package com.naturalprogrammer.spring.lemonreactive;

import com.naturalprogrammer.spring.lemon.commons.AbstractLemonService;
import com.naturalprogrammer.spring.lemon.commons.LemonProperties;
import com.naturalprogrammer.spring.lemon.commons.domain.ChangePasswordForm;
import com.naturalprogrammer.spring.lemon.commons.domain.ResetPasswordForm;
import com.naturalprogrammer.spring.lemon.commons.mail.LemonMailData;
import com.naturalprogrammer.spring.lemon.commons.mail.MailSender;
import com.naturalprogrammer.spring.lemon.commons.security.BlueTokenService;
import com.naturalprogrammer.spring.lemon.commons.security.GreenTokenService;
import com.naturalprogrammer.spring.lemon.commons.security.UserDto;
import com.naturalprogrammer.spring.lemon.commons.util.LecUtils;
import com.naturalprogrammer.spring.lemon.commons.util.UserUtils;
import com.naturalprogrammer.spring.lemon.commonsmongo.LecmUtils;
import com.naturalprogrammer.spring.lemon.commonsreactive.util.LecrUtils;
import com.naturalprogrammer.spring.lemon.exceptions.util.LexUtils;
import com.naturalprogrammer.spring.lemonreactive.domain.AbstractMongoUser;
import com.naturalprogrammer.spring.lemonreactive.domain.AbstractMongoUserRepository;
import com.naturalprogrammer.spring.lemonreactive.forms.EmailForm;
import com.naturalprogrammer.spring.lemonreactive.util.LerUtils;
import com.nimbusds.jwt.JWTClaimsSet;
import java.io.Serializable;
import java.util.Collections;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.exception.ExceptionUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.server.reactive.ServerHttpResponse;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.userdetails.ReactiveUserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.util.MultiValueMap;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;
import reactor.util.function.Tuple2;
import reactor.util.function.Tuple3;
import reactor.util.function.Tuples;

/* loaded from: input_file:com/naturalprogrammer/spring/lemonreactive/LemonReactiveService.class */
public abstract class LemonReactiveService<U extends AbstractMongoUser<ID>, ID extends Serializable> extends AbstractLemonService<U, ID> {
    private static final Log log = LogFactory.getLog(LemonReactiveService.class);
    protected AbstractMongoUserRepository<U, ID> userRepository;
    protected ReactiveUserDetailsService userDetailsService;

    @Autowired
    public void createLemonService(LemonProperties lemonProperties, PasswordEncoder passwordEncoder, MailSender mailSender, AbstractMongoUserRepository<U, ID> abstractMongoUserRepository, ReactiveUserDetailsService reactiveUserDetailsService, BlueTokenService blueTokenService, GreenTokenService greenTokenService) {
        this.properties = lemonProperties;
        this.passwordEncoder = passwordEncoder;
        this.mailSender = mailSender;
        this.userRepository = abstractMongoUserRepository;
        this.userDetailsService = reactiveUserDetailsService;
        this.blueTokenService = blueTokenService;
        this.greenTokenService = greenTokenService;
        log.info("Created");
    }

    public void onStartup() {
        this.userDetailsService.findByUsername(this.properties.getAdmin().getUsername()).doOnError(th -> {
            return th instanceof UsernameNotFoundException;
        }, th2 -> {
            log.debug("Creating first admin ... ");
            this.userRepository.insert((AbstractMongoUser) createAdminUser()).doOnError(th2 -> {
                log.warn("Error creating initial admin " + th2);
            }).subscribe();
            log.debug("Created first admin.");
        }).subscribe();
    }

    /* renamed from: newUser, reason: merged with bridge method [inline-methods] */
    public abstract U m3newUser();

    public Mono<Map<String, Object>> getContext(Optional<Long> optional, ServerHttpResponse serverHttpResponse) {
        log.debug("Getting context ...");
        return LecrUtils.currentUser().map(optional2 -> {
            Map buildContext = buildContext();
            optional2.ifPresent(userDto -> {
                addAuthHeader(serverHttpResponse, userDto, ((Long) optional.orElse(Long.valueOf(this.properties.getJwt().getExpirationMillis()))).longValue());
                buildContext.put("user", userDto);
            });
            return buildContext;
        });
    }

    public Mono<UserDto> signup(Mono<U> mono) {
        log.debug("Signing up user: " + mono);
        Mono doOnNext = mono.doOnNext(lemonUser -> {
            this.initUser(lemonUser);
        });
        AbstractMongoUserRepository<U, ID> abstractMongoUserRepository = this.userRepository;
        Objects.requireNonNull(abstractMongoUserRepository);
        return doOnNext.flatMap((v1) -> {
            return r1.insert(v1);
        }).doOnNext(lemonUser2 -> {
            this.sendVerificationMail(lemonUser2);
        }).doOnNext((v0) -> {
            v0.eraseCredentials();
        }).map((v0) -> {
            return v0.toUserDto();
        });
    }

    public Mono<Void> resendVerificationMail(ID id) {
        return findUserById(id).zipWith(LecrUtils.currentUser()).doOnNext(this::ensureEditable).map((v0) -> {
            return v0.getT1();
        }).doOnNext(this::resendVerificationMail).then();
    }

    protected void ensureEditable(Tuple2<U, Optional<UserDto>> tuple2) {
        LecUtils.ensureAuthority(((AbstractMongoUser) tuple2.getT1()).hasPermission((UserDto) ((Optional) tuple2.getT2()).orElse(null), "edit"), "com.naturalprogrammer.spring.notGoodAdminOrSameUser");
    }

    protected void resendVerificationMail(U u) {
        LexUtils.validate(u.getRoles().contains("UNVERIFIED"), "com.naturalprogrammer.spring.alreadyVerified", new Object[0]).go();
        sendVerificationMail(u);
    }

    public Mono<UserDto> verifyUser(ID id, Mono<MultiValueMap<String, String>> mono) {
        log.debug("Verifying user ...");
        Mono map = Mono.zip(findUserById(id), mono).map(this::verifyUser);
        AbstractMongoUserRepository<U, ID> abstractMongoUserRepository = this.userRepository;
        Objects.requireNonNull(abstractMongoUserRepository);
        return map.flatMap((v1) -> {
            return r1.save(v1);
        }).map((v0) -> {
            return v0.toUserDto();
        });
    }

    public U verifyUser(Tuple2<U, MultiValueMap<String, String>> tuple2) {
        log.debug("Verifying user ...");
        U u = (U) tuple2.getT1();
        String str = (String) ((MultiValueMap) tuple2.getT2()).getFirst("code");
        LexUtils.validate(StringUtils.isNotBlank(str), "com.naturalprogrammer.spring.blank", new Object[]{"code"}).go();
        LexUtils.validate(u.hasRole("UNVERIFIED"), "com.naturalprogrammer.spring.alreadyVerified", new Object[0]).go();
        JWTClaimsSet parseToken = this.greenTokenService.parseToken(str, "verify", u.getCredentialsUpdatedMillis());
        LecUtils.ensureAuthority(parseToken.getSubject().equals(u.getId().toString()) && parseToken.getClaim("email").equals(u.getEmail()), "com.naturalprogrammer.spring.wrong.verificationCode");
        u.getRoles().remove("UNVERIFIED");
        u.setCredentialsUpdatedMillis(System.currentTimeMillis());
        return u;
    }

    public Mono<Void> forgotPassword(Mono<MultiValueMap<String, String>> mono) {
        return mono.map(multiValueMap -> {
            String str = (String) multiValueMap.getFirst("email");
            LexUtils.validate(StringUtils.isNotBlank(str), "com.naturalprogrammer.spring.blank", new Object[]{"email"}).go();
            return str;
        }).flatMap(this::findUserByEmail).doOnSuccess((v1) -> {
            mailForgotPasswordLink(v1);
        }).then();
    }

    public Mono<UserDto> resetPassword(Mono<ResetPasswordForm> mono) {
        Mono map = mono.map(resetPasswordForm -> {
            log.debug("Resetting password ...");
            JWTClaimsSet parseToken = this.greenTokenService.parseToken(resetPasswordForm.getCode(), "forgot-password");
            return Tuples.of(parseToken.getSubject(), parseToken, resetPasswordForm.getNewPassword());
        }).flatMap(tuple3 -> {
            return Mono.zip(findUserByEmail((String) tuple3.getT1()), Mono.just((JWTClaimsSet) tuple3.getT2()), Mono.just((String) tuple3.getT3()));
        }).map(this::resetPassword);
        AbstractMongoUserRepository<U, ID> abstractMongoUserRepository = this.userRepository;
        Objects.requireNonNull(abstractMongoUserRepository);
        return map.flatMap((v1) -> {
            return r1.save(v1);
        }).map((v0) -> {
            return v0.toUserDto();
        });
    }

    public U resetPassword(Tuple3<U, JWTClaimsSet, String> tuple3) {
        log.debug("Resetting password ...");
        U u = (U) tuple3.getT1();
        JWTClaimsSet jWTClaimsSet = (JWTClaimsSet) tuple3.getT2();
        String str = (String) tuple3.getT3();
        LerUtils.ensureCredentialsUpToDate(jWTClaimsSet, u);
        u.setPassword(this.passwordEncoder.encode(str));
        u.setCredentialsUpdatedMillis(System.currentTimeMillis());
        log.debug("Password reset.");
        return u;
    }

    public Mono<UserDto> userWithToken(Mono<UserDto> mono, ServerHttpResponse serverHttpResponse, long j) {
        return mono.doOnNext(userDto -> {
            log.debug("Adding auth header for " + userDto.getUsername());
            addAuthHeader(serverHttpResponse, userDto, j);
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addAuthHeader(ServerHttpResponse serverHttpResponse, UserDto userDto, long j) {
        log.debug("Adding auth header for " + userDto.getUsername());
        serverHttpResponse.getHeaders().add("Lemon-Authorization", "Bearer " + this.blueTokenService.createToken("auth", userDto.getUsername(), Long.valueOf(j)));
    }

    public Mono<U> fetchUserByEmail(Mono<MultiValueMap<String, String>> mono) {
        return mono.map(multiValueMap -> {
            String str = (String) multiValueMap.getFirst("email");
            LexUtils.validate(StringUtils.isNotBlank(str), "com.naturalprogrammer.spring.blank", new Object[]{"email"}).go();
            return str;
        }).flatMap(this::findUserByEmail).zipWith(LecrUtils.currentUser()).doOnNext(this::hideConfidentialFields).map((v0) -> {
            return v0.getT1();
        });
    }

    public Mono<U> fetchUserById(ID id) {
        return findUserById(id).zipWith(LecrUtils.currentUser()).doOnNext(this::hideConfidentialFields).map((v0) -> {
            return v0.getT1();
        });
    }

    public Mono<UserDto> updateUser(ID id, Mono<String> mono) {
        Mono map = Mono.zip(findUserById(id), LecrUtils.currentUser(), mono).doOnNext((v1) -> {
            ensureEditable(v1);
        }).map(tuple3 -> {
            return updateUser((AbstractMongoUser) tuple3.getT1(), (Optional) tuple3.getT2(), (String) tuple3.getT3());
        });
        AbstractMongoUserRepository<U, ID> abstractMongoUserRepository = this.userRepository;
        Objects.requireNonNull(abstractMongoUserRepository);
        return map.flatMap((v1) -> {
            return r1.save(v1);
        }).map(abstractMongoUser -> {
            UserDto userDto = abstractMongoUser.toUserDto();
            userDto.setPassword((String) null);
            return userDto;
        });
    }

    /* JADX WARN: Multi-variable type inference failed */
    protected U updateUser(U u, Optional<UserDto> optional, String str) {
        log.debug("Updating user: " + u);
        AbstractMongoUser abstractMongoUser = (AbstractMongoUser) LecrUtils.applyPatch(u, str);
        LexUtils.validateBean("updatedUser", abstractMongoUser, new Class[]{UserUtils.UpdateValidation.class}).go();
        LecmUtils.ensureCorrectVersion(u, abstractMongoUser);
        updateUserFields(u, abstractMongoUser, optional.get());
        log.debug("Updated user: " + u);
        return u;
    }

    protected void updateUserFields(U u, U u2, UserDto userDto) {
        log.debug("Updating user fields for user: " + u);
        if (!userDto.isGoodAdmin() || userDto.getId().equals(u.getId().toString())) {
            return;
        }
        log.debug("Updating roles for user: " + u);
        if (u.getRoles().equals(u2.getRoles())) {
            return;
        }
        if (u2.hasRole("UNVERIFIED")) {
            if (!u.hasRole("UNVERIFIED")) {
                makeUnverified(u);
            }
        } else if (u.hasRole("UNVERIFIED")) {
            u.getRoles().remove("UNVERIFIED");
        }
        u.setRoles(u2.getRoles());
        u.setCredentialsUpdatedMillis(System.currentTimeMillis());
    }

    public Mono<U> findUserByEmail(String str) {
        return this.userRepository.findByEmail(str).switchIfEmpty(LecrUtils.notFoundMono());
    }

    public Mono<U> findUserById(ID id) {
        return this.userRepository.findById(id).switchIfEmpty(LecrUtils.notFoundMono());
    }

    protected void hideConfidentialFields(Tuple2<U, Optional<UserDto>> tuple2) {
        AbstractMongoUser abstractMongoUser = (AbstractMongoUser) tuple2.getT1();
        abstractMongoUser.eraseCredentials();
        if (!abstractMongoUser.hasPermission((UserDto) ((Optional) tuple2.getT2()).orElse(null), "edit")) {
            abstractMongoUser.setEmail(null);
        }
        log.debug("Hid confidential fields for user: " + abstractMongoUser);
    }

    public Mono<UserDto> changePassword(ID id, Mono<ChangePasswordForm> mono) {
        Mono map = Mono.zip(findUserById(id), LecrUtils.currentUser()).doOnNext(this::ensureEditable).flatMap(tuple2 -> {
            return Mono.zip(Mono.just((AbstractMongoUser) tuple2.getT1()), findUserById(toId(((UserDto) ((Optional) tuple2.getT2()).get()).getId())), mono).doOnNext(this::changePassword);
        }).map((v0) -> {
            return v0.getT1();
        });
        AbstractMongoUserRepository<U, ID> abstractMongoUserRepository = this.userRepository;
        Objects.requireNonNull(abstractMongoUserRepository);
        return map.flatMap((v1) -> {
            return r1.save(v1);
        }).map((v0) -> {
            return v0.toUserDto();
        });
    }

    protected void changePassword(Tuple3<U, U, ChangePasswordForm> tuple3) {
        AbstractMongoUser abstractMongoUser = (AbstractMongoUser) tuple3.getT1();
        AbstractMongoUser abstractMongoUser2 = (AbstractMongoUser) tuple3.getT2();
        ChangePasswordForm changePasswordForm = (ChangePasswordForm) tuple3.getT3();
        log.debug("Changing password for user: " + abstractMongoUser);
        LexUtils.validateField("changePasswordForm.oldPassword", this.passwordEncoder.matches(changePasswordForm.getOldPassword(), abstractMongoUser2.getPassword()), "com.naturalprogrammer.spring.wrong.password", new Object[0]).go();
        abstractMongoUser.setPassword(this.passwordEncoder.encode(changePasswordForm.getPassword()));
        abstractMongoUser.setCredentialsUpdatedMillis(System.currentTimeMillis());
        log.debug("Changed password for user: " + abstractMongoUser);
    }

    public Mono<Void> requestEmailChange(ID id, Mono<EmailForm> mono) {
        Mono map = Mono.zip(findUserById(id), LecrUtils.currentUser()).doOnNext(this::ensureEditable).flatMap(tuple2 -> {
            return Mono.zip(Mono.just((AbstractMongoUser) tuple2.getT1()), findUserById(toId(((UserDto) ((Optional) tuple2.getT2()).get()).getId())), mono).doOnNext(this::requestEmailChange);
        }).map((v0) -> {
            return v0.getT1();
        });
        AbstractMongoUserRepository<U, ID> abstractMongoUserRepository = this.userRepository;
        Objects.requireNonNull(abstractMongoUserRepository);
        return map.flatMap((v1) -> {
            return r1.save(v1);
        }).doOnNext(this::mailChangeEmailLink).then();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract ID toId(String str);

    protected void requestEmailChange(Tuple3<U, U, EmailForm> tuple3) {
        AbstractMongoUser abstractMongoUser = (AbstractMongoUser) tuple3.getT1();
        EmailForm emailForm = (EmailForm) tuple3.getT3();
        log.debug("Requesting email change: " + abstractMongoUser);
        LexUtils.validateField("emailFormMono.password", this.passwordEncoder.matches(emailForm.getPassword(), abstractMongoUser.getPassword()), "com.naturalprogrammer.spring.wrong.password", new Object[0]).go();
        abstractMongoUser.setNewEmail(emailForm.getNewEmail());
        log.debug("Requested email change: " + abstractMongoUser);
    }

    protected void mailChangeEmailLink(U u) {
        String createToken = this.greenTokenService.createToken("change-email", u.getId().toString(), Long.valueOf(this.properties.getJwt().getExpirationMillis()), LecUtils.mapOf(new Object[]{"newEmail", u.getNewEmail()}));
        try {
            log.debug("Mailing change email link to user: " + u);
            mailChangeEmailLink(u, this.properties.getApplicationUrl() + "/users/" + u.getId() + "/change-email?code=" + createToken);
            log.debug("Change email link mail queued.");
        } catch (Exception e) {
            log.error(ExceptionUtils.getStackTrace(e));
        }
    }

    protected void mailChangeEmailLink(U u, String str) {
        this.mailSender.send(LemonMailData.of(u.getNewEmail(), LexUtils.getMessage("com.naturalprogrammer.spring.changeEmailSubject", new Object[0]), LexUtils.getMessage("com.naturalprogrammer.spring.changeEmailEmail", new Object[]{str})));
    }

    @PreAuthorize("isAuthenticated()")
    public Mono<UserDto> changeEmail(ID id, Mono<MultiValueMap<String, String>> mono) {
        log.debug("Changing email of current user ...");
        Mono map = LecrUtils.currentUser().doOnNext(optional -> {
            LexUtils.validate(id.equals(toId(((UserDto) optional.get()).getId())), "com.naturalprogrammer.spring.wrong.login", new Object[0]).go();
        }).then(Mono.zip(findUserById(id), mono)).map(this::validateChangeEmail).flatMap(abstractMongoUser -> {
            return Mono.zip(Mono.just(abstractMongoUser), this.userRepository.findByEmail(abstractMongoUser.getNewEmail()).map((v0) -> {
                return Optional.of(v0);
            }).defaultIfEmpty(Optional.empty()));
        }).map(this::changeEmail);
        AbstractMongoUserRepository<U, ID> abstractMongoUserRepository = this.userRepository;
        Objects.requireNonNull(abstractMongoUserRepository);
        return map.flatMap((v1) -> {
            return r1.save(v1);
        }).map((v0) -> {
            return v0.toUserDto();
        });
    }

    protected U validateChangeEmail(Tuple2<U, MultiValueMap<String, String>> tuple2) {
        U u = (U) tuple2.getT1();
        String str = (String) ((MultiValueMap) tuple2.getT2()).getFirst("code");
        LexUtils.validate(StringUtils.isNotBlank(str), "com.naturalprogrammer.spring.blank", new Object[]{"code"}).go();
        LexUtils.validate(StringUtils.isNotBlank(u.getNewEmail()), "com.naturalprogrammer.spring.blank.newEmail", new Object[0]).go();
        JWTClaimsSet parseToken = this.greenTokenService.parseToken(str, "change-email", u.getCredentialsUpdatedMillis());
        LecUtils.ensureAuthority(parseToken.getSubject().equals(u.getId().toString()) && parseToken.getClaim("newEmail").equals(u.getNewEmail()), "com.naturalprogrammer.spring.wrong.changeEmailCode");
        return u;
    }

    protected U changeEmail(Tuple2<U, Optional<U>> tuple2) {
        U u = (U) tuple2.getT1();
        LexUtils.validate(!((Optional) tuple2.getT2()).isPresent(), "com.naturalprogrammer.spring.duplicate.email", new Object[0]).go();
        u.setEmail(u.getNewEmail());
        u.setNewEmail(null);
        u.setCredentialsUpdatedMillis(System.currentTimeMillis());
        if (u.hasRole("UNVERIFIED")) {
            u.getRoles().remove("UNVERIFIED");
        }
        return u;
    }

    @PreAuthorize("isAuthenticated()")
    public Mono<Map<String, String>> fetchNewToken(ServerWebExchange serverWebExchange) {
        return Mono.zip(LecrUtils.currentUser(), serverWebExchange.getFormData()).map(tuple2 -> {
            UserDto userDto = (UserDto) ((Optional) tuple2.getT1()).get();
            String str = (String) ((MultiValueMap) tuple2.getT2()).getFirst("username");
            if (StringUtils.isBlank(str)) {
                str = userDto.getUsername();
            }
            long expirationMillis = getExpirationMillis((MultiValueMap) tuple2.getT2());
            LecUtils.ensureAuthority(userDto.getUsername().equals(str) || userDto.isGoodAdmin(), "com.naturalprogrammer.spring.notGoodAdminOrSameUser");
            StringBuilder append = new StringBuilder().append("Bearer ");
            BlueTokenService blueTokenService = this.blueTokenService;
            BlueTokenService blueTokenService2 = this.blueTokenService;
            return Collections.singletonMap("token", append.append(blueTokenService.createToken("auth", str, Long.valueOf(expirationMillis))).toString());
        });
    }

    @PreAuthorize("isAuthenticated()")
    public Mono<Map<String, String>> fetchFullToken(String str) {
        LecUtils.ensureCredentials(this.blueTokenService.parseClaim(str.substring(7), "user") == null, "com.naturalprogrammer.spring.fullTokenNotAllowed");
        return LecrUtils.currentUser().map(optional -> {
            UserDto userDto = (UserDto) optional.get();
            return Collections.singletonMap("token", "Bearer " + this.blueTokenService.createToken("auth", userDto.getUsername(), Long.valueOf(this.properties.getJwt().getShortLivedMillis()), Collections.singletonMap("user", LecUtils.serialize(userDto))));
        });
    }

    public long getExpirationMillis(MultiValueMap<String, String> multiValueMap) {
        long expirationMillis = this.properties.getJwt().getExpirationMillis();
        String str = (String) multiValueMap.getFirst("expirationMillis");
        if (StringUtils.isNotBlank(str)) {
            expirationMillis = Long.parseLong(str);
        }
        return expirationMillis;
    }
}
