package org.gcube.keycloak.account;

import java.net.URI;
import javax.ws.rs.NotAuthorizedException;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.core.Response;
import org.gcube.keycloak.avatar.storage.AvatarStorageProvider;
import org.gcube.keycloak.event.OrchestratorEventPublisherProviderFactory;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.services.managers.AppAuthManager;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.resources.RealmsResource;

/* loaded from: input_file:org/gcube/keycloak/account/DeleteAccountResource.class */
public class DeleteAccountResource {
    protected static final Logger logger = Logger.getLogger(DeleteAccountResource.class);
    private final KeycloakSession session;
    private final AuthenticationManager.AuthResult auth;

    public DeleteAccountResource(KeycloakSession keycloakSession) {
        logger.info("Created new DeleteAccountResource object");
        this.session = keycloakSession;
        this.auth = new AppAuthManager().authenticateIdentityCookie(keycloakSession, keycloakSession.getContext().getRealm());
    }

    @POST
    @NoCache
    @Path("request-delete")
    public Response performDeleteAccount() {
        if (this.auth == null) {
            logger.debug("Invoked DELETE without authorization");
            throw new NotAuthorizedException("Cookie", new Object[0]);
        }
        logger.info("Invoked perform delete account");
        logger.debug("Getting realm model from auth session");
        RealmModel realm = this.auth.getSession().getRealm();
        logger.debug("Getting user model from auth");
        UserModel user = this.auth.getUser();
        try {
            if (!this.session.getTransactionManager().isActive()) {
                logger.debug("Beginning a new transaction on transaction manager");
                this.session.getTransactionManager().begin();
            }
            logger.debug("Finding user model and setting it as not enabled in realm");
            this.session.users().getUserById(realm, user.getId()).setEnabled(false);
            if (this.session.getTransactionManager().isActive()) {
                logger.debug("Committing the transaction on transaction manager");
                this.session.getTransactionManager().commit();
            }
        } catch (Exception e) {
            logger.error("Cannot perform user model modifications", e);
        }
        logger.debug("Getting the the configured avatar storage provider");
        AvatarStorageProvider provider = this.session.getProvider(AvatarStorageProvider.class);
        if (provider != null) {
            logger.tracev("Configured avatar storage provider type is {0}", provider.getClass().getName());
            logger.debug("Deleting user's avatar from the configured storage");
            provider.deleteAvatarImage(realm, user);
        } else {
            logger.warn("Cannot perform avatar import ince the avatar storage provider is null");
        }
        logger.debug("Sending delete account event to the orchestrator");
        new OrchestratorEventPublisherProviderFactory().create(this.session).publish(new DeleteAccountEvent(user, realm));
        logger.debug("Forcing logout from all active sessions");
        this.session.sessions().removeUserSessions(realm);
        URI build = RealmsResource.accountUrl(this.session.getContext().getUri().getBaseUriBuilder()).build(new Object[]{realm.getName()});
        logger.debugf("Finally redirecting to the account form login: %s", build);
        return Response.status(302).location(build).build();
    }
}
