package io.corbel.iam.api;

import com.google.gson.JsonElement;
import io.corbel.iam.exception.DuplicatedOauthServiceIdentityException;
import io.corbel.iam.exception.IdentityAlreadyExistsException;
import io.corbel.iam.exception.UserProfileConfigurationException;
import io.corbel.iam.model.Device;
import io.corbel.iam.model.Domain;
import io.corbel.iam.model.Entity;
import io.corbel.iam.model.Identity;
import io.corbel.iam.model.TraceableEntity;
import io.corbel.iam.model.User;
import io.corbel.iam.model.UserWithIdentity;
import io.corbel.iam.repository.CreateUserException;
import io.corbel.iam.service.DeviceService;
import io.corbel.iam.service.DomainService;
import io.corbel.iam.service.IdentityService;
import io.corbel.iam.service.UserService;
import io.corbel.iam.utils.Message;
import io.corbel.lib.queries.builder.ResourceQueryBuilder;
import io.corbel.lib.queries.jaxrs.QueryParameters;
import io.corbel.lib.queries.request.Aggregation;
import io.corbel.lib.queries.request.AggregationOperator;
import io.corbel.lib.queries.request.AggregationResultsFactory;
import io.corbel.lib.queries.request.Pagination;
import io.corbel.lib.queries.request.ResourceQuery;
import io.corbel.lib.queries.request.Sort;
import io.corbel.lib.ws.annotation.Rest;
import io.corbel.lib.ws.auth.AuthorizationInfo;
import io.corbel.lib.ws.model.Error;
import io.dropwizard.auth.Auth;
import java.net.URI;
import java.net.URISyntaxException;
import java.time.Clock;
import java.util.Date;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import javax.validation.Valid;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Request;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.dao.DuplicateKeyException;

@Path("v1.0/user")
/* loaded from: input_file:io/corbel/iam/api/UserResource.class */
public class UserResource {
    private static final Logger LOG = LoggerFactory.getLogger(UserResource.class);
    private static final String ME = "me";
    private final UserService userService;
    private final IdentityService identityService;
    private final DomainService domainService;
    private final Clock clock;
    private final DeviceService deviceService;
    private final AggregationResultsFactory<JsonElement> aggregationResultsFactory;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/corbel/iam/api/UserResource$IllegalOauthServiceException.class */
    public static class IllegalOauthServiceException extends Exception {
        private IllegalOauthServiceException() {
        }
    }

    public UserResource(UserService userService, DomainService domainService, IdentityService identityService, DeviceService deviceService, AggregationResultsFactory<JsonElement> aggregationResultsFactory, Clock clock) {
        this.userService = userService;
        this.domainService = domainService;
        this.identityService = identityService;
        this.deviceService = deviceService;
        this.clock = clock;
        this.aggregationResultsFactory = aggregationResultsFactory;
    }

    @GET
    public Response getUsers(@Rest QueryParameters queryParameters, @Auth AuthorizationInfo authorizationInfo) {
        String domainId = authorizationInfo.getDomainId();
        ResourceQuery resourceQuery = (ResourceQuery) queryParameters.getQuery().orElse(null);
        Pagination pagination = queryParameters.getPagination();
        Sort sort = (Sort) queryParameters.getSort().orElse(null);
        Aggregation aggregation = (Aggregation) queryParameters.getAggregation().orElse(null);
        if (queryParameters.getAggregation().isPresent()) {
            return getUsersAggregation(domainId, resourceQuery, aggregation);
        }
        return Response.ok().type("application/json").entity((List) this.userService.findUsersByDomain(domainId, resourceQuery, pagination, sort).stream().map((v0) -> {
            return v0.getUserProfile();
        }).collect(Collectors.toList())).build();
    }

    @POST
    @Consumes({"application/json"})
    public Response postUser(@Valid UserWithIdentity userWithIdentity, @Context UriInfo uriInfo, @Auth AuthorizationInfo authorizationInfo) {
        Optional<Domain> domain = this.domainService.getDomain(authorizationInfo.getDomainId());
        if (!domain.isPresent()) {
            return IamErrorResponseFactory.getInstance().invalidEntity(Message.NOT_FOUND.getMessage(new Object[0]));
        }
        Domain domain2 = domain.get();
        userWithIdentity.setDomain(domain2.getId());
        if (userWithIdentity.getScopes() == null || userWithIdentity.getScopes().isEmpty()) {
            userWithIdentity.setScopes(domain2.getDefaultScopes());
        } else if (!this.domainService.scopesAllowedInDomain(userWithIdentity.getScopes(), domain2)) {
            return IamErrorResponseFactory.getInstance().scopesNotAllowed(domain2.getId());
        }
        setTracebleEntity(userWithIdentity, authorizationInfo);
        try {
            User create = this.userService.create((User) ensureNoId(userWithIdentity));
            Identity identity = userWithIdentity.getIdentity();
            if (identity != null) {
                try {
                    addIdentity(identity);
                } catch (Exception e) {
                    this.userService.delete(userWithIdentity);
                    return handleIdentityError(e, identity);
                }
            }
            return Response.created(uriInfo.getAbsolutePathBuilder().path(create.getId()).build(new Object[0])).build();
        } catch (CreateUserException e2) {
            return IamErrorResponseFactory.getInstance().entityExists(Message.USER_EXISTS, e2.getMessage());
        }
    }

    @Path("/{id}")
    @PUT
    @Consumes({"application/json"})
    public Response updateUser(@PathParam("id") String str, User user, @Auth AuthorizationInfo authorizationInfo) {
        if (ME.equals(str)) {
            user.setScopes(null);
            user.setGroups(null);
        }
        User userResolvingMeAndUserDomainVerifying = getUserResolvingMeAndUserDomainVerifying(str, authorizationInfo);
        if (user != null) {
            userResolvingMeAndUserDomainVerifying.updateUser(user);
            Optional<Domain> domain = this.domainService.getDomain(authorizationInfo.getDomainId());
            if (!domain.isPresent()) {
                return IamErrorResponseFactory.getInstance().invalidEntity(Message.NOT_FOUND.getMessage(new Object[0]));
            }
            Domain domain2 = domain.get();
            if (!this.domainService.scopesAllowedInDomain(userResolvingMeAndUserDomainVerifying.getScopes(), domain2)) {
                return IamErrorResponseFactory.getInstance().scopesNotAllowed(domain2.getId());
            }
            try {
                this.userService.update(userResolvingMeAndUserDomainVerifying);
            } catch (DuplicateKeyException e) {
                return IamErrorResponseFactory.getInstance().conflict(new Error("conflict", "The email or username already exists"));
            }
        }
        return Response.status(Response.Status.NO_CONTENT).build();
    }

    @GET
    @Path("/{id}")
    public Response getUser(@PathParam("id") String str, @Auth AuthorizationInfo authorizationInfo) {
        return Response.ok().type("application/json").entity(getUserResolvingMeAndUserDomainVerifying(str, authorizationInfo).getUserProfile()).build();
    }

    @GET
    @Path("/{id}/avatar")
    public Response getAvatar(@PathParam("id") String str, @Auth AuthorizationInfo authorizationInfo) {
        Optional<User> resolveMeIdAliases = resolveMeIdAliases(str, authorizationInfo);
        return (resolveMeIdAliases.isPresent() && userDomainMatchAuthorizationDomain(resolveMeIdAliases.get(), authorizationInfo)) ? (Response) resolveMeIdAliases.map((v0) -> {
            return v0.getProperties();
        }).map(map -> {
            return map.get("avatar");
        }).map(obj -> {
            try {
                return new URI(obj.toString());
            } catch (URISyntaxException e) {
                return null;
            }
        }).map(uri -> {
            return Response.temporaryRedirect(uri).build();
        }).orElseGet(() -> {
            return IamErrorResponseFactory.getInstance().notfound(new Error("not_found", "User " + str + " has no avatar."));
        }) : IamErrorResponseFactory.getInstance().notFound();
    }

    @GET
    @Produces({"application/json"})
    @Path("/{userId}/devices")
    public Response getDevices(@PathParam("userId") String str, @Auth AuthorizationInfo authorizationInfo) {
        return (Response) Optional.ofNullable(this.deviceService.getByUserId(getUserResolvingMeAndUserDomainVerifying(str, authorizationInfo).getId())).map(list -> {
            return Response.ok().type("application/json").entity(list).build();
        }).orElseGet(() -> {
            return IamErrorResponseFactory.getInstance().notFound();
        });
    }

    @GET
    @Produces({"application/json"})
    @Path("/{userId}/devices/{deviceId}")
    public Response getDevice(@PathParam("userId") String str, @PathParam("deviceId") String str2, @Auth AuthorizationInfo authorizationInfo) {
        return (Response) Optional.ofNullable(this.deviceService.getByIdAndUserId(str2, getUserResolvingMeAndUserDomainVerifying(str, authorizationInfo).getId())).map(device -> {
            return Response.ok().type("application/json").entity(device).build();
        }).orElseGet(() -> {
            return IamErrorResponseFactory.getInstance().notFound();
        });
    }

    @Path("/{userId}/devices")
    @PUT
    @Consumes({"application/json"})
    public Response updateDevice(@PathParam("userId") String str, @Valid Device device, @Auth AuthorizationInfo authorizationInfo, @Context UriInfo uriInfo) {
        User userResolvingMeAndUserDomainVerifying = getUserResolvingMeAndUserDomainVerifying(str, authorizationInfo);
        ensureNoId(device);
        device.setUserId(userResolvingMeAndUserDomainVerifying.getId());
        device.setDomain(authorizationInfo.getDomainId());
        return Response.created(uriInfo.getAbsolutePathBuilder().path(this.deviceService.update(device).getId()).build(new Object[0])).build();
    }

    @Path("/{userId}/devices/{deviceId}")
    @DELETE
    public Response deleteDevice(@PathParam("userId") String str, @PathParam("deviceId") String str2, @Auth AuthorizationInfo authorizationInfo) {
        this.deviceService.deleteByIdAndUserId(str2, getUserResolvingMeAndUserDomainVerifying(str, authorizationInfo).getId(), authorizationInfo.getDomainId());
        return Response.status(Response.Status.NO_CONTENT).build();
    }

    @GET
    @Path("/resetPassword")
    public Response generateResetPasswordEmail(@QueryParam("email") String str, @Auth AuthorizationInfo authorizationInfo) {
        this.userService.sendMailResetPassword(str, authorizationInfo.getClientId(), authorizationInfo.getDomainId());
        return Response.noContent().build();
    }

    @Path("/me/signout")
    @PUT
    public Response signOut(@Auth AuthorizationInfo authorizationInfo) {
        return (Response) Optional.ofNullable(this.userService.findById(authorizationInfo.getUserId())).filter(user -> {
            return userDomainMatchAuthorizationDomain(user, authorizationInfo);
        }).map(user2 -> {
            this.userService.signOut(user2.getId(), Optional.of(authorizationInfo.getToken()));
            return Response.noContent().build();
        }).orElseGet(() -> {
            return IamErrorResponseFactory.getInstance().notFound();
        });
    }

    @Path("/{id}/disconnect")
    @PUT
    public Response disconnect(@PathParam("id") String str, @Auth AuthorizationInfo authorizationInfo) {
        return (Response) resolveMeIdAliases(str, authorizationInfo).filter(user -> {
            return userDomainMatchAuthorizationDomain(user, authorizationInfo);
        }).map(user2 -> {
            this.userService.signOut(user2.getId());
            return Response.noContent().build();
        }).orElseGet(() -> {
            return IamErrorResponseFactory.getInstance().notFound();
        });
    }

    @Path("/{id}")
    @DELETE
    public Response deleteUser(@PathParam("id") String str, @Auth AuthorizationInfo authorizationInfo) {
        resolveMeIdAliases(str, authorizationInfo).ifPresent(user -> {
            checkingUserDomain(user, authorizationInfo);
            this.identityService.deleteUserIdentities(user);
            this.userService.delete(user);
            this.deviceService.deleteByUserId(user);
        });
        return Response.noContent().build();
    }

    @POST
    @Path("/{id}/identity")
    @Consumes({"application/json"})
    public Response postUserIdentity(@Valid Identity identity, @PathParam("id") String str, @Auth AuthorizationInfo authorizationInfo, @Context Request request) {
        User userResolvingMeAndUserDomainVerifying = getUserResolvingMeAndUserDomainVerifying(str, authorizationInfo);
        identity.setDomain(authorizationInfo.getDomainId());
        identity.setUserId(userResolvingMeAndUserDomainVerifying.getId());
        try {
            addIdentity(identity);
            return Response.status(Response.Status.CREATED).build();
        } catch (Exception e) {
            return handleIdentityError(e, identity);
        }
    }

    @GET
    @Path("/{id}/identity")
    public Response getUserIdentity(@PathParam("id") String str, @Auth AuthorizationInfo authorizationInfo) {
        return Response.ok().type("application/json").entity(this.identityService.findUserIdentities(getUserResolvingMeAndUserDomainVerifying(str, authorizationInfo))).build();
    }

    @GET
    @Produces({"application/json"})
    @Path("/profile")
    public Response getUserProfiles(@Auth AuthorizationInfo authorizationInfo, @Rest QueryParameters queryParameters) throws UserProfileConfigurationException {
        Optional<Domain> domain = this.domainService.getDomain(authorizationInfo.getDomainId());
        ResourceQuery filterQuery = filterQuery(domain, (ResourceQuery) queryParameters.getQuery().orElse(new ResourceQuery()));
        return queryParameters.getAggregation().isPresent() ? getUsersAggregation(authorizationInfo.getDomainId(), filterQuery, (Aggregation) queryParameters.getAggregation().get()) : Response.ok((List) domain.map(domain2 -> {
            try {
                return this.userService.findUserProfilesByDomain(domain2, filterQuery, queryParameters.getPagination(), (Sort) queryParameters.getSort().orElse(null));
            } catch (UserProfileConfigurationException e) {
                return new LinkedList();
            }
        }).orElseGet(LinkedList::new)).type("application/json").build();
    }

    @GET
    @Produces({"application/json"})
    @Path("/{id}/profile")
    public Response getUserProfile(@PathParam("id") String str, @Auth AuthorizationInfo authorizationInfo) {
        User userResolvingMeAndUserDomainVerifying = getUserResolvingMeAndUserDomainVerifying(str, authorizationInfo);
        Optional<Domain> domain = this.domainService.getDomain(authorizationInfo.getDomainId());
        if (!domain.isPresent()) {
            return IamErrorResponseFactory.getInstance().notFound();
        }
        try {
            return (Response) Optional.ofNullable(this.userService.getUserProfile(userResolvingMeAndUserDomainVerifying, domain.get().getUserProfileFields())).map(user -> {
                return Response.ok().type("application/json").entity(user).build();
            }).orElseGet(() -> {
                return IamErrorResponseFactory.getInstance().notFound();
            });
        } catch (UserProfileConfigurationException e) {
            return IamErrorResponseFactory.getInstance().serverError(new Error("misconfiguration", e.getMessage()));
        }
    }

    @Produces({"application/json"})
    @Path("/{id}/groups")
    @PUT
    public Response addGroupsToUser(@PathParam("id") String str, Set<String> set, @Auth AuthorizationInfo authorizationInfo) {
        User userResolvingMeAndUserDomainVerifying = getUserResolvingMeAndUserDomainVerifying(str, authorizationInfo);
        if (!this.domainService.getDomain(authorizationInfo.getDomainId()).isPresent()) {
            return IamErrorResponseFactory.getInstance().notFound();
        }
        userResolvingMeAndUserDomainVerifying.addGroups(set);
        this.userService.update(userResolvingMeAndUserDomainVerifying);
        return Response.noContent().build();
    }

    @Produces({"application/json"})
    @Path("/{id}/groups/{groupId}")
    @DELETE
    public Response deleteGroupsToUser(@PathParam("id") String str, @PathParam("groupId") String str2, @Auth AuthorizationInfo authorizationInfo) {
        User userResolvingMeAndUserDomainVerifying = getUserResolvingMeAndUserDomainVerifying(str, authorizationInfo);
        if (!this.domainService.getDomain(authorizationInfo.getDomainId()).isPresent()) {
            return IamErrorResponseFactory.getInstance().notFound();
        }
        userResolvingMeAndUserDomainVerifying.deleteGroup(str2);
        this.userService.update(userResolvingMeAndUserDomainVerifying);
        return Response.noContent().build();
    }

    private <T extends Entity> T ensureNoId(T t) {
        t.setId(null);
        return t;
    }

    private Response getUsersAggregation(String str, ResourceQuery resourceQuery, Aggregation aggregation) {
        if (!AggregationOperator.$COUNT.equals(aggregation.getOperator())) {
            return IamErrorResponseFactory.getInstance().badRequest(new Error("bad_request", "Aggregator" + aggregation.getOperator() + "not supported"));
        }
        return Response.ok().type("application/json").entity((JsonElement) this.aggregationResultsFactory.countResult(this.userService.countUsersByDomain(str, resourceQuery))).build();
    }

    private Identity addIdentity(Identity identity) throws IllegalOauthServiceException, IdentityAlreadyExistsException, DuplicatedOauthServiceIdentityException {
        String str = (String) Optional.ofNullable(identity.getDomain()).orElseThrow(() -> {
            return new IllegalArgumentException("Identity \"" + identity.getId() + "\" has no domain.");
        });
        Optional<Domain> domain = this.domainService.getDomain(str);
        if (!domain.isPresent()) {
            throw new IllegalArgumentException("Domain \"" + str + "\" not exists.");
        }
        domain.map(domain2 -> {
            return Boolean.valueOf(this.domainService.oAuthServiceAllowedInDomain(identity.getOauthService(), domain2));
        }).map(bool -> {
            return !bool.booleanValue() ? null : true;
        }).orElseThrow(() -> {
            return new IllegalOauthServiceException();
        });
        return this.identityService.addIdentity(identity);
    }

    private <T extends TraceableEntity> void setTracebleEntity(T t, AuthorizationInfo authorizationInfo) {
        String clientId = authorizationInfo.getClientId();
        if (authorizationInfo.getUserId() != null) {
            clientId = authorizationInfo.getUserId() + "@" + clientId;
        }
        t.setCreatedBy(clientId);
        t.setCreatedDate(Date.from(this.clock.instant()));
    }

    private Optional<User> resolveMeIdAliases(String str, AuthorizationInfo authorizationInfo) {
        if (ME.equals(str)) {
            str = authorizationInfo.getUserId();
        }
        return Optional.ofNullable(this.userService.findById(str));
    }

    private boolean userDomainMatchAuthorizationDomain(User user, AuthorizationInfo authorizationInfo) {
        return Objects.equals(user.getDomain(), authorizationInfo.getDomainId());
    }

    private void checkingUserDomain(User user, AuthorizationInfo authorizationInfo) {
        if (!userDomainMatchAuthorizationDomain(user, authorizationInfo)) {
            throw new WebApplicationException(IamErrorResponseFactory.getInstance().unauthorized("User domain mismatch"));
        }
    }

    private User getUserResolvingMeAndUserDomainVerifying(String str, AuthorizationInfo authorizationInfo) {
        User orElseThrow = resolveMeIdAliases(str, authorizationInfo).orElseThrow(() -> {
            return new WebApplicationException(IamErrorResponseFactory.getInstance().notFound());
        });
        checkingUserDomain(orElseThrow, authorizationInfo);
        return orElseThrow;
    }

    private Response handleIdentityError(Exception exc, Identity identity) {
        if (exc instanceof IllegalOauthServiceException) {
            return IamErrorResponseFactory.getInstance().invalidOAuthService(identity.getDomain());
        }
        if (exc instanceof IdentityAlreadyExistsException) {
            return IamErrorResponseFactory.getInstance().identityExists(Message.IDENTITY_EXITS, identity.getOauthId(), identity.getOauthService(), identity.getDomain());
        }
        if (exc instanceof DuplicatedOauthServiceIdentityException) {
            return IamErrorResponseFactory.getInstance().oauthServiceDuplicated(Message.DUPLICATED_OAUTH_SERVICE_IDENTITY, identity.getUserId(), identity.getOauthService(), identity.getDomain());
        }
        if (exc instanceof IllegalArgumentException) {
            return IamErrorResponseFactory.getInstance().invalidArgument(exc.getMessage());
        }
        LOG.error("Unexpected exception", exc);
        return IamErrorResponseFactory.getInstance().serverError(exc);
    }

    private ResourceQuery filterQuery(Optional<Domain> optional, ResourceQuery resourceQuery) {
        Set filters = resourceQuery.getFilters();
        if (!((Set) optional.map(domain -> {
            filters.removeAll(domain.getUserProfileFields());
            return filters;
        }).orElseGet(HashSet::new)).isEmpty()) {
            resourceQuery = new ResourceQueryBuilder().add("_notExistent", "").build();
        }
        return resourceQuery;
    }
}
