package systems.dennis.auth.delegations.phone;

import jakarta.servlet.http.HttpServletRequest;
import java.util.Calendar;
import java.util.Date;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import systems.dennis.auth.client.LoginPassword;
import systems.dennis.auth.client.TwillioClient;
import systems.dennis.auth.client.entity.UserData;
import systems.dennis.auth.config.AuthorizationDelegator;
import systems.dennis.auth.config.AuthorizeResponse;
import systems.dennis.auth.delegations.simple.DefaultAuthorizationDelegator;
import systems.dennis.auth.delegations.simple.SimplePhoneAuthorization;
import systems.dennis.auth.form.ChangePasswordForm;
import systems.dennis.auth.model.PhoneAuthorizationCodes;
import systems.dennis.auth.repository.PhoneAuthorizationCodeRepo;
import systems.dennis.auth.repository.UserDataRepository;
import systems.dennis.auth.role_validator.entity.UserTokenDTO;
import systems.dennis.auth.util.PasswordService;
import systems.dennis.shared.config.WebContext;
import systems.dennis.shared.exceptions.AccessDeniedException;
import systems.dennis.shared.exceptions.AuthorizationFailedException;
import systems.dennis.shared.exceptions.ItemNotFoundException;
import systems.dennis.shared.scopes.model.ScopeModel;
import systems.dennis.shared.scopes.service.ScopeService;
import systems.dennis.shared.servers.providers.ServerTypeProvider;
import systems.dennis.shared.servers.repository.ServerConfigRepo;

/* loaded from: input_file:systems/dennis/auth/delegations/phone/PhoneAuthorizationDelegator.class */
public class PhoneAuthorizationDelegator extends DefaultAuthorizationDelegator {
    private static final Logger log = LoggerFactory.getLogger(PhoneAuthorizationDelegator.class);
    public static final String AUTH_TYPE_PHONE = "phone";

    @Override // systems.dennis.auth.delegations.simple.DefaultAuthorizationDelegator, systems.dennis.auth.config.AuthorizationDelegator
    public AuthorizeResponse authorize(HttpServletRequest httpServletRequest, LoginPassword loginPassword, WebContext.LocalWebContext localWebContext) {
        ((PhoneAuthorizationCodeRepo) localWebContext.getBean(PhoneAuthorizationCodeRepo.class)).filteredFirst(localWebContext.getDataFilterProvider().eq("login", loginPassword.getLogin()).and(localWebContext.getDataFilterProvider().eq("code", loginPassword.getPassword())).and(localWebContext.getDataFilterProvider().greater("expiryDate", new Date()))).orElseThrow(() -> {
            return new AuthorizationFailedException(loginPassword.getPassword());
        });
        UserData userData = (UserData) ((UserDataRepository) localWebContext.getBean(UserDataRepository.class)).filteredFirst(localWebContext.getDataFilterProvider().eq("login", loginPassword.getLogin())).orElseThrow(() -> {
            return ItemNotFoundException.fromId(loginPassword.getLogin());
        });
        ScopeModel findByName = ((ScopeService) localWebContext.getBean(ScopeService.class)).findByName(httpServletRequest.getHeader(AuthorizationDelegator.AUTH_SCOPE_HEADER), userData.getId(), true);
        if (userData.getBlocked().booleanValue()) {
            throw new AuthorizationFailedException("global.app.user_blocked");
        }
        UserTokenDTO authorize = new SimplePhoneAuthorization().authorize(loginPassword, localWebContext, (ScopeModel) ((ScopeService) localWebContext.getBean(ScopeService.class)).getRepository().filteredFirst(localWebContext.getDataFilterProvider().eq("scope", findByName)).orElseThrow());
        AuthorizeResponse authorizeResponse = new AuthorizeResponse();
        authorizeResponse.setSuccess(true);
        authorizeResponse.setDate(new Date());
        authorizeResponse.setDto(authorize);
        authorizeResponse.setWithOldToken(false);
        return authorizeResponse;
    }

    @Override // systems.dennis.auth.delegations.simple.DefaultAuthorizationDelegator, systems.dennis.auth.config.AuthorizationDelegator
    public boolean shouldAuthorize(HttpServletRequest httpServletRequest, WebContext.LocalWebContext localWebContext) {
        if (httpServletRequest.getHeader(AuthorizationDelegator.AUTH_TYPE_HEADER) == null || !AUTH_TYPE_PHONE.equals(httpServletRequest.getHeader(AuthorizationDelegator.AUTH_TYPE_HEADER))) {
            log.debug("Header AUTH-TYPE declares not to use DefaultAuthorizationDelegator");
            return false;
        }
        log.debug("Header AUTH-TYPE declares to use DefaultAuthorizationDelegator");
        if (((ServerConfigRepo) localWebContext.getBean(ServerConfigRepo.class)).filteredFirst(localWebContext.getDataFilterProvider().eq("active", true).and(localWebContext.getDataFilterProvider().eq("type", ServerTypeProvider.LDAP))).orElse(null) != null) {
            throw new AuthorizationFailedException("LDAP CONFIG is active. Default authorization is not possible");
        }
        return true;
    }

    @Override // systems.dennis.auth.delegations.simple.DefaultAuthorizationDelegator, systems.dennis.auth.config.AuthorizationDelegator
    public boolean changePassword(HttpServletRequest httpServletRequest, WebContext.LocalWebContext localWebContext, ChangePasswordForm changePasswordForm, ScopeModel scopeModel) {
        throw new AccessDeniedException("global.phone_authorization_is_not_able_to_change_password");
    }

    @Override // systems.dennis.auth.delegations.simple.DefaultAuthorizationDelegator, systems.dennis.auth.config.AuthorizationDelegator
    public String forgetPassword(HttpServletRequest httpServletRequest, WebContext.LocalWebContext localWebContext, String str) {
        throw new AccessDeniedException("global.phone_authorization_is_not_able_to_restore");
    }

    @Override // systems.dennis.auth.config.AuthorizationDelegator
    public boolean requestAuthorization(HttpServletRequest httpServletRequest, WebContext.LocalWebContext localWebContext, String str) {
        String header = httpServletRequest.getHeader(AuthorizationDelegator.AUTH_SCOPE_HEADER);
        ScopeService scopeService = (ScopeService) localWebContext.getBean(ScopeService.class);
        ScopeModel scopeModel = (ScopeModel) scopeService.getRepository().filteredFirst(scopeService.getFilterImpl().eq("name", header)).orElseThrow(() -> {
            return ItemNotFoundException.fromId(header);
        });
        if (scopeModel.getScopeRule() == null || !scopeModel.getScopeRule().getAllowPhoneOperations().booleanValue()) {
            throw new AuthorizationFailedException("global.scope_does_not_allow_phone_operations");
        }
        UserData orElseThrow = ((UserDataRepository) localWebContext.getBean(UserDataRepository.class)).findByLogin(str).orElseThrow(() -> {
            return ItemNotFoundException.fromId(str);
        });
        if (orElseThrow.getBlocked().booleanValue()) {
            throw new AccessDeniedException("global.user_is_blocked");
        }
        sendCode(createCode(str, localWebContext, "authorization"), orElseThrow, localWebContext);
        return true;
    }

    @Override // systems.dennis.auth.config.AuthorizationDelegator
    public boolean requestRegistration(HttpServletRequest httpServletRequest, WebContext.LocalWebContext localWebContext, String str) {
        String header = httpServletRequest.getHeader(AuthorizationDelegator.AUTH_SCOPE_HEADER);
        ScopeService scopeService = (ScopeService) localWebContext.getBean(ScopeService.class);
        ScopeModel scopeModel = (ScopeModel) scopeService.getRepository().filteredFirst(scopeService.getFilterImpl().eq("name", header)).orElseThrow(() -> {
            return ItemNotFoundException.fromId(header);
        });
        if (scopeModel.getScopeRule() == null || !scopeModel.getScopeRule().getAllowPhoneOperations().booleanValue() || !scopeModel.getScopeRule().getRegistrationAllowed().booleanValue()) {
            throw new AuthorizationFailedException("global.scope_does_not_allow_phone_operations_to_register");
        }
        if (((UserDataRepository) localWebContext.getBean(UserDataRepository.class)).findByLogin(str).orElseThrow(null) != null) {
            throw new AccessDeniedException("global.user_is_already_registered");
        }
        sendCode(createCode(str, localWebContext, "register"), null, localWebContext);
        return true;
    }

    public void sendCode(String str, UserData userData, WebContext.LocalWebContext localWebContext) {
        new TwillioClient(localWebContext.getWebContext()).send(getMessage(str, userData, localWebContext), str);
    }

    public String getMessage(String str, UserData userData, WebContext.LocalWebContext localWebContext) {
        return "code is " + str;
    }

    public String createCode(String str, WebContext.LocalWebContext localWebContext, String str2) {
        PhoneAuthorizationCodeRepo phoneAuthorizationCodeRepo = (PhoneAuthorizationCodeRepo) localWebContext.getBean(PhoneAuthorizationCodeRepo.class);
        PhoneAuthorizationCodes phoneAuthorizationCodes = (PhoneAuthorizationCodes) phoneAuthorizationCodeRepo.filteredFirst(localWebContext.getDataFilterProvider().eq("login", str).and(localWebContext.getDataFilterProvider().greater("expiryDate", new Date()))).orElseGet(PhoneAuthorizationCodes::new);
        if (phoneAuthorizationCodes.getId() != null) {
            return phoneAuthorizationCodes.getCode();
        }
        phoneAuthorizationCodes.setCode(PasswordService.generateRandomKey(6, "0123456789"));
        phoneAuthorizationCodes.setExpiryDate(getExpireDate(localWebContext));
        phoneAuthorizationCodes.setLogin(str);
        phoneAuthorizationCodeRepo.save(phoneAuthorizationCodes);
        return phoneAuthorizationCodes.getCode();
    }

    public Date getExpireDate(WebContext.LocalWebContext localWebContext) {
        Calendar calendar = Calendar.getInstance();
        calendar.add(12, ((Integer) localWebContext.getEnv("global.app.phone_sms_duration_in_minutes", 15)).intValue());
        return calendar.getTime();
    }
}
