package org.keycloak.authentication.requiredactions;

import java.util.HashMap;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilderException;
import org.jboss.logging.Logger;
import org.keycloak.authentication.ConsoleDisplayMode;
import org.keycloak.authentication.RequiredActionContext;
import org.keycloak.authentication.RequiredActionProvider;
import org.keycloak.common.util.RandomString;
import org.keycloak.email.EmailException;
import org.keycloak.email.EmailTemplateProvider;
import org.keycloak.events.EventBuilder;
import org.keycloak.events.EventType;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.services.messages.Messages;
import org.keycloak.services.validation.Validation;
import org.keycloak.sessions.AuthenticationSessionModel;

/* loaded from: input_file:org/keycloak/authentication/requiredactions/ConsoleVerifyEmail.class */
public class ConsoleVerifyEmail implements RequiredActionProvider {
    public static final ConsoleVerifyEmail SINGLETON = new ConsoleVerifyEmail();
    private static final Logger logger = Logger.getLogger(ConsoleVerifyEmail.class);
    public static String EMAIL_CODE = "email_code";

    public void evaluateTriggers(RequiredActionContext requiredActionContext) {
        if (!requiredActionContext.getRealm().isVerifyEmail() || requiredActionContext.getUser().isEmailVerified()) {
            return;
        }
        requiredActionContext.getUser().addRequiredAction(UserModel.RequiredAction.VERIFY_EMAIL);
        logger.debug("User is required to verify email");
    }

    public void requiredActionChallenge(RequiredActionContext requiredActionContext) {
        AuthenticationSessionModel authenticationSession = requiredActionContext.getAuthenticationSession();
        if (requiredActionContext.getUser().isEmailVerified()) {
            requiredActionContext.success();
            authenticationSession.removeAuthNote("VERIFY_EMAIL_KEY");
        } else if (Validation.isBlank(requiredActionContext.getUser().getEmail())) {
            requiredActionContext.ignore();
        } else {
            requiredActionContext.challenge(sendVerifyEmail(requiredActionContext));
        }
    }

    public void processAction(RequiredActionContext requiredActionContext) {
        EventBuilder detail = requiredActionContext.getEvent().clone().event(EventType.VERIFY_EMAIL).detail("email", requiredActionContext.getUser().getEmail());
        String authNote = requiredActionContext.getAuthenticationSession().getAuthNote("VERIFY_EMAIL_CODE");
        if (authNote == null) {
            requiredActionChallenge(requiredActionContext);
        } else if (authNote.equals((String) requiredActionContext.getHttpRequest().getDecodedFormParameters().getFirst(EMAIL_CODE))) {
            detail.success();
            requiredActionContext.success();
        } else {
            requiredActionContext.challenge(challenge(requiredActionContext).message(Messages.INVALID_CODE, new String[0]));
            detail.error("invalid_code");
        }
    }

    public void close() {
    }

    protected ConsoleDisplayMode challenge(RequiredActionContext requiredActionContext) {
        return ConsoleDisplayMode.challenge(requiredActionContext).header().param(EMAIL_CODE).label("console-email-code").challenge();
    }

    private Response sendVerifyEmail(RequiredActionContext requiredActionContext) throws UriBuilderException, IllegalArgumentException {
        KeycloakSession session = requiredActionContext.getSession();
        UserModel user = requiredActionContext.getUser();
        AuthenticationSessionModel authenticationSession = requiredActionContext.getAuthenticationSession();
        EventBuilder detail = requiredActionContext.getEvent().clone().event(EventType.SEND_VERIFY_EMAIL).detail("email", user.getEmail());
        String randomCode = RandomString.randomCode(8);
        authenticationSession.setAuthNote("VERIFY_EMAIL_CODE", randomCode);
        RealmModel realm = session.getContext().getRealm();
        HashMap hashMap = new HashMap();
        hashMap.put("code", randomCode);
        try {
            session.getProvider(EmailTemplateProvider.class).setAuthenticationSession(authenticationSession).setRealm(realm).setUser(user).send("emailVerificationSubject", "email-verification-with-code.ftl", hashMap);
            detail.success();
        } catch (EmailException e) {
            logger.error("Failed to send verification email", e);
            detail.error("email_send_failed");
        }
        return challenge(requiredActionContext).text(requiredActionContext.form().getMessage("console-verify-email", new String[]{user.getEmail()}));
    }
}
