package org.molgenis.security.account;

import java.net.URI;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import org.apache.commons.lang3.StringUtils;
import org.molgenis.data.DataService;
import org.molgenis.data.MolgenisDataException;
import org.molgenis.data.populate.IdGenerator;
import org.molgenis.data.security.auth.User;
import org.molgenis.data.security.user.UserService;
import org.molgenis.security.core.runas.RunAsSystem;
import org.molgenis.security.login.MolgenisLoginController;
import org.molgenis.security.settings.AuthenticationSettings;
import org.molgenis.security.user.MolgenisUserException;
import org.molgenis.settings.AppSettings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.mail.MailException;
import org.springframework.mail.MailSender;
import org.springframework.mail.SimpleMailMessage;
import org.springframework.security.authentication.DisabledException;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

@Service
/* loaded from: input_file:org/molgenis/security/account/AccountServiceImpl.class */
public class AccountServiceImpl implements AccountService {
    private static final Logger LOG = LoggerFactory.getLogger(AccountServiceImpl.class);
    private final DataService dataService;
    private final MailSender mailSender;
    private final UserService userService;
    private final AppSettings appSettings;
    private final AuthenticationSettings authenticationSettings;
    private final IdGenerator idGenerator;

    AccountServiceImpl(DataService dataService, MailSender mailSender, UserService userService, AppSettings appSettings, AuthenticationSettings authenticationSettings, IdGenerator idGenerator) {
        this.dataService = (DataService) Objects.requireNonNull(dataService);
        this.mailSender = (MailSender) Objects.requireNonNull(mailSender);
        this.userService = (UserService) Objects.requireNonNull(userService);
        this.appSettings = (AppSettings) Objects.requireNonNull(appSettings);
        this.authenticationSettings = (AuthenticationSettings) Objects.requireNonNull(authenticationSettings);
        this.idGenerator = (IdGenerator) Objects.requireNonNull(idGenerator);
    }

    @Override // org.molgenis.security.account.AccountService
    @RunAsSystem
    @Transactional
    public void createUser(User user, String str) throws UsernameAlreadyExistsException, EmailAlreadyExistsException {
        List singletonList;
        if (this.userService.getUser(user.getUsername()) != null) {
            throw new UsernameAlreadyExistsException("Username '" + user.getUsername() + "' already exists.");
        }
        if (this.userService.getUserByEmail(user.getEmail()) != null) {
            throw new EmailAlreadyExistsException("Email '" + user.getEmail() + "' is already registered.");
        }
        String generateId = this.idGenerator.generateId(IdGenerator.Strategy.SECURE_RANDOM);
        if (this.authenticationSettings.getSignUpModeration()) {
            singletonList = this.userService.getSuEmailAddresses();
            if (singletonList == null || singletonList.isEmpty()) {
                throw new MolgenisDataException("Administrator account is missing required email address");
            }
        } else {
            String email = user.getEmail();
            if (email == null || email.isEmpty()) {
                throw new MolgenisDataException("User '" + user.getUsername() + "' is missing required email address");
            }
            singletonList = Collections.singletonList(email);
        }
        user.setActivationCode(generateId);
        user.setActive(false);
        this.dataService.add("sys_sec_User", user);
        LOG.debug("created user {}", user.getUsername());
        URI create = URI.create(str + '/' + generateId);
        try {
            SimpleMailMessage simpleMailMessage = new SimpleMailMessage();
            simpleMailMessage.setTo((String[]) singletonList.toArray(new String[0]));
            simpleMailMessage.setSubject("User registration for " + this.appSettings.getTitle());
            simpleMailMessage.setText(createActivationEmailText(user, create));
            this.mailSender.send(simpleMailMessage);
            if (LOG.isDebugEnabled()) {
                LOG.debug("send activation email for user {} to {}", user.getUsername(), StringUtils.join(singletonList, ','));
            }
        } catch (MailException e) {
            LOG.error("Could not send signup mail", e);
            this.dataService.delete("sys_sec_User", user);
            throw new MolgenisUserException("An error occurred. Please contact the administrator. You are not signed up!");
        }
    }

    @Override // org.molgenis.security.account.AccountService
    @RunAsSystem
    public void activateUser(String str) {
        User user = (User) this.dataService.query("sys_sec_User", User.class).eq("active", false).and().eq("activationCode", str).findOne();
        if (user == null) {
            throw new MolgenisUserException("Invalid activation code or account already activated.");
        }
        user.setActive(true);
        this.dataService.update("sys_sec_User", user);
        SimpleMailMessage simpleMailMessage = new SimpleMailMessage();
        simpleMailMessage.setTo(user.getEmail());
        simpleMailMessage.setSubject("Your registration request for " + this.appSettings.getTitle());
        simpleMailMessage.setText(createActivatedEmailText(user, this.appSettings.getTitle()));
        this.mailSender.send(simpleMailMessage);
    }

    @Override // org.molgenis.security.account.AccountService
    @RunAsSystem
    public void changePassword(String str, String str2) {
        User findOne = this.dataService.query("sys_sec_User", User.class).eq("username", str).findOne();
        if (findOne == null) {
            throw new MolgenisUserException(String.format("Unknown user [%s]", str));
        }
        if (!findOne.isActive().booleanValue()) {
            throw new DisabledException(MolgenisLoginController.ERROR_MESSAGE_DISABLED);
        }
        findOne.setPassword(str2);
        findOne.setChangePassword(false);
        this.dataService.update("sys_sec_User", findOne);
        LOG.info("Changed password of user [{}]", str);
    }

    @Override // org.molgenis.security.account.AccountService
    @RunAsSystem
    public void resetPassword(String str) {
        User findOne = this.dataService.query("sys_sec_User", User.class).eq("Email", str).findOne();
        if (findOne == null) {
            throw new MolgenisUserException("Invalid email address.");
        }
        if (!findOne.isActive().booleanValue()) {
            throw new DisabledException(MolgenisLoginController.ERROR_MESSAGE_DISABLED);
        }
        String generateId = this.idGenerator.generateId(IdGenerator.Strategy.SHORT_SECURE_RANDOM);
        findOne.setPassword(generateId);
        findOne.setChangePassword(true);
        this.dataService.update("sys_sec_User", findOne);
        SimpleMailMessage simpleMailMessage = new SimpleMailMessage();
        simpleMailMessage.setTo(findOne.getEmail());
        simpleMailMessage.setSubject("Your new password request");
        simpleMailMessage.setText(createPasswordResettedEmailText(generateId));
        this.mailSender.send(simpleMailMessage);
    }

    private String createActivationEmailText(User user, URI uri) {
        return "User registration for " + this.appSettings.getTitle() + "\nUser name: " + user.getUsername() + " Full name: " + user.getFirstName() + ' ' + user.getLastName() + "\nIn order to activate the user visit the following URL:\n" + uri + "\n\n";
    }

    private String createActivatedEmailText(User user, String str) {
        return "Dear " + user.getFirstName() + " " + user.getLastName() + ",\n\nyour registration request for " + str + " was approved.\nYour account is now active.\n";
    }

    private String createPasswordResettedEmailText(String str) {
        return "Somebody, probably you, requested a new password for " + this.appSettings.getTitle() + ".\nThe new password is: " + str + "\nNote: we strongly recommend you reset your password after log-in!";
    }
}
