package io.continual.services.model.api.endpoints;

import io.continual.email.impl.SimpleEmailService;
import io.continual.http.service.framework.context.CHttpRequestContext;
import io.continual.iam.IamServiceManager;
import io.continual.iam.credentials.UsernamePasswordCredential;
import io.continual.iam.exceptions.IamBadRequestException;
import io.continual.iam.exceptions.IamSvcException;
import io.continual.iam.identity.Identity;
import io.continual.iam.identity.UserContext;
import io.continual.restHttp.ApiContextHelper;
import io.continual.restHttp.HttpServlet;
import io.continual.services.ServiceContainer;
import io.continual.util.nv.NvReadable;
import io.continual.util.time.Clock;
import java.io.IOException;
import org.json.JSONException;
import org.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/continual/services/model/api/endpoints/AuthApiHandler.class */
public class AuthApiHandler extends ApiContextHelper<Identity> {
    private static final String kSetting_PwResetLink = "passwordResetLinkBase";
    private static final String kDefault_PwResetLink = "https://docs.cfgex.com/pwr";
    private final String fResetUrl;
    private static final Logger log = LoggerFactory.getLogger(AuthApiHandler.class);

    public AuthApiHandler(ServiceContainer serviceContainer, JSONObject jSONObject) {
        String evaluateText = serviceContainer.getExprEval().evaluateText(jSONObject.optString(kSetting_PwResetLink, kDefault_PwResetLink));
        if (evaluateText == null || evaluateText.length() == 0) {
            log.warn("Password reset link config eval'd to an empty string. Using default.");
        }
        this.fResetUrl = serviceContainer.getExprEval().evaluateText(jSONObject.optString(kSetting_PwResetLink, kDefault_PwResetLink));
    }

    public AuthApiHandler(ServiceContainer serviceContainer, NvReadable nvReadable) {
        String evaluateText = serviceContainer.getExprEval().evaluateText(nvReadable.getString(kSetting_PwResetLink, kDefault_PwResetLink));
        if (evaluateText == null || evaluateText.length() == 0) {
            log.warn("Password reset link config eval'd to an empty string. Using default.");
        }
        this.fResetUrl = serviceContainer.getExprEval().evaluateText(nvReadable.getString(kSetting_PwResetLink, kDefault_PwResetLink));
    }

    public void login(CHttpRequestContext cHttpRequestContext) throws IamSvcException, IOException {
        try {
            JSONObject readBody = readBody(cHttpRequestContext);
            String string = readBody.getString("username");
            String string2 = readBody.getString("password");
            IamServiceManager iamServiceManager = (IamServiceManager) HttpServlet.getServices(cHttpRequestContext).get("accounts", IamServiceManager.class);
            Identity authenticate = iamServiceManager.getIdentityDb().authenticate(new UsernamePasswordCredential(string, string2));
            if (authenticate != null) {
                sendJson(cHttpRequestContext, new JSONObject().put("status", "ok").put("token", iamServiceManager.getIdentityDb().createJwtToken(authenticate)).put("username", string));
            } else {
                sendJson(cHttpRequestContext, 401, new JSONObject().put("message", "Unable to sign in."));
            }
        } catch (JSONException e) {
            sendJson(cHttpRequestContext, 400, new JSONObject().put("message", "There's a problem with your JSON."));
        }
    }

    public void logout(CHttpRequestContext cHttpRequestContext) throws IamSvcException, IOException {
        if (getUser(cHttpRequestContext) != null) {
            IamServiceManager iamServiceManager = (IamServiceManager) HttpServlet.getServices(cHttpRequestContext).get("accounts", IamServiceManager.class);
            String firstHeader = cHttpRequestContext.request().getFirstHeader("Authorization");
            if (firstHeader == null || !firstHeader.startsWith("Bearer ")) {
                return;
            }
            String[] split = firstHeader.split(" ");
            if (split.length == 2) {
                iamServiceManager.getIdentityDb().invalidateJwtToken(split[1]);
            }
        }
    }

    public void changePassword(CHttpRequestContext cHttpRequestContext) throws IamSvcException, IOException {
        UserContext user = getUser(cHttpRequestContext);
        if (user == null) {
            sendNotAuth(cHttpRequestContext);
            return;
        }
        JSONObject readBody = readBody(cHttpRequestContext);
        String effectiveUserId = user.getEffectiveUserId();
        String string = readBody.getString("currentPassword");
        String string2 = readBody.getString("newPassword");
        Identity authenticate = ((IamServiceManager) HttpServlet.getServices(cHttpRequestContext).get("accounts", IamServiceManager.class)).getIdentityDb().authenticate(new UsernamePasswordCredential(effectiveUserId, string));
        if (authenticate == null) {
            sendNotAuth(cHttpRequestContext);
        } else {
            authenticate.setPassword(string2);
            sendJson(cHttpRequestContext, new JSONObject().put("status", "ok"));
        }
    }

    public void passwordResetProcess(CHttpRequestContext cHttpRequestContext) throws IOException {
        try {
            IamServiceManager iamServiceManager = (IamServiceManager) HttpServlet.getServices(cHttpRequestContext).get("accounts", IamServiceManager.class);
            SimpleEmailService simpleEmailService = (SimpleEmailService) HttpServlet.getServices(cHttpRequestContext).get("emailer", SimpleEmailService.class);
            JSONObject readBody = readBody(cHttpRequestContext);
            String optString = readBody.optString("email", null);
            String optString2 = readBody.optString("tag", null);
            String optString3 = readBody.optString("newPassword", null);
            if (optString != null) {
                Identity loadUser = iamServiceManager.getIdentityManager().loadUser(optString);
                if (loadUser != null) {
                    simpleEmailService.mail(optString, "Password reset instructions", buildResetMsg(optString, loadUser.requestPasswordReset(86400L, "cfgex.docs.app." + Clock.now())));
                }
            } else if (optString2 != null && optString3 != null) {
                try {
                    if (!iamServiceManager.getIdentityManager().completePasswordReset(optString2, optString3)) {
                        sendJson(cHttpRequestContext, 400, new JSONObject().put("status", "error"));
                        return;
                    }
                } catch (IamSvcException e) {
                    sendJson(cHttpRequestContext, 500, new JSONObject().put("status", "error"));
                    return;
                }
            }
        } catch (IamSvcException | IamBadRequestException e2) {
            log.warn("starting password reset: " + e2.getMessage());
        }
        sendJson(cHttpRequestContext, new JSONObject().put("status", "ok"));
    }

    private String buildResetMsg(String str, String str2) {
        StringBuilder sb = new StringBuilder();
        sb.append("\n").append("Hi-\n").append("\n").append("We received a request to reset the password for your account. If this was your request,\n").append("please click this link to continue: ").append(this.fResetUrl + "?tag=" + str2).append("\n").append("\n").append("Thanks!\n").append("\n");
        return sb.toString();
    }
}
