package io.datarouter.auth.web;

import io.datarouter.auth.config.DatarouterAuthFiles;
import io.datarouter.auth.config.DatarouterAuthPaths;
import io.datarouter.auth.service.DatarouterAccountService;
import io.datarouter.auth.service.DatarouterUserCreationService;
import io.datarouter.auth.service.DatarouterUserEditService;
import io.datarouter.auth.service.DatarouterUserHistoryService;
import io.datarouter.auth.service.DatarouterUserService;
import io.datarouter.auth.storage.account.BaseDatarouterAccountDao;
import io.datarouter.auth.storage.account.DatarouterAccountKey;
import io.datarouter.auth.storage.permissionrequest.DatarouterPermissionRequest;
import io.datarouter.auth.storage.permissionrequest.DatarouterPermissionRequestDao;
import io.datarouter.auth.storage.user.DatarouterUserDao;
import io.datarouter.storage.servertype.ServerTypeDetector;
import io.datarouter.util.array.ArrayTool;
import io.datarouter.util.string.StringTool;
import io.datarouter.web.handler.BaseHandler;
import io.datarouter.web.handler.mav.Mav;
import io.datarouter.web.handler.mav.imp.InContextRedirectMav;
import io.datarouter.web.handler.mav.imp.MessageMav;
import io.datarouter.web.html.j2html.bootstrap4.Bootstrap4PageFactory;
import io.datarouter.web.html.react.bootstrap4.Bootstrap4ReactPageFactory;
import io.datarouter.web.user.authenticate.config.DatarouterAuthenticationConfig;
import io.datarouter.web.user.databean.DatarouterUser;
import io.datarouter.web.user.databean.DatarouterUserKey;
import io.datarouter.web.user.session.service.Role;
import io.datarouter.web.user.session.service.RoleManager;
import io.datarouter.web.util.http.ResponseTool;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Comparator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.TreeMap;
import java.util.function.BiFunction;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.inject.Inject;

/* loaded from: input_file:io/datarouter/auth/web/AdminEditUserHandler.class */
public class AdminEditUserHandler extends BaseHandler {
    private static final String AUTHENTICATION_CONFIG = "authenticationConfig";
    private static final String DATAROUTER_USER_ROLES = "datarouterUserRoles";
    private static final String USER = "user";
    private static final String USER_ROLES = "userRoles";

    @Inject
    private DatarouterUserDao datarouterUserDao;

    @Inject
    private BaseDatarouterAccountDao datarouterAccountDao;

    @Inject
    private DatarouterAccountService datarouterAccountService;

    @Inject
    private DatarouterAuthenticationConfig authenticationConfig;

    @Inject
    private DatarouterPermissionRequestDao datarouterPermissionRequestDao;

    @Inject
    private DatarouterUserCreationService datarouterUserCreationService;

    @Inject
    private DatarouterUserService datarouterUserService;

    @Inject
    private RoleManager roleManager;

    @Inject
    private DatarouterUserEditService datarouterUserEditService;

    @Inject
    private DatarouterUserHistoryService datarouterUserHistoryService;

    @Inject
    private DatarouterAuthPaths paths;

    @Inject
    private DatarouterAuthFiles files;

    @Inject
    private ServerTypeDetector serverTypeDetector;

    @Inject
    private Bootstrap4PageFactory pageFactory;

    @Inject
    private Bootstrap4ReactPageFactory reactPageFactory;

    /* loaded from: input_file:io/datarouter/auth/web/AdminEditUserHandler$DatarouterUserListEntry.class */
    public static class DatarouterUserListEntry {
        public final String id;
        public final String username;
        public final String token;
        public final boolean hasPermissionRequest;

        public DatarouterUserListEntry(String str, String str2, String str3, boolean z) {
            this.id = str;
            this.username = str2;
            this.token = str3;
            this.hasPermissionRequest = z;
        }
    }

    @BaseHandler.Handler
    private Mav viewUsers() {
        return this.reactPageFactory.startBuilder(this.request).withTitle("Datarouter - Users").withReactScript(this.files.js.viewUsersJsx).buildMav();
    }

    @BaseHandler.Handler
    private List<DatarouterUserListEntry> listUsers() {
        Set<DatarouterUserKey> userKeysWithPermissionRequests = this.datarouterPermissionRequestDao.getUserKeysWithPermissionRequests();
        return this.datarouterUserDao.scan().map(datarouterUser -> {
            return new DatarouterUserListEntry(datarouterUser.getKey().getId().toString(), datarouterUser.getUsername(), datarouterUser.getUserToken(), userKeysWithPermissionRequests.contains(datarouterUser.getKey()));
        }).list();
    }

    @BaseHandler.Handler
    private Mav createUser() {
        if (this.serverTypeDetector.mightBeProduction()) {
            return this.pageFactory.message(this.request, "This is not supported on production");
        }
        return this.pageFactory.startBuilder(this.request).withTitle("Datarouter - Create User").withContent(new CreateUserFormHtml(roleToStrings(this.roleManager.getConferrableRoles(getCurrentUser().getRoles())), this.authenticationConfig, this.paths.admin.createUserSubmit.toSlashedStringAfter(this.paths.admin, false)).build()).buildMav();
    }

    @BaseHandler.Handler
    private Mav createUserSubmit() {
        if (this.serverTypeDetector.mightBeProduction()) {
            return this.pageFactory.message(this.request, "This is not supported on production");
        }
        DatarouterUser currentUser = getCurrentUser();
        if (!this.roleManager.isAdmin(currentUser.getRoles()).booleanValue()) {
            handleInvalidRequest();
        }
        String required = this.params.required(this.authenticationConfig.getUsernameParam());
        String required2 = this.params.required(this.authenticationConfig.getPasswordParam());
        RoleManager roleManager = this.roleManager;
        roleManager.getClass();
        this.datarouterUserCreationService.createManualUser(currentUser, required, required2, ArrayTool.mapToSet(roleManager::getRoleFromPersistentString, (String[]) this.params.optionalArray(this.authenticationConfig.getUserRolesParam()).orElse(new String[0])), this.params.optionalBoolean(this.authenticationConfig.getEnabledParam(), true).booleanValue());
        return new InContextRedirectMav(this.request, this.paths.admin.viewUsers);
    }

    @BaseHandler.Handler
    private Mav editUser() {
        DatarouterUser currentUser = getCurrentUser();
        Long optionalLong = this.params.optionalLong(this.authenticationConfig.getUserIdParam(), currentUser.getId());
        DatarouterUser userById = this.datarouterUserService.getUserById(optionalLong);
        DatarouterUserService datarouterUserService = this.datarouterUserService;
        datarouterUserService.getClass();
        checkEditPermission(currentUser, userById, datarouterUserService::canEditUser);
        Mav mav = new Mav(this.files.jsp.authentication.editUserFormJsp);
        mav.put(USER, userById);
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        this.datarouterPermissionRequestDao.scanPermissionRequestsForUser(optionalLong).forEach(datarouterPermissionRequest -> {
            if (datarouterPermissionRequest.getResolution() == null) {
                arrayList.add(datarouterPermissionRequest);
            } else {
                arrayList2.add(datarouterPermissionRequest);
            }
        });
        arrayList.sort(DatarouterPermissionRequest.REVERSE_CHRONOLOGICAL_COMPARATOR);
        TreeMap treeMap = new TreeMap(DatarouterPermissionRequest.REVERSE_CHRONOLOGICAL_COMPARATOR);
        treeMap.putAll(this.datarouterUserHistoryService.getResolvedRequestToHistoryChangesMap(arrayList2));
        mav.put("currentRequests", arrayList);
        mav.put("resolvedRequests", treeMap);
        mav.put(AUTHENTICATION_CONFIG, this.authenticationConfig);
        addPaths(mav);
        mav.put(DATAROUTER_USER_ROLES, roleToStrings(this.roleManager.getConferrableRoles(currentUser.getRoles())));
        mav.put(USER_ROLES, roleToStrings(userById.getRoles()));
        mav.put("datarouterAccounts", this.datarouterAccountDao.scan().sorted(Comparator.comparing(datarouterAccount -> {
            return datarouterAccount.getKey().getAccountName();
        }, String.CASE_INSENSITIVE_ORDER)).include((v0) -> {
            return v0.getEnableUserMappings();
        }).list());
        mav.put("userAccounts", this.datarouterAccountService.findAccountNamesForUser(new DatarouterUserKey(optionalLong)));
        mav.put("permissionRequestPage", String.valueOf(this.request.getContextPath()) + this.paths.permissionRequest.toSlashedString());
        mav.put("thisPagePath", String.valueOf(this.request.getRequestURI()) + (this.request.getQueryString() == null ? "" : "?" + this.request.getQueryString()));
        mav.put("declinePath", String.valueOf(this.request.getContextPath()) + this.paths.permissionRequest.declineAll.toSlashedString());
        return mav;
    }

    @BaseHandler.Handler
    private Mav editUserSubmit() {
        Long requiredLong = this.params.requiredLong(this.authenticationConfig.getUserIdParam());
        Boolean optionalBoolean = this.params.optionalBoolean(this.authenticationConfig.getEnabledParam(), false);
        DatarouterUser currentUser = getCurrentUser();
        DatarouterUser userById = this.datarouterUserService.getUserById(requiredLong);
        DatarouterUserService datarouterUserService = this.datarouterUserService;
        datarouterUserService.getClass();
        checkEditPermission(currentUser, userById, datarouterUserService::canEditUser);
        RoleManager roleManager = this.roleManager;
        roleManager.getClass();
        this.datarouterUserEditService.editUser(userById, currentUser, ArrayTool.mapToSet(roleManager::getRoleFromPersistentString, (String[]) this.params.optionalArray(this.authenticationConfig.getUserRolesParam()).orElse(new String[0])), optionalBoolean, getSigninUrl(), (Set) ((Stream) this.params.optionalArray("accounts").map((v0) -> {
            return Arrays.stream(v0);
        }).orElseGet(Stream::empty)).map(DatarouterAccountKey::new).collect(Collectors.toSet()));
        return new InContextRedirectMav(this.request, String.valueOf(this.paths.admin.editUser.toSlashedString()) + "?userId=" + requiredLong);
    }

    @BaseHandler.Handler
    private Mav resetPassword() {
        DatarouterUser currentUser = getCurrentUser();
        DatarouterUser userById = this.datarouterUserService.getUserById(this.params.optionalLong(this.authenticationConfig.getUserIdParam(), currentUser.getId()));
        DatarouterUserService datarouterUserService = this.datarouterUserService;
        datarouterUserService.getClass();
        checkEditPermission(currentUser, userById, datarouterUserService::canEditUserPassword);
        Mav mav = new Mav(this.files.jsp.authentication.resetPasswordFormJsp);
        mav.put("enabled", Boolean.valueOf(this.datarouterUserService.canHavePassword(userById)));
        mav.put(USER, userById);
        mav.put(AUTHENTICATION_CONFIG, this.authenticationConfig);
        addPaths(mav);
        return mav;
    }

    @BaseHandler.Handler
    private Mav resetPasswordSubmit() {
        String required = this.params.required(this.authenticationConfig.getPasswordParam());
        Long requiredLong = this.params.requiredLong(this.authenticationConfig.getUserIdParam());
        DatarouterUser currentUser = getCurrentUser();
        DatarouterUser userById = this.datarouterUserService.getUserById(requiredLong);
        DatarouterUserService datarouterUserService = this.datarouterUserService;
        datarouterUserService.getClass();
        checkEditPermission(currentUser, userById, datarouterUserService::canEditUserPassword);
        if (!this.datarouterUserService.canHavePassword(userById)) {
            return new MessageMav("This user is externally authenticated and cannot have a password.");
        }
        this.datarouterUserEditService.changePassword(userById, currentUser, required, getSigninUrl());
        return new InContextRedirectMav(this.request, pathBuilder(this.paths.admin.editUser.toSlashedString(), this.authenticationConfig.getUserIdParam(), requiredLong.toString()));
    }

    private DatarouterUser getCurrentUser() {
        return this.datarouterUserService.getAndValidateCurrentUser(getSessionInfo().getRequiredSession());
    }

    private static List<String> roleToStrings(Collection<Role> collection) {
        return (List) collection.stream().map((v0) -> {
            return v0.getPersistentString();
        }).sorted(String.CASE_INSENSITIVE_ORDER).collect(Collectors.toList());
    }

    private String pathBuilder(String str, String str2, String str3) {
        return String.valueOf(str) + "?" + str2 + "=" + str3;
    }

    private void checkEditPermission(DatarouterUser datarouterUser, DatarouterUser datarouterUser2, BiFunction<DatarouterUser, DatarouterUser, Boolean> biFunction) {
        Objects.requireNonNull(datarouterUser);
        Objects.requireNonNull(datarouterUser2);
        if (biFunction.apply(datarouterUser, datarouterUser2).booleanValue()) {
            return;
        }
        handleInvalidRequest();
    }

    private String getSigninUrl() {
        return String.valueOf(StringTool.getStringBeforeLastOccurrence(this.request.getRequestURI(), this.request.getRequestURL().toString())) + this.request.getContextPath() + this.paths.signin.toSlashedString();
    }

    private void handleInvalidRequest() {
        ResponseTool.sendError(this.response, 403, "invalid request");
    }

    private void addPaths(Mav mav) {
        mav.put("createUserSubmitPath", this.paths.admin.createUserSubmit.toSlashedString());
        mav.put("resetPasswordSubmitPath", this.paths.resetPasswordSubmit.toSlashedString());
        mav.put("resetPasswordPath", this.paths.resetPassword.toSlashedString());
        mav.put("editUserSubmitPath", this.paths.admin.editUserSubmit.toSlashedString());
    }
}
