package io.datarouter.auth.web;

import io.datarouter.auth.config.DatarouterAuthFiles;
import io.datarouter.auth.config.DatarouterAuthPaths;
import io.datarouter.auth.service.CopyUserListener;
import io.datarouter.auth.service.DatarouterAccountUserService;
import io.datarouter.auth.service.DatarouterUserCreationService;
import io.datarouter.auth.service.DatarouterUserEditService;
import io.datarouter.auth.service.DatarouterUserHistoryService;
import io.datarouter.auth.service.DatarouterUserService;
import io.datarouter.auth.service.UserInfo;
import io.datarouter.auth.storage.account.DatarouterAccountKey;
import io.datarouter.auth.storage.deprovisioneduser.DeprovisionedUserDao;
import io.datarouter.auth.storage.deprovisioneduser.DeprovisionedUserKey;
import io.datarouter.auth.storage.permissionrequest.DatarouterPermissionRequest;
import io.datarouter.auth.storage.permissionrequest.DatarouterPermissionRequestDao;
import io.datarouter.auth.storage.user.DatarouterUserDao;
import io.datarouter.auth.web.DatarouterPermissionRequestHandler;
import io.datarouter.auth.web.deprovisioning.DeprovisionedUserDto;
import io.datarouter.auth.web.deprovisioning.UserDeprovisioningStatusDto;
import io.datarouter.bytes.EmptyArray;
import io.datarouter.pathnode.PathNode;
import io.datarouter.scanner.Scanner;
import io.datarouter.storage.servertype.ServerTypeDetector;
import io.datarouter.util.string.StringTool;
import io.datarouter.util.time.ZoneIds;
import io.datarouter.web.handler.BaseHandler;
import io.datarouter.web.handler.mav.Mav;
import io.datarouter.web.handler.mav.imp.InContextRedirectMav;
import io.datarouter.web.handler.types.RequestBody;
import io.datarouter.web.html.j2html.bootstrap4.Bootstrap4PageFactory;
import io.datarouter.web.html.react.bootstrap4.Bootstrap4ReactPageFactory;
import io.datarouter.web.js.DatarouterWebJsTool;
import io.datarouter.web.user.authenticate.config.DatarouterAuthenticationConfig;
import io.datarouter.web.user.databean.DatarouterUser;
import io.datarouter.web.user.detail.DatarouterUserExternalDetailService;
import io.datarouter.web.user.session.CurrentUserSessionInfoService;
import io.datarouter.web.user.session.service.Role;
import io.datarouter.web.user.session.service.RoleManager;
import io.datarouter.web.user.session.service.SessionBasedUser;
import io.datarouter.web.util.http.ResponseTool;
import java.time.ZoneId;
import java.util.Arrays;
import java.util.Collection;
import java.util.Comparator;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.function.BiFunction;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.inject.Inject;

/* loaded from: input_file:io/datarouter/auth/web/AdminEditUserHandler.class */
public class AdminEditUserHandler extends BaseHandler {

    @Inject
    private DatarouterUserCreationService datarouterUserCreationService;

    @Inject
    private DatarouterUserDao datarouterUserDao;

    @Inject
    private DatarouterUserService datarouterUserService;

    @Inject
    private DatarouterUserEditService datarouterUserEditService;

    @Inject
    private DatarouterUserHistoryService datarouterUserHistoryService;

    @Inject
    private DatarouterAccountUserService datarouterAccountUserService;

    @Inject
    private DatarouterAuthenticationConfig authenticationConfig;

    @Inject
    private RoleManager roleManager;

    @Inject
    private DatarouterAuthPaths paths;

    @Inject
    private DatarouterAuthFiles files;

    @Inject
    private DatarouterPermissionRequestDao datarouterPermissionRequestDao;

    @Inject
    private DeprovisionedUserDao deprovisionedUserDao;

    @Inject
    private ServerTypeDetector serverTypeDetector;

    @Inject
    private Bootstrap4PageFactory pageFactory;

    @Inject
    private Bootstrap4ReactPageFactory reactPageFactory;

    @Inject
    private UserInfo.UserInfoSupplier userInfo;

    @Inject
    private CurrentUserSessionInfoService currentUserSessionInfoService;

    @Inject
    private CopyUserListener copyUserListener;

    @Inject
    private DatarouterUserExternalDetailService detailsService;

    /* loaded from: input_file:io/datarouter/auth/web/AdminEditUserHandler$DatarouterUserListEntry.class */
    public static class DatarouterUserListEntry {
        public final String id;
        public final String username;
        public final String token;
        public final boolean hasPermissionRequest;
        public final String profileLink;
        public final String profileClass;

        public DatarouterUserListEntry(String str, String str2, String str3, boolean z, String str4) {
            this.id = str;
            this.username = str2;
            this.token = str3;
            this.hasPermissionRequest = z;
            this.profileLink = str4;
            this.profileClass = str4.isEmpty() ? "hidden" : "";
        }
    }

    /* loaded from: input_file:io/datarouter/auth/web/AdminEditUserHandler$EditUserDetailsDto.class */
    public static class EditUserDetailsDto {
        public final String username;
        public final String id;
        public final String token;
        public final List<DatarouterPermissionRequestHandler.PermissionRequestDto> requests;
        public final DeprovisionedUserDto deprovisionedUserDto;
        public final List<String> availableRoles;
        public final Map<String, Boolean> currentRoles;
        public final List<String> availableAccounts;
        public final Map<String, Boolean> currentAccounts;
        public final List<String> availableZoneIds;
        public final String currentZoneId;
        public final boolean success;
        public final String message;

        public EditUserDetailsDto(String str, String str2, String str3, List<DatarouterPermissionRequestHandler.PermissionRequestDto> list, DeprovisionedUserDto deprovisionedUserDto, Collection<Role> collection, Collection<Role> collection2, Collection<String> collection3, Collection<String> collection4, boolean z, String str4, String str5) {
            this.username = str;
            this.id = str2;
            this.token = str3;
            this.requests = list;
            this.deprovisionedUserDto = deprovisionedUserDto;
            this.availableRoles = Scanner.of(collection).map((v0) -> {
                return v0.getPersistentString();
            }).sort(StringTool.COLLATOR_COMPARATOR).deduplicateConsecutive().list();
            Set set = (Set) Scanner.of(collection2).map((v0) -> {
                return v0.getPersistentString();
            }).collect(HashSet::new);
            Scanner map = Scanner.of(collection).map((v0) -> {
                return v0.getPersistentString();
            });
            Function identity = Function.identity();
            set.getClass();
            this.currentRoles = map.toMap(identity, (v1) -> {
                return r3.contains(v1);
            });
            this.availableAccounts = Scanner.of(collection3).sort(StringTool.COLLATOR_COMPARATOR).deduplicateConsecutive().list();
            HashSet hashSet = new HashSet(collection4);
            Scanner of = Scanner.of(collection3);
            Function identity2 = Function.identity();
            hashSet.getClass();
            this.currentAccounts = of.toMap(identity2, (v1) -> {
                return r3.contains(v1);
            });
            this.success = z;
            this.message = str4;
            this.availableZoneIds = Scanner.of(ZoneIds.ZONE_IDS).map((v0) -> {
                return v0.getId();
            }).sort().list();
            this.currentZoneId = str5;
        }

        public EditUserDetailsDto(String str) {
            this.username = null;
            this.id = null;
            this.token = null;
            this.requests = null;
            this.deprovisionedUserDto = null;
            this.availableRoles = null;
            this.currentRoles = null;
            this.availableAccounts = null;
            this.currentAccounts = null;
            this.success = false;
            this.message = str;
            this.availableZoneIds = null;
            this.currentZoneId = null;
        }
    }

    /* loaded from: input_file:io/datarouter/auth/web/AdminEditUserHandler$UpdatePasswordRequestDto.class */
    public static class UpdatePasswordRequestDto {
        public final String username;
        public final String newPassword;

        public UpdatePasswordRequestDto(String str, String str2) {
            this.username = str;
            this.newPassword = str2;
        }
    }

    @BaseHandler.Handler
    private Mav viewUsers() {
        return getReactMav("Datarouter - Users", Optional.empty());
    }

    @BaseHandler.Handler
    private List<DatarouterUserListEntry> listUsers() {
        Set<Long> userIdsWithPermissionRequests = this.datarouterPermissionRequestDao.getUserIdsWithPermissionRequests();
        return this.datarouterUserDao.scan().map(datarouterUser -> {
            return new DatarouterUserListEntry(datarouterUser.getId().toString(), datarouterUser.getUsername(), datarouterUser.getToken(), userIdsWithPermissionRequests.contains(datarouterUser.getId()), (String) this.detailsService.getUserProfileUrl(datarouterUser).orElse(""));
        }).list();
    }

    @BaseHandler.Handler
    private Mav createUser() {
        if (this.serverTypeDetector.mightBeProduction()) {
            return this.pageFactory.message(this.request, "This is not supported on production");
        }
        return this.pageFactory.startBuilder(this.request).withTitle("Datarouter - Create User").withContent(new CreateUserFormHtml(roleToStrings(this.roleManager.getConferrableRoles(getCurrentUser().getRoles())), this.authenticationConfig, this.paths.admin.createUserSubmit.toSlashedStringAfter(this.paths.admin, false)).build()).buildMav();
    }

    @BaseHandler.Handler
    private Mav createUserSubmit() {
        if (this.serverTypeDetector.mightBeProduction()) {
            return this.pageFactory.message(this.request, "This is not supported on production");
        }
        DatarouterUser currentUser = getCurrentUser();
        if (!this.roleManager.isAdmin(currentUser.getRoles()).booleanValue()) {
            handleInvalidRequest();
        }
        String required = this.params.required(this.authenticationConfig.getUsernameParam());
        String required2 = this.params.required(this.authenticationConfig.getPasswordParam());
        Stream stream = Arrays.stream((String[]) this.params.optionalArray(this.authenticationConfig.getUserRolesParam()).orElse(EmptyArray.STRING));
        RoleManager roleManager = this.roleManager;
        roleManager.getClass();
        this.datarouterUserCreationService.createManualUser(currentUser, required, required2, (Set) stream.map(roleManager::getRoleFromPersistentString).collect(Collectors.toSet()), this.params.optionalBoolean(this.authenticationConfig.getEnabledParam(), true).booleanValue(), Optional.empty(), Optional.empty());
        return new InContextRedirectMav(this.request, this.paths.admin.viewUsers);
    }

    @BaseHandler.Handler
    private Mav editUser() {
        DatarouterUser currentUser = getCurrentUser();
        Optional map = this.params.optional("username").map(DatarouterUser.DatarouterUserByUsernameLookup::new);
        DatarouterUserDao datarouterUserDao = this.datarouterUserDao;
        datarouterUserDao.getClass();
        DatarouterUser datarouterUser = (DatarouterUser) map.map(datarouterUserDao::getByUsername).orElseGet(() -> {
            Optional optionalLong = this.params.optionalLong("userId");
            if (!optionalLong.isPresent()) {
                return currentUser;
            }
            DatarouterUserService datarouterUserService = this.datarouterUserService;
            datarouterUserService.getClass();
            return (DatarouterUser) optionalLong.map(datarouterUserService::getUserById).get();
        });
        DatarouterUserService datarouterUserService = this.datarouterUserService;
        datarouterUserService.getClass();
        if (checkEditPermission(currentUser, datarouterUser, datarouterUserService::canEditUser)) {
            return getReactMav("Datarouter - Edit User " + datarouterUser.getUsername(), Optional.of(datarouterUser.getUsername()));
        }
        return null;
    }

    @BaseHandler.Handler
    private EditUserDetailsDto getUserDetails(String str) {
        if (StringTool.isNullOrEmptyOrWhitespace(str)) {
            return new EditUserDetailsDto("Invalid username.");
        }
        DatarouterUser currentUser = getCurrentUser();
        DatarouterUser byUsername = this.datarouterUserDao.getByUsername(new DatarouterUser.DatarouterUserByUsernameLookup(str));
        DatarouterUserService datarouterUserService = this.datarouterUserService;
        datarouterUserService.getClass();
        if (checkEditPermission(currentUser, byUsername, datarouterUserService::canEditUser)) {
            return getEditUserDetailsDto(str);
        }
        return null;
    }

    @BaseHandler.Handler
    private EditUserDetailsDto updateUserDetails(@RequestBody EditUserDetailsDto editUserDetailsDto) {
        if (editUserDetailsDto == null || StringTool.isNullOrEmptyOrWhitespace(editUserDetailsDto.username) || editUserDetailsDto.currentAccounts == null || editUserDetailsDto.currentRoles == null) {
            return new EditUserDetailsDto("Invalid request.");
        }
        DatarouterUser currentUser = getCurrentUser();
        DatarouterUser byUsername = this.datarouterUserDao.getByUsername(new DatarouterUser.DatarouterUserByUsernameLookup(editUserDetailsDto.username));
        if (!byUsername.isEnabled().booleanValue()) {
            return new EditUserDetailsDto("This user is not editable.");
        }
        DatarouterUserService datarouterUserService = this.datarouterUserService;
        datarouterUserService.getClass();
        if (!checkEditPermission(currentUser, byUsername, datarouterUserService::canEditUser)) {
            return null;
        }
        Scanner map = Scanner.of(editUserDetailsDto.currentRoles.entrySet()).include((v0) -> {
            return v0.getValue();
        }).map((v0) -> {
            return v0.getKey();
        });
        RoleManager roleManager = this.roleManager;
        roleManager.getClass();
        this.datarouterUserEditService.editUser(byUsername, currentUser, (Set) map.map(roleManager::getRoleFromPersistentString).collect(HashSet::new), null, getSigninUrl(), (Set) Scanner.of(editUserDetailsDto.currentAccounts.entrySet()).include((v0) -> {
            return v0.getValue();
        }).map((v0) -> {
            return v0.getKey();
        }).map(DatarouterAccountKey::new).collect(HashSet::new), Optional.ofNullable(editUserDetailsDto.currentZoneId).map(ZoneId::of), Optional.empty());
        return getEditUserDetailsDto(editUserDetailsDto.username);
    }

    @BaseHandler.Handler
    private EditUserDetailsDto updatePassword(@RequestBody UpdatePasswordRequestDto updatePasswordRequestDto) {
        if (updatePasswordRequestDto == null || StringTool.isNullOrEmptyOrWhitespace(updatePasswordRequestDto.username) || StringTool.isNullOrEmptyOrWhitespace(updatePasswordRequestDto.newPassword)) {
            return new EditUserDetailsDto("Invalid request.");
        }
        DatarouterUser currentUser = getCurrentUser();
        DatarouterUser byUsername = this.datarouterUserDao.getByUsername(new DatarouterUser.DatarouterUserByUsernameLookup(updatePasswordRequestDto.username));
        DatarouterUserService datarouterUserService = this.datarouterUserService;
        datarouterUserService.getClass();
        if (!checkEditPermission(currentUser, byUsername, datarouterUserService::canEditUserPassword)) {
            return null;
        }
        if (!this.datarouterUserService.canHavePassword(byUsername)) {
            return new EditUserDetailsDto("This user is externally authenticated and cannot have a password.");
        }
        this.datarouterUserEditService.changePassword(byUsername, currentUser, updatePasswordRequestDto.newPassword, getSigninUrl());
        return getEditUserDetailsDto(byUsername.getUsername());
    }

    @BaseHandler.Handler
    private EditUserDetailsDto copyUser(String str, String str2) {
        if (StringTool.isNullOrEmptyOrWhitespace(str) || StringTool.isNullOrEmptyOrWhitespace(str2)) {
            return new EditUserDetailsDto("Invalid request.");
        }
        DatarouterUser currentUser = getCurrentUser();
        DatarouterUser byUsername = this.datarouterUserDao.getByUsername(new DatarouterUser.DatarouterUserByUsernameLookup(str));
        if (currentUser.getUsername().equals(byUsername.getUsername())) {
            return new EditUserDetailsDto("Cannot copy yourself.");
        }
        if (!this.datarouterUserService.canEditUser(currentUser, byUsername)) {
            return new EditUserDetailsDto("Cannot copy user.");
        }
        Set<Role> hashSet = byUsername.isEnabled().booleanValue() ? new HashSet(byUsername.getRoles()) : (Set) this.deprovisionedUserDao.find(new DeprovisionedUserKey(str)).map((v0) -> {
            return v0.getRoles();
        }).orElseGet(HashSet::new);
        Set<DatarouterAccountKey> set = (Set) Scanner.of(this.datarouterAccountUserService.findAccountNamesForUser((SessionBasedUser) byUsername)).map(DatarouterAccountKey::new).collect(Collectors.toCollection(HashSet::new));
        Optional<ZoneId> zoneId = byUsername.getZoneId();
        DatarouterUser byUsername2 = this.datarouterUserDao.getByUsername(new DatarouterUser.DatarouterUserByUsernameLookup(str2));
        Optional<String> of = Optional.of("User copied from " + str + " by " + currentUser.getUsername());
        if (byUsername2 == null) {
            byUsername2 = this.datarouterUserCreationService.createManualUser(currentUser, str2, null, hashSet, true, zoneId, of);
        } else {
            hashSet.addAll(byUsername2.getRoles());
            Scanner map = Scanner.of(this.datarouterAccountUserService.findAccountNamesForUser((SessionBasedUser) byUsername2)).map(DatarouterAccountKey::new);
            set.getClass();
            map.forEach((v1) -> {
                r1.add(v1);
            });
        }
        this.datarouterUserEditService.editUser(byUsername2, currentUser, hashSet, true, getSigninUrl(), set, zoneId, of);
        this.datarouterUserHistoryService.recordMessage(byUsername, currentUser, "User copied to " + str2 + " by " + currentUser.getUsername());
        this.copyUserListener.onCopiedUser(str, str2);
        return getEditUserDetailsDto(str);
    }

    private DatarouterUser getCurrentUser() {
        return this.datarouterUserService.getAndValidateCurrentUser(getSessionInfo().getRequiredSession());
    }

    private Mav getReactMav(String str, Optional<String> optional) {
        return this.reactPageFactory.startBuilder(this.request).withTitle(str).withReactScript(this.files.js.viewUsersJsx).withJsRawConstant("PATHS", DatarouterWebJsTool.buildRawJsObject(buildPaths(this.request.getContextPath()))).withJsStringConstant("INITIAL_USERNAME", optional.orElse("")).buildMav();
    }

    private static List<String> roleToStrings(Collection<Role> collection) {
        return (List) collection.stream().map((v0) -> {
            return v0.getPersistentString();
        }).sorted(String.CASE_INSENSITIVE_ORDER).collect(Collectors.toList());
    }

    private boolean checkEditPermission(DatarouterUser datarouterUser, DatarouterUser datarouterUser2, BiFunction<DatarouterUser, DatarouterUser, Boolean> biFunction) {
        Objects.requireNonNull(datarouterUser);
        Objects.requireNonNull(datarouterUser2);
        if (biFunction.apply(datarouterUser, datarouterUser2).booleanValue()) {
            return true;
        }
        handleInvalidRequest();
        return false;
    }

    private String getSigninUrl() {
        return String.valueOf(StringTool.getStringBeforeLastOccurrence(this.request.getRequestURI(), this.request.getRequestURL().toString())) + this.request.getContextPath() + this.paths.signin.toSlashedString();
    }

    private void handleInvalidRequest() {
        ResponseTool.sendError(this.response, 403, "invalid request");
    }

    private EditUserDetailsDto getEditUserDetailsDto(String str) {
        SessionBasedUser orElseThrow = this.userInfo.get().getUserByUsername(str, false).orElseThrow();
        Set<Role> rolesByUsername = this.userInfo.get().getRolesByUsername(str, false);
        return new EditUserDetailsDto(orElseThrow.getUsername(), orElseThrow.getId().toString(), orElseThrow.getToken(), ((Scanner) this.datarouterPermissionRequestDao.scanPermissionRequestsForUser(orElseThrow.getId()).listTo(list -> {
            return Scanner.of(this.datarouterUserHistoryService.getResolvedRequestToHistoryChangesMap(list).entrySet());
        })).sort(Comparator.comparing((v0) -> {
            return v0.getKey();
        }, DatarouterPermissionRequest.REVERSE_CHRONOLOGICAL_COMPARATOR)).map(this::buildPermissionRequestDto).list(), (DeprovisionedUserDto) this.deprovisionedUserDao.find(new DeprovisionedUserKey(str)).map((v0) -> {
            return v0.toDto();
        }).orElseGet(() -> {
            return buildDeprovisionedUserDto(orElseThrow, rolesByUsername);
        }), this.roleManager.getConferrableRoles(getSessionInfo().getRoles()), rolesByUsername, this.datarouterAccountUserService.getAllAccountNamesWithUserMappingsEnabled(), this.datarouterAccountUserService.findAccountNamesForUser(orElseThrow), true, "", (String) orElseThrow.getZoneId().map((v0) -> {
            return v0.getId();
        }).orElse(ZoneId.systemDefault().getId()));
    }

    private DatarouterPermissionRequestHandler.PermissionRequestDto buildPermissionRequestDto(Map.Entry<DatarouterPermissionRequest, Optional<String>> entry) {
        ZoneId zoneId = this.currentUserSessionInfoService.getZoneId(getRequest());
        DatarouterPermissionRequest key = entry.getKey();
        return new DatarouterPermissionRequestHandler.PermissionRequestDto(key.getKey().getRequestTime(), key.getRequestText(), key.getResolutionTime(), entry.getValue().orElse(null), zoneId);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static DeprovisionedUserDto buildDeprovisionedUserDto(SessionBasedUser sessionBasedUser, Set<Role> set) {
        return new DeprovisionedUserDto(sessionBasedUser.getUsername(), Scanner.of(set).map((v0) -> {
            return v0.getPersistentString();
        }).list(), sessionBasedUser.isEnabled().booleanValue() ? UserDeprovisioningStatusDto.PROVISIONED : UserDeprovisioningStatusDto.NO_RECORD);
    }

    private Map<String, String> buildPaths(String str) {
        HashMap hashMap = new HashMap();
        hashMap.putAll(Map.of("editUser", getPath(str, this.paths.admin.editUser), "getUserDetails", getPath(str, this.paths.admin.getUserDetails), "listUsers", getPath(str, this.paths.admin.listUsers), "viewUsers", getPath(str, this.paths.admin.viewUsers), "updatePassword", getPath(str, this.paths.admin.updatePassword), "updateUserDetails", getPath(str, this.paths.admin.updateUserDetails), "permissionRequest", getPath(str, this.paths.permissionRequest), "declinePermissionRequests", getPath(str, this.paths.permissionRequest.declinePermissionRequests), "deprovisionUsers", getPath(str, this.paths.userDeprovisioning.deprovisionUsers), "restoreUsers", getPath(str, this.paths.userDeprovisioning.restoreUsers)));
        hashMap.put("copyUser", getPath(str, this.paths.admin.copyUser));
        return hashMap;
    }

    private static String getPath(String str, PathNode pathNode) {
        return String.valueOf(str) + pathNode.toSlashedString();
    }
}
