package com.dynfi.storage.entities;

import com.dynfi.exceptions.CannotDeleteException;
import com.dynfi.security.PermissionKeys;
import com.dynfi.security.Permissions;
import com.fasterxml.jackson.annotation.JsonAutoDetect;
import com.fasterxml.jackson.annotation.JsonIgnore;
import dev.morphia.annotations.Entity;
import dev.morphia.annotations.Field;
import dev.morphia.annotations.Id;
import dev.morphia.annotations.Index;
import dev.morphia.annotations.IndexOptions;
import dev.morphia.annotations.Indexes;
import dev.morphia.annotations.Reference;
import dev.morphia.annotations.Version;
import io.crnk.core.engine.internal.jackson.ErrorDataSerializer;
import io.crnk.core.resource.annotations.JsonApiId;
import io.crnk.core.resource.annotations.JsonApiRelation;
import io.crnk.core.resource.annotations.JsonApiResource;
import io.crnk.core.resource.annotations.SerializeType;
import java.beans.ConstructorProperties;
import java.time.Duration;
import java.time.Instant;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import java.util.StringJoiner;
import java.util.UUID;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.shiro.authz.annotation.RequiresPermissions;

@Entity(value = "users", useDiscriminator = false)
@Permissions(get = {@RequiresPermissions({PermissionKeys.USERS__READ})})
@JsonApiResource(type = "users")
@Indexes({@Index(fields = {@Field("login")}, options = @IndexOptions(unique = true, name = "unique login")), @Index(fields = {@Field("email")}, options = @IndexOptions(unique = true, name = "unique e-mail"))})
@JsonAutoDetect
/* loaded from: input_file:com/dynfi/storage/entities/User.class */
public class User implements UserLabel {
    public static final String COLLECTION_NAME = "users";
    public static final String LIMITED_TO_DEVICE_GROUPS_FIELD_NAME = "limitedToDeviceGroups";
    public static final String ROLES_FIELD_NAME = "roles";

    @Id
    @JsonApiId
    private UUID id;

    @JsonIgnore
    @Version
    private Long version;
    private Instant createdAt;
    private String login;
    private String email;
    private String fullName;
    private AccountType accountType;

    @JsonIgnore
    private String passwordHash;

    @JsonIgnore
    private String twoFactorAuthSecret;
    private TwoFactorAuthStatus twoFactorAuthStatus;
    private Duration sessionTimeout;
    private Boolean noLogoutOnSessionTimeout;

    @Reference(idOnly = true)
    @JsonApiRelation(serialize = SerializeType.ONLY_ID, opposite = "users")
    private Set<Role> roles;
    private Instant deletedAt;

    @Reference(idOnly = true)
    @JsonApiRelation(serialize = SerializeType.ONLY_ID, opposite = "users")
    private Set<DeviceGroup> limitedToDeviceGroups;

    /* loaded from: input_file:com/dynfi/storage/entities/User$AccountType.class */
    public enum AccountType {
        LOCAL,
        LDAP
    }

    /* loaded from: input_file:com/dynfi/storage/entities/User$TwoFactorAuthStatus.class */
    public enum TwoFactorAuthStatus {
        ENABLED,
        DISABLED,
        FORCED
    }

    /* loaded from: input_file:com/dynfi/storage/entities/User$UserBuilder.class */
    public static class UserBuilder {
        private String login;
        private String email;
        private String fullName;
        private AccountType accountType;
        private String passwordHash;
        private TwoFactorAuthStatus twoFactorAuthStatus;
        private Duration sessionTimeout;
        private Boolean noLogoutOnSessionTimeout;
        private Set<Role> roles;
        private Set<DeviceGroup> limitedToDeviceGroups;

        UserBuilder() {
        }

        public UserBuilder login(String str) {
            this.login = str;
            return this;
        }

        public UserBuilder email(String str) {
            this.email = str;
            return this;
        }

        public UserBuilder fullName(String str) {
            this.fullName = str;
            return this;
        }

        public UserBuilder accountType(AccountType accountType) {
            this.accountType = accountType;
            return this;
        }

        public UserBuilder passwordHash(String str) {
            this.passwordHash = str;
            return this;
        }

        public UserBuilder twoFactorAuthStatus(TwoFactorAuthStatus twoFactorAuthStatus) {
            this.twoFactorAuthStatus = twoFactorAuthStatus;
            return this;
        }

        public UserBuilder sessionTimeout(Duration duration) {
            this.sessionTimeout = duration;
            return this;
        }

        public UserBuilder noLogoutOnSessionTimeout(Boolean bool) {
            this.noLogoutOnSessionTimeout = bool;
            return this;
        }

        public UserBuilder roles(Set<Role> set) {
            this.roles = set;
            return this;
        }

        public UserBuilder limitedToDeviceGroups(Set<DeviceGroup> set) {
            this.limitedToDeviceGroups = set;
            return this;
        }

        public User build() {
            return new User(this.login, this.email, this.fullName, this.accountType, this.passwordHash, this.twoFactorAuthStatus, this.sessionTimeout, this.noLogoutOnSessionTimeout, this.roles, this.limitedToDeviceGroups);
        }

        public String toString() {
            return "User.UserBuilder(login=" + this.login + ", email=" + this.email + ", fullName=" + this.fullName + ", accountType=" + String.valueOf(this.accountType) + ", passwordHash=" + this.passwordHash + ", twoFactorAuthStatus=" + String.valueOf(this.twoFactorAuthStatus) + ", sessionTimeout=" + String.valueOf(this.sessionTimeout) + ", noLogoutOnSessionTimeout=" + this.noLogoutOnSessionTimeout + ", roles=" + String.valueOf(this.roles) + ", limitedToDeviceGroups=" + String.valueOf(this.limitedToDeviceGroups) + ")";
        }
    }

    @JsonIgnore
    public boolean isDeleted() {
        return this.deletedAt != null;
    }

    public User(String str, String str2, String str3, AccountType accountType, String str4, TwoFactorAuthStatus twoFactorAuthStatus, Duration duration, Boolean bool, Set<Role> set, Set<DeviceGroup> set2) {
        this(UUID.randomUUID(), null, Instant.now(), str, str2, str3, accountType, str4, null, twoFactorAuthStatus, duration, bool, set, null, set2);
        setLimitedToDeviceGroups(set2);
    }

    public Set<Role> getRoles() {
        return Collections.unmodifiableSet(this.roles);
    }

    public void markDeleted() {
        if (isDeleted()) {
            throw new CannotDeleteException("User already deleted");
        }
        if (this.passwordHash != null) {
            this.passwordHash = RandomStringUtils.randomAlphabetic(this.passwordHash.length());
        }
        this.roles = Collections.emptySet();
        this.login = RandomStringUtils.randomAlphabetic(17);
        this.fullName = this.login;
        this.email = this.login + "@" + RandomStringUtils.randomAlphabetic(16) + "-deleted";
        this.deletedAt = Instant.now();
    }

    public Set<DeviceGroup> getLimitedToDeviceGroups() {
        return this.limitedToDeviceGroups != null ? Collections.unmodifiableSet(this.limitedToDeviceGroups) : Collections.emptySet();
    }

    public void setLimitedToDeviceGroups(Set<DeviceGroup> set) {
        if (set == null) {
            throw new IllegalArgumentException("Cannot set null as limitedToDeviceGroups");
        }
        if (set.size() > 1 && set.stream().anyMatch((v0) -> {
            return v0.isDefault();
        })) {
            throw new IllegalArgumentException("Cannot set more than one group with the default ALL group being one of them.");
        }
        this.limitedToDeviceGroups = set;
    }

    public void addToDeviceGroups(Set<DeviceGroup> set) {
        if (canAccessAllDeviceGroups() || (set.size() == 1 && set.stream().allMatch((v0) -> {
            return v0.isDefault();
        }))) {
            setLimitedToDeviceGroups(set);
            return;
        }
        HashSet hashSet = new HashSet(getLimitedToDeviceGroups());
        hashSet.addAll(set);
        setLimitedToDeviceGroups(hashSet);
    }

    public void removeFromDeviceGroups(Set<DeviceGroup> set) {
        this.limitedToDeviceGroups.removeAll(set);
    }

    @JsonIgnore
    public boolean canAccessAllDeviceGroups() {
        return this.limitedToDeviceGroups.stream().anyMatch((v0) -> {
            return v0.isDefault();
        });
    }

    @JsonIgnore
    public boolean isSuperUser() {
        return CollectionUtils.isNotEmpty(this.roles) && this.roles.stream().anyMatch(role -> {
            return role.getPermissions().contains("*");
        });
    }

    public String toString() {
        return new StringJoiner(", ", User.class.getSimpleName() + "[", "]").add("id=" + String.valueOf(this.id)).toString();
    }

    public static UserBuilder builder() {
        return new UserBuilder();
    }

    @Override // com.dynfi.storage.entities.UserLabel
    public UUID getId() {
        return this.id;
    }

    public Long getVersion() {
        return this.version;
    }

    public Instant getCreatedAt() {
        return this.createdAt;
    }

    @Override // com.dynfi.storage.entities.UserLabel
    public String getLogin() {
        return this.login;
    }

    public String getEmail() {
        return this.email;
    }

    public String getFullName() {
        return this.fullName;
    }

    public AccountType getAccountType() {
        return this.accountType;
    }

    public String getPasswordHash() {
        return this.passwordHash;
    }

    public String getTwoFactorAuthSecret() {
        return this.twoFactorAuthSecret;
    }

    public TwoFactorAuthStatus getTwoFactorAuthStatus() {
        return this.twoFactorAuthStatus;
    }

    public Duration getSessionTimeout() {
        return this.sessionTimeout;
    }

    public Boolean getNoLogoutOnSessionTimeout() {
        return this.noLogoutOnSessionTimeout;
    }

    public Instant getDeletedAt() {
        return this.deletedAt;
    }

    public void setLogin(String str) {
        this.login = str;
    }

    public void setEmail(String str) {
        this.email = str;
    }

    public void setFullName(String str) {
        this.fullName = str;
    }

    public void setAccountType(AccountType accountType) {
        this.accountType = accountType;
    }

    @JsonIgnore
    public void setPasswordHash(String str) {
        this.passwordHash = str;
    }

    @JsonIgnore
    public void setTwoFactorAuthSecret(String str) {
        this.twoFactorAuthSecret = str;
    }

    public void setTwoFactorAuthStatus(TwoFactorAuthStatus twoFactorAuthStatus) {
        this.twoFactorAuthStatus = twoFactorAuthStatus;
    }

    public void setSessionTimeout(Duration duration) {
        this.sessionTimeout = duration;
    }

    public void setNoLogoutOnSessionTimeout(Boolean bool) {
        this.noLogoutOnSessionTimeout = bool;
    }

    public void setRoles(Set<Role> set) {
        this.roles = set;
    }

    User() {
        this.id = UUID.randomUUID();
        this.createdAt = Instant.now();
        this.deletedAt = null;
    }

    @ConstructorProperties({ErrorDataSerializer.ID, "version", "createdAt", "login", "email", "fullName", "accountType", "passwordHash", "twoFactorAuthSecret", "twoFactorAuthStatus", "sessionTimeout", "noLogoutOnSessionTimeout", "roles", "deletedAt", LIMITED_TO_DEVICE_GROUPS_FIELD_NAME})
    User(UUID uuid, Long l, Instant instant, String str, String str2, String str3, AccountType accountType, String str4, String str5, TwoFactorAuthStatus twoFactorAuthStatus, Duration duration, Boolean bool, Set<Role> set, Instant instant2, Set<DeviceGroup> set2) {
        this.id = UUID.randomUUID();
        this.createdAt = Instant.now();
        this.deletedAt = null;
        this.id = uuid;
        this.version = l;
        this.createdAt = instant;
        this.login = str;
        this.email = str2;
        this.fullName = str3;
        this.accountType = accountType;
        this.passwordHash = str4;
        this.twoFactorAuthSecret = str5;
        this.twoFactorAuthStatus = twoFactorAuthStatus;
        this.sessionTimeout = duration;
        this.noLogoutOnSessionTimeout = bool;
        this.roles = set;
        this.deletedAt = instant2;
        this.limitedToDeviceGroups = set2;
    }

    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof User)) {
            return false;
        }
        User user = (User) obj;
        if (!user.canEqual(this)) {
            return false;
        }
        UUID id = getId();
        UUID id2 = user.getId();
        return id == null ? id2 == null : id.equals(id2);
    }

    protected boolean canEqual(Object obj) {
        return obj instanceof User;
    }

    public int hashCode() {
        UUID id = getId();
        return (1 * 59) + (id == null ? 43 : id.hashCode());
    }

    void setId(UUID uuid) {
        this.id = uuid;
    }

    @JsonIgnore
    void setVersion(Long l) {
        this.version = l;
    }

    void setCreatedAt(Instant instant) {
        this.createdAt = instant;
    }

    void setDeletedAt(Instant instant) {
        this.deletedAt = instant;
    }
}
