package org.keycloak.services.resources.admin;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriInfo;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.BadRequestException;
import org.jboss.resteasy.spi.NotFoundException;
import org.keycloak.ClientConnection;
import org.keycloak.email.EmailException;
import org.keycloak.email.EmailProvider;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.Constants;
import org.keycloak.models.FederatedIdentityModel;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.ModelReadOnlyException;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.protocol.oidc.TokenManager;
import org.keycloak.protocol.oidc.utils.RedirectUtils;
import org.keycloak.representations.idm.ApplicationMappingsRepresentation;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.FederatedIdentityRepresentation;
import org.keycloak.representations.idm.MappingsRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.idm.UserSessionRepresentation;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.ClientSessionCode;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.managers.UserManager;
import org.keycloak.services.resources.admin.RealmAuth;
import org.keycloak.services.resources.flows.Flows;
import org.keycloak.services.resources.flows.Urls;
import org.picketlink.idm.model.basic.Group;

/* loaded from: input_file:WEB-INF/lib/keycloak-services-1.2.0.Beta1.jar:org/keycloak/services/resources/admin/UsersResource.class */
public class UsersResource {
    protected static final Logger logger = Logger.getLogger((Class<?>) UsersResource.class);
    protected RealmModel realm;
    private RealmAuth auth;
    private TokenManager tokenManager;

    @Context
    protected ClientConnection clientConnection;

    @Context
    protected UriInfo uriInfo;

    @Context
    protected KeycloakSession session;

    @Context
    protected HttpHeaders headers;

    public UsersResource(RealmModel realmModel, RealmAuth realmAuth, TokenManager tokenManager) {
        this.auth = realmAuth;
        this.realm = realmModel;
        this.tokenManager = tokenManager;
        realmAuth.init(RealmAuth.Resource.USER);
    }

    @Path("{username}")
    @PUT
    @Consumes({MediaType.APPLICATION_JSON})
    public Response updateUser(@PathParam("username") String str, UserRepresentation userRepresentation) {
        this.auth.requireManage();
        try {
            UserModel userByUsername = this.session.users().getUserByUsername(str, this.realm);
            if (userByUsername == null) {
                throw new NotFoundException("User not found");
            }
            updateUserFromRep(userByUsername, userRepresentation);
            if (this.session.getTransaction().isActive()) {
                this.session.getTransaction().commit();
            }
            return Response.noContent().build();
        } catch (ModelDuplicateException e) {
            return Flows.errors().exists("User exists with same username or email");
        } catch (ModelReadOnlyException e2) {
            return Flows.errors().exists("User is read only!");
        }
    }

    @POST
    @Consumes({MediaType.APPLICATION_JSON})
    public Response createUser(@Context UriInfo uriInfo, UserRepresentation userRepresentation) {
        this.auth.requireManage();
        if (this.session.users().getUserByUsername(userRepresentation.getUsername(), this.realm) != null) {
            return Flows.errors().exists("User exists with same username");
        }
        if (userRepresentation.getEmail() != null && this.session.users().getUserByEmail(userRepresentation.getEmail(), this.realm) != null) {
            return Flows.errors().exists("User exists with same email");
        }
        try {
            UserModel addUser = this.session.users().addUser(this.realm, userRepresentation.getUsername());
            updateUserFromRep(addUser, userRepresentation);
            if (this.session.getTransaction().isActive()) {
                this.session.getTransaction().commit();
            }
            return Response.created(uriInfo.getAbsolutePathBuilder().path(addUser.getUsername()).build(new Object[0])).build();
        } catch (ModelDuplicateException e) {
            if (this.session.getTransaction().isActive()) {
                this.session.getTransaction().setRollbackOnly();
            }
            return Flows.errors().exists("User exists with same username or email");
        }
    }

    private void updateUserFromRep(UserModel userModel, UserRepresentation userRepresentation) {
        userModel.setEmail(userRepresentation.getEmail());
        userModel.setFirstName(userRepresentation.getFirstName());
        userModel.setLastName(userRepresentation.getLastName());
        userModel.setEnabled(userRepresentation.isEnabled());
        userModel.setTotp(userRepresentation.isTotp());
        userModel.setEmailVerified(userRepresentation.isEmailVerified());
        List<String> requiredActions = userRepresentation.getRequiredActions();
        if (requiredActions != null) {
            for (UserModel.RequiredAction requiredAction : UserModel.RequiredAction.values()) {
                if (requiredActions.contains(requiredAction.name())) {
                    userModel.addRequiredAction(requiredAction);
                } else {
                    userModel.removeRequiredAction(requiredAction);
                }
            }
        }
        if (userRepresentation.getAttributes() != null) {
            for (Map.Entry<String, String> entry : userRepresentation.getAttributes().entrySet()) {
                userModel.setAttribute(entry.getKey(), entry.getValue());
            }
            HashSet hashSet = new HashSet(userModel.getAttributes().keySet());
            hashSet.removeAll(userRepresentation.getAttributes().keySet());
            Iterator it = hashSet.iterator();
            while (it.hasNext()) {
                userModel.removeAttribute((String) it.next());
            }
        }
    }

    @GET
    @Path("{username}")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public UserRepresentation getUser(@PathParam("username") String str) {
        this.auth.requireView();
        UserModel userByUsername = this.session.users().getUserByUsername(str, this.realm);
        if (userByUsername == null) {
            throw new NotFoundException("User not found");
        }
        return ModelToRepresentation.toRepresentation(userByUsername);
    }

    @GET
    @Path("{username}/sessions")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public List<UserSessionRepresentation> getSessions(@PathParam("username") String str) {
        this.auth.requireView();
        UserModel userByUsername = this.session.users().getUserByUsername(str, this.realm);
        if (userByUsername == null) {
            throw new NotFoundException("User not found");
        }
        List<UserSessionModel> userSessions = this.session.sessions().getUserSessions(this.realm, userByUsername);
        ArrayList arrayList = new ArrayList();
        Iterator<UserSessionModel> it = userSessions.iterator();
        while (it.hasNext()) {
            arrayList.add(ModelToRepresentation.toRepresentation(it.next()));
        }
        return arrayList;
    }

    @GET
    @Path("{username}/federated-identity")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public List<FederatedIdentityRepresentation> getFederatedIdentity(@PathParam("username") String str) {
        this.auth.requireView();
        UserModel userByUsername = this.session.users().getUserByUsername(str, this.realm);
        if (userByUsername == null) {
            throw new NotFoundException("User not found");
        }
        Set<FederatedIdentityModel> federatedIdentities = this.session.users().getFederatedIdentities(userByUsername, this.realm);
        ArrayList arrayList = new ArrayList();
        for (FederatedIdentityModel federatedIdentityModel : federatedIdentities) {
            Iterator<IdentityProviderModel> it = this.realm.getIdentityProviders().iterator();
            while (it.hasNext()) {
                if (it.next().getAlias().equals(federatedIdentityModel.getIdentityProvider())) {
                    arrayList.add(ModelToRepresentation.toRepresentation(federatedIdentityModel));
                }
            }
        }
        return arrayList;
    }

    @POST
    @Path("{username}/federated-identity/{provider}")
    @NoCache
    public Response addFederatedIdentity(@PathParam("username") String str, @PathParam("provider") String str2, FederatedIdentityRepresentation federatedIdentityRepresentation) {
        this.auth.requireManage();
        UserModel userByUsername = this.session.users().getUserByUsername(str, this.realm);
        if (userByUsername == null) {
            throw new NotFoundException("User not found");
        }
        if (this.session.users().getFederatedIdentity(userByUsername, str2, this.realm) != null) {
            return Flows.errors().exists("User is already linked with provider");
        }
        this.session.users().addFederatedIdentity(this.realm, userByUsername, new FederatedIdentityModel(str2, federatedIdentityRepresentation.getUserId(), federatedIdentityRepresentation.getUserName()));
        return Response.noContent().build();
    }

    @Path("{username}/federated-identity/{provider}")
    @NoCache
    @DELETE
    public void removeFederatedIdentity(@PathParam("username") String str, @PathParam("provider") String str2) {
        this.auth.requireManage();
        UserModel userByUsername = this.session.users().getUserByUsername(str, this.realm);
        if (userByUsername == null) {
            throw new NotFoundException("User not found");
        }
        if (!this.session.users().removeFederatedIdentity(this.realm, userByUsername, str2)) {
            throw new NotFoundException("Link not found");
        }
    }

    @POST
    @Path("{username}/logout")
    public void logout(@PathParam("username") String str) {
        this.auth.requireManage();
        UserModel userByUsername = this.session.users().getUserByUsername(str, this.realm);
        if (userByUsername == null) {
            throw new NotFoundException("User not found");
        }
        Iterator<UserSessionModel> it = this.session.sessions().getUserSessions(this.realm, userByUsername).iterator();
        while (it.hasNext()) {
            AuthenticationManager.backchannelLogout(this.session, this.realm, it.next(), this.uriInfo, this.clientConnection, this.headers);
        }
    }

    @Path("{username}")
    @NoCache
    @DELETE
    public Response deleteUser(@PathParam("username") String str) {
        this.auth.requireManage();
        getUser(str);
        UserModel userByUsername = this.session.users().getUserByUsername(str, this.realm);
        if (userByUsername == null) {
            throw new NotFoundException("User not found");
        }
        return new UserManager(this.session).removeUser(this.realm, userByUsername) ? Response.noContent().build() : Flows.errors().error("User couldn't be deleted", Response.Status.BAD_REQUEST);
    }

    @GET
    @Produces({MediaType.APPLICATION_JSON})
    @NoCache
    public List<UserRepresentation> getUsers(@QueryParam("search") String str, @QueryParam("lastName") String str2, @QueryParam("firstName") String str3, @QueryParam("email") String str4, @QueryParam("username") String str5, @QueryParam("first") Integer num, @QueryParam("max") Integer num2) {
        List<UserModel> searchForUserByAttributes;
        this.auth.requireView();
        Integer valueOf = Integer.valueOf(num != null ? num.intValue() : -1);
        Integer valueOf2 = Integer.valueOf(num2 != null ? num2.intValue() : -1);
        ArrayList arrayList = new ArrayList();
        if (str != null) {
            searchForUserByAttributes = this.session.users().searchForUser(str.trim(), this.realm, valueOf.intValue(), valueOf2.intValue());
        } else if (str2 == null && str3 == null && str4 == null && str5 == null) {
            searchForUserByAttributes = this.session.users().getUsers(this.realm, valueOf.intValue(), valueOf2.intValue());
        } else {
            HashMap hashMap = new HashMap();
            if (str2 != null) {
                hashMap.put("lastName", str2);
            }
            if (str3 != null) {
                hashMap.put("firstName", str3);
            }
            if (str4 != null) {
                hashMap.put("email", str4);
            }
            if (str5 != null) {
                hashMap.put("username", str5);
            }
            searchForUserByAttributes = this.session.users().searchForUserByAttributes(hashMap, this.realm, valueOf.intValue(), valueOf2.intValue());
        }
        Iterator<UserModel> it = searchForUserByAttributes.iterator();
        while (it.hasNext()) {
            arrayList.add(ModelToRepresentation.toRepresentation(it.next()));
        }
        return arrayList;
    }

    @GET
    @Path("{username}/role-mappings")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public MappingsRepresentation getRoleMappings(@PathParam("username") String str) {
        this.auth.requireView();
        UserModel userByUsername = this.session.users().getUserByUsername(str, this.realm);
        if (userByUsername == null) {
            throw new NotFoundException("User not found");
        }
        MappingsRepresentation mappingsRepresentation = new MappingsRepresentation();
        Set<RoleModel> roleMappings = userByUsername.getRoleMappings();
        new RealmManager(this.session);
        if (roleMappings.size() > 0) {
            ArrayList arrayList = new ArrayList();
            Iterator<RoleModel> it = roleMappings.iterator();
            while (it.hasNext()) {
                arrayList.add(ModelToRepresentation.toRepresentation(it.next()));
            }
            mappingsRepresentation.setRealmMappings(arrayList);
        }
        List<ApplicationModel> applications = this.realm.getApplications();
        if (applications.size() > 0) {
            HashMap hashMap = new HashMap();
            for (ApplicationModel applicationModel : applications) {
                Set<RoleModel> applicationRoleMappings = userByUsername.getApplicationRoleMappings(applicationModel);
                if (applicationRoleMappings.size() > 0) {
                    ApplicationMappingsRepresentation applicationMappingsRepresentation = new ApplicationMappingsRepresentation();
                    applicationMappingsRepresentation.setApplicationId(applicationModel.getId());
                    applicationMappingsRepresentation.setApplication(applicationModel.getName());
                    ArrayList arrayList2 = new ArrayList();
                    applicationMappingsRepresentation.setMappings(arrayList2);
                    Iterator<RoleModel> it2 = applicationRoleMappings.iterator();
                    while (it2.hasNext()) {
                        arrayList2.add(ModelToRepresentation.toRepresentation(it2.next()));
                    }
                    hashMap.put(applicationModel.getName(), applicationMappingsRepresentation);
                    mappingsRepresentation.setApplicationMappings(hashMap);
                }
            }
        }
        return mappingsRepresentation;
    }

    @GET
    @Path("{username}/role-mappings/realm")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public List<RoleRepresentation> getRealmRoleMappings(@PathParam("username") String str) {
        this.auth.requireView();
        UserModel userByUsername = this.session.users().getUserByUsername(str, this.realm);
        if (userByUsername == null) {
            throw new NotFoundException("User not found");
        }
        Set<RoleModel> realmRoleMappings = userByUsername.getRealmRoleMappings();
        ArrayList arrayList = new ArrayList();
        Iterator<RoleModel> it = realmRoleMappings.iterator();
        while (it.hasNext()) {
            arrayList.add(ModelToRepresentation.toRepresentation(it.next()));
        }
        return arrayList;
    }

    @GET
    @Path("{username}/role-mappings/realm/composite")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public List<RoleRepresentation> getCompositeRealmRoleMappings(@PathParam("username") String str) {
        this.auth.requireView();
        UserModel userByUsername = this.session.users().getUserByUsername(str, this.realm);
        if (userByUsername == null) {
            throw new NotFoundException("User not found");
        }
        Set<RoleModel> roles = this.realm.getRoles();
        ArrayList arrayList = new ArrayList();
        for (RoleModel roleModel : roles) {
            if (userByUsername.hasRole(roleModel)) {
                arrayList.add(ModelToRepresentation.toRepresentation(roleModel));
            }
        }
        return arrayList;
    }

    @GET
    @Path("{username}/role-mappings/realm/available")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public List<RoleRepresentation> getAvailableRealmRoleMappings(@PathParam("username") String str) {
        this.auth.requireView();
        UserModel userByUsername = this.session.users().getUserByUsername(str, this.realm);
        if (userByUsername == null) {
            throw new NotFoundException("User not found");
        }
        return UserApplicationRoleMappingsResource.getAvailableRoles(userByUsername, this.realm.getRoles());
    }

    @POST
    @Path("{username}/role-mappings/realm")
    @Consumes({MediaType.APPLICATION_JSON})
    public void addRealmRoleMappings(@PathParam("username") String str, List<RoleRepresentation> list) {
        this.auth.requireManage();
        logger.debugv("** addRealmRoleMappings: {0}", list);
        UserModel userByUsername = this.session.users().getUserByUsername(str, this.realm);
        if (userByUsername == null) {
            throw new NotFoundException("User not found");
        }
        for (RoleRepresentation roleRepresentation : list) {
            RoleModel role = this.realm.getRole(roleRepresentation.getName());
            if (role == null || !role.getId().equals(roleRepresentation.getId())) {
                throw new NotFoundException("Role not found");
            }
            userByUsername.grantRole(role);
        }
    }

    @Path("{username}/role-mappings/realm")
    @Consumes({MediaType.APPLICATION_JSON})
    @DELETE
    public void deleteRealmRoleMappings(@PathParam("username") String str, List<RoleRepresentation> list) {
        this.auth.requireManage();
        logger.debug("deleteRealmRoleMappings");
        UserModel userByUsername = this.session.users().getUserByUsername(str, this.realm);
        if (userByUsername == null) {
            throw new NotFoundException("User not found");
        }
        if (list == null) {
            Iterator<RoleModel> it = userByUsername.getRealmRoleMappings().iterator();
            while (it.hasNext()) {
                userByUsername.deleteRoleMapping(it.next());
            }
            return;
        }
        for (RoleRepresentation roleRepresentation : list) {
            RoleModel role = this.realm.getRole(roleRepresentation.getName());
            if (role == null || !role.getId().equals(roleRepresentation.getId())) {
                throw new NotFoundException("Role not found");
            }
            userByUsername.deleteRoleMapping(role);
        }
    }

    @Path("{username}/role-mappings/applications/{app}")
    public UserApplicationRoleMappingsResource getUserApplicationRoleMappingsResource(@PathParam("username") String str, @PathParam("app") String str2) {
        UserModel userByUsername = this.session.users().getUserByUsername(str, this.realm);
        if (userByUsername == null) {
            throw new NotFoundException("User not found");
        }
        ApplicationModel applicationByName = this.realm.getApplicationByName(str2);
        if (applicationByName == null) {
            throw new NotFoundException("Application not found");
        }
        return new UserApplicationRoleMappingsResource(this.realm, this.auth, userByUsername, applicationByName);
    }

    @Path("{username}/role-mappings/applications-by-id/{appId}")
    public UserApplicationRoleMappingsResource getUserApplicationRoleMappingsResourceById(@PathParam("username") String str, @PathParam("appId") String str2) {
        UserModel userByUsername = this.session.users().getUserByUsername(str, this.realm);
        if (userByUsername == null) {
            throw new NotFoundException("User not found");
        }
        ApplicationModel applicationById = this.realm.getApplicationById(str2);
        if (applicationById == null) {
            throw new NotFoundException("Application not found");
        }
        return new UserApplicationRoleMappingsResource(this.realm, this.auth, userByUsername, applicationById);
    }

    @Path("{username}/reset-password")
    @PUT
    @Consumes({MediaType.APPLICATION_JSON})
    public void resetPassword(@PathParam("username") String str, CredentialRepresentation credentialRepresentation) {
        this.auth.requireManage();
        UserModel userByUsername = this.session.users().getUserByUsername(str, this.realm);
        if (userByUsername == null) {
            throw new NotFoundException("User not found");
        }
        if (credentialRepresentation == null || credentialRepresentation.getValue() == null || !"password".equals(credentialRepresentation.getType())) {
            throw new BadRequestException("No password provided");
        }
        try {
            this.session.users().updateCredential(this.realm, userByUsername, RepresentationToModel.convertCredential(credentialRepresentation));
            if (credentialRepresentation.isTemporary()) {
                userByUsername.addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
            }
        } catch (ModelReadOnlyException e) {
            throw new BadRequestException("Can't reset password as account is read only");
        }
    }

    @Path("{username}/remove-totp")
    @PUT
    @Consumes({MediaType.APPLICATION_JSON})
    public void removeTotp(@PathParam("username") String str) {
        this.auth.requireManage();
        UserModel userByUsername = this.session.users().getUserByUsername(str, this.realm);
        if (userByUsername == null) {
            throw new NotFoundException("User not found");
        }
        userByUsername.setTotp(false);
    }

    @Path("{username}/reset-password-email")
    @PUT
    @Consumes({MediaType.APPLICATION_JSON})
    public Response resetPasswordEmail(@PathParam("username") String str, @QueryParam("redirect_uri") String str2, @QueryParam("client_id") String str3) {
        String uri;
        this.auth.requireManage();
        UserModel userByUsername = this.session.users().getUserByUsername(str, this.realm);
        if (userByUsername == null) {
            return Flows.errors().error("User not found", Response.Status.NOT_FOUND);
        }
        if (!userByUsername.isEnabled()) {
            return Flows.errors().error("User is disabled", Response.Status.BAD_REQUEST);
        }
        if (userByUsername.getEmail() == null) {
            return Flows.errors().error("User email missing", Response.Status.BAD_REQUEST);
        }
        if (str2 != null && str3 == null) {
            return Flows.errors().error("Client id missing", Response.Status.BAD_REQUEST);
        }
        if (str3 == null) {
            str3 = Constants.ACCOUNT_MANAGEMENT_APP;
        }
        ClientModel findClient = this.realm.findClient(str3);
        if (findClient == null || !findClient.isEnabled()) {
            return Flows.errors().error(str3 + " not enabled", Response.Status.INTERNAL_SERVER_ERROR);
        }
        if (str2 != null) {
            uri = RedirectUtils.verifyRedirectUri(this.uriInfo, str2, this.realm, findClient);
            if (uri == null) {
                return Flows.errors().error("Invalid redirect uri.", Response.Status.BAD_REQUEST);
            }
        } else {
            uri = Urls.accountBase(this.uriInfo.getBaseUri()).path(Group.PATH_SEPARATOR).build(this.realm.getName()).toString();
        }
        UserSessionModel createUserSession = this.session.sessions().createUserSession(this.realm, userByUsername, str, this.clientConnection.getRemoteAddr(), "form", false, null, null);
        ClientSessionModel createClientSession = this.session.sessions().createClientSession(this.realm, findClient);
        createClientSession.setAuthMethod(OIDCLoginProtocol.LOGIN_PROTOCOL);
        createClientSession.setRedirectUri(uri);
        createClientSession.setUserSession(createUserSession);
        ClientSessionCode clientSessionCode = new ClientSessionCode(this.realm, createClientSession);
        clientSessionCode.setAction(ClientSessionModel.Action.RECOVER_PASSWORD);
        try {
            UriBuilder loginPasswordResetBuilder = Urls.loginPasswordResetBuilder(this.uriInfo.getBaseUri());
            loginPasswordResetBuilder.queryParam("key", clientSessionCode.getCode());
            ((EmailProvider) this.session.getProvider(EmailProvider.class)).setRealm(this.realm).setUser(userByUsername).sendPasswordReset(loginPasswordResetBuilder.build(this.realm.getName()).toString(), TimeUnit.SECONDS.toMinutes(this.realm.getAccessCodeLifespanUserAction()));
            return Response.ok().build();
        } catch (EmailException e) {
            logger.error("Failed to send password reset email", e);
            return Flows.errors().error("Failed to send email", Response.Status.INTERNAL_SERVER_ERROR);
        }
    }
}
