package org.keycloak.authentication.authenticators.directgrant;

import java.util.LinkedList;
import java.util.List;
import javax.ws.rs.core.Response;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.AuthenticationFlowError;
import org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator;
import org.keycloak.authentication.authenticators.util.AuthenticatorUtils;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.services.ServicesLogger;

/* loaded from: input_file:org/keycloak/authentication/authenticators/directgrant/ValidateUsername.class */
public class ValidateUsername extends AbstractDirectGrantAuthenticator {
    public static final String PROVIDER_ID = "direct-grant-validate-username";
    public static final AuthenticationExecutionModel.Requirement[] REQUIREMENT_CHOICES = {AuthenticationExecutionModel.Requirement.REQUIRED};

    public void authenticate(AuthenticationFlowContext authenticationFlowContext) {
        String retrieveUsername = retrieveUsername(authenticationFlowContext);
        if (retrieveUsername == null) {
            authenticationFlowContext.getEvent().error("user_not_found");
            authenticationFlowContext.failure(AuthenticationFlowError.INVALID_USER, errorResponse(Response.Status.UNAUTHORIZED.getStatusCode(), "invalid_request", "Missing parameter: username"));
            return;
        }
        authenticationFlowContext.getEvent().detail("username", retrieveUsername);
        authenticationFlowContext.getAuthenticationSession().setAuthNote(AbstractUsernameFormAuthenticator.ATTEMPTED_USERNAME, retrieveUsername);
        try {
            UserModel findUserByNameOrEmail = KeycloakModelUtils.findUserByNameOrEmail(authenticationFlowContext.getSession(), authenticationFlowContext.getRealm(), retrieveUsername);
            if (findUserByNameOrEmail == null) {
                authenticationFlowContext.getEvent().error("user_not_found");
                authenticationFlowContext.failure(AuthenticationFlowError.INVALID_USER, errorResponse(Response.Status.UNAUTHORIZED.getStatusCode(), "invalid_grant", "Invalid user credentials"));
                return;
            }
            String disabledByBruteForceEventError = AuthenticatorUtils.getDisabledByBruteForceEventError(authenticationFlowContext.getProtector(), authenticationFlowContext.getSession(), authenticationFlowContext.getRealm(), findUserByNameOrEmail);
            if (disabledByBruteForceEventError != null) {
                authenticationFlowContext.getEvent().user(findUserByNameOrEmail);
                authenticationFlowContext.getEvent().error(disabledByBruteForceEventError);
                authenticationFlowContext.forceChallenge(errorResponse(Response.Status.UNAUTHORIZED.getStatusCode(), "invalid_grant", "Invalid user credentials"));
            } else if (findUserByNameOrEmail.isEnabled()) {
                authenticationFlowContext.setUser(findUserByNameOrEmail);
                authenticationFlowContext.success();
            } else {
                authenticationFlowContext.getEvent().user(findUserByNameOrEmail);
                authenticationFlowContext.getEvent().error("user_disabled");
                authenticationFlowContext.forceChallenge(errorResponse(Response.Status.BAD_REQUEST.getStatusCode(), "invalid_grant", "Account disabled"));
            }
        } catch (ModelDuplicateException e) {
            ServicesLogger.LOGGER.modelDuplicateException(e);
            authenticationFlowContext.failure(AuthenticationFlowError.INVALID_USER, errorResponse(Response.Status.UNAUTHORIZED.getStatusCode(), "invalid_request", "Invalid user credentials"));
        }
    }

    public boolean requiresUser() {
        return false;
    }

    public boolean configuredFor(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
        return true;
    }

    public void setRequiredActions(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
    }

    public boolean isUserSetupAllowed() {
        return false;
    }

    public String getDisplayType() {
        return "Username Validation";
    }

    public String getReferenceCategory() {
        return null;
    }

    public boolean isConfigurable() {
        return false;
    }

    public AuthenticationExecutionModel.Requirement[] getRequirementChoices() {
        return REQUIREMENT_CHOICES;
    }

    public String getHelpText() {
        return "Validates the username supplied as a 'username' form parameter in direct grant request";
    }

    public List<ProviderConfigProperty> getConfigProperties() {
        return new LinkedList();
    }

    public String getId() {
        return PROVIDER_ID;
    }

    protected String retrieveUsername(AuthenticationFlowContext authenticationFlowContext) {
        return (String) authenticationFlowContext.getHttpRequest().getDecodedFormParameters().getFirst("username");
    }
}
