package systems.dennis.auth.controller;

import jakarta.servlet.http.HttpServletRequest;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.regex.Pattern;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;
import systems.dennis.auth.client.LoginPassword;
import systems.dennis.auth.client.entity.UserData;
import systems.dennis.auth.config.AuthorizationDelegator;
import systems.dennis.auth.config.AuthorizeResponse;
import systems.dennis.auth.delegations.ldap.LdapAuthorization;
import systems.dennis.auth.delegations.phone.PhoneAuthorizationDelegator;
import systems.dennis.auth.delegations.simple.DefaultAuthorizationDelegator;
import systems.dennis.auth.delegations.virtual.VirtualUserAuthorizationDelegator;
import systems.dennis.auth.entity.RefreshToken;
import systems.dennis.auth.exception.AuthorizationInvalidDelegator;
import systems.dennis.auth.exception.ChangePasswordException;
import systems.dennis.auth.exception.InvalidAuthenticatorCodeException;
import systems.dennis.auth.exception.InvalidPhoneNumberException;
import systems.dennis.auth.exception.LogoutException;
import systems.dennis.auth.exception.ScopeException;
import systems.dennis.auth.exception.VerificationException;
import systems.dennis.auth.form.ChangePasswordForm;
import systems.dennis.auth.form.RegistrationForm;
import systems.dennis.auth.mail.MailSender;
import systems.dennis.auth.model.VerificationTokenModel;
import systems.dennis.auth.repository.UserDataRepository;
import systems.dennis.auth.responses.Auth2FactorEnabled;
import systems.dennis.auth.service.AuthScopeService;
import systems.dennis.auth.service.LoginPasswordService;
import systems.dennis.auth.service.ProfilePageService;
import systems.dennis.auth.service.UserInScopeService;
import systems.dennis.auth.service.UserServiceImpl;
import systems.dennis.auth.service.VerificationTokenService;
import systems.dennis.shared.annotations.security.WithRole;
import systems.dennis.shared.auth_client.SecurityUtils;
import systems.dennis.shared.config.WebContext;
import systems.dennis.shared.exceptions.AuthorizationNotFoundException;
import systems.dennis.shared.exceptions.ItemNotFoundException;
import systems.dennis.shared.model.IDPresenter;
import systems.dennis.shared.scopes.model.ScopeModel;
import systems.dennis.shared.utils.ApplicationContext;

@RequestMapping({"/api/v3/auth"})
@RestController
@CrossOrigin(origins = {"*"})
/* loaded from: input_file:systems/dennis/auth/controller/AuthorizeControllerVersion2.class */
public class AuthorizeControllerVersion2 extends ApplicationContext {
    private static final Map<String, AuthorizationDelegator> delegatorMap = new HashMap();

    public AuthorizeControllerVersion2(WebContext webContext) {
        super(webContext);
    }

    public static void registerAuthorizationDelegator(String str, AuthorizationDelegator authorizationDelegator) {
        delegatorMap.put(str, authorizationDelegator);
    }

    @PostMapping(value = {"/login"}, produces = {"application/json"}, consumes = {"application/json"})
    @ResponseBody
    public AuthorizeResponse login(HttpServletRequest httpServletRequest, @RequestBody LoginPassword loginPassword) {
        for (AuthorizationDelegator authorizationDelegator : delegatorMap.values()) {
            if (authorizationDelegator.shouldAuthorize(httpServletRequest, getContext())) {
                return authorizationDelegator.authorize(httpServletRequest, loginPassword, getContext(), false);
            }
        }
        throw new AuthorizationInvalidDelegator("auth type not supported : " + httpServletRequest.getHeader(AuthorizationDelegator.AUTH_TYPE_HEADER) + " supported types: " + Arrays.toString(delegatorMap.keySet().toArray()));
    }

    @PostMapping(value = {"/request_login/{login}"}, produces = {"application/json"}, consumes = {"application/json"})
    @ResponseBody
    public AuthorizeResponse requestLogin(HttpServletRequest httpServletRequest, @PathVariable String str) {
        validatePhone(str);
        for (AuthorizationDelegator authorizationDelegator : delegatorMap.values()) {
            if (authorizationDelegator.shouldAuthorize(httpServletRequest, getContext())) {
                authorizationDelegator.requestAuthorization(httpServletRequest, getContext(), str);
                AuthorizeResponse authorizeResponse = new AuthorizeResponse();
                authorizeResponse.setSuccess(true);
                return authorizeResponse;
            }
        }
        throw new AuthorizationInvalidDelegator("auth type not supported : " + httpServletRequest.getHeader(AuthorizationDelegator.AUTH_TYPE_HEADER) + " supported types: " + Arrays.toString(delegatorMap.keySet().toArray()));
    }

    @PostMapping(value = {"/request_registration/{login}"}, produces = {"application/json"}, consumes = {"application/json"})
    @ResponseBody
    public AuthorizeResponse requestRegistration(HttpServletRequest httpServletRequest, @PathVariable String str) {
        validatePhone(str);
        for (AuthorizationDelegator authorizationDelegator : delegatorMap.values()) {
            if (authorizationDelegator.shouldAuthorize(httpServletRequest, getContext())) {
                authorizationDelegator.requestRegistration(httpServletRequest, getContext(), str);
                AuthorizeResponse authorizeResponse = new AuthorizeResponse();
                authorizeResponse.setSuccess(true);
                return authorizeResponse;
            }
        }
        throw new AuthorizationInvalidDelegator("auth type not supported : " + httpServletRequest.getHeader(AuthorizationDelegator.AUTH_TYPE_HEADER) + " supported types: " + Arrays.toString(delegatorMap.keySet().toArray()));
    }

    @PostMapping(value = {"/code/resend/{login}"}, produces = {"application/json"}, consumes = {"application/json"})
    @ResponseBody
    public AuthorizeResponse resendCode(HttpServletRequest httpServletRequest, @PathVariable String str, @RequestParam String str2) {
        validatePhone(str);
        for (AuthorizationDelegator authorizationDelegator : delegatorMap.values()) {
            if (authorizationDelegator.shouldAuthorize(httpServletRequest, getContext())) {
                authorizationDelegator.resendCode(httpServletRequest, getContext(), str, str2);
                AuthorizeResponse authorizeResponse = new AuthorizeResponse();
                authorizeResponse.setSuccess(true);
                return authorizeResponse;
            }
        }
        throw new AuthorizationInvalidDelegator("auth type not supported : " + httpServletRequest.getHeader(AuthorizationDelegator.AUTH_TYPE_HEADER) + " supported types: " + Arrays.toString(delegatorMap.keySet().toArray()));
    }

    @PostMapping(value = {"/register"}, produces = {"application/json"}, consumes = {"application/json"})
    public Boolean register(HttpServletRequest httpServletRequest, @RequestBody RegistrationForm registrationForm, @RequestParam(required = false) Long l) {
        ScopeModel scopeFromRequest = ((AuthScopeService) getBean(AuthScopeService.class)).getScopeFromRequest(httpServletRequest, null, true);
        ((AuthScopeService) getBean(AuthScopeService.class)).checkRegistrationAllowed(scopeFromRequest);
        registrationForm.setScope(scopeFromRequest);
        for (AuthorizationDelegator authorizationDelegator : delegatorMap.values()) {
            if (authorizationDelegator.shouldAuthorize(httpServletRequest, getContext())) {
                return Boolean.valueOf(authorizationDelegator.register(registrationForm, getContext(), scopeFromRequest, l));
            }
        }
        throw new AuthorizationInvalidDelegator("auth type not supported : " + httpServletRequest.getHeader(AuthorizationDelegator.AUTH_TYPE_HEADER) + " supported types: " + Arrays.toString(delegatorMap.keySet().toArray()));
    }

    @WithRole("ROLE_ADMIN")
    @PostMapping({"/block/{user}"})
    public boolean blockUser(HttpServletRequest httpServletRequest, @PathVariable("user") Long l) {
        for (AuthorizationDelegator authorizationDelegator : delegatorMap.values()) {
            if (authorizationDelegator.shouldAuthorize(httpServletRequest, getContext())) {
                return authorizationDelegator.blockUser(true, l, getContext());
            }
        }
        throw new AuthorizationInvalidDelegator("auth type not supported : " + httpServletRequest.getHeader(AuthorizationDelegator.AUTH_TYPE_HEADER) + " supported types: " + Arrays.toString(delegatorMap.keySet().toArray()));
    }

    @GetMapping({"/2factCode"})
    public Auth2FactorEnabled get2FactCode() {
        return ((UserServiceImpl) getBean(UserServiceImpl.class)).get2factorBarCodeForUser((LoginPasswordService) getBean(LoginPasswordService.class));
    }

    @PostMapping({"/2factCode"})
    public Auth2FactorEnabled set2FactEnabled(@RequestBody Auth2FactorEnabled auth2FactorEnabled) {
        UserServiceImpl userServiceImpl = (UserServiceImpl) getBean(UserServiceImpl.class);
        LoginPassword orElseThrow = ((LoginPasswordService) getBean(LoginPasswordService.class)).findUserByLogin(((SecurityUtils) getBean(SecurityUtils.class)).getLogin()).orElseThrow(() -> {
            return ItemNotFoundException.fromId("");
        });
        if (auth2FactorEnabled.getEnabled().booleanValue() && !userServiceImpl.getTOTPCode(orElseThrow).equalsIgnoreCase(auth2FactorEnabled.getCode())) {
            throw new InvalidAuthenticatorCodeException("global.exceptions.invalid_code");
        }
        Auth2FactorEnabled auth2FactorEnabled2 = new Auth2FactorEnabled();
        auth2FactorEnabled2.setCode(orElseThrow.getTwoFactorCode());
        auth2FactorEnabled2.setEnabled(auth2FactorEnabled.getEnabled());
        orElseThrow.setTwoFactor(auth2FactorEnabled.getEnabled());
        ((LoginPasswordService) getBean(LoginPasswordService.class)).m40getRepository().save(orElseThrow);
        auth2FactorEnabled2.setEnabled(auth2FactorEnabled.getEnabled());
        return auth2FactorEnabled2;
    }

    @PostMapping({"/logout"})
    public String logout(HttpServletRequest httpServletRequest) {
        ScopeModel scopeFromRequest = ((AuthScopeService) getBean(AuthScopeService.class)).getScopeFromRequest(httpServletRequest, (Long) getCurrentUser(), false);
        for (AuthorizationDelegator authorizationDelegator : delegatorMap.values()) {
            if (authorizationDelegator.shouldAuthorize(httpServletRequest, getContext())) {
                try {
                    return String.valueOf(authorizationDelegator.logout(((SecurityUtils) getBean(SecurityUtils.class)).get().getToken(), getContext(), scopeFromRequest));
                } catch (AuthorizationNotFoundException e) {
                    throw new LogoutException("No token on request. cannot logout");
                }
            }
        }
        throw new AuthorizationInvalidDelegator("auth type not supported : " + httpServletRequest.getHeader(AuthorizationDelegator.AUTH_TYPE_HEADER) + " supported types: " + Arrays.toString(delegatorMap.keySet().toArray()));
    }

    @PostMapping({"/password/reset"})
    public String changePassword(HttpServletRequest httpServletRequest, @RequestBody ChangePasswordForm changePasswordForm) {
        ScopeModel scopeFromRequest = ((AuthScopeService) getBean(AuthScopeService.class)).getScopeFromRequest(httpServletRequest, (Long) getCurrentUser(), false);
        for (AuthorizationDelegator authorizationDelegator : delegatorMap.values()) {
            if (authorizationDelegator.shouldAuthorize(httpServletRequest, getContext())) {
                try {
                    return String.valueOf(authorizationDelegator.changePassword(httpServletRequest, getContext(), changePasswordForm, scopeFromRequest));
                } catch (AuthorizationNotFoundException e) {
                    throw new ChangePasswordException("global.change_password.not_possible.wrong_auth", ((SecurityUtils) getContext().getBean(SecurityUtils.class)).get().getUserData().getEmail());
                }
            }
        }
        throw new AuthorizationInvalidDelegator("auth type not supported : " + httpServletRequest.getHeader(AuthorizationDelegator.AUTH_TYPE_HEADER) + " supported types: " + Arrays.toString(delegatorMap.keySet().toArray()));
    }

    @PostMapping({"/password/forgot/{login}"})
    public void forgot(@PathVariable("login") String str) {
        UserData orElseThrow = ((ProfilePageService) getContext().getBean(ProfilePageService.class)).findByLogin(str).orElseThrow(() -> {
            return ItemNotFoundException.fromId(str);
        });
        generateForgotAndSendForgotMessage(orElseThrow, ((VerificationTokenService) getBean(VerificationTokenService.class)).saveToken(orElseThrow, 30));
    }

    @PostMapping({"/password/send_temporary"})
    public String resetPassword(HttpServletRequest httpServletRequest, @RequestParam("login") String str, @RequestParam("token") String str2) {
        ((VerificationTokenService) getBean(VerificationTokenService.class)).validateVerificationToken(str2);
        for (AuthorizationDelegator authorizationDelegator : delegatorMap.values()) {
            if (authorizationDelegator.shouldAuthorize(httpServletRequest, getContext())) {
                try {
                    String valueOf = String.valueOf(authorizationDelegator.forgetPassword(httpServletRequest, getContext(), str));
                    ((VerificationTokenService) getBean(VerificationTokenService.class)).deleteToken(str2);
                    return valueOf;
                } catch (AuthorizationNotFoundException e) {
                    throw new LogoutException("No token on request. cannot logout");
                }
            }
        }
        throw new AuthorizationInvalidDelegator("auth type not supported : " + httpServletRequest.getHeader(AuthorizationDelegator.AUTH_TYPE_HEADER) + " supported types: " + Arrays.toString(delegatorMap.keySet().toArray()));
    }

    @PostMapping({"/verification/verify_scope"})
    public Boolean verify(@RequestParam("token") String str, @RequestParam("scope") String str2) {
        ((VerificationTokenService) getBean(VerificationTokenService.class)).validateVerificationToken(str);
        IDPresenter byToken = ((VerificationTokenService) getBean(VerificationTokenService.class)).getByToken(str);
        UserData userData = byToken.getUserData();
        if (Objects.nonNull(userData.getVerified()) && userData.getVerified().booleanValue()) {
            throw new VerificationException("global.exceptions.user_already_verified");
        }
        userData.setVerified(true);
        ((UserDataRepository) getBean(UserDataRepository.class)).save(userData);
        byToken.setExpirationDate(new Date());
        ((VerificationTokenService) getBean(VerificationTokenService.class)).save(byToken);
        return true;
    }

    @PostMapping({"/verification/resend"})
    public Boolean resendVerification(@RequestParam("email") String str, @RequestParam("scope") String str2) {
        UserData orElseThrow = ((ProfilePageService) getBean(ProfilePageService.class)).findByLogin(str).orElseThrow(() -> {
            return ItemNotFoundException.fromId(str);
        });
        ScopeModel findByName = ((AuthScopeService) getBean(AuthScopeService.class)).findByName(str2, orElseThrow.getId(), false);
        if (!((UserInScopeService) getBean(UserInScopeService.class)).isRelationExist(orElseThrow, findByName)) {
            throw new ScopeException("global.exception.user_not_in_scope");
        }
        ((VerificationTokenService) getBean(VerificationTokenService.class)).deleteActiveTokens(orElseThrow);
        ((UserInScopeService) getBean(UserInScopeService.class)).sendVerificationEmail(findByName, orElseThrow);
        return true;
    }

    private void generateForgotAndSendForgotMessage(UserData userData, VerificationTokenModel verificationTokenModel) {
        String str = ((AuthScopeService) getBean(AuthScopeService.class)).getScopeFromRequest(getContext().getRequest(), userData.getId(), false).getUrl() + getPasswordForgotPath() + "?login=" + userData.getLogin() + "&token=" + verificationTokenModel.getToken();
        String str2 = userData.getPreferredLanguage() + "/forgot_password.html";
        HashMap hashMap = new HashMap();
        hashMap.put("passwordLink", str);
        ((MailSender) getBean(MailSender.class)).sendMail(Collections.singletonList(userData.getEmail()), ((MailSender) getBean(MailSender.class)).processHtmlTemplate(str2, hashMap), getContext().getMessageTranslation("email.forgot_password.title", userData.getPreferredLanguage()));
    }

    @PostMapping(value = {"/refresh"}, produces = {"application/json"}, consumes = {"application/json"})
    @ResponseBody
    public AuthorizeResponse refresh(HttpServletRequest httpServletRequest, @RequestBody RefreshToken refreshToken) {
        for (AuthorizationDelegator authorizationDelegator : delegatorMap.values()) {
            if (authorizationDelegator.shouldAuthorize(httpServletRequest, getContext())) {
                return authorizationDelegator.refreshToken(httpServletRequest, refreshToken.getRefreshToken(), getContext());
            }
        }
        throw new AuthorizationInvalidDelegator("auth type not supported : " + httpServletRequest.getHeader(AuthorizationDelegator.AUTH_TYPE_HEADER) + " supported types: " + Arrays.toString(delegatorMap.keySet().toArray()));
    }

    private String getBaseUrl() {
        return (String) getContext().getEnv("app.settings.site.self.ui");
    }

    private String getPasswordForgotPath() {
        return (String) getContext().getEnv("app.password.reset.path", "/forgot_password");
    }

    private void validatePhone(String str) {
        if (!Pattern.compile("^(\\+\\d{1,3}( )?)?((\\(\\d{3}\\))|\\d{3})[- .]?\\d{3}[- .]?\\d{4}$").matcher(String.valueOf(str)).matches()) {
            throw new InvalidPhoneNumberException("invalid.phone.number.format");
        }
    }

    static {
        registerAuthorizationDelegator("DEFAULT", new DefaultAuthorizationDelegator());
        registerAuthorizationDelegator("VIRTUAL", new VirtualUserAuthorizationDelegator());
        registerAuthorizationDelegator("LDAP", new LdapAuthorization());
        registerAuthorizationDelegator(PhoneAuthorizationDelegator.AUTH_TYPE_PHONE, new PhoneAuthorizationDelegator());
    }
}
