package org.eurekaclinical.user.service.resource;

import com.google.inject.Inject;
import com.google.inject.persist.Transactional;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import javax.annotation.security.RolesAllowed;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.apache.commons.lang3.StringUtils;
import org.eurekaclinical.standardapis.exception.HttpStatusException;
import org.eurekaclinical.user.client.comm.PasswordChangeRequest;
import org.eurekaclinical.user.client.comm.User;
import org.eurekaclinical.user.service.dao.AuthenticationMethodDao;
import org.eurekaclinical.user.service.dao.LocalUserDao;
import org.eurekaclinical.user.service.dao.LoginTypeDao;
import org.eurekaclinical.user.service.dao.OAuthProviderDao;
import org.eurekaclinical.user.service.dao.RoleDao;
import org.eurekaclinical.user.service.dao.UserDao;
import org.eurekaclinical.user.service.email.EmailException;
import org.eurekaclinical.user.service.email.EmailSender;
import org.eurekaclinical.user.service.entity.LocalUserEntity;
import org.eurekaclinical.user.service.entity.RoleEntity;
import org.eurekaclinical.user.service.entity.UserEntity;
import org.eurekaclinical.user.service.entity.UserEntityToUserVisitor;
import org.eurekaclinical.user.service.util.StringUtil;
import org.eurekaclinical.user.service.util.UserToUserEntityVisitor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Path("/protected/users")
@Consumes({MediaType.APPLICATION_JSON})
@Transactional
@Produces({MediaType.APPLICATION_JSON})
/* loaded from: input_file:WEB-INF/classes/org/eurekaclinical/user/service/resource/UserResource.class */
public class UserResource {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) UserResource.class);
    private final UserDao userDao;
    private final LocalUserDao localUserDao;
    private final RoleDao roleDao;
    private final EmailSender emailSender;
    private String validationError;
    private UserToUserEntityVisitor visitor;

    @Inject
    public UserResource(UserDao userDao, LocalUserDao localUserDao, RoleDao roleDao, EmailSender emailSender, OAuthProviderDao oAuthProviderDao, LoginTypeDao loginTypeDao, AuthenticationMethodDao authenticationMethodDao) {
        this.userDao = userDao;
        this.localUserDao = localUserDao;
        this.roleDao = roleDao;
        this.emailSender = emailSender;
        this.visitor = new UserToUserEntityVisitor(oAuthProviderDao, roleDao, loginTypeDao, authenticationMethodDao);
    }

    @GET
    @RolesAllowed({"admin"})
    public List<User> getUsers() {
        Collection<? extends UserEntity> all = this.userDao.getAll();
        LOGGER.debug("Returning list of users");
        UserEntityToUserVisitor userEntityToUserVisitor = new UserEntityToUserVisitor();
        userEntityToUserVisitor.visit(all);
        return userEntityToUserVisitor.getUsers();
    }

    /* JADX WARN: Multi-variable type inference failed */
    @GET
    @RolesAllowed({"researcher", "admin"})
    @Path("/{id}")
    public User getUserById(@Context HttpServletRequest httpServletRequest, @PathParam("id") Long l) {
        UserEntity userEntity = (UserEntity) this.userDao.retrieve(l);
        if (userEntity == null) {
            throw new HttpStatusException(Response.Status.NOT_FOUND);
        }
        if (!httpServletRequest.isUserInRole("admin") && !httpServletRequest.getRemoteUser().equals(userEntity.getUsername())) {
            throw new HttpStatusException(Response.Status.FORBIDDEN);
        }
        this.userDao.refresh(userEntity);
        LOGGER.debug("Returning user for ID {}", l);
        UserEntityToUserVisitor userEntityToUserVisitor = new UserEntityToUserVisitor();
        userEntity.accept(userEntityToUserVisitor);
        return userEntityToUserVisitor.getUser();
    }

    /* JADX WARN: Multi-variable type inference failed */
    @GET
    @RolesAllowed({"researcher", "admin"})
    @Path("/me")
    public User getMe(@Context HttpServletRequest httpServletRequest) {
        String name = httpServletRequest.getUserPrincipal().getName();
        UserEntity userEntity = (UserEntity) this.userDao.getByName(name);
        if (userEntity == null) {
            throw new HttpStatusException(Response.Status.NOT_FOUND);
        }
        this.userDao.refresh(userEntity);
        LOGGER.debug("Returning user for name {}", name);
        UserEntityToUserVisitor userEntityToUserVisitor = new UserEntityToUserVisitor();
        userEntity.accept(userEntityToUserVisitor);
        return userEntityToUserVisitor.getUser();
    }

    /* JADX WARN: Multi-variable type inference failed */
    @POST
    @RolesAllowed({"admin"})
    public Response addUser(User user, @Context UriInfo uriInfo) {
        if (this.userDao.getByName(user.getUsername()) != 0) {
            throw new HttpStatusException(Response.Status.CONFLICT);
        }
        String[] validate = user.validate();
        if (validate.length != 0) {
            LOGGER.info("Invalid new user request: {}, reason {}", user, this.validationError);
            throw new HttpStatusException(Response.Status.BAD_REQUEST, StringUtils.join(validate, ", "));
        }
        user.accept(this.visitor);
        UserEntity userEntity = this.visitor.getUserEntity();
        LOGGER.debug("Saving new user {}", userEntity.getEmail());
        this.userDao.create(userEntity);
        try {
            LOGGER.debug("Sending email to {}", userEntity.getEmail());
            this.emailSender.sendActivationMessage(userEntity);
        } catch (EmailException e) {
            LOGGER.error("Error sending email to {}", userEntity.getEmail(), e);
        }
        return Response.created(uriInfo.getAbsolutePathBuilder().path(((UserEntity) this.userDao.getByName(user.getUsername())).getId().toString()).build(new Object[0])).entity(user).build();
    }

    @POST
    @RolesAllowed({"researcher", "admin"})
    @Path("/passwordchange")
    public void changePassword(@Context HttpServletRequest httpServletRequest, PasswordChangeRequest passwordChangeRequest) {
        String name = httpServletRequest.getUserPrincipal().getName();
        LocalUserEntity byName = this.localUserDao.getByName(name);
        if (byName == null) {
            LOGGER.error("User " + name + " not found");
            throw new HttpStatusException(Response.Status.NOT_FOUND);
        }
        this.localUserDao.refresh(byName);
        String newPassword = passwordChangeRequest.getNewPassword();
        try {
            String md5 = StringUtil.md5(passwordChangeRequest.getOldPassword());
            String md52 = StringUtil.md5(newPassword);
            if (!byName.getPassword().equals(md5)) {
                throw new HttpStatusException(Response.Status.BAD_REQUEST, "Error while changing password. Old password is incorrect.");
            }
            byName.setPassword(md52);
            byName.setPasswordExpiration(getExpirationDate());
            this.localUserDao.update(byName);
            try {
                this.emailSender.sendPasswordChangeMessage(byName);
            } catch (EmailException e) {
                LOGGER.error(e.getMessage(), (Throwable) e);
            }
        } catch (NoSuchAlgorithmException e2) {
            LOGGER.error(e2.getMessage(), (Throwable) e2);
            throw new HttpStatusException(Response.Status.INTERNAL_SERVER_ERROR, e2);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    @RolesAllowed({"researcher", "admin"})
    @Path("/{id}")
    @PUT
    public Response putUser(@Context HttpServletRequest httpServletRequest, User user, @PathParam("id") Long l) {
        Response build;
        String name = httpServletRequest.getUserPrincipal().getName();
        if (!httpServletRequest.isUserInRole("admin") && !name.equals(user.getUsername())) {
            throw new HttpStatusException(Response.Status.FORBIDDEN);
        }
        LOGGER.debug("Received updated user: {}", user);
        UserEntity userEntity = (UserEntity) this.userDao.retrieve(l);
        User me = getMe(httpServletRequest);
        boolean z = !userEntity.isActive() && user.isActive();
        if (validateUpdatedUser(userEntity, user, me)) {
            userEntity.setFirstName(user.getFirstName());
            userEntity.setLastName(user.getLastName());
            userEntity.setEmail(user.getEmail());
            userEntity.setOrganization(user.getOrganization());
            userEntity.setTitle(user.getTitle());
            userEntity.setDepartment(user.getDepartment());
            userEntity.setFullName(user.getFullName());
            userEntity.setRoles(roleIdsToRoles(user.getRoles()));
            userEntity.setActive(user.isActive());
            userEntity.setLastLogin(user.getLastLogin());
            LOGGER.debug("Saving updated user: {}", userEntity.getEmail());
            this.userDao.update(userEntity);
            if (z) {
                try {
                    this.emailSender.sendActivationMessage(userEntity);
                } catch (EmailException e) {
                    LOGGER.error(e.getMessage(), (Throwable) e);
                }
            }
            build = Response.ok().entity(userEntity).build();
        } else {
            build = Response.notModified(this.validationError).build();
        }
        return build;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private boolean validateUpdatedUser(UserEntity userEntity, User user, User user2) {
        boolean z = true;
        RoleEntity roleEntity = (RoleEntity) this.roleDao.getByName("admin");
        boolean equals = user2.getUsername().equals(userEntity.getUsername());
        if (userEntity.getRoles().contains(roleEntity) && equals) {
            if (!user.getRoles().contains(2L)) {
                this.validationError = "admin user can not be stripped of admin rights by him/herself ";
                z = false;
            } else if (userEntity.isActive() && !user.isActive()) {
                this.validationError = "admin user can not be de-activated by him/herself";
                z = false;
            }
        }
        return z;
    }

    private Date getExpirationDate() {
        Calendar calendar = Calendar.getInstance();
        calendar.add(5, 90);
        return calendar.getTime();
    }

    private List<RoleEntity> roleIdsToRoles(List<Long> list) {
        ArrayList arrayList = new ArrayList(list.size());
        Iterator<Long> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(this.roleDao.retrieve(it.next()));
        }
        return arrayList;
    }
}
