package io.gravitee.management.rest.resource;

import com.auth0.jwt.JWTSigner;
import io.gravitee.management.idp.api.authentication.UserDetailRole;
import io.gravitee.management.idp.api.authentication.UserDetails;
import io.gravitee.management.model.InlinePictureEntity;
import io.gravitee.management.model.RoleEntity;
import io.gravitee.management.model.UpdateUserEntity;
import io.gravitee.management.model.UrlPictureEntity;
import io.gravitee.management.model.UserEntity;
import io.gravitee.management.rest.model.PagedResult;
import io.gravitee.management.rest.model.TokenEntity;
import io.gravitee.management.rest.model.TokenType;
import io.gravitee.management.security.cookies.JWTCookieGenerator;
import io.gravitee.management.service.TagService;
import io.gravitee.management.service.TaskService;
import io.gravitee.management.service.UserService;
import io.gravitee.management.service.exceptions.UserNotFoundException;
import io.gravitee.repository.management.model.MembershipDefaultReferenceId;
import io.gravitee.repository.management.model.MembershipReferenceType;
import io.gravitee.repository.management.model.RoleScope;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import java.io.ByteArrayOutputStream;
import java.net.URI;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletResponse;
import javax.validation.Valid;
import javax.validation.constraints.NotNull;
import javax.ws.rs.GET;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.container.ResourceContext;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.EntityTag;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Request;
import javax.ws.rs.core.Response;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.env.ConfigurableEnvironment;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;

@Api(tags = {"User"})
@Path("/user")
/* loaded from: input_file:io/gravitee/management/rest/resource/CurrentUserResource.class */
public class CurrentUserResource extends AbstractResource {
    private static Logger LOG = LoggerFactory.getLogger(CurrentUserResource.class);

    @Autowired
    private UserService userService;

    @Context
    private HttpServletResponse response;

    @Autowired
    private TaskService taskService;

    @Context
    private ResourceContext resourceContext;

    @Autowired
    private ConfigurableEnvironment environment;

    @Autowired
    private JWTCookieGenerator jwtCookieGenerator;

    @Autowired
    private TagService tagService;

    @GET
    @Produces({"application/json"})
    @ApiOperation("Get the authenticated user")
    public Response getCurrentUser() {
        if (!isAuthenticated()) {
            return Response.ok().build();
        }
        UserDetails authenticatedUserDetails = getAuthenticatedUserDetails();
        String username = authenticatedUserDetails.getUsername();
        String password = authenticatedUserDetails.getPassword() != null ? authenticatedUserDetails.getPassword() : "";
        try {
            UserEntity findByIdWithRoles = this.userService.findByIdWithRoles(username);
            UserDetails userDetails = new UserDetails(findByIdWithRoles.getId(), password, new ArrayList(authenticatedUserDetails.getAuthorities()));
            userDetails.setId(findByIdWithRoles.getId());
            userDetails.setEmail(authenticatedUserDetails.getEmail());
            userDetails.setFirstname(authenticatedUserDetails.getFirstname());
            userDetails.setLastname(authenticatedUserDetails.getLastname());
            userDetails.setSource(findByIdWithRoles.getSource());
            userDetails.setSourceId(findByIdWithRoles.getSourceId());
            userDetails.setRoles((List) findByIdWithRoles.getRoles().stream().map(userRoleEntity -> {
                UserDetailRole userDetailRole = new UserDetailRole();
                userDetailRole.setScope(userRoleEntity.getScope().name());
                userDetailRole.setName(userRoleEntity.getName());
                userDetailRole.setPermissions(userRoleEntity.getPermissions());
                return userDetailRole;
            }).collect(Collectors.toList()));
            return Response.ok(userDetails, "application/json").build();
        } catch (UserNotFoundException e) {
            if (LOG.isDebugEnabled()) {
                LOG.info("User '{}' does not exist.", username, e);
            } else {
                LOG.info("User '{}' does not exist.", username);
            }
            this.response.addCookie(this.jwtCookieGenerator.generate((String) null));
            return Response.status(Response.Status.UNAUTHORIZED).build();
        }
    }

    @PUT
    @ApiOperation("Update user")
    public Response updateCurrentUser(@NotNull @Valid UpdateUserEntity updateUserEntity) {
        UserEntity findById = this.userService.findById(getAuthenticatedUser());
        checkImageSize(updateUserEntity.getPicture());
        return Response.ok(this.userService.update(findById.getId(), updateUserEntity)).build();
    }

    @GET
    @Path("avatar")
    @ApiOperation("Get user's avatar")
    public Response getCurrentUserPicture(@Context Request request) {
        UrlPictureEntity picture = this.userService.getPicture(this.userService.findById(getAuthenticatedUser()).getId());
        if (picture == null) {
            throw new NotFoundException();
        }
        if (picture instanceof UrlPictureEntity) {
            return Response.temporaryRedirect(URI.create(picture.getUrl())).build();
        }
        InlinePictureEntity inlinePictureEntity = (InlinePictureEntity) picture;
        EntityTag entityTag = new EntityTag(Integer.toString(new String(inlinePictureEntity.getContent()).hashCode()));
        Response.ResponseBuilder evaluatePreconditions = request.evaluatePreconditions(entityTag);
        if (evaluatePreconditions != null) {
            return evaluatePreconditions.build();
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(inlinePictureEntity.getContent(), 0, inlinePictureEntity.getContent().length);
        return Response.ok().entity(byteArrayOutputStream).tag(entityTag).type(inlinePictureEntity.getType()).build();
    }

    @Path("/login")
    @ApiOperation("Login")
    @POST
    @Produces({"application/json"})
    public Response login(@Context HttpHeaders httpHeaders, @Context HttpServletResponse httpServletResponse) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null || !(authentication.getPrincipal() instanceof UserDetails)) {
            return Response.ok().build();
        }
        HashMap hashMap = new HashMap();
        hashMap.put("iss", this.environment.getProperty("jwt.issuer", "gravitee-management-auth"));
        UserDetails userDetails = (UserDetails) authentication.getPrincipal();
        HashSet hashSet = new HashSet(userDetails.getAuthorities());
        RoleEntity role = this.membershipService.getRole(MembershipReferenceType.MANAGEMENT, MembershipDefaultReferenceId.DEFAULT.toString(), userDetails.getUsername(), RoleScope.MANAGEMENT);
        if (role != null) {
            hashSet.add(new SimpleGrantedAuthority(role.getScope().toString() + ':' + role.getName()));
        }
        RoleEntity role2 = this.membershipService.getRole(MembershipReferenceType.PORTAL, MembershipDefaultReferenceId.DEFAULT.toString(), userDetails.getUsername(), RoleScope.PORTAL);
        if (role2 != null) {
            hashSet.add(new SimpleGrantedAuthority(role2.getScope().toString() + ':' + role2.getName()));
        }
        hashMap.put("permissions", hashSet);
        hashMap.put("sub", userDetails.getUsername());
        hashMap.put("email", userDetails.getEmail());
        hashMap.put("firstname", userDetails.getFirstname());
        hashMap.put("lastname", userDetails.getLastname());
        JWTSigner.Options options = new JWTSigner.Options();
        options.setExpirySeconds((Integer) this.environment.getProperty("jwt.expire-after", Integer.class, 604800));
        options.setIssuedAt(true);
        options.setJwtId(true);
        String sign = new JWTSigner(this.environment.getProperty("jwt.secret")).sign(hashMap, options);
        TokenEntity tokenEntity = new TokenEntity();
        tokenEntity.setType(TokenType.BEARER);
        tokenEntity.setToken(sign);
        httpServletResponse.addCookie(this.jwtCookieGenerator.generate("Bearer%20" + sign));
        return Response.ok(tokenEntity).build();
    }

    @POST
    @Path("/logout")
    @ApiOperation("Logout")
    public Response logout() {
        this.response.addCookie(this.jwtCookieGenerator.generate((String) null));
        return Response.ok().build();
    }

    @GET
    @Produces({"application/json"})
    @Path("/tasks")
    public PagedResult getUserTasks() {
        List findAll = this.taskService.findAll(getAuthenticatedUserOrNull());
        Map<String, Map<String, Object>> metadata = this.taskService.getMetadata(findAll).getMetadata();
        PagedResult pagedResult = new PagedResult(findAll);
        pagedResult.setMetadata(metadata);
        return pagedResult;
    }

    @GET
    @Produces({"application/json"})
    @Path("/tags")
    public Response getUserShardingTags() {
        return Response.ok(this.tagService.findByUser(getAuthenticatedUser())).build();
    }

    @Path("/notifications")
    public UserNotificationsResource getUserNotificationsResource() {
        return (UserNotificationsResource) this.resourceContext.getResource(UserNotificationsResource.class);
    }
}
