package com.dynfi.rest;

import com.dynfi.security.PermissionKeys;
import com.dynfi.services.JwtService;
import com.dynfi.services.TwoFactorAuthService;
import com.dynfi.services.UserService;
import com.dynfi.services.ValidationService;
import com.dynfi.services.dto.AvailableLocalizationSettingsResponse;
import com.dynfi.services.dto.PasswordUpdateRequest;
import com.dynfi.services.dto.SuperUserCreateRequest;
import com.dynfi.services.dto.TwoFactorAuthQrCodeResponse;
import com.dynfi.services.dto.TwoFactorAuthSecretCreateUpdateRequest;
import com.dynfi.services.dto.UiSettingsUpdateRequest;
import com.dynfi.services.dto.UserCreateRequest;
import com.dynfi.services.dto.UserResponse;
import com.dynfi.services.dto.UserUpdateRequest;
import com.dynfi.storage.entities.UiSettings;
import com.dynfi.storage.entities.User;
import dev.samstevens.totp.exceptions.QrGenerationException;
import java.util.List;
import java.util.UUID;
import java.util.stream.Collectors;
import javax.inject.Inject;
import javax.inject.Named;
import javax.validation.Valid;
import javax.validation.constraints.NotNull;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.annotation.Logical;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.subject.Subject;
import org.apache.sshd.common.util.security.SecurityProviderRegistrar;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Produces({"application/json"})
@Path("users")
@Consumes({"application/json"})
/* loaded from: input_file:com/dynfi/rest/UserResource.class */
public class UserResource extends RestResource {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) UserResource.class);
    private static final Object CREATE_SUPER_USER_LOCK = new Object();
    private final UserService userService;
    private final JwtService jwtService;
    private final ValidationService validationService;
    private final TwoFactorAuthService twoFactorAuthService;
    private final boolean useHttps;

    @Context
    UriInfo uriInfo;

    @Inject
    public UserResource(UserService userService, JwtService jwtService, ValidationService validationService, TwoFactorAuthService twoFactorAuthService, @Named("useHttps") boolean z) {
        this.userService = userService;
        this.jwtService = jwtService;
        this.validationService = validationService;
        this.twoFactorAuthService = twoFactorAuthService;
        this.useHttps = z;
    }

    @GET
    @RequiresPermissions({PermissionKeys.USERS__READ})
    public List<UserResponse> getAllExceptDeleted() {
        return (List) this.userService.getAllExceptDeleted().stream().map(UserResponse::new).collect(Collectors.toList());
    }

    @GET
    @Path(SecurityProviderRegistrar.ALL_OPTIONS_VALUE)
    @RequiresPermissions({PermissionKeys.USERS__READ})
    public List<UserResponse> getAll() {
        return (List) this.userService.getAll().stream().map(UserResponse::new).collect(Collectors.toList());
    }

    @GET
    @Path("{id}")
    @RequiresPermissions({PermissionKeys.USERS__READ})
    public Response get(@PathParam("id") UUID uuid) {
        User byId = this.userService.getById(uuid);
        return byId == null ? Response.status(Response.Status.NO_CONTENT).build() : Response.ok(new UserResponse(byId)).build();
    }

    @POST
    @RequiresPermissions({PermissionKeys.USERS__CREATE})
    public Response create(@NotNull @Valid UserCreateRequest userCreateRequest) {
        User create = this.userService.create(userCreateRequest);
        logger.info("Created new user {} by user {}.", create.getId(), this.userService.getCurrentUser().getId());
        return createCreatedResponse(create.getId());
    }

    @POST
    @Path("{id}/password")
    @RequiresPermissions(value = {PermissionKeys.USERS__UPDATE_PASSWORDS, PermissionKeys.USERS__UPDATE_PASSWORD_SELF}, logical = Logical.OR)
    public Response updatePassword(@PathParam("id") UUID uuid, @NotNull @Valid PasswordUpdateRequest passwordUpdateRequest) {
        Pair<User, Subject> currentUserAndSubject = this.userService.getCurrentUserAndSubject();
        User left = currentUserAndSubject.getLeft();
        Subject right = currentUserAndSubject.getRight();
        if (!right.isPermitted(PermissionKeys.USERS__UPDATE_PASSWORDS) && (!right.isPermitted(PermissionKeys.USERS__UPDATE_PASSWORD_SELF) || !left.getId().equals(uuid))) {
            logger.info("Refused to update password for user {} by user {}.", uuid, left.getId());
            return Response.status(Response.Status.FORBIDDEN).build();
        }
        this.userService.updatePassword(uuid, passwordUpdateRequest.getPassword());
        logger.info("Updated password for user {} by user {}.", uuid, left.getId());
        return Response.ok().build();
    }

    @POST
    @Path("{id}")
    @RequiresPermissions(value = {PermissionKeys.USERS__UPDATE, PermissionKeys.USERS__UPDATE_SELF}, logical = Logical.OR)
    public Response update(@PathParam("id") UUID uuid, @NotNull UserUpdateRequest userUpdateRequest) {
        userUpdateRequest.setId(uuid);
        this.validationService.validate(userUpdateRequest, new Class[0]);
        Pair<User, Subject> currentUserAndSubject = this.userService.getCurrentUserAndSubject();
        User left = currentUserAndSubject.getLeft();
        Subject right = currentUserAndSubject.getRight();
        if (!right.isPermitted(PermissionKeys.USERS__UPDATE) && (!right.isPermitted(PermissionKeys.USERS__UPDATE_SELF) || !left.getId().equals(uuid))) {
            logger.info("Refused to update details of user {} by user {}.", uuid, left.getId());
            return Response.status(Response.Status.FORBIDDEN).build();
        }
        if (!right.isPermitted(PermissionKeys.USERS__UPDATE_SESSION_TIMEOUT) && (!right.isPermitted(PermissionKeys.USERS__UPDATE_SESSION_TIMEOUT_SELF) || !left.getId().equals(uuid))) {
            userUpdateRequest.setSessionTimeout(this.userService.getById(uuid).getSessionTimeout());
        }
        User updateUser = this.userService.updateUser(uuid, userUpdateRequest);
        logger.info("Updated details of user {} by user {}.", uuid, left.getId());
        return Response.ok(new UserResponse(updateUser)).build();
    }

    @GET
    @Path("{id}/twoFactorAuthQrCode")
    @RequiresPermissions({PermissionKeys.USERS__SETUP_2FA_SELF})
    public Response getTwoFactorAuthQrCode(@PathParam("id") UUID uuid) {
        User byId = this.userService.getById(uuid);
        if (byId == null) {
            return Response.status(Response.Status.NO_CONTENT).build();
        }
        try {
            Pair<String, String> generateSecretAndQrCode = this.twoFactorAuthService.generateSecretAndQrCode(byId.getLogin());
            return Response.ok(new TwoFactorAuthQrCodeResponse(generateSecretAndQrCode.getLeft(), generateSecretAndQrCode.getRight())).build();
        } catch (QrGenerationException e) {
            logger.info("Couldn't generate 2FA QR Code for user {}.", byId.getId());
            return Response.status(Response.Status.BAD_REQUEST).build();
        }
    }

    @POST
    @Path("{id}/twoFactorAuthSecret")
    @RequiresPermissions({PermissionKeys.USERS__SETUP_2FA_SELF})
    public Response createUpdateTwoFactorAuthSecret(@PathParam("id") UUID uuid, @NotNull @Valid TwoFactorAuthSecretCreateUpdateRequest twoFactorAuthSecretCreateUpdateRequest) {
        Pair<User, Subject> currentUserAndSubject = this.userService.getCurrentUserAndSubject();
        User left = currentUserAndSubject.getLeft();
        Subject right = currentUserAndSubject.getRight();
        if (!right.isPermitted(PermissionKeys.USERS__FORCE_2FA) && (!right.isPermitted(PermissionKeys.USERS__SETUP_2FA_SELF) || !left.getId().equals(uuid))) {
            logger.info("Refused to update 2FA secret for user {} by user {}.", uuid, left.getId());
            return Response.status(Response.Status.FORBIDDEN).build();
        }
        this.userService.updateTwoFactorAuthSecret(uuid, twoFactorAuthSecretCreateUpdateRequest.getSecret());
        logger.info("Updated 2FA secret for user {} by user {}.", uuid, left.getId());
        return Response.ok().build();
    }

    @POST
    @Path("{id}/twoFactorAuthDisable")
    @RequiresPermissions(value = {PermissionKeys.USERS__DISABLE_2FA, PermissionKeys.USERS__DISABLE_2FA_SELF}, logical = Logical.OR)
    public Response disableTwoFactorAuth(@PathParam("id") UUID uuid) {
        Pair<User, Subject> currentUserAndSubject = this.userService.getCurrentUserAndSubject();
        User left = currentUserAndSubject.getLeft();
        Subject right = currentUserAndSubject.getRight();
        if (!right.isPermitted(PermissionKeys.USERS__DISABLE_2FA) && (!right.isPermitted(PermissionKeys.USERS__DISABLE_2FA_SELF) || !left.getId().equals(uuid))) {
            logger.info("Refused to disable 2FA for user {} by user {}.", uuid, left.getId());
            return Response.status(Response.Status.FORBIDDEN).build();
        }
        this.userService.disableTwoFactorAuth(uuid);
        logger.info("Disabled 2FA for user {} by user {}.", uuid, left.getId());
        return Response.ok().build();
    }

    @POST
    @Path("{id}/twoFactorAuthForce")
    @RequiresPermissions({PermissionKeys.USERS__FORCE_2FA})
    public Response forceTwoFactorAuth(@PathParam("id") UUID uuid) {
        Pair<User, Subject> currentUserAndSubject = this.userService.getCurrentUserAndSubject();
        User left = currentUserAndSubject.getLeft();
        if (!currentUserAndSubject.getRight().isPermitted(PermissionKeys.USERS__FORCE_2FA)) {
            logger.info("Refused to force 2FA for user {} by user {}.", uuid, left.getId());
            return Response.status(Response.Status.FORBIDDEN).build();
        }
        this.userService.forceTwoFactorAuth(uuid);
        logger.info("Forced 2FA for user {} by user {}.", uuid, left.getId());
        return Response.ok().build();
    }

    @Path("createToken")
    @RequiresPermissions({PermissionKeys.USERS__CREATE_TOKEN})
    @Consumes({"application/x-www-form-urlencoded", "application/json"})
    @POST
    public Response createToken(@QueryParam("sendWhoami") String str, @Context HttpHeaders httpHeaders) {
        Pair<User, Subject> currentUserAndSubject = this.userService.getCurrentUserAndSubject();
        User left = currentUserAndSubject.getLeft();
        Subject right = currentUserAndSubject.getRight();
        String issueToken = this.jwtService.issueToken(left, this.uriInfo.getAbsolutePath().toString());
        Response.ResponseBuilder ok = Response.ok();
        if (str != null && right.isPermitted(PermissionKeys.USERS__WHOAMI)) {
            ok.entity(new UserResponse(left));
        }
        logger.info("Created auth token for user {}.", left.getId());
        logger.trace("Token: [{}]", issueToken);
        ok.header("Set-Cookie", createProxyCookieValue((int) this.userService.getSessionTimeout(left).getSeconds(), issueToken, secureCookie(httpHeaders)));
        return ok.header("Authorization", "Bearer " + issueToken).build();
    }

    private String createProxyCookieValue(int i, String str, boolean z) {
        Object[] objArr = new Object[3];
        objArr[0] = str;
        objArr[1] = Integer.valueOf(i);
        objArr[2] = z ? "Secure;" : "";
        return String.format("authDFMDV=%s;Version=1;Comment=;Domain=;Path=/proxy;Max-Age=%d;%sHttpOnly;SameSite=Strict", objArr);
    }

    private boolean secureCookie(HttpHeaders httpHeaders) {
        return this.useHttps || StringUtils.startsWithIgnoreCase(httpHeaders.getHeaderString(com.google.common.net.HttpHeaders.ORIGIN), "https://");
    }

    @GET
    @Path("whoami")
    @RequiresPermissions({PermissionKeys.USERS__WHOAMI})
    public UserResponse whoAmI() {
        User currentUser = this.userService.getCurrentUser();
        logger.info("Responded with whoami for user {}.", currentUser.getId());
        return new UserResponse(currentUser);
    }

    @POST
    @Path("logout")
    public Response logout() {
        String createProxyCookieValue = createProxyCookieValue(0, "Deleted", false);
        Response.ResponseBuilder ok = Response.ok();
        ok.header("Set-Cookie", createProxyCookieValue);
        return ok.build();
    }

    @GET
    @Path("availableLocalizationSettingsValues")
    @RequiresPermissions({PermissionKeys.USERS__READ})
    public AvailableLocalizationSettingsResponse getAvailableLocalizationSettings() {
        return new AvailableLocalizationSettingsResponse();
    }

    @POST
    @Path("uiSettings")
    @RequiresPermissions({PermissionKeys.USERS__UPDATE_SELF})
    public UiSettings updateUiSettings(@Valid UiSettingsUpdateRequest uiSettingsUpdateRequest) {
        return this.userService.updateUiSettings(SecurityUtils.getSubject(), uiSettingsUpdateRequest);
    }

    @GET
    @Path("uiSettings")
    @RequiresPermissions({PermissionKeys.USERS__WHOAMI})
    public UiSettings getUiSettings() {
        return this.userService.getUiSettings(SecurityUtils.getSubject());
    }

    @GET
    @Path("superUser")
    public boolean superUserCreated() {
        return this.userService.isSuperUserInitialised();
    }

    @POST
    @Path("superUser")
    public Response crateSuperUser(@NotNull @Valid SuperUserCreateRequest superUserCreateRequest) {
        synchronized (CREATE_SUPER_USER_LOCK) {
            if (superUserCreated()) {
                logger.info("Superuser not created.");
                return Response.status(Response.Status.CONFLICT).build();
            }
            User createSuperUser = this.userService.createSuperUser(superUserCreateRequest);
            logger.info("Created initial superuser {}.", createSuperUser.getId());
            return createCreatedResponse(createSuperUser.getId());
        }
    }

    @Path("{id}")
    @RequiresPermissions({PermissionKeys.USERS__DELETE})
    @DELETE
    public Response delete(@PathParam("id") UUID uuid) {
        this.userService.delete(uuid);
        return Response.ok().build();
    }
}
