package org.sakaiproject.entitybroker.providers;

import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.sakaiproject.entitybroker.EntityReference;
import org.sakaiproject.entitybroker.entityprovider.CoreEntityProvider;
import org.sakaiproject.entitybroker.entityprovider.annotations.EntityCustomAction;
import org.sakaiproject.entitybroker.entityprovider.capabilities.ActionsExecutable;
import org.sakaiproject.entitybroker.entityprovider.capabilities.CRUDable;
import org.sakaiproject.entitybroker.entityprovider.capabilities.CollectionResolvable;
import org.sakaiproject.entitybroker.entityprovider.capabilities.Describeable;
import org.sakaiproject.entitybroker.entityprovider.capabilities.Inputable;
import org.sakaiproject.entitybroker.entityprovider.capabilities.Outputable;
import org.sakaiproject.entitybroker.entityprovider.capabilities.RedirectDefinable;
import org.sakaiproject.entitybroker.entityprovider.capabilities.RequestAware;
import org.sakaiproject.entitybroker.entityprovider.extension.RequestGetter;
import org.sakaiproject.entitybroker.entityprovider.extension.TemplateMap;
import org.sakaiproject.entitybroker.entityprovider.search.Search;
import org.sakaiproject.entitybroker.providers.model.EntitySession;
import org.sakaiproject.entitybroker.util.AbstractEntityProvider;
import org.sakaiproject.tool.api.Session;
import org.sakaiproject.tool.api.SessionManager;
import org.sakaiproject.user.api.User;
import org.sakaiproject.user.api.UserDirectoryService;
import org.sakaiproject.user.api.UserNotDefinedException;

/* loaded from: input_file:WEB-INF/classes/org/sakaiproject/entitybroker/providers/SessionEntityProvider.class */
public class SessionEntityProvider extends AbstractEntityProvider implements CoreEntityProvider, CRUDable, CollectionResolvable, Inputable, Outputable, RequestAware, Describeable, RedirectDefinable, ActionsExecutable {
    public SessionManager sessionManager;
    public UserDirectoryService userDirectoryService;
    private RequestGetter requestGetter;
    public static String AUTH_USERNAME = "_username";
    public static String AUTH_PASSWORD = "_password";
    public static String PREFIX = "session";

    public void setSessionManager(SessionManager sessionManager) {
        this.sessionManager = sessionManager;
    }

    public void setUserDirectoryService(UserDirectoryService userDirectoryService) {
        this.userDirectoryService = userDirectoryService;
    }

    public String getEntityPrefix() {
        return PREFIX;
    }

    public TemplateMap[] defineURLMappings() {
        return new TemplateMap[]{new TemplateMap("/{prefix}/{id}/norefresh", "/{prefix}/{id}{dot-extension}?auto=true"), new TemplateMap("/{prefix}/current/norefresh", "/{prefix}/current{dot-extension}?auto=true")};
    }

    @EntityCustomAction(action = "current", viewKey = "list")
    public Object getCurrentSession() {
        EntitySession entitySession = null;
        Session currentSession = this.sessionManager.getCurrentSession();
        if (currentSession != null) {
            entitySession = new EntitySession(currentSession);
            entitySession.setId(null);
        }
        return entitySession;
    }

    public boolean entityExists(String str) {
        if (str == null) {
            return false;
        }
        return "".equals(str) || this.sessionManager.getSession(str) != null;
    }

    public Object getSampleEntity() {
        return new EntitySession();
    }

    public Object getEntity(EntityReference entityReference) {
        if (entityReference.getId() == null) {
            return new EntitySession();
        }
        String id = entityReference.getId();
        Session session = this.sessionManager.getSession(id);
        if (session == null) {
            throw new IllegalArgumentException("Cannot find session with id: " + id);
        }
        return new EntitySession(session);
    }

    public String createEntity(EntityReference entityReference, Object obj, Map<String, Object> map) {
        Session currentSession;
        EntitySession entitySession = (EntitySession) obj;
        if (!this.developerHelperService.isUserAdmin(this.developerHelperService.getCurrentUserReference())) {
            HttpServletRequest request = this.requestGetter.getRequest();
            if (request == null) {
                throw new IllegalStateException("Only super admins can create sessions without using a REST request currently");
            }
            String parameter = request.getParameter(AUTH_USERNAME);
            String parameter2 = request.getParameter(AUTH_PASSWORD);
            if (parameter == null || parameter.equals("") || parameter2 == null || parameter2.equals("")) {
                throw new IllegalArgumentException("A session entity cannot be created without providing the username and password, the username must be provided as '_username' and the password as '_password' in the POST");
            }
            User authenticate = this.userDirectoryService.authenticate(parameter, parameter2);
            if (authenticate == null) {
                throw new SecurityException("The username or password provided were invalid, could not authenticate user (" + parameter + ") to create a session");
            }
            currentSession = this.sessionManager.getCurrentSession();
            if (currentSession == null) {
                currentSession = this.sessionManager.startSession();
            }
            currentSession.setUserId(authenticate.getId());
            currentSession.setUserEid(authenticate.getEid());
        } else {
            if (entitySession.getUserId() == null || entitySession.getUserId().equals("")) {
                throw new IllegalArgumentException("UserId must be set when creating a session");
            }
            try {
                User user = this.userDirectoryService.getUser(entitySession.getUserId());
                currentSession = this.sessionManager.startSession(entitySession.getId());
                currentSession.setUserEid(user.getEid());
                currentSession.setUserId(user.getId());
            } catch (UserNotDefinedException e) {
                throw new IllegalArgumentException("Invalid userId provided in session object, could not find user with that id: " + entitySession.getUserId());
            }
        }
        if (entitySession.getMaxInactiveInterval() > 0) {
            currentSession.setMaxInactiveInterval(entitySession.getMaxInactiveInterval());
        }
        return currentSession.getId();
    }

    public void updateEntity(EntityReference entityReference, Object obj, Map<String, Object> map) {
        String id = entityReference.getId();
        if (id == null) {
            throw new IllegalArgumentException("Cannot update session, No sessionId in provided reference: " + entityReference);
        }
        Session session = this.sessionManager.getSession(id);
        if (session == null) {
            throw new IllegalArgumentException("Cannot find session to update with id: " + id);
        }
        checkSessionOwner(session);
        session.setActive();
    }

    public void deleteEntity(EntityReference entityReference, Map<String, Object> map) {
        String id = entityReference.getId();
        if (id == null) {
            throw new IllegalArgumentException("Cannot update session, No sessionId in provided reference: " + entityReference);
        }
        Session session = this.sessionManager.getSession(id);
        if (session == null) {
            throw new IllegalArgumentException("Cannot find session with id: " + id);
        }
        checkSessionOwner(session);
        session.invalidate();
    }

    public List<?> getEntities(EntityReference entityReference, Search search) {
        ArrayList arrayList = new ArrayList();
        EntitySession entitySession = (EntitySession) getCurrentSession();
        if (entitySession != null) {
            arrayList.add(entitySession);
        }
        return arrayList;
    }

    public String[] getHandledInputFormats() {
        return new String[]{"html", "xml", "json"};
    }

    public String[] getHandledOutputFormats() {
        return new String[]{"html", "xml", "json", "form"};
    }

    public void setRequestGetter(RequestGetter requestGetter) {
        this.requestGetter = requestGetter;
    }

    private void checkSessionOwner(Session session) {
        String currentUserReference = this.developerHelperService.getCurrentUserReference();
        String userIdFromRef = this.developerHelperService.getUserIdFromRef(currentUserReference);
        if (!this.developerHelperService.isUserAdmin(currentUserReference) && !session.getUserId().equals(userIdFromRef)) {
            throw new SecurityException("Current user (" + currentUserReference + ") cannot modify this session: " + session.getId() + ", they are not the owner or not an admin");
        }
    }
}
