package io.rocketbase.commons.controller;

import com.google.common.collect.Sets;
import io.rocketbase.commons.converter.AppUserConverter;
import io.rocketbase.commons.dto.appuser.AppUserRead;
import io.rocketbase.commons.dto.authentication.LoginRequest;
import io.rocketbase.commons.dto.authentication.LoginResponse;
import io.rocketbase.commons.dto.authentication.PasswordChangeRequest;
import io.rocketbase.commons.dto.authentication.UpdateProfileRequest;
import io.rocketbase.commons.dto.validation.PasswordErrorCodes;
import io.rocketbase.commons.event.ChangePasswordEvent;
import io.rocketbase.commons.event.LoginEvent;
import io.rocketbase.commons.event.UpdateProfileEvent;
import io.rocketbase.commons.exception.PasswordValidationException;
import io.rocketbase.commons.model.AppUser;
import io.rocketbase.commons.security.CommonsAuthenticationToken;
import io.rocketbase.commons.security.JwtTokenService;
import io.rocketbase.commons.service.AppUserService;
import javax.annotation.Resource;
import javax.validation.constraints.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;

@RestController
/* loaded from: input_file:io/rocketbase/commons/controller/AuthenticationController.class */
public class AuthenticationController {
    private static final Logger log = LoggerFactory.getLogger(AuthenticationController.class);

    @Resource
    private AuthenticationManager authenticationManager;

    @Resource
    private JwtTokenService jwtTokenService;

    @Resource
    private AppUserService appUserService;

    @Resource
    private AppUserConverter appUserConverter;

    @Resource
    private ApplicationEventPublisher applicationEventPublisher;

    @RequestMapping(method = {RequestMethod.POST}, path = {"/auth/login"}, consumes = {"application/json"})
    @ResponseBody
    public ResponseEntity<LoginResponse> login(@NotNull @RequestBody @Validated LoginRequest loginRequest) {
        SecurityContextHolder.getContext().setAuthentication(this.authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(loginRequest.getUsername().toLowerCase(), loginRequest.getPassword())));
        AppUser updateLastLogin = this.appUserService.updateLastLogin(loginRequest.getUsername().toLowerCase());
        this.applicationEventPublisher.publishEvent(new LoginEvent(this, updateLastLogin));
        return ResponseEntity.ok(new LoginResponse(this.jwtTokenService.generateTokenBundle(updateLastLogin.getUsername(), updateLastLogin.getAuthorities()), this.appUserConverter.fromEntity(updateLastLogin)));
    }

    @RequestMapping(value = {"/auth/me"}, method = {RequestMethod.GET})
    @ResponseBody
    public ResponseEntity<AppUserRead> getAuthenticated(Authentication authentication) {
        return (authentication == null || !CommonsAuthenticationToken.class.isAssignableFrom(authentication.getClass())) ? ResponseEntity.status(HttpStatus.UNAUTHORIZED).build() : ResponseEntity.ok(((CommonsAuthenticationToken) authentication).getPrincipal());
    }

    @RequestMapping(value = {"/auth/change-password"}, method = {RequestMethod.PUT}, consumes = {"application/json"})
    public ResponseEntity<Void> changePassword(@NotNull @RequestBody @Validated PasswordChangeRequest passwordChangeRequest, Authentication authentication) {
        if (authentication == null || !CommonsAuthenticationToken.class.isAssignableFrom(authentication.getClass())) {
            return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
        }
        String username = ((CommonsAuthenticationToken) authentication).getUsername();
        try {
            this.authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, passwordChangeRequest.getCurrentPassword()));
            this.appUserService.updatePassword(username, passwordChangeRequest.getNewPassword());
            this.applicationEventPublisher.publishEvent(new ChangePasswordEvent(this, this.appUserService.getByUsername(username)));
            return ResponseEntity.status(HttpStatus.OK).build();
        } catch (AuthenticationException e) {
            throw new PasswordValidationException(Sets.newHashSet(new PasswordErrorCodes[]{PasswordErrorCodes.INVALID_CURRENT_PASSWORD}));
        }
    }

    @RequestMapping(value = {"/auth/update-profile"}, method = {RequestMethod.PUT}, consumes = {"application/json"})
    public ResponseEntity<Void> updateProfile(@NotNull @RequestBody @Validated UpdateProfileRequest updateProfileRequest, Authentication authentication) {
        if (authentication == null || !CommonsAuthenticationToken.class.isAssignableFrom(authentication.getClass())) {
            return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
        }
        String username = ((CommonsAuthenticationToken) authentication).getUsername();
        this.appUserService.updateProfile(username, updateProfileRequest.getFirstName(), updateProfileRequest.getLastName(), updateProfileRequest.getAvatar(), updateProfileRequest.getKeyValues());
        this.applicationEventPublisher.publishEvent(new UpdateProfileEvent(this, this.appUserService.getByUsername(username)));
        return ResponseEntity.status(HttpStatus.OK).build();
    }

    @RequestMapping(value = {"/auth/refresh"}, method = {RequestMethod.GET})
    @ResponseBody
    public ResponseEntity<String> refreshToken(Authentication authentication) {
        if (authentication == null || !CommonsAuthenticationToken.class.isAssignableFrom(authentication.getClass())) {
            return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
        }
        if (authentication.getAuthorities() == null || !authentication.getAuthorities().contains(new SimpleGrantedAuthority("REFRESH_TOKEN"))) {
            return ResponseEntity.status(HttpStatus.METHOD_NOT_ALLOWED).build();
        }
        AppUser byUsername = this.appUserService.getByUsername(((CommonsAuthenticationToken) authentication).getUsername());
        return ResponseEntity.ok(this.jwtTokenService.generateAccessToken(byUsername.getUsername(), byUsername.getAuthorities()));
    }
}
