package org.hspconsortium.sandboxmanagerapi.controllers;

import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.transaction.Transactional;
import org.hspconsortium.sandboxmanagerapi.controllers.dto.UserPersonaCredentials;
import org.hspconsortium.sandboxmanagerapi.controllers.dto.UserPersonaDto;
import org.hspconsortium.sandboxmanagerapi.model.Sandbox;
import org.hspconsortium.sandboxmanagerapi.model.User;
import org.hspconsortium.sandboxmanagerapi.model.UserPersona;
import org.hspconsortium.sandboxmanagerapi.model.Visibility;
import org.hspconsortium.sandboxmanagerapi.services.JwtService;
import org.hspconsortium.sandboxmanagerapi.services.OAuthService;
import org.hspconsortium.sandboxmanagerapi.services.SandboxService;
import org.hspconsortium.sandboxmanagerapi.services.UserPersonaService;
import org.hspconsortium.sandboxmanagerapi.services.UserService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping({"/userPersona"})
@RestController
/* loaded from: input_file:BOOT-INF/classes/org/hspconsortium/sandboxmanagerapi/controllers/UserPersonaController.class */
public class UserPersonaController extends AbstractController {
    private static Logger LOGGER = LoggerFactory.getLogger(UserPersonaController.class.getName());
    private final SandboxService sandboxService;
    private final UserService userService;
    private final UserPersonaService userPersonaService;
    private final JwtService jwtService;

    @Inject
    public UserPersonaController(SandboxService sandboxService, UserPersonaService userPersonaService, UserService userService, OAuthService oAuthService, JwtService jwtService) {
        super(oAuthService);
        this.sandboxService = sandboxService;
        this.userService = userService;
        this.userPersonaService = userPersonaService;
        this.jwtService = jwtService;
    }

    @RequestMapping(method = {RequestMethod.POST}, consumes = {"application/json"}, produces = {"application/json"})
    @Transactional
    @ResponseBody
    public UserPersona createUserPersona(HttpServletRequest httpServletRequest, @RequestBody UserPersona userPersona) {
        Sandbox findBySandboxId = this.sandboxService.findBySandboxId(userPersona.getSandbox().getSandboxId());
        String checkSandboxUserCreateAuthorization = checkSandboxUserCreateAuthorization(httpServletRequest, findBySandboxId);
        userPersona.setSandbox(findBySandboxId);
        User findBySbmUserId = this.userService.findBySbmUserId(checkSandboxUserCreateAuthorization);
        userPersona.setVisibility(getDefaultVisibility(findBySbmUserId, findBySandboxId));
        userPersona.setCreatedBy(findBySbmUserId);
        return this.userPersonaService.create(userPersona);
    }

    @RequestMapping(method = {RequestMethod.PUT}, consumes = {"application/json"}, produces = {"application/json"})
    @Transactional
    @ResponseBody
    public UserPersona updateUserPersona(HttpServletRequest httpServletRequest, @RequestBody UserPersona userPersona) {
        checkSandboxUserModifyAuthorization(httpServletRequest, this.sandboxService.findBySandboxId(userPersona.getSandbox().getSandboxId()), userPersona);
        return this.userPersonaService.update(userPersona);
    }

    @RequestMapping(method = {RequestMethod.GET}, produces = {"application/json"}, params = {"sandboxId"})
    @ResponseBody
    public Iterable<UserPersona> getSandboxUserPersona(HttpServletRequest httpServletRequest, @RequestParam("sandboxId") String str) {
        String oAuthUserId = this.oAuthService.getOAuthUserId(httpServletRequest);
        checkSandboxUserReadAuthorization(httpServletRequest, this.sandboxService.findBySandboxId(str));
        return this.userPersonaService.findBySandboxIdAndCreatedByOrVisibility(str, oAuthUserId, Visibility.PUBLIC);
    }

    @RequestMapping(value = {"/default"}, method = {RequestMethod.GET}, produces = {"application/json"}, params = {"sandboxId"})
    @ResponseBody
    public UserPersona getSandboxDefaultUserPersona(HttpServletRequest httpServletRequest, @RequestParam("sandboxId") String str) {
        String oAuthUserId = this.oAuthService.getOAuthUserId(httpServletRequest);
        checkSandboxUserReadAuthorization(httpServletRequest, this.sandboxService.findBySandboxId(str));
        return this.userPersonaService.findDefaultBySandboxId(str, oAuthUserId, Visibility.PUBLIC);
    }

    @RequestMapping(method = {RequestMethod.GET}, params = {"lookUpId"})
    @ResponseBody
    public String checkForUserPersonaById(@RequestParam("lookUpId") String str) {
        UserPersona findByPersonaUserId = this.userPersonaService.findByPersonaUserId(str);
        if (findByPersonaUserId == null) {
            return null;
        }
        return findByPersonaUserId.getPersonaUserId();
    }

    @RequestMapping(value = {"/{id}"}, method = {RequestMethod.DELETE}, produces = {"application/json"})
    @Transactional
    public void deleteSandboxUserPersona(HttpServletRequest httpServletRequest, @PathVariable Integer num) {
        UserPersona byId = this.userPersonaService.getById(num.intValue());
        checkSandboxUserModifyAuthorization(httpServletRequest, byId.getSandbox(), byId);
        this.userPersonaService.delete(byId);
    }

    @RequestMapping(value = {"/{username}"}, method = {RequestMethod.GET}, produces = {"application/json"})
    @ResponseBody
    public UserPersonaDto readUserPersona(HttpServletResponse httpServletResponse, @PathVariable String str) {
        UserPersona findByPersonaUserId = this.userPersonaService.findByPersonaUserId(str);
        if (findByPersonaUserId == null) {
            httpServletResponse.setStatus(HttpStatus.NOT_FOUND.value());
            return null;
        }
        UserPersonaDto userPersonaDto = new UserPersonaDto();
        userPersonaDto.setName(findByPersonaUserId.getFhirName());
        userPersonaDto.setUsername(findByPersonaUserId.getPersonaUserId());
        userPersonaDto.setResourceUrl(findByPersonaUserId.getResourceUrl());
        return userPersonaDto;
    }

    @RequestMapping(value = {"/authenticate"}, method = {RequestMethod.POST}, produces = {"application/json"})
    @CrossOrigin(origins = {"*"})
    public ResponseEntity authenticateUserPersona(@RequestBody UserPersonaCredentials userPersonaCredentials) {
        if (userPersonaCredentials == null || userPersonaCredentials.getUsername() == null || StringUtils.isEmpty(userPersonaCredentials.getUsername())) {
            return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("{\"message\": \"Username is required.\"}");
        }
        UserPersona findByPersonaUserId = this.userPersonaService.findByPersonaUserId(userPersonaCredentials.getUsername());
        if (findByPersonaUserId == null) {
            return ResponseEntity.status(HttpStatus.NOT_FOUND).body("{\"message\": \"Cannot find user persona with that username.\"}");
        }
        if (!findByPersonaUserId.getPassword().equals(userPersonaCredentials.getPassword())) {
            return ResponseEntity.status(HttpStatus.FORBIDDEN).body("{\"message\": \"Authentication failed, bad username/password.\"}");
        }
        userPersonaCredentials.setJwt(this.jwtService.createSignedJwt(userPersonaCredentials.getUsername()));
        return ResponseEntity.ok(userPersonaCredentials);
    }
}
