package org.apache.kylin.rest.controller;

import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import io.swagger.annotations.ApiOperation;
import java.io.IOException;
import java.nio.charset.Charset;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Objects;
import java.util.Set;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.kylin.common.KylinConfig;
import org.apache.kylin.common.exception.KylinException;
import org.apache.kylin.common.exception.ServerErrorCode;
import org.apache.kylin.common.exception.code.ErrorCodeServer;
import org.apache.kylin.common.msg.Message;
import org.apache.kylin.common.msg.MsgPicker;
import org.apache.kylin.common.persistence.transaction.AclTCRRevokeEventNotifier;
import org.apache.kylin.common.scheduler.EventBusFactory;
import org.apache.kylin.common.util.RandomUtil;
import org.apache.kylin.metadata.user.ManagedUser;
import org.apache.kylin.rest.config.initialize.AfterMetadataReadyEvent;
import org.apache.kylin.rest.exception.UnauthorizedException;
import org.apache.kylin.rest.request.PasswordChangeRequest;
import org.apache.kylin.rest.request.UserRequest;
import org.apache.kylin.rest.response.DataResult;
import org.apache.kylin.rest.response.EnvelopeResponse;
import org.apache.kylin.rest.response.ManagedUserResponse;
import org.apache.kylin.rest.security.AclPermission;
import org.apache.kylin.rest.service.AccessService;
import org.apache.kylin.rest.service.AclTCRService;
import org.apache.kylin.rest.service.IUserGroupService;
import org.apache.kylin.rest.service.OpenUserService;
import org.apache.kylin.rest.service.UserAclService;
import org.apache.kylin.rest.service.UserService;
import org.apache.kylin.rest.util.AclEvaluate;
import org.apache.kylin.rest.util.CreateAdminUserUtils;
import org.apache.kylin.rest.util.PagingUtil;
import org.apache.kylin.util.PasswordEncodeFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.ApplicationListener;
import org.springframework.core.env.Environment;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.PutMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

@RequestMapping(value = {"/api/user"}, produces = {"application/vnd.apache.kylin-v4+json"})
@Controller
/* loaded from: input_file:org/apache/kylin/rest/controller/NUserController.class */
public class NUserController extends NBasicController implements ApplicationListener<AfterMetadataReadyEvent> {
    private static final String PROFILE_DEFAULT = "testing";
    private static final String PROFILE_CUSTOM = "custom";

    @Autowired
    @Qualifier("userService")
    private UserService userService;

    @Autowired
    private AclEvaluate aclEvaluate;

    @Autowired
    @Qualifier("accessService")
    private AccessService accessService;

    @Autowired
    @Qualifier("aclTCRService")
    private AclTCRService aclTCRService;

    @Autowired
    @Qualifier("userGroupService")
    private IUserGroupService userGroupService;

    @Autowired
    @Qualifier("userAclService")
    UserAclService userAclService;

    @Autowired
    private Environment env;
    private static final Logger logger = LoggerFactory.getLogger(NUserController.class);
    private static final Pattern passwordPattern = Pattern.compile("^(?=.*\\d)(?=.*[a-zA-Z])(?=.*[~!@#$%^&*(){}|:\"<>?\\[\\];',./`]).{8,}$");
    private static final Pattern bcryptPattern = Pattern.compile("\\A\\$2a?\\$\\d\\d\\$[./0-9A-Za-z]{53}");
    private static final Pattern base64Pattern = Pattern.compile("^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{4}|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{2}==)$");
    private static final PasswordEncoder pwdEncoder = PasswordEncodeFactory.newUserPasswordEncoder();
    private static final SimpleGrantedAuthority ALL_USERS_AUTH = new SimpleGrantedAuthority("ALL_USERS");

    public void onApplicationEvent(AfterMetadataReadyEvent afterMetadataReadyEvent) {
        if (KylinConfig.getInstanceFromEnv().isUTEnv()) {
            CreateAdminUserUtils.createAllAdmins(this.userService, this.env);
        }
    }

    @PostMapping({""})
    @ApiOperation(value = "createUser", tags = {"MID"}, notes = "Update Body: default_password, locked_time, wrong_time, first_login_failed_time")
    @PreAuthorize("hasRole('ROLE_ADMIN')")
    @ResponseBody
    public EnvelopeResponse<String> createUser(@RequestBody UserRequest userRequest) throws IOException {
        checkRequiredArg("disabled", userRequest.getDisabled());
        checkUsername(userRequest.getUsername());
        checkRequiredArg("password", userRequest.getPassword());
        String pwdBase64Decode = pwdBase64Decode(userRequest.getPassword());
        checkPasswordLength(pwdBase64Decode);
        checkPasswordCharacter(pwdBase64Decode);
        userRequest.setPassword(pwdBase64Decode);
        List<SimpleGrantedAuthority> transformSimpleGrantedAuthorities = userRequest.transformSimpleGrantedAuthorities();
        checkUserGroupNotEmpty(transformSimpleGrantedAuthorities);
        checkUserGroupExists(transformSimpleGrantedAuthorities, this.userGroupService.getAllUserGroups());
        checkUserGroupNotDuplicated(transformSimpleGrantedAuthorities);
        return createAdminUser(userRequest.updateManager(new ManagedUser()));
    }

    @PreAuthorize("hasRole('ROLE_ADMIN')")
    public EnvelopeResponse<String> createAdminUser(@RequestBody ManagedUser managedUser) {
        checkProfile();
        managedUser.setUuid(RandomUtil.randomUUIDStr());
        managedUser.setPassword(pwdEncode(managedUser.getPassword()));
        logger.info("Creating user: {}", managedUser);
        completeAuthorities(managedUser);
        managedUser.setDefaultPassword(true);
        this.userService.createUser(managedUser);
        return new EnvelopeResponse<>("000", "", "");
    }

    @PutMapping({""})
    @ApiOperation(value = "updateUser", tags = {"MID"}, notes = "Update Body: default_password, locked_time, wrong_time, first_login_failed_time")
    @PreAuthorize("hasRole('ROLE_ADMIN')")
    @ResponseBody
    public EnvelopeResponse<String> updateUser(@RequestBody UserRequest userRequest) throws IOException {
        Message msg = MsgPicker.getMsg();
        checkProfile();
        String username = userRequest.getUsername();
        checkUsername(username);
        ManagedUser managedUser = getManagedUser(username);
        ManagedUser updateManager = userRequest.updateManager(managedUser);
        if (StringUtils.equals(getPrincipal(), updateManager.getUsername()) && updateManager.isDisabled()) {
            throw new KylinException(ServerErrorCode.FAILED_UPDATE_USER, msg.getSelfDisableForbidden());
        }
        if (StringUtils.equals(getPrincipal(), userRequest.getUsername())) {
            Set set = (Set) updateManager.getAuthorities().stream().map((v0) -> {
                return v0.getAuthority();
            }).collect(Collectors.toSet());
            Set listUserGroups = this.userGroupService.listUserGroups(updateManager.getUsername());
            if ((set.size() == listUserGroups.size() && set.containsAll(listUserGroups)) ? false : true) {
                throw new KylinException(ServerErrorCode.FAILED_UPDATE_USER, msg.getSelfEditForbidden());
            }
        }
        if (managedUser == null) {
            throw new KylinException(ServerErrorCode.USER_NOT_EXIST, String.format(Locale.ROOT, msg.getUserNotFound(), username));
        }
        if (updateManager.getAuthorities() == null || updateManager.getAuthorities().isEmpty()) {
            updateManager.setGrantedAuthorities(managedUser.getAuthorities());
        }
        updateManager.setPassword(pwdBase64Decode(updateManager.getPassword()));
        if (!updateManager.isDefaultPassword()) {
            checkPasswordLength(updateManager.getPassword());
            checkPasswordCharacter(updateManager.getPassword());
        }
        updateManager.setPassword(pwdEncode(updateManager.getPassword()));
        checkUserGroupExists(updateManager.getAuthorities(), this.userGroupService.getAllUserGroups());
        checkUserGroupNotDuplicated(updateManager.getAuthorities());
        completeAuthorities(updateManager);
        this.accessService.checkDefaultAdmin(updateManager.getUsername(), updateManager.getAuthorities().contains(new SimpleGrantedAuthority("ROLE_ADMIN")));
        logger.info("Saving user {}", updateManager);
        this.userService.updateUser(updateManager);
        return new EnvelopeResponse<>("000", "", "");
    }

    @ApiOperation(value = "deleteUser", tags = {"MID"})
    @PreAuthorize("hasRole('ROLE_ADMIN')")
    @DeleteMapping({"/{uuid:.+}"})
    @ResponseBody
    public EnvelopeResponse<String> deleteByUUID(@PathVariable("uuid") String str) {
        Message msg = MsgPicker.getMsg();
        checkProfile();
        ManagedUser managedUser = null;
        try {
            managedUser = (ManagedUser) this.userService.listUsers().parallelStream().filter(managedUser2 -> {
                return str.equalsIgnoreCase(managedUser2.getUuid());
            }).findAny().orElse(null);
        } catch (IOException e) {
            logger.error("List all users is failed!", e);
        }
        if (Objects.isNull(managedUser)) {
            throw new KylinException(ServerErrorCode.USER_NOT_EXIST, String.format(Locale.ROOT, msg.getUserNotExist(), str));
        }
        if (StringUtils.equals(getPrincipal(), managedUser.getUsername())) {
            throw new KylinException(ServerErrorCode.FAILED_UPDATE_USER, msg.getSelfDeleteForbidden());
        }
        this.accessService.checkDefaultAdmin(managedUser.getUsername(), false);
        this.accessService.revokeProjectPermission(managedUser.getUsername(), "user");
        this.aclTCRService.revokeAclTCR(managedUser.getUsername(), true);
        EventBusFactory.getInstance().postAsync(new AclTCRRevokeEventNotifier(managedUser.getUsername(), true));
        this.userService.deleteUser(managedUser.getUsername());
        return new EnvelopeResponse<>("000", "", "");
    }

    @ApiOperation(value = "deleteUser", tags = {"MID"})
    @PreAuthorize("hasRole('ROLE_ADMIN')")
    @DeleteMapping({"/batch"})
    @ResponseBody
    public EnvelopeResponse<String> batchDelete(@RequestBody List<String> list) throws IOException {
        Message msg = MsgPicker.getMsg();
        checkProfile();
        list.forEach(this::checkUsername);
        String principal = getPrincipal();
        list.forEach(str -> {
            if (StringUtils.equals(principal, str)) {
                throw new KylinException(ServerErrorCode.FAILED_UPDATE_USER, msg.getSelfDeleteForbidden());
            }
        });
        List listUsers = this.userService.listUsers();
        List list2 = (List) list.stream().filter(str2 -> {
            return listUsers.stream().map((v0) -> {
                return v0.getUsername();
            }).noneMatch(str2 -> {
                return str2.equalsIgnoreCase(str2);
            });
        }).collect(Collectors.toList());
        if (list2.size() > 0) {
            throw new KylinException(ServerErrorCode.USER_NOT_EXIST, String.format(Locale.ROOT, msg.getUserNotFound(), String.join(",", list2)));
        }
        list.forEach(str3 -> {
            this.accessService.checkDefaultAdmin(str3, false);
            this.accessService.revokeProjectPermission(str3, "user");
            this.aclTCRService.revokeAclTCR(str3, true);
            EventBusFactory.getInstance().postAsync(new AclTCRRevokeEventNotifier(str3, true));
            this.userService.deleteUser(str3);
        });
        return new EnvelopeResponse<>("000", "", "");
    }

    @PostMapping({"/batch"})
    @ApiOperation(value = "createUser", tags = {"MID"}, notes = "Update Body: default_password, locked_time, wrong_time, first_login_failed_time")
    @PreAuthorize("hasRole('ROLE_ADMIN')")
    @ResponseBody
    public EnvelopeResponse<String> batchCreate(@RequestBody List<UserRequest> list) throws IOException {
        Iterator<UserRequest> it = list.iterator();
        while (it.hasNext()) {
            createUser(it.next());
        }
        return new EnvelopeResponse<>("000", "", "");
    }

    @PreAuthorize("hasRole('ROLE_ADMIN')")
    public EnvelopeResponse<String> delete(@PathVariable("username") String str) {
        Message msg = MsgPicker.getMsg();
        checkProfile();
        checkUsername(str);
        ManagedUser managedUser = null;
        try {
            managedUser = getManagedUser(str);
        } catch (UsernameNotFoundException e) {
            logger.warn("Delete user failed, user {} not found.", str);
        }
        if (Objects.isNull(managedUser)) {
            throw new KylinException(ServerErrorCode.USER_NOT_EXIST, String.format(Locale.ROOT, msg.getUserNotFound(), str));
        }
        if (StringUtils.equals(getPrincipal(), str)) {
            throw new KylinException(ServerErrorCode.FAILED_UPDATE_USER, msg.getSelfDeleteForbidden());
        }
        this.accessService.checkDefaultAdmin(str, false);
        this.accessService.revokeProjectPermission(str, "user");
        this.aclTCRService.revokeAclTCR(str, true);
        EventBusFactory.getInstance().postAsync(new AclTCRRevokeEventNotifier(str, true));
        this.userService.deleteUser(str);
        return new EnvelopeResponse<>("000", "", "");
    }

    @ApiOperation(value = "listAllUsers", tags = {"MID"}, notes = "Update Param: is_case_sensitive, page_offset, page_size; Update Response: total_size")
    @PreAuthorize("hasRole('ROLE_ADMIN')")
    @GetMapping({""})
    @ResponseBody
    public EnvelopeResponse<DataResult<List<ManagedUserResponse>>> listAllUsers(@RequestParam(value = "name", required = false) String str, @RequestParam(value = "is_case_sensitive", required = false) boolean z, @RequestParam(value = "page_offset", required = false, defaultValue = "0") Integer num, @RequestParam(value = "page_size", required = false, defaultValue = "10") Integer num2) throws IOException {
        List managedUsersByFuzzMatching = this.userService.getManagedUsersByFuzzMatching(str, z);
        List<ManagedUser> cutPage = PagingUtil.cutPage(managedUsersByFuzzMatching, num.intValue(), num2.intValue());
        if (this.userService instanceof OpenUserService) {
            this.userService.listAdminUsers();
        }
        List listSuperAdminUsers = this.userService.listSuperAdminUsers();
        ArrayList arrayList = new ArrayList();
        for (ManagedUser managedUser : cutPage) {
            ManagedUserResponse managedUserResponse = new ManagedUserResponse();
            managedUserResponse.setManagedUser(managedUser);
            this.userService.completeUserInfo(managedUser);
            if (this.userService.isGlobalAdmin(managedUser.getUsername()) && this.userAclService.hasUserAclPermission(managedUser.getUsername(), AclPermission.DATA_QUERY)) {
                managedUserResponse.setHasQueryPermission(true);
            }
            if (managedUserResponse.isHasQueryPermission() && CollectionUtils.isNotEmpty(listSuperAdminUsers)) {
                managedUserResponse.setSuperAdmin(listSuperAdminUsers.stream().anyMatch(str2 -> {
                    return StringUtils.equalsIgnoreCase(str2, managedUser.getUsername());
                }));
            }
            arrayList.add(managedUserResponse);
        }
        return new EnvelopeResponse<>("000", new DataResult(arrayList, managedUsersByFuzzMatching == null ? 0 : managedUsersByFuzzMatching.size(), num.intValue(), num2.intValue()), "");
    }

    @GetMapping({"/super_admin"})
    @ApiOperation(value = "listSuperAdmin", tags = {"MID"})
    @ResponseBody
    public EnvelopeResponse<List<String>> listSuperAdmin() {
        return new EnvelopeResponse<>("000", this.userService.listSuperAdminUsers(), "");
    }

    @PutMapping({"/password"})
    @ApiOperation(value = "changePassword", tags = {"MID"})
    @ResponseBody
    public EnvelopeResponse<String> updateUserPassword(@RequestBody PasswordChangeRequest passwordChangeRequest) {
        Message msg = MsgPicker.getMsg();
        String username = passwordChangeRequest.getUsername();
        if (!isAdmin() && !StringUtils.equals(getPrincipal(), username)) {
            throw new KylinException(ServerErrorCode.PERMISSION_DENIED, msg.getPermissionDenied());
        }
        this.accessService.checkDefaultAdmin(username, true);
        checkUsername(username);
        ManagedUser managedUser = getManagedUser(username);
        if (managedUser == null) {
            throw new KylinException(ServerErrorCode.USER_NOT_EXIST, String.format(Locale.ROOT, msg.getUserNotFound(), username));
        }
        String password = managedUser.getPassword();
        String pwdBase64Decode = pwdBase64Decode(StringUtils.isEmpty(passwordChangeRequest.getPassword()) ? "" : passwordChangeRequest.getPassword());
        if (StringUtils.equals(getPrincipal(), username)) {
            checkRequiredArg("password", passwordChangeRequest.getPassword());
            if (!pwdEncoder.matches(pwdBase64Decode, password)) {
                throw new KylinException(ServerErrorCode.FAILED_UPDATE_PASSWORD, msg.getOldPasswordWrong());
            }
        }
        checkRequiredArg("new_password", passwordChangeRequest.getNewPassword());
        String pwdBase64Decode2 = pwdBase64Decode(StringUtils.isEmpty(passwordChangeRequest.getNewPassword()) ? "" : passwordChangeRequest.getNewPassword());
        checkPasswordLength(pwdBase64Decode2);
        checkPasswordCharacter(pwdBase64Decode2);
        if (pwdBase64Decode2.equals(pwdBase64Decode)) {
            throw new KylinException(ServerErrorCode.FAILED_UPDATE_PASSWORD, msg.getNewPasswordSameAsOld());
        }
        managedUser.setPassword(pwdEncode(pwdBase64Decode2));
        managedUser.setDefaultPassword(false);
        logger.info("update password for user {}", passwordChangeRequest);
        managedUser.clearAuthenticateFailedRecord();
        completeAuthorities(managedUser);
        this.userService.updateUser(managedUser);
        if (StringUtils.equals(getPrincipal(), passwordChangeRequest.getUsername())) {
            UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(managedUser, pwdBase64Decode2, managedUser.getAuthorities());
            usernamePasswordAuthenticationToken.setDetails(SecurityContextHolder.getContext().getAuthentication().getDetails());
            SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
        }
        return new EnvelopeResponse<>("000", "", "");
    }

    @PostMapping(value = {"/authentication"}, produces = {"application/vnd.apache.kylin-v4+json", "application/vnd.apache.kylin-v4-public+json"})
    @ApiOperation(value = "auth", tags = {"MID"})
    @ResponseBody
    public EnvelopeResponse<UserDetails> authenticate() {
        EnvelopeResponse<UserDetails> authenticatedUser = authenticatedUser();
        checkSessionStoreType(KylinConfig.getInstanceFromEnv());
        logger.debug("User login: {}", authenticatedUser.getData());
        return authenticatedUser;
    }

    @PostMapping({"/update_user"})
    @ApiOperation(value = "updateUser", tags = {"MID"})
    @ResponseBody
    public EnvelopeResponse<UserDetails> updateUserWithoutAuth(@RequestBody ManagedUser managedUser) {
        this.userService.updateUser(managedUser);
        return new EnvelopeResponse<>("000", (Object) null, "");
    }

    @GetMapping(value = {"/authentication"}, produces = {"application/vnd.apache.kylin-v4+json", "application/vnd.apache.kylin-v4-public+json"})
    @ApiOperation(value = "authentication", tags = {"MID"})
    @ResponseBody
    public EnvelopeResponse<UserDetails> authenticatedUser() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            throw new UnauthorizedException(ErrorCodeServer.USER_AUTH_INFO_NOTFOUND, new Object[0]);
        }
        if (authentication.getPrincipal() instanceof UserDetails) {
            return new EnvelopeResponse<>("000", (UserDetails) authentication.getPrincipal(), "");
        }
        if (authentication.getDetails() instanceof UserDetails) {
            return new EnvelopeResponse<>("000", (UserDetails) authentication.getDetails(), "");
        }
        throw new UnauthorizedException(ErrorCodeServer.USER_AUTH_INFO_NOTFOUND, new Object[0]);
    }

    private void checkPasswordCharacter(String str) {
        Message msg = MsgPicker.getMsg();
        if (!passwordPattern.matcher(str).matches()) {
            throw new KylinException(ServerErrorCode.INVALID_PASSWORD, msg.getInvalidPassword());
        }
    }

    private void checkProfile() {
        Message msg = MsgPicker.getMsg();
        if (!this.env.acceptsProfiles(new String[]{PROFILE_DEFAULT, PROFILE_CUSTOM})) {
            throw new KylinException(ServerErrorCode.FAILED_UPDATE_USER, msg.getUserEditNotAllowed());
        }
    }

    private void checkPasswordLength(String str) {
        Message msg = MsgPicker.getMsg();
        if (str == null || str.length() < 8) {
            throw new KylinException(ServerErrorCode.SHORT_PASSWORD, msg.getShortPassword());
        }
    }

    private void checkUsername(String str) {
        if (this.env.acceptsProfiles(new String[]{PROFILE_CUSTOM})) {
            return;
        }
        Message msg = MsgPicker.getMsg();
        if (StringUtils.isEmpty(str)) {
            throw new KylinException(ServerErrorCode.EMPTY_USER_NAME, msg.getEmptyUserName());
        }
        if (str.startsWith(".")) {
            throw new KylinException(ServerErrorCode.INVALID_USER_NAME, msg.getInvalidNameStartWithDot());
        }
        if (!str.equals(str.trim())) {
            throw new KylinException(ServerErrorCode.INVALID_USER_NAME, msg.getInvalidNameStartOrEndWithBlank());
        }
        if (str.length() > 180) {
            throw new KylinException(ServerErrorCode.INVALID_USER_NAME, msg.getInvalidNameLength());
        }
        if (Pattern.compile("[^\\x00-\\xff]").matcher(str).find()) {
            throw new KylinException(ServerErrorCode.INVALID_USER_NAME, msg.getInvalidNameContainsOtherCharacter());
        }
        if (Pattern.compile("[\\\\/:*?\"<>|]").matcher(str).find()) {
            throw new KylinException(ServerErrorCode.INVALID_USER_NAME, msg.getInvalidNameContainsInlegalCharacter());
        }
    }

    private String getPrincipal() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            return null;
        }
        Object principal = authentication.getPrincipal();
        return principal instanceof UserDetails ? ((UserDetails) principal).getUsername() : authentication.getDetails() instanceof UserDetails ? ((UserDetails) authentication.getDetails()).getUsername() : principal.toString();
    }

    public ManagedUser getManagedUser(String str) {
        ManagedUser loadUserByUsername = this.userService.loadUserByUsername(str);
        if (loadUserByUsername == null) {
            return null;
        }
        return loadUserByUsername;
    }

    private void completeAuthorities(ManagedUser managedUser) {
        ArrayList newArrayList = Lists.newArrayList(managedUser.getAuthorities());
        if (!newArrayList.contains(ALL_USERS_AUTH)) {
            newArrayList.add(ALL_USERS_AUTH);
        }
        managedUser.setGrantedAuthorities(newArrayList);
    }

    private String pwdEncode(String str) {
        return bcryptPattern.matcher(str).matches() ? str : pwdEncoder.encode(str);
    }

    private String pwdBase64Decode(String str) {
        return base64Pattern.matcher(str).matches() ? new String(Base64.decodeBase64(str), Charset.defaultCharset()) : str;
    }

    private void checkUserGroupNotEmpty(List<SimpleGrantedAuthority> list) {
        if (CollectionUtils.isEmpty(list) || list.stream().map((v0) -> {
            return v0.getAuthority();
        }).anyMatch(StringUtils::isBlank)) {
            throw new KylinException(ErrorCodeServer.REQUEST_PARAMETER_EMPTY_OR_VALUE_EMPTY, new Object[]{"authorities"});
        }
    }

    private void checkUserGroupExists(List<SimpleGrantedAuthority> list, List<String> list2) {
        for (SimpleGrantedAuthority simpleGrantedAuthority : list) {
            if (!list2.contains(simpleGrantedAuthority.getAuthority())) {
                throw new KylinException(ErrorCodeServer.USER_GROUP_NOT_EXIST, new Object[]{simpleGrantedAuthority});
            }
        }
    }

    private void checkUserGroupNotDuplicated(List<SimpleGrantedAuthority> list) {
        List list2 = (List) list.stream().map((v0) -> {
            return v0.getAuthority();
        }).collect(Collectors.toList());
        if (list2.size() != Sets.newHashSet(list2).size()) {
            throw new KylinException(ErrorCodeServer.REPEATED_PARAMETER, new Object[]{"authorities"});
        }
    }

    private void checkSessionStoreType(KylinConfig kylinConfig) {
        String springStoreType = kylinConfig.getSpringStoreType();
        HttpServletRequest request = ((ServletRequestAttributes) Objects.requireNonNull(RequestContextHolder.getRequestAttributes())).getRequest();
        if ("jbdc".equals(springStoreType)) {
            request.getSession().setMaxInactiveInterval(kylinConfig.getJdbcSessionMaxInactiveInterval());
        }
    }
}
