package pl.edu.icm.sedno.service.user;

import java.net.URLEncoder;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.security.core.AuthenticationException;
import pl.edu.icm.common.message.model.Message;
import pl.edu.icm.common.message.model.MessageContainer;
import pl.edu.icm.common.message.model.Result;
import pl.edu.icm.common.message.model.Severity;
import pl.edu.icm.common.util.RandomDataGenerator;
import pl.edu.icm.crmanager.diff.CrmDiffService;
import pl.edu.icm.sedno.authentication.exception.SednoBadCredentialsException;
import pl.edu.icm.sedno.authentication.exception.SednoDisabledException;
import pl.edu.icm.sedno.authentication.exception.SednoLockedException;
import pl.edu.icm.sedno.authentication.exception.SednoLockedTemporarilyException;
import pl.edu.icm.sedno.authentication.exception.SednoUserAccountNotConfirmed;
import pl.edu.icm.sedno.authentication.exception.SednoUsernameNotFoundException;
import pl.edu.icm.sedno.common.dao.DataObjectDAO;
import pl.edu.icm.sedno.common.dao.ObjectNotFoundException;
import pl.edu.icm.sedno.common.model.DataObject;
import pl.edu.icm.sedno.common.util.MailTokenGenerator;
import pl.edu.icm.sedno.dto.ExecutionContext;
import pl.edu.icm.sedno.model.dict.ActivationStatus;
import pl.edu.icm.sedno.model.users.BadPasswdResult;
import pl.edu.icm.sedno.model.users.FederativeIdentity;
import pl.edu.icm.sedno.model.users.Role;
import pl.edu.icm.sedno.model.users.RoleName;
import pl.edu.icm.sedno.model.users.SednoUser;
import pl.edu.icm.sedno.service.notifier.user.UserNotifier;
import pl.edu.icm.sedno.services.LinkGenerator;
import pl.edu.icm.sedno.services.UserRepository;
import pl.edu.icm.sedno.services.UserService;
import pl.edu.icm.sedno.services.dto.RegisterUserForm;

/* loaded from: input_file:pl/edu/icm/sedno/service/user/UserServiceImpl.class */
public class UserServiceImpl implements UserService {
    Logger logger = LoggerFactory.getLogger(UserServiceImpl.class);

    @Autowired
    private UserRepository userRepository;

    @Autowired
    private DataObjectDAO dataObjectDAO;
    private String mailClickReceiverUrl;

    @Autowired
    LinkGenerator linkGenerator;

    @Autowired
    @Qualifier("userNotifier")
    private UserNotifier userNotifier;

    @Autowired
    private CrmDiffService crmDiffService;

    public UserServiceImpl() {
    }

    public UserServiceImpl(DataObjectDAO dataObjectDAO) {
        this.dataObjectDAO = dataObjectDAO;
    }

    public void checkSednoUser(SednoUser sednoUser, String str) {
        if (sednoUser == null) {
            throw new SednoUsernameNotFoundException("authentication.user_account.notfound", str);
        }
        if (!sednoUser.isActivated()) {
            throw new SednoUserAccountNotConfirmed("authentication.user_account.notconfirmed", str);
        }
        if (sednoUser.isAccountDisabled()) {
            throw new SednoDisabledException("authentication.user_account.disabled", str);
        }
        if (sednoUser.isLocked()) {
            throwLockedException(str, sednoUser.isAccountLocked(), sednoUser.getAccountLockedUntil());
        }
    }

    public Result checkSednoUserNoEx(SednoUser sednoUser, String str) {
        try {
            checkSednoUser(sednoUser, str);
            return new Result();
        } catch (AuthenticationException e) {
            return new Result(Message.create(Severity.ERROR).addCode(e.getMessage()).addReplacements(new String[]{str}));
        }
    }

    public void checkPassword(SednoUser sednoUser, String str) {
        if (sednoUser.matchPassword(str)) {
            registerSuccesfulLogin(sednoUser);
            return;
        }
        BadPasswdResult registerBadPasswdEntered = registerBadPasswdEntered(sednoUser);
        if (!registerBadPasswdEntered.isLocked()) {
            throw new SednoBadCredentialsException("authentication.badcredentials", registerBadPasswdEntered.getAttemptsLeft());
        }
        throwLockedException(sednoUser.getLogin(), registerBadPasswdEntered.isLockedPermanently(), registerBadPasswdEntered.getLockedUntil());
    }

    public SednoUser getOrCreateTechnicalUser(String str) {
        DataObject byLogin = getByLogin(str);
        if (byLogin == null) {
            this.logger.info("creating technical account [" + str + "]");
            byLogin = new SednoUser(str);
            byLogin.setTechnical(true);
            byLogin.setAccountDisabled(true);
            this.dataObjectDAO.saveOrUpdate(new DataObject[]{byLogin});
        }
        return byLogin;
    }

    public SednoUser createLocal(RegisterUserForm registerUserForm, ExecutionContext executionContext) {
        if (!registerUserForm.isValid()) {
            throw new RuntimeException("createLocal(): registerUserForm contains errors, why it is not validated on the webapp side?");
        }
        if (getByLogin(registerUserForm.login) != null) {
            throw new RuntimeException("user [" + registerUserForm.login + "] already exists");
        }
        SednoUser sednoUser = new SednoUser(registerUserForm.login, registerUserForm.firstName, registerUserForm.lastName);
        if (!StringUtils.isEmpty(registerUserForm.getPassword())) {
            sednoUser.resetPassword(registerUserForm.password);
        }
        if (registerUserForm.getFederativeIdentity() != null) {
            sednoUser.addFederativeIdentity(registerUserForm.getFederativeIdentity());
        }
        sednoUser.registrationTransition(SednoUser.StatusTransition.START, (String) null, (MessageContainer) null);
        this.logger.info("sending activation email to " + sednoUser.getLogin());
        sendActivationEmail(sednoUser, executionContext);
        String str = null;
        if (executionContext.getSednoUser() != null) {
            str = executionContext.getSednoUser().getLogin();
        }
        this.logger.info("createLocal() registering new user [" + sednoUser.getLogin() + "] ...");
        this.crmDiffService.addObjectAndAccept(sednoUser, str);
        return sednoUser;
    }

    public void resendActivationEmail(String str, ExecutionContext executionContext) {
        SednoUser byLogin = getByLogin(str);
        if (byLogin.getStatus() != ActivationStatus.WAITING_FOR_ACTIVATION) {
            throw new RuntimeException("deny to resend Activation Email, user [" + str + "] has status " + byLogin.getStatus());
        }
        this.logger.info("resending activation email to " + str);
        sendActivationEmail(byLogin, executionContext);
    }

    public boolean isUserWithWaitingForActivation(String str) {
        SednoUser byLogin = getByLogin(str);
        return byLogin != null && byLogin.getStatus() == ActivationStatus.WAITING_FOR_ACTIVATION;
    }

    private void sendActivationEmail(SednoUser sednoUser, ExecutionContext executionContext) {
        this.userNotifier.notifyAboutAccountCreation(executionContext.getLocale(), sednoUser.getLogin(), buildMailLink(sednoUser, SednoUser.StatusTransition.ACC), sednoUser.niceFullName());
    }

    public MessageContainer sendPasswordResetToken(String str, ExecutionContext executionContext) {
        List findByHQL = this.dataObjectDAO.findByHQL("select user from SednoUser user where user.login = ?1", new Object[]{str});
        if (findByHQL.isEmpty()) {
            return new MessageContainer().addMessageError("authentication.user_account.notfound", new String[]{str});
        }
        SednoUser sednoUser = (SednoUser) findByHQL.get(0);
        if (!sednoUser.isActivated()) {
            return new MessageContainer().addMessageError("authentication.user_account.notconfirmed", new String[]{str});
        }
        if (sednoUser.isAccountDisabled()) {
            return new MessageContainer().addMessageError("authentication.user_account.disabled", new String[]{str});
        }
        sednoUser.newMailToken();
        this.userNotifier.notifyAboutPasswordResetRequest(executionContext.getLocale(), sednoUser.getLogin(), this.linkGenerator.fullLinkChangePasswordMailLink(str, sednoUser.getMailToken()), sednoUser.niceFullName());
        return new MessageContainer().addMessageInfo("userService.reset_passws_mail_sent", new String[]{str});
    }

    public MessageContainer sendPasswordSetToken(String str, ExecutionContext executionContext) {
        SednoUser activeByLogin = this.userRepository.getActiveByLogin(str);
        if (activeByLogin == null) {
            return new MessageContainer().addMessageError("authentication.user_account.notconfirmed", new String[]{str});
        }
        if (activeByLogin.isAccountDisabled()) {
            return new MessageContainer().addMessageError("authentication.user_account.disabled", new String[]{str});
        }
        activeByLogin.newMailToken();
        this.userNotifier.notifyAboutPasswordSetRequest(executionContext.getLocale(), activeByLogin.getLogin(), this.linkGenerator.fullLinkSetPasswordMailLink(str, activeByLogin.getMailToken()), activeByLogin.niceFullName());
        return new MessageContainer().addMessageInfo("passwordSetterController.mail_sent", new String[]{str});
    }

    public SednoUser generateNewPasswordAndSendItViaEmail(String str, String str2, ExecutionContext executionContext) {
        List findByHQL = this.dataObjectDAO.findByHQL("select user from SednoUser user where user.mailToken=?1 and user.login=?2", new Object[]{str2, str});
        if (findByHQL.isEmpty()) {
            return null;
        }
        SednoUser sednoUser = (SednoUser) findByHQL.get(0);
        String randomString = RandomDataGenerator.randomString(8);
        sednoUser.resetPassword(randomString);
        sednoUser.clearMailToken();
        if (sednoUser.isLocked()) {
            unlockAccount(str, str);
        }
        this.userNotifier.notifyAboutNewPassword(executionContext.getLocale(), sednoUser.getLogin(), randomString, sednoUser.niceFullName());
        return sednoUser;
    }

    public boolean validToken(String str, String str2) {
        return !this.dataObjectDAO.findByHQL("select user from SednoUser user where user.mailToken=?1 and user.login=?2", new Object[]{str2, str}).isEmpty();
    }

    public boolean changePassword(String str, String str2, String str3) {
        DataObject byLogin = getByLogin(str);
        if (byLogin == null) {
            throw new ObjectNotFoundException("User [" + str + "] not found");
        }
        if (!byLogin.matchPassword(str2)) {
            return false;
        }
        byLogin.resetPassword(str3);
        this.dataObjectDAO.saveOrUpdate(new DataObject[]{byLogin});
        return true;
    }

    public boolean setPassword(String str, String str2) {
        DataObject byLogin = getByLogin(str);
        if (byLogin == null) {
            throw new ObjectNotFoundException("User [" + str + "] not found");
        }
        byLogin.resetPassword(str2);
        byLogin.clearMailToken();
        this.dataObjectDAO.saveOrUpdate(new DataObject[]{byLogin});
        return true;
    }

    private String buildMailLink(SednoUser sednoUser, SednoUser.StatusTransition statusTransition) {
        return this.mailClickReceiverUrl + "?op=" + statusTransition.name() + "&token=" + sednoUser.getMailToken() + "&login=" + URLEncoder.encode(sednoUser.getLogin());
    }

    public MessageContainer accept(String str, String str2) {
        DataObject byLogin = getByLogin(str);
        MessageContainer messageContainer = new MessageContainer();
        byLogin.registrationTransition(SednoUser.StatusTransition.ACC, str2, messageContainer);
        if (!messageContainer.isWarningOrError()) {
            this.dataObjectDAO.saveOrUpdate(new DataObject[]{byLogin});
        }
        return messageContainer;
    }

    public SednoUser getByLogin(String str) {
        return this.userRepository.getInitializedByLogin(str);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void registerSuccesfulLogin(SednoUser sednoUser) {
        this.logger.info("registerSuccesfulLogin(" + sednoUser.getLogin() + ")");
        sednoUser.registerSuccesfulLogin();
        this.dataObjectDAO.saveOrUpdate(new DataObject[]{sednoUser});
    }

    public void bindFederativeIdentity(String str, FederativeIdentity federativeIdentity, ExecutionContext executionContext) {
        SednoUser byLogin = getByLogin(str);
        if (byLogin == null) {
            throw new IllegalArgumentException("no user for the specified login");
        }
        federativeIdentity.setMailToken(MailTokenGenerator.generateToken(federativeIdentity));
        federativeIdentity.setActivationStatus(ActivationStatus.WAITING_FOR_ACTIVATION);
        byLogin.addFederativeIdentity(federativeIdentity);
        this.userRepository.updateUserWithCrm(byLogin, federativeIdentity.getCode());
        this.userNotifier.notifyAboutExternalIdentityBinding(executionContext.getLocale(), byLogin.getLogin(), this.linkGenerator.fullLinkToMainPage() + "/activateIdentity?token=" + federativeIdentity.getMailToken() + "&identity=" + federativeIdentity.getId(), byLogin.getFullName(), federativeIdentity.toString());
    }

    /* JADX WARN: Multi-variable type inference failed */
    public BadPasswdResult registerBadPasswdEntered(SednoUser sednoUser) {
        BadPasswdResult registerBadPasswdEntered = sednoUser.registerBadPasswdEntered();
        this.dataObjectDAO.saveOrUpdate(new DataObject[]{sednoUser});
        return registerBadPasswdEntered;
    }

    public void setMailClickReceiverUrl(String str) {
        this.mailClickReceiverUrl = str;
    }

    public void grantContextRoles(SednoUser sednoUser, DataObject dataObject, String str, RoleName... roleNameArr) {
        if (StringUtils.isEmpty(str)) {
            throw new IllegalArgumentException("addContextRoles(): grantorLogin is null");
        }
        validateRoleContext(dataObject);
        for (RoleName roleName : roleNameArr) {
            sednoUser.addRole(new Role(roleName, dataObject));
        }
        this.userRepository.updateUserWithCrm(sednoUser, str);
    }

    public void revokeContextRoles(SednoUser sednoUser, DataObject dataObject, String str, RoleName... roleNameArr) {
        if (StringUtils.isEmpty(str)) {
            throw new IllegalArgumentException("addContextRoles(): revokerLogin is null");
        }
        validateRoleContext(dataObject);
        for (RoleName roleName : roleNameArr) {
            sednoUser.removeRole(new Role(roleName, dataObject));
        }
        this.userRepository.updateUserWithCrm(sednoUser, str);
    }

    private void validateRoleContext(DataObject dataObject) {
        if (dataObject == null) {
            throw new IllegalArgumentException("addContextRoles(): context is null");
        }
        if (dataObject.isTransient()) {
            throw new IllegalArgumentException("addContextRoles(): context isTransient");
        }
    }

    public void updatePersonalData(String str, String str2, String str3, String str4, String str5) {
        SednoUser byLogin = getByLogin(str);
        byLogin.setFirstName(str3);
        byLogin.setSecondName(str4);
        byLogin.setLastName(str5);
        this.userRepository.updateUserWithCrm(byLogin, str2);
    }

    public void activateAccount(String str, String str2) {
        SednoUser byLogin = getByLogin(str);
        byLogin.activate();
        this.userRepository.updateUserWithCrm(byLogin, str2);
    }

    public void disableAccount(String str, String str2) {
        SednoUser byLogin = getByLogin(str);
        byLogin.setAccountDisabled(true);
        this.userRepository.updateUserWithCrm(byLogin, str2);
    }

    public void enableAccount(String str, String str2) {
        SednoUser byLogin = getByLogin(str);
        byLogin.setAccountDisabled(false);
        this.userRepository.updateUserWithCrm(byLogin, str2);
    }

    public void unlockAccount(String str, String str2) {
        SednoUser byLogin = getByLogin(str);
        byLogin.unlock();
        this.userRepository.updateUserWithCrm(byLogin, str2);
    }

    private void throwLockedException(String str, boolean z, Date date) {
        if (!z) {
            throw new SednoLockedTemporarilyException(str, date);
        }
        throw new SednoLockedException("authentication.user_account.locked", str);
    }

    public void addRole(String str, String str2, RoleName roleName, DataObject dataObject) {
        SednoUser byLogin = getByLogin(str);
        byLogin.addRole(new Role(roleName, dataObject));
        this.userRepository.updateUserWithCrm(byLogin, str2);
    }

    public void removeRole(String str, String str2, Integer num) {
        SednoUser byLogin = getByLogin(str);
        Iterator it = byLogin.getRoles().iterator();
        while (it.hasNext()) {
            if (((Role) it.next()).getIdRole() == num.intValue()) {
                it.remove();
            }
        }
        this.userRepository.updateUserWithCrm(byLogin, str2);
    }
}
