package org.usergrid.rest.applications.users;

import com.sun.jersey.api.json.JSONWithPadding;
import com.sun.jersey.api.view.Viewable;
import java.util.Map;
import java.util.UUID;
import javax.ws.rs.Consumes;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.PathSegment;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import net.tanesha.recaptcha.ReCaptchaImpl;
import org.apache.amber.oauth2.common.exception.OAuthProblemException;
import org.apache.amber.oauth2.common.message.OAuthResponse;
import org.apache.commons.lang.StringUtils;
import org.codehaus.jackson.JsonNode;
import org.python.apache.xerces.impl.xs.SchemaSymbols;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;
import org.usergrid.management.ActivationState;
import org.usergrid.persistence.EntityManager;
import org.usergrid.persistence.Identifier;
import org.usergrid.persistence.entities.User;
import org.usergrid.rest.AbstractContextResource;
import org.usergrid.rest.ApiResponse;
import org.usergrid.rest.applications.ServiceResource;
import org.usergrid.rest.exceptions.RedirectionException;
import org.usergrid.rest.security.annotations.RequireApplicationAccess;
import org.usergrid.security.oauth.AccessInfo;
import org.usergrid.security.shiro.utils.SubjectUtils;
import org.usergrid.security.tokens.exceptions.TokenException;
import org.usergrid.utils.ConversionUtils;

@Produces({"application/json"})
@Scope("prototype")
@Component("org.usergrid.rest.applications.users.UserResource")
/* loaded from: input_file:usergrid-rest-0.0.12-classes.jar:org/usergrid/rest/applications/users/UserResource.class */
public class UserResource extends ServiceResource {
    public static final String USER_EXTENSION_RESOURCE_PREFIX = "org.usergrid.rest.applications.users.extensions.";
    private static final Logger logger = LoggerFactory.getLogger(UserResource.class);
    User user;
    Identifier userIdentifier;
    String errorMsg;
    String token;

    public UserResource init(Identifier identifier) throws Exception {
        this.userIdentifier = identifier;
        return this;
    }

    @Override // org.usergrid.rest.applications.ServiceResource
    @PUT
    @Consumes({"application/json"})
    @RequireApplicationAccess
    public JSONWithPadding executePut(@Context UriInfo uriInfo, Map<String, Object> map, @QueryParam("callback") @DefaultValue("callback") String str) throws Exception {
        if (map != null) {
            map.remove("password");
            map.remove("pin");
        }
        return super.executePut(uriInfo, map, str);
    }

    @Path("password")
    @PUT
    public JSONWithPadding setUserPasswordPut(@Context UriInfo uriInfo, Map<String, Object> map, @QueryParam("callback") @DefaultValue("callback") String str) throws Exception {
        logger.info("UserResource.setUserPassword");
        if (map == null) {
            return null;
        }
        ApiResponse apiResponse = new ApiResponse(uriInfo);
        apiResponse.setAction("set user password");
        String string = ConversionUtils.string(map.get("oldpassword"));
        String string2 = ConversionUtils.string(map.get("newpassword"));
        if (string2 == null) {
            throw new IllegalArgumentException("newpassword is required");
        }
        UUID applicationId = getApplicationId();
        UUID userUuid = getUserUuid();
        if (userUuid == null) {
            apiResponse.setError("User not found");
            return new JSONWithPadding(apiResponse, str);
        }
        if (SubjectUtils.isApplicationAdmin()) {
            this.management.setAppUserPassword(applicationId, userUuid, string2);
        } else {
            this.management.setAppUserPassword(getApplicationId(), userUuid, string, string2);
        }
        return new JSONWithPadding(apiResponse, str);
    }

    @POST
    @Path("password")
    public JSONWithPadding setUserPasswordPost(@Context UriInfo uriInfo, Map<String, Object> map, @QueryParam("callback") @DefaultValue("callback") String str) throws Exception {
        return setUserPasswordPut(uriInfo, map, str);
    }

    @POST
    @Path("deactivate")
    public JSONWithPadding deactivate(@Context UriInfo uriInfo, Map<String, Object> map, @QueryParam("callback") @DefaultValue("") String str) throws Exception {
        ApiResponse apiResponse = new ApiResponse();
        apiResponse.setAction("Deactivate user");
        apiResponse.withEntity(this.management.deactivateUser(getApplicationId(), getUserUuid()));
        return new JSONWithPadding(apiResponse, str);
    }

    @GET
    @Path("sendpin")
    public JSONWithPadding sendPin(@Context UriInfo uriInfo, @QueryParam("callback") @DefaultValue("callback") String str) throws Exception {
        logger.info("UserResource.sendPin");
        ApiResponse apiResponse = new ApiResponse(uriInfo);
        apiResponse.setAction("retrieve user pin");
        if (getUser() != null) {
            this.management.sendAppUserPin(getApplicationId(), getUserUuid());
        } else {
            apiResponse.setError("User not found");
        }
        return new JSONWithPadding(apiResponse, str);
    }

    @POST
    @Path("sendpin")
    public JSONWithPadding postSendPin(@Context UriInfo uriInfo, @QueryParam("callback") @DefaultValue("callback") String str) throws Exception {
        return sendPin(uriInfo, str);
    }

    @GET
    @Path("setpin")
    @RequireApplicationAccess
    public JSONWithPadding setPin(@Context UriInfo uriInfo, @QueryParam("pin") String str, @QueryParam("callback") @DefaultValue("callback") String str2) throws Exception {
        logger.info("UserResource.setPin");
        ApiResponse apiResponse = new ApiResponse(uriInfo);
        apiResponse.setAction("set user pin");
        if (getUser() != null) {
            this.management.setAppUserPin(getApplicationId(), getUserUuid(), str);
        } else {
            apiResponse.setError("User not found");
        }
        return new JSONWithPadding(apiResponse, str2);
    }

    @Path("setpin")
    @Consumes({"application/x-www-form-urlencoded"})
    @RequireApplicationAccess
    @POST
    public JSONWithPadding postPin(@Context UriInfo uriInfo, @FormParam("pin") String str, @QueryParam("callback") @DefaultValue("callback") String str2) throws Exception {
        logger.info("UserResource.postPin");
        ApiResponse apiResponse = new ApiResponse(uriInfo);
        apiResponse.setAction("set user pin");
        if (getUser() != null) {
            this.management.setAppUserPin(getApplicationId(), getUserUuid(), str);
        } else {
            apiResponse.setError("User not found");
        }
        return new JSONWithPadding(apiResponse, str2);
    }

    @Path("setpin")
    @Consumes({"application/json"})
    @RequireApplicationAccess
    @POST
    public JSONWithPadding jsonPin(@Context UriInfo uriInfo, JsonNode jsonNode, @QueryParam("callback") @DefaultValue("callback") String str) throws Exception {
        logger.info("UserResource.jsonPin");
        ApiResponse apiResponse = new ApiResponse(uriInfo);
        apiResponse.setAction("set user pin");
        if (getUser() != null) {
            this.management.setAppUserPin(getApplicationId(), getUserUuid(), jsonNode.path("pin").getTextValue());
        } else {
            apiResponse.setError("User not found");
        }
        return new JSONWithPadding(apiResponse, str);
    }

    @GET
    @Path("resetpw")
    public Viewable showPasswordResetForm(@Context UriInfo uriInfo, @QueryParam("token") String str) {
        logger.info("UserResource.showPasswordResetForm");
        this.token = str;
        try {
            return this.management.checkPasswordResetTokenForAppUser(getApplicationId(), getUserUuid(), str) ? handleViewable("resetpw_set_form", this) : handleViewable("resetpw_email_form", this);
        } catch (RedirectionException e) {
            throw e;
        } catch (Exception e2) {
            return handleViewable("error", e2);
        }
    }

    @POST
    @Path("resetpw")
    @Consumes({"application/x-www-form-urlencoded"})
    public Viewable handlePasswordResetForm(@Context UriInfo uriInfo, @FormParam("token") String str, @FormParam("password1") String str2, @FormParam("password2") String str3, @FormParam("recaptcha_challenge_field") String str4, @FormParam("recaptcha_response_field") String str5) {
        try {
            logger.info("UserResource.handlePasswordResetForm");
            this.token = str;
            if (str2 != null || str3 != null) {
                if (!this.management.checkPasswordResetTokenForAppUser(getApplicationId(), getUserUuid(), str)) {
                    this.errorMsg = "Something odd happened, let's try again...";
                    return handleViewable("resetpw_email_form", this);
                }
                if (str2 == null || !str2.equals(str3)) {
                    this.errorMsg = "Passwords didn't match, let's try again...";
                    return handleViewable("resetpw_set_form", this);
                }
                this.management.setAppUserPassword(getApplicationId(), getUser().getUuid(), str2);
                return handleViewable("resetpw_set_success", this);
            }
            if (!useReCaptcha()) {
                this.management.startAppUserPasswordResetFlow(getApplicationId(), getUser());
                return handleViewable("resetpw_email_success", this);
            }
            ReCaptchaImpl reCaptchaImpl = new ReCaptchaImpl();
            reCaptchaImpl.setPrivateKey(this.properties.getProperty("usergrid.recaptcha.private"));
            if (reCaptchaImpl.checkAnswer(this.httpServletRequest.getRemoteAddr(), str4, str5).isValid()) {
                this.management.startAppUserPasswordResetFlow(getApplicationId(), getUser());
                return handleViewable("resetpw_email_success", this);
            }
            this.errorMsg = "Incorrect Captcha";
            return handleViewable("resetpw_email_form", this);
        } catch (RedirectionException e) {
            throw e;
        } catch (Exception e2) {
            return handleViewable("error", e2);
        }
    }

    public String getErrorMsg() {
        return this.errorMsg;
    }

    public String getToken() {
        return this.token;
    }

    public User getUser() {
        if (this.user == null) {
            EntityManager entityManager = getServices().getEntityManager();
            try {
                this.user = (User) entityManager.get(entityManager.getUserByIdentifier(this.userIdentifier), User.class);
            } catch (Exception e) {
                logger.error("Unable go get user", (Throwable) e);
            }
        }
        return this.user;
    }

    public UUID getUserUuid() {
        this.user = getUser();
        if (this.user == null) {
            return null;
        }
        return this.user.getUuid();
    }

    @GET
    @Path("activate")
    public Viewable activate(@Context UriInfo uriInfo, @QueryParam("token") String str) {
        try {
            this.management.handleActivationTokenForAppUser(getApplicationId(), getUserUuid(), str);
            return handleViewable("activate", this);
        } catch (RedirectionException e) {
            throw e;
        } catch (TokenException e2) {
            return handleViewable("bad_activation_token", this);
        } catch (Exception e3) {
            return handleViewable("error", e3);
        }
    }

    @GET
    @Path("confirm")
    public Viewable confirm(@Context UriInfo uriInfo, @QueryParam("token") String str) {
        try {
            return this.management.handleConfirmationTokenForAppUser(getApplicationId(), getUserUuid(), str) == ActivationState.CONFIRMED_AWAITING_ACTIVATION ? handleViewable("confirm", this) : handleViewable("activate", this);
        } catch (RedirectionException e) {
            throw e;
        } catch (TokenException e2) {
            return handleViewable("bad_confirmation_token", this);
        } catch (Exception e3) {
            return handleViewable("error", e3);
        }
    }

    @GET
    @Path("reactivate")
    public JSONWithPadding reactivate(@Context UriInfo uriInfo, @QueryParam("callback") @DefaultValue("callback") String str) throws Exception {
        logger.info("Send activation email for user: " + getUserUuid());
        ApiResponse apiResponse = new ApiResponse(uriInfo);
        this.management.startAppUserActivationFlow(getApplicationId(), this.user);
        apiResponse.setAction("reactivate user");
        return new JSONWithPadding(apiResponse, str);
    }

    @POST
    @Path("revoketokens")
    public JSONWithPadding revokeTokensPost(@Context UriInfo uriInfo, @QueryParam("callback") @DefaultValue("callback") String str) throws Exception {
        logger.info("Revoking user tokens for " + getUserUuid());
        ApiResponse apiResponse = new ApiResponse(uriInfo);
        this.management.revokeAccessTokensForAppUser(getApplicationId(), getUserUuid());
        apiResponse.setAction("revoked user tokens");
        return new JSONWithPadding(apiResponse, str);
    }

    @Path("revoketokens")
    @PUT
    public JSONWithPadding revokeTokensPut(@Context UriInfo uriInfo, @QueryParam("callback") @DefaultValue("callback") String str) throws Exception {
        return revokeTokensPost(uriInfo, str);
    }

    @GET
    @Path(SchemaSymbols.ATTVAL_TOKEN)
    @RequireApplicationAccess
    public Response getAccessToken(@Context UriInfo uriInfo, @QueryParam("ttl") long j, @QueryParam("callback") @DefaultValue("") String str) throws Exception {
        logger.debug("UserResource.getAccessToken");
        try {
            if (SubjectUtils.isApplicationUser() && !getUserUuid().equals(SubjectUtils.getSubjectUserId())) {
                OAuthResponse buildJSONMessage = OAuthResponse.errorResponse(403).buildJSONMessage();
                return Response.status(buildJSONMessage.getResponseStatus()).type(jsonMediaType(str)).entity(wrapWithCallback(buildJSONMessage.getBody(), str)).build();
            }
            String accessTokenForAppUser = this.management.getAccessTokenForAppUser(this.services.getApplicationId(), getUserUuid(), j);
            return Response.status(200).type(jsonMediaType(str)).entity(wrapWithCallback(new AccessInfo().withExpiresIn(this.tokens.getMaxTokenAge(accessTokenForAppUser) / 1000).withAccessToken(accessTokenForAppUser).withProperty(User.ENTITY_TYPE, getUser()), str)).build();
        } catch (OAuthProblemException e) {
            logger.error("OAuth Error", (Throwable) e);
            OAuthResponse buildJSONMessage2 = OAuthResponse.errorResponse(400).error(e).buildJSONMessage();
            return Response.status(buildJSONMessage2.getResponseStatus()).type(jsonMediaType(str)).entity(wrapWithCallback(buildJSONMessage2.getBody(), str)).build();
        }
    }

    @Override // org.usergrid.rest.applications.ServiceResource
    @Path("{itemName}")
    public AbstractContextResource addNameParameter(@Context UriInfo uriInfo, @PathParam("itemName") PathSegment pathSegment) throws Exception {
        AbstractUserExtensionResource abstractUserExtensionResource = null;
        try {
            abstractUserExtensionResource = (AbstractUserExtensionResource) getSubResource(Class.forName(USER_EXTENSION_RESOURCE_PREFIX + StringUtils.capitalize(pathSegment.getPath()) + "Resource"));
        } catch (Exception e) {
        }
        return abstractUserExtensionResource != null ? abstractUserExtensionResource : super.addNameParameter(uriInfo, pathSegment);
    }
}
