package pl.edu.icm.jupiter.services.user;

import java.util.Objects;
import org.apache.commons.validator.routines.EmailValidator;
import org.dozer.Mapper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.domain.Page;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserCache;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.UserDetailsManager;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import pl.edu.icm.jupiter.integration.api.model.query.Query;
import pl.edu.icm.jupiter.services.api.model.documents.CurrentDocumentBean;
import pl.edu.icm.jupiter.services.api.model.groups.UserGroupReference;
import pl.edu.icm.jupiter.services.api.model.query.UserBeanQuery;
import pl.edu.icm.jupiter.services.api.model.security.Role;
import pl.edu.icm.jupiter.services.api.model.security.UserBean;
import pl.edu.icm.jupiter.services.database.model.security.UserEntity;
import pl.edu.icm.jupiter.services.database.repositories.JupiterUserRepository;
import pl.edu.icm.jupiter.services.email.JupiterEmails;
import pl.edu.icm.jupiter.services.util.QueryToPageRequestFunction;
import pl.edu.icm.jupiter.services.util.RandomDataGenerator;

@Transactional
@Service
/* loaded from: input_file:pl/edu/icm/jupiter/services/user/JupiterUserServiceImpl.class */
public class JupiterUserServiceImpl extends DaoAuthenticationProvider implements InternalJupiterUserService {
    private static final Logger log = LoggerFactory.getLogger(JupiterUserServiceImpl.class);
    private final QueryToPageRequestFunction queryMapping = QueryToPageRequestFunction.INSTANCE;

    @Autowired
    private Mapper dozerMapper;

    @Autowired
    private JupiterUserRepository repository;

    @Autowired
    private UserGroupLockChecker userGroupLockChecker;

    @Autowired
    private JupiterEmails jupiterEmails;

    @Transactional(readOnly = true, noRollbackFor = {AuthenticationException.class, AccessDeniedException.class})
    public UserBean getCurrentUser() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            throw new AuthenticationServiceException("No authentication in context");
        }
        return (UserBean) authentication.getPrincipal();
    }

    @Override // pl.edu.icm.jupiter.services.user.InternalJupiterUserService
    public UserEntity getCurrentUserEntity() {
        return (UserEntity) this.repository.getOne(getCurrentUser().getId());
    }

    public UserBean createUser(String str, String str2, Role role, UserGroupReference userGroupReference) {
        if (!role.isUserRole()) {
            throw new AccessDeniedException("Trying to set unsupported role:" + role.getRoleName());
        }
        UserBean userBean = new UserBean();
        userBean.setEnabled(true);
        userBean.setUsername(str);
        userBean.setPassword(str2);
        userBean.setAccountNonLocked(true);
        userBean.setAccountNonExpired(true);
        userBean.setCredentialsNonExpired(true);
        userBean.setRole(role);
        if (userGroupReference != null) {
            UserBean currentUser = getCurrentUser();
            UserGroupReference group = currentUser.getGroup();
            if (group != null && !Objects.equals(group.getId(), userGroupReference.getId())) {
                throw new AccessDeniedException("Cannot add user to different group. User: " + currentUser.getUsername() + " cannot add user to group: " + currentUser.getGroup().getName());
            }
            userBean.setGroup(userGroupReference);
        }
        m55getUserDetailsService().createUser(userBean);
        getUserCache().putUserInCache(userBean);
        return userBean;
    }

    public UserBean changePassword(String str, String str2) {
        Authentication authenticate = authenticate(new UsernamePasswordAuthenticationToken(SecurityContextHolder.getContext().getAuthentication().getName(), str));
        if (!authenticate.isAuthenticated()) {
            throw new BadCredentialsException("Bad old password");
        }
        UserBean userBean = (UserBean) authenticate.getPrincipal();
        userBean.setPassword(str2);
        return updateUser(userBean);
    }

    public boolean resetPassword(String str) {
        if (!EmailValidator.getInstance().isValid(str) || !userExists(str)) {
            log.error("User name [{}] doesn't exists or is not valid email.", str);
            return false;
        }
        UserBean fetchUser = fetchUser(str);
        if (!isUserAllowedToResetPassword(fetchUser)) {
            return false;
        }
        String randomString = RandomDataGenerator.randomString(8);
        fetchUser.setPassword(randomString);
        SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(fetchUser, randomString));
        updateUser(fetchUser);
        this.jupiterEmails.sendResetPasswordEmail(str, randomString);
        return true;
    }

    private boolean isUserAllowedToResetPassword(UserBean userBean) {
        return userBean.isEnabled() && userBean.isAccountNonLocked() && userBean.isAccountNonExpired() && userBean.isCredentialsNonExpired();
    }

    public void unlockUser(Long l) {
        UserBean fetchUser = fetchUser(l);
        fetchUser.setAccountNonLocked(true);
        getUserCache().putUserInCache(fetchUser);
    }

    public void lockUser(Long l) {
        UserBean fetchUser = fetchUser(l);
        fetchUser.setAccountNonLocked(false);
        getUserCache().putUserInCache(fetchUser);
    }

    public boolean userExists(String str) {
        return m55getUserDetailsService().userExists(str);
    }

    public UserBean fetchUser(String str) {
        return m55getUserDetailsService().loadUserByUsername(str);
    }

    public UserBean fetchUser(Long l) {
        return (UserBean) this.dozerMapper.map(findUserEntityById(l), UserBean.class);
    }

    @Override // pl.edu.icm.jupiter.services.user.InternalJupiterUserService
    public UserEntity findUserEntityById(Long l) {
        return (UserEntity) this.repository.findById(l).orElse(null);
    }

    public Authentication authenticate(Authentication authentication) {
        return super.authenticate(authentication);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* renamed from: getUserDetailsService, reason: merged with bridge method [inline-methods] */
    public UserDetailsManager m55getUserDetailsService() {
        return super.getUserDetailsService();
    }

    @Autowired
    public void setUserDetailsService(UserDetailsService userDetailsService) {
        super.setUserDetailsService(userDetailsService);
    }

    @Autowired
    public void setPasswordEncoder(PasswordEncoder passwordEncoder) {
        super.setPasswordEncoder(passwordEncoder);
    }

    @Autowired
    public void setUserCache(UserCache userCache) {
        super.setUserCache(userCache);
    }

    public void disableUser(Long l) {
        UserEntity userEntity = (UserEntity) this.repository.getOne(l);
        userEntity.setEnabled(false);
        getUserCache().putUserInCache((UserDetails) this.dozerMapper.map(userEntity, UserBean.class));
    }

    public void enableUser(Long l) {
        UserEntity userEntity = (UserEntity) this.repository.getOne(l);
        userEntity.setEnabled(true);
        getUserCache().putUserInCache((UserDetails) this.dozerMapper.map(userEntity, UserBean.class));
    }

    public UserBean updateUserProperties(UserBean userBean) {
        UserBean currentUser = getCurrentUser();
        if (currentUser.getGroup() != null && !currentUser.getGroup().getId().equals(userBean.getGroup().getId())) {
            throw new AccessDeniedException("Cannot modify user from different group");
        }
        if (userBean.getPassword() != null) {
            throw new AccessDeniedException("Cannot modify user password");
        }
        if (userBean.getRole() == Role.ROLE_SUPER_ADMIN) {
            userBean.setGroup((UserGroupReference) null);
        }
        return updateUser(userBean);
    }

    private UserBean updateUser(UserBean userBean) {
        UserBean userBean2 = (UserBean) this.dozerMapper.map((UserEntity) this.repository.saveAndFlush((UserEntity) this.dozerMapper.map(userBean, UserEntity.class)), UserBean.class);
        getUserCache().putUserInCache(userBean2);
        return userBean2;
    }

    public Page<UserBean> fetchUsers(UserBeanQuery userBeanQuery) {
        return this.repository.findAll(new UserBeanQuerySpecification(userBeanQuery), this.queryMapping.apply((Query<?, ?>) userBeanQuery)).map(userEntity -> {
            return (UserBean) this.dozerMapper.map(userEntity, UserBean.class);
        });
    }

    @Override // pl.edu.icm.jupiter.services.user.InternalJupiterUserService
    public void assignDocumentToCurrentUser(CurrentDocumentBean currentDocumentBean) {
        UserBean currentUser = getCurrentUser();
        currentUser.getDocuments().add(currentDocumentBean.getIdentifier());
        updateUser(currentUser);
    }

    protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        super.additionalAuthenticationChecks(userDetails, usernamePasswordAuthenticationToken);
        this.userGroupLockChecker.check(userDetails);
    }
}
