package fr.ifremer.coselmar.services.v1;

import com.auth0.jwt.Algorithm;
import com.auth0.jwt.JWTSigner;
import com.github.mustachejava.DefaultMustacheFactory;
import com.github.mustachejava.Mustache;
import com.github.mustachejava.MustacheException;
import com.google.common.base.Preconditions;
import fr.ifremer.coselmar.beans.AbstractMail;
import fr.ifremer.coselmar.beans.LostPasswordMail;
import fr.ifremer.coselmar.beans.UserAccountCreatedMail;
import fr.ifremer.coselmar.beans.UserBean;
import fr.ifremer.coselmar.beans.UserPasswordChangedMail;
import fr.ifremer.coselmar.beans.UserSearchBean;
import fr.ifremer.coselmar.beans.UserWebToken;
import fr.ifremer.coselmar.config.CoselmarServicesConfig;
import fr.ifremer.coselmar.converter.BeanEntityConverter;
import fr.ifremer.coselmar.exceptions.CoselmarTechnicalException;
import fr.ifremer.coselmar.persistence.SearchRequestBean;
import fr.ifremer.coselmar.persistence.entity.CoselmarUser;
import fr.ifremer.coselmar.persistence.entity.CoselmarUserRole;
import fr.ifremer.coselmar.persistence.entity.CoselmarUserTopiaDao;
import fr.ifremer.coselmar.services.CoselmarWebServiceSupport;
import fr.ifremer.coselmar.services.errors.InvalidCredentialException;
import fr.ifremer.coselmar.services.errors.UnauthorizedException;
import java.io.StringWriter;
import java.security.InvalidParameterException;
import java.util.ArrayList;
import java.util.List;
import org.apache.commons.io.Charsets;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.commons.mail.EmailException;
import org.apache.commons.mail.SimpleEmail;
import org.apache.lucene.analysis.shingle.ShingleFilter;
import org.debux.webmotion.server.render.Render;
import org.nuiton.topia.persistence.TopiaNoResultException;

/* loaded from: input_file:WEB-INF/classes/fr/ifremer/coselmar/services/v1/UsersWebService.class */
public class UsersWebService extends CoselmarWebServiceSupport {
    private static final Log log = LogFactory.getLog(UsersWebService.class);

    public UserBean getUser(String str) throws InvalidCredentialException, UnauthorizedException, TopiaNoResultException {
        UserWebToken checkAuthentication = checkAuthentication(getContext().getHeader("Authorization"));
        boolean equals = StringUtils.equals(checkAuthentication.getRole(), CoselmarUserRole.ADMIN.name());
        boolean equals2 = StringUtils.equals(checkAuthentication.getRole(), CoselmarUserRole.SUPERVISOR.name());
        boolean equals3 = StringUtils.equals(checkAuthentication.getUserId(), str);
        if (!equals && !equals2 && !equals3) {
            if (log.isDebugEnabled()) {
                log.debug(String.format("A non admin user try to see account details with shortId '%s'", str));
            }
            throw new UnauthorizedException("Not allowed to see user details");
        }
        CoselmarUser coselmarUser = (CoselmarUser) getCoselmarUserDao().forTopiaIdEquals(CoselmarUser.class.getCanonicalName() + getPersistenceContext().getTopiaIdFactory().getSeparator() + str).findUnique();
        if (!equals2 || coselmarUser.getRole() == CoselmarUserRole.CLIENT || equals3) {
            return BeanEntityConverter.toBean(str, coselmarUser);
        }
        if (log.isDebugEnabled()) {
            log.debug(String.format("A supervisor user try to see non client account details with shortId '%s'", str));
        }
        throw new UnauthorizedException("Not allowed to see user details");
    }

    public List<UserBean> getUsers(UserSearchBean userSearchBean) throws InvalidCredentialException, UnauthorizedException {
        List<CoselmarUser> findAll;
        UserWebToken checkAuthentication = checkAuthentication(getContext().getHeader("Authorization"));
        if (!StringUtils.equals(checkAuthentication.getRole(), CoselmarUserRole.ADMIN.name()) && !StringUtils.equals(checkAuthentication.getRole(), CoselmarUserRole.SUPERVISOR.name())) {
            if (log.isDebugEnabled()) {
                log.debug(String.format("A non admin, non supervisor user is trying to access users list", new Object[0]));
            }
            throw new UnauthorizedException("Not allowed to see users");
        }
        if (userSearchBean != null) {
            SearchRequestBean searchRequestBean = new SearchRequestBean();
            searchRequestBean.setLimit(userSearchBean.getLimit());
            searchRequestBean.setPage(userSearchBean.getPage());
            searchRequestBean.setFullTextSearch(userSearchBean.getFullTextSearch());
            findAll = getCoselmarUserDao().findAllByExample(BeanEntityConverter.fromBean(userSearchBean), userSearchBean.isActiveAndInactive(), searchRequestBean);
        } else {
            findAll = getCoselmarUserDao().findAll();
        }
        ArrayList arrayList = new ArrayList(findAll.size());
        for (CoselmarUser coselmarUser : findAll) {
            arrayList.add(BeanEntityConverter.toBean(getPersistenceContext().getTopiaIdFactory().getRandomPart(coselmarUser.getTopiaId()), coselmarUser));
        }
        return arrayList;
    }

    public void addUser(UserBean userBean) throws InvalidParameterException, InvalidCredentialException, UnauthorizedException {
        Preconditions.checkNotNull(userBean);
        UserWebToken checkAuthentication = checkAuthentication(getContext().getHeader("Authorization"));
        if (!StringUtils.equals(checkAuthentication.getRole(), CoselmarUserRole.ADMIN.name()) && StringUtils.equals(checkAuthentication.getRole(), CoselmarUserRole.SUPERVISOR.name()) && !StringUtils.equals(userBean.getRole(), CoselmarUserRole.CLIENT.name())) {
            if (log.isDebugEnabled()) {
                log.debug(String.format("A non admin, non supervisor user is trying to access users list", new Object[0]));
            }
            throw new UnauthorizedException("Not allowed to see users");
        }
        CoselmarUser coselmarUser = (CoselmarUser) getCoselmarUserDao().create();
        coselmarUser.setFirstname(userBean.getFirstName());
        coselmarUser.setName(userBean.getName());
        String cleanMail = getCleanMail(userBean.getMail());
        if (StringUtils.isNotBlank(cleanMail)) {
            checkMailUniqueness(cleanMail, null);
            coselmarUser.setMail(cleanMail);
        }
        coselmarUser.setRole(CoselmarUserRole.valueOf(userBean.getRole().toUpperCase()));
        coselmarUser.setQualification(userBean.getQualification());
        coselmarUser.setOrganization(userBean.getOrganization());
        coselmarUser.setActive(true);
        String password = userBean.getPassword();
        if (StringUtils.isBlank(password)) {
            password = getServicesContext().generatePassword();
        }
        String generateSalt = getServicesContext().generateSalt();
        coselmarUser.setPassword(getServicesContext().encodePassword(generateSalt, password));
        coselmarUser.setSalt(generateSalt);
        commit();
        if (StringUtils.isNotBlank(cleanMail)) {
            UserAccountCreatedMail userAccountCreatedMail = new UserAccountCreatedMail(getServicesContext().getLocale());
            userAccountCreatedMail.setUser(userBean);
            userAccountCreatedMail.setPassword(password);
            userAccountCreatedMail.setTo(userBean.getMail());
            sendMail(userAccountCreatedMail);
        }
    }

    public void modifyUser(UserBean userBean) throws InvalidCredentialException, UnauthorizedException, InvalidParameterException, TopiaNoResultException {
        UserWebToken checkAuthentication = checkAuthentication(getContext().getHeader("Authorization"));
        boolean equals = StringUtils.equals(checkAuthentication.getRole(), CoselmarUserRole.ADMIN.name());
        boolean z = StringUtils.equals(checkAuthentication.getRole(), CoselmarUserRole.SUPERVISOR.name()) && StringUtils.equals(userBean.getRole(), CoselmarUserRole.CLIENT.name());
        String id = userBean.getId();
        if (StringUtils.isBlank(id)) {
            throw new InvalidParameterException("User.id is mandatory");
        }
        if (StringUtils.isBlank(userBean.getPassword()) && !equals && !z) {
            throw new InvalidParameterException("User.password is mandatory");
        }
        if (!equals && !StringUtils.equals(checkAuthentication.getUserId(), id) && !z) {
            if (log.isDebugEnabled()) {
                log.debug(String.format("A non admin user try to modify account details with shortId '%s'", id));
            }
            throw new UnauthorizedException("Not allowed to modify user details");
        }
        String str = CoselmarUser.class.getCanonicalName() + getPersistenceContext().getTopiaIdFactory().getSeparator() + id;
        CoselmarUser coselmarUser = (CoselmarUser) getCoselmarUserDao().forTopiaIdEquals(str).findAny();
        if (!equals && !z) {
            checkPassword(coselmarUser.getPassword(), coselmarUser.getSalt(), userBean.getPassword());
        }
        String mail = userBean.getMail();
        if (StringUtils.isNotBlank(mail)) {
            checkMailUniqueness(mail, str);
            coselmarUser.setMail(mail);
        } else {
            coselmarUser.setMail(null);
        }
        String firstName = userBean.getFirstName();
        if (StringUtils.isNotBlank(firstName)) {
            coselmarUser.setFirstname(firstName);
        } else {
            userBean.setFirstName(coselmarUser.getFirstname());
        }
        String name = userBean.getName();
        if (StringUtils.isNotBlank(name)) {
            coselmarUser.setName(name);
        } else {
            userBean.setName(coselmarUser.getName());
        }
        String role = userBean.getRole();
        if (StringUtils.isNotBlank(role) && equals) {
            coselmarUser.setRole(CoselmarUserRole.valueOf(role.toUpperCase()));
        }
        String organization = userBean.getOrganization();
        if (StringUtils.isNotBlank(organization)) {
            coselmarUser.setOrganization(organization);
        }
        String qualification = userBean.getQualification();
        if (StringUtils.isNotBlank(qualification)) {
            coselmarUser.setQualification(qualification);
        }
        String phoneNumber = userBean.getPhoneNumber();
        if (StringUtils.isNotBlank(phoneNumber)) {
            coselmarUser.setPhoneNumber(phoneNumber);
        }
        String newPassword = userBean.getNewPassword();
        if (StringUtils.isNotBlank(newPassword)) {
            String generateSalt = getServicesContext().generateSalt();
            String encodePassword = getServicesContext().encodePassword(generateSalt, newPassword);
            coselmarUser.setSalt(generateSalt);
            coselmarUser.setPassword(encodePassword);
            if (equals || z) {
                UserPasswordChangedMail userPasswordChangedMail = new UserPasswordChangedMail(getServicesContext().getLocale());
                userPasswordChangedMail.setUser(userBean);
                userPasswordChangedMail.setPassword(newPassword);
                userPasswordChangedMail.setTo(coselmarUser.getMail());
                sendMail(userPasswordChangedMail);
            }
        }
        coselmarUser.setActive(userBean.isActive());
        commit();
    }

    public Render login(String str, String str2) throws InvalidCredentialException {
        Preconditions.checkNotNull(str);
        Preconditions.checkNotNull(str2);
        CoselmarUser coselmarUser = (CoselmarUser) getCoselmarUserDao().forMailEquals(getCleanMail(str)).addEquals(CoselmarUser.PROPERTY_ACTIVE, true).findAnyOrNull();
        if (coselmarUser == null) {
            throw new InvalidCredentialException("Invalid mail");
        }
        checkPassword(coselmarUser.getPassword(), coselmarUser.getSalt(), str2);
        JWTSigner jWTSigner = new JWTSigner(getCoselmarServicesConfig().getWebSecurityKey());
        JWTSigner.Options options = new JWTSigner.Options();
        options.setAlgorithm(Algorithm.HS512);
        return renderJSON("jwt", jWTSigner.sign(UserWebToken.toJwtClaims(getPersistenceContext().getTopiaIdFactory().getRandomPart(coselmarUser.getTopiaId()), coselmarUser.getFirstname(), coselmarUser.getName(), coselmarUser.getRole().name()), options));
    }

    public void deleteUser(String str) throws InvalidCredentialException, UnauthorizedException {
        if (StringUtils.equals(checkAuthentication(getContext().getHeader("Authorization")).getRole(), CoselmarUserRole.ADMIN.name())) {
            getCoselmarUserDao().delete((CoselmarUserTopiaDao) getCoselmarUserDao().forTopiaIdEquals(CoselmarUser.class.getCanonicalName() + ShingleFilter.DEFAULT_FILLER_TOKEN + str).findUnique());
            commit();
        } else {
            if (log.isDebugEnabled()) {
                log.debug(String.format("A non admin user try to delete account with shortId '%s'", str));
            }
            throw new UnauthorizedException("Not allowed to delete user");
        }
    }

    public void generateNewPassword(String str) {
        CoselmarUser coselmarUser = (CoselmarUser) getCoselmarUserDao().forMailEquals(str).findUnique();
        String generatePassword = getServicesContext().generatePassword();
        String generateSalt = getServicesContext().generateSalt();
        coselmarUser.setPassword(getServicesContext().encodePassword(generateSalt, generatePassword));
        coselmarUser.setSalt(generateSalt);
        commit();
        LostPasswordMail lostPasswordMail = new LostPasswordMail(getServicesContext().getLocale());
        lostPasswordMail.setUser(BeanEntityConverter.toBean(getPersistenceContext().getTopiaIdFactory().getRandomPart(coselmarUser.getTopiaId()), coselmarUser));
        lostPasswordMail.setPassword(generatePassword);
        lostPasswordMail.setTo(coselmarUser.getMail());
        sendMail(lostPasswordMail);
    }

    protected void checkMailUniqueness(String str, String str2) throws InvalidParameterException {
        if (StringUtils.isNotBlank(str2) ? getCoselmarUserDao().forMailEquals(str).addNotEquals("topiaId", str2).exists() : getCoselmarUserDao().forMailEquals(str).exists()) {
            throw new InvalidParameterException(String.format("mail '%s' is already used", str));
        }
    }

    protected void checkPassword(String str, String str2, String str3) throws InvalidCredentialException {
        if (!getServicesContext().encodePassword(str2, str3).equals(str)) {
            throw new InvalidCredentialException("Invalid password given");
        }
    }

    protected void sendMail(AbstractMail abstractMail) {
        if (getCoselmarServicesConfig().isDevMode()) {
            if (log.isInfoEnabled()) {
                log.info("an email should have been sent if not in devMode: to = " + abstractMail.getTo() + ". subject = '" + abstractMail.getSubject() + "'. body = \n" + getBody(abstractMail));
            }
            if (abstractMail.isRecipientProvided() || !log.isWarnEnabled()) {
                return;
            }
            log.warn("email has no recipient, would not have been sent " + abstractMail);
            return;
        }
        CoselmarServicesConfig coselmarServicesConfig = getCoselmarServicesConfig();
        abstractMail.setCoselmarUrl(coselmarServicesConfig.getApplicationUrl());
        String body = getBody(abstractMail);
        if (!abstractMail.isRecipientProvided()) {
            if (log.isErrorEnabled()) {
                log.error("email has no recipient, won't be sent " + abstractMail);
                return;
            }
            return;
        }
        SimpleEmail simpleEmail = new SimpleEmail();
        simpleEmail.setHostName(coselmarServicesConfig.getSmtpHost());
        simpleEmail.setSmtpPort(coselmarServicesConfig.getSmtpPort());
        simpleEmail.setCharset(Charsets.UTF_8.name());
        simpleEmail.setSubject(abstractMail.getSubject());
        try {
            simpleEmail.setFrom(coselmarServicesConfig.getSmtpFrom());
            simpleEmail.addTo(abstractMail.getTo());
            simpleEmail.setMsg(body);
            simpleEmail.send();
        } catch (EmailException e) {
            throw new CoselmarTechnicalException(e);
        }
    }

    protected String getBody(AbstractMail abstractMail) {
        Mustache mustache = getMustache(abstractMail);
        StringWriter stringWriter = new StringWriter();
        mustache.execute(stringWriter, abstractMail);
        return stringWriter.toString();
    }

    protected Mustache getMustache(AbstractMail abstractMail) {
        Mustache compile;
        DefaultMustacheFactory defaultMustacheFactory = new DefaultMustacheFactory("mail/");
        try {
            compile = defaultMustacheFactory.compile(abstractMail.getClass().getSimpleName() + ShingleFilter.DEFAULT_FILLER_TOKEN + abstractMail.getLocale().getLanguage() + ".mustache");
        } catch (MustacheException e) {
            compile = defaultMustacheFactory.compile(abstractMail.getClass().getSimpleName() + ".mustache");
        }
        return compile;
    }
}
