package de.frachtwerk.essencium.backend.service;

import de.frachtwerk.essencium.backend.model.AbstractBaseModel;
import de.frachtwerk.essencium.backend.model.AbstractBaseUser;
import de.frachtwerk.essencium.backend.model.AbstractBaseUser_;
import de.frachtwerk.essencium.backend.model.Role;
import de.frachtwerk.essencium.backend.model.SessionToken;
import de.frachtwerk.essencium.backend.model.UserInfoEssentials;
import de.frachtwerk.essencium.backend.model.dto.PasswordUpdateRequest;
import de.frachtwerk.essencium.backend.model.dto.UserDto;
import de.frachtwerk.essencium.backend.model.exception.NotAllowedException;
import de.frachtwerk.essencium.backend.model.exception.ResourceNotFoundException;
import de.frachtwerk.essencium.backend.model.exception.checked.CheckedMailException;
import de.frachtwerk.essencium.backend.repository.BaseUserRepository;
import jakarta.annotation.Nullable;
import jakarta.annotation.PostConstruct;
import jakarta.validation.Valid;
import jakarta.validation.constraints.NotNull;
import java.io.Serializable;
import java.security.Principal;
import java.security.SecureRandom;
import java.util.Base64;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.UUID;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.session.SessionAuthenticationException;

/* loaded from: input_file:de/frachtwerk/essencium/backend/service/AbstractUserService.class */
public abstract class AbstractUserService<USER extends AbstractBaseUser<ID>, ID extends Serializable, USERDTO extends UserDto<ID>> extends AbstractEntityService<USER, ID, USERDTO> implements UserDetailsService {
    protected static final String USER_ROLE_ATTRIBUTE = "roles";
    private static final Logger LOG = LoggerFactory.getLogger(AbstractUserService.class);
    private static final SecureRandom SECURE_RANDOM = new SecureRandom();
    protected final BaseUserRepository<USER, ID> userRepository;
    private final PasswordEncoder passwordEncoder;
    private final UserMailService userMailService;
    protected final RoleService roleService;
    private final JwtTokenService jwtTokenService;

    @Autowired
    protected AbstractUserService(@NotNull BaseUserRepository<USER, ID> baseUserRepository, @NotNull PasswordEncoder passwordEncoder, @NotNull UserMailService userMailService, @NotNull RoleService roleService, @NotNull JwtTokenService jwtTokenService) {
        super(baseUserRepository);
        this.userRepository = baseUserRepository;
        this.passwordEncoder = passwordEncoder;
        this.userMailService = userMailService;
        this.roleService = roleService;
        this.jwtTokenService = jwtTokenService;
    }

    @PostConstruct
    private void setup() {
        this.roleService.setUserService(this);
        this.jwtTokenService.setUserService(this);
    }

    /* renamed from: loadUserByUsername, reason: merged with bridge method [inline-methods] */
    public USER m28loadUserByUsername(String str) throws UsernameNotFoundException {
        return this.userRepository.findByEmailIgnoreCase(str).orElseThrow(() -> {
            return new UsernameNotFoundException(String.format("user '%s' not found", str));
        });
    }

    public List<USER> loadUsersByRole(String str) throws UsernameNotFoundException {
        return this.userRepository.findByRoleName(str);
    }

    @NotNull
    public USER getUserFromPrincipal(@Nullable Principal principal) {
        return principalAsUser(principal);
    }

    public void createResetPasswordToken(@NotNull String str) {
        USER m28loadUserByUsername = m28loadUserByUsername(str);
        if (!m28loadUserByUsername.hasLocalAuthentication()) {
            throw new NotAllowedException(String.format("cannot reset password for users authenticated via '%s'", m28loadUserByUsername.getSource()));
        }
        try {
            this.userMailService.sendResetToken(str, createAndSaveNewPasswordToken(m28loadUserByUsername), m28loadUserByUsername.getLocale());
        } catch (CheckedMailException e) {
            LOG.error("Failed to send password token mail due to: {}", e.getLocalizedMessage());
        }
    }

    public void resetPasswordByToken(@NotNull String str, @NotNull String str2) {
        setNewPasswordAndClearToken(this.userRepository.findByPasswordResetToken(str).orElseThrow(() -> {
            return new BadCredentialsException("Invalid reset token");
        }), str2);
    }

    protected void setNewPasswordAndClearToken(@NotNull USER user, @NotNull String str) {
        sanitizePassword(user, str);
        user.setLoginDisabled(false);
        user.setPasswordResetToken(null);
        this.userRepository.save(user);
    }

    @NotNull
    protected String createAndSaveNewPasswordToken(@NotNull USER user) {
        user.setPasswordResetToken(UUID.randomUUID().toString());
        return ((AbstractBaseUser) this.userRepository.save(user)).getPasswordResetToken();
    }

    protected void sendResetToken(USER user) throws CheckedMailException {
        String passwordResetToken;
        if (!user.hasLocalAuthentication() || (passwordResetToken = user.getPasswordResetToken()) == null || passwordResetToken.isEmpty()) {
            return;
        }
        this.userMailService.sendNewUserMail(user.getEmail(), user.getPasswordResetToken(), user.getLocale());
    }

    public USER save(USER user) {
        return (USER) this.userRepository.save(user);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Incorrect types in method signature: <E:TUSERDTO;>(TE;)TUSER; */
    /* JADX WARN: Multi-variable type inference failed */
    @Override // de.frachtwerk.essencium.backend.service.AbstractEntityService, de.frachtwerk.essencium.backend.service.AbstractCrudService
    @NotNull.List({@NotNull, @NotNull})
    public AbstractBaseUser createPreProcessing(@NotNull UserDto userDto) {
        String str;
        AbstractBaseUser convertDtoToEntity = convertDtoToEntity(userDto);
        convertDtoToEntity.setEmail(userDto.getEmail() != null ? userDto.getEmail().toLowerCase() : null);
        if (convertDtoToEntity.hasLocalAuthentication()) {
            if (userDto.getPassword() == null || userDto.getPassword().isEmpty()) {
                byte[] bArr = new byte[128];
                String uuid = UUID.randomUUID().toString();
                SECURE_RANDOM.nextBytes(bArr);
                String encodeToString = Base64.getEncoder().encodeToString(bArr);
                convertDtoToEntity.setPasswordResetToken(uuid);
                str = encodeToString;
            } else {
                str = userDto.getPassword();
            }
            sanitizePassword(convertDtoToEntity, str);
        }
        convertDtoToEntity.setNonce(generateNonce());
        convertDtoToEntity.setRoles(resolveRole(userDto));
        return convertDtoToEntity;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // de.frachtwerk.essencium.backend.service.AbstractEntityService, de.frachtwerk.essencium.backend.service.AbstractCrudService
    @NotNull
    public USER createPostProcessing(@NotNull USER user) {
        try {
            sendResetToken(user);
        } catch (CheckedMailException e) {
            LOG.error("Failed to send password token mail due to: {}", e.getLocalizedMessage());
        }
        return (USER) super.createPostProcessing((AbstractUserService<USER, ID, USERDTO>) user);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Incorrect types in method signature: <E:TUSERDTO;>(TID;TE;)TUSER; */
    /* JADX WARN: Multi-variable type inference failed */
    @Override // de.frachtwerk.essencium.backend.service.AbstractEntityService, de.frachtwerk.essencium.backend.service.AbstractCrudService
    @NotNull
    public AbstractBaseUser updatePreProcessing(@NotNull Serializable serializable, @NotNull UserDto userDto) {
        Optional findById = this.repository.findById(serializable);
        AbstractBaseUser abstractBaseUser = (AbstractBaseUser) super.updatePreProcessing((AbstractUserService<USER, ID, USERDTO>) serializable, (Serializable) userDto);
        abstractBaseUser.setRoles(resolveRole(userDto));
        abstractBaseUser.setSource((String) findById.map((v0) -> {
            return v0.getSource();
        }).orElseThrow(() -> {
            return new ResourceNotFoundException("user does not exists");
        }));
        sanitizePassword(abstractBaseUser, userDto.getPassword());
        Set copyOf = Set.copyOf(abstractBaseUser.getRoles());
        abstractBaseUser.getRoles().clear();
        AbstractBaseUser abstractBaseUser2 = (AbstractBaseUser) this.repository.save(abstractBaseUser);
        abstractBaseUser2.getRoles().addAll(copyOf);
        return abstractBaseUser2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Incorrect types in method signature: <E:TUSERDTO;>(TE;)TUSER; */
    @Override // de.frachtwerk.essencium.backend.service.AbstractEntityService
    @NotNull
    public abstract AbstractBaseUser convertDtoToEntity(@NotNull UserDto userDto);

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Multi-variable type inference failed */
    @Override // de.frachtwerk.essencium.backend.service.AbstractEntityService, de.frachtwerk.essencium.backend.service.AbstractCrudService
    @NotNull
    public USER patchPreProcessing(@NotNull ID id, @NotNull Map<String, Object> map) {
        HashMap hashMap = new HashMap(map);
        Optional.ofNullable(map.get("roles")).ifPresent(obj -> {
            if (!(obj instanceof Collection)) {
                throw new IllegalArgumentException("roles must be a collection of strings or maps");
            }
            Collection collection = (Collection) obj;
            if (collection.isEmpty()) {
                hashMap.put("roles", Collections.emptySet());
                return;
            }
            if (collection.iterator().next() instanceof String) {
                Stream stream = collection.stream();
                Class<String> cls = String.class;
                Objects.requireNonNull(String.class);
                Stream map2 = stream.map(cls::cast);
                RoleService roleService = this.roleService;
                Objects.requireNonNull(roleService);
                hashMap.put("roles", map2.map(roleService::getByName).filter((v0) -> {
                    return Objects.nonNull(v0);
                }).collect(Collectors.toSet()));
                return;
            }
            if (!(collection.iterator().next() instanceof Map)) {
                if (collection.iterator().next() instanceof Role) {
                    Stream stream2 = collection.stream();
                    Class<Role> cls2 = Role.class;
                    Objects.requireNonNull(Role.class);
                    hashMap.put("roles", stream2.map(cls2::cast).map(role -> {
                        return this.roleService.getByName(role.getName());
                    }).filter((v0) -> {
                        return Objects.nonNull(v0);
                    }).collect(Collectors.toSet()));
                    return;
                }
                return;
            }
            Stream stream3 = collection.stream();
            Class<Map> cls3 = Map.class;
            Objects.requireNonNull(Map.class);
            Stream map3 = stream3.map(cls3::cast).map(map4 -> {
                return map4.get("name");
            });
            Class<String> cls4 = String.class;
            Objects.requireNonNull(String.class);
            Stream filter = map3.filter(cls4::isInstance);
            Class<String> cls5 = String.class;
            Objects.requireNonNull(String.class);
            Stream map5 = filter.map(cls5::cast);
            RoleService roleService2 = this.roleService;
            Objects.requireNonNull(roleService2);
            hashMap.put("roles", map5.map(roleService2::getByName).filter((v0) -> {
                return Objects.nonNull(v0);
            }).collect(Collectors.toSet()));
        });
        AbstractBaseUser abstractBaseUser = (AbstractBaseUser) super.patchPreProcessing((AbstractUserService<USER, ID, USERDTO>) id, (Map<String, Object>) hashMap);
        sanitizePassword(abstractBaseUser, (String) Optional.ofNullable(hashMap.get(AbstractBaseUser_.PASSWORD)).map((v0) -> {
            return v0.toString();
        }).orElse(null));
        Set copyOf = Set.copyOf(abstractBaseUser.getRoles());
        abstractBaseUser.getRoles().clear();
        USER user = (USER) this.repository.save(abstractBaseUser);
        user.getRoles().addAll(copyOf);
        return user;
    }

    protected Set<Role> resolveRole(USERDTO userdto) throws ResourceNotFoundException {
        Stream<String> stream = userdto.getRoles().stream();
        RoleService roleService = this.roleService;
        Objects.requireNonNull(roleService);
        Set<Role> set = (Set) stream.map(roleService::getByName).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toSet());
        Role defaultRole = this.roleService.getDefaultRole();
        if (set.isEmpty() && Objects.nonNull(defaultRole)) {
            set.add(defaultRole);
        }
        return set;
    }

    protected void sanitizePassword(@NotNull USER user, @Nullable String str) {
        Optional ofNullable = Optional.ofNullable(user.getId());
        BaseUserRepository<USER, ID> baseUserRepository = this.userRepository;
        Objects.requireNonNull(baseUserRepository);
        Optional flatMap = ofNullable.flatMap((v1) -> {
            return r1.findById(v1);
        });
        if (str == null || str.isEmpty() || !((Boolean) flatMap.map((v0) -> {
            return v0.hasLocalAuthentication();
        }).orElse(true)).booleanValue()) {
            user.setPassword((String) flatMap.map((v0) -> {
                return v0.getPassword();
            }).orElse(null));
        } else {
            user.setNonce(generateNonce());
            user.setPassword(this.passwordEncoder.encode(str));
        }
        if (user.getNonce() == null) {
            user.setNonce((String) flatMap.map((v0) -> {
                return v0.getNonce();
            }).orElse(null));
        }
    }

    @NotNull
    public USER selfUpdate(@NotNull USER user, @NotNull USERDTO userdto) {
        user.setFirstName(userdto.getFirstName());
        user.setLastName(userdto.getLastName());
        user.setPhone(userdto.getPhone());
        user.setMobile(userdto.getMobile());
        user.setLocale(userdto.getLocale());
        return (USER) this.userRepository.save(user);
    }

    /* JADX WARN: Multi-variable type inference failed */
    @NotNull
    public USER selfUpdate(@NotNull USER user, @NotNull Map<String, Object> map) {
        Set of = Set.of(AbstractBaseUser_.FIRST_NAME, AbstractBaseUser_.LAST_NAME, AbstractBaseUser_.PHONE, AbstractBaseUser_.MOBILE, "locale");
        return (USER) patch((Serializable) Objects.requireNonNull(user.getId()), (Map) map.entrySet().stream().filter(entry -> {
            return of.contains(entry.getKey());
        }).collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, (v0) -> {
            return v0.getValue();
        })));
    }

    @NotNull
    public USER updatePassword(@NotNull USER user, @Valid @NotNull PasswordUpdateRequest passwordUpdateRequest) {
        if (!user.hasLocalAuthentication()) {
            throw new NotAllowedException(String.format("cannot reset password for users authenticated via '%s'", user.getSource()));
        }
        if (!this.passwordEncoder.matches(passwordUpdateRequest.verification(), user.getPassword())) {
            throw new BadCredentialsException("mismatching passwords");
        }
        sanitizePassword(user, passwordUpdateRequest.password());
        return (USER) this.userRepository.save(user);
    }

    public abstract USERDTO getNewUser();

    public static String generateNonce() {
        return UUID.randomUUID().toString().substring(0, 8);
    }

    public USER createDefaultUser(UserInfoEssentials userInfoEssentials, String str) {
        Set<Role> roles = userInfoEssentials.getRoles();
        Role defaultRole = this.roleService.getDefaultRole();
        if (roles.isEmpty() && Objects.nonNull(defaultRole)) {
            roles.add(defaultRole);
        }
        USERDTO newUser = getNewUser();
        newUser.setEmail(userInfoEssentials.getUsername().toLowerCase());
        newUser.setRoles((Set) roles.stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toSet()));
        newUser.setSource(str);
        newUser.setLocale(AbstractBaseUser.DEFAULT_LOCALE);
        newUser.setFirstName(userInfoEssentials.getFirstName());
        newUser.setLastName(userInfoEssentials.getLastName());
        return (USER) create(newUser);
    }

    private USER principalAsUser(Principal principal) {
        if ((principal instanceof UsernamePasswordAuthenticationToken) && (((UsernamePasswordAuthenticationToken) principal).getPrincipal() instanceof AbstractBaseUser)) {
            return (USER) ((UsernamePasswordAuthenticationToken) principal).getPrincipal();
        }
        throw new SessionAuthenticationException("not logged in");
    }

    public List<SessionToken> getTokens(USER user) {
        return this.jwtTokenService.getTokens(user.getUsername());
    }

    public void deleteToken(USER user, @NotNull UUID uuid) {
        this.jwtTokenService.deleteToken(user.getUsername(), uuid);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Multi-variable type inference failed */
    @Override // de.frachtwerk.essencium.backend.service.AbstractEntityService, de.frachtwerk.essencium.backend.service.AbstractCrudService
    @NotNull
    public /* bridge */ /* synthetic */ AbstractBaseModel patchPreProcessing(@NotNull Serializable serializable, @NotNull Map map) {
        return patchPreProcessing((AbstractUserService<USER, ID, USERDTO>) serializable, (Map<String, Object>) map);
    }
}
