package io.phasetwo.service.resource;

import com.google.common.base.Strings;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Maps;
import io.phasetwo.service.model.InvitationModel;
import io.phasetwo.service.model.OrganizationModel;
import io.phasetwo.service.representation.Invitation;
import io.phasetwo.service.representation.InvitationRequest;
import jakarta.mail.internet.AddressException;
import jakarta.mail.internet.InternetAddress;
import jakarta.validation.Valid;
import jakarta.ws.rs.BadRequestException;
import jakarta.ws.rs.ClientErrorException;
import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.DELETE;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.InternalServerErrorException;
import jakarta.ws.rs.NotAuthorizedException;
import jakarta.ws.rs.NotFoundException;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.PUT;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.QueryParam;
import jakarta.ws.rs.core.Response;
import java.lang.reflect.Method;
import java.net.URI;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.jboss.logging.Logger;
import org.keycloak.email.EmailTemplateProvider;
import org.keycloak.email.freemarker.FreeMarkerEmailTemplateProvider;
import org.keycloak.email.freemarker.beans.ProfileBean;
import org.keycloak.events.admin.OperationType;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.KeycloakModelUtils;

/* loaded from: input_file:io/phasetwo/service/resource/InvitationsResource.class */
public class InvitationsResource extends OrganizationAdminResource {
    private static final Logger log = Logger.getLogger(InvitationsResource.class);
    private final OrganizationModel organization;

    public InvitationsResource(OrganizationAdminResource organizationAdminResource, OrganizationModel organizationModel) {
        super(organizationAdminResource);
        this.organization = organizationModel;
    }

    @Produces({"application/json"})
    @POST
    @Path("")
    @Consumes({"application/json"})
    public Response createInvitation(@Valid InvitationRequest invitationRequest) {
        String email = invitationRequest.getEmail();
        log.debugf("Create invitation for %s %s %s", email, this.realm.getName(), this.organization.getId());
        canManage();
        if (email == null || !isValidEmail(email)) {
            throw new BadRequestException("Invalid email: " + email);
        }
        if (!canSetRoles(invitationRequest.getRoles())) {
            throw new BadRequestException("Unknown role in list.");
        }
        String lowerCase = email.toLowerCase();
        String str = (String) Optional.ofNullable(invitationRequest.getRedirectUri()).orElse("");
        if (this.organization.getInvitationsByEmail(lowerCase).count() > 0) {
            log.infof("invitation for %s %s %s already exists. .", lowerCase, this.realm.getName(), this.organization.getId());
            throw new ClientErrorException(String.format("Invitation for %s already exists.", lowerCase), Response.Status.CONFLICT);
        }
        UserModel findUserByNameOrEmail = KeycloakModelUtils.findUserByNameOrEmail(this.session, this.realm, lowerCase);
        if (findUserByNameOrEmail != null && this.organization.hasMembership(findUserByNameOrEmail)) {
            log.infof("%s is already a member of %s", lowerCase, this.organization.getId());
            throw new ClientErrorException(String.format("%s is already a member of this organization.", lowerCase), Response.Status.CONFLICT);
        }
        try {
            UserModel user = (invitationRequest.getInviterId() == null || invitationRequest.getInviterId().equals("")) ? ((OrganizationAdminAuth) this.auth).getUser() : this.session.users().getUserById(this.realm, invitationRequest.getInviterId());
            InvitationModel addInvitation = this.organization.addInvitation(lowerCase, user);
            addInvitation.setUrl(str);
            if (invitationRequest.getRoles() != null) {
                addInvitation.setRoles(invitationRequest.getRoles());
            }
            if (invitationRequest.getAttributes() != null && invitationRequest.getAttributes().size() > 0) {
                invitationRequest.getAttributes().entrySet().forEach(entry -> {
                    addInvitation.setAttribute((String) entry.getKey(), (List) entry.getValue());
                });
            }
            Invitation convertInvitationModelToInvitation = Converters.convertInvitationModelToInvitation(addInvitation);
            log.debugf("Made invitation %s", convertInvitationModelToInvitation);
            this.adminEvent.resource(OrganizationResourceType.INVITATION.name()).operation(OperationType.CREATE).resourcePath(this.session.getContext().getUri(), convertInvitationModelToInvitation.getId()).representation(convertInvitationModelToInvitation).success();
            URI build = this.session.getContext().getUri().getAbsolutePathBuilder().path(convertInvitationModelToInvitation.getId()).build(new Object[0]);
            if (invitationRequest.isSend()) {
                try {
                    sendInvitationEmail(lowerCase, this.session, this.realm, user, str, convertInvitationModelToInvitation.getAttributes());
                } catch (Exception e) {
                    log.warn("Unable to send invitation email", e);
                }
            }
            return Response.created(build).build();
        } catch (Exception e2) {
            throw new InternalServerErrorException(e2);
        }
    }

    boolean canSetRoles(Collection<String> collection) {
        if (collection == null || collection.isEmpty()) {
            return true;
        }
        Set set = (Set) this.organization.getRolesStream().map(organizationRoleModel -> {
            return organizationRoleModel.getName();
        }).collect(Collectors.toSet());
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            if (!set.contains(it.next())) {
                return false;
            }
        }
        return true;
    }

    void sendInvitationEmail(String str, KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel, String str2, Map<String, List<String>> map) throws Exception {
        EmailTemplateProvider provider = keycloakSession.getProvider(EmailTemplateProvider.class);
        Method declaredMethod = FreeMarkerEmailTemplateProvider.class.getDeclaredMethod("send", String.class, List.class, String.class, Map.class, String.class);
        declaredMethod.setAccessible(true);
        String name = Strings.isNullOrEmpty(realmModel.getDisplayName()) ? realmModel.getName() : realmModel.getDisplayName();
        String name2 = Strings.isNullOrEmpty(this.organization.getDisplayName()) ? this.organization.getName() : this.organization.getDisplayName();
        String orElse = getInviterName(userModel).orElse("");
        ImmutableList of = ImmutableList.of(name, name2, orElse);
        HashMap newHashMap = Maps.newHashMap();
        newHashMap.put("email", str);
        newHashMap.put("realmName", name);
        newHashMap.put("orgName", name2);
        newHashMap.put("inviterName", orElse);
        newHashMap.put("inviter", new ProfileBean(userModel, keycloakSession));
        newHashMap.put("link", str2);
        newHashMap.put("attributes", map);
        provider.setRealm(realmModel).setUser(this.user).setAttribute("realmName", name);
        declaredMethod.invoke(provider, "invitationEmailSubject", of, "invitation-email.ftl", newHashMap, str);
    }

    Optional<String> getInviterName(UserModel userModel) {
        if (userModel == null) {
            return Optional.empty();
        }
        StringBuilder sb = new StringBuilder();
        if (!Strings.isNullOrEmpty(userModel.getFirstName())) {
            sb.append(userModel.getFirstName());
        }
        if (!Strings.isNullOrEmpty(userModel.getLastName())) {
            if (sb.length() > 0) {
                sb.append(" ");
            }
            sb.append(userModel.getLastName());
        }
        if (!Strings.isNullOrEmpty(userModel.getEmail())) {
            if (sb.length() > 0) {
                sb.append(" ").append("(");
            }
            sb.append(userModel.getEmail());
            if (sb.length() > userModel.getEmail().length()) {
                sb.append(")");
            }
        }
        return Optional.ofNullable(Strings.emptyToNull(sb.toString()));
    }

    @Produces({"application/json"})
    @GET
    @Path("")
    public Stream<Invitation> listInvitations(@QueryParam("search") String str, @QueryParam("first") Integer num, @QueryParam("max") Integer num2) {
        log.debugf("Get invitations for %s %s", this.realm.getName(), this.organization.getId());
        Optional ofNullable = Optional.ofNullable(str);
        return this.organization.getInvitationsStream().filter(invitationModel -> {
            return !ofNullable.isPresent() || invitationModel.getEmail().contains((CharSequence) ofNullable.get());
        }).skip(Integer.valueOf(num != null ? num.intValue() : 0).intValue()).limit(Integer.valueOf(num2 != null ? num2.intValue() : 100).intValue()).map(invitationModel2 -> {
            return Converters.convertInvitationModelToInvitation(invitationModel2);
        });
    }

    @Produces({"application/json"})
    @GET
    @Path("count")
    public Long countInvitations() {
        log.debugf("countInvitations %s %s", this.realm.getName(), this.organization.getId());
        return this.organization.getInvitationsCount();
    }

    @Produces({"application/json"})
    @GET
    @Path("{invitationId}")
    public Invitation getInvitation(@PathParam("invitationId") String str) {
        log.debugf("Get invitation for %s %s %s", this.realm.getName(), this.organization.getId(), str);
        InvitationModel invitation = this.organization.getInvitation(str);
        if (invitation == null) {
            throw new NotFoundException(String.format("No invitation with id %s", str));
        }
        return Converters.convertInvitationModelToInvitation(invitation);
    }

    @PUT
    @Path("{invitationId}/resend-email")
    public Response resendEmail(@PathParam("invitationId") String str) {
        log.debugf("Resend invitation for %s %s %s", this.realm.getName(), this.organization.getId(), str);
        InvitationModel invitation = this.organization.getInvitation(str);
        if (invitation == null) {
            throw new NotFoundException(String.format("No invitation with id %s", str));
        }
        UserModel inviter = invitation.getInviter();
        if (inviter == null) {
            inviter = ((OrganizationAdminAuth) this.auth).getUser();
        }
        try {
            sendInvitationEmail(invitation.getEmail(), this.session, this.realm, inviter, (String) Optional.ofNullable(invitation.getUrl()).orElse(""), invitation.getAttributes());
        } catch (Exception e) {
            log.warn("Unable to send invitation email", e);
        }
        return Response.noContent().build();
    }

    @DELETE
    @Path("{invitationId}")
    public Response removeInvitation(@PathParam("invitationId") String str) {
        canManage();
        InvitationModel orElse = this.organization.getInvitationsStream().filter(invitationModel -> {
            return invitationModel.getId().equals(str);
        }).findAny().orElse(null);
        if (orElse == null) {
            throw new NotFoundException(String.format("No invitation with id %s", str));
        }
        this.organization.revokeInvitation(str);
        this.adminEvent.resource(OrganizationResourceType.INVITATION.name()).operation(OperationType.DELETE).resourcePath(this.session.getContext().getUri(), orElse.getId()).representation(Converters.convertInvitationModelToInvitation(orElse)).success();
        return Response.status(204).build();
    }

    private void canManage() {
        if (!((OrganizationAdminAuth) this.auth).hasManageOrgs() && !((OrganizationAdminAuth) this.auth).hasOrgManageInvitations(this.organization)) {
            throw new NotAuthorizedException(String.format("User %s doesn't have permission to manage invitations in org %s", ((OrganizationAdminAuth) this.auth).getUser().getId(), this.organization.getName()), new Object[0]);
        }
    }

    private static InternetAddress getValidEmail(String str) throws AddressException {
        Objects.requireNonNull(str, "email must not be null to validate");
        try {
            if (str.startsWith("mailto:")) {
                str = str.substring(7);
            }
            InternetAddress internetAddress = new InternetAddress(str);
            internetAddress.validate();
            return internetAddress;
        } catch (AddressException e) {
            throw e;
        }
    }

    private static boolean isValidEmail(String str) {
        try {
            getValidEmail(str);
            return true;
        } catch (Exception e) {
            return false;
        }
    }
}
