package net.unit8.bouncr.api.resource;

import com.fasterxml.jackson.core.type.TypeReference;
import enkan.component.BeansConverter;
import enkan.util.BeanBuilder;
import enkan.util.jpa.EntityTransactionManager;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import javax.inject.Inject;
import javax.persistence.CacheStoreMode;
import javax.persistence.EntityManager;
import javax.persistence.criteria.CriteriaBuilder;
import javax.persistence.criteria.CriteriaQuery;
import javax.persistence.criteria.JoinType;
import javax.persistence.criteria.Root;
import kotowari.restful.Decision;
import kotowari.restful.DecisionPoint;
import kotowari.restful.component.BeansValidator;
import kotowari.restful.data.Problem;
import kotowari.restful.data.RestContext;
import kotowari.restful.resource.AllowedMethods;
import net.unit8.bouncr.api.boundary.BouncrProblem;
import net.unit8.bouncr.api.boundary.SignUpCreateRequest;
import net.unit8.bouncr.api.boundary.SignUpResponse;
import net.unit8.bouncr.api.service.PasswordCredentialService;
import net.unit8.bouncr.api.service.UserProfileService;
import net.unit8.bouncr.component.BouncrConfiguration;
import net.unit8.bouncr.component.config.HookPoint;
import net.unit8.bouncr.data.InitialPassword;
import net.unit8.bouncr.domain.VerificationTargetSet;
import net.unit8.bouncr.entity.Invitation;
import net.unit8.bouncr.entity.OidcUser;
import net.unit8.bouncr.entity.User;
import net.unit8.bouncr.entity.UserProfileValue;
import net.unit8.bouncr.sign.JsonWebToken;
import net.unit8.bouncr.sign.JwtClaim;

@AllowedMethods({"POST"})
/* loaded from: input_file:net/unit8/bouncr/api/resource/SignUpResource.class */
public class SignUpResource {

    @Inject
    private BeansConverter converter;

    @Inject
    private BeansValidator validator;

    @Inject
    private JsonWebToken jsonWebToken;

    @Inject
    private BouncrConfiguration config;

    @Decision(DecisionPoint.MALFORMED)
    public Problem validate(SignUpCreateRequest signUpCreateRequest, RestContext restContext, EntityManager entityManager) {
        if (signUpCreateRequest == null) {
            return (Problem) BeanBuilder.builder(Problem.valueOf(400, "request is empty")).set((v0, v1) -> {
                v0.setType(v1);
            }, BouncrProblem.MALFORMED.problemUri()).build();
        }
        Problem problem = (Problem) BeanBuilder.builder(Problem.fromViolations(this.validator.validate(signUpCreateRequest))).set((v0, v1) -> {
            v0.setType(v1);
        }, BouncrProblem.MALFORMED.problemUri()).build();
        this.config.getHookRepo().runHook(HookPoint.BEFORE_VALIDATE_USER_PROFILES, signUpCreateRequest.getUserProfiles());
        problem.getViolations().addAll(new UserProfileService(entityManager).validateUserProfile(signUpCreateRequest.getUserProfiles()));
        if (problem.getViolations().isEmpty()) {
            restContext.putValue(signUpCreateRequest);
        }
        if (problem.getViolations().isEmpty()) {
            return null;
        }
        return problem;
    }

    @Decision(DecisionPoint.ALLOWED)
    public boolean isAllowedSignUp() {
        return this.config.isSignUpEnabled();
    }

    @Decision(DecisionPoint.HANDLE_FORBIDDEN)
    public Problem forbidden() {
        return Problem.valueOf(403, "Signing up is NOT allowed");
    }

    @Decision(DecisionPoint.CONFLICT)
    public boolean conflict(SignUpCreateRequest signUpCreateRequest, RestContext restContext, EntityManager entityManager) {
        UserProfileService userProfileService = new UserProfileService(entityManager);
        Set<Problem.Violation> validateAccountUniqueness = userProfileService.validateAccountUniqueness(signUpCreateRequest.getAccount());
        validateAccountUniqueness.addAll(userProfileService.validateProfileUniqueness(signUpCreateRequest.getUserProfiles()));
        if (!validateAccountUniqueness.isEmpty()) {
            Problem problem = (Problem) BeanBuilder.builder(Problem.valueOf(409)).set((v0, v1) -> {
                v0.setType(v1);
            }, BouncrProblem.CONFLICT.problemUri()).build();
            problem.getViolations().addAll(validateAccountUniqueness);
            restContext.setMessage(problem);
        }
        return !validateAccountUniqueness.isEmpty();
    }

    private Invitation findInvitation(String str, EntityManager entityManager) {
        CriteriaBuilder criteriaBuilder = entityManager.getCriteriaBuilder();
        CriteriaQuery createQuery = criteriaBuilder.createQuery(Invitation.class);
        Root from = createQuery.from(Invitation.class);
        from.fetch("groupInvitations", JoinType.LEFT);
        from.fetch("oidcInvitations", JoinType.LEFT);
        createQuery.where(criteriaBuilder.equal(from.get("code"), str));
        return (Invitation) entityManager.createQuery(createQuery).setHint("javax.persistence.cache.storeMode", CacheStoreMode.REFRESH).getResultStream().findAny().orElse(null);
    }

    @Decision(DecisionPoint.POST)
    public SignUpResponse create(SignUpCreateRequest signUpCreateRequest, RestContext restContext, EntityManager entityManager) {
        User user = (User) this.converter.createFrom(signUpCreateRequest, User.class);
        UserProfileService userProfileService = new UserProfileService(entityManager);
        List<UserProfileValue> convertToUserProfileValues = userProfileService.convertToUserProfileValues(signUpCreateRequest.getUserProfiles());
        user.setUserProfileValues((List) convertToUserProfileValues.stream().map(userProfileValue -> {
            userProfileValue.setUser(user);
            return userProfileValue;
        }).collect(Collectors.toList()));
        List list = (List) userProfileService.createProfileVerification(convertToUserProfileValues).stream().map(userProfileVerification -> {
            userProfileVerification.setUser(user);
            return userProfileVerification;
        }).collect(Collectors.toList());
        user.setWriteProtected(false);
        restContext.putValue(user);
        this.config.getHookRepo().runHook(HookPoint.BEFORE_SIGN_UP, restContext);
        Optional map = Optional.ofNullable(signUpCreateRequest.getCode()).map(str -> {
            return findInvitation(str, entityManager);
        });
        new EntityTransactionManager(entityManager).required(() -> {
            map.ifPresent(invitation -> {
                List list2 = (List) Optional.ofNullable(user.getGroups()).filter(list3 -> {
                    return !list3.isEmpty();
                }).orElseGet(ArrayList::new);
                list2.addAll((Collection) invitation.getGroupInvitations().stream().map((v0) -> {
                    return v0.getGroup();
                }).collect(Collectors.toList()));
                user.setGroups(list2);
                invitation.getOidcInvitations().forEach(oidcInvitation -> {
                    entityManager.persist((OidcUser) BeanBuilder.builder(new OidcUser()).set((v0, v1) -> {
                        v0.setUser(v1);
                    }, user).set((v0, v1) -> {
                        v0.setOidcProvider(v1);
                    }, oidcInvitation.getOidcProvider()).set((v0, v1) -> {
                        v0.setOidcSub(v1);
                    }, ((JwtClaim) this.jsonWebToken.decodePayload(oidcInvitation.getOidcPayload(), new TypeReference<JwtClaim>() { // from class: net.unit8.bouncr.api.resource.SignUpResource.1
                    })).getSub()).build());
                });
            });
            Objects.requireNonNull(entityManager);
            map.ifPresent((v1) -> {
                r1.remove(v1);
            });
            entityManager.persist(user);
            restContext.putValue(user);
            Objects.requireNonNull(entityManager);
            list.forEach((v1) -> {
                r1.persist(v1);
            });
            restContext.putValue(new VerificationTargetSet(list));
            if (signUpCreateRequest.isEnablePasswordCredential()) {
                restContext.putValue(new PasswordCredentialService(entityManager, this.config).initializePassword(user));
            }
            this.config.getHookRepo().runHook(HookPoint.AFTER_SIGN_UP, restContext);
        });
        return (SignUpResponse) BeanBuilder.builder(new SignUpResponse()).set((v0, v1) -> {
            v0.setId(v1);
        }, user.getId()).set((v0, v1) -> {
            v0.setAccount(v1);
        }, user.getAccount()).set((v0, v1) -> {
            v0.setUserProfiles(v1);
        }, user.getUserProfiles()).set((v0, v1) -> {
            v0.setPassword(v1);
        }, (String) restContext.getValue(InitialPassword.class).map((v0) -> {
            return v0.getPassword();
        }).orElse(null)).build();
    }
}
