package org.ligoj.app.plugin.credential.resource;

import java.io.Serializable;
import java.util.Date;
import java.util.Optional;
import java.util.TreeSet;
import java.util.UUID;
import javax.mail.Message;
import javax.mail.internet.InternetAddress;
import javax.transaction.Transactional;
import javax.ws.rs.Consumes;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.math.NumberUtils;
import org.joda.time.DateTime;
import org.ligoj.app.api.FeaturePlugin;
import org.ligoj.app.iam.IPasswordGenerator;
import org.ligoj.app.iam.IUserRepository;
import org.ligoj.app.iam.IamProvider;
import org.ligoj.app.iam.SimpleUserOrg;
import org.ligoj.app.iam.UserOrg;
import org.ligoj.app.plugin.credential.dao.PasswordResetRepository;
import org.ligoj.app.plugin.credential.model.PasswordReset;
import org.ligoj.app.plugin.mail.resource.MailServicePlugin;
import org.ligoj.app.resource.ServicePluginLocator;
import org.ligoj.bootstrap.core.SpringUtils;
import org.ligoj.bootstrap.core.resource.BusinessException;
import org.ligoj.bootstrap.core.security.SecurityHelper;
import org.ligoj.bootstrap.core.validation.ValidationJsonException;
import org.ligoj.bootstrap.resource.system.configuration.ConfigurationResource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.mail.javamail.MimeMessagePreparator;
import org.springframework.scheduling.annotation.Scheduled;
import org.springframework.stereotype.Service;

@Path("/service/password")
@Service
@Produces({"application/json"})
@Transactional
/* loaded from: input_file:org/ligoj/app/plugin/credential/resource/PasswordResource.class */
public class PasswordResource implements IPasswordGenerator, FeaturePlugin {
    private static final Logger log = LoggerFactory.getLogger(PasswordResource.class);
    private static final String MAIL_NODE = "password.mail.node";
    private static final String URL_PUBLIC = "password.mail.url";
    private static final String SUBJECT = "password.mail.reset.subject";
    private static final String MESSAGE_RESET = "password.mail.reset.content";
    private static final String MESSAGE_NEW_SUBJECT = "password.mail.new.subject";
    private static final String MESSAGE_NEW = "password.mail.new.content";
    private static final String MESSAGE_FROM_TITLE = "password.mail.from.title";
    private static final String MESSAGE_FROM = "password.mail.from";

    @Autowired
    protected IamProvider[] iamProvider;

    @Autowired
    protected SecurityHelper securityHelper;

    @Autowired
    protected PasswordResetRepository repository;

    @Autowired
    protected ConfigurationResource configurationResource;

    @Autowired
    protected ServicePluginLocator servicePluginLocator;

    public String generate() {
        return RandomStringUtils.randomAlphanumeric(10);
    }

    @PUT
    @Consumes({"application/json"})
    public void update(ResetPassword resetPassword) {
        String login = this.securityHelper.getLogin();
        if (!getUser().authenticate(login, resetPassword.getPassword())) {
            throw new ValidationJsonException("password", "login", new Serializable[0]);
        }
        create(login, resetPassword.getNewPassword(), false);
    }

    @POST
    @Path("reset/{uid}")
    @Consumes({"application/json"})
    public void reset(ResetPasswordByMailChallenge resetPasswordByMailChallenge, @PathParam("uid") String str) {
        PasswordReset findByLoginAndTokenAndDateAfter = this.repository.findByLoginAndTokenAndDateAfter(str, resetPasswordByMailChallenge.getToken(), DateTime.now().minusHours(NumberUtils.INTEGER_ONE.intValue()).toDate());
        if (findByLoginAndTokenAndDateAfter == null) {
            throw new BusinessException("unknown-id", new Serializable[0]);
        }
        create(str, resetPasswordByMailChallenge.getPassword(), false);
        this.repository.delete(findByLoginAndTokenAndDateAfter);
    }

    @POST
    @Path("recovery/{uid}/{mail}")
    public void requestRecovery(@PathParam("uid") String str, @PathParam("mail") String str2) {
        UserOrg findById = getUser().findById(str);
        if (findById == null || findById.getLocked() != null) {
            return;
        }
        TreeSet treeSet = new TreeSet(String.CASE_INSENSITIVE_ORDER);
        treeSet.addAll(findById.getMails());
        if (treeSet.add(str2) || this.repository.findByLoginAndDateAfter(str, DateTime.now().minusMinutes(5).toDate()) != null) {
            return;
        }
        createPasswordReset(str, str2, findById, UUID.randomUUID().toString());
    }

    private void createPasswordReset(String str, String str2, UserOrg userOrg, String str3) {
        PasswordReset passwordReset = new PasswordReset();
        passwordReset.setLogin(str);
        passwordReset.setToken(str3);
        passwordReset.setDate(new Date());
        this.repository.saveAndFlush(passwordReset);
        sendMailReset(userOrg, str2, str3);
    }

    protected void sendMailReset(UserOrg userOrg, String str, String str2) {
        sendMail(mimeMessage -> {
            String str3 = userOrg.getFirstName() + " " + userOrg.getLastName();
            InternetAddress internetAddress = new InternetAddress(str, str3, "UTF-8");
            String str4 = this.configurationResource.get(URL_PUBLIC) + "#reset=" + str2 + "/" + userOrg.getId();
            String str5 = "<a href=\"" + str4 + "\">" + str4 + "</a>";
            mimeMessage.setHeader("Content-Type", "text/plain; charset=UTF-8");
            mimeMessage.setFrom(new InternetAddress(this.configurationResource.get(MESSAGE_FROM), this.configurationResource.get(MESSAGE_FROM_TITLE), "UTF-8"));
            mimeMessage.setRecipient(Message.RecipientType.TO, internetAddress);
            mimeMessage.setSubject(this.configurationResource.get(SUBJECT), "UTF-8");
            mimeMessage.setContent(String.format(this.configurationResource.get(MESSAGE_RESET), str3, str5, str3, str5), "text/html; charset=UTF-8");
        });
    }

    private void sendMail(MimeMessagePreparator mimeMessagePreparator) {
        String str = this.configurationResource.get(MAIL_NODE);
        Optional.ofNullable(this.servicePluginLocator.getResource(str, MailServicePlugin.class)).map(mailServicePlugin -> {
            return mailServicePlugin.send(str, mimeMessagePreparator);
        });
    }

    @Scheduled(cron = "0 0 1 1/1 * ?")
    public void cleanRecoveries() {
        ((PasswordResource) SpringUtils.getBean(PasswordResource.class)).cleanRecoveriesInternal();
    }

    public void cleanRecoveriesInternal() {
        this.repository.deleteByDateBefore(DateTime.now().minusDays(1).toDate());
    }

    public void generate(String str) {
        create(str, generate());
    }

    protected String create(String str, String str2) {
        return create(str, str2, true);
    }

    protected String create(String str, String str2, boolean z) {
        UserOrg checkUser = checkUser(str);
        getUser().setPassword(checkUser, str2);
        if (z) {
            sendMailPassword(checkUser, str2);
        }
        return str2;
    }

    private UserOrg checkUser(String str) {
        UserOrg findById = getUser().findById(str);
        if (findById == null || findById.getLocked() != null) {
            throw new BusinessException("unknown-id", new Serializable[]{str});
        }
        return findById;
    }

    protected void sendMailPassword(SimpleUserOrg simpleUserOrg, String str) {
        log.info("Sending mail to '{}' at {}", simpleUserOrg.getId(), simpleUserOrg.getMails());
        sendMail(mimeMessage -> {
            InternetAddress[] internetAddressArr = new InternetAddress[simpleUserOrg.getMails().size()];
            String str2 = simpleUserOrg.getFirstName() + " " + simpleUserOrg.getLastName();
            String str3 = "<a href=\"" + this.configurationResource.get(URL_PUBLIC) + "\">" + this.configurationResource.get(URL_PUBLIC) + "</a>";
            mimeMessage.setHeader("Content-Type", "text/plain; charset=UTF-8");
            mimeMessage.setFrom(new InternetAddress(this.configurationResource.get(MESSAGE_FROM), this.configurationResource.get(MESSAGE_FROM_TITLE), "UTF-8"));
            for (int i = 0; i < simpleUserOrg.getMails().size(); i++) {
                internetAddressArr[i] = new InternetAddress((String) simpleUserOrg.getMails().get(i), str2, "UTF-8");
            }
            mimeMessage.setSubject(String.format(this.configurationResource.get(MESSAGE_NEW_SUBJECT), str2), "UTF-8");
            mimeMessage.setRecipients(Message.RecipientType.TO, internetAddressArr);
            mimeMessage.setContent(String.format(this.configurationResource.get(MESSAGE_NEW), str2, simpleUserOrg.getId(), str, str3, str2, simpleUserOrg.getId(), str, str3), "text/html; charset=UTF-8");
        });
    }

    protected IUserRepository getUser() {
        return this.iamProvider[0].getConfiguration().getUserRepository();
    }

    public String getKey() {
        return "feature:password";
    }
}
