package tv.hd3g.authkit.mod.controller;

import java.net.URI;
import java.time.Duration;
import java.util.List;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import org.owasp.encoder.Encode;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.PutMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import tv.hd3g.authkit.mod.ControllerInterceptor;
import tv.hd3g.authkit.mod.dto.ressource.IsExternalAuthDto;
import tv.hd3g.authkit.mod.dto.ressource.IsTOTPEnabledDto;
import tv.hd3g.authkit.mod.dto.ressource.SetupTOTPDto;
import tv.hd3g.authkit.mod.dto.ressource.UserPrivacyDto;
import tv.hd3g.authkit.mod.dto.validated.ChangeMyPasswordDto;
import tv.hd3g.authkit.mod.dto.validated.ValidationSetupTOTPDto;
import tv.hd3g.authkit.mod.dto.validated.ValidationTOTPDto;
import tv.hd3g.authkit.mod.entity.Credential;
import tv.hd3g.authkit.mod.exception.AuthKitException;
import tv.hd3g.authkit.mod.exception.BlockedUserException;
import tv.hd3g.authkit.mod.exception.ResetWithSamePasswordException;
import tv.hd3g.authkit.mod.repository.CredentialRepository;
import tv.hd3g.authkit.mod.service.AuditReportService;
import tv.hd3g.authkit.mod.service.AuthenticationService;
import tv.hd3g.authkit.mod.service.SecuredTokenService;
import tv.hd3g.authkit.mod.service.TOTPService;
import tv.hd3g.commons.authkit.AuditAfter;

@RequestMapping(value = {"/v1/authkit/me"}, produces = {"application/json"})
@RestController
/* loaded from: input_file:tv/hd3g/authkit/mod/controller/RestControllerMe.class */
public class RestControllerMe {

    @Autowired
    private AuthenticationService authenticationService;

    @Autowired
    private CredentialRepository credentialRepository;

    @Autowired
    private TOTPService totpService;

    @Autowired
    private SecuredTokenService securedTokenService;

    @Value("${authkit.maxTOTPSetupTime:20m}")
    private Duration expirationDuration;

    private String getCurrentUserUUID(HttpServletRequest httpServletRequest) {
        return ControllerInterceptor.getRequestUserUUID(httpServletRequest).orElseThrow(() -> {
            return new AuthKitException(401, "You must be connected before.");
        });
    }

    private Credential getCurrentUserCredential(String str) {
        return (Credential) Optional.ofNullable(this.credentialRepository.getByUserUUID(str)).orElseThrow(() -> {
            return new AuthKitException(401, "Can't found you're user account.");
        });
    }

    @PostMapping({"chpasswd"})
    @AuditAfter(value = "changeMyPassword", changeSecurity = true)
    @Transactional(readOnly = false)
    public ResponseEntity<Object> changeMyPassword(@RequestBody @Validated ChangeMyPasswordDto changeMyPasswordDto, HttpServletRequest httpServletRequest) {
        String currentUserUUID = getCurrentUserUUID(httpServletRequest);
        Credential currentUserCredential = getCurrentUserCredential(currentUserUUID);
        if (currentUserCredential.getLdapdomain() != null) {
            throw new AuthKitException("You can't change the password here for an external authentification");
        }
        Optional<AuditReportService.RejectLoginCause> checkPassword = this.authenticationService.checkPassword(changeMyPasswordDto.getCurrentpassword(), currentUserCredential);
        if (checkPassword.isPresent()) {
            throw new AuthKitException("Actual provided password is invalid: " + checkPassword.get());
        }
        if (currentUserCredential.getTotpkey() != null) {
            this.totpService.checkCodeAndPassword(currentUserCredential, changeMyPasswordDto);
        }
        try {
            this.authenticationService.changeUserPassword(currentUserUUID, changeMyPasswordDto.getNewpassword());
            return new ResponseEntity<>(HttpStatus.OK);
        } catch (BlockedUserException e) {
            throw new AuthKitException("You can't change the password for a blocked account");
        } catch (ResetWithSamePasswordException e2) {
            throw new AuthKitException("You can't change a password with the same");
        }
    }

    @Transactional(readOnly = true)
    @GetMapping({"is-external-auth"})
    public ResponseEntity<IsExternalAuthDto> isExternalAuth(HttpServletRequest httpServletRequest) {
        return new ResponseEntity<>(new IsExternalAuthDto(getCurrentUserCredential(getCurrentUserUUID(httpServletRequest))), HttpStatus.OK);
    }

    @Transactional(readOnly = true)
    @GetMapping({"set2auth"})
    public ResponseEntity<SetupTOTPDto> prepareTOTP(HttpServletRequest httpServletRequest) {
        String currentUserUUID = getCurrentUserUUID(httpServletRequest);
        Credential currentUserCredential = getCurrentUserCredential(currentUserUUID);
        if (currentUserCredential.getTotpkey() != null) {
            throw new AuthKitException("2auth was previouly setup: please cancel it before setup a second time.");
        }
        String makeSecret = this.totpService.makeSecret();
        URI makeURI = this.totpService.makeURI(makeSecret, currentUserCredential.getUser(), Encode.forJavaScript(httpServletRequest.getServerName()));
        String makeQRCode = this.totpService.makeQRCode(makeURI);
        List<String> makeBackupCodes = this.totpService.makeBackupCodes();
        return new ResponseEntity<>(new SetupTOTPDto(makeSecret, makeURI, makeQRCode, makeBackupCodes, this.securedTokenService.setupTOTPGenerateToken(currentUserUUID, this.expirationDuration, makeSecret, makeBackupCodes)), HttpStatus.OK);
    }

    @PostMapping({"set2auth"})
    @AuditAfter(value = "setTOTP", changeSecurity = true)
    @Transactional(readOnly = false)
    public ResponseEntity<Object> confirmTOTP(@RequestBody @Validated ValidationSetupTOTPDto validationSetupTOTPDto, HttpServletRequest httpServletRequest) {
        String currentUserUUID = getCurrentUserUUID(httpServletRequest);
        if (getCurrentUserCredential(currentUserUUID).getTotpkey() != null) {
            throw new AuthKitException("2auth was previouly setup: please cancel it before setup a second time.");
        }
        this.totpService.setupTOTPWithChecks(validationSetupTOTPDto, currentUserUUID);
        return new ResponseEntity<>(HttpStatus.OK);
    }

    @Transactional(readOnly = true)
    @GetMapping({"has2auth"})
    public ResponseEntity<IsTOTPEnabledDto> hasATOTP(HttpServletRequest httpServletRequest) {
        return new ResponseEntity<>(new IsTOTPEnabledDto(getCurrentUserCredential(getCurrentUserUUID(httpServletRequest))), HttpStatus.OK);
    }

    @DeleteMapping({"set2auth"})
    @AuditAfter(value = "setTOTP", changeSecurity = true)
    @Transactional(readOnly = false)
    public ResponseEntity<Object> removeTOTP(@RequestBody @Validated ValidationTOTPDto validationTOTPDto, HttpServletRequest httpServletRequest) {
        Credential currentUserCredential = getCurrentUserCredential(getCurrentUserUUID(httpServletRequest));
        if (currentUserCredential.getTotpkey() == null) {
            throw new AuthKitException("2auth was not setup.");
        }
        this.totpService.checkCodeAndPassword(currentUserCredential, validationTOTPDto);
        this.totpService.removeTOTP(currentUserCredential);
        return new ResponseEntity<>(HttpStatus.OK);
    }

    @AuditAfter(value = "getPrivacy", changeSecurity = false)
    @Transactional(readOnly = true)
    @GetMapping({"privacy"})
    public ResponseEntity<UserPrivacyDto> getPrivacy(HttpServletRequest httpServletRequest) {
        List<UserPrivacyDto> userPrivacyList = this.authenticationService.getUserPrivacyList(List.of(getCurrentUserUUID(httpServletRequest)));
        return new ResponseEntity<>(userPrivacyList.isEmpty() ? new UserPrivacyDto() : userPrivacyList.get(0), HttpStatus.OK);
    }

    @AuditAfter(value = "setPrivacy", changeSecurity = true)
    @Transactional(readOnly = false)
    @PutMapping({"privacy"})
    public ResponseEntity<Object> setPrivacy(@RequestBody @Validated UserPrivacyDto userPrivacyDto, HttpServletRequest httpServletRequest) {
        this.authenticationService.setUserPrivacy(getCurrentUserUUID(httpServletRequest), userPrivacyDto);
        return new ResponseEntity<>(HttpStatus.OK);
    }
}
