package org.sonar.server.usertoken.ws;

import org.sonar.api.server.ws.Request;
import org.sonar.api.server.ws.Response;
import org.sonar.api.server.ws.WebService;
import org.sonar.api.utils.System2;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.user.UserTokenDto;
import org.sonar.server.exceptions.ServerException;
import org.sonar.server.user.AbstractUserSession;
import org.sonar.server.user.UserSession;
import org.sonar.server.usertoken.TokenGenerator;
import org.sonar.server.ws.WsUtils;
import org.sonarqube.ws.WsUserTokens;
import org.sonarqube.ws.client.usertoken.GenerateWsRequest;

/* loaded from: input_file:org/sonar/server/usertoken/ws/GenerateAction.class */
public class GenerateAction implements UserTokensWsAction {
    private final DbClient dbClient;
    private final UserSession userSession;
    private final System2 system;
    private final TokenGenerator tokenGenerator;

    public GenerateAction(DbClient dbClient, UserSession userSession, System2 system2, TokenGenerator tokenGenerator) {
        this.userSession = userSession;
        this.dbClient = dbClient;
        this.system = system2;
        this.tokenGenerator = tokenGenerator;
    }

    public void define(WebService.NewController newController) {
        WebService.NewAction handler = newController.createAction("generate").setSince("5.3").setPost(true).setDescription("Generate a user access token. <br />Please keep your tokens secret. They enable to authenticate and analyze projects.<br />If the login is set, it requires administration permissions. Otherwise, a token is generated for the authenticated user.").setResponseExample(getClass().getResource("generate-example.json")).setHandler(this);
        handler.createParam("login").setDescription("User login. If not set, the token is generated for the authenticated user.").setExampleValue("g.hopper");
        handler.createParam("name").setRequired(true).setDescription("Token name").setExampleValue("Project scan on Travis");
    }

    public void handle(Request request, Response response) throws Exception {
        WsUtils.writeProtobuf(doHandle(toCreateWsRequest(request)), request, response);
    }

    private WsUserTokens.GenerateWsResponse doHandle(GenerateWsRequest generateWsRequest) {
        DbSession openSession = this.dbClient.openSession(false);
        try {
            checkWsRequest(openSession, generateWsRequest);
            TokenPermissionsValidator.validate(this.userSession, generateWsRequest.getLogin());
            String generate = this.tokenGenerator.generate();
            WsUserTokens.GenerateWsResponse buildResponse = buildResponse(insertTokenInDb(openSession, generateWsRequest, hashToken(openSession, generate)), generate);
            this.dbClient.closeSession(openSession);
            return buildResponse;
        } catch (Throwable th) {
            this.dbClient.closeSession(openSession);
            throw th;
        }
    }

    private String hashToken(DbSession dbSession, String str) {
        String hash = this.tokenGenerator.hash(str);
        if (this.dbClient.userTokenDao().selectByTokenHash(dbSession, hash).isPresent()) {
            throw new ServerException(500, "Error while generating token. Please try again.");
        }
        return hash;
    }

    private void checkWsRequest(DbSession dbSession, GenerateWsRequest generateWsRequest) {
        checkLoginExists(dbSession, generateWsRequest);
        WsUtils.checkRequest(!this.dbClient.userTokenDao().selectByLoginAndName(dbSession, generateWsRequest.getLogin(), generateWsRequest.getName()).isPresent(), "A user token with login '%s' and name '%s' already exists", generateWsRequest.getLogin(), generateWsRequest.getName());
    }

    private void checkLoginExists(DbSession dbSession, GenerateWsRequest generateWsRequest) {
        if (this.dbClient.userDao().selectByLogin(dbSession, generateWsRequest.getLogin()) == null) {
            throw AbstractUserSession.insufficientPrivilegesException();
        }
    }

    private UserTokenDto insertTokenInDb(DbSession dbSession, GenerateWsRequest generateWsRequest, String str) {
        UserTokenDto createdAt = new UserTokenDto().setLogin(generateWsRequest.getLogin()).setName(generateWsRequest.getName()).setTokenHash(str).setCreatedAt(this.system.now());
        this.dbClient.userTokenDao().insert(dbSession, createdAt);
        dbSession.commit();
        return createdAt;
    }

    private GenerateWsRequest toCreateWsRequest(Request request) {
        GenerateWsRequest name = new GenerateWsRequest().setLogin(request.param("login")).setName(request.mandatoryParam("name").trim());
        if (name.getLogin() == null) {
            name.setLogin(this.userSession.getLogin());
        }
        WsUtils.checkRequest(!name.getName().isEmpty(), "The '%s' parameter must not be blank", "name");
        return name;
    }

    private static WsUserTokens.GenerateWsResponse buildResponse(UserTokenDto userTokenDto, String str) {
        return WsUserTokens.GenerateWsResponse.newBuilder().setLogin(userTokenDto.getLogin()).setName(userTokenDto.getName()).setToken(str).build();
    }
}
