package org.dspace.app.rest.repository;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.sql.SQLException;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.dspace.app.rest.DiscoverableEndpointsService;
import org.dspace.app.rest.Parameter;
import org.dspace.app.rest.SearchRestMethod;
import org.dspace.app.rest.exception.DSpaceBadRequestException;
import org.dspace.app.rest.exception.EPersonNameNotProvidedException;
import org.dspace.app.rest.exception.PasswordNotValidException;
import org.dspace.app.rest.exception.RESTEmptyWorkflowGroupException;
import org.dspace.app.rest.exception.UnprocessableEntityException;
import org.dspace.app.rest.model.EPersonRest;
import org.dspace.app.rest.model.MetadataRest;
import org.dspace.app.rest.model.MetadataValueRest;
import org.dspace.app.rest.model.patch.Operation;
import org.dspace.app.rest.model.patch.Patch;
import org.dspace.app.rest.repository.patch.operation.EPersonPasswordAddOperation;
import org.dspace.app.util.AuthorizeUtil;
import org.dspace.authorize.AuthorizeException;
import org.dspace.authorize.service.AuthorizeService;
import org.dspace.authorize.service.ValidatePasswordService;
import org.dspace.core.Context;
import org.dspace.eperson.EPerson;
import org.dspace.eperson.EmptyWorkflowGroupException;
import org.dspace.eperson.Group;
import org.dspace.eperson.RegistrationData;
import org.dspace.eperson.service.AccountService;
import org.dspace.eperson.service.EPersonService;
import org.dspace.eperson.service.GroupService;
import org.dspace.eperson.service.RegistrationDataService;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.domain.Page;
import org.springframework.data.domain.Pageable;
import org.springframework.hateoas.Link;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Component;

@Component("eperson.eperson")
/* loaded from: input_file:org/dspace/app/rest/repository/EPersonRestRepository.class */
public class EPersonRestRepository extends DSpaceObjectRestRepository<EPerson, EPersonRest> implements InitializingBean {
    private static final Logger log = LogManager.getLogger();

    @Autowired
    AuthorizeService authorizeService;

    @Autowired
    DiscoverableEndpointsService discoverableEndpointsService;

    @Autowired
    private AccountService accountService;

    @Autowired
    private ValidatePasswordService validatePasswordService;

    @Autowired
    private RegistrationDataService registrationDataService;

    @Autowired
    private GroupService groupService;
    private final EPersonService es;

    public EPersonRestRepository(EPersonService ePersonService) {
        super(ePersonService);
        this.es = ePersonService;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.dspace.app.rest.repository.DSpaceRestRepository
    public EPersonRest createAndReturn(Context context) throws AuthorizeException {
        HttpServletRequest httpServletRequest = getRequestService().getCurrentRequest().getHttpServletRequest();
        try {
            EPersonRest ePersonRest = (EPersonRest) new ObjectMapper().readValue(httpServletRequest.getInputStream(), EPersonRest.class);
            String parameter = httpServletRequest.getParameter("token");
            if (!StringUtils.isNotBlank(parameter)) {
                return (EPersonRest) this.converter.toRest(createEPersonFromRestObject(context, ePersonRest), this.utils.obtainProjection());
            }
            try {
                return createAndReturn(context, ePersonRest, parameter);
            } catch (SQLException e) {
                log.error("Something went wrong in the creation of an EPerson with token: " + parameter, e);
                throw new RuntimeException("Something went wrong in the creation of an EPerson with token: " + parameter);
            }
        } catch (IOException e2) {
            throw new UnprocessableEntityException("error parsing the body... maybe this is not the right error code");
        }
    }

    private EPerson createEPersonFromRestObject(Context context, EPersonRest ePersonRest) throws AuthorizeException {
        try {
            EPerson create = this.es.create(context);
            create.setCanLogIn(ePersonRest.isCanLogIn());
            create.setRequireCertificate(ePersonRest.isRequireCertificate());
            create.setEmail(ePersonRest.getEmail());
            create.setNetid(ePersonRest.getNetid());
            if (ePersonRest.getPassword() != null) {
                if (!this.validatePasswordService.isPasswordValid(ePersonRest.getPassword())) {
                    throw new PasswordNotValidException();
                }
                this.es.setPassword(create, ePersonRest.getPassword());
            }
            this.es.update(context, create);
            this.metadataConverter.setMetadata(context, create, ePersonRest.getMetadata());
            return create;
        } catch (SQLException e) {
            throw new RuntimeException(e.getMessage(), e);
        }
    }

    private EPersonRest createAndReturn(Context context, EPersonRest ePersonRest, String str) throws AuthorizeException, SQLException {
        if (!AuthorizeUtil.authorizeNewAccountRegistration(context, this.requestService.getCurrentRequest().getHttpServletRequest())) {
            throw new DSpaceBadRequestException("Registration is disabled, you are not authorized to create a new Authorization");
        }
        RegistrationData findByToken = this.registrationDataService.findByToken(context, str);
        if (findByToken == null) {
            throw new DSpaceBadRequestException("The token given as parameter: " + str + " does not exist in the database");
        }
        if (this.es.findByEmail(context, findByToken.getEmail()) != null) {
            throw new DSpaceBadRequestException("The token given already contains an email address that resolves to an eperson");
        }
        String email = ePersonRest.getEmail();
        if (StringUtils.isNotBlank(email) && !StringUtils.equalsIgnoreCase(findByToken.getEmail(), email)) {
            throw new DSpaceBadRequestException("The email resulting from the token does not match the email given in the json body. Email from token: " + findByToken.getEmail() + " email from the json body: " + email);
        }
        if (ePersonRest.isSelfRegistered() != null && !ePersonRest.isSelfRegistered().booleanValue()) {
            throw new DSpaceBadRequestException("The self registered property cannot be set to false using this method with a token");
        }
        checkRequiredProperties(ePersonRest);
        context.turnOffAuthorisationSystem();
        EPerson createEPersonFromRestObject = createEPersonFromRestObject(context, ePersonRest);
        context.restoreAuthSystemState();
        this.accountService.deleteToken(context, str);
        if (context.getCurrentUser() == null) {
            context.setCurrentUser(createEPersonFromRestObject);
        }
        return (EPersonRest) this.converter.toRest(createEPersonFromRestObject, this.utils.obtainProjection());
    }

    private void checkRequiredProperties(EPersonRest ePersonRest) {
        MetadataRest metadata = ePersonRest.getMetadata();
        if (metadata != null) {
            List<MetadataValueRest> list = metadata.getMap().get("eperson.firstname");
            List<MetadataValueRest> list2 = metadata.getMap().get("eperson.lastname");
            if (list == null || list2 == null || list.isEmpty() || list2.isEmpty()) {
                throw new EPersonNameNotProvidedException();
            }
        }
        if (StringUtils.isBlank(ePersonRest.getPassword())) {
            throw new DSpaceBadRequestException("A password is required");
        }
    }

    @Override // org.dspace.app.rest.repository.DSpaceRestRepository
    @PreAuthorize("hasPermission(#id, 'EPERSON', 'READ')")
    public EPersonRest findOne(Context context, UUID uuid) {
        try {
            EPerson find = this.es.find(context, uuid);
            if (find == null) {
                return null;
            }
            return (EPersonRest) this.converter.toRest(find, this.utils.obtainProjection());
        } catch (SQLException e) {
            throw new RuntimeException(e.getMessage(), e);
        }
    }

    @Override // org.dspace.app.rest.repository.DSpaceRestRepository
    @PreAuthorize("hasAuthority('ADMIN')")
    public Page<EPersonRest> findAll(Context context, Pageable pageable) {
        try {
            return this.converter.toRestPage(this.es.findAll(context, 1, pageable.getPageSize(), Math.toIntExact(pageable.getOffset())), pageable, this.es.countTotal(context), this.utils.obtainProjection());
        } catch (SQLException e) {
            throw new RuntimeException(e.getMessage(), e);
        }
    }

    @SearchRestMethod(name = "byEmail")
    public EPersonRest findByEmail(@Parameter(value = "email", required = true) String str) {
        try {
            EPerson findByEmail = this.es.findByEmail(obtainContext(), str);
            if (findByEmail == null) {
                return null;
            }
            return (EPersonRest) this.converter.toRest(findByEmail, this.utils.obtainProjection());
        } catch (SQLException e) {
            throw new RuntimeException(e.getMessage(), e);
        }
    }

    @SearchRestMethod(name = "byMetadata")
    @PreAuthorize("hasAuthority('ADMIN') || hasAuthority('MANAGE_ACCESS_GROUP')")
    public Page<EPersonRest> findByMetadata(@Parameter(value = "query", required = true) String str, Pageable pageable) {
        try {
            Context obtainContext = obtainContext();
            return this.converter.toRestPage(this.es.search(obtainContext, str, Math.toIntExact(pageable.getOffset()), Math.toIntExact(pageable.getPageSize())), pageable, this.es.searchResultCount(obtainContext, str), this.utils.obtainProjection());
        } catch (SQLException e) {
            throw new RuntimeException(e.getMessage(), e);
        }
    }

    @SearchRestMethod(name = "isNotMemberOf")
    @PreAuthorize("hasAuthority('ADMIN') || hasAuthority('MANAGE_ACCESS_GROUP')")
    public Page<EPersonRest> findIsNotMemberOf(@Parameter(value = "group", required = true) UUID uuid, @Parameter(value = "query", required = true) String str, Pageable pageable) {
        try {
            Context obtainContext = obtainContext();
            Group find = this.groupService.find(obtainContext, uuid);
            return this.converter.toRestPage(this.es.searchNonMembers(obtainContext, str, find, Math.toIntExact(pageable.getOffset()), Math.toIntExact(pageable.getPageSize())), pageable, this.es.searchNonMembersCount(obtainContext, str, find), this.utils.obtainProjection());
        } catch (SQLException e) {
            throw new RuntimeException(e.getMessage(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.dspace.app.rest.repository.DSpaceRestRepository
    @PreAuthorize("hasPermission(#uuid, 'EPERSON', #patch)")
    public void patch(Context context, HttpServletRequest httpServletRequest, String str, String str2, UUID uuid, Patch patch) throws AuthorizeException, SQLException {
        boolean z = false;
        Iterator<Operation> it = patch.getOperations().iterator();
        while (it.hasNext()) {
            if (StringUtils.equalsIgnoreCase(it.next().getPath(), EPersonPasswordAddOperation.OPERATION_PASSWORD_CHANGE)) {
                z = true;
            }
        }
        if (StringUtils.isNotBlank(httpServletRequest.getParameter("token"))) {
            if (!z) {
                throw new AccessDeniedException("Refused to perform the EPerson patch based on a token without changing the password");
            }
        } else if (z && !StringUtils.equals(context.getAuthenticationMethod(), "password")) {
            throw new AccessDeniedException("Refused to perform the EPerson patch based to change the password for non \"password\" authentication");
        }
        patchDSpaceObject(str, str2, uuid, patch);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.dspace.app.rest.repository.DSpaceRestRepository
    public void delete(Context context, UUID uuid) throws AuthorizeException {
        try {
            this.es.delete(context, this.es.find(context, uuid));
        } catch (IOException | SQLException e) {
            throw new RuntimeException(e.getMessage(), e);
        } catch (EmptyWorkflowGroupException e2) {
            throw new RESTEmptyWorkflowGroupException(e2);
        } catch (IllegalStateException e3) {
            throw new UnprocessableEntityException(e3.getMessage(), e3);
        }
    }

    @Override // org.dspace.app.rest.repository.DSpaceRestRepository
    public Class<EPersonRest> getDomainClass() {
        return EPersonRest.class;
    }

    public void afterPropertiesSet() throws Exception {
        this.discoverableEndpointsService.register(this, Arrays.asList(Link.of("/api/eperson/registrations", "eperson-registration")));
    }
}
