package org.apereo.cas.gauth.web.flow;

import lombok.Generated;
import org.apereo.cas.authentication.OneTimeTokenAccount;
import org.apereo.cas.gauth.credential.GoogleAuthenticatorTokenCredential;
import org.apereo.cas.web.flow.actions.BaseCasWebflowAction;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/gauth/web/flow/GoogleAuthenticatorValidateSelectedRegistrationAction.class */
public class GoogleAuthenticatorValidateSelectedRegistrationAction extends BaseCasWebflowAction {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(GoogleAuthenticatorValidateSelectedRegistrationAction.class);
    private static final String CODE = "screen.authentication.gauth.invalid";

    private static void addErrorMessageToContext(RequestContext requestContext) {
        WebUtils.addErrorMessageToContext(requestContext, CODE);
    }

    protected Event doExecute(RequestContext requestContext) {
        OneTimeTokenAccount oneTimeTokenAccount = WebUtils.getOneTimeTokenAccount(requestContext, OneTimeTokenAccount.class);
        if (oneTimeTokenAccount == null) {
            LOGGER.warn("Unable to determine google authenticator account");
            addErrorMessageToContext(requestContext);
            return error();
        }
        GoogleAuthenticatorTokenCredential credential = WebUtils.getCredential(requestContext, GoogleAuthenticatorTokenCredential.class);
        if (credential == null) {
            LOGGER.warn("Unable to determine google authenticator token credential");
            addErrorMessageToContext(requestContext);
            return error();
        }
        LOGGER.trace("Located account [{}] to be used for credential [{}]", oneTimeTokenAccount, credential);
        if (credential.getAccountId() != null && credential.getAccountId().longValue() == oneTimeTokenAccount.getId()) {
            return null;
        }
        LOGGER.warn("Google authenticator token credential is not assigned a valid account id");
        addErrorMessageToContext(requestContext);
        return error();
    }
}
