package systems.dennis.auth.delegations.virtual;

import jakarta.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import systems.dennis.auth.client.LoginPassword;
import systems.dennis.auth.client.entity.UserData;
import systems.dennis.auth.config.AuthorizationDelegator;
import systems.dennis.auth.config.AuthorizeResponse;
import systems.dennis.auth.entity.VirtualLoginPassword;
import systems.dennis.auth.exception.UserIsBlockedException;
import systems.dennis.auth.exception.VirtualUserAuthorizationException;
import systems.dennis.auth.form.ChangePasswordForm;
import systems.dennis.auth.form.RegistrationForm;
import systems.dennis.auth.repository.UserDataRepository;
import systems.dennis.auth.repository.VirtualLoginPasswordRepo;
import systems.dennis.auth.role_validator.TokenProvider;
import systems.dennis.auth.service.AuthScopeService;
import systems.dennis.auth.util.PasswordService;
import systems.dennis.shared.auth_client.form.UserTokenDTO;
import systems.dennis.shared.config.WebContext;
import systems.dennis.shared.exceptions.AccessDeniedException;
import systems.dennis.shared.exceptions.AuthorizationFailedException;
import systems.dennis.shared.scopes.model.ScopeModel;

/* loaded from: input_file:systems/dennis/auth/delegations/virtual/VirtualUserAuthorizationDelegator.class */
public class VirtualUserAuthorizationDelegator implements AuthorizationDelegator {
    private static final Logger log = LoggerFactory.getLogger(VirtualUserAuthorizationDelegator.class);
    public static final String AUTH_TYPE_VIRTUAL = "VIRTUAL";

    @Override // systems.dennis.auth.config.AuthorizationDelegator
    public AuthorizeResponse authorize(HttpServletRequest httpServletRequest, LoginPassword loginPassword, WebContext.LocalWebContext localWebContext) {
        ScopeModel scopeFromRequest = ((AuthScopeService) localWebContext.getBean(AuthScopeService.class)).getScopeFromRequest(httpServletRequest, null, true);
        VirtualLoginPassword orElseThrow = ((VirtualLoginPasswordRepo) localWebContext.getBean(VirtualLoginPasswordRepo.class)).login(loginPassword.getLogin(), ((PasswordService) localWebContext.getBean(PasswordService.class)).toPassword(loginPassword.getPassword())).orElseThrow(() -> {
            return new AuthorizationFailedException(loginPassword.getLogin());
        });
        if (orElseThrow.getIsActive() != null && orElseThrow.getIsActive() == Boolean.FALSE) {
            throw new VirtualUserAuthorizationException("User " + loginPassword.getLogin() + " is blocked");
        }
        if (((UserData) ((UserDataRepository) localWebContext.getBean(UserDataRepository.class)).findById(orElseThrow.getUserDataId()).orElseThrow(() -> {
            return new VirtualUserAuthorizationException("User assigned to virtual user does not exist");
        })).getBlocked() == Boolean.TRUE) {
            throw new UserIsBlockedException(" User owning this virtual user is blocked");
        }
        return AuthorizeResponse.of(new DirectUserLoginAuthorization("VIRTUAL").authorize(loginPassword, localWebContext, scopeFromRequest), false);
    }

    @Override // systems.dennis.auth.config.AuthorizationDelegator
    public boolean shouldAuthorize(HttpServletRequest httpServletRequest, WebContext.LocalWebContext localWebContext) {
        if ("VIRTUAL".equals(httpServletRequest.getHeader(AuthorizationDelegator.AUTH_TYPE_HEADER))) {
            log.debug("Header AUTH-TYPE declares to use VirtualUserAuth");
            return true;
        }
        log.debug("Header AUTH-TYPE declares not to use VirtualUserAuth");
        return false;
    }

    @Override // systems.dennis.auth.config.AuthorizationDelegator
    public boolean blockUser(boolean z, Long l, WebContext.LocalWebContext localWebContext) {
        return true;
    }

    @Override // systems.dennis.auth.config.AuthorizationDelegator
    public boolean logout(String str, WebContext.LocalWebContext localWebContext, ScopeModel scopeModel) {
        ((TokenProvider) localWebContext.getBean(TokenProvider.class)).removeAuthToken(str, "VIRTUAL", scopeModel);
        return true;
    }

    @Override // systems.dennis.auth.config.AuthorizationDelegator
    public boolean register(RegistrationForm registrationForm, WebContext.LocalWebContext localWebContext, ScopeModel scopeModel, Long l) {
        throw new AccessDeniedException("registering virtual users is not possible");
    }

    @Override // systems.dennis.auth.config.AuthorizationDelegator
    public void validate(UserTokenDTO userTokenDTO, WebContext.LocalWebContext localWebContext) {
        userTokenDTO.validate(localWebContext);
        if (userTokenDTO.getUserData().getBlocked() == Boolean.TRUE) {
            throw new UserIsBlockedException("User is blocked");
        }
    }

    @Override // systems.dennis.auth.config.AuthorizationDelegator
    public boolean changePassword(HttpServletRequest httpServletRequest, WebContext.LocalWebContext localWebContext, ChangePasswordForm changePasswordForm, ScopeModel scopeModel) {
        throw new AccessDeniedException("changing password of virtual users is not possible");
    }

    @Override // systems.dennis.auth.config.AuthorizationDelegator
    public String forgetPassword(HttpServletRequest httpServletRequest, WebContext.LocalWebContext localWebContext, String str) {
        throw new AccessDeniedException("forget password of virtual users is not possible");
    }
}
