package io.phasetwo.service.auth;

import io.phasetwo.service.util.Emails;
import jakarta.ws.rs.core.MultivaluedHashMap;
import jakarta.ws.rs.core.MultivaluedMap;
import jakarta.ws.rs.core.Response;
import org.jboss.logging.Logger;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.AuthenticationFlowError;
import org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator;
import org.keycloak.forms.login.LoginFormsProvider;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.services.managers.AuthenticationManager;

/* loaded from: input_file:io/phasetwo/service/auth/UsernameNoteAuthenticator.class */
class UsernameNoteAuthenticator extends AbstractUsernameFormAuthenticator implements DefaultAuthenticator {
    private static final Logger log = Logger.getLogger(UsernameNoteAuthenticator.class);

    public void authenticate(AuthenticationFlowContext authenticationFlowContext) {
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        String clientNote = authenticationFlowContext.getAuthenticationSession().getClientNote("login_hint");
        String rememberMeUsername = AuthenticationManager.getRememberMeUsername(authenticationFlowContext.getSession());
        if (clientNote != null || rememberMeUsername != null) {
            if (clientNote != null) {
                multivaluedHashMap.add("username", clientNote);
            } else {
                multivaluedHashMap.add("username", rememberMeUsername);
                multivaluedHashMap.add("rememberMe", "on");
            }
        }
        authenticationFlowContext.challenge(challenge(authenticationFlowContext, multivaluedHashMap));
    }

    protected Response challenge(AuthenticationFlowContext authenticationFlowContext, MultivaluedMap<String, String> multivaluedMap) {
        LoginFormsProvider form = authenticationFlowContext.form();
        if (!multivaluedMap.isEmpty()) {
            form.setFormData(multivaluedMap);
        }
        return form.createLoginUsername();
    }

    public void action(AuthenticationFlowContext authenticationFlowContext) {
        MultivaluedMap<String, String> decodedFormParameters = authenticationFlowContext.getHttpRequest().getDecodedFormParameters();
        if (decodedFormParameters.containsKey("cancel")) {
            authenticationFlowContext.cancelLogin();
            return;
        }
        String userInContext = setUserInContext(authenticationFlowContext, decodedFormParameters);
        if (userInContext == null) {
            return;
        }
        log.infof("username set in auth note %s.", userInContext);
        if (authenticationFlowContext.getExecution().getRequirement() == AuthenticationExecutionModel.Requirement.REQUIRED) {
            authenticationFlowContext.success();
        } else {
            authenticationFlowContext.attempted();
        }
    }

    private String setUserInContext(AuthenticationFlowContext authenticationFlowContext, MultivaluedMap<String, String> multivaluedMap) {
        authenticationFlowContext.clearUser();
        String str = (String) multivaluedMap.getFirst("username");
        if (str != null) {
            str = str.trim();
            if ("".equalsIgnoreCase(str)) {
                str = null;
            }
        }
        if (str == null) {
            authenticationFlowContext.getEvent().error("user_not_found");
            authenticationFlowContext.failureChallenge(AuthenticationFlowError.INVALID_USER, challenge(authenticationFlowContext, getDefaultChallengeMessage(authenticationFlowContext), "username"));
            return null;
        }
        if (Emails.isValidEmail(str)) {
            authenticationFlowContext.getEvent().detail("username", str);
            authenticationFlowContext.getAuthenticationSession().setAuthNote("ATTEMPTED_USERNAME", str);
            return str;
        }
        authenticationFlowContext.getEvent().error("invalid_email");
        authenticationFlowContext.failureChallenge(AuthenticationFlowError.INVALID_USER, challenge(authenticationFlowContext, getDefaultChallengeMessage(authenticationFlowContext), "username"));
        return null;
    }

    protected Response createLoginForm(LoginFormsProvider loginFormsProvider) {
        return loginFormsProvider.createLoginUsername();
    }

    protected String getDefaultChallengeMessage(AuthenticationFlowContext authenticationFlowContext) {
        return authenticationFlowContext.getRealm().isLoginWithEmailAllowed() ? "invalidUsernameOrEmailMessage" : "invalidUsernameMessage";
    }
}
