package com.naturalprogrammer.spring.lemon;

import com.naturalprogrammer.spring.lemon.commons.AbstractLemonService;
import com.naturalprogrammer.spring.lemon.commons.LemonProperties;
import com.naturalprogrammer.spring.lemon.commons.domain.ChangePasswordForm;
import com.naturalprogrammer.spring.lemon.commons.domain.ResetPasswordForm;
import com.naturalprogrammer.spring.lemon.commons.mail.LemonMailData;
import com.naturalprogrammer.spring.lemon.commons.mail.MailSender;
import com.naturalprogrammer.spring.lemon.commons.security.BlueTokenService;
import com.naturalprogrammer.spring.lemon.commons.security.GreenTokenService;
import com.naturalprogrammer.spring.lemon.commons.security.UserDto;
import com.naturalprogrammer.spring.lemon.commons.security.UserEditPermission;
import com.naturalprogrammer.spring.lemon.commons.util.LecUtils;
import com.naturalprogrammer.spring.lemon.commons.util.UserUtils;
import com.naturalprogrammer.spring.lemon.commonsjpa.LecjUtils;
import com.naturalprogrammer.spring.lemon.commonsweb.util.LecwUtils;
import com.naturalprogrammer.spring.lemon.domain.AbstractUser;
import com.naturalprogrammer.spring.lemon.domain.AbstractUserRepository;
import com.naturalprogrammer.spring.lemon.exceptions.util.LexUtils;
import com.naturalprogrammer.spring.lemon.util.LemonUtils;
import com.nimbusds.jwt.JWTClaimsSet;
import java.io.Serializable;
import java.util.Collections;
import java.util.Map;
import java.util.Optional;
import javax.servlet.http.HttpServletResponse;
import javax.validation.Valid;
import javax.validation.constraints.Email;
import javax.validation.constraints.NotBlank;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.exception.ExceptionUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.validation.annotation.Validated;

@Transactional(propagation = Propagation.SUPPORTS, readOnly = true)
@Validated
/* loaded from: input_file:com/naturalprogrammer/spring/lemon/LemonService.class */
public abstract class LemonService<U extends AbstractUser<ID>, ID extends Serializable> extends AbstractLemonService<U, ID> {
    private static final Log log = LogFactory.getLog(LemonService.class);
    private AbstractUserRepository<U, ID> userRepository;
    private UserDetailsService userDetailsService;

    @Autowired
    public void createLemonService(LemonProperties lemonProperties, PasswordEncoder passwordEncoder, MailSender<?> mailSender, AbstractUserRepository<U, ID> abstractUserRepository, UserDetailsService userDetailsService, BlueTokenService blueTokenService, GreenTokenService greenTokenService) {
        this.properties = lemonProperties;
        this.passwordEncoder = passwordEncoder;
        this.mailSender = mailSender;
        this.userRepository = abstractUserRepository;
        this.userDetailsService = userDetailsService;
        this.blueTokenService = blueTokenService;
        this.greenTokenService = greenTokenService;
        log.info("Created");
    }

    @Transactional(propagation = Propagation.REQUIRED, readOnly = false)
    public void onStartup() {
        try {
            this.userDetailsService.loadUserByUsername(this.properties.getAdmin().getUsername());
        } catch (UsernameNotFoundException e) {
            this.userRepository.save((AbstractUser) createAdminUser());
        }
    }

    /* renamed from: newUser, reason: merged with bridge method [inline-methods] */
    public abstract U m3newUser();

    public Map<String, Object> getContext(Optional<Long> optional, HttpServletResponse httpServletResponse) {
        log.debug("Getting context ...");
        Map<String, Object> buildContext = buildContext();
        UserDto currentUser = LecwUtils.currentUser();
        if (currentUser != null) {
            addAuthHeader(httpServletResponse, currentUser.getUsername(), optional.orElse(Long.valueOf(this.properties.getJwt().getExpirationMillis())));
            buildContext.put("user", currentUser);
        }
        return buildContext;
    }

    @Transactional(propagation = Propagation.REQUIRED, readOnly = false)
    @Validated({UserUtils.SignUpValidation.class})
    public void signup(@Valid U u) {
        log.debug("Signing up user: " + u);
        initUser((LemonService<U, ID>) u);
        this.userRepository.save(u);
        LecjUtils.afterCommit(() -> {
            LemonUtils.login(u);
            log.debug("Signed up user: " + u);
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void initUser(U u) {
        log.debug("Initializing user: " + u);
        u.setPassword(this.passwordEncoder.encode(u.getPassword()));
        makeUnverified((LemonService<U, ID>) u);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void makeUnverified(U u) {
        super.makeUnverified(u);
        LecjUtils.afterCommit(() -> {
            sendVerificationMail(u);
        });
    }

    @UserEditPermission
    public void resendVerificationMail(U u) {
        LexUtils.ensureFound(u);
        LexUtils.validate(u.getRoles().contains("UNVERIFIED"), "com.naturalprogrammer.spring.alreadyVerified", new Object[0]).go();
        sendVerificationMail(u);
    }

    public U fetchUserByEmail(@NotBlank @Valid @Email String str) {
        log.debug("Fetching user by email: " + str);
        return processUser(this.userRepository.findByEmail(str).orElse(null));
    }

    public U processUser(U u) {
        log.debug("Fetching user: " + u);
        LexUtils.ensureFound(u);
        hideConfidentialFields(u);
        return u;
    }

    @Transactional(propagation = Propagation.REQUIRED, readOnly = false)
    public void verifyUser(ID id, String str) {
        log.debug("Verifying user ...");
        AbstractUser abstractUser = (AbstractUser) this.userRepository.findById(id).orElseThrow(LexUtils.notFoundSupplier());
        LexUtils.validate(abstractUser.hasRole("UNVERIFIED"), "com.naturalprogrammer.spring.alreadyVerified", new Object[0]).go();
        JWTClaimsSet parseToken = this.greenTokenService.parseToken(str, "verify", abstractUser.getCredentialsUpdatedMillis());
        LecUtils.ensureAuthority(parseToken.getSubject().equals(abstractUser.getId().toString()) && parseToken.getClaim("email").equals(abstractUser.getEmail()), "com.naturalprogrammer.spring.wrong.verificationCode");
        abstractUser.getRoles().remove("UNVERIFIED");
        abstractUser.setCredentialsUpdatedMillis(System.currentTimeMillis());
        this.userRepository.save(abstractUser);
        LecjUtils.afterCommit(() -> {
            LemonUtils.login(abstractUser);
            log.debug("Re-logged-in the user for removing UNVERIFIED role.");
        });
        log.debug("Verified user: " + abstractUser);
    }

    @Transactional(propagation = Propagation.REQUIRED, readOnly = false)
    public void forgotPassword(@NotBlank @Valid @Email String str) {
        log.debug("Processing forgot password for email: " + str);
        mailForgotPasswordLink(this.userRepository.findByEmail(str).orElseThrow(LexUtils.notFoundSupplier()));
    }

    @Transactional(propagation = Propagation.REQUIRED, readOnly = false)
    public void resetPassword(@Valid ResetPasswordForm resetPasswordForm) {
        log.debug("Resetting password ...");
        JWTClaimsSet parseToken = this.greenTokenService.parseToken(resetPasswordForm.getCode(), "forgot-password");
        U orElseThrow = this.userRepository.findByEmail(parseToken.getSubject()).orElseThrow(LexUtils.notFoundSupplier());
        LemonUtils.ensureCredentialsUpToDate(parseToken, orElseThrow);
        orElseThrow.setPassword(this.passwordEncoder.encode(resetPasswordForm.getNewPassword()));
        orElseThrow.setCredentialsUpdatedMillis(System.currentTimeMillis());
        this.userRepository.save(orElseThrow);
        LecjUtils.afterCommit(() -> {
            LemonUtils.login(orElseThrow);
        });
        log.debug("Password reset.");
    }

    @UserEditPermission
    @Transactional(propagation = Propagation.REQUIRED, readOnly = false)
    @Validated({UserUtils.UpdateValidation.class})
    public UserDto updateUser(U u, @Valid U u2) {
        log.debug("Updating user: " + u);
        LecjUtils.ensureCorrectVersion(u, u2);
        updateUserFields(u, u2, LecwUtils.currentUser());
        this.userRepository.save(u);
        log.debug("Updated user: " + u);
        UserDto userDto = u.toUserDto();
        userDto.setPassword((String) null);
        return userDto;
    }

    @UserEditPermission
    @Transactional(propagation = Propagation.REQUIRED, readOnly = false)
    public String changePassword(U u, @Valid ChangePasswordForm changePasswordForm) {
        log.debug("Changing password for user: " + u);
        String password = ((AbstractUser) this.userRepository.findById(toId(LecwUtils.currentUser().getId())).get()).getPassword();
        LexUtils.ensureFound(u);
        LexUtils.validateField("changePasswordForm.oldPassword", this.passwordEncoder.matches(changePasswordForm.getOldPassword(), password), "com.naturalprogrammer.spring.wrong.password", new Object[0]).go();
        u.setPassword(this.passwordEncoder.encode(changePasswordForm.getPassword()));
        u.setCredentialsUpdatedMillis(System.currentTimeMillis());
        this.userRepository.save(u);
        log.debug("Changed password for user: " + u);
        return u.toUserDto().getUsername();
    }

    public abstract ID toId(String str);

    protected void updateUserFields(U u, U u2, UserDto userDto) {
        log.debug("Updating user fields for user: " + u);
        if (!userDto.isGoodAdmin() || userDto.getId().equals(u.getId().toString())) {
            return;
        }
        log.debug("Updating roles for user: " + u);
        if (u.getRoles().equals(u2.getRoles())) {
            return;
        }
        if (u2.hasRole("UNVERIFIED")) {
            if (!u.hasRole("UNVERIFIED")) {
                makeUnverified((LemonService<U, ID>) u);
            }
        } else if (u.hasRole("UNVERIFIED")) {
            u.getRoles().remove("UNVERIFIED");
        }
        u.setRoles(u2.getRoles());
        u.setCredentialsUpdatedMillis(System.currentTimeMillis());
    }

    @UserEditPermission
    @Transactional(propagation = Propagation.REQUIRED, readOnly = false)
    @Validated({UserUtils.ChangeEmailValidation.class})
    public void requestEmailChange(U u, @Valid U u2) {
        log.debug("Requesting email change: " + u);
        LexUtils.ensureFound(u);
        LexUtils.validateField("updatedUser.password", this.passwordEncoder.matches(u2.getPassword(), u.getPassword()), "com.naturalprogrammer.spring.wrong.password", new Object[0]).go();
        u.setNewEmail(u2.getNewEmail());
        this.userRepository.save(u);
        LecjUtils.afterCommit(() -> {
            mailChangeEmailLink(u);
        });
        log.debug("Requested email change: " + u);
    }

    protected void mailChangeEmailLink(U u) {
        String createToken = this.greenTokenService.createToken("change-email", u.getId().toString(), Long.valueOf(this.properties.getJwt().getExpirationMillis()), LecUtils.mapOf(new Object[]{"newEmail", u.getNewEmail()}));
        try {
            log.debug("Mailing change email link to user: " + u);
            mailChangeEmailLink(u, this.properties.getApplicationUrl() + "/users/" + u.getId() + "/change-email?code=" + createToken);
            log.debug("Change email link mail queued.");
        } catch (Exception e) {
            log.error(ExceptionUtils.getStackTrace(e));
        }
    }

    protected void mailChangeEmailLink(U u, String str) {
        this.mailSender.send(LemonMailData.of(u.getNewEmail(), LexUtils.getMessage("com.naturalprogrammer.spring.changeEmailSubject", new Object[0]), LexUtils.getMessage("com.naturalprogrammer.spring.changeEmailEmail", new Object[]{str})));
    }

    @Transactional(propagation = Propagation.REQUIRED, readOnly = false)
    @PreAuthorize("isAuthenticated()")
    public void changeEmail(ID id, @NotBlank @Valid String str) {
        log.debug("Changing email of current user ...");
        LexUtils.validate(id.equals(toId(LecwUtils.currentUser().getId())), "com.naturalprogrammer.spring.wrong.login", new Object[0]).go();
        AbstractUser abstractUser = (AbstractUser) this.userRepository.findById(id).orElseThrow(LexUtils.notFoundSupplier());
        LexUtils.validate(StringUtils.isNotBlank(abstractUser.getNewEmail()), "com.naturalprogrammer.spring.blank.newEmail", new Object[0]).go();
        JWTClaimsSet parseToken = this.greenTokenService.parseToken(str, "change-email", abstractUser.getCredentialsUpdatedMillis());
        LecUtils.ensureAuthority(parseToken.getSubject().equals(abstractUser.getId().toString()) && parseToken.getClaim("newEmail").equals(abstractUser.getNewEmail()), "com.naturalprogrammer.spring.wrong.changeEmailCode");
        LexUtils.validate(!this.userRepository.findByEmail(abstractUser.getNewEmail()).isPresent(), "com.naturalprogrammer.spring.duplicate.email", new Object[0]).go();
        abstractUser.setEmail(abstractUser.getNewEmail());
        abstractUser.setNewEmail(null);
        abstractUser.setCredentialsUpdatedMillis(System.currentTimeMillis());
        if (abstractUser.hasRole("UNVERIFIED")) {
            abstractUser.getRoles().remove("UNVERIFIED");
        }
        this.userRepository.save(abstractUser);
        LecjUtils.afterCommit(() -> {
            LemonUtils.login(abstractUser);
        });
        log.debug("Changed email of user: " + abstractUser);
    }

    @PreAuthorize("isAuthenticated()")
    public String fetchNewToken(Optional<Long> optional, Optional<String> optional2) {
        UserDto currentUser = LecwUtils.currentUser();
        String orElse = optional2.orElse(currentUser.getUsername());
        LecUtils.ensureAuthority(currentUser.getUsername().equals(orElse) || currentUser.isGoodAdmin(), "com.naturalprogrammer.spring.notGoodAdminOrSameUser");
        return "Bearer " + this.blueTokenService.createToken("auth", orElse, optional.orElse(Long.valueOf(this.properties.getJwt().getExpirationMillis())));
    }

    @Transactional(propagation = Propagation.REQUIRED, readOnly = false)
    public void save(U u) {
        this.userRepository.save(u);
    }

    protected void hideConfidentialFields(U u) {
        u.setPassword(null);
        if (!u.hasPermission(LecwUtils.currentUser(), "edit")) {
            u.setEmail(null);
        }
        log.debug("Hid confidential fields for user: " + u);
    }

    @PreAuthorize("isAuthenticated()")
    public Map<String, String> fetchFullToken(String str) {
        LecUtils.ensureCredentials(this.blueTokenService.parseClaim(str.substring(7), "user") == null, "com.naturalprogrammer.spring.fullTokenNotAllowed");
        UserDto currentUser = LecwUtils.currentUser();
        return Collections.singletonMap("token", "Bearer " + this.blueTokenService.createToken("auth", currentUser.getUsername(), Long.valueOf(this.properties.getJwt().getShortLivedMillis()), Collections.singletonMap("user", LecUtils.serialize(currentUser))));
    }

    public void addAuthHeader(HttpServletResponse httpServletResponse, String str, Long l) {
        httpServletResponse.addHeader("Lemon-Authorization", "Bearer " + this.blueTokenService.createToken("auth", str, l));
    }

    public Optional<U> findUserById(String str) {
        return this.userRepository.findById(toId(str));
    }
}
