package de.frachtwerk.essencium.backend.security;

import de.frachtwerk.essencium.backend.configuration.properties.UserRoleMapping;
import de.frachtwerk.essencium.backend.configuration.properties.oauth.OAuth2ClientRegistrationProperties;
import de.frachtwerk.essencium.backend.configuration.properties.oauth.OAuth2ConfigProperties;
import de.frachtwerk.essencium.backend.model.AbstractBaseUser;
import de.frachtwerk.essencium.backend.model.AbstractBaseUser_;
import de.frachtwerk.essencium.backend.model.Role;
import de.frachtwerk.essencium.backend.model.SessionTokenType;
import de.frachtwerk.essencium.backend.model.UserInfoEssentials;
import de.frachtwerk.essencium.backend.model.dto.UserDto;
import de.frachtwerk.essencium.backend.model.exception.checked.UserEssentialsException;
import de.frachtwerk.essencium.backend.service.AbstractUserService;
import de.frachtwerk.essencium.backend.service.JwtTokenService;
import de.frachtwerk.essencium.backend.service.RoleService;
import de.frachtwerk.essencium.backend.util.StringUtils;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.Serializable;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Stream;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:de/frachtwerk/essencium/backend/security/OAuth2SuccessHandler.class */
public class OAuth2SuccessHandler<USER extends AbstractBaseUser<ID>, ID extends Serializable, USERDTO extends UserDto<ID>> implements AuthenticationSuccessHandler {
    public static final String OIDC_FIRST_NAME_ATTR = "given_name";
    public static final String OIDC_LAST_NAME_ATTR = "family_name";
    public static final String OIDC_NAME_ATTR = "name";
    public static final String OIDC_EMAIL_ATTR = "email";
    private static final Logger LOGGER = LoggerFactory.getLogger(OAuth2SuccessHandler.class);
    private final JwtTokenService tokenService;
    private final AbstractUserService<USER, ID, USERDTO> userService;
    private final RoleService roleService;
    private final OAuth2ConfigProperties oAuth2ConfigProperties;
    private final OAuth2ClientRegistrationProperties oAuth2ClientRegistrationProperties;

    /* loaded from: input_file:de/frachtwerk/essencium/backend/security/OAuth2SuccessHandler$RedirectHandler.class */
    static class RedirectHandler extends SimpleUrlAuthenticationSuccessHandler {
        private String token;

        RedirectHandler() {
        }

        public void setToken(String str) {
            this.token = str;
        }

        protected String determineTargetUrl(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) {
            String determineTargetUrl = super.determineTargetUrl(httpServletRequest, httpServletResponse, authentication);
            return this.token != null ? String.format("%s?token=%s", determineTargetUrl, this.token) : String.format("%s?login_failure", determineTargetUrl);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
        Role orElseGet;
        RedirectHandler redirectHandler = new RedirectHandler();
        if (!(authentication instanceof OAuth2AuthenticationToken)) {
            LOGGER.error("did not receive an instance of {}, aborting", OAuth2AuthenticationToken.class.getSimpleName());
            redirectHandler.onAuthenticationSuccess(httpServletRequest, httpServletResponse, authentication);
            return;
        }
        String authorizedClientRegistrationId = ((OAuth2AuthenticationToken) authentication).getAuthorizedClientRegistrationId();
        try {
            LOGGER.info("attempting to log in oauth2 user '{}' using provider '{}'", authentication.getName(), authorizedClientRegistrationId);
            UserInfoEssentials extractUserInfo = extractUserInfo((OAuth2AuthenticationToken) authentication, authorizedClientRegistrationId);
            try {
                USER m28loadUserByUsername = this.userService.m28loadUserByUsername(extractUserInfo.getUsername());
                LOGGER.info("got successful oauth login for {}", extractUserInfo.getUsername());
                if (this.oAuth2ConfigProperties.isUpdateRole() && (orElseGet = extractUserRole(((OAuth2AuthenticationToken) authentication).getPrincipal()).orElseGet(() -> {
                    return this.roleService.getDefaultRole().orElse(null);
                })) != null && !orElseGet.getName().equals(m28loadUserByUsername.getRole().getName())) {
                    LOGGER.info("updating {}'s role from {} to {} based on oauth mapping", new Object[]{m28loadUserByUsername.getUsername(), m28loadUserByUsername.getRole().getName(), orElseGet.getName()});
                    m28loadUserByUsername.setRole(orElseGet);
                    this.userService.patch((Serializable) Objects.requireNonNull(m28loadUserByUsername.getId()), Map.of(AbstractBaseUser_.ROLE, orElseGet.getName()));
                }
                redirectHandler.setToken(this.tokenService.createToken(m28loadUserByUsername, SessionTokenType.ACCESS, null, null));
            } catch (UsernameNotFoundException e) {
                LOGGER.info("user {} not found locally", extractUserInfo.getUsername());
                if (this.oAuth2ConfigProperties.isAllowSignup()) {
                    LOGGER.info("attempting to create new user {} from successful oauth login", extractUserInfo);
                    USER createDefaultUser = this.userService.createDefaultUser(extractUserInfo, authorizedClientRegistrationId);
                    LOGGER.info("created new user '{}'", createDefaultUser);
                    redirectHandler.setToken(this.tokenService.createToken(createDefaultUser, SessionTokenType.ACCESS, null, null));
                }
            }
            redirectHandler.onAuthenticationSuccess(httpServletRequest, httpServletResponse, authentication);
        } catch (UserEssentialsException e2) {
            LOGGER.error(e2.getMessage());
            redirectHandler.onAuthenticationSuccess(httpServletRequest, httpServletResponse, authentication);
        }
    }

    private UserInfoEssentials extractUserInfo(OAuth2AuthenticationToken oAuth2AuthenticationToken, String str) throws UserEssentialsException {
        UserInfoEssentials userInfoEssentials = new UserInfoEssentials();
        OidcUser principal = oAuth2AuthenticationToken.getPrincipal();
        if (principal instanceof OidcUser) {
            OidcUser oidcUser = principal;
            if (oidcUser.getUserInfo() != null) {
                userInfoEssentials.setFirstName(oidcUser.getUserInfo().getGivenName());
                userInfoEssentials.setLastName(oidcUser.getUserInfo().getGivenName());
                userInfoEssentials.setUsername(oidcUser.getUserInfo().getEmail());
            } else {
                userInfoEssentials.setFirstName((String) oidcUser.getAttribute("given_name"));
                userInfoEssentials.setLastName((String) oidcUser.getAttribute("family_name"));
                userInfoEssentials.setUsername((String) oidcUser.getAttribute("email"));
            }
        } else {
            OAuth2ClientRegistrationProperties.Registration registration = this.oAuth2ClientRegistrationProperties.getRegistration().get(str);
            if (registration == null) {
                throw new UserEssentialsException(String.format("could not resolve provider registration '%s'", str));
            }
            String str2 = (String) Optional.ofNullable(registration.getAttributes()).flatMap(clientRegistrationAttributes -> {
                return Optional.ofNullable(clientRegistrationAttributes.getUsername());
            }).orElse("email");
            String str3 = (String) Optional.ofNullable(registration.getAttributes()).flatMap(clientRegistrationAttributes2 -> {
                return Optional.ofNullable(clientRegistrationAttributes2.getFirstname());
            }).orElse("given_name");
            String str4 = (String) Optional.ofNullable(registration.getAttributes()).flatMap(clientRegistrationAttributes3 -> {
                return Optional.ofNullable(clientRegistrationAttributes3.getLastname());
            }).orElse("family_name");
            String str5 = (String) Optional.ofNullable(registration.getAttributes()).flatMap(clientRegistrationAttributes4 -> {
                return Optional.ofNullable(clientRegistrationAttributes4.getName());
            }).orElse("name");
            OAuth2User principal2 = oAuth2AuthenticationToken.getPrincipal();
            userInfoEssentials.setUsername((String) principal2.getAttribute(str2));
            if (principal2.getAttributes().containsKey(str3) && principal2.getAttributes().containsKey(str4)) {
                userInfoEssentials.setFirstName((String) principal2.getAttribute(str3));
                userInfoEssentials.setLastName((String) principal2.getAttribute(str4));
            } else {
                LOGGER.debug("attempting to parse first- and last name from combined name field");
                String[] parseFirstLastName = StringUtils.parseFirstLastName((String) principal2.getAttribute(str5));
                userInfoEssentials.setFirstName(((String[]) Objects.requireNonNull(parseFirstLastName))[0]);
                userInfoEssentials.setLastName(parseFirstLastName[1]);
            }
        }
        if (userInfoEssentials.getUsername() == null) {
            if (!StringUtils.isValidEmailAddress(oAuth2AuthenticationToken.getName())) {
                throw new UserEssentialsException("failed to extract username from authentication information");
            }
            userInfoEssentials.setUsername(oAuth2AuthenticationToken.getName());
        }
        Optional<Role> extractUserRole = extractUserRole(oAuth2AuthenticationToken.getPrincipal());
        Objects.requireNonNull(userInfoEssentials);
        extractUserRole.ifPresentOrElse(userInfoEssentials::setRole, () -> {
            LOGGER.warn("no appropriate role found for user '{}'", userInfoEssentials.getUsername());
        });
        userInfoEssentials.setFirstName((String) Optional.ofNullable(userInfoEssentials.getFirstName()).orElse("Unknown"));
        userInfoEssentials.setLastName((String) Optional.ofNullable(userInfoEssentials.getLastName()).orElse("Unknown"));
        return userInfoEssentials;
    }

    private Optional<Role> extractUserRole(OAuth2User oAuth2User) {
        String userRoleAttr = this.oAuth2ConfigProperties.getUserRoleAttr();
        List<UserRoleMapping> roles = this.oAuth2ConfigProperties.getRoles();
        if (userRoleAttr == null || roles.isEmpty()) {
            return Optional.empty();
        }
        Collection collection = (Collection) Optional.ofNullable(oAuth2User.getAttributes().get(userRoleAttr)).filter(obj -> {
            return (obj instanceof String) || (obj instanceof Collection);
        }).map(obj2 -> {
            return obj2 instanceof String ? List.of(obj2) : (Collection) obj2;
        }).orElseGet(List::of);
        Stream<R> map = roles.stream().filter(userRoleMapping -> {
            return collection.contains(userRoleMapping.getSrc());
        }).map((v0) -> {
            return v0.getDst();
        });
        RoleService roleService = this.roleService;
        Objects.requireNonNull(roleService);
        return map.map(roleService::getRole).filter((v0) -> {
            return v0.isPresent();
        }).map((v0) -> {
            return v0.get();
        }).findFirst();
    }

    @Generated
    public OAuth2SuccessHandler(JwtTokenService jwtTokenService, AbstractUserService<USER, ID, USERDTO> abstractUserService, RoleService roleService, OAuth2ConfigProperties oAuth2ConfigProperties, OAuth2ClientRegistrationProperties oAuth2ClientRegistrationProperties) {
        this.tokenService = jwtTokenService;
        this.userService = abstractUserService;
        this.roleService = roleService;
        this.oAuth2ConfigProperties = oAuth2ConfigProperties;
        this.oAuth2ClientRegistrationProperties = oAuth2ClientRegistrationProperties;
    }
}
