package org.apereo.cas.web.flow;

import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;
import lombok.Generated;
import org.apereo.cas.api.PasswordlessAuthenticationPreProcessor;
import org.apereo.cas.api.PasswordlessAuthenticationRequest;
import org.apereo.cas.api.PasswordlessTokenRepository;
import org.apereo.cas.api.PasswordlessUserAccount;
import org.apereo.cas.api.PasswordlessUserAccountStore;
import org.apereo.cas.authentication.AuthenticationException;
import org.apereo.cas.authentication.AuthenticationResult;
import org.apereo.cas.authentication.AuthenticationResultBuilder;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.adaptive.AdaptiveAuthenticationPolicy;
import org.apereo.cas.authentication.credential.OneTimePasswordCredential;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.impl.token.PasswordlessAuthenticationToken;
import org.apereo.cas.util.LoggingUtils;
import org.apereo.cas.util.spring.beans.BeanSupplier;
import org.apereo.cas.web.flow.actions.AbstractAuthenticationAction;
import org.apereo.cas.web.flow.resolver.CasDelegatingWebflowEventResolver;
import org.apereo.cas.web.flow.resolver.CasWebflowEventResolver;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.core.annotation.AnnotationAwareOrderComparator;
import org.springframework.webflow.action.EventFactorySupport;
import org.springframework.webflow.core.collection.LocalAttributeMap;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/web/flow/AcceptPasswordlessAuthenticationAction.class */
public class AcceptPasswordlessAuthenticationAction extends AbstractAuthenticationAction {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(AcceptPasswordlessAuthenticationAction.class);
    private final PasswordlessTokenRepository passwordlessTokenRepository;
    private final PasswordlessUserAccountStore passwordlessUserAccountStore;
    private final AuthenticationSystemSupport authenticationSystemSupport;
    private final ConfigurableApplicationContext applicationContext;

    public AcceptPasswordlessAuthenticationAction(CasDelegatingWebflowEventResolver casDelegatingWebflowEventResolver, CasWebflowEventResolver casWebflowEventResolver, AdaptiveAuthenticationPolicy adaptiveAuthenticationPolicy, PasswordlessTokenRepository passwordlessTokenRepository, AuthenticationSystemSupport authenticationSystemSupport, PasswordlessUserAccountStore passwordlessUserAccountStore, ConfigurableApplicationContext configurableApplicationContext) {
        super(casDelegatingWebflowEventResolver, casWebflowEventResolver, adaptiveAuthenticationPolicy);
        this.passwordlessTokenRepository = passwordlessTokenRepository;
        this.authenticationSystemSupport = authenticationSystemSupport;
        this.passwordlessUserAccountStore = passwordlessUserAccountStore;
        this.applicationContext = configurableApplicationContext;
    }

    protected Event doExecuteInternal(RequestContext requestContext) throws Throwable {
        PasswordlessUserAccount passwordlessUserAccount = (PasswordlessUserAccount) PasswordlessWebflowUtils.getPasswordlessAuthenticationAccount(requestContext, PasswordlessUserAccount.class);
        try {
            String required = requestContext.getRequestParameters().getRequired("token");
            PasswordlessAuthenticationToken passwordlessAuthenticationToken = (PasswordlessAuthenticationToken) this.passwordlessTokenRepository.findToken(passwordlessUserAccount.getUsername()).orElseThrow(() -> {
                return new AuthenticationException("Unable to find passwordless token for " + passwordlessUserAccount.getUsername());
            });
            if (!passwordlessAuthenticationToken.getToken().equalsIgnoreCase(required)) {
                throw new AuthenticationException("Provided token " + required + " is not issued by and does not belong to " + passwordlessUserAccount.getUsername());
            }
            handlePasswordlessAuthenticationAttempt(requestContext, passwordlessUserAccount, passwordlessAuthenticationToken);
            Event doExecuteInternal = super.doExecuteInternal(requestContext);
            this.passwordlessTokenRepository.deleteToken(passwordlessAuthenticationToken);
            return doExecuteInternal;
        } catch (Throwable th) {
            LoggingUtils.error(LOGGER, th);
            LocalAttributeMap localAttributeMap = new LocalAttributeMap();
            localAttributeMap.put("error", th);
            this.passwordlessUserAccountStore.findUser(PasswordlessAuthenticationRequest.builder().username(passwordlessUserAccount.getUsername()).build()).ifPresent(passwordlessUserAccount2 -> {
                localAttributeMap.put("passwordlessAccount", passwordlessUserAccount);
            });
            return new EventFactorySupport().event(this, "authenticationFailure", localAttributeMap);
        }
    }

    protected void handlePasswordlessAuthenticationAttempt(RequestContext requestContext, PasswordlessUserAccount passwordlessUserAccount, PasswordlessAuthenticationToken passwordlessAuthenticationToken) throws Throwable {
        Credential oneTimePasswordCredential = new OneTimePasswordCredential(passwordlessUserAccount.getUsername(), passwordlessAuthenticationToken.getToken());
        WebApplicationService service = WebUtils.getService(requestContext);
        AuthenticationResultBuilder handleInitialAuthenticationTransaction = this.authenticationSystemSupport.handleInitialAuthenticationTransaction(service, new Credential[]{oneTimePasswordCredential});
        List list = (List) this.applicationContext.getBeansOfType(PasswordlessAuthenticationPreProcessor.class).values().stream().filter((v0) -> {
            return BeanSupplier.isNotProxy(v0);
        }).collect(Collectors.toList());
        AnnotationAwareOrderComparator.sortIfNecessary(list);
        Iterator it = list.iterator();
        while (it.hasNext()) {
            handleInitialAuthenticationTransaction = ((PasswordlessAuthenticationPreProcessor) it.next()).process(handleInitialAuthenticationTransaction, passwordlessUserAccount, service, oneTimePasswordCredential, passwordlessAuthenticationToken);
        }
        AuthenticationResult finalizeAllAuthenticationTransactions = this.authenticationSystemSupport.finalizeAllAuthenticationTransactions(handleInitialAuthenticationTransaction, service);
        WebUtils.putAuthenticationResult(finalizeAllAuthenticationTransactions, requestContext);
        WebUtils.putAuthentication(finalizeAllAuthenticationTransactions.getAuthentication(), requestContext);
        WebUtils.putCredential(requestContext, oneTimePasswordCredential);
    }
}
