package cronapp.framework.security;

import cronapi.AppConfig;
import cronapi.TokenUtils;
import cronapi.Var;
import cronapi.util.Operations;
import cronapp.framework.api.ApiManager;
import cronapp.framework.api.EventsManager;
import cronapp.framework.api.User;
import cronapp.framework.api.response.DefaultResponse;
import cronapp.framework.core.CronappConfiguration;
import cronapp.framework.core.CronappSettingsService;
import cronapp.framework.i18n.Messages;
import cronapp.framework.persistence.PasswordConstraintException;
import io.jsonwebtoken.Claims;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.ws.rs.ForbiddenException;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.StringJoiner;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.crypto.encrypt.Encryptors;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

@RestController
/* loaded from: input_file:cronapp/framework/security/SecurityController.class */
public class SecurityController {

    @Generated
    private static final Log log = LogFactory.getLog(SecurityController.class);
    private static final String SCOPE_UPDATE_CURRENT_USER_PASSWORD = "update:current_user:password";

    @Autowired
    private AuthenticationProviders authenticationProviders;

    @RequestMapping(path = {"token"}, method = {RequestMethod.GET})
    public String token() {
        return "";
    }

    @RequestMapping(path = {"auth/refresh"}, method = {RequestMethod.GET})
    public ResponseEntity<AuthenticationResponse> refresh(Authentication authentication, HttpServletRequest httpServletRequest) throws AuthenticationException {
        return me(authentication, httpServletRequest);
    }

    @RequestMapping(path = {"authproviders"}, method = {RequestMethod.GET}, produces = {"application/json"})
    public ResponseEntity<List<AuthenticationMethod>> authProviders() {
        return ResponseEntity.ok(this.authenticationProviders.getMethods());
    }

    @RequestMapping(path = {"me"}, method = {RequestMethod.GET})
    public ResponseEntity<AuthenticationResponse> me(Authentication authentication, HttpServletRequest httpServletRequest) throws AuthenticationException {
        try {
            String header = httpServletRequest.getHeader("X-AUTH-TOKEN");
            long time = StringUtils.isNotBlank(header) ? TokenUtils.getExpirationDateFromToken(header).getTime() : 0L;
            ApiManager byUser = ApiManager.byUser(authentication.getName());
            Collection<GrantedAuthority> authorities = authentication.getAuthorities();
            User resetPassword = byUser.getUser().resetPassword();
            StringJoiner stringJoiner = new StringJoiner(",");
            boolean z = false;
            for (GrantedAuthority grantedAuthority : authorities) {
                stringJoiner.add(grantedAuthority.getAuthority());
                if (grantedAuthority.getAuthority().equalsIgnoreCase("Administrators")) {
                    z = true;
                }
            }
            return ResponseEntity.ok(AuthenticationResponse.builder().user(resetPassword).token(header).expires(time).roles(stringJoiner.toString()).root(z).build());
        } catch (Exception e) {
            throw new AuthenticationServiceException(Messages.getString("AuthError", e.getMessage()));
        }
    }

    @PostMapping({"auth/signup"})
    public ResponseEntity<DefaultResponse> signUp(@RequestBody Var var) {
        DefaultResponse defaultResponse = new DefaultResponse();
        if (!AppConfig.getIfRegistrationAvailable().booleanValue()) {
            return new ResponseEntity<>(defaultResponse.parseResponse(Integer.valueOf(HttpStatus.FORBIDDEN.value()), Messages.getString("UserRegisterNotAvaliable")), HttpStatus.FORBIDDEN);
        }
        Map objectAsMap = var.getObjectAsMap();
        if (objectAsMap.get(ApiManager.SECURABLE_ATTRIBUTE_NAME) == null) {
            objectAsMap.put(ApiManager.SECURABLE_ATTRIBUTE_NAME, objectAsMap.get("username"));
        }
        objectAsMap.put("normalizedUserName", objectAsMap.get("username"));
        objectAsMap.put("normalizedEmail", objectAsMap.get("email"));
        try {
            if (ApiManager.byUser(objectAsMap.get("username").toString()).getUser() != null) {
                return new ResponseEntity<>(defaultResponse.parseResponse(Integer.valueOf(HttpStatus.BAD_REQUEST.value()), Messages.getString("UserAlreadyExists")), HttpStatus.BAD_REQUEST);
            }
            ApiManager.createUser(var);
            return new ResponseEntity<>(defaultResponse.parseResponse(Integer.valueOf(HttpStatus.CREATED.value()), Messages.getString("UserRegisteredSuccessfully")), HttpStatus.CREATED);
        } catch (Exception e) {
            PasswordConstraintException unwrap = PasswordConstraintException.unwrap(e);
            if (unwrap != null) {
                throw unwrap;
            }
            return new ResponseEntity<>(defaultResponse.parseResponse(Integer.valueOf(HttpStatus.FORBIDDEN.value()), Messages.getString("AuthError", e.getMessage())), HttpStatus.FORBIDDEN);
        }
    }

    @PostMapping({"auth/reset-password"})
    public ResponseEntity<String> resetPassword(@RequestParam("email") String str) {
        try {
            User user = ApiManager.byUser(str).getUser();
            HashMap hashMap = new HashMap();
            hashMap.put("sub", user.getUsername());
            hashMap.put("scope", SCOPE_UPDATE_CURRENT_USER_PASSWORD);
            Operations.callBlockly(Var.valueOf("UserManager:sendResetPasswordEmail"), new Var[]{Var.valueOf(user.getEmail()), Var.valueOf(user.getName()), Var.valueOf(TokenUtils.generateToken(hashMap, TokenUtils.generateExpirationDate(), (String) null))});
        } catch (Exception e) {
            log.error(Messages.getString("AuthError", e.getMessage()), e);
        }
        return new ResponseEntity<>("{}", HttpStatus.OK);
    }

    @PostMapping({"auth/confirm-reset-password"})
    public void confirmResetPassword(@RequestParam("password") String str, @RequestParam(value = "otp", required = false) String str2, @RequestHeader("X-AUTH-TOKEN") String str3, HttpServletRequest httpServletRequest) {
        if (str3 == null || str3.isBlank()) {
            str3 = TokenUtils.getTokenFromCookie(httpServletRequest.getCookies());
        }
        if (TokenUtils.isTokenExpired(str3)) {
            throw new ForbiddenException(Messages.getString("ResetPasswordTokenExpired"));
        }
        String usernameFromToken = TokenUtils.getUsernameFromToken(str3);
        List scopeFromToken = TokenUtils.getScopeFromToken(str3);
        Claims claimsFromToken = TokenUtils.getClaimsFromToken(str3);
        if (usernameFromToken == null || !scopeFromToken.contains(SCOPE_UPDATE_CURRENT_USER_PASSWORD)) {
            throw new ForbiddenException(Messages.getString("UserOrPassordInvalids"));
        }
        CronappSettingsService cronappSettingsService = (CronappSettingsService) CronappConfiguration.getBean(CronappSettingsService.class);
        if (str2 != null) {
            String valueOf = String.valueOf(claimsFromToken.get("otp"));
            String decrypt = Encryptors.text(cronappSettingsService.getEncryptionKey(), cronappSettingsService.getEncryptionSalt()).decrypt(valueOf);
            if (valueOf != null && !decrypt.equals(str2)) {
                throw new ForbiddenException(Messages.getString("InvalidOTP"));
            }
        }
        if (EventsManager.hasEvent("onResetPassword")) {
            EventsManager.executeEventOnTransaction("onResetPassword", Var.valueOf(usernameFromToken), Var.valueOf(str));
            return;
        }
        try {
            ApiManager.byUser(usernameFromToken).updatePassword(str);
        } catch (Exception e) {
            PasswordConstraintException unwrap = PasswordConstraintException.unwrap(e);
            if (unwrap == null) {
                throw new AuthenticationServiceException(Messages.getString("AuthError", e.getMessage()));
            }
            throw unwrap;
        }
    }
}
