package org.molgenis.core.ui.admin.user;

import com.google.common.collect.Lists;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
import java.text.MessageFormat;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.validation.Valid;
import javax.validation.constraints.NotNull;
import org.apache.commons.lang3.StringUtils;
import org.molgenis.core.util.CountryCodes;
import org.molgenis.data.security.auth.User;
import org.molgenis.i18n.LanguageService;
import org.molgenis.security.settings.AuthenticationSettings;
import org.molgenis.security.twofactor.auth.TwoFactorAuthenticationSetting;
import org.molgenis.security.twofactor.service.RecoveryService;
import org.molgenis.security.twofactor.service.TwoFactorAuthenticationService;
import org.molgenis.security.user.MolgenisUserException;
import org.molgenis.security.user.UserAccountService;
import org.molgenis.web.ErrorMessageResponse;
import org.molgenis.web.PluginController;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpStatus;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.servlet.LocaleResolver;

@Api("User account")
@RequestMapping({UserAccountController.URI})
@Controller
/* loaded from: input_file:org/molgenis/core/ui/admin/user/UserAccountController.class */
public class UserAccountController extends PluginController {
    private static final Logger LOG = LoggerFactory.getLogger(UserAccountController.class);
    public static final String ID = "useraccount";
    public static final String URI = "/plugin/useraccount";
    private final UserAccountService userAccountService;
    private final RecoveryService recoveryService;
    private final TwoFactorAuthenticationService twoFactorAuthenticationService;
    private final AuthenticationSettings authenticationSettings;
    private final LocaleResolver localeResolver;

    public UserAccountController(UserAccountService userAccountService, RecoveryService recoveryService, TwoFactorAuthenticationService twoFactorAuthenticationService, AuthenticationSettings authenticationSettings, LocaleResolver localeResolver) {
        super(URI);
        this.userAccountService = (UserAccountService) Objects.requireNonNull(userAccountService);
        this.recoveryService = (RecoveryService) Objects.requireNonNull(recoveryService);
        this.twoFactorAuthenticationService = (TwoFactorAuthenticationService) Objects.requireNonNull(twoFactorAuthenticationService);
        this.authenticationSettings = (AuthenticationSettings) Objects.requireNonNull(authenticationSettings);
        this.localeResolver = (LocaleResolver) Objects.requireNonNull(localeResolver);
    }

    @ApiResponses({@ApiResponse(code = 200, message = "Return the view of the account", response = String.class)})
    @GetMapping
    @ApiOperation("Show account")
    public String showAccount(Model model, @RequestParam(value = "showCodes", defaultValue = "false") boolean z) {
        TwoFactorAuthenticationSetting twoFactorAuthentication = this.authenticationSettings.getTwoFactorAuthentication();
        boolean isTwoFactorAuthentication = this.userAccountService.getCurrentUser().isTwoFactorAuthentication();
        model.addAttribute("user", this.userAccountService.getCurrentUser());
        model.addAttribute("countries", CountryCodes.get());
        model.addAttribute("groups", Lists.newArrayList(this.userAccountService.getCurrentUserGroups()));
        model.addAttribute("min_password_length", 6);
        model.addAttribute("two_factor_authentication_app_option", twoFactorAuthentication);
        model.addAttribute("two_factor_authentication_user_enabled", Boolean.valueOf(isTwoFactorAuthentication));
        model.addAttribute("show_recovery_codes", Boolean.valueOf(z));
        return "view-useraccount";
    }

    @ApiResponses({@ApiResponse(code = 204, message = "Update succeeded"), @ApiResponse(code = 403, message = "Access denied. You need write permission on the UserAccount plugin", response = ErrorMessageResponse.class), @ApiResponse(code = 400, message = "Bad request. You need to provide a valid language code", response = ErrorMessageResponse.class)})
    @PostMapping(value = {"/language/update"}, produces = {"application/json"})
    @ApiOperation("Updates the selected user language")
    @ResponseStatus(HttpStatus.NO_CONTENT)
    public void updateUserLanguage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, @RequestParam("languageCode") String str) {
        if (!LanguageService.hasLanguageCode(str)) {
            throw new MolgenisUserException(MessageFormat.format("Unknown language code ''{0}''", str));
        }
        this.localeResolver.setLocale(httpServletRequest, httpServletResponse, new Locale(str));
    }

    @ApiResponses({@ApiResponse(code = 200, message = "Account is updated"), @ApiResponse(code = 400, message = "Invalid password entered", response = ErrorMessageResponse.class)})
    @PostMapping(value = {"/update"}, headers = {"Content-Type=application/x-www-form-urlencoded"})
    @ApiOperation("Updated the useraccount")
    @ResponseStatus(HttpStatus.NO_CONTENT)
    public void updateAccount(@NotNull @Valid AccountUpdateRequest accountUpdateRequest) {
        String validatePasswordInUpdateRequest = validatePasswordInUpdateRequest(accountUpdateRequest);
        User currentUser = this.userAccountService.getCurrentUser();
        if (StringUtils.isNotEmpty(validatePasswordInUpdateRequest)) {
            currentUser.setPassword(validatePasswordInUpdateRequest);
        }
        if (StringUtils.isNotEmpty(accountUpdateRequest.getPhone())) {
            currentUser.setPhone(accountUpdateRequest.getPhone());
        }
        if (StringUtils.isNotEmpty(accountUpdateRequest.getFax())) {
            currentUser.setFax(accountUpdateRequest.getFax());
        }
        if (StringUtils.isNotEmpty(accountUpdateRequest.getTollFreePhone())) {
            currentUser.setTollFreePhone(accountUpdateRequest.getTollFreePhone());
        }
        if (StringUtils.isNotEmpty(accountUpdateRequest.getAddress())) {
            currentUser.setAddress(accountUpdateRequest.getAddress());
        }
        if (StringUtils.isNotEmpty(accountUpdateRequest.getTitle())) {
            currentUser.setTitle(accountUpdateRequest.getTitle());
        }
        if (StringUtils.isNotEmpty(accountUpdateRequest.getFirstname())) {
            currentUser.setFirstName(accountUpdateRequest.getFirstname());
        }
        if (StringUtils.isNotEmpty(accountUpdateRequest.getMiddleNames())) {
            currentUser.setMiddleNames(accountUpdateRequest.getMiddleNames());
        }
        if (StringUtils.isNotEmpty(accountUpdateRequest.getLastname())) {
            currentUser.setLastName(accountUpdateRequest.getLastname());
        }
        if (StringUtils.isNotEmpty(accountUpdateRequest.getInstitute())) {
            currentUser.setAffiliation(accountUpdateRequest.getInstitute());
        }
        if (StringUtils.isNotEmpty(accountUpdateRequest.getDepartment())) {
            currentUser.setDepartment(accountUpdateRequest.getDepartment());
        }
        if (StringUtils.isNotEmpty(accountUpdateRequest.getPosition())) {
            currentUser.setRole(accountUpdateRequest.getPosition());
        }
        if (StringUtils.isNotEmpty(accountUpdateRequest.getCity())) {
            currentUser.setCity(accountUpdateRequest.getCity());
        }
        if (StringUtils.isNotEmpty(accountUpdateRequest.getCountry())) {
            currentUser.setCountry(CountryCodes.get(accountUpdateRequest.getCountry()));
        }
        this.userAccountService.updateCurrentUser(currentUser);
    }

    private String validatePasswordInUpdateRequest(@NotNull @Valid AccountUpdateRequest accountUpdateRequest) {
        String newpwd = accountUpdateRequest.getNewpwd();
        if (!StringUtils.isEmpty(newpwd)) {
            String oldpwd = accountUpdateRequest.getOldpwd();
            String newpwd2 = accountUpdateRequest.getNewpwd2();
            if (oldpwd == null || oldpwd.isEmpty()) {
                throw new MolgenisUserException("Please enter old password to update your password.");
            }
            if (!this.userAccountService.validateCurrentUserPassword(oldpwd)) {
                throw new MolgenisUserException("The password you entered is incorrect.");
            }
            if (!newpwd.equals(newpwd2)) {
                throw new MolgenisUserException("'New password' does not match 'Repeat new password'.");
            }
            if (newpwd.length() < 6) {
                throw new MolgenisUserException("New password must consist of at least 6 characters.");
            }
        }
        return newpwd;
    }

    @ApiResponses({@ApiResponse(code = 200, message = "Two factor authentication enabled"), @ApiResponse(code = 400, message = "Could not enable two factor authentication for user")})
    @PostMapping({"/2fa/enable"})
    @ApiOperation("Enable two factor authentication")
    public String enableTwoFactorAuthentication() {
        this.twoFactorAuthenticationService.enableForUser();
        return "redirect:/login";
    }

    @ApiResponses({@ApiResponse(code = 200, message = "Two factor authentication disabled"), @ApiResponse(code = 400, message = "Could not disable two factor authentication for user", response = ErrorMessageResponse.class)})
    @PostMapping({"/2fa/disable"})
    @ApiOperation("Disable two factor authentication")
    public String disableTwoFactorAuthentication(Model model) {
        this.twoFactorAuthenticationService.disableForUser();
        downgradeUserAuthentication();
        return showAccount(model, false);
    }

    @ApiResponses({@ApiResponse(code = 200, message = "Two factor authentication is reset"), @ApiResponse(code = 400, message = "Could not rest two factor authentication for user", response = ErrorMessageResponse.class)})
    @PostMapping({"/2fa/reset"})
    @ApiOperation("Reset two factor authentication")
    public String resetTwoFactorAuthentication() {
        this.twoFactorAuthenticationService.resetSecretForUser();
        return "redirect:/2fa/activation";
    }

    private void downgradeUserAuthentication() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), authentication.getAuthorities()));
    }

    @ApiResponses({@ApiResponse(code = 200, message = "Returns a list of recoverycodes", response = Map.class), @ApiResponse(code = 500, message = "Something went wrong retrieving the recoverycodes", response = ErrorMessageResponse.class)})
    @ApiOperation("Get recoverycodes for two factor authentication")
    @GetMapping({"recoveryCodes"})
    @ResponseBody
    public Map<String, List<String>> getRecoveryCodes() {
        return convertToRecoveryCodesMap((List) this.recoveryService.getRecoveryCodes().map((v0) -> {
            return v0.getCode();
        }).collect(Collectors.toList()));
    }

    @ApiResponses({@ApiResponse(code = 200, message = "Returns a list of generated recoverycodes", response = Map.class), @ApiResponse(code = 500, message = "Something went wrong generating the recoverycodes", response = ErrorMessageResponse.class)})
    @ApiOperation("Generate recoverycodes for two factor authentication")
    @GetMapping({"generateRecoveryCodes"})
    @ResponseBody
    public Map<String, List<String>> generateRecoveryCodes() {
        return convertToRecoveryCodesMap((List) this.recoveryService.generateRecoveryCodes().map((v0) -> {
            return v0.getCode();
        }).collect(Collectors.toList()));
    }

    private Map<String, List<String>> convertToRecoveryCodesMap(List<String> list) {
        HashMap hashMap = new HashMap();
        hashMap.put("recoveryCodes", list);
        return hashMap;
    }

    @ExceptionHandler({MolgenisUserException.class})
    @ResponseStatus(HttpStatus.BAD_REQUEST)
    @ResponseBody
    private ErrorMessageResponse handleMolgenisUserException(MolgenisUserException molgenisUserException) {
        LOG.debug("", molgenisUserException);
        return new ErrorMessageResponse(Collections.singletonList(new ErrorMessageResponse.ErrorMessage(molgenisUserException.getMessage())));
    }

    @ExceptionHandler({AccessDeniedException.class})
    @ResponseStatus(HttpStatus.FORBIDDEN)
    @ResponseBody
    private ErrorMessageResponse handleAccessDeniedException(AccessDeniedException accessDeniedException) {
        LOG.warn("Access denied", accessDeniedException);
        return new ErrorMessageResponse(Collections.singletonList(new ErrorMessageResponse.ErrorMessage(accessDeniedException.getMessage())));
    }

    @ResponseStatus(HttpStatus.INTERNAL_SERVER_ERROR)
    @ExceptionHandler({RuntimeException.class})
    @Order(Integer.MIN_VALUE)
    @ResponseBody
    private ErrorMessageResponse handleRuntimeException(RuntimeException runtimeException) {
        LOG.error("", runtimeException);
        return new ErrorMessageResponse(Collections.singletonList(new ErrorMessageResponse.ErrorMessage(runtimeException.getMessage())));
    }
}
