(OperationType.ACTION).resourcePath((UriInfo) this.session.getContext().getUri()).success();
    }

    @POST
    @Path("logout")
    public void logout() {
        this.auth.users().requireManage(this.user);
        this.session.users().setNotBeforeForUser(this.realm, this.user, Time.currentTime());
        Iterator it = this.session.sessions().getUserSessions(this.realm, this.user).iterator();
        while (it.hasNext()) {
            AuthenticationManager.backchannelLogout(this.session, this.realm, (UserSessionModel) it.next(), this.session.getContext().getUri(), this.clientConnection, this.headers, true);
        }
        this.adminEvent.operation(OperationType.ACTION).resourcePath((UriInfo) this.session.getContext().getUri()).success();
    }

    @NoCache
    @DELETE
    public Response deleteUser() {
        this.auth.users().requireManage(this.user);
        if (!new UserManager(this.session).removeUser(this.realm, this.user)) {
            return ErrorResponse.error("User couldn't be deleted", Response.Status.BAD_REQUEST);
        }
        this.adminEvent.operation(OperationType.DELETE).resourcePath((UriInfo) this.session.getContext().getUri()).success();
        return Response.noContent().build();
    }

    @Path("role-mappings")
    public RoleMapperResource getRoleMappings() {
        RoleMapperResource roleMapperResource = new RoleMapperResource(this.realm, this.auth, this.user, this.adminEvent, () -> {
            this.auth.users().requireMapRoles(this.user);
        }, () -> {
            this.auth.users().requireView(this.user);
        });
        ResteasyProviderFactory.getInstance().injectProperties(roleMapperResource);
        return roleMapperResource;
    }

    @Path("disable-credential-types")
    @PUT
    @Consumes({MediaType.APPLICATION_JSON})
    public void disableCredentialType(List<String> list) {
        this.auth.users().requireManage(this.user);
        if (list == null) {
            return;
        }
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            this.session.userCredentialManager().disableCredentialType(this.realm, this.user, it.next());
        }
    }

    @Path(ResetPassword.PROVIDER_ID)
    @PUT
    @Consumes({MediaType.APPLICATION_JSON})
    public void resetPassword(CredentialRepresentation credentialRepresentation) {
        this.auth.users().requireManage(this.user);
        if (credentialRepresentation == null || credentialRepresentation.getValue() == null || !"password".equals(credentialRepresentation.getType())) {
            throw new BadRequestException("No password provided");
        }
        if (Validation.isBlank(credentialRepresentation.getValue())) {
            throw new BadRequestException("Empty password not allowed");
        }
        try {
            this.session.userCredentialManager().updateCredential(this.realm, this.user, UserCredentialModel.password(credentialRepresentation.getValue(), true));
            if (credentialRepresentation.isTemporary() != null && credentialRepresentation.isTemporary().booleanValue()) {
                this.user.addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
            }
            this.adminEvent.operation(OperationType.ACTION).resourcePath((UriInfo) this.session.getContext().getUri()).success();
        } catch (IllegalStateException e) {
            throw new BadRequestException("Resetting to N old passwords is not allowed.");
        } catch (ReadOnlyException e2) {
            throw new BadRequestException("Can't reset password as account is read only");
        } catch (ModelException e3) {
            throw new ErrorResponseException(e3.getMessage(), MessageFormat.format(AdminRoot.getMessages(this.session, this.realm, this.auth.adminAuth().getToken().getLocale()).getProperty(e3.getMessage(), e3.getMessage()), e3.getParameters()), Response.Status.BAD_REQUEST);
        }
    }

    @Path("remove-totp")
    @PUT
    @Consumes({MediaType.APPLICATION_JSON})
    public void removeTotp() {
        this.auth.users().requireManage(this.user);
        this.session.userCredentialManager().disableCredentialType(this.realm, this.user, "otp");
        this.adminEvent.operation(OperationType.ACTION).resourcePath((UriInfo) this.session.getContext().getUri()).success();
    }

    @Path("reset-password-email")
    @Consumes({MediaType.APPLICATION_JSON})
    @Deprecated
    @PUT
    public Response resetPasswordEmail(@QueryParam("redirect_uri") String str, @QueryParam("client_id") String str2) {
        LinkedList linkedList = new LinkedList();
        linkedList.add(UserModel.RequiredAction.UPDATE_PASSWORD.name());
        return executeActionsEmail(str, str2, null, linkedList);
    }

    @Path("execute-actions-email")
    @PUT
    @Consumes({MediaType.APPLICATION_JSON})
    public Response executeActionsEmail(@QueryParam("redirect_uri") String str, @QueryParam("client_id") String str2, @QueryParam("lifespan") Integer num, List<String> list) {
        this.auth.users().requireManage(this.user);
        if (this.user.getEmail() == null) {
            return ErrorResponse.error("User email missing", Response.Status.BAD_REQUEST);
        }
        if (!this.user.isEnabled()) {
            throw new WebApplicationException(ErrorResponse.error("User is disabled", Response.Status.BAD_REQUEST));
        }
        if (str != null && str2 == null) {
            throw new WebApplicationException(ErrorResponse.error("Client id missing", Response.Status.BAD_REQUEST));
        }
        if (str2 == null) {
            str2 = "account";
        }
        ClientModel clientByClientId = this.realm.getClientByClientId(str2);
        if (clientByClientId == null) {
            logger.debugf("Client %s doesn't exist", str2);
            throw new WebApplicationException(ErrorResponse.error("Client doesn't exist", Response.Status.BAD_REQUEST));
        }
        if (!clientByClientId.isEnabled()) {
            logger.debugf("Client %s is not enabled", str2);
            throw new WebApplicationException(ErrorResponse.error("Client is not enabled", Response.Status.BAD_REQUEST));
        }
        if (str != null && RedirectUtils.verifyRedirectUri(this.session.getContext().getUri(), str, this.realm, clientByClientId) == null) {
            throw new WebApplicationException(ErrorResponse.error("Invalid redirect uri.", Response.Status.BAD_REQUEST));
        }
        if (num == null) {
            num = Integer.valueOf(this.realm.getActionTokenGeneratedByAdminLifespan());
        }
        ExecuteActionsActionToken executeActionsActionToken = new ExecuteActionsActionToken(this.user.getId(), Time.currentTime() + num.intValue(), list, str, str2);
        try {
            UriBuilder actionTokenProcessor = LoginActionsService.actionTokenProcessor(this.session.getContext().getUri());
            actionTokenProcessor.queryParam("key", new Object[]{executeActionsActionToken.serialize(this.session, this.realm, this.session.getContext().getUri())});
            this.session.getProvider(EmailTemplateProvider.class).setAttribute("requiredActions", executeActionsActionToken.getRequiredActions()).setRealm(this.realm).setUser(this.user).sendExecuteActions(actionTokenProcessor.build(new Object[]{this.realm.getName()}).toString(), TimeUnit.SECONDS.toMinutes(num.intValue()));
            this.adminEvent.operation(OperationType.ACTION).resourcePath((UriInfo) this.session.getContext().getUri()).success();
            return Response.ok().build();
        } catch (EmailException e) {
            ServicesLogger.LOGGER.failedToSendActionsEmail(e);
            return ErrorResponse.error("Failed to send execute actions email", Response.Status.INTERNAL_SERVER_ERROR);
        }
    }

    @Path("send-verify-email")
    @PUT
    @Consumes({MediaType.APPLICATION_JSON})
    public Response sendVerifyEmail(@QueryParam("redirect_uri") String str, @QueryParam("client_id") String str2) {
        LinkedList linkedList = new LinkedList();
        linkedList.add(UserModel.RequiredAction.VERIFY_EMAIL.name());
        return executeActionsEmail(str, str2, null, linkedList);
    }

    @GET
    @Path(OIDCLoginProtocolFactory.GROUPS)
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public List<GroupRepresentation> groupMembership(@QueryParam("search") String str, @QueryParam("first") Integer num, @QueryParam("max") Integer num2) {
        this.auth.users().requireView(this.user);
        return (Objects.nonNull(str) && Objects.nonNull(num) && Objects.nonNull(num2)) ? ModelToRepresentation.searchForGroupByName(this.user, false, str.trim(), num, num2) : (Objects.nonNull(num) && Objects.nonNull(num2)) ? ModelToRepresentation.toGroupHierarchy(this.user, false, num, num2) : ModelToRepresentation.toGroupHierarchy(this.user, false);
    }

    @GET
    @NoCache
    @Path("groups/count")
    @Produces({MediaType.APPLICATION_JSON})
    public Map<String, Long> getGroupMembershipCount(@QueryParam("search") String str) {
        this.auth.users().requireView(this.user);
        Long valueOf = Objects.nonNull(str) ? Long.valueOf(this.user.getGroupsCountByNameContaining(str)) : Long.valueOf(this.user.getGroupsCount());
        HashMap hashMap = new HashMap();
        hashMap.put("count", valueOf);
        return hashMap;
    }

    @Path("groups/{groupId}")
    @NoCache
    @DELETE
    public void removeMembership(@PathParam("groupId") String str) {
        this.auth.users().requireManageGroupMembership(this.user);
        GroupModel groupById = this.session.realms().getGroupById(str, this.realm);
        if (groupById == null) {
            throw new NotFoundException("Group not found");
        }
        this.auth.groups().requireManageMembership(groupById);
        try {
            if (this.user.isMemberOf(groupById)) {
                this.user.leaveGroup(groupById);
                this.adminEvent.operation(OperationType.DELETE).resource(ResourceType.GROUP_MEMBERSHIP).representation(ModelToRepresentation.toRepresentation(groupById, true)).resourcePath((UriInfo) this.session.getContext().getUri()).success();
            }
        } catch (ModelException e) {
            throw new ErrorResponseException(e.getMessage(), MessageFormat.format(AdminRoot.getMessages(this.session, this.realm, this.auth.adminAuth().getToken().getLocale()).getProperty(e.getMessage(), e.getMessage()), e.getParameters()), Response.Status.BAD_REQUEST);
        }
    }

    @Path("groups/{groupId}")
    @NoCache
    @PUT
    public void joinGroup(@PathParam("groupId") String str) {
        this.auth.users().requireManageGroupMembership(this.user);
        GroupModel groupById = this.session.realms().getGroupById(str, this.realm);
        if (groupById == null) {
            throw new NotFoundException("Group not found");
        }
        this.auth.groups().requireManageMembership(groupById);
        if (this.user.isMemberOf(groupById)) {
            return;
        }
        this.user.joinGroup(groupById);
        this.adminEvent.operation(OperationType.CREATE).resource(ResourceType.GROUP_MEMBERSHIP).representation(ModelToRepresentation.toRepresentation(groupById, true)).resourcePath((UriInfo) this.session.getContext().getUri()).success();
    }
}
