package systems.dennis.auth.delegations.simple;

import jakarta.servlet.http.HttpServletRequest;
import java.rmi.AccessException;
import java.util.Date;
import java.util.Objects;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import systems.dennis.auth.client.LoginPassword;
import systems.dennis.auth.client.entity.UserData;
import systems.dennis.auth.client.utils.AuthenticationService;
import systems.dennis.auth.config.AuthorizationDelegator;
import systems.dennis.auth.config.AuthorizeResponse;
import systems.dennis.auth.entity.ActiveToken;
import systems.dennis.auth.exception.UserIsBlockedException;
import systems.dennis.auth.form.ChangePasswordForm;
import systems.dennis.auth.form.RegistrationForm;
import systems.dennis.auth.model.InvitationModel;
import systems.dennis.auth.repository.ActiveTokensRepo;
import systems.dennis.auth.repository.UserDataRepository;
import systems.dennis.auth.role_validator.TokenProvider;
import systems.dennis.auth.service.AuthScopeService;
import systems.dennis.auth.service.ChangePasswordServiceImpl;
import systems.dennis.auth.service.InvitationService;
import systems.dennis.auth.service.LoginPasswordService;
import systems.dennis.auth.service.ProfilePageService;
import systems.dennis.auth.service.UserInScopeService;
import systems.dennis.shared.auth_client.SecurityUtils;
import systems.dennis.shared.auth_client.form.UserTokenDTO;
import systems.dennis.shared.config.WebContext;
import systems.dennis.shared.controller.forms.ValidateForm;
import systems.dennis.shared.exceptions.AuthorizationFailedException;
import systems.dennis.shared.exceptions.ItemNotFoundException;
import systems.dennis.shared.exceptions.StandardException;
import systems.dennis.shared.exceptions.ValidationFailedException;
import systems.dennis.shared.scopes.model.ScopeModel;
import systems.dennis.shared.servers.providers.ServerTypeProvider;
import systems.dennis.shared.servers.repository.ServerConfigRepo;

/* loaded from: input_file:systems/dennis/auth/delegations/simple/DefaultAuthorizationDelegator.class */
public class DefaultAuthorizationDelegator implements AuthorizationDelegator {
    private static final Logger log = LoggerFactory.getLogger(DefaultAuthorizationDelegator.class);
    public static final String AUTH_TYPE_DEFAULT = "DEFAULT";

    @Override // systems.dennis.auth.config.AuthorizationDelegator
    public AuthorizeResponse authorize(HttpServletRequest httpServletRequest, LoginPassword loginPassword, WebContext.LocalWebContext localWebContext) {
        UserData orElseThrow = ((ProfilePageService) localWebContext.getBean(ProfilePageService.class)).findByLogin(loginPassword.getLogin()).orElseThrow(() -> {
            return ItemNotFoundException.fromId(loginPassword.getLogin());
        });
        ScopeModel scopeFromRequest = ((AuthScopeService) localWebContext.getBean(AuthScopeService.class)).getScopeFromRequest(httpServletRequest, orElseThrow.getId(), false);
        ((ProfilePageService) localWebContext.getBean(ProfilePageService.class)).checkVerifiedUser(orElseThrow, scopeFromRequest);
        UserTokenDTO authorize = new SimpleTokenAuthorization().authorize(loginPassword, localWebContext, scopeFromRequest);
        if (authorize == null) {
            log.debug("Authorization failed. We throw authorization exception");
            invokeAuthError(loginPassword);
        }
        return AuthorizeResponse.of(authorize, false);
    }

    private void invokeAuthError(LoginPassword loginPassword) {
        throw new AuthorizationFailedException(loginPassword.getLogin());
    }

    @Override // systems.dennis.auth.config.AuthorizationDelegator
    public boolean shouldAuthorize(HttpServletRequest httpServletRequest, WebContext.LocalWebContext localWebContext) {
        if (httpServletRequest.getHeader(AuthorizationDelegator.AUTH_TYPE_HEADER) != null && !"DEFAULT".equals(httpServletRequest.getHeader(AuthorizationDelegator.AUTH_TYPE_HEADER))) {
            log.debug("Header AUTH-TYPE declares not to use DefaultAuthorizationDelegator");
            return false;
        }
        log.debug("Header AUTH-TYPE declares to use DefaultAuthorizationDelegator");
        if (((ServerConfigRepo) localWebContext.getBean(ServerConfigRepo.class)).filteredFirst(localWebContext.getDataFilterProvider().eq("active", true).and(localWebContext.getDataFilterProvider().eq("type", ServerTypeProvider.LDAP))).orElse(null) != null) {
            throw new AuthorizationFailedException("LDAP CONFIG is active. Default authorization is not possible");
        }
        return true;
    }

    @Override // systems.dennis.auth.config.AuthorizationDelegator
    public boolean blockUser(boolean z, Long l, WebContext.LocalWebContext localWebContext) {
        UserDataRepository userDataRepository = (UserDataRepository) localWebContext.getBean(UserDataRepository.class);
        userDataRepository.save((UserData) userDataRepository.findById(l).orElseThrow(() -> {
            return ItemNotFoundException.fromId(l);
        }));
        for (ActiveToken activeToken : ((ActiveTokensRepo) localWebContext.getBean(ActiveTokensRepo.class)).findByUserDataIdAndActiveIsTrueAndDueGreaterThan(l, new Date())) {
            logout(activeToken.getToken(), localWebContext, activeToken.getScope());
        }
        return true;
    }

    @Override // systems.dennis.auth.config.AuthorizationDelegator
    public boolean logout(String str, WebContext.LocalWebContext localWebContext, ScopeModel scopeModel) {
        ((TokenProvider) localWebContext.getBean(TokenProvider.class)).removeAuthToken(str, "DEFAULT", scopeModel);
        return true;
    }

    @Override // systems.dennis.auth.config.AuthorizationDelegator
    public boolean register(RegistrationForm registrationForm, WebContext.LocalWebContext localWebContext, ScopeModel scopeModel, Long l) {
        try {
            validateForm(registrationForm, localWebContext, scopeModel, l);
            InvitationModel invitationModel = null;
            if (l != null && l.longValue() > 0) {
                invitationModel = (InvitationModel) ((InvitationService) localWebContext.getBean(InvitationService.class)).findByIdOrThrow(l);
                ((InvitationService) localWebContext.getBean(InvitationService.class)).accept(invitationModel);
            }
            LoginPasswordService loginPasswordService = (LoginPasswordService) localWebContext.getBean(LoginPasswordService.class);
            LoginPassword orSavePassword = getOrSavePassword(registrationForm, localWebContext);
            UserData orSaveUser = getOrSaveUser(registrationForm, localWebContext);
            if (Objects.nonNull(invitationModel)) {
                ((InvitationService) localWebContext.getBean(InvitationService.class)).addUserToScope(invitationModel);
                return true;
            }
            ((UserInScopeService) localWebContext.getBean(UserInScopeService.class)).generateAndSave(orSaveUser, scopeModel);
            loginPasswordService.saveUserRoles(orSavePassword, scopeModel);
            return true;
        } catch (Exception e) {
            log.error("error on save user data " + registrationForm.getEmail(), e);
            throw new AccessException("Cannot register", e);
        } catch (ValidationFailedException | StandardException e2) {
            throw e2;
        }
    }

    protected void validateForm(RegistrationForm registrationForm, WebContext.LocalWebContext localWebContext, ScopeModel scopeModel, Long l) {
        ValidateForm validateForm = () -> {
            return localWebContext;
        };
        validateForm.validate(registrationForm, false, LoginPasswordService.class);
    }

    @Override // systems.dennis.auth.config.AuthorizationDelegator
    public void validate(UserTokenDTO userTokenDTO, WebContext.LocalWebContext localWebContext) {
        userTokenDTO.validate(localWebContext);
        if (userTokenDTO.getUserData().getBlocked() == Boolean.TRUE) {
            throw new UserIsBlockedException("User is blocked");
        }
    }

    @Override // systems.dennis.auth.config.AuthorizationDelegator
    public boolean changePassword(HttpServletRequest httpServletRequest, WebContext.LocalWebContext localWebContext, ChangePasswordForm changePasswordForm, ScopeModel scopeModel) {
        if (!Objects.equals(changePasswordForm.getPassword(), changePasswordForm.getRepeatPassword())) {
            throw new AuthorizationFailedException("global.exceptions.incorrect_password");
        }
        LoginPassword loginPassword = new LoginPassword();
        loginPassword.setPassword(changePasswordForm.getCurrentPassword());
        loginPassword.setLogin(((SecurityUtils) localWebContext.getBean(SecurityUtils.class)).get().getUserData().getLogin());
        loginPassword.setTwoFactorCode(changePasswordForm.getTwoFactorCode());
        try {
            authorize(httpServletRequest, loginPassword, localWebContext);
            loginPassword.setPassword(changePasswordForm.getPassword());
            ((ChangePasswordServiceImpl) localWebContext.getBean(ChangePasswordServiceImpl.class)).changePassword(loginPassword);
            return true;
        } catch (Exception e) {
            throw new AuthorizationFailedException(loginPassword.getLogin());
        }
    }

    @Override // systems.dennis.auth.config.AuthorizationDelegator
    public String forgetPassword(HttpServletRequest httpServletRequest, WebContext.LocalWebContext localWebContext, String str) {
        return ((AuthenticationService) localWebContext.getBean(AuthenticationService.class)).restore(str, localWebContext);
    }

    private LoginPassword getOrSavePassword(RegistrationForm registrationForm, WebContext.LocalWebContext localWebContext) {
        LoginPasswordService loginPasswordService = (LoginPasswordService) localWebContext.getBean(LoginPasswordService.class);
        Optional<LoginPassword> findUserByLogin = loginPasswordService.findUserByLogin(registrationForm.getEmail());
        if (findUserByLogin.isPresent()) {
            return findUserByLogin.get();
        }
        LoginPassword loginPassword = new LoginPassword();
        loginPassword.setLogin(registrationForm.getEmail());
        loginPassword.setPassword(registrationForm.getPassword());
        return loginPasswordService.save(loginPassword);
    }

    private UserData getOrSaveUser(RegistrationForm registrationForm, WebContext.LocalWebContext localWebContext) {
        Optional<UserData> findByEmail = ((ProfilePageService) localWebContext.getBean(ProfilePageService.class)).findByEmail(registrationForm.getEmail());
        if (findByEmail.isPresent()) {
            return findByEmail.get();
        }
        UserData saveUserData = ((LoginPasswordService) localWebContext.getBean(LoginPasswordService.class)).saveUserData(registrationForm);
        ((AuthScopeService) localWebContext.getBean(AuthScopeService.class)).generateAndSaveUserScope(saveUserData);
        return saveUserData;
    }
}
